dpwsec: the devices profile for web services security sebastian unger dirk timmermann university of...

DPWSec: The Devices Profile forWeb Services Security

Sebastian UngerDirk Timmermann

University of Rostock, GermanyMuSAMA DFG Graduate Programme

2

• Motivation

• Basic Principles & Related Work

• Requirements

• Methodology

• Features of DPWSec

• Conclusion & Outlook

Agenda

09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“

3

• Motivation


• Requirements

• Methodology



Agenda


What it is about

Motivation

AALIoTAI


Real-Life Threats I

Motivation

5

Source: http://www.forbes.com/sites/singularity/2012/12/06/yes-you-can-hack-a-pacemaker-and-other-medical-devices-too/


Real-Life Threats II

Motivation

6

http://www.spiegel.de/netzwelt/web/defcon-konferenz-in-las-vegas-hacker-lieben-internet-der-dinge-a-985733.html

- Attackers love the IoT- Once eradicated security flaws come back Botnet from fridges


The Challenge

Motivation

7

Ambient Assisted

Living

Internetof

Things

Webof

Things

Ambient Intelligence

PervasiveComputing


The Goal

Motivation

8

DPWSDevice Profile for Web Services

This work:Security scheme for DPWS based on Web Services Security Specification Suite Devices Profile for WS Security (DPWSec)

This presentation:• Requirements analysis• Developed methodology• DPWSec’s functionality


9

• Motivation


• Requirements

• Methodology



Agenda


DPWS: the Devices Profile for Web Services

Basic Principles & Related Work

10

DPWS is a communication standard for distributed embedded devices

DPWS = Web Services for resource-constrained devices+ Dynamic Discovery (bootstrap w/o central instance)+ Eventing (asynchronous messaging)

Originally designed for integration of e.g. printers into enterprise networks

Found use in• WSN• Medical devices• Automotive

• Building automation• Industrial domain• Internet of things


Security in DPWS: Profile Mechanism


11

Security in DPWS is covered by a flexible profile mechanism.

A profile is a set of rules and assumptions, two devices agree on before communicating for the first time.

Free choice of security profiles.


Security in DPWS: Default Profile


12

DPWS specification provides optional default profileAuthentication: X.509 – certificatesSecure channels: SSL/TLSSecure UDP traffic: Compact XML-Signature format

optional

“secure interoperability guideline”

X.509 & TLS not ideal for embedded devices

No designated way to exchange or authenticate certificates

Authorization requires username and password


Security in DPWS: Related Work


13

Muller et al: [1] Vulnerable against MITM-Attack

Hernández et al: [2] Vulnerable against Replay-Attack

Martínez et al: [3] Large office spacesX.509 certificates, PKIDoes not consider res.-constrained devices

Unger et al: [4] Automotive, few devicesX.509 certificatesDoes not consider res.-constrained devices


Web Service Security Specification Suite


14

WS-Federation

WS-Trust

WS-SecureConversation

WS-Security

WS-Po

licy

Trust brokering

Centralized authentication

Authorization brokering

WS-Security ∈ WS Security Suite


15

• Motivation


• Requirements

• Methodology



Agenda


Three-tiered Requirements Analysis

Requirements

16

Attacker models

Requirements from literatureScenario 1 Scenario

requirementsScenario 2

Scenario n

Smart Home / AAL

Smart Office…

Requirementslist


Three-tiered Requirements List

Requirements

17

Requirementslist

Basic security requirements

Special requirements for intelligent environments

Requirements on interoperability


Basic security-related Requirements

Requirements

18

• DOLEV-YAO-attacker model

• Secure external communication

• Flexible support for different authorization concepts

• Avoid single points of failures

• Possibility to form organizational groups

• Different levels of security

• Secure continuous deployment

• Scalable

• Ease of use w/o impact on security

• Support of secure data persistence09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“

Basic security-related Requirements

Requirements

19

• DOLEV-YAO-attacker model

• Secure external communication

• Flexible support for different authorization concepts

• Avoid single points of failures

• Possibility to form organizational groups

• Different levels of security

• Secure continuous deployment

• Scalable

• Ease of use w/o impact on security

• Support of secure data persistence09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“

Special Requirements for intelligent Environments

Requirements


• Protect remaining network when member is lost / stolen

• Focus on devices, not users

• Consider heterogeneity of resources

• Coordinated sign-out

• Consider heterogeneity of user interfaces

• Consider maintenance by experts and end users

• Disburden constrained devices

• Delegation of access rights

Special Requirements for intelligent Environments

Requirements

21

• Protect remaining network when member is lost / stolen

• Focus on devices, not users

• Consider heterogeneity of resources

• Coordinated sign-out

• Consider heterogeneity of user interfaces

• Consider maintenance by experts and end users

• Disburden constrained devices

• Delegation of access rights


Special Requirements on Interoperability

Requirements

22

• Use a widely-deployed, well-accepted technology

• Secure protocol interoperability

• Secure manufacturer interoperability

• Interoperable end-2-end-security


Special Requirements on Interoperability

Requirements

23

• Use a widely-deployed, well-accepted technology

• Secure protocol interoperability

• Secure manufacturer interoperability

• Interoperable end-2-end-security


24

• Motivation


• Requirements

• Methodology



Agenda


Two Major Design Goals

Methodology

25

Restrict generality

Offload resource-intensive tasks


Offloading Efforts

Methodology

26

Tasks to be offloaded mostly concern secure connection establishment

• Retrieving target’s metadata

• Parsing policies and matching connection parameters

• Authentication methods

• Encryption algorithms

• Support in direct authentication

• Offer brokered authentication

• Offer (semi)centralized authorization


Eliminating Specification Parts

Methodology

27

• Original specifications are very flexible

• Offer lots of design choices

After all: designed for desktop PCs and server machines

Elimination of “unnecessary” or “unsuitable” parts:

• Some parts are simply not necessary (according to requirements)

• Other restrictions follow patterns:

• Trade statelessness for simplicity

• Respect communication model of DPWS

• Respect architecture of DPWS

• No extended multihop security09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“

28

• Motivation


• Requirements

• Methodology



Agenda


Compact Message Security Scheme

Features of DPWSec

29

• Securing single messages using a compact security scheme on message level proposed earlier [5]

• Encrypt SOAP-Payload only, sign complete envelope

• Performs similar to Record Protocol of TLS (no sever performance drawback)


Authentication

Features of DPWSec

30

Two authentication approaches

• Direct authentication based on OOB PIN exchange

• conduct authenticated Elliptic-Curve-Diffie-Hellman

• Optionally employ MM-devices to translate OOB channels [6]

• Brokered authentication between devices

• Optionally offered by “strong” participants

• Heavily disburdens “weak” as it relies on trust chains and does not require cryptographic hand shakes


Authorization

Features of DPWSec

31

• Authorization is special, as it requires no cryptography

• Instead, it is about making decisions and communicating them

DPWSec focuses on infrastructural part only

How to ask for permission and how to deliver the decision

Proposed a complementary authorization concept

• Strong participants offer themselves as synchronous authorizers

• If the can’t make a decision, they ask the user asynchronously using e.g. their smart phones


32

• Motivation


• Requirements

• Methodology



Agenda


Evaluation

Conclusion

33

It works. Prototype implementation available open source [7]

DOLEV-YAO-attacker model

Secure external communication

Flexible support for different authorization concepts

Avoid single points of failures

Possibility to form organizational groups

Different Levels of Security

Secure continuous deployment

Scalable

Ease of use w/o impact on security

Support of secure data persistence

Consider heterogeneity of resources

Focus on devices, not users

Protect remaining network when member is lost / stolen

Disburden constrained devices

Coordinated sign-out

Consider maintenance by experts and end users

Consider heterogeneity of user interfaces

Delegation of Access rights

Use a widely-deployed, well-accepted technology

Secure protocol interoperability

Secure manufacturer interoperability

Interoperable end-2-end-security

Almost every requirement met.Every requirement met.


Towards an Infrastructure for intelligent Environments

Outlook

34

DPWSec

DPWS

Tech2Sec

Technology 2

TechnSec

Technology n

Security infrastructure for distributed embedded devices

Incarnation

Inca

rnat

ion

Incarnation

Intelligent environmentAdapter 1 Adapter 2 Adapter3

Secure protocol interoperability incl. interoperable E2E-security


Adapt to second Base Technology

Future Work

35

Near future: Second technology next to DPWS

Isolate requirements

Actually port DPWSec

Far future: Research secure protocol interoperability

Employ adapter / translator concept

Research emerging issues esp. regarding interoperable E2E-security


Bibliography

[1] A. Muller et al., “An assisted device registration and service access system for future home networks,” in Wireless Days (WD), 2009 2ndIFIP, Dezember 2009, p. 5.

[2] V. Hernández et al., “Security Framework for DPWS Compliant Devices,” Third International Conference on Emerging Security Information, Systems and Technologies, 2009.

[3] J.-F. Martínez et al., “A security architectural approach for DPWS-based devices,” CollECTeR Iberoamérica, 2008.

[4] S. Unger et al., “Extending the devices profile for web services for secure mobile device communication,” in Internet of Things Conference - TIoPTS Workshop, 2010.

[5] S. Unger, S. Pfeiffer, and D. Timmermann, “Dethroning transport layer security in the embedded world,” in 5th International Conference on New Technologies, Mobility and Security (NTMS), 2012.

[6] S. Unger and D. Timmermann, “Bridging the gap for authentication in smart environments,” in Computers and Communications (IEEE ISCC 2014), 19th IEEE Symposium on, Funchal,

[7] https://gitlab.amd.e-technik.uni-rostock.de/sebastian.unger/ws4d-mobile-authenticator/wikis/home

Thank you very much for your attention!

Any questions?

Questions?

Thank you!

Sebastian UngerInstitute for Applied Microelectronics and Computer Engineering,

University of Rostock, [email protected]


dpwsec: the devices profile for web services security sebastian unger dirk timmermann university of...

Documents

web services security

ws security dpwsec

universitt rostock s

security scheme

dpws device profile

flexible profile mechanism

eradicated security

dpws specification