himanshu khurana senior security engineer, ncsa
DESCRIPTION
Overview of Testbed Area PAWNS Testbed Secure Sensor Middleware Integrating Policy and Group Key Management. Himanshu Khurana Senior Security Engineer, NCSA. Testbed Area. Goal: provide a testbed for integration, evaluation, and demonstration of technologies developed by NCASSR - PowerPoint PPT PresentationTRANSCRIPT
Overview of Testbed AreaPAWNS TestbedSecure Sensor MiddlewareIntegrating Policy and Group Key Management
Himanshu KhuranaSenior Security Engineer, NCSA
Testbed Area
Goal: provide a testbed for integration, evaluation, and demonstration of technologies developed by NCASSR
Long-term Vision: a testbed integrated with NCASSR organizations’ and external testbeds for scalability testing and transfer of technology
NCSA’s globus alliance and production environment efforts DHS/NSF Deter Testbed NRL Protean Lab
Step-by-step approach Provide a means for testing individual NCASSR
technologies Enhance collaboration between NCASSR and other
organization projects to develop integrated technologies
Y2 Testbed Projects
Five projects managed by three organizations SABRE – PI: Ouderkirk (PNNL) Multilevel – PI: Irvine ( NPS) CyberCIEGE – PI: Irvine (NPS) PKI Testbed – PI: Basney (NCSA) PAWNS – PI: Khurana (NCSA)
PAWNS: A testbed for Programming Applications for a Wireless Network of (motes-based) Sensors
Team Members: Himanshu Khurana, Peter Bajcsy, Rakesh Bobba, David Scherba
Goal: Integrate, evaluate and demonstrate Hazard Awareness using sensors (PI: Bajcsy) Security services for sensor networks (PI: Khurana)
PAWNS/Hazard Awareness/Secure Sensor Middleware Technology Components
Hazard Awareness and Response Deploy Point Sensors (“smart” motes) Using Robot
Control Calibrate Spectral Cameras and Point Sensors Proactive Camera Control Using Point Sensors Hazard Analysis and Human Alert Hazard Confirmation and Elimination Using Robot
Control Security and Reliability over multi-hop sensor
networks Encrypt data between sensors and base station
Key Management using Smart Dust, Public-Key and Random Graph techniques
Tinysec link-layer encryption with Skipjack Reliability transfer of messages
Link-level retransmission, erasure codes
Experimental Setup and Hazard Simulation *
* Slide provided by Peter Bajcsy
Proactive Camera Control and Hazard Alert and Elimination *
Proactive Camera Control Logic:
If light = on then visible camera = on
If light = off then thermal IR camera = on
Based on image analysis re-direct human attention to hazardous situation
* Slide provided by Peter Bajcsy
Integrating Policy and Group Key Mgmt Research Area: Secure Group Communication (SGC)
GCSs enable collaborative applications such as C&C and conferencing
Need for scalable security and multicast services Problems
Scalable Group Key Management approaches require Group Controllers to bear significant trust liabilities
Lack of tools to evaluate efficacy of key mgmt techniques Policy and key mgmt are both necessary to enable SGC but have not
been integrated
Goals/Approach Develop new key mgmt solutions that minimize trust liability in
group controllers Implement SGC framework based on IETF MSEC WG Security
Architecture specification Evaluate key mgmt solution in framework Framework integrates policy and key mgmt
Team Members Himanshu Khurana, Luke St. Clair, Neelay Shah
Minimizing Trust Liability in GC
Previous scalable key mgmt schemes use a trusted GC
GC organizes long-term member (symmetric) keys in a tree to enable O(log n) scalability
If GC is compromised, adversary gets access to data and key encryption keys and makes recovery costly
Our solution (TASK) using proxy cryptography so that GC does not have access to data and key encrypting keys
GC organizes shares of member (asymmetric) keys in a tree, uses shares to transform messages between members, enables O(log n) scalability
If GC is compromised, adversary only gets shares which can be refreshed easily for quick and cheap recovery
Publication Himanshu Khurana, Rafael Bonilla, Adam Slagell, Raja Afandi,
Hyung-Seok Hahm, and Jim Basney. Scalable Group Key Management with Partially Trusted Controllers. To appear in the International Conference on Networking, Reunion Island, April 2005
SGC Framework Implementation
Key Mgmt: Task, LKH
Auth:Openssl, IKE
Policy Spec:Antigone
M1 M2 Mn M1 M2
Key MgmtAuth
PolicySpec.
Domain A Domain B
GC Policy Server GC Policy Server
…
Reliable Multicast Layer: NORM, SpreadReliable Multicast Layer: NORM, Spread
Testbed Area Funding (Y2)
SABRE (Simulated Anomalous Behavior & REcognition) Ouderkirk
PNNL/Battelle $350,000
PAWNS (Programming & testing Applications on Wireless Network of Sensors) Khurana NCSA $175,000
Multilevel Testbed Encryption Experiments/Trusted Channel Implementation Irvine NPS $80,000
PKI Testbed Basney NCSA $255,000
CyberCIEGE Extended Scenarios Irvine NPS $200,000
Thrust Total Budget: $1,060,000