1 / 40

Dethroning TLS in the Embedded World

Dethroning TLS in the Embedded World. Sebastian Unger. Overview. Why. and. how. to. dethrone TLS. in an. embedded world. Agenda. Motivation State of the art How to dethrone TLS WS- CompactSecurity WS- SecurityRecords Conclusion and Outlook. Motivation. WoT.

rudyard-dale
Télécharger la présentation

Dethroning TLS in the Embedded World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dethroning TLS in theEmbedded World Sebastian Unger Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  2. Overview Why and how to dethrone TLS in an embedded world Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  3. Agenda Motivation State of the art How to dethrone TLS WS-CompactSecurity WS-SecurityRecords Conclusion and Outlook Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  4. Motivation WoT The overall vision AAL IoT Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  5. Motivation Interoperability through open technologies WS4D.org initiative One core technology: Devices Profile for Web Services (DPWS) Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  6. State of the art WS for devices WS-Dynamic Discovery Devices Profile for Web Services (DPWS) WS-* Pub/Sub: WS-Eventing Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  7. State of the art Security in DPWS TLS APP TLS TCP IP TLS is FAST! Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  8. State of the art [1] WS-Security! WS-Security as alternative to TLS? [2] No dependency on transport protocol No dependency on X.509 certificates Any authentication method possible Multihop communication [3] [1] Martínez et al.: “A securityarchitecturalapproach for DPWS-based devices”. 2008 [2] Hernández et al.: “Security framework for DPWS compliant devices”. 2009. [3] Unger et al.: “Extending the devices profile for web services for secure mobile device communication”. 2010. Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  9. State of the art Drawback of WS-Security WS Security introduces massive message size overhead Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  10. State of the art Initial question: How much of a drawback does WS-Security introduce? Core questions Questions of interest: How fast can WS-Security be? Can it be fast enough to dethrone TLS? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  11. How to dethrone TLS XML-Signature WS-Security What is WS-Security? XML-Encryption Our goal Compact Signature WS CompactSecurity Compact Encryption Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  12. How to dethrone TLS Sequence Number Action Timestamp XML-Signature vs. WS-DD Compact Signatures (1) Signature Payload Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  13. How to dethrone TLS XML-Signature: 2479 bytes 41 Elements 24 Parameters CompactSignature: 246 bytes 1 Element 5 Parameters XML-Signature vs. WS-DD Compact Signatures (2) Compacter format Same scheme (set of algorithms) for each element No digests transmitted Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  14. How to dethrone TLS XML-Encryption vs. WS4D Compact Encryption XML-Encryption Compact Encryption XML-Encryption: 539 bytes 8 Elements 4 Parameters Compact Encryption: 227 bytes 3 Elements 4 Parameters Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  15. How to dethrone TLS WS-DD CompactSignatures WS Compact Security WS CompactSecurity combined WS4D CompactEncryption Highlyinteroperable “Classic” WS-Security Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  16. How to dethrone TLS Measurement Setup – Hardware Dedicated Ethernet Line WS Client on Linux PC WS Echo Server on Fox LX 832 Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  17. How to dethrone TLS Measurement Setup – Software <ns:single-string-echo> <ns:in>string</ns:in></ns:single-string-echo> <ns:single-string-echoResponse> <ns:out>string</ns:out></ns:single-string-echoResponse> Echo server and client implemented with gSOAP 10k requests / responses Measured RTTs, computed medians Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  18. How to dethrone TLS Factor 1.5 – 2 WS Compact Security – Results – Round Trip Times (RTT) Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  19. How to dethrone TLS WS Compact Security TLS Compute message digest Compute message digest Fundamental advantage of TLS over WS Compact Security Encrypt digest to signature Encrypt digest to signature Append digest to payload Encrypt payload Encrypt payload and digest Encrypt payload Encrypt payload and digest Substitute payload by cipher Substitute payload by cipher two encryption cycles one encryption cycle Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  20. How to dethrone TLS <Envelope> <Header><!-- ... --!></Header> <Body> WS Security Records encrypt <Record CipherData=... EncKeyId=... EncRefs=... PrefixList=... Scheme=... SigKeyId=... SigRefs=... /> <Digest>...</Digest> <Payload>...</Payload> Supposed to be faster Less interoperability </Body> </Envelope> Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  21. How to dethrone TLS WS Security Records – Results – Round Trip Times (RTT) Factor 1.17 Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  22. Conclusion (1) Does WS Compact Security dethrone TLS? WS Compact Security Equally fast? Nearly as fast by providing higher flexibility? Nearly as fast by remaining compatible to classic WS Security? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  23. Conclusion (2) Do WS Security Records dethrone TLS? WS Security Records Remain highly compatible to classic WS Security? Equally fast? Provide higher flexibility? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  24. Outlook Develop Devices Profile for Web Service Security Develop architecture and implement prototype on basis of DPWS Transfer Results to different base technology Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  25. Thank you! Thanks a lot for your attention! Any questions? Questions? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  26. Test Messages (1) 5 chars: <SOAP-ENV:Body> <ns:single-string-echo xmlns:ns="ws4d:ptest"> <ns:in>01234</ns:in> </ns:single-string-echo> </SOAP-ENV:Body> 50 chars: <SOAP-ENV:Body> <ns:single-string-echo xmlns:ns="ws4d:ptest"> <ns:in>01234567890123456789012345678901234567890123456789</ns:in> </ns:single-string-echo> </SOAP-ENV:Body> Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  27. Test Messages (2) 10x5 chars: <SOAP-ENV:Body> <ns:multiple-string-echo xmlns:ns="ws4d:ptest"> <ns:in> <ns:p01>01234</ns:p01> <ns:p02>01234</ns:p02> <ns:p03>01234</ns:p03> <ns:p04>01234</ns:p04> <ns:p05>01234</ns:p05> <ns:p06>01234</ns:p06> <ns:p07>01234</ns:p07> <ns:p08>01234</ns:p08> <ns:p09>01234</ns:p09> <ns:p10>01234</ns:p10> </ns:in> </ns:multiple-string-echo> </SOAP-ENV:Body> Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  28. Detailedmessagesizesand RTTs RTTs in ms Message sizes in Bytes Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  29. WS Security and Compression Encrypt first, compress later Two methods and why they both don‘t work SOAP b64-coded cipher SOAP compr. cipher compress first, encrypt later SOAP payload SOAP SOAP SOAP compressed payload Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  30. State of the art • Same key for everyone • or - • Different key for everyone MAC Layer Security subnet subnet ≙ router MAC LayerSecurity Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  31. State of the art Transport Mode Tunnel Mode IPSec subnet subnet Vendor A Vendor B IPSec is complex! node router IPSec Gateway Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  32. First Step: Dethrone TLS TCP Payload WS Compact Security – Results – Message Sizes Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  33. First Step: Dethrone TLS WS Security Records – Results – Message Sizes Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  34. Motivation Internet of Things Ambient Assisted Living PervasiveComputing The overall problem Webof Things Ambient Intelligence Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  35. State of the art … Common sense: … in general Security… necessary … is by design … must be considered expensive … can be Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  36. State of the art… IPSec … in particular MAC LayerSecurity (D)TLS Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  37. State of the art Conclusion Conclusion: Presented methods not ideal Many others came to same conclusion  Result: Countless approaches on application level Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  38. Our approach Web Services (Informative) WS-Security Suite Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  39. Our approach Devices Profile for Web Services (Informative) Devices Profile for WS-Security Suite Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

  40. First Step: Dethrone TLS Overview WS-Federation TLS WS-Trust compare WS-Policy WS-SecureConversation WS-Security WS-CompactSecurity transform Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

More Related