1 / 10

Himanshu Khurana Senior Security Engineer, NCSA

Overview of Testbed Area PAWNS Testbed Secure Sensor Middleware Integrating Policy and Group Key Management. Himanshu Khurana Senior Security Engineer, NCSA. Testbed Area. Goal: provide a testbed for integration, evaluation, and demonstration of technologies developed by NCASSR

hedy-sanford
Télécharger la présentation

Himanshu Khurana Senior Security Engineer, NCSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of Testbed AreaPAWNS TestbedSecure Sensor MiddlewareIntegrating Policy and Group Key Management Himanshu Khurana Senior Security Engineer, NCSA

  2. Testbed Area • Goal: provide a testbed for integration, evaluation, and demonstration of technologies developed by NCASSR • Long-term Vision: a testbed integrated with NCASSR organizations’ and external testbeds for scalability testing and transfer of technology • NCSA’s globus alliance and production environment efforts • DHS/NSF Deter Testbed • NRL Protean Lab • Step-by-step approach • Provide a means for testing individual NCASSR technologies • Enhance collaboration between NCASSR and other organization projects to develop integrated technologies

  3. Y2 Testbed Projects • Five projects managed by three organizations • SABRE – PI: Ouderkirk (PNNL) • Multilevel – PI: Irvine ( NPS) • CyberCIEGE – PI: Irvine (NPS) • PKI Testbed – PI: Basney (NCSA) • PAWNS – PI: Khurana (NCSA) • PAWNS: A testbed for Programming Applications for a Wireless Network of (motes-based) Sensors • Team Members: Himanshu Khurana, Peter Bajcsy, Rakesh Bobba, David Scherba • Goal: Integrate, evaluate and demonstrate • Hazard Awareness using sensors (PI: Bajcsy) • Security services for sensor networks (PI: Khurana)

  4. PAWNS/Hazard Awareness/Secure Sensor Middleware • Technology Components • Hazard Awareness and Response • Deploy Point Sensors (“smart” motes) Using Robot Control • Calibrate Spectral Cameras and Point Sensors • Proactive Camera Control Using Point Sensors • Hazard Analysis and Human Alert • Hazard Confirmation and Elimination Using Robot Control • Security and Reliability over multi-hop sensor networks • Encrypt data between sensors and base station • Key Management using Smart Dust, Public-Key and Random Graph techniques • Tinysec link-layer encryption with Skipjack • Reliability transfer of messages • Link-level retransmission, erasure codes

  5. Experimental Setup and Hazard Simulation * * Slide provided by Peter Bajcsy

  6. Proactive Camera Control and Hazard Alert and Elimination * • Proactive Camera Control Logic: • If light = on then visible camera = on • If light = off then thermal IR camera = on • Based on image analysis re-direct human attention to hazardous situation * Slide provided by Peter Bajcsy

  7. Integrating Policy and Group Key Mgmt • Research Area: Secure Group Communication (SGC) • GCSs enable collaborative applications such as C&C and conferencing • Need for scalable security and multicast services • Problems • Scalable Group Key Management approaches require Group Controllers to bear significant trust liabilities • Lack of tools to evaluate efficacy of key mgmt techniques • Policy and key mgmt are both necessary to enable SGC but have not been integrated • Goals/Approach • Develop new key mgmt solutions that minimize trust liability in group controllers • Implement SGC framework based on IETF MSEC WG Security Architecture specification • Evaluate key mgmt solution in framework • Framework integrates policy and key mgmt • Team Members • Himanshu Khurana, Luke St. Clair, Neelay Shah

  8. Minimizing Trust Liability in GC • Previous scalable key mgmt schemes use a trusted GC • GC organizes long-term member (symmetric) keys in a tree to enable O(log n) scalability • If GC is compromised, adversary gets access to data and key encryption keys and makes recovery costly • Our solution (TASK) using proxy cryptography so that GC does not have access to data and key encrypting keys • GC organizes shares of member (asymmetric) keys in a tree, uses shares to transform messages between members, enables O(log n) scalability • If GC is compromised, adversary only gets shares which can be refreshed easily for quick and cheap recovery • Publication • Himanshu Khurana, Rafael Bonilla, Adam Slagell, Raja Afandi, Hyung-Seok Hahm, and Jim Basney. Scalable Group Key Management with Partially Trusted Controllers. To appear in the International Conference on Networking, Reunion Island, April 2005

  9. SGC Framework Implementation Domain A Domain B Policy Server Policy Server GC GC Key Mgmt: Task, LKH Auth: Openssl, IKE Policy Spec: Antigone Key Mgmt Auth Policy Spec. Reliable Multicast Layer: NORM, Spread M1 M2 … M1 M2 Mn

  10. Testbed Area Funding (Y2)

More Related