Upload
cori-diana-baldwin
View
216
Download
0
Embed Size (px)
Citation preview
TRUST NSF Site Visit, Berkeley, March, 2007
Sensor Networks:Technology Transfer
Stephen Wicker – Cornell University
TRUST NSF Site Visit, Berkeley, March 2007
TRUST SN Technologies
Self-Configuring, Wireless Systems Camera Network Technologies
– Mote Design– Localization– Privacy Policy
Real-Time Data Transfer Tools Security Models and Design Tools Medical Networking Transport Tools
TRUST NSF Site Visit, Berkeley, March 2007
Control Applications
TRUST NSF Site Visit, Berkeley, March 2007
Wireless Networked Embedded Systems: Next Generation SCADA/DCS Systems
DCS: Digital Control Systems– The overall collection
of control systems that measure and change the infrastructure state to facilitate delivery of the commodity (electricity, water, gas, & oil)
Opportunity for a new generation of secure critical physical SCADA and DCS depend on the gathering, monitoring, and control of information from distributed sensing devices.
Powerful platform for privacy policy development.
TRUST NSF Site Visit, Berkeley, March 2007
Water Supply Protection
TRUST NSF Site Visit, Berkeley, March 2007
A Typical Industrial Facility: 40+ years old, $10B infrastructure
~2 Square Miles
1400 Employees
Operating Budget:
$200M+/year
Primary products:
Chlorine, Silica, Caustics
Highly profitable facility
DHS, OSHA, EPA compliance
TRUST NSF Site Visit, Berkeley, March 2007
The Plant: A Complex EnvironmentThe Plant: A Complex Environment
sec
msec
1 sec
secs
min
hours
Plant Servers
OtherComputingDevices
Business Management
Area ServersPlantNetworkModules
NetworkGateway
NetworkGateway
Process Management
Subnetwork Gateway
ApplicationModule
HistoryModule
Personal ComputerNetwork Manager
Control Stations
ArchiveReplay Module
AdditionalCN Modules
Fiber Optics
NetworkInterfaceModule
Other DataHiway Boxes
MultifunctionControllerExtendedController
BasicController
AdvancedMultifunctionController
LocalProcessors
Subnetwork
CONTROL NETWORK
SmartineTransmitters
PLCGateway
OtherSubsystems
PLC
Logic ManagerProcessManager
AdvancedProcessManager
Transmitters
Control Network Extenders
Field Management
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
Comments from Marty Geering, BP Wireless Engineer, Cherry Hill, New Jersey
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
Camera Mote Daughter Board
Source: ITRI
TRUST NSF Site Visit, Berkeley, March 2007
Sharing of sensor readings in real time
EVENTS
Mobile display of locally obtained and globally shared sensor readings:
Local Sensorsare Queried:
EVENTS
SHARED
SH
AR
ED
Sensor readings are shared opportunistically:
SENSTRAC MobOS
TRUST NSF Site Visit, Berkeley, March 2007
Security: Threat Model
Mote-class Attacker– Controls a few ordinary sensor nodes– The attacker has the same capabilities as the network
Laptop-class Attacker– Greater battery & processing power, memory, high-power radio
transmitter, low-latency communication– The attacker can cause more serious damage
Outsider Attacks– Passive eavesdropping: listening to the ongoing
communication– Denial of service attacks: any type of attack that can cause a
degradation in the performance of the network– Replay attacks: the adversary captures some of the
messages, and plays them back at a later time which cause the network to operate on stale information
Insider Attacks: compromised node– Node runs malicious code– The node has access to the secret keys and can participate
in the authenticated communication.
TRUST NSF Site Visit, Berkeley, March 2007
Basic Security Requirements
Confidentiality Authentication Integrity Freshness Secure Group Management Availability Graceful degradation Design time security
TRUST NSF Site Visit, Berkeley, March 2007
Taxonomy of Security Attacks in Sensor NetworksTanya Roosta, Alvaro Cardenas, Shiuhpyng Shieh, Shankar Sastry, UC Berkeley
TRUST NSF Site Visit, Berkeley, March 2007
Embedded System Design (with security extensions)
“ESSC” 17
Embedded System Security Design Modeling and Analysis- Toolchain
SMoLES_SEC Partitions and Dataflows
SMoLES_SEC Deployment DiagramSMoLES_SEC
Adversary Model
Model Model TransformationTransformation
Security/Architecture ModelsSecurity/Architecture Models
Integrity Requirement Violated -- /SimpleSystem/PartitionB/Assembly_B1 has an integrity requirement which is violated by the information flow connecting /SimpleSystem/PartitionB/Port_B2 to /SimpleSystem/PartitionC/Port_C1.
Analysis
“ESSC” 18TRUST NSF Site Visit, Berkeley, March 2007
MedSN Progress
Examining various models for users involved and their method of access/integration in system
– Physician and support staff– Patient– Patient family– Non-family– Insurance/Payer
Collaborative effort with Vanderbilt, Berkeley
Agreement for testing at Nashville assisted living facility
Joint Publications
“ESSC” 19TRUST NSF Site Visit, Berkeley, March 2007
Testbed Progress
Testbed Deployment at Cornell (supports medical effort with Vanderbilt and privacy effort with Berkeley)– Implementation of TinySec for MicaZ– Implementation of MAC layer power saving for
MicaZ– Implementation of power aware routing in network– Implementation of HP Jornada based sound
actuation overlay network– Deployment of PIR overlay network using Crossbow
security motes Joint Publications