Embed Size (px)
Citation preview
Architecting Secure Architecting Secure Mobile P2P SystemsMobile P2P Systems
James WalkerdineJames Walkerdine, Peter Phillips, , Peter Phillips,
Simon LockSimon Lock
Lancaster UniversityLancaster University
OverviewOverview Mobility, P2P and SecurityMobility, P2P and Security
ChallengesChallenges
Overview of the PEPERS projectOverview of the PEPERS project
The PEPERS Development MethodologyThe PEPERS Development Methodology Architectural supportArchitectural support Tool support (video)Tool support (video)
EvaluationEvaluation
MotivationMotivation Advances in wireless networking and mobile Advances in wireless networking and mobile
technology now make mobile P2P feasibletechnology now make mobile P2P feasible
Mobile P2P can support organisations that have:Mobile P2P can support organisations that have: Decentralised management styleDecentralised management style Geographically dispersed or highly mobile workforcesGeographically dispersed or highly mobile workforces Wide range of computing and communication devicesWide range of computing and communication devices
The ad-hoc and heterogeneous nature poses The ad-hoc and heterogeneous nature poses significant design challenges – especially with significant design challenges – especially with regards to security regards to security
Mobile P2P and SecurityMobile P2P and Security Connecting trusted and non-trusted devices Connecting trusted and non-trusted devices
requires:requires: Secure communication and storage (via Secure communication and storage (via
encryption)encryption) Robust authenticationRobust authentication
Difficult to achieve in decentralised and Difficult to achieve in decentralised and highly dynamic environmentshighly dynamic environments
Adapting traditionally centralised company Adapting traditionally centralised company security policiessecurity policies Consider distributed, mobile and intermittently Consider distributed, mobile and intermittently
connected platformsconnected platforms
PEPERSPEPERS Mobile Peer-to-Peer Security Mobile Peer-to-Peer Security
Infrastructure (EU project)Infrastructure (EU project) Develop an infrastructure to support the Develop an infrastructure to support the
design, development and operational design, development and operational deployment of secure mobile P2P applicationsdeployment of secure mobile P2P applications
Jan 06 – Jun 08Jan 06 – Jun 08
PartnersPartners UK: Lancaster and City Universities, SymbianUK: Lancaster and City Universities, Symbian Greece: ATC, G4S, PhililetherosGreece: ATC, G4S, Phililetheros Italy: EngineeringItaly: Engineering
PEPERS DevelopmentsPEPERS Developments
Development Framework Runtime Framework
Design
and
Architecture
Framework
(DAF)
Static
Verification
Framework
(SVF)
Execution
Framework
(EF)
Dynamic
Verification
Framework
(DVF)
Development Platform Runtime Platform
DevelopmentMethodology
P2P ApplicationReference
Architectures
Tool Support
User Partner ScenariosUser Partner Scenarios
PhileleftherosPhileleftheros Use mobile devices to support Use mobile devices to support
communication between journalists, communication between journalists, photographers, etc, in the fieldphotographers, etc, in the field
Support the process of publication Support the process of publication creationcreation
G4SG4S Use mobile devices to support guard Use mobile devices to support guard
patrols on clients site (e.g. door codes), etcpatrols on clients site (e.g. door codes), etc Communication with HQCommunication with HQ
PEPERS PEPERS Development Development MethodologyMethodology
(PDM)(PDM)
OverviewOverview A Methodology and Support ToolA Methodology and Support Tool
Supports developers in building Supports developers in building secure mobile P2P applicationssecure mobile P2P applications
Stems from our previous workStems from our previous work BANKSEC - Secure Component based BANKSEC - Secure Component based
developmentdevelopment P2P ARCHITECT - Architecting P2P ARCHITECT - Architecting
Dependable P2P SystemsDependable P2P Systems
Secure Mobile P2P Secure Mobile P2P Development Development
ConsiderationsConsiderations Make security central to the designMake security central to the design
Development perspectiveDevelopment perspective Organisational perspectiveOrganisational perspective
Consider requirements and constraints on Consider requirements and constraints on security cause by:security cause by: MobilityMobility Network and CommunicationNetwork and Communication P2P TechnologyP2P Technology
Be architecturally drivenBe architecturally driven
Key types of P2P Key types of P2P TopologyTopology
Structured indirectcommunication
ring server/superpeermodel
Example SystemsAzureus Bit Torrent
Direct Connect (although not all servers communicate)
Unstructured indirectcommunication
server/superpeermodel
Example SystemsGnutella (v0.6), Kazaa
DirectCommunication
Example SystemsARPANet
Un-structured indirectcommunication
Example SystemsGnutella (v0.4), FreeNet
Structured indirectcommunication
Example SystemsPastry, Chord
Decentralised
Single centralisedindex server
Example SystemsNapster, OpenNap
Computational model(no autonomy)
Example SystemsSETI@home
Semi-Centralised
Hybrids (examples)
Unstructured indirectcommunication overlaid
over a structured indirectcommunication architecture
Example SystemsStructella
Topology support for Topology support for SecuritySecurity
MediumHighHighMediumMediumMediumMediumMediumHighMediumunstructured indirect communication overlaid over a structured indirect communication model
HighHighMediumHighHighHighHighHighMediumHighunstructured indirect communication server/super peer
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
PotentiallyHigh
Potentially High
Potentially High
Hybrid topologies(general)
HighMediumMediumHighHighHighHighHighLowHighSemi-Centralised
LowLowHighLowLowLowMediumLowHighLowDecentralisedUn-structured Direct Communication
MediumHighHighMediumMediumMediumMediumLowMediumMediumDecentralisedStructured Indirect Communication
HighHighLowHighLowMediumHighHighHighMediumDecentralisedDirect Communication
TrustRecoveryPrivacyPeer / User Management
MonitoringLoggingEncryptionAuthentication / Authorisation
Attack Resistance
Attack Detection
Development Development MethodologyMethodology
5 stage method5 stage method Spiral – developers do not need follow fixed Spiral – developers do not need follow fixed
phasesphases Iterative – stages can be revisited (e.g. when Iterative – stages can be revisited (e.g. when
new requirements are discovered, etc)new requirements are discovered, etc) Flexible – can accommodate different software Flexible – can accommodate different software
engineering techniques (components, etc)engineering techniques (components, etc)
Each stage contains activities geared Each stage contains activities geared specifically for supporting secure mobile specifically for supporting secure mobile P2P application developmentP2P application development
Requirements Elicitation
Propose System Architecture
Start
Propose Sub-System Design
System Implementation
Verification and Validation
Each stage tailoredto consider P2P,Security and Mobile aspects
Support ToolSupport Tool Web basedWeb based
Knowledge base of analysis and reference architecturesKnowledge base of analysis and reference architectures
Support for identifying, specifying and managing Support for identifying, specifying and managing requirementsrequirements
Support for P2P topology selectionSupport for P2P topology selection
Support for the identification of key secure mobile P2P Support for the identification of key secure mobile P2P application functionalityapplication functionality
Support for Secure Mobile P2P Application Reference Support for Secure Mobile P2P Application Reference Architecture selectionArchitecture selection
Support for Sub-system identification and initial Support for Sub-system identification and initial descriptiondescription
Support for general managerial and trace ability activities. Support for general managerial and trace ability activities.
G4S Case StudyG4S Case Study
Allow guards and mobile patrols to Allow guards and mobile patrols to transmit/receive sensitive datatransmit/receive sensitive data With one anotherWith one another With the ARCWith the ARC
Often ad-hoc exceptional situationsOften ad-hoc exceptional situations Emergencies guards are responding tooEmergencies guards are responding too Change in guard roles (team leader, etc)Change in guard roles (team leader, etc) Access privileges can changeAccess privileges can change
Requirements Elicitation
Propose System Architecture
Start
Propose Sub-System Design
System Implementation
Verification and Validation
Propose System Propose System ArchitectureArchitecture
Key ActivitiesKey Activities Select P2P suitable topologiesSelect P2P suitable topologies Derive system functional capabilitiesDerive system functional capabilities Select mobile P2P application reference Select mobile P2P application reference
architecturesarchitectures Establish architectural modelEstablish architectural model Describe sub-systemsDescribe sub-systems Initial PEPERS runtime platform considerationInitial PEPERS runtime platform consideration Where possible, allocate requirements to sub-Where possible, allocate requirements to sub-
systemssystems Evaluate architectureEvaluate architecture
Application Reference Application Reference ArchitecturesArchitectures
Developed within PEPERSDeveloped within PEPERS Key P2P application domains (IM, shared workspace, Key P2P application domains (IM, shared workspace,
DL,…)DL,…) Decentralised and semi-centralised versionsDecentralised and semi-centralised versions
Provide guidance on the functionality and Provide guidance on the functionality and structure that would be required for particular structure that would be required for particular types of applicationtypes of application
Identified capabilitiesIdentified capabilities Represent abstract system functionalityRepresent abstract system functionality Capabilities of individual layers and whole Capabilities of individual layers and whole
architecturesarchitectures
Shared Workspace Shared Workspace ApplicationApplication
Reference ArchitectureReference Architecture
Application/GUI
Real-time ConnectionMonitor/Synchronisation
Distributed Authentication/Authorisation
Awareness Monitor
DecentralisedP2P
Communication
Encryption
Distributed Logging
P2P Network Layer
KnownPeer
RepositoryDistributedLog Storage
Workspace Management
LocalData
Case StudyCase Study Designers began to investigate the suitability of the different P2P Designers began to investigate the suitability of the different P2P
topologies and reference architecturestopologies and reference architectures
Semi-centralised topology chosenSemi-centralised topology chosen Fitted in with their current systemsFitted in with their current systems
Distributed Repository, Shared Workspace reference Distributed Repository, Shared Workspace reference architectures chosenarchitectures chosen
Sub-systems identified, high level architecture createdSub-systems identified, high level architecture created Drawing upon reference architectures – though not all sub-systems Drawing upon reference architectures – though not all sub-systems
usedused
Identifed suitable PEPERS runtime platform modules that can be Identifed suitable PEPERS runtime platform modules that can be usedused
Tool VideoTool Video
NetworkNative
ApplicationsCamera
Device - Symbian OS
Database
User Interface
MultimediaManagement
P2PCommunication
Authentication/Authorisation
Encryption
ApplicationServer
Application
EvaluationEvaluation Two evaluations performedTwo evaluations performed
External (mobile phone software companies, developers, etc)External (mobile phone software companies, developers, etc) Internal (PEPERS partners)Internal (PEPERS partners)
Good starting point for building secure mobile P2P Good starting point for building secure mobile P2P applicationsapplications
ImprovementsImprovements More thorough security and mobility analysisMore thorough security and mobility analysis
Threat analysis, weightings for security propertiesThreat analysis, weightings for security properties Degree of mobilityDegree of mobility
Encourage the consideration of technologiesEncourage the consideration of technologies Support other non-functional properties (reliability, scalability, etc)Support other non-functional properties (reliability, scalability, etc) Rationale behind tool recommendationsRationale behind tool recommendations Better integration with 3Better integration with 3rdrd party tools party tools
SummarySummary Mobile P2P systems are now a feasible possibilityMobile P2P systems are now a feasible possibility
Introduces new challenges in terms of mobility and securityIntroduces new challenges in terms of mobility and security
Presented the PDM and supporting toolPresented the PDM and supporting tool Method to support the development of secure mobile P2P Method to support the development of secure mobile P2P
systemssystems Focused on the architectural support the PDM providesFocused on the architectural support the PDM provides
Evaluation has shown benefits, but still areas of Evaluation has shown benefits, but still areas of improvementimprovement
Tool and further information can be found at Tool and further information can be found at www.pepers.orgwww.pepers.org
