[ieee 2012 1st international conference on emerging technology trends in electronics, communication...
TRANSCRIPT
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
Authenticated Distributed Device Network Sapana Garde#
# Electronics & Communication Department, Gujarat Technological University
Mahatma Gandhi Institute o/Technical Education & Research Centre
Bhanunagar, Eru-aat road, Jalalpor, Navsari, Gujarat, India
sapana [email protected]
Abstract- Demand of today's globalized business world is to join different kind of data & communication sources and cross-border
collaborations have led to work with distributed environments
across multiple organizational and geographical boundaries. The
new requirements of portability, configurability and
interoperability of distributed device networks put forward new
challenges and security risks to the system's design and
implementation. There are critical demands on highly secured
collaborative control environments and security enhancing
mechanisms for distributed device control, configuration,
monitoring, and interoperation. This paper addresses the collabo
rative control issues of distributed device networks with entity
authentication. The security challenges of authenticity, integrity, confidentiality, and execution safety are considered as primary
design constraints. By adopting policy-based network security
technologies, a technique of passing secret key is designed in this
paper to provide high authenticity in distributed network, more
over modules of Secure Device Control Gateway and Security Agent are modified into regular distributed device control
networks to provide security and safety enhancing mechanisms.
The main architectures, applied mechanisms, and implementation
considerations are presented in detail in this paper.
Keywords-distributed device network, secret key, secure device
control gateway, secure client, secure agent, self generated code,
repository system.
I. INTRODUCTION
The growing globalization and decentralization of businesses demands for automated data transaction between different nodes of organization or transfer between different organizations. Businesses and interactions are now happening across traditional physical boundaries. The decentralization of organizations has become a major impact on the traditional business models. Services and resources are distributed everywhere and sourced anywhere through virtual chain. In recent years, a number of research projects have been proposed to address the collaborative control problem of distributed device systems in open environments. Hitachi Seiki (Japan) introduced Seiki Flex Link Open CNC/PC Network Connectivity
[5] to its turning and machining centres, making possible to connect with a hand held personal digital assistant (PDA) or a laptop computer and do in-process gauging, machine moni
toring, and cycle-time analysis. Since 1998, Mazak (Japan) has operated its high-tech Cyber Factory concept at its headquarters in Oguchi, Japan. The fully network able Ma=atrol Fusion con-trois allow Mazak machines to
978-1-4673-1627-9112/$3l.00 ©2012 IEEE
communicate over wireless networks for applications including real-time machine tool monitoring and diagnostics. MetaMorph
II [6] was proposed as a hybrid, agent-based, mediator-centric architecture to integrate partners, suppliers, and customers in a dynamic manufacturing environment The internet is widely used as an open medium for information communication for distributed system hence security of data becomes a wide issue here which could be solve by secret key generation which is the approach of this paper, this will provide following advantages.
• Control tasks or components can be designed and exchanged between different vendors.
• Different devices can be operated and monitored by each other or by human operators, within or outside the organization.
• Different devices can be reconfigured remotely to respond unanticipated events.
II. DISTRIBUTED DEVICE CONTROL
Within the efforts towards increasing the configurability,
interoperability and other collaborative features of distributed
device control systems, International Electro technical
Commissions' function Block specification (lEC61499) [7] is one of the most significant effort.
communication network I
I I I I I
I I Application A I I
Del.icE Del.icE Del.icE Del.icE 1 2 3 �
I I Application E! I I Appl.e
I I I I controlled process I
Fig. 1 IEC61499 Distributed Control system Model (source: [7])
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
client domain 1 client domain N
Repository system 1
Device domain 1 Device domain N
Network router/Gateway
,<> SDCG secure client
Secure Repository system
Fig.2 Secure distributed device control model (source: [I])
IEC61499 provides a set of systematic approaches for the design of distributed industrial process measurement and
control system (IPMCS). It specifies a series of reference models and covers the whole life cycle of a control system,
including the phases of system planning, design, implementation, validation, operation, and maintenance. As shown in Fig.l different kinds of devices are virtually connected to each other through internet network, where all devices could be of different category and processing different applications. All the processes are controlled by accessing devices on demand through centralised system which would be explained in detail in section no. III. Demonstration of IEC61499 and (Functional Block) FB related concepts for distributed industrial and device control systems have been demonstrated in a number of projects in the literature [8]-[10]. For example, Brennan et at. [8] proposed a model to support runtime reconfiguration of distributed control systems that are built upon FB models. FBDK (The functional block development kit) [9] was developed as an experimental development kit to enable the building and testing of FB-based control and applications However, IEC61499 specification does not address how FB components are stored, retrieved and protected in a network environment. In another words, there is no discussion concerning how such a distributed device control system could run under open and dynamic environments. It is also hard to find such discussion in available research literature. In order to actually implement collaborative control -
978-1-4673-1627-9112/$3l.00 ©2012 IEEE
shared devices
under open and dynamic environments, further research and developments are required.
III. SECURITY CHALLENGES UNDER OPEN AND DYNAMIC ENVIRONMENT
The open and dynamic environment brings many new chal
lenges to the collaborative control of distributed device
systems. In such an environment, for example, device access
and information exchange have to cross multiple corporate
networks or even over the Internet. Critical security challenges
may arise in the processes of command transferring, function
modifications, remote diagnosis, and maintenance. Any control
operations in open and dynamic environments may result in
potentially hazardous conditions. Most significantly, security
risks may come from the network, data storage, operating
platforms, and application modules. A distributed device
network is described in Fig.2 where various clients, RS
(repository systems) and devices to be accessed are inter
connected through internet hence authentication is essential.
RS is loaded with address of devices and their respective
SDCG (Secure Device Control Gateways) in terms of codes
which interconnects devices practically to the authenticated
client through key verification process designed by software
tools which is explained in section IV, such open collaboration
scenario is accompanied by the following significant security
challenges.
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
1) identification: Distributed devices, software tools, and human operators need to identify themselves within the open and dynamic environment. This is the means by which devices, tools, and users may use to claim their identities to the device control system.
2) Entity Authentication: This is a process to demonstrate the evidence of the identity of a device or operator.
3) Data Authentication: This is a process to demonstrate the evidence of the identity of the original source of exchanged commands, control codes, or device feedback
4) Authori=ation: This is a process by which an entity is granted to access another entity's processes or resources. It determines the extent of system rights that an entity holds.
5) integrity: Command and control codes must be protected to ensure that no part is changed while in storage or in transmission across networks.
6) Corifidentiality: Valuable codes and data, perhaps representing confidential manufacturing processes, must be protected from malicious attackers or competitors.
7) No repudiation: An entity (a device, an operator, and so on) cannot deny the authenticity of its signature on a command or a communication that it originates.
8) Execution Safety: The acceptance and execution of outside commands and control codes must be safe to the device and the control system. Each device may have independent local task execution and protection requirements
IV. DESIGN OF SECURED DISTRIBUTED DEVICE NETWORK
Following fig.3 describes entire process of authenticated device access stepwise
CLIENT
key acknow ledge<
Fig. 3 secure accessing between client, RS, SDCG (source: [I])
• SA (Security Agent- It is a module which implements all the security enhancing operations including security
policy negotiation, entity authentication, data confidentiality, nonrepudiation, and integrity) [I] at Client side sends request and Credential to repository system for device access, The Request indicates that the
978-1-4673-1627-9112/$3l.00 ©2012 IEEE
operator wants to retrieve some available control components from a repository.
• SA module at RS accepts the request & checks the credential against the security policy to see if the request is authorized and provided credentials satisfy the policies, the Repository SA generates the key from IP address of the client which is unique per transaction the key generation process is described in Fig.no.7
• RS passes the same key to the respective SDCG where requested device is connected, on the device side there are a series of SDCG with local devices beneath them. By default, each SDCG and its associated devices are considered to be within one trust boundary. This means
that there is no security risk between devices in one trust boundary. More about SDCG is discussed in section V.
• SDCG sends the acknowledgement back to repository system for successful reception of the key
• Client sends request and secret key to SDCG to have access on selected device
• If key received from client is verified with the key sent by repository system then SDCG provides access of device to the client otherwise denies the access
Hence access is provided only to the verified user.
V. ARCHITECTURE OF SDCG
In our proposed model, the SDCG plays important roles by mediating outside requests and internal control actions in the Device Domain. It guarantees the security and safety of the device control. The architecture of this SDCG is illustrated in Fig. 4, which includes the following.
A. Security Agent
For incoming dataflow, the SA checks the authenticity and integrity of the data. Then it decrypts dataflow, which may contain commands or control components in the form of XML. For outgoing dataflow, the SA signs and encrypts outgoing XML data and delivery results for their destinations. The architecture of the SA and the applied mechanisms are presented in Section VI.
B. Admission Agent
The Admission Agent checks whether a newly requested task is available to be executed according to the admission policy.
C. Queue Agent
When a new Task passes the admission test, a Task ID will be assigned to it. The task will then be put into the Task Queue. The first task in the queue is always waiting for execution in the next scheduling period. The Queue Agent maintains the queuing policy for ordering queried tasks. Specified rules can be set for smooth functioning of multiple tasks.
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
The task queuing policy may be set according to the following factors.
• Priority of each task. • Task entry time. • Fairness-guarantee that each waiting task will have a
'Fair' opportunity to run. • Desired completion time of each task.
Fig. 4 Architecture of SDCG (source: [I])
D. Execution Agent
The Execution Agent is responsible for the execution of a task. It gets the first task from the task queue and uses the corresponding device application identity (API) to begin the execution of that task on the specified device. After proper authentication, execution agent allow access of respective devices and sends feedback to the respective clients
VI. DESIGN OF DISTRIBUTED DEVICE CONTROL SYSTEMS WITH SECURITY FEATURES
There are three logical domains in this model: client domain, repository domain, and device domain. Entities in different do
mains may be geographically distributed and connected through networks (LAN or WAN). The collaboration and control operations may run across any open and unsecured network, like the Internet. Each client in this model is a secure client (SC), which is protected by a module called the SA. Fig. no.5 illustrates the basic functional modules of SC. The
978-1-4673-1627-9112/$31.00 ©2012 IEEE
SA is playing important roles, which implements all the security enhancing operations including security policy negotiation, entity authentication, data confidentiality, no repudiation, and integrity. The working mechanisms of SA are to be presented in Section VII in detail. On the client side, an operator or designer holds one or more credentials, which certify that slhe has some granted rights to request some services under limited conditions. For example, before an operator wants to query the status of a device, the operator must provide a proof (credential) signed by the device's administrator or others who have the delegation authority. Depending on an operator's priorities and responsibilities, slhe may request different services, like programming a new control
application, device reconfiguration, device operation, or device monitoring.
Device operator/System designer
Security agent
Internet browser
Internet Fig. 5 Functional module in Secure Client (source: [1])
On the repository side, a series of control components, expressed as IEC61499 FB Codes are stored in different repositories. These components are different control functions and applications (e.g., PID Control) that may come from different suppliers. These repositories are distributed across several physical locations and may belong to different organizations. There is a SA residing in each of the repositories.
Task components
repositor� __ _
Securit� Policie� --1--
Security agent
I HTTPserver
? ""0,""""''' Internet
Fig. 6 Functional module in Secure Repository (source: [I])
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
The SA is responsible for all the security-related operations such as authentication, data encryption, integrity verification, audit and so on. Each repository SA also maintains a series of security-related policies, which specify the detailed security requirements and constraints. Only requests compatible with these policies will be served by SA. Fig. 6 illustrates the basic functional modules of a secure repository (SR).
VII. PROCESS OF KEY GENERA nON
In the distributed network a client can access intended device by proving its valid identity which is the approach of
this paper, different control systems may use different devices from different vendors. Software and tools by different suppliers cannot recognize each other. The status and operations of distributed devices are difficult to predict and control from a remote site. Such situations have created barriers to forming new collaborations with changing global supply chains and other activities. In recent years, a number of research projects have been proposed to address the collaborative control problem of distributed device systems in open environments. Significant projects include NfllP [2]. The goal of this project was to develop a series of open industry software protocols that can make software interoperation possible between manufacturers and their suppliers. More recently, Cimplicity [3] from GE Fanuc Automation (USA) was developed to allow users to view their factory's operational processes through an XML-based Web-View
screen. In order to bring legacy machine tools on-line and make machine tools become servers of information, e-Manufacturing Network Inc. (Canada) introduced its fON Universal
fnteiface and CORTEX Gateway [4]. Hitachi Seiki (Japan) introduced Seiki FlexLink Open CNC/PC Network Connectivity
[4] to its turning and machining centers, making possible to connect with a hand held personal digital assistant (PDA) or a Laptop computer and do in-process gauging, machine monitoring, and cycle-time analysis. Since 1998, Mazak (Japan) has operated its high-tech Cyber Factory concept at its headquarters in Oguchi, Japan. The fully networkable Mazatrol
Fusion con-trois allow Mazak machines to communicate over wireless networks for applications However, despite all these accomplishments, most of the above systems are either for offline simulation or for monitoring only. Most of these systems require a specific application to be installed and configured instead of using standard interfaces. However to secure this transaction special key is generated in this paper to make the process authenticated
The key is generated by RS through eight steps as following • RS accepts the request from client who wants to have an
access on remote devices; RS detects the valid 32 bit IP address of the client and recovers its last two digits 16 bits through logical anding IP mask 0.0.l.l.
• Result generated in step no. 1 is logically ex-ored with 32 bit predefined common block code 0.0.10101010.10101010 in RS
978-1-4673-1627-9112/$3l.00 ©2012 IEEE
• Generated ex-ored code is again logically anded with two different 8 bit defined codes X and Y individually which generates two different 8 bit results A & B respectively.
• Result A is logically ex-ored with special self generated code -SGC and produce 8 bit code C where SGC is unique for each client IP address and predefined by RS however it defines unique key for each client.
• Result B of 8 bit is given to the bit shuffler and produce different 8 bit result D after predefined bit shuffling.
• 8 bit generated code C is then given to the simple inverter to add complications in the key generation
process and produces inverted 8 bit code E. • Code E is logically ex-ored with code D and produces
output 8 bit code F. • Finally two 8 bit codes E & F are merged together to
form 16 bit code called as secret key.
I)
Fig. 7 Key generation for entity authentication at RS
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
Now sharing and application of these key is described in detail in next section VIII.
VIII. PROCESS OF AUTHENnCA nON
This section elaborates the application of key for each client in the collaborative system. The client of registered organisation seeking an access of remotely located device over a boundary of local network need to send the request to the RS, where first time from clients IP address RS would produce a secret key through above section VII process. The key is passed to the client itself. After receiving the key now client is
allowed for further access of device, for this client has to request RS for the device access. In response RS passes the key to all SDCG connected to it.
Denied the
access
Ke)
encry ption
pass key to
client
client sends
request & key te
SDCG
client
request te
RS
pass key to
SDCG
SDCG
stores the
key
provides
device
access
execution
of process
Fig. 8 Flowchart of authentication process
978-1-4673-1627-9112/$31.00 ©2012 IEEE
Now client would request to the respective SDCG by sending same key to it, if it got matched and verified at SDCG then it permits the device access to the client otherwise denies the access. In this way device access is provided to the only authenticated user
IX. CONCLUSION
For open and dynamic environments, effective security
enhancing mechanisms and architectures are critical for the
control of distributed systems and devices. This paper
addresses the security challenges involved in the collaborative
control of distributed device network under open and dynamic
environments. By combining network security technologies,
software agents, the major security problems of authenticity,
integrity, confidentiality, and execution safety are addressed.
Two new modules, the SA and the SDCJ, are proposed as
primary security supports. The architecture and applied
security mechanisms are presented in detail.
The security constraints for devices access could be modified
by adding complexity to the encryption process of the key and
same could be implemented and verified by working with
different layers of computer network in simulation soft wares
like different versions of ns-2
REFERENCES
[I] Distributed device networks with security constraints by yuefei xu, RonggOng song, Larry Korba, Lihui wang, weiming shen, Sherman Lang, IEEE Explorer
[2] The National Industrial Infonnation Infrastructure Protocols (NIIIP) (2003). [Online]. Available: http://www.niiip.org/public/home.nsf
[3] P. Waurzyniak, "Electronic intelligence in manufacturing," SME Manufact. Eng., vol. 127, no. 3, pp. 44-67, 2001.
[4] CNC Intemetworking, e-Manufacturing Networks Inc.. (2003). [Online]. Available: hltp://www.e-manufacturing.com/products/internetworking.htm
[5] Scanning the Horizon-Hitachi Seiki Introduces Open CNC-PC Network Connectivity, MMS Online. (2003). [Online]. Available: hltp://www.mmsonline.com/artic1es/0699scan2.html
[6] W. Shen, F. Maturana, and D. H. Norrie, "MetaMorph II: An agentbased architecture for distributed intelligent design and manufacturing," J. Intell. Manufact., vol. II, no. 3, pp. 237-251, 2000.
[7] Function Blocks for Industrial-Process Measurement and Control Sys
tems, 2000. IEC TC65JWG6, IEC-TC65JWG6 Committee. [8] R. W. Brennan, X. Zhang, Y. Xu, and D. H. Norrie, "A reconfigurable
concurrent function block model and its implementation in real-time Java," J. Integ. Comput.-Aided Eng., vol. 9, pp. 263-279, 2002.
[9] J. Christensen. (2003) FBDK-The Function Block Development Kit. [Online]. Available: http://www.holobloc.com/fbdk/README.htm
[10] Y. Wei, "Implementation of IEC61499 Distributed Function Block Architecture for Industrial Measurement and Control Systems (IPMCS)," degree thesis, National Univ. Singapore, 2001/2002.
2012 1 st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
978-1-4673-1627-9112/$31.00 ©2012 IEEE