Rainer Falk

Fighting Insomnia: A Secure Wake-Up Scheme for Wireless Sensor Networks

Sleep deprivation attacks are still an unsolved but critical problem in sensor networks. They aim on quickly exhausting energy reserves of battery-powered sensor nodes by continuously sending messages to the node, preventing the attacked node to switch to an energy-saving sleep state. Sleep deprivation attacks come also in the form of sending traffic that causes a sleeping node to wake-up. Sleep deprivation attacks have the potential to lessen the lifetime of typical sensor nodes from years to days or even hours. One important communication standard for sensor networks is IEEE 802.15.4 that defines cryptographic protection of frames. While many attacks like eavesdropping or modification of frames are covered by the available security mechanisms, these mechanisms do not address sleep deprivation attacks. This paper proposes a secure wake-up scheme that activates a sensor node by a secure wake-up radio from a sleep state only if messages from an authenticated and legitimate node are pending. A lightweight security verification scheme is used that can easily be performed without requiring the node to change to active state.

Using SAML to protect the session initiation protocol (SIP)

The security assertion markup language (SAML) standard supports the expression of security assertions such as authentication, role membership, or permissions. SAML assertions may be used to realize single-sign-on between Web servers located in different domains. After a short introduction to SAML, this article describes the application of SAML to protect session initiation protocol (SIP) signaling

Industrial Sensor Network Security Architecture

Wireless sensor-actuator networks have a big usage potential in numerous industrial use cases. They allow easy and flexible deployment of nodes for monitoring and controlling various industrial applications as for example the supervision of critical infrastructures or monitoring and control in factory and process automation. However, missing or weak security of wireless communications would restrain the acceptance of wireless sensor-actuator networks in industrial settings. Security measures are crucial to ensure a reliable operation that is robust to accidental and targeted attacks. This paper describes the security architecture specially crafted for industrial usage environments. It provides mandatory hop-by-hop frame protection as well as authentication, access control, and protection of end-to-end communication. A secure wake-up scheme prevents a certain class of Denial-of-Service attacks, and a secure cooperative MIMO scheme improves communication reliability.

GSABA: a generic service authorization architecture

Bootstrapping refers to the process of creating state (typically security associations, configuration and authorization information) between two or more entities based on a trust relationship between a trusted third party and two or more entities. The term bootstrapping has been recently introduced to denote solutions to configuration problems, such as those present in Mobile IP. This paper describes a novel service authorization and bootstrapping architecture in order to distribute keying material, to perform authorization and to make configuration information available.

Smart Grid Cyber Security – An Overview of Selected Scenarios and Their Security Implications

Information security has gained tremendous importance for energy distribution and energy automation systems over the last years. Cyber security for the Smart Grid is crucial to ensure reliable and continuous operation of the Smart Grid. IT security is a major concern especially for new use cases, comprising the utilization of decentralized energy resources, the control of energy consumption and connected smart metering, as well as electro mobility. All these scenarios extend the energy network with an information and communication infrastructure to realize the envisioned functionality. Nevertheless, bridging both worlds goes along with new security requirements that need further evolvement or development of technical and organizational solutions. Prominent Smart Grid scenarios and their security implications are described. Moreover, the current state of Smart Grid security standardization and regulation is summarized.

Public key based authentication for secure integration of sensor data and RFID

The incorporation of sensor readings into RFID tags creates a significant potential for applications which require environment monitoring as well as asset management and tracking, such as blood storage and management, and on-board aircraft part maintenance. On one hand, the environment history is essential in evaluating health and integrity of objects to be protected, such as blood and aircraft part. On the other hand, the periodic sensing information stored in RFID enables identifying the events of displacing and removal of the objects. However, the benefits of integrating RFID with sensor data are achieved only when the authenticity and integrity of data written to and stored at RFID are ensured. In this paper, we present challenges on secure integration of sensor readings and RFID, and compare security solutions of data integrity and authenticity for resource-constrained RFID tags. For mutual authentication between RFID tags and sensors (or readers), the public key based approaches proves efficient and feasible. We further evaluate different public key based approaches in terms of storage and communication efficiency.

High-Assurance Avionics Multi-Domain RFID Processing System

Distributed processing of RFID information enables new RFID applications where tags, readers and processing systems belong to different administrative domains and where multiple RFDD applications are realized using a common reader and processing infrastructure. A novel distributed RFID processing architecture supporting various future eEnabled airplane applications based on RFID technology is described. In a particularly challenging application environment, RFID readers are installed on-board airplanes and connected dynamically by wireless communication with various ground system at airports and during maintenance. The airplane RFDD reader infrastructure has to be dynamically integrated with different ground systems. The security requirements caused by this temporal integration within different administrative domains and corresponding solution approaches are described.

Network support modeling, architecture, and security considerations for composite reconfigurable environments

Emerging radio access technologies such as wireless personal and metropolitan area networks and digital broadcasting are a new era for wireless communications. These standards aim at complementing existing cellular/Wi-Fi networks in order to offer a wide range of available access modes to mobile terminals. Multiradio wireless systems referred to as composite radio access networks, bear diverse capabilities, with the optimal radio being invoked to perform a specific set of functions. Composite reconfigurable radio networks support the collaboration of a wide range of heterogeneous radio access technologies under a single or multiple administrative boundaries, adding further intelligence to the way devices attach to and switch between networks spatially and temporally. The EU End-to-End Reconfigurability (E2R) research project envisages composite reconfigurable radio networks coupled with legacy as well as evolved core network architectures, yielding simpler and flexible configurations for reduced latencies, autonomic operation, and adaptive functionality. This article presents a cohesive model for controlling and managing such networks, elaborates on the constituent functional entities, and maps this model to two-tier network support architecture. Finally, key security issues for software download over reconfigurable radios and systems are identified and solutions for software certification and authorization as well as for the authentication of roaming terminals are proposed.

Smart Grid Information Exchange – Securing the Smart Grid from the Ground

The Smart Grid is based on information exchange between various stakeholders using open communication technologies to control the physical electric grid through the information grid. Protection against cyber attacks is essential to ensure a reliable operation of the Smart Grid. This challenge is addressed by various regulatory, standardization, and research activities. After giving an overview of the security demand of a Smart Grid, existing and appearing standardization activities are described. Moreover, an overview is given about potential roles in Smart Grid environments, which have been analyzed in the context of an EIT ICT Labs questionnaire.

Protecting Reconfiguration in Future Mobile Communication Systems

Reconfiguration will only be accepted and hence become a success in the market if the security requirements of all stakeholders are satisfied adequately. Secure reconfiguration involves device protection, secure software download to defend against potentially malicious software, and secure reconfiguration signalling to prevent manipulation of the reconfiguration process