Sensor Networks:
Technology Transfer
Stephen Wicker – Cornell University
TRUST NSF Site Visit, Berkeley, March, 2007
TRUST SN Technologies


Self-Configuring, Wireless Systems
Camera Network Technologies
–
–
–



Mote Design
Localization
Privacy Policy
Real-Time Data Transfer Tools
Security Models and Design Tools
Medical Networking Transport Tools
TRUST NSF Site Visit, Berkeley, March 2007
Control Applications
TRUST NSF Site Visit, Berkeley, March 2007
Wireless Networked Embedded Systems:
Next Generation SCADA/DCS Systems

DCS: Digital Control
Systems
–
The overall collection
of control systems
that measure and
change the
infrastructure state to
facilitate delivery of
the commodity
(electricity, water, gas,
& oil)

Opportunity for a new
generation of secure critical
physical SCADA and DCS
depend on the gathering,
monitoring, and control of
information from distributed
sensing devices.

Powerful platform for
privacy policy
development.
TRUST NSF Site Visit, Berkeley, March 2007
Water Supply Protection
TRUST NSF Site Visit, Berkeley, March 2007
A Typical Industrial Facility: 40+ years old,
$10B infrastructure
~2 Square Miles
1400 Employees
Operating Budget:
$200M+/year
Primary products:
Chlorine, Silica,
Caustics
Highly profitable
facility
DHS, OSHA, EPA
compliance
TRUST NSF Site Visit, Berkeley, March 2007
The Plant: A Complex Environment
Other
Computing
Devices
Plant
Servers
hours
Business Management
Personal Computer
Network Manager
min
secs
Archive
Replay Module
Control Stations
Area ServersPlant
Network
Modules
Application
Module
Additional
CN Modules
History
Module
Fiber Optics
1 sec
msec
Network
Gateway
Network
Gateway
Process Management
Subnetwork Gateway
Other Data
Hiway Boxes
Network
Interface
Module
Multifunction
Controller
Extended
Controller
 sec
LocalProcessors
Basic
Controller
Advanced
Multifunction
Controller
PLC
Gateway
PLC
Control Networ
Other Extenders
Subsystems
Logic ManagerProcess
Manager
Field Management
Advanced
Process
Manager
Smartine
Transmitters
Transmitters
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
Comments from Marty Geering, BP
Wireless Engineer, Cherry Hill, New Jersey
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
TRUST NSF Site Visit, Berkeley, March 2007
Camera Mote Daughter Board
Source: ITRI
TRUST NSF Site Visit, Berkeley, March 2007
Sharing of sensor readings in real time
Mobile display of locally obtained and globally
shared sensor readings:
Sensor readings are
shared opportunistically:
Local Sensors
are Queried:
SHARED
SENSTRAC
TRUST NSF Site Visit, Berkeley,MobOS
March 2007
Security: Threat Model

Mote-class Attacker
–
–

Laptop-class Attacker
–
–

Greater battery & processing power, memory, high-power
radio transmitter, low-latency communication
The attacker can cause more serious damage
Outsider Attacks
–
–
–

Controls a few ordinary sensor nodes
The attacker has the same capabilities as the network
Passive eavesdropping: listening to the ongoing
communication
Denial of service attacks: any type of attack that can cause
a degradation in the performance of the network
Replay attacks: the adversary captures some of the
messages, and plays them back at a later time which
cause the network to operate on stale information
Insider Attacks: compromised node
–
–
Node runs malicious code
The node has access to the secret keys and can
participate in the authenticated communication.
TRUST NSF Site Visit, Berkeley, March 2007
Basic Security
Requirements








Confidentiality
Authentication
Integrity
Freshness
Secure Group Management
Availability
Graceful degradation
Design time security
TRUST NSF Site Visit, Berkeley, March 2007
Taxonomy of Security Attacks in Sensor Networks
Tanya Roosta, Alvaro Cardenas, Shiuhpyng Shieh, Shankar Sastry, UC Berkeley
10/3/2015
10/3/2015
TRUST NSF Site Visit, Berkeley, March 2007
Embedded System Security
Design Modeling and Analysis- Toolchain
Embedded System Design
(with security extensions)
SMoLES_SEC
Adversary Model
SMoLES_SEC
Deployment Diagram
SMoLES_SEC Partitions
and Dataflows
Model
Transformation
Integrity Requirement Violated -/SimpleSystem/PartitionB/Assembly_B1 has an
integrity requirement which is violated by the
information flow connecting
/SimpleSystem/PartitionB/Port_B2 to
/SimpleSystem/PartitionC/Port_C1.
Security/Architecture Models
Analysis
“ESSC”
TRUST NSF Site Visit, Berkeley, March 2007
17
MedSN Progress

Examining various models for users involved and their method of
access/integration in system
–
–
–
–
–



Physician and support staff
Patient
Patient family
Non-family
Insurance/Payer
Collaborative effort with
Vanderbilt, Berkeley
Agreement for testing at
Nashville assisted living
facility
Joint Publications
“ESSC”
TRUST NSF Site Visit, Berkeley, March 2007
18
Testbed Progress

Testbed Deployment at Cornell (supports
medical effort with Vanderbilt and privacy effort
with Berkeley)
–
–
–
–
–

Implementation of TinySec for MicaZ
Implementation of MAC layer power saving for
MicaZ
Implementation of power aware routing in network
Implementation of HP Jornada based sound
actuation overlay network
Deployment of PIR overlay network using Crossbow
security motes
Joint Publications
“ESSC”
TRUST NSF Site Visit, Berkeley, March 2007
19
Descargar

Embedded System Security Co