Die Präsentation wird geladen. Bitte warten

Die Präsentation wird geladen. Bitte warten

Dethroning TLS in the Embedded World

Ähnliche Präsentationen


Präsentation zum Thema: "Dethroning TLS in the Embedded World"—  Präsentation transkript:

1 Dethroning TLS in the Embedded World
Sebastian Unger Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

2 Why how dethrone TLS embedded world Overview and to in an
Why and how to dethrone tls dethrone TLS in an embedded world Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

3 Agenda Motivation State of the art How to dethrone TLS
WS-CompactSecurity WS-SecurityRecords Conclusion and Outlook Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

4 WoT AAL IoT Motivation The overall vision Motivation:
Vision von kooperierenden Geräten Wird Inhalt über Beamer wiedergegeben, wird Leinwand heruntergefahren und Jalousie geschlossen 10 Minuten vor dem Weckerklingeln wird die Heizung eingeschaltet und Kaffee gekocht Lichtschalter können drahtlos sein (einfachere Installation) und durch andere Geräte ersetzt werden Wir haben diverse Namen dafür: im AAL, IoT, WoT, PC, AI Fakt: es gibt Angreifer Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

5 Interoperability through open technologies
Motivation WS4D.org initiative Interoperability through open technologies How and why to dethrone tls One core technology: Devices Profile for Web Services (DPWS) Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

6 WS for devices WS-Dynamic Discovery WS-* Pub/Sub: WS-Eventing
State of the art Devices Profile for Web Services (DPWS) WS for devices WS-Dynamic Discovery WS-* How and why to dethrone tls Pub/Sub: WS-Eventing Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

7 TLS APP TLS TCP IP TLS is FAST! State of the art Security in DPWS
TLS (Bsp: DPWS) DTLS (Bsp: CoAP) Nachteile APP TLS TCP IP TLS is FAST! Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

8 No dependency on transport protocol
State of the art WS-Security as alternative to TLS? [1] WS-Security! [2] No dependency on transport protocol No dependency on X.509 certificates Any authentication method possible Multihop communication [3] TLS (Bsp: DPWS) DTLS (Bsp: CoAP) Nachteile [1] Martínez et al.: “A security architectural approach for DPWS-based devices”. 2008 [2] Hernández et al.: “Security framework for DPWS compliant devices” [3] Unger et al.: “Extending the devices profile for web services for secure mobile device communication” Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

9 WS Security introduces massive message size overhead
State of the art Drawback of WS-Security WS Security introduces massive message size overhead TLS (Bsp: DPWS) DTLS (Bsp: CoAP) Nachteile Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

10 How much of a drawback does WS-Security introduce?
State of the art Core questions Initial question: How much of a drawback does WS-Security introduce? TLS (Bsp: DPWS) DTLS (Bsp: CoAP) Nachteile Questions of interest: How fast can WS-Security be? Can it be fast enough to dethrone TLS? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

11 XML-Signature WS-Security XML-Encryption Our goal Compact Signature
How to dethrone TLS What is WS-Security? XML-Signature WS-Security XML-Encryption TLS (Bsp: DPWS) DTLS (Bsp: CoAP) Nachteile Our goal Compact Signature WS CompactSecurity Compact Encryption Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

12 Sequence Number Action Timestamp Signature Payload How to dethrone TLS
XML-Signature vs. WS-DD Compact Signatures (1) Sequence Number Action Timestamp Signature First Step: Dethrone TLS WS-DD Csig: Abbildung Payload Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

13 Same scheme (set of algorithms) for each element
How to dethrone TLS XML-Signature vs. WS-DD Compact Signatures (2) XML-Signature: 2479 bytes 41 Elements 24 Parameters CompactSignature: 246 bytes 1 Element 5 Parameters Compacter format Same scheme (set of algorithms) for each element No digests transmitted First Step: Dethrone TLS WS-DD Csig: Abbildung Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

14 XML-Encryption Compact Encryption XML-Encryption: 539 bytes 8 Elements
How to dethrone TLS XML-Encryption vs. WS4D Compact Encryption XML-Encryption Compact Encryption XML-Encryption: 539 bytes 8 Elements 4 Parameters Compact Encryption: 227 bytes 3 Elements 4 Parameters First Step: Dethrone TLS Ähnliche Abbildung XML-Encyrption Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

15 WS-DD Compact Signatures
How to dethrone TLS WS Compact Security WS-DD Compact Signatures WS Compact Security combined WS4D Compact Encryption First Step: Dethrone TLS Zusammenfassung der beiden zu WS-Csec Iop herausstellen Highly interoperable “Classic” WS-Security Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

16 Dedicated Ethernet Line WS Client on Linux PC
How to dethrone TLS Measurement Setup – Hardware Dedicated Ethernet Line WS Client on Linux PC WS Echo Server on Fox LX 832 First Step: Dethrone TLS Mess-Setup Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

17 Echo server and client implemented with gSOAP
How to dethrone TLS Measurement Setup – Software <ns:single-string-echo> <ns:in>string</ns:in> </ns:single-string-echo> <ns:single-string-echoResponse> <ns:out>string</ns:out> </ns:single-string-echoResponse> First Step: Dethrone TLS Mess-Setup Echo server and client implemented with gSOAP 10k requests / responses Measured RTTs, computed medians Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

18 Factor 1.5 – 2 How to dethrone TLS
WS Compact Security – Results – Round Trip Times (RTT) Factor 1.5 – 2 First Step: Dethrone TLS Ergebnisse Nicht schlecht, gleiche Größenordnung, trotzdem Faktor 2-3 Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

19 WS Compact Security TLS two encryption cycles one encryption cycle
How to dethrone TLS Fundamental advantage of TLS over WS Compact Security WS Compact Security TLS Compute message digest Compute message digest Encrypt digest to signature Encrypt digest to signature Append digest to payload Encrypt payload Encrypt payload First Step: Dethrone TLS Grund dafür, dass TLS schneller Encrypt payload and digest Encrypt payload and digest Substitute payload by cipher Substitute payload by cipher two encryption cycles one encryption cycle Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

20 Less interoperability
How to dethrone TLS WS Security Records <Envelope> <Header><! !></Header> <Body> encrypt <Record CipherData=... EncKeyId=... EncRefs=... PrefixList=... Scheme=... SigKeyId=... SigRefs=... /> <Digest>...</Digest> <Payload>...</Payload> First Step: Dethrone TLS Zweiter Ansatz: WS-SecRec Supposed to be faster Less interoperability </Body> </Envelope> Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

21 Factor 1.17 How to dethrone TLS
WS Security Records – Results – Round Trip Times (RTT) Factor 1.17 First Step: Dethrone TLS Ergebnisse Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

22 Does WS Compact Security dethrone TLS?
Conclusion (1) WS Compact Security Does WS Compact Security dethrone TLS? Equally fast? Zusammenfassung Nearly as fast by providing higher flexibility? Nearly as fast by remaining compatible to classic WS Security? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

23 Do WS Security Records dethrone TLS?
Conclusion (2) WS Security Records Do WS Security Records dethrone TLS? Remain highly compatible to classic WS Security? Zusammenfassung Equally fast? Provide higher flexibility? Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

24 Develop Devices Profile for Web Service Security
Outlook Develop Devices Profile for Web Service Security Develop architecture and implement prototype on basis of DPWS Transfer Results to different base technology Outlook Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

25 Thanks a lot for your attention! Any questions?
Thank you! Questions? Thanks a lot for your attention! Any questions? Thanks! Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

26 Test Messages (1) 5 chars: <SOAP-ENV:Body>
<ns:single-string-echo xmlns:ns="ws4d:ptest"> <ns:in>01234</ns:in> </ns:single-string-echo> </SOAP-ENV:Body> Backup: Messwerte, Nachrichtengrößen, etc… 50 chars: <SOAP-ENV:Body> <ns:single-string-echo xmlns:ns="ws4d:ptest"> <ns:in> </ns:in> </ns:single-string-echo> </SOAP-ENV:Body> Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

27 Test Messages (2) 10x5 chars: <SOAP-ENV:Body>
<ns:multiple-string-echo xmlns:ns="ws4d:ptest"> <ns:in> <ns:p01>01234</ns:p01> <ns:p02>01234</ns:p02> <ns:p03>01234</ns:p03> <ns:p04>01234</ns:p04> <ns:p05>01234</ns:p05> <ns:p06>01234</ns:p06> <ns:p07>01234</ns:p07> <ns:p08>01234</ns:p08> <ns:p09>01234</ns:p09> <ns:p10>01234</ns:p10> </ns:in> </ns:multiple-string-echo> </SOAP-ENV:Body> Backup: Messwerte, Nachrichtengrößen, etc… Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

28 Detailed message sizes and RTTs
RTTs in ms WS CSec (RC4) WS CSec (AES) WS SecRec (RC4) WS SecRec (AES) TLS (RC4) TLS (AES) No Security 5 chars 29,4 39,1 21,6 28,5 18,5 20 16,7 50 chars 30,2 40,1 22,4 29,9 18,8 20,6 17 10x5 chars 41,1 51,8 31,8 40,5 24,8 17,6 Message sizes in Bytes Backup: Messwerte, Nachrichtengrößen, etc… SOAP Envelope HTTP message TLS (RC4) TLS (AES) WS CSec (RC4) WS CSec (AES) WS SecRec (RC4) WS SecRec (AES) 5 chars 218 382 238 245 749 777 508 524 50 chars 263 427 248 261 809 841 568 588 5x10 chars 437 601 293 309 1041 1077 800 820 Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

29 WS Security and Compression
Two methods and why they both don‘t work Encrypt first, compress later SOAP b64-coded cipher SOAP compr. cipher compress first, encrypt later Backup: Erklärung, warum keine Kompression (notfalls mit Werten) SOAP payload SOAP SOAP SOAP compressed payload Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

30 Different key for everyone
State of the art MAC Layer Security Same key for everyone or - Different key for everyone subnet subnet router MAC Layer Security WLAN, IEEE Nachteile MAC Layer Security Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

31 Transport Mode Tunnel Mode subnet subnet Vendor A Vendor B
State of the art IPSec Transport Mode Tunnel Mode subnet subnet Vendor A Vendor B IPSec Nachteile IPSec is complex! node router IPSec Gateway Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

32 First Step: Dethrone TLS
WS Compact Security – Results – Message Sizes TCP Payload First Step: Dethrone TLS Ergebnisse Nicht schlecht, gleiche Größenordnung, trotzdem Faktor 2-3 Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

33 First Step: Dethrone TLS
WS Security Records – Results – Message Sizes First Step: Dethrone TLS Ergebnisse Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

34 Ambient Assisted Living
Motivation Internet of Things The overall problem Ambient Assisted Living Pervasive Computing Motivation: AAL, IoT, WoT, PC, AI unterscheiden sich zwar in Details haben jedoch alle gemeinsam, dass ein System vieler ressourcenschwacher, eingebetteter Geräte zum Einsatz kommen soll Problem: Kryptografie ressourcenlastig ABER: bevor wir das nicht gelöst haben, wird das ganze Zeug nicht marktreif Web of Things Ambient Intelligence Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

35 necessary by design expensive State of the art … Common sense:
… in general Common sense: Security… necessary … is by design Aktueller Zustand / State of the Art: Die meisten haben begriffen, dass Security notwendig ist Security by design – nicht später draufpantschen Aber: Neue Security-Designs teuer … must be considered expensive … can be Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

36 IPSec MAC Layer Security (D)TLS
State of the art… … in particular IPSec MAC Layer Security (D)TLS Daher oft Zurückgreifen auf bekanntes Auch dann, wenn nur bedingt geeignet Die beliebtesten / verbreitetsten werden vorgestellt Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

37 State of the art Conclusion: Presented methods not ideal
Many others came to same conclusion Zusammengefasst: nur bedingt geeignet Haben viele andere auch erkannt und Konzepte auf Anwendungsebene entwickelt Folge: Viele unterschiedliche, nicht-interoperable Konzepte  Result: Countless approaches on application level Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

38 Web Services WS-Security Suite Our approach (Informative) Approach
Es scheint also nicht sinnvoll, ein weiteres Konzept vorzuschlagen stattdessen wollen wir ein existierendes, weit verbreitetes Konzept anpassen: Die WS-Security Suite Grund dafür: Web Services bereits auf eingebettete Systeme gebracht (DPWS) Jetzt das gleiche für WS-Security WS-Security Suite Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

39 Devices Profile for Web Services Devices Profile for WS-Security Suite
Our approach (Informative) Devices Profile for Web Services Approach Es scheint also nicht sinnvoll, ein weiteres Konzept vorzuschlagen stattdessen wollen wir ein existierendes, weit verbreitetes Konzept anpassen: Die WS-Security Suite Grund dafür: Web Services bereits auf eingebettete Systeme gebracht (DPWS) Jetzt das gleiche für WS-Security Devices Profile for WS-Security Suite Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering

40 First Step: Dethrone TLS
Overview WS-Federation TLS WS-Trust WS-Policy compare WS-SecureConversation First Step: Dethrone TLS bereits gesagt: TLS sehr beliebt, hat aber viele Nachteile Initiale Idee: herausfinden, wie viel langsamer als TLS WS-Security wirklich ist Ansatz: Verschlüsselung und Signaturen mit kompakter Repräsentation von WS-Security, XML-Encryption, XML-Signature WS-DD macht es mit WS-CompactSignature vor TLS ist state-of-the-art – also müssen wir uns damit messen WS-Security WS-CompactSecurity transform Sebastian Unger | UNIVERSITY OF ROSTOCK | Institute of Applied Microelectronics and Computer Engineering


Herunterladen ppt "Dethroning TLS in the Embedded World"

Ähnliche Präsentationen


Google-Anzeigen