using osgi for secure service discovery
play

Using OSGi for Secure Service Discovery Slides available at - PowerPoint PPT Presentation

Using OSGi for Secure Service Discovery Slides available at http://godot.be/slides Antonio Kung, Founder/Director, Trialog Antonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.Leuven Danny De Cock,


  1. Using OSGi for Secure Service Discovery Slides available at http://godot.be/slides Antonio Kung, Founder/Director, Trialog Antonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.Leuven Danny De Cock, Researcher Applied Cryptography, K.U.Leuven Hans Scholten, U.Twente Hans Scholten, U.Twente

  2. Presentation Structure Presentation Structure • TEAHA TEAHA • • TEAHA Approach for seamless interworking TEAHA Approach for seamless interworking • • Using OSGi and Service Discovery Using OSGi and Service Discovery • – OSGi and TEAHA Features and Needs OSGi and TEAHA Features and Needs – – OSGi vs. TEAHA Registration OSGi vs. TEAHA Registration – – TEAHA Security Modules TEAHA Security Modules – – Architecture for Service Discovery and Security Architecture for Service Discovery and Security – 3

  3. The TEAHA Consortium The TEAHA Consortium • Leading manufacturers Leading manufacturers • and service companies and service companies • Technology and market Technology and market • research companies and research companies and Universities Universities • Industry groups Industry groups • 4

  4. TEAHA Mission TEAHA Mission • Specify an open, secure framework for seamless Specify an open, secure framework for seamless • interoperability and interworking interoperability and interworking Networked Networked AV & Home Control Audio-Video Mobile MMI Applications Applications W hite goods Energy Managem ent Security and Safety Hom e Controls Lighting Control Health Care for Elderly and Disabled I nfotainm ent 5

  5. TEAHA Has Technology Clusters TEAHA Has Technology Clusters Reference Gateway UPnP/WiFi EHS/Power Line TEAHA/Zigbee Intrusion Washing Camera TV Detector Smoke Display Machine Clock Sensor Meter Energy Oven Security Controller Controller 6

  6. TEAHA Has Business Clusters TEAHA Has Business Clusters Reference Gateway UPnP/WiFi EHS/Power Line TEAHA/Zigbee Oven TV Display Washing Clock Machine Household Multimedia Appliance Camera Smoke Energy Sensor Controller Intrusion Meter Detector Energy Security Home Safety Controller 7

  7. Facts about Stakeholders Facts about Stakeholders • Stakeholders in a business cluster Stakeholders in a business cluster • – Are competitors Are competitors – – Share the same culture Share the same culture – – Are involved in the same value chain Are involved in the same value chain – – Would prefer to abstract away from technology clusters Would prefer to abstract away from technology clusters – • Stakeholders in different business clusters Stakeholders in different business clusters • – Do not understand each other Do not understand each other – – Do not need to understand other clusters Do not need to understand other clusters – – Have different cultures, value chain, life cycle Have different cultures, value chain, life cycle – 8

  8. Approach for Seamless Interworking Approach for Seamless Interworking • There are issues in supporting the mixing of There are issues in supporting the mixing of • different types of clusters different types of clusters – Technology clusters Technology clusters – – Business clusters Business clusters – – … … – • TEAHA focuses on solving those issues TEAHA focuses on solving those issues • 9

  9. Seamless Interworking Unsolved Problems Seamless Interworking Unsolved Problems • Service Discovery Service Discovery • – Can a device in one technology cluster discover a device from Can a device in one technology cluster discover a device from – another technology cluster? another technology cluster? – Can these devices use one another’s services? Can these devices use one another’s services? – • Secure Communication Secure Communication • – Can a device in one technology cluster communicate securely Can a device in one technology cluster communicate securely – with a device from another technology cluster? with a device from another technology cluster? • Authenticity: No faked devices! • Authenticity: No faked devices! • Confidentiality: No eavesdroppers! • Confidentiality: No eavesdroppers! • Trusted/Registered devices: No intruders! Trusted/Registered devices: No intruders! • • Security Policy Security Policy • – Can a business cluster be protected from other clusters? Can a business cluster be protected from other clusters? – • Policy enforcement: Policy enforcement: is a multimedia application allowed to access is a multimedia application allowed to access • security system information? security system information? 10

  10. Abstract Architecture Abstract Architecture Interworking Environment Application Business Service Security Framework Applications Cluster Support Support Service Access Bridge Utility Utility Secure Service Discovery Utility Secure Communication Utility LAN Abstraction Communication Layer LAN 1 Proxy LAN 2 Proxy LAN 1 Driver LAN 2 Driver 11

  11. TEAHA Business Cluster Support TEAHA Business Cluster Support Business Cluster Support Plug-in Selector Cluster Cluster Household Appliances Home Safety App App App App LAN LAN LAN LAN 12

  12. Mapping on top OSGi Mapping on top OSGi OSGi Service Application Applications bundles OSGi Service Access Bridge Utility Utility Device Secure Service bundles Discovery Secure OSGi Communication Network bundles Communication LAN 1 proxy LAN K proxy LAN 1 driver LAN K driver 13

  13. Seamless Interworking in Action Seamless Interworking in Action Bridge Utility App-PDU App-PDU Communication App-PDU App-PDU LAN1 Proxy LAN2 Proxy Cluster Cluster Energy Management Energy Management LAN1-PDU LAN2-PDU LAN1 Driver LAN2 Driver Device 1 Device 2 14

  14. Service Discovery in Action Service Discovery in Action Service Discovery App Service Description App Service Description Communication App Service Description App Service Description LAN1 Proxy LAN2 Proxy Service Discovery Service Discovery Proxy Proxy LAN1 Service Description LAN2 Service Description LAN1 Driver LAN2 Driver Device 2 Device 1 Provides Search for Service Service 15

  15. OSGi and TEAHA Features and Needs OSGi and TEAHA Features and Needs • OSGi OSGi • TEAHA TEAHA • • – Targets wide application area Targets wide application area – Targets Targets – – • Embedded and dedicated Embedded and dedicated • Home applications Home applications and and • • devices devices • Relationships Relationships with A/V with A/V • – Provides Provides specifications specifications for a for a applications applications – service- -oriented architecture oriented architecture service – Provides specifications for a Provides specifications for a – global home platform, focuses global home platform, focuses – Defines a computing Defines a computing – environment for networked environment for • Openness Openness • networked services and is and is • Secure communications Secure communications • services • Interoperability Interoperability • Standardized Standardized • • – Defines a middleware platform Defines a middleware platform • Component oriented Component oriented – • for seamless interworking of for seamless interworking of – Embodies into a Embodies into a service – service with secure execution platform with secure execution • Wide variety of appliances Wide variety of appliances • platform environment available in the home available in the home environment environment environment – Not supported Not supported – • Heterogeneous networks Heterogeneous networks • • Device authentication Device authentication • – Embodies into a logical TEAHA – Embodies into a logical TEAHA • Platform management protocol Platform management protocol • device device – No open issues No open issues ☺ ☺ – 16

  16. OSGi vs. TEAHA Registration OSGi vs. TEAHA Registration • OSGi OSGi • TEAHA TEAHA • • – Registration of services in Registration of services in – Registration of TEAHA Registration of TEAHA – – the OSGi platform devices in the wide home the OSGi platform devices in the wide home environment environment – Registration with the local Registration with the local – – Device registration Device registration – OSGi registry OSGi registry requires touch & play requires touch & play • Code/Bundle signing Code/Bundle signing • • Secure zero configuration Secure zero configuration • • Policy Policy- -based based • • Policy • Policy- -based based – Unregistered devices cannot – Unregistered devices cannot use registered devices’ use registered devices’ services services – Device Device- -Device service Device service – – OSGi services use one OSGi services use one – usage another’s services in the usage another’s services in the OSGi platform OSGi platform 17

Recommend


More recommend