K21 and Automation System Architecture Matthew Burnside MIT Laboratory for Computer Science January 8, 2002 Jointly with: Dwaine Clarke,

Slides:

Advertisements

Similar presentations

Secure Mobile IP Communication

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Chapter 5 Network Security Protocols in Practice Part I

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Firewall Configuration Strategies

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Security Awareness: Applying Practical Security in Your World

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Introduction To Windows NT ® Server And Internet Information Server.

Key Distribution CS 470 Introduction to Applied Cryptography

A Guide to major network components

Course Instructor: Aisha Azeem

Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Introducing Network Standards Open Systems Interconnection (OSI) Model IEEE 802.x Standard Device Drivers and OSI 1.

Chapter 10: Authentication Guide to Computer Network Security.

Chapter 1: Hierarchical Network Design

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

IT in Business Enterprise and Personal Communications Networks Lecture – 07.

OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.

Scalable Security and Accounting Services for Content-based Publish/Subscribe Systems Himanshu Khurana NCSA, University of Illinois.

MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.

Common Devices Used In Computer Networks

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Overview IS 8040 Data Communications Dr. Hoganson Course Overview Sending signals over a wire –Data: bits – binary (0/1) –How to transmit the digital data:

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

SANE: A Protection Architecture for Enterprise Networks

L C SL C S Security Research in Project Oxygen Srini Devadas Ronald L. Rivest Students: Burnside, Clarke, Gassend, Kotwal, Raman Oxygen Visitors: Marten.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Encryption and Security Dylan Anderson Michael Huffman Julie Rothacher Dylan Anderson Michael Huffman Julie Rothacher.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

Doc.: IEEE /063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Remote Control of Home Appliances PROJECT PLAN Team: ◦ Elie Abichar –CE ◦ Chris Tefer –CE ◦ Ananta Upadhyaya.

© Chinese University, CSE Dept. Distributed Systems / Distributed Systems Topic 1: Characterization of Distributed & Mobile Systems Dr. Michael R.

Wireless and Mobile Security

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.

Network Security Celia Li Computer Science and Engineering York University.

Kevin Harrison LTEC 4550 Assignment 3.  Ethernet Hub  An unsophisticated device that is used for connecting multiple Ethernet devices together.  Typically.

Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

1 Example security systems n Kerberos n Secure shell.

Class Notes CS403- Internet Technology Prepared by: Gulrez Alam Khan.

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Chapter 6 – Architectural Design

Security, Devices and Automation Research in Oxygen

Presentation transcript:

K21 and Automation System Architecture Matthew Burnside MIT Laboratory for Computer Science January 8, 2002 Jointly with: Dwaine Clarke, Todd Mills, Ali Tariq

Overview Problem Naïve Solution Our Solution 3 Layers 2 Protocols Device-Proxy protocol Proxy-Proxy protocol

Problem Description Camera Lamp Coffee Maker Printer ? How to interconnect securely?

Security Goals Identification and authentication of resources What is this thing, and is it really what it says it is? E.g., printers, light bulbs, speakers, coffee makers, etc. Secure communication with resources E.g., I don’t want anyone to know I am watching “Jerry Springer” Provide usage/access permissions Access Control Lists (ACLs) for most resources

The Naïve Solution Each device has a public key/private key pair. Communication to the device is encoded with its public key – And signed with private key of initiator Each transaction goes through a server Servers maintain ACLs for each device. – Centralized, secure server handles all the traffic

Issues to Remember Devices are dumb. – No public-key crypto on a light bulb. Centralization is not necessarily a good idea – Problems with scalability and fault tolerance. – Makes ACL maintenance difficult.

Three layers Modular architecture – Layers can be implemented differently without affecting others Our System Security Routing and Naming Device communication Scripting

Event-Based Communication All messages are passed in the form of events.

Layer 1: Device Communication Device Wireless Transceiver Device Wireless Transceiver Device Wireless Transceiver Ethernet Card Wireless Transceiver Proxy A device may also contain a Cricket listener. UDP/IP One proxy for every device. Each device may have a unique interface to its proxy. Gateway

Proxy Software representation of the device. Translates device actions into events other proxies can interpret (and vice versa). Device security handled here; proxy runs on a trusted computer.

Example: Information Appliance Wireless Comm. Wireless Comm. VCR Proxy Commands and status The proxy has an ACL that limits who can control the VCR.

Example: Location-aware Mobile Speaker Cricket Listener Wireless Comm. Wireless Comm. Speaker Proxy Speaker Proxy Speaker can behave differently based on its location (which is only known to its proxy). Location and audio data

Example: Badge (Key21) Device Cricket Listener Wireless Key21 The proxy has an ACL that limits who else is allowed to know the person’s location. Proxy A repository for someone’s cryptographic key Has understanding of Location Wireless communication (explained later on)

Automation Scripts Each proxy can run multiple scripts. Each script generates new events based on input events. For example: – `Matt has walked into the room’  Turn on light – `It’s 6am and it’s a workday’  Turn on the coffee machine

Layer 2: Routing/Naming Network Routing/Naming Network Proxy K21 ProxyDevice K21 ProxyDevice Proxy Farm Scripting Proxy Scripting

Proxy Scripting Play Tape Command Example: user wants to play a tape K21Proxy Name Resolution Play Tape Command Routing

Naming Distributed network of name resolvers/routers INS-style names: – [id=spk03 [loc=ne43-226] [devtype=speaker]] – [id=* [loc=ne43-226] [devtype=speaker]] – [id=* [loc=ne43-226] [devtype=*]]

Layer 3: Proxy-Based Security Naming/Routin g Network Proxy K21Proxy Device-to-Proxy Security Protocol Proxy-to-Proxy Security Protocol Device-to-Proxy Security Protocol Proxy-to-Proxy Security Protocol The two protocol architecture allows for simple devices to have a simple protocol, and complex devices to have a sophisticated protocol.

Device-Proxy Security Cricket Listener Wireless Comm. Wireless Comm. K21 K21 Proxy Secure Communication 1.Device-dependent protocol. 2.Device and Proxy share 128-bit symmetric keys. 3.Communication between device and proxy is encrypted and MAC’d. 4.Sequence numbers used for protection against replay attacks Location

Proxy-Proxy Security Proxy Scripting K21Proxy Name ResolutionRouting SPKI/SDSI Over SSL/TLS SPKI/SDSI Over SSL/TLS All proxies talk to each other with the same protocol.

Status System design completed and largely implemented. Being evaluated in terms of performance and scalability Ongoing work: Security issues with anonymous computation and/or minimally-trusted computers

Questions?