FP7-ICT-STREP

Contract No. 258280

TWISNet

Trustworthy Wireless Industrial Sensor Networks

Deliverable D5.3.1

Report on dissemination/exploitation activities

Contractual date: M12

Actual submission date: M12

Responsible beneficiary: HTW

Authors:

Markus Wehner (HTW), Sven Zeisberg (HTW),

Alexis Olivereau (CEA), Mike Ludwig (DDE), Laura

Gheorghe (UPB)

Work package: WP5

Security: PU

Nature: Report

Document name: TWISNet_WP5_D531.docx

Version: 1.1

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 2 of 22

REVISION HISTORY

Date (dd.mm.yyyy)

Version Author Comments

24.08.2011 0.1 Markus Wehner Draft:

Chapter 1 (Summary)

Chapter 2 (Detail)

Chapter 3 (Technology and Market tracking)

Chapter 4 (Participants)

Annex A (Poster)

References

added

01.09.2011 0.2 Markus Wehner added senZations to chapter 1&2

21.09.2011 0.3 Alexis Olivereau added marketing trends on smart grid, IP and home security

21.09.2011 0.4 Markus Wehner added marketing trends on large bandwidth sensors, automotive security

27.09.2011 0.5 Mike Ludwig Review of the whole document

28.09.2011 1.0 Markus Wehner included changes according to review, final layout changes

28.09.2011 1.1 Laura Gheorghe changes in chapter 1 and 2

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 3 of 22

Abstract:

This deliverable provides a report of the project activities regarding dissemination and exploitation during the first project year. It contains a detailed list of all publications and dissemination activities performed by the consortium partners related to the project. A list of activities raising public awareness with contents attached as annexes is provided. Also, an intermediate marketing and technology tracking review is given by presenting a state-of-the-art market overview of security technologies in scope.

Keyword list:

Dissemination, exploitation, demonstration, WSN security technology and market tracking

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 4 of 22

TABLE OF CONTENTS

List of Abbreviations ........................................................................................................... 5

1. Summary of Dissemination and Promotion Activities .............................................. 7

2. Dissemination and Promotion Activities in Detail ..................................................... 8

3. Intermediate Marketing and Technology Tracking Review ......................................10

4. List of Participants .....................................................................................................18

5. Acknowledgment ........................................................................................................18

Annex A ..............................................................................................................................19

References ..........................................................................................................................20

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 5 of 22

LIST OF ABBREVIATIONS

6LoWPAN IPv6 over Low power Wireless Personal Area Networks

ACS Access Control Server

AES Advanced Encryption Standard

AMR Advanced Meter Reading

AMI Advanced Metering Infrastructure

D3R Decentralized Distributed Dynamic Routing

DFT/HA Distributed Fault-Tolerant / High Availability

DNS Domain Name Server

EAP Extensible Authentication Protocol

EAP-SIM EAP-Subscriber Identity Module

EAP-AKA EAP for UMTS Authentication and Key Agreement

EAP-MS-CHAPv2 EAP with Microsoft Challenge-handshake authentication protocol v2

EC European Commission

ECC Elliptic Curve Cryptography

ECDH Elliptic curve Diffie–Hellman

EEPROM Electrically Erasable Programmable Read-Only Memory

ETSI European Telecommunications Standards Institute

FP7/FP8 Seventh/Eighth Framework Programme

FT/HA Fault-Tolerant / High Availability

GNU GNU’s Not Unix project

GPL GNU General Public Licence

IAB Internet Architecture Board

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

IKEv2 Internet Key Exchange version 2

IP Internet Protocol

IPv6 Internet Protocol version 6

IPsec Internet Protocol Security

IPSO Internet Protocol for Smart Objects

ISO International Standardization Organization

LGPL GNU Lesser General Public License

MAX Measurement & Automation Explorer

M2M Machine to Machine

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 6 of 22

NI National Instruments

NIS Network and Information Security

OEM Original Equipment Manufacturer

OS Operating System

PAWiS Power Aware Wireless Sensors

P2P Point-to-Point

P3P Platform for Privacy Preferences

PKC Public Key Cryptography

RF4CE Radio Frequency for Consumer Equipment

RNG Random Number Generator

SHA-256 Secure Hash Algorithm with 256 bit hash length

SysSec NoE System Security Network of Excellence

TLS Transport Layer Security

TRMSim Trust and Reputation Models Simulator for Wireless Sensor Networks

VPN Virtual Private Network

WSN Wireless Sensor Networks

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 7 of 22

1. SUMMARY OF DISSEMINATION AND PROMOTION ACTIVITIES

Dissemination activities have been encouraged and supported by the all members of the project. Different partners hold a number of talks and represented the project on international workshops. Table 1 below provides an overview on participation on workshops and meetings.

Event Date Place Remark

SAP For Nuclear Update Session

15 March 2011 Walldorf, Germany

TWISNet promotion at SAP

Interconnecting Smart Objects with the Internet Workshop 2010

25 March 2011 Prague, Czech

IAB/IETF organized workshop covering actual and future work of IETF, active participation and contribution with a position paper [1]

Tutorial on Interconnecting Smart Objects with the Internet

26 March 2011 Prague, Czech

IAB/IETF organized tutorial on actual IETF drafts

Effectsplus 1st Technical Cluster Meeting

29/30 March 2011

Brussels, Belgium

Active participation in the Systems and Networks Cluster

ETSI M2M-Security Meeting

27 - 29 April 2011

Munich, Germany

Active participation

Conference on Network and Information Systems Security (SAR-SSI) 2011

18 – 21 May 2011

La Rochelle, France

IEEE paper publication and presentation [2]

NIS'11 Summer School 27 June –

1 July 2011

Crete, Greece

Presentation of the TWISNet project at the poster session

Effectsplus 2nd Technical Cluster Meeting and Workshop

4 – 5 July 2011 Amsterdam, Netherlands

Participation and Contribution to the Systems and Networks Cluster

1st SysSec NoE Workshop

6 July 2011 Amsterdam, Netherlands

IEEE Publication of the joint TWISNet paper [3]

senZations summer school 2011

29 August – 2 September 2011

Kotor, Montenegro

Presentation of the TWISNet project at an oral session

Table 1: Overview of Dissemination and Promotion activities

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 8 of 22

2. DISSEMINATION AND PROMOTION ACTIVITIES IN DETAIL

This section provides more detailed information about the events mentioned in Table 1.

Public website

Deliverable 5.1 has been finished in time with the set-up of the public website http://www.twisnet.eu. The webpage gives an overview of the project partners, objectives, technical approaches and scenarios, lists public deliverables and shows the funding by the EC. All project documents are available in an intranet part on the webpage for internal working and review purposes. The webpage was updated continuously. Especially, events where TWISNet participates are highlighted.

SAP For Nuclear Update Session, 15 March 2011, Walldorf, Germany

The TWISNet project was put on view during the "SAP For Nuclear Update Session", taking place in Walldorf on March 15th 2011. This activity brought into the same room experts in the Nuclear Industry from different SAP departments and locations partners in order to discuss the SAP portfolio for Nuclear Power Generation: Research & Development, Utilities Industry Business Development and Solutions, SAP for Utilities Competence Centre and dedicated Co-Development Partners for the Nuclear Industry. It was headed by Mr. Rory Shaffer, responsible for Nuclear Power Generation at the Solution Management Department for the Utilities Industry.

IETF/IAB workshop and tutorial, 25/26 March 2011, Prague, Czech

TWISNet members participated at an IETF related workshop and an IAB tutorial where the experience and approaches taken when designing protocols and architectures for interconnecting smart objects to the Internet have been discussed. The areas of integration in the categories scalability, power efficiency, interworking between different technologies and network domains, usability and manageability and security and privacy have been highlighted. TWISNet especially contributed by submitting a position paper [1] regarding security in WSN and in discussion regarding actual and future IETF drafts. Current standardization activities are described in TWISNet D5.2.1 [4] in more detail.

Effectsplus 1st and 2

nd technical cluster meeting, 29/30 March 2011, Brussels, Belgium, and 4/5

July, Amsterdam, Netherlands

Goal of the effectsplus coordination activity is the clustering of projects to identify and exploit synergies, generating visions for FP8 calls and generating input for the Future Internet roadmap. On the first cluster meeting, TWISNet presented the project to the other FP7 participants. Participation at the Systems and Networks Cluster has been determined. On the second cluster meeting TWISNet participated in the Special Interest Group on Monitoring.

ETSI M2M Security meeting, 27 – 29 April 2011, Munich, Germany

During the ETSI M2M Security meeting in Munich, the M2M architecture has been discussed especially in scope of security. TWISNet actively participated to take actual trends of standardization into account when defining the TWISNet architecture. Current standardization activities are described in [4] in more detail. The project objectives and security challenges have been presented to the ETSI M2M Working Group 4 – Security members that attended the meeting.

Conference on Network and Information Systems Security (SAR-SSI) 2011, 18 – 21 May 2011,

La Rochelle, France

The publication ―Sensor and Data Privacy in Industrial Wireless Sensor Networks‖ [2] has been presented at the SAR-SSI. The conference proceedings are published in the IEEE

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 9 of 22

Xplore database. The paper analyses the existing approaches for privacy protection in WSNs and investigates the approaches that aim at supporting the integration of privacy-preserving WSNs into large scale industrial environments.

NIS’11 summer school, 27 June – 1 July 2011, Crete, Greece

At the 4th Summer School on Network and Information Security, TWISNet was present with a poster. Project objectives, scenarios and facts have been presented to the audience. Therefore, a poster showing an overview about the project has been created. The poster can be found in Annex A.

1st SysSec NoE workshop, 6 July 2011, Amsterdam, Netherlands

The joint paper ―A Trustworthy Architecture for Wireless Industrial Sensor Networks‖ [3] was published at the 1st System Security Network of Excellence workshop. The conference proceedings are published in the IEEE Xplore database. The paper is intended to present the technical approaches and scenarios, especially the expected outcome of WP3 of TWISNet and to serve as reference for further publications.

senZations summer school 2011, 29 August – 2 September 2011, Kotor, Montenegro

TWISNet has been represented on the senZations summer school 2011. A presentation about project objectives, scenarios and facts was given to the audience. The security key challenges, which have been identified in the project, were explained and discussed with the participants of the summer school. Relevant dissemination and standardization activities in which the project is involved have been presented.

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 10 of 22

3. INTERMEDIATE MARKETING AND TECHNOLOGY TRACKING REVIEW

Prior to architecture definition, an extensive state-of-the-art investigation regarding research literature, collaborative projects, standards and available products has been performed. Its results can be found in the according deliverables of WP3 that are going to be finished in M18.

To outline the current state-of-the-market situation, excerpts of this research relevant for the marketing and technology tracking are presented here.

Regarding self-(re)configurable security systems, the following marketing trends are detected:

Unattended device configuration

Trident is a company that provides military supplies, such as unattended ground sensor nodes, that are expected to last in the field for extended periods of time after deployment. They are capable of transmitting target information back to a remote operator. These devices can be used to perform various mission tasks including perimeter defence, border patrol and surveillance, target acquisition, and situation awareness [5].

Security mechanisms update

TinyECC 2.0 [6] is a software package providing ECC-based PKC operations. The solution relies on asymmetric cryptography for key exchange (ECDH protocol) and management and can be flexibly configured and integrated into WSNs.

Secure device reconfiguration

NI-WSN is software for NI-WSN gateways that can be easily integrated with LabVIEW for obtaining sensed data from the WSN [7]. The NI Measurement & Automation Explorer (MAX) utility is able to deliver network configuration, add and remove nodes and configure wireless settings. The utility can also be used to view nodes, their last communication time, their battery status and their link quality. MAX allows the configuration of the wireless communication channel and the gateway IP address, the update of the firmware through wireless communication and the configuration of end nodes and router nodes.

Software mechanisms for device reconfiguration

Ember’s Wireless Platform [8] based on the ZigBee stack provides over-the-air updating, together with software and tools infrastructure for their solutions. Unfortunately, only little information is provided by Ember on this subject. Other ZigBee stacks like ATMELs BitCloud provide standard conforming over-the-air update as well. The TinyOS system provides sensor (motes) reprogramming through the Deluge data dissemination protocol which uses a boot loader to send even large objects, such as program binaries [9]. A lot of effort has been given to developing device reconfiguration in research and test applications, such as Agilla [10], a Mobile-Agent Middleware, and Figaro [11], a programming model for fine grained software reconfiguration, but little applications seem to have reached the market.

In scope of identity management, authentication and access control, following market items have been identified:

Pseudonymity

Nym is a product that can offer practical pseudonymity for anonymous Networks [12]. It allows pseuodonymous access to Internet services through anonymizing networks such as Tor. The application builds a peseudonymity system based on blind signatures. The client uses a browser-based application to obtain the blind token through a TLS client certificate.

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 11 of 22

The pseudonymous credential system has been developed to be used without an infrastructure from the government or industry. The application can be efficiently used to provide privacy protection for clients and abuse resistance for servers.

Anonymization techniques

Tor [13] is ―a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet‖. Tor operates in an overlay network of onion routers that employ encryption in a multi-layered manner. Each node periodically negotiates a virtual circuit through the Tor network. Tor does not protect against monitoring of traffic at the boundaries of the Tor network. Besides, Tor has not been yet adapted to the WSN context. On the Internet, Anonymizer [14] allows surfing users to connect to the Anonymizer system through VPN and replace their IP address with new non-attributable ones. The system provides robust anonymity thanks to a secure IP rotating technology. The system provides also anonymous activities over wireless connections. The web site of the system does not give very much information about how the system works in this case; but clearly connections are redirected through VPN to replace IP addresses with anonymous ones.

Authentication mechanisms

The ultra low-power Atmel ATSHA204 is the first authentication device that contains a 4.5 Kbit EEPROM for secure storage and a hardware SHA-256 accelerator for the crypto algorithm [15]. The device is a member of Atmel CryptoAuthenticationTM family and has optimized hardware security features that allow the authentication of objects, control the OEM supply chain, prevent software piracy and protect sensitive data. The product has the ability to generate, store and transfer secret keys in a secure manner and uses 256-bit keys for enhanced security. It allows the application developer to implement authentication check without cryptography knowledge. The device also includes a high-quality random number generator, which can be used in anti-replay mechanisms.

MAXQ1004 is a low-power 16-bit microcontroller that provides secure authentication to applications [16]. The microcontroller integrates a true random-number generator (RNG) and a high-speed AES encryption engine that uses keys of 128, 192 and 256 bits. It provides resistance against analytical and cryptanalysis attacks and enables secure authentication that is used for protecting revenue streams, validating peripherals and implementing secure communication schemes. Other feature is that it consumes only 300nA in the lowest power stop mode. The MAXQ1004 with 0.1 duty cycle will consume a 64mAh battery in 1.8 years and with 0.01 duty cycle in 10 years.

Multi-owner scenarios are covered by the following commercial developments:

Privacy Manager

AT&T's Privacy Bird [17] is a P3P [18] compliant browser plug-in that reads P3P policies and displays them in an understandable manner. It allows tailoring warning messages in order to meet user's personal privacy concerns.

Sensor co-management

Some efforts have been made by a couple of companies in the direction of sensor co-management, companies such as Motorola [19] which proposes support for concurrent applications in WSNs based on the Mate virtual machine and Oracle [20] which continues to support the Squawk virtual machine on their Sun SPOT system, a small J2ME virtual machine that can execute directly from flash memory and has device drivers written in Java. Yet, no successful co-managed implementation seems to be on the market.

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 12 of 22

TinySec [21] which proposes a security architecture for protecting the link layer of WSNs has the main goal to provide access control while keeping the message integrity, confidentiality of the information, ―replay attack‖ defence policy.

In [22], a ZigBee commercial application which implements the IEEE 802.15.4 Security Standard is described. This means that three layers of security on MAC, network and application level are implemented in one product.

Secure connection sharing

A variety of products exist for connection sharing. They can be classified to peer-to-peer and client-server approaches. Client-server infrastructures let connections between sensor networks be directed over a central server. They mostly aim at interconnecting sensor networks across the world. Typical projects following this approach are SenseWeb developed by Microsoft Research [23], GSI, SensorBase [24] and SensorPlanet [25] (initiated by Nokia).

In P2P architectures, each sensor network acts individually as a peer, and there is no need for a central server infrastructure above the WSN. The decentralized nature of P2P makes special server products obsolete.

Secured sharing of infrastructure resources between different owners requires explicit agreements / negotiations between owners, or even ad-hoc agreements between nodes.

Regarding protocols for communication, information and service availability, the following market items are of interest:

Detection of failures and abnormal behaviour

Arch Rock has one of the first commercial implementations of the IETF 6loWPAN, Primer Pack/IP [26]. Their technology has been incorporated in the Advanced Incident Report System, a network that allows personnel from various local, municipal and governmental agencies to communicate during an event, making reliability one of their main goals. In terms of detecting failures and abnormal behaviour, the Arch Rock sensor nodes send heartbeat packets periodically to check network reliability and connectivity. The packets contain information that the management server can analyse in order to detect any problems, such as node health statistics. Due to the use of native IP, standard network management tools, such as sniffers, can be used to diagnose problems.

In the SmartMesh networks from the company Dust Networks, a manager has a key role in applying routing algorithms in a self-configurable network [27], in order to optimize paths, being capable of both detecting problems and optimizing functionality.

Self-healing mechanisms

A lot of the commercial applications boast on their reliability. Some of them mention self-healing as an attribute. Dust Networks uses full mesh self-configuring WSNs in their SmartMesh networks [27] to provide flexibility, while a network manager uses routing algorithms to continually optimize the routing of data through the network.

The Meshscape 5 System from Millennial Net using an algorithm called D3R (Decentralized Distributed Dynamic Routing) which enables nodes to repair broken links and allows for frequency hopping [28]. BBN technology is used in military applications which emphasises the reliability requirement, so they dropped the dynamic hierarchy for routing in favour of full mesh networks with equal peers [26].Green Peak boast on their RF4CE chips to offer an additional 30db (1000x) better interference robustness due to their patented technology of two separate antennas [29].

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 13 of 22

Dynamic role management on device level

The VMWare Fault Tolerance (FT) provides hardware style fault tolerance to virtual machines by using the encapsulation properties of virtualization to assure high availability into the x86 hypervisor [30]. The VMWare vLockstep is used to manage an active secondary virtual machine which runs in virtual lockstep with the primary one. The secondary virtual machine will reside on a distinct computing system and will execute the same sequence of virtual instructions as the primary. The same inputs can be observed by the secondary and should be able to become primary without service interruption or loss when the fail of the primary virtual machine is detected. Therefore, it provides uninterrupted availability in the presence of critical faults, even when the primary machine is down.

Trillium provides innovative protocol software solutions that enable Fault-Tolerant / High Availability (FT/HA) and Distributed Fault-Tolerant / High Availability (DFT/HA) [31]. It is a flexible, platform-independent and cost-effective framework that is able to provide connectivity in the presence of software and hardware failures. It distributes the protocol load on the physical processing units that are available and then dynamically re-distributes them in the case of processor failure or when a new processor is added in the system. It is able to recover from processor failure and allows maintenance without shutting down the system.

Adaptive security protocols are covered by the following products:

Threat level monitoring

WiSecure is a security agent developed for wireless networks with a GNU General Public License (GPL) [32]. It detects and protects against threats such as WiPishing and EvilTwin attacks that leverage the wireless communication channel. It is also able to block ad-hoc networking and provide a minimum encryption level.

SafeWireless is a collection of applications under GNU General Public License (GPL) that were developed to provide security for Wireless Ad-hoc Networks [33]. The Watchdog tool is part of the SafeWireless set of tools and is able to detect misbehaving nodes [34]. The watchdog will monitor nodes that forward packets and it will check whether the packet received is the same as the packet sent. If the node does not forward the packet or forwards an altered packet, it is considered malicious. They also developed the Bayesian Watchdog, which adds Bayesian filters to the Watchdog. iTrust level monitoring

TRMSim-WSN (Trust and Reputation Models Simulator for Wireless Sensor Networks) is a Trust and Reputation models simulator for WSNs, written in Java that has GNU Library or Lesser General Public License (LGPL) [35]. This tool can be used for trust and reputation model analysis and comparison. TRMSim-WSN includes two default trust and reputation models: BTRM-WSN [36] and PeerTrust [37]. The tool has a trust and reputation model interface and new models can easily be integrated to run in the simulator [38].

The reputation tool that is part of the SafeWireless group of security applications uses a reputation method that has the ability to detect and isolate nodes that have a selfish behavior or that perform a black hole attack in Wireless Ad-hoc Networks [39]. Each node autonomously evaluates its neighbors based on whether they perform to completion a requested service. If a certain path is not able to complete the requested service, the confidence in that route is decreased. The path with the greatest confidence is chosen for routing. The node that sent the service request must evaluate whether the request has been completed by the destination node. However, this method is not able to detect the exact cause of the misbehavior of a node.

Available resources assessment

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 14 of 22

Power Aware Wireless Sensors (PAWiS) tool has been developed as a simulation framework for power-aware sensor nodes and has GNU General Public License (GPL), GNU Library and Lesser General Public License (LGPL) [40]. It has the ability to simulate the internal structure of nodes: all communication system layers, the application layer, the power supply and energy management, the processing unit and the sensor-actuator interface [41][42][43]. The main ability is the power consumption simulation for each sensor node. PAWiS Framework models the hierarchical supply structure and the efficiency factors of the converters.

Pixie is an operating system that enables resource-aware programming for sensor networks that has been developed at Harvard [44]. Applications that run on top of this operating system have explicit control over the resource usage and have access to information about the available resources. The operating system has been implemented using the concept of resource tickets that are used to model resource availability and reservations. Resource brokers are used as a mediation layer between the hardware resources and the high level applications that make use of those resources.

End-to-end security requirements

StrongSwan is an open source IPsec-based VPN Solution developed for Linux operating system [45]. The tool provides support for IPV6 IPsec tunnel and transport connections. It includes 128/192/256 bit AES and Camellia encryption, secure IKEv2 EAP user authentication with EAP-SIM, EAP-AKA and EAP-MSCHAPv2 methods. For authentication X.509 certificates or pre-shared keys can be used. It is able to use powerful IPsec policies based on wildcards and intermediate CAs. StrongSwan is available also for Android operating system for mobile devices.

Cisco provides EAP-TLS support from Wireless LAN using Cisco Wireless Access Point, Cisco Secure ACS and a Certification authority server [46]. EAP-TLS is based on the 802.1x/EAP architecture, which involves at least a supplicant, an authenticator and an authentication server. The supplicant is the end user’s machine, the authenticator is the access point and the authentication server can be a back-end RADIUS server. Both the supplicant and the server must support EAP-TLS authentication.

Secure and Trusted Mediation layers are part of the following products on the market:

Trustworthy and secure sensor data processing

To the best of our knowledge, there exists no commercial product that employs trustworthiness assessment in connection with delivering sensor data to business applications. SAP however is confident of the commercial potential and has filed U.S. patent No. 2009/0222399, which aims at introducing a trust model during the sensor data’s entire lifecycle. In this system, the data is quantitatively associated with trust values during the whole life cycle.

Collect, store and deliver sensor data from WSNs to business application

Arch Rock integrates IP and web services in their Primer Pack product in order to give full access to the WSN through common IT methodologies. Individual sensor nodes can be assigned IP addresses, DNS domain names and Web pages, and IP tools such as Simple Network Management Protocol, ping and traceroute can manage them. Authentication and other security measures, can be applied to single nodes [47].

Accutech Manager is a configuration and management software with a graphic interface for Accutech base radios and wireless instruments [48]. It offers remote configuration, diagnostics, and wireless network management tools and also a mini-data collection system,

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 15 of 22

storing and maintaining field unit monitoring and measurement data over time, using an integrated database. Data can then be exported to Oracle, SQL, and Excel for analysis and report creation.

Sensaphone 2000 from Sensaphone is enhanced with notification capabilities [49], including alarms scheduled according to the day of the week or time. It can send text messages to an alphanumeric pager or cell phone, and can even send messages directly to a fax machine. A total of 32 people can be notified by the Sensaphone 2000 in case of an alarm.

Omega zSeries wireless sensor system provides Web-based monitoring of temperature, humidity, and barometric pressure. Data can be logged in standard data formats for use in a spreadsheet or data acquisition program such as Excel or Visual Basic [50].

Middleware Architectures

Several products have been developed as middleware architectures. They are usually available as open source projects. Such products include: TinyDB [51], COUGAR [52], DSWare [53], MiLAN [54] and TinyLIME [55].

In conclusion there are a number of market products that implement different aspects of security and trustworthiness for certain use cases. None of the mentioned project fits the goals of TWISNet to provide a platform enabling business application to command and control sensor network in a secure and trusted way. The adaptation of trustworthiness and security to wireless sensor networks by specification of a comprehensive architecture suited for business applications that fits the needs of TWISNet will be integral part of the project.

Orthogonal to and leveraging on these technological trends, global marketing trends emerge among which the most relevant can be identified as:

Enablement of services related to the smart grid

This identified trend relates to the enablement of new services in the field of the ―smart grid‖, empowered by the development of new sensors allowing to feed the intelligent control system of the grid with relevant information. Electricity transmission network requires rather specialized sensors with very strong real-time constraints able to measure high voltage/current values. These cannot actually be qualified as sensors in that they are rather extensions of a SCADA system. Likewise, distribution network rely on on real-time measurements for which ―classical‖ sensing devices cannot be used straightforwardly. Yet, because of its large-scale essence, the numerous facilities it involves and the recent decentralization trend, distribution automation infrastructure is moving to sensor-based security systems, such as substation protection through adequate presence detection systems. It is obvious that distributed intelligence (e.g. microgridding capability) requires that this intelligence be protected adequately.

But the key place where the WSN world meets the smart grid is actually the customer’s premises, whether the ―customer‖ is a single house or an industrial facility. More and more smart meters emerge when the metering infrastructure moved from automated meter reading (AMR) to advanced metering infrastructure (AMI). These meters can today communicate with actuators, e.g. to issue demand response orders to specific equipment [56]. Meters able to detect which equipments are being started, from current wave pattern, are also being specified. Beyond the meters own metering capability, numerous third party solutions based around an energy box exist, wherein the energy box receives detailed consumption information from sensing equipment

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 16 of 22

collocated with in-house/in-factory equipments. The energy box can in some cases issue demand-response orders to actuators [57].

IP connectivity

Introduction of the Internet IP protocol in the WSN world is another key trend in current technological evolution of sensors. It can also be qualified as a key marketing trend, as IP connectivity or ability to support IP-based protocols is today a keyword that manufacturers put emphasis on when advertising sensor equipment. IPv6 connectivity for large/huge sensor fleets is the main reason to this advance.

ZigBee Smart Energy profile v2 [58] is highly representative of this trend. Likewise, DASH7 alliance is drafting an IPv6 specification [59] that should be submitted to ISO in the coming weeks. More generally, all members [60] of the IP over Smart Objects (IPSO) alliance are advocating for the use of IP and pushing IP within their products.

Large bandwidth sensors

IP cameras are a typical representative of large-bandwidth sensors. According to [61], IP cameras moved beyond the 'early adopter' or 'emerging' technology category to mainstream and are now the most common choice for new professional surveillance projects in the Western world. IP camera sales growth remains very robust with IP only providers generating 30%+ growth [61].

For the past decade, when IP cameras were a niche, one company, Axis Communications [62], dominated the market. Nowadays, the IP camera market is over 1 billion dollar annually and Axis is still accelerating its sales growth, product development and market dominance [61]. New product releases are entering the market, e.g. from Axis a 'super' low light IP camera, new low cost products, an innovative low cost PTZ series (the Axis M50s), a panoramic camera and Hosted Integration for Iomega NAS appliances are recently available.

In scope of standardization, ONVIF [63] prevailed to become standard for IP-based physical security products, especially in the section of network video equipment. Work is still ongoing to refine specifications.

Sensor-enabled security services

Orange identified [64] home safety (remote monitoring, intrusion prevention) as an important axis in its M2M services. Orange Labs Digital Home program, initially centered on energy services is now investigating [65] how sensor/actuator enabled intelligent houses can provide new and profitable security services.

Another field of sensor-enabled security services is approaching in automotive M2M security services. The British telematics provider Autotxt [66] and Deutsche Telekom [67] collaborate in the field of vehicle location and telematics services to offer users a certain kind of remote automotive surveillance. Autotxt is using Deutsche Telekom's M2M services and mobile radio communications network for its vehicle antitheft protection solutions [68].

Application-specific M2M SIM cards from Telekom are used in the security solutions for vehicle manufacturers to enable data exchange with the vehicles that take place over the mobile radio communications networks of Telekom and its roaming partners

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 17 of 22

to make the Autotxt Vehicle Tracking System able to ensure communication between the vehicle, the Autotxt service centre and authorities involved [68]. Vehicle owners can access the functions at any time via an internet application. In the event of an alarm, the system permits location, tracking and recovery of stolen vehicles in more than 50 countries [69]. According to Autotxt, work is going to be extended in the areas of location-based vehicle and function remote control, breakdown emergency calls and remote diagnostics. The objective is to supplement vehicle location for the vehicle owner with additional features such as remote monitoring of vehicle data or unlocking and locking the vehicle via smartphone through corresponding applications [68][69].

According to Telekom, the cooperation plays a central role on enabling new businesses on automotive computing. This concept includes the control of car fleets for secure, safe and economically efficient driving. A market of about 350 millions of cars only in Europe is envisaged by Telekom here [69].

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 18 of 22

4. LIST OF PARTICIPANTS

Number Participant organisation name Short name

Country

01 (coord.)

dresden elektronik ingenieurtechnik gmbh DDE DE

02 COMMISSARIAT A L'ENERGIE ATOMIQUE CEA FR

03 ELECTRICITE DE FRANCE S.A EDF FR

04 Hochschule fuer Technik und Wirtschaft Dresden HTW DE

05 UNIVERSITATEA POLITEHNICA DIN BUCURESTI UPB RO

06 SAP SAP DE

AP01 Cisco Systems International BV (Associated Partner) Cisco NL

Project coordinator: DDE

Name of PM: Elke Goering

Address: Enno-Heidebroek-Str. 12, 01237 Dresden, Germany

Phone: +49 (0)1522 924 7846

Fax: +49 (0)351 318 5010

E-mail: elke.goering@dresden-elektronik.de

5. ACKNOWLEDGMENT

The TWISNet consortium would like to acknowledge the support of the European Commission partly funding the TWISNet project under Grant Agreement FP7-ICT-STREP-258280.

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 19 of 22

ANNEX A

Figure 1: TWISNet poster (1): Objectives, Challenges and Facts

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 20 of 22

REFERENCES

[1] Markus Wehner, Thomas Bartzsch, Dirk Burggraf, Sven Zeisberg, Alexis Olivereau, and Nouha Oualha, ―Trustworthy Wireless Industrial Sensor Networks‖, Position paper, Feb. 2011, http://www.iab.org/wp-content/IAB-uploads/2011/03/Wehner.pdf [Accessed: May 2011]

[2] Nouha Oualha and Alexis Olivereau , "Sensor and Data Privacy in Industrial Wireless Sensor Networks," Network and Information Systems Security (SAR-SSI), 2011 Conference on , vol., no., pp.1-8, 18-21 May 2011

[3] Markus Wehner, Sven Zeisberg, Alexis Olivereau, Nouha Oulha, Laura Gheorghe, Emil Slusanschi, Basil Hess, Felix von Reischach, Mike Ludwig, David Bateman, ―A Trustworthy Architecture for Wireless Industrial Sensor Networks‖, Proceedings of the 1

st System Security Network of Excellence Workshop,

Amsterdam, 2011, to be published, pre-proceedings available at http://www.syssec-project.eu/media/page-media/3/syssec-d2.3-1st-project-workshop-proceedings.pdf [Accessed: August 2011]

[4] TWISNet consortium, ―Report on standardization/regulation activities‖, Public Deliverable D5.2.1 of the TWISNet FP7 project FP7-ICT-258280, Sep. 2011, http://www.twisnet.eu/public-deliverables

[5] Trident Systems Inc., http://www.tridsys.com/white-unattended-ground-sensors.htm [Accessed: May 2011]

[6] TinyECC: http://discovery.csc.ncsu.edu/software/TinyECC/index.html [Accessed: May 2011]

[7] NI-WSN. Available: http://zone.ni.com/devzone/cda/tut/p/id/8710#toc1 [Accessed: May 2011]

[8] Ember’s ZigBee Wireless Platform Enables Advanced Metering Infrastructure, http://www.ember.com/pdf/Advanced_Metering.pdf [Accessed: May 2011]

[9] Deluge data dissemination protocol for TinyOS, http://docs.tinyos.net/index.php/Deluge_T2 [Accessed: May 2011]

[10] Agilla, a mobile-agent middleware for WSNs, http://mobilab.cse.wustl.edu/projects/agilla/ [Accessed: May 2011]

[11] Luca Mottola, Gian Pietro Picco and Adil Amjad Sheikh, ―FiGaRo: Fine-Grained Software Reconfiguration for Wireless Sensor Networks‖

[12] J.E. Holt and K.E. Seamons, ―Nym: Practical pseudonymity for anonymous networks,‖ Internet Security Research Lab Technical Report, vol. 4, 2006, pp. 1-12.

[13] The Tor project: http://www.torproject.org/ [Accessed: May 2011]

[14] Anonymizer: http://www.anonymizer.com/ [Accessed: May 2011]

[15] Atmel's New Crypto Authentication Device Offers Improved Security for Microcontroller-based Systems, http://www.atmel.com/dyn/products/view_detail.asp?FileName=F2-110303-Crypto-SHA204.html [Accessed: May 2011]

[16] Microcontroller with AES Authenticates Your Application for Only 300nA, http://www.maxim-ic.com/company/press_room/product.cfm/id/1746 [Accessed: May 2011]

[17] http://www.privacybird.org/

[18] L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, ―The Platform for Privacy Preferences 1.0 Specification‖, W3C, April 2002.

[19] Yang Yu, Loren J. Rittle, Vartika Bhandar, Jason B. LeBrun „Supporting Concurrent Applications in Wireless Sensor Networks― http://halcyon.usc.edu/~yangyu/data/Sensys06.pdf [Accessed: May 2011]

[20] Sun SPOT System using Squawk Java VM http://labs.oracle.com/spotlight/SunSPOTSJune30.pdf [Accessed: May 2011]

[21] TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Proceeding SenSys '04 Proceedings of the 2nd international conference on Embedded networked sensor systems, pp. 162—175, ACM, New York, NY, USA, 2004.

[22] Gascón, David (February 5, 2009). "Security in 802.15.4 and ZigBee networks". http://sensor-networks.org/index.php?page=0903503549 [Accessed: May 2011]

[23] Senseweb (microsoft research). http://research.microsoft.com/en-us/projects/senseweb [Accessed: May 2011]

[24] Sensorbase project. http://sensorbase.org [Accessed: May 2011]

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 21 of 22

[25] Sensorplanet (nokia). http://www.sensorplanet.org [Accessed: May 2011]

[26] Evaluation Engineering article on commercial WSN solutions http://www.evaluationengineering.com/index.php/solutions/instrumentation/wireless-sensor-networks-are-taking-over.html [Accessed: May 2011]

[27] Dust Networks technology http://www.dustnetworks.com/technology [Accessed: May 2011]

[28] Millenial Net nodes using the D3R algorithm for repairing and frequency hopping http://www.millennialnet.com/technology/m5advantages.php [Accessed: May 2011]

[29] Green Peak chips with two separate antennas http://www.greenpeak.com/Product/Chips.html [Accessed: May 2011]

[30] Protecting Mission-Critical Workloads with VMware Fault Tolerance, VMWare White Paper, 2009. Available: http://www.vmware.com/files/pdf/resources/ft_virtualization_wp.pdf [Accessed: May 2011]

[31] DFT / HA Reliability. Available: http://www.ccpu.com/trillium-protocol-software-products/dft-ha-distributed-fault-tolerant-high-availability-reliability [Accessed: May 2011]

[32] WiSecure. Available: http://wisecure.sourceforge.net [Accessed: May 2011]

[33] SafeWireless. Available: http://safewireless.sourceforge.net [Accessed: May 2011]

[34] Watchdog. Available: http://safewireless.sourceforge.net/tools.html#Watchdog [Accessed: May 2011]

[35] TRMSim-WSN. Available: http://ants.dif.um.es/~felixgm/research/trmsim-wsn [Accessed: May 2011]

[36] F.G. Mármol and G.M. Pérez, ―Providing trust in wireless sensor networks using a bio-inspired technique,‖ Telecommunication Systems Journal, vol. 46, Feb. 2010, pp. 1-18.

[37] L. Xiong and L. Liu, ―PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities,‖ IEEE Transactions on Knowledge and Data Engineering, vol. 16, Jul. 2004, pp. 843-857.

[38] F.G. Mármol and G.M. Pérez, ―TRMSim-WSN, trust and reputation models simulator for wireless sensor networks,‖ IEEE International Conference on Communications, 2009, ICCʼ09, IEEE, 2009, pp. 1-5.

[39] Reputation. Available: http://safewireless.sourceforge.net/tools.html#Reputation [Accessed: May 2011]

[40] PAWiS Simulation Framework. Available: http://pawis.sourceforge.net [Accessed: May 2011]

[41] S. Mahlknecht, J. Glaser, and T. Herndl, ―PAWiS: towards a power aware system architecture for a SoC/SiP wireless sensor and actor node implementation,‖ Proceedings of 6th IFAC international conference on fieldbus systems and their applications, 2005, pp. 129-134.

[42] D. Weber, J. Glaser, and S. Mahlknecht, ―Discrete event simulation framework for power aware wireless sensor networks,‖ 2007 5th IEEE International Conference on Industrial Informatics, IEEE, 2007, pp. 335-340.

[43] J. Glaser, D. Weber, S.A. Madani, and S. Mahlknecht, ―Power aware simulation framework for wireless sensor networks and nodes,‖ EURASIP Journal on Embedded Systems, 2008, p. 16.

[44] Pixie. Available: http://fiji.eecs.harvard.edu/Pixie [Accessed: May 2011]

[45] StrongSwan. Available http://www.strongswan.org [Accessed: May 2011]

[46] EAP-TLS Deployment Guide for Wireless LAN Networks, Cisco. Available: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtml [Accessed: May 2011]

[47] EETimes article on User-friendly sensor net ties into enterprise data, http://www.eetimes.com/electronics-products/other/4089266/User-friendly-sensor-net-ties-into-enterprise-data [Accessed: May 2011]

[48] Accutech Manager as part of an instrumentation solution http://www.accutechinstruments.com/media/downloads/literature/brochure/CMI%2BSE-AccutechBrochure-V037.pdf [Accessed: May 2011]

[49] Sensaphone 2000 notifications http://www.sensicast.com/ [Accessed: May 2011]

[50] Omega zSeries http://www.omega.com/pptst/Zseries.html [Accessed: May 2011]

[51] Tinydb - a declarative database for sensor networks. http://telegraph.cs.berkeley.edu/tinydb/ [Accessed: May 2011]

[52] Cougar: The network is the database. http://www.cs.cornell.edu/bigreddata/cougar [Accessed: May 2011]

FP7-ICT-Contract 258280

Deliverable: Report on dissemination/exploitation activities

Security: Public Page 22 of 22

[53] S. Li, Y. Lin, S.H. Son, J.A. Stankovic, and Y. Wei. ―Event detection services using data service middleware in distributed sensor networks‖, Telecommunication Systems, 26(2):351–368, 2004.

[54] A. Murphy and W. Heinzelman. ―Milan: Middleware linking applications and networks‖, University of Rochester, Tech. Rep. TR-795, 2002.

[55] Tinylime: Lime for sensor networks. http://lime.sourceforge.net/tinyLime/ [Accessed: May 2011]

[56] Itron and Tantalus to Deliver Cutting-Edge Smart Meter and Communications Solution for Cooperative, Public Power and Municipal Markets. https://www.itron.com/newsAndEvents/Pages/Itron-and-Tantalus-to-Deliver-Cutting-Edge-Smart-Meter-and-Communications-Solution-for-Cooperative,-Public-Power-and-Munici.aspx [Accessed: September 2011]

[57] Voltalis. http://www.voltalis.com/ [Accessed : September 2011]

[58] ZigBee Smart Energy Profile version 2. Available: http://www.zigbee.org/Standards/ZigBeeSmartEnergy/Version20Documents.aspx [Accessed: September 2011]

[59] DASH7 and IPv6. http://dash7.org/blog/?p=1752 [Accessed: September 2011]

[60] IPSO Member Companies. http://ipso-alliance.org/about/member-companies [Accessed: September 2011]

[61] J. Honovich, 2011 Mid Year Video Surveillance Review, June 2011, http://ipvideomarket.info/report/video_surveillance_review_midyear_2011 [Accessed: Sep 2011]

[62] Axis Communications, Sweden, http://www.axis.com/index.htm [Accessed: Sep 2011]

[63] ONVIF Open Industry Forum, http://www.onvif.org/Home.aspx [Accessed: Sep 2011]

[64] Orange Business Services, Machine to Machine. Available: http://www.orange-business.com/fr/presse/dossiers/att00020307/dp-M2M-mars2011.pdf [Accessed : September 2011]

[65] Extending the HLAN for Energy Management in the Digital Home. Available: http://www.slideshare.net/Vigane/b2-orange-reactivhome [Accessed: September 2011]

[66] Autotxt Ltd., London, http://www.autotxt.com/home.aspx [Accessed: Sep 2011]

[67] Deutsche Telekom AG, Bonn, http://www.telekom.com/dtag/cms/content/dt/de/9624 [Accessed: Sep 2011]

[68] C. Hammerschmidt, ―Autotxt, Deutsche Telekom provide automotive M2M security solutions‖, April 2011, http://www.automotive-eetimes.com/en/autotxt-deutsche-telekom-provide-automotive-m2m-security-solutions.html?cmp_id=7&news_id=222901518 [Accessed: Sep 2011]

[69] Deutsche Telekom AG, ―Telekom und Autotxt kooperieren bei M2M-Telematiklösungen für Fahrzeug-hersteller‖, April 2011, http://www.telekom.com/dtag/cms/content/dt/de/595698?archivArticleID=1021306 [Accessed: Sep 2011]