dpwsec: the devices profile for web services security sebastian unger dirk timmermann university of...
TRANSCRIPT
DPWSec: The Devices Profile forWeb Services Security
Sebastian UngerDirk Timmermann
University of Rostock, GermanyMuSAMA DFG Graduate Programme
2
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
3
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
What it is about
Motivation
AALIoTAI
409.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Real-Life Threats I
Motivation
5
Source: http://www.forbes.com/sites/singularity/2012/12/06/yes-you-can-hack-a-pacemaker-and-other-medical-devices-too/
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Real-Life Threats II
Motivation
6
http://www.spiegel.de/netzwelt/web/defcon-konferenz-in-las-vegas-hacker-lieben-internet-der-dinge-a-985733.html
- Attackers love the IoT- Once eradicated security flaws come back Botnet from fridges
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
The Challenge
Motivation
7
Ambient Assisted
Living
Internetof
Things
Webof
Things
Ambient Intelligence
PervasiveComputing
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
The Goal
Motivation
8
DPWSDevice Profile for Web Services
This work:Security scheme for DPWS based on Web Services Security Specification Suite Devices Profile for WS Security (DPWSec)
This presentation:• Requirements analysis• Developed methodology• DPWSec’s functionality
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
9
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
DPWS: the Devices Profile for Web Services
Basic Principles & Related Work
10
DPWS is a communication standard for distributed embedded devices
DPWS = Web Services for resource-constrained devices+ Dynamic Discovery (bootstrap w/o central instance)+ Eventing (asynchronous messaging)
Originally designed for integration of e.g. printers into enterprise networks
Found use in• WSN• Medical devices• Automotive
• Building automation• Industrial domain• Internet of things
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Security in DPWS: Profile Mechanism
Basic Principles & Related Work
11
Security in DPWS is covered by a flexible profile mechanism.
A profile is a set of rules and assumptions, two devices agree on before communicating for the first time.
Free choice of security profiles.
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Security in DPWS: Default Profile
Basic Principles & Related Work
12
DPWS specification provides optional default profileAuthentication: X.509 – certificatesSecure channels: SSL/TLSSecure UDP traffic: Compact XML-Signature format
optional
“secure interoperability guideline”
X.509 & TLS not ideal for embedded devices
No designated way to exchange or authenticate certificates
Authorization requires username and password
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Security in DPWS: Related Work
Basic Principles & Related Work
13
Muller et al: [1] Vulnerable against MITM-Attack
Hernández et al: [2] Vulnerable against Replay-Attack
Martínez et al: [3] Large office spacesX.509 certificates, PKIDoes not consider res.-constrained devices
Unger et al: [4] Automotive, few devicesX.509 certificatesDoes not consider res.-constrained devices
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Web Service Security Specification Suite
Basic Principles & Related Work
14
WS-Federation
WS-Trust
WS-SecureConversation
WS-Security
WS-Po
licy
Trust brokering
Centralized authentication
Authorization brokering
WS-Security ∈ WS Security Suite
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
15
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Three-tiered Requirements Analysis
Requirements
16
Attacker models
Requirements from literatureScenario 1 Scenario
requirementsScenario 2
Scenario n
Smart Home / AAL
Smart Office…
Requirementslist
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Three-tiered Requirements List
Requirements
17
Requirementslist
Basic security requirements
Special requirements for intelligent environments
Requirements on interoperability
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Basic security-related Requirements
Requirements
18
• DOLEV-YAO-attacker model
• Secure external communication
• Flexible support for different authorization concepts
• Avoid single points of failures
• Possibility to form organizational groups
• Different levels of security
• Secure continuous deployment
• Scalable
• Ease of use w/o impact on security
• Support of secure data persistence09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Basic security-related Requirements
Requirements
19
• DOLEV-YAO-attacker model
• Secure external communication
• Flexible support for different authorization concepts
• Avoid single points of failures
• Possibility to form organizational groups
• Different levels of security
• Secure continuous deployment
• Scalable
• Ease of use w/o impact on security
• Support of secure data persistence09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Special Requirements for intelligent Environments
Requirements
2009.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
• Protect remaining network when member is lost / stolen
• Focus on devices, not users
• Consider heterogeneity of resources
• Coordinated sign-out
• Consider heterogeneity of user interfaces
• Consider maintenance by experts and end users
• Disburden constrained devices
• Delegation of access rights
Special Requirements for intelligent Environments
Requirements
21
• Protect remaining network when member is lost / stolen
• Focus on devices, not users
• Consider heterogeneity of resources
• Coordinated sign-out
• Consider heterogeneity of user interfaces
• Consider maintenance by experts and end users
• Disburden constrained devices
• Delegation of access rights
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Special Requirements on Interoperability
Requirements
22
• Use a widely-deployed, well-accepted technology
• Secure protocol interoperability
• Secure manufacturer interoperability
• Interoperable end-2-end-security
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Special Requirements on Interoperability
Requirements
23
• Use a widely-deployed, well-accepted technology
• Secure protocol interoperability
• Secure manufacturer interoperability
• Interoperable end-2-end-security
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
24
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Two Major Design Goals
Methodology
25
Restrict generality
Offload resource-intensive tasks
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Offloading Efforts
Methodology
26
Tasks to be offloaded mostly concern secure connection establishment
• Retrieving target’s metadata
• Parsing policies and matching connection parameters
• Authentication methods
• Encryption algorithms
• Support in direct authentication
• Offer brokered authentication
• Offer (semi)centralized authorization
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Eliminating Specification Parts
Methodology
27
• Original specifications are very flexible
• Offer lots of design choices
After all: designed for desktop PCs and server machines
Elimination of “unnecessary” or “unsuitable” parts:
• Some parts are simply not necessary (according to requirements)
• Other restrictions follow patterns:
• Trade statelessness for simplicity
• Respect communication model of DPWS
• Respect architecture of DPWS
• No extended multihop security09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
28
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Compact Message Security Scheme
Features of DPWSec
29
• Securing single messages using a compact security scheme on message level proposed earlier [5]
• Encrypt SOAP-Payload only, sign complete envelope
• Performs similar to Record Protocol of TLS (no sever performance drawback)
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Authentication
Features of DPWSec
30
Two authentication approaches
• Direct authentication based on OOB PIN exchange
• conduct authenticated Elliptic-Curve-Diffie-Hellman
• Optionally employ MM-devices to translate OOB channels [6]
• Brokered authentication between devices
• Optionally offered by “strong” participants
• Heavily disburdens “weak” as it relies on trust chains and does not require cryptographic hand shakes
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Authorization
Features of DPWSec
31
• Authorization is special, as it requires no cryptography
• Instead, it is about making decisions and communicating them
DPWSec focuses on infrastructural part only
How to ask for permission and how to deliver the decision
Proposed a complementary authorization concept
• Strong participants offer themselves as synchronous authorizers
• If the can’t make a decision, they ask the user asynchronously using e.g. their smart phones
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
32
• Motivation
• Basic Principles & Related Work
• Requirements
• Methodology
• Features of DPWSec
• Conclusion & Outlook
Agenda
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Evaluation
Conclusion
33
It works. Prototype implementation available open source [7]
DOLEV-YAO-attacker model
Secure external communication
Flexible support for different authorization concepts
Avoid single points of failures
Possibility to form organizational groups
Different Levels of Security
Secure continuous deployment
Scalable
Ease of use w/o impact on security
Support of secure data persistence
Consider heterogeneity of resources
Focus on devices, not users
Protect remaining network when member is lost / stolen
Disburden constrained devices
Coordinated sign-out
Consider maintenance by experts and end users
Consider heterogeneity of user interfaces
Delegation of Access rights
Use a widely-deployed, well-accepted technology
Secure protocol interoperability
Secure manufacturer interoperability
Interoperable end-2-end-security
Almost every requirement met.Every requirement met.
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Towards an Infrastructure for intelligent Environments
Outlook
34
DPWSec
DPWS
Tech2Sec
Technology 2
TechnSec
Technology n
Security infrastructure for distributed embedded devices
Incarnation
Inca
rnat
ion
Incarnation
Intelligent environmentAdapter 1 Adapter 2 Adapter3
Secure protocol interoperability incl. interoperable E2E-security
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Adapt to second Base Technology
Future Work
35
Near future: Second technology next to DPWS
Isolate requirements
Actually port DPWSec
Far future: Research secure protocol interoperability
Employ adapter / translator concept
Research emerging issues esp. regarding interoperable E2E-security
09.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“
Bibliography
[1] A. Muller et al., “An assisted device registration and service access system for future home networks,” in Wireless Days (WD), 2009 2ndIFIP, Dezember 2009, p. 5.
[2] V. Hernández et al., “Security Framework for DPWS Compliant Devices,” Third International Conference on Emerging Security Information, Systems and Technologies, 2009.
[3] J.-F. Martínez et al., “A security architectural approach for DPWS-based devices,” CollECTeR Iberoamérica, 2008.
[4] S. Unger et al., “Extending the devices profile for web services for secure mobile device communication,” in Internet of Things Conference - TIoPTS Workshop, 2010.
[5] S. Unger, S. Pfeiffer, and D. Timmermann, “Dethroning transport layer security in the embedded world,” in 5th International Conference on New Technologies, Mobility and Security (NTMS), 2012.
[6] S. Unger and D. Timmermann, “Bridging the gap for authentication in smart environments,” in Computers and Communications (IEEE ISCC 2014), 19th IEEE Symposium on, Funchal,
[7] https://gitlab.amd.e-technik.uni-rostock.de/sebastian.unger/ws4d-mobile-authenticator/wikis/home
Thank you very much for your attention!
Any questions?
Questions?
Thank you!
Sebastian UngerInstitute for Applied Microelectronics and Computer Engineering,
University of Rostock, [email protected]
3709.04.2015 © 2015 UNIVERSITÄT ROSTOCK | S.Unger: „DPWSec: Devices Profile for Web Services Security“