Using OSGi for Secure Service Discovery Slides available at - - PowerPoint PPT Presentation

Using OSGi for Secure Service Discovery

Slides available at http://godot.be/slides

Antonio Kung, Founder/Director, Trialog Antonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.Leuven Danny De Cock, Researcher Applied Cryptography, K.U.Leuven Hans Scholten, U.Twente Hans Scholten, U.Twente

3

Presentation Structure Presentation Structure

• TEAHA

TEAHA

• TEAHA Approach for seamless interworking

TEAHA Approach for seamless interworking

• Using OSGi and Service Discovery

Using OSGi and Service Discovery

– – OSGi and TEAHA Features and Needs OSGi and TEAHA Features and Needs – – OSGi vs. TEAHA Registration OSGi vs. TEAHA Registration – – TEAHA Security Modules TEAHA Security Modules – – Architecture for Service Discovery and Security Architecture for Service Discovery and Security

4

• Industry groups

Industry groups

The TEAHA Consortium The TEAHA Consortium

• Leading manufacturers

Leading manufacturers and service companies and service companies

• Technology and market

Technology and market research companies and research companies and Universities Universities

5

TEAHA Mission TEAHA Mission

• Specify an open, secure framework for seamless

Specify an open, secure framework for seamless interoperability and interworking interoperability and interworking

Networked Audio-Video Applications Networked Home Control Applications

AV & Mobile MMI W hite goods Energy Managem ent Security and Safety Hom e Controls Lighting Control Health Care for Elderly and Disabled I nfotainm ent

6

TEAHA Has Technology Clusters TEAHA Has Technology Clusters

Security Controller

Reference Gateway

UPnP/WiFi Display Clock Energy Controller Washing Machine Oven Meter Smoke Sensor Camera Intrusion Detector EHS/Power Line TEAHA/Zigbee

TV

7

TEAHA Has Business Clusters TEAHA Has Business Clusters

Reference Gateway

UPnP/WiFi Display Clock Energy Controller Washing Machine Smoke Sensor Camera EHS/Power Line TEAHA/Zigbee

TV

Energy Household Appliance Multimedia

Intrusion Detector

Home Safety

Security Controller Meter Oven

8

Facts about Stakeholders Facts about Stakeholders

• Stakeholders in a business cluster

Stakeholders in a business cluster

– – Are competitors Are competitors – – Share the same culture Share the same culture – – Are involved in the same value chain Are involved in the same value chain – – Would prefer to abstract away from technology clusters Would prefer to abstract away from technology clusters

• Stakeholders in different business clusters

Stakeholders in different business clusters

– – Do not understand each other Do not understand each other – – Do not need to understand other clusters Do not need to understand other clusters – – Have different cultures, value chain, life cycle Have different cultures, value chain, life cycle

9

Approach for Seamless Interworking Approach for Seamless Interworking

• There are issues in supporting the mixing of

There are issues in supporting the mixing of different types of clusters different types of clusters

– – Technology clusters Technology clusters – – Business clusters Business clusters – – … …

• TEAHA focuses on solving those issues

TEAHA focuses on solving those issues

10

Seamless Interworking Unsolved Problems Seamless Interworking Unsolved Problems

• Service Discovery

Service Discovery

– – Can a device in one technology cluster discover a device from Can a device in one technology cluster discover a device from another technology cluster? another technology cluster? – – Can these devices use one another’s services? Can these devices use one another’s services?

• Secure Communication

Secure Communication

– – Can a device in one technology cluster communicate securely Can a device in one technology cluster communicate securely with a device from another technology cluster? with a device from another technology cluster?

• Authenticity: No faked devices!

Authenticity: No faked devices!

• Confidentiality: No eavesdroppers!

Confidentiality: No eavesdroppers!

• Trusted/Registered devices: No intruders!

Trusted/Registered devices: No intruders!

• Security Policy

Security Policy

– – Can a business cluster be protected from other clusters? Can a business cluster be protected from other clusters?

• Policy enforcement:

Policy enforcement: is a multimedia application allowed to access is a multimedia application allowed to access security system information? security system information?

11

Interworking Environment

Abstract Architecture Abstract Architecture

Application Framework

LAN Abstraction

Business Cluster Support

Service Applications Bridge Utility Service Access Utility Secure Service Discovery Utility Secure Communication Utility Communication Layer LAN 1 Proxy LAN 1 Driver LAN 2 Proxy LAN 2 Driver

Security Support

12

TEAHA Business Cluster Support TEAHA Business Cluster Support

Business Cluster Support Cluster

Household Appliances

Cluster

Home Safety

LAN App

Plug-in Selector

LAN App LAN App LAN App

13

Mapping on top OSGi Mapping on top OSGi

LAN K driver Communication Secure Service Discovery Secure Communication Bridge Utility Service Access Utility Service Applications

OSGi Network bundles OSGi Device bundles OSGi Application bundles

LAN K proxy LAN 1 driver LAN 1 proxy

14 Device 1 Device 2

Communication LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Bridge Utility

Seamless Interworking in Action Seamless Interworking in Action

App-PDU App-PDU LAN2-PDU App-PDU LAN1-PDU App-PDU

Cluster

Energy Management

Cluster

Energy Management

15 LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Service Discovery

Device 1 Search for Service

Communication

Device 2 Provides Service

Service Discovery in Action Service Discovery in Action

App Service Description

Service Discovery Proxy

LAN1 Service Description App Service Description App Service Description App Service Description

Service Discovery Proxy

LAN2 Service Description

16

OSGi and TEAHA Features and Needs OSGi and TEAHA Features and Needs

• OSGi

OSGi

– – Targets wide application area Targets wide application area

• Embedded and dedicated

Embedded and dedicated devices devices

– – Provides Provides specifications specifications for a for a service service-

• oriented architecture
• riented architecture

– – Defines a computing Defines a computing environment for environment for networked networked services services and is and is

• Standardized

Standardized

• Component oriented

Component oriented

– – Embodies into a Embodies into a service service platform platform with secure execution with secure execution environment environment – – Not supported Not supported

• Device authentication

Device authentication

• Platform management protocol

Platform management protocol

• TEAHA

TEAHA

– – Targets Targets

• Home applications

Home applications and and

• Relationships

Relationships with A/V with A/V applications applications

– – Provides specifications for a Provides specifications for a global home platform, focuses global home platform, focuses

• Openness

Openness

• Secure communications

Secure communications

• Interoperability

Interoperability

– – Defines a middleware platform Defines a middleware platform for seamless interworking of for seamless interworking of

• Wide variety of appliances

Wide variety of appliances available in the home available in the home environment environment

• Heterogeneous networks

Heterogeneous networks

– – Embodies into a logical TEAHA Embodies into a logical TEAHA device device – – No open issues No open issues ☺ ☺

17

OSGi vs. TEAHA Registration OSGi vs. TEAHA Registration

• OSGi

OSGi

– – Registration of services in Registration of services in the OSGi platform the OSGi platform – – Registration with the local Registration with the local OSGi registry OSGi registry

• Code/Bundle signing

Code/Bundle signing

• Policy

Policy-

• based

based

– – OSGi services use one OSGi services use one another’s services in the another’s services in the OSGi platform OSGi platform

• TEAHA

TEAHA

– – Registration of TEAHA Registration of TEAHA devices in the wide home devices in the wide home environment environment – – Device registration Device registration requires touch & play requires touch & play

• Secure zero configuration

Secure zero configuration

• Policy

Policy-

• based

based

– – Unregistered devices cannot Unregistered devices cannot use registered devices’ use registered devices’ services services

– – Device Device-

• Device service

Device service usage usage

18

TEAHA Devices and Security Modules TEAHA Devices and Security Modules

Security Module (SM) Security Session Manager Security Policy Manager Secure Storage Crypto Engine Generic Device Services Security Module Services X Y Z … TEAHA Device Network Interface User Services Device Services Device Internals Internal Services

Key Features of a Security Module:

• One SM per Device
• SM = OSGi bundle
• SM offers services to other bundles
• SM initialized by manufacturer
• Initialized SM ready to be used
• Combination of hard- and software
• Hardware Non-cloneable
• Software Risk for cloning
• Provide true strong authentication
• Secure communications rely on SM
• Insecure
• Authenticity
• Confidentiality
• Secure = Auth. + Conf.

19

TEAHA Security Module Services TEAHA Security Module Services

Sealed in a tamper evident enclosure, e.g., Integrity-protected log file or database, hardware enclosure,…

Inner Kernel with security features Cryptographic Engine

• Signing primitives and keys
• Decryption primitives and keys
• Secret master keys
• Decrypt and re-encrypt (optional)

Secure Storage

• Device/user certificate(s), data,…
• Trusted (CA) certificates
• Session data (keys, logs)

Functionality

• Authenticate data
• Verify authenticated data
• Decrypt encrypted data
• Encrypt plaintext data
• Generate key pair
• Generate secret key
• Play key agreement protocol
• Generate random data
• Compare Local vs. Reference time
• Convert security mechanism

Implementation relies on API

Can be used for

• Applications
• Secure Communications

20

TEAHA Secure Communication Types TEAHA Secure Communication Types

Device I Device H Device J Device F Device E Device G Residential Gateway

7 Communications Tube

3 4

Application Data

1 2 6 5 4 Security levels:

• Protecting Integrity and/or Confidentiality

Security parameters (keys):

• Agreed on during device discovery

21

Secure Key Agreement with Station Secure Key Agreement with Station-

• To

To-

• Station

Station

D2 sends a Pong message

Pong (Session Identifier, Data (optional))

D1 D1 Key Agreement Messages Secure Data Transfer D1 broadcasts a Ping message

Ping (Session Identifier, Data (optional))

Data Transfer

Secure Send/Receive (Session Identifier, Secured (optional) Data)

D2 D2 D2 D2

Optional Confidentiality And/Or Integrity Protection

Data Transfer

Secure Send/Receive (Session Identifier, Secured (optional) Data)

1 2 3 4 5 6 5 6

Device + Service Discovery Service Usage

22 Registry Registry

Secure Service Discovery and Use with Secure Service Discovery and Use with Registry Registry

D1 D1 Service Query Actual Data Transfer

Send/Receive (Session Identifier, Secured (optional) Data)

Direct Service Selection Secure P2P Discovery and Usage D2 D2 Actual Data Transfer

Send/Receive (Session Identifier, Secured (optional) Data)

5 6 5 6 Optional

1 2 3 4 5 6 5 6

23

Registration of Devices Registration of Devices

Registry Service Y Service X Service Z Registration Proof Z Registration Proof Y Registration Proof RG Registration Proof X Residential Gateway Device Y Device X Device Z

Master Registry issues Proofs of Registration Strong Authentication (relying on Security Module) of Devices Device-Device communication requires valid Proof of Registration

24

Example: Only one Washing Machine Example: Only one Washing Machine

Wash Washing Machine

Ping Ping Ping Ping

SMWM

25

Example: Registry Device Comes Online Example: Registry Device Comes Online

Registry Residential Gateway Wash Washing Machine

Ping Ping Ping Ping Ping Ping Ping Ping

Registration Proof SMWM Registration Proof SMRG

Residential Gateway (RG) assumes the role of a Registry Device RG is personalized for the home Issuing Registration Proof requires human interaction

• Physical presence of the registered device
• Knowledge of activation code of the new device

26

Example: Neighbor Installs Washing Machine Example: Neighbor Installs Washing Machine

Registry Residential Gateway Wash Washing Machine

Ping Ping Ping Ping Ping Ping Ping Ping

Registration Proof SMWM Registration Proof SMRG

Neighbor Apartment

Registration Proof Wash Washing Machine

Ping Ping Ping Ping

SMWM’

Neighbor’s device is not physically present Cannot receive a Registration Proof

27

Example: Separate Registration Domains Example: Separate Registration Domains

Registry Residential Gateway Wash Washing Machine

Ping Ping Ping Ping Ping Ping Ping Ping

Registration Proof SMWM Registration Proof SMRG

Neighbor Apartment

Wash Registry Residential Gateway

Ping Ping Ping Ping

Registration Proof SMRG’ Registration Proof SMWM’ Washing Machine

Neighbor’s devices receive Neighbor’s Registration Proofs Name space reflects where a device belongs to

28

Conclusions Conclusions

• TEAHA provides a secure and interoperable

TEAHA provides a secure and interoperable architecture for networked home applications architecture for networked home applications

• Security Module is an OSGi bundle that provides

Security Module is an OSGi bundle that provides

– – Secure communications services Secure communications services – – Protection against cloning of the device Protection against cloning of the device – – Strong authentication of the device and services Strong authentication of the device and services

• Initialization of security

Initialization of security-

• related parameters

related parameters embedded in the service discovery protocol embedded in the service discovery protocol

Attend the

2nd TEAHA Open Forum

November 28, 2005 Le Méridien - Nice, France

http://www.net http://www.net-

• athome.com/colocated_teaha.php

athome.com/colocated_teaha.php

30

Secure Key Agreement with Diffie Secure Key Agreement with Diffie-

• Hellman

Hellman

D1 Receives a Pong message

• Checks Authenticated (EK(data2)||αy)
• Calculates K= (αy)x
• Decrypts EK(data2)
• Processes data2

D2 Receives a Secured Data Transfer message

• Checks Authenticated (EK(data3))

D2 Decrypts the information within a session with D1

• Decrypts EK(data3)

D1 Prepares Secure Data Transfer

• Encrypts EK(data3)
• Authenticates EK(data3)

D1 Broadcasts Secured Data Transfer message for D2

• Broadcast of Authenticated (EK(data3))

D2 Receives a Ping message

• Checks Authenticated (data1||αx)
• Processes data1

Ping message sent from D1 to D2

• Computes secret x
• Calculates αx
• Authenticates {data1||αx}

D1 Broadcasts the Ping message

• Broadcast of Authenticated (data1||αx)

D2 Prepares a Pong message for D1

• Computes secret y
• Calculates αy
• Calculates K= (αx)y
• Encrypts data: EK(data2)
• Authenticates {EK(data2)||αy}

D2 Broadcasts Pong message for D1

• Broadcast of Authenticated (EK(data2)||αy)

1 2 3 4 5 6

31

TEAHA Service Discovery TEAHA Service Discovery

Service Discovery Kernel

Registry mgt Policy mgt Secure Communication Communication Service Access Utility Secure Service Discovery Security Support