Security Impact on Sensor Network Life by tae66661


									Home Network Security:
   Abedelaziz MOHAISEN
•   General Applications      • Security
•   Device Classification        –   Involved technologies
                                 –   Security HW model
•   System Services
                                 –   Authentication Models
•   SW Elements
                                 –   Secret information
•   Mapping SW elements to    • Possible Solutions
    device classes
•   Architecture
•   Interaction example
•   Applications’ scenarios
•   Devices
  Home Network Applications
• Entertainment
   – TV scenario, sharing resources (view).
   – Program VCR
   – TV for Video Conference
• Home Automation
   – Power control and heating profile
• Security Applications
   – Alarm Notification, Camera Control
• Internet or Mobile Access to Home Devices
  Device Classification – HAVi’s
• Full AV
   – Has runtime environment for Java Byte codes
   – Can be used to control arbitrary devices
   – Examples – DTV Receivers, Residential Gateways, Home PCs
• Intermediate AV
   –   Cheaper than FAV
   –   No runtime environment
   –   Specific to particular devices
   –   DVD players, AV Servers
  Device Classification - HAVi’s
• Base AV
  –   No HAVi software
  –   Contains Java Byte codes on ROMs
  –   Needs a controller
  –   Portable Audio Players, Camcorders
• Legacy AV
  – All other devices
  – Do not recognize HAVi architecture
             System Services
•   Discovery
•   Messaging
•   Lookup
•   Events
•   Configuration
•   Streaming
•   Reservation
•   Device Control
•   User Interaction
    Software Elements – HAVi’s
•   Communication Media Manager
•   Messaging System
•   Event Managers
•   Registry
•   DCM Managers
•   Stream Manager
•   Resource Manager
•   DDI Controller
    Communication Media Manager(CMM)

• Encapsulates HAVi’s dependence on IEEE 1394 network
• Provides APIs to perform 1394 asynchronous read, write, and lock
• It works with Event Manager to detect and announce dynamic
  changes in network topology
                     Messaging System
•   Runs over the IEC 61883.1 Function Control Protocol(FCP)
•   Software Element ID Allocation
•   Fragmentation and Reassembly robust to 1394 resets
•   Supervision of another software element
•   Simple and Reliable Transfer
                      Event Manager
• Provides a distributed event service
• Can post an event or forward it to other event managers for global
• Software elements have to register for a event
• Messaging System is used to notify a software element of an event

• Attribute list of all software elements residing on the local host
• A software element can submit a query for a particular attribute
• The local registry uses messaging system to send this query to
  other registries and receive their response
                    DCM Managers
• DCM has to be installed on target devices by DCM managers
• Each portable DCM contains a Java JAR file, which contains its
  memory requirements
• Each DCM has a digital certificate for authentication

                   Stream Manager
• Provides APIs for configuring end-to-end isochronous streaming
• Provides requesting, releasing, and configuring network resources
• Supports global connection queries
• Oversees plug compatibility
• Ensures connection restoration after a 1394 reset
              Resource Manager
• Lets applications reserve and release FCMs and arrange
  scheduled actions
• Resource Managers exchange information to detect
  potential conflicts
• Provides for preemption
        Data Driven Interface (DDI)
• It is compact representation of UI elements
• It resides on a FAV or an IAV
• It is used to control a target device
• Messaging services are used for communication
  between the controller and the target device
• DDI communicates with the user via I/O of controller
   Mapping of Software elements to
          Device Classes

Software Element   FAV    IAV   BAV   LAV
Java                 x
DDI Controller      (x)   (x)
Resource Manager     x    (x)
Stream Manager       x    (x)
DCM Manager          x    (x)
Registry             x     x
Event Manager        x     x
Messaging System    x      x
    Mapping of Software elements to
        Device Classes(contd.)

Software Element        FAV   IAV    BAV   LAV
CMM                      x      x
Device Control Module    x     (x)    x     x
IEEE 1394                X      x     x    (x)
IEEE 1212r               X      x     x    (x)
IEC 61883.1 FCP          X      x    (x)   (x)
IEC 61883.1 CMP          X     (x)   (x)   (x)
                                     Architecture – HAVi’s
                                                                                               Interop. API (Java binding)
                                   Interoperability API (native binding)
                                                  Resource Mgr                                     DCM                 DCM
                                     Stream Mgr

            Event Mgr

                                                                       DCM          optional

                                                                 DCM         DCM
                                                                                    Level I
                                                                                   UI Engine
                                                                 DCM Manager

1394 Manager

                                                           Vendor-specific Platform (RTOS)

1394 Device Drivers                                                          Other Device Drivers
        Interaction - Example
• The TV in the family room acts a controller for many
• As soon a new device is connected to the network an
  icon appears on TV
• The control code and the user interface to control the
  device is obtained by the TV
• The user can manipulate the new device from the UI that
  appears on the TV.
  Applications and Scenarios
• Your TV displays a photograph of the visitor at your
  doorstep and speaks out a message.
• When the phone rings the Audio System or the TV
  automatically pauses or mutes.
• Record an interesting show from TV on to a cassette via
  a VCR. Issues commands from the web.
• VCR or Audio Systems automatically set their time
  correctly after a power outage.
What Devices do we have?
                    HAVi Membership
•   3A International       •   LG Electronics            •   Sanyo
•   Digital Harmony        •   Liberate Technologies     •   Seiko Epson
    Technologies           •   Loewe Opta                •   Sensory Science Corp.
•   Esgem, Limited         •   Matsushita Electric       •   Sharp Corporation
•   Fujitsu                    Industrial Co.            •   Sony Corporation
•   Funai Electric         •   Microware Systems         •   Sun Microsystems
•   GMD Fokus              •   MIPS Technologies         •   Teralogic
•   Grundig                •   Mitsubishi Electric       •   Texas Instruments
•   Hitachi                •   NKK Corp (LSI Division)   •   THOMSON Multimedia
•   Hewlett - Packard      •   NHK Engineering           •   Toshiba
•   Institut of Computer       Services
                                                         •   VividLogic Inc.
    Technology             •   Nokia
                                                         •   Waseda University (Nakajima Labs)
•   Invensys Network       •   Philips
    Systems                                              •   Wind River Systems
                           •   Pioneer
•   Kenwood                                              •   Xilinx, Inc.
                           •   Rearden Steel Inc
•   Keyware                                              •   Yaskawa Information Systems Co. Ltd.
                           •   QNX Software Systems
•   Konica                                               •   Zayante
                           •   Samsung Electronics
Home Network Security

 Security Model and Services
• The home network includes different wireless technologies:
   – IEEE 802.11 WLAN: uses the typical AES, WEP was used also
     (had some implementation weakness, TKIP - Temporal Key
     Integrity Protocol is used to improve WEP)
   – Bluetooth (3 levels of security: non-secure, service or link level
     secure). Uses the PIN code to generate a key for authenticating
     the Bluetooth device.
   – HomeRF: 24-bit IP, 56-bit Encryption (was 40-bits), Strong
     Encryption Algorithm (Stronger than the GSM’s A5 and uses
     LZRW3-A for compression (based on deep hash with LRU).
   – Digital Enhancement Cordless Telecommunications DECT: high
     protection against unauthorized entities, ……
                 Security - NEED
• The home network is connected to the Internet. It’s exposed
  to various cyber attacks of the internet:
   –   Malicious Codes.
   –   Worms and Viruses.
   –   Denial of Service (DoS) Attacks.
   –   Data Eavesdropping.
• The home network is equipped by a gateway which is the
  core module for the home network services:
   – Every packet pass through the gateway
   – It authenticates the users and controls accesses based on the
     authentication information.
                   HW-Model -1
• The home network system is composed of:
   – Home network client.
   – Home gateway.
   – Service server.
   – Controlled home devices and services.
• Home network client should be useful indoor and outdoor as
  well, portable and easy to use:
   – Indoor: DTV, PC, Wall-Pad and mobile phones
   – Mainly, we are concerned of IP-Based TV.
   – The client should provide an interface for home network services
     and user authentication functionality
                      HW-Model -2

   Home User            Home Gateway                Service Provider

  Home Network               Security Policy

User Authentication

       Client                                           Module

           Components for the Home network Security
               Authentication -1
• Authentication Can be divided into two categories
   – Device Authentication:
       • Between the gateway and the device.
       • Easy to use and manage.
       • Limited to simple services models; hard to apply for different
         services at once.
   – User Authentication
       • Requires the user intervention (interference).
       • It satisfy a desire for different services.
       • Only, how to make certain the security and easiness.
• The authentication is enables via different forms
   – ID/Password Authentication, Certificate Authentication, Bio
     Authentication and RFID Authentication
   – Legacy servers uses ID/PW or certificate Authentication.
         Authentication -2
          Home Gateway Authentication Module


          Certificate                      ID/PW

User                                                   Service
Auth.                                                   Auth.
Client       BIO                         Certificate   Server

    What Secure Information is?
•   HomeRF’s 56-bits SK
•   Bluetooth ??-bits SK
•   WLAN’s 128-bits SK ….
•   HAVi’s 1024-bits PK
•   Vendor’s 1024,1536 or 2048-bits PK
•   Authentication Information. (PW/ID, CER,
Our Solutions

To be presented by
 Youngjae Maeng

To top