Abstract
Nowadays, networked embedded systems (NESs) are required to be reconfigurable in order to be customizable to different operating environments and/or adaptable to changes in operating environment. However, reconfigurability acts against security as it introduces new sources of vulnerability. In this paper, we propose a security architecture that integrates, enriches and extends a component-based middleware layer with abstractions and mechanisms for secure reconfiguration and secure communication. The architecture provides a secure communication service that enforces application-specific fine-grained security policy. Furthermore, in order to support secure reconfiguration at the middleware level, the architecture provides a basic mechanism for authenticated downloading from a remote source. Finally, the architecture provides a rekeying service that performs key distribution and revocation. The architecture provides the services as a collection of middleware components that an application developer can instantiate according to the application requirements and constraints. The security architecture extends the middleware by exploiting the decoupling and encapsulation capabilities provided by components. It follows that the architecture results itself reconfigurable and can span heterogeneous devices. The security architecture has been implemented for different platforms including low-end, resource-poor ones such as Tmote Sky sensor devices.
Similar content being viewed by others
References
Tarek F. Abdelzaher, Brian M. Blum, Q. Cao, Y. Chen, D. Evans, J. George, S. George, L. Gu, Tian He, S. Krishnamurthy, L. Luo, Sang Hyuk Son, Jack Stankovic, R. Stoleru, and Anthony D. Wood, Envirotrack: Towards an environmental computing paradigm for distributed sensor networks. In Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS’04), pp. 582–589, Tokyo, Japan, 23–26 March 2004.
I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor networks: a survey. Computer Networks, Vol. 38, No. 4, pp. 293–422, 2002.
K. H. Årzén, A. Bicchi, G. Dini, S. Hailes, K. H. Johansson, J. Lygeros, and A. Tzes, A component-based approach to the design of networked control systems, European Journal of Control, Vol. 13, pp. 261–279, 2007.
G. Baliga and P. Kumar, A middleware for control over networks. In Proceedings of the 44th IEEE Conference on Decision and Control, 2005.
H. Chan and Adrian Perrig. Security and privacy in sensor networks, IEEE Computer, Vol. 36, No. 10, pp. 103–105, 2003.
Haowen Chan, V. D. Gligor, A. Perrig, and G. Muralidharan, On the distribution and revocation of cryptographic keys in sensor networks, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 3, pp. 233–247, 2005.
Chipcon AS, CC2420–2.4GHz IEEE 802.15.4/ZigBee-ready RF Transceiver, http://www.chipcon.com
Paolo Costa, Geoff Coulson, Cecilia Mascolo, Luca Mottola, Gian Pietro Picco, and Stefanos Zachariadis, Reconfigurable component-based middleware for networked embedded systems, International Journal on Wireless Information Systems, Vol. 14, No. 2, pp. 149–162, 2007.
Paolo Costa, Geoff Coulson, Cecilia Mascolo, Gian Pietro Picco, and Stefanos Zachariadis, The RUNES middleware: a reconfigurable component-based approach to networked embedded systems. In Proceedings of the 16th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’05), Vol. 2, pp. 806–810, Berlin, Germany, 11–14 September, 2005.
G. Dini and I. M. Savino, S2rp: a secure and scalable rekeying protocol for wireless sensor networks. Proceedings of the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS’06), pp. 457–466, 9–12 October 2006.
A. Dunkels, B. Gronvall, and T. Voigt, Contiki – a lightweight and flexible operating system for tiny networked sensors. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN’04), pp. 455–462, Washington, DC, USA, 16–18 November 2004.
Adams Dunkels, Björn Grönvall, and Thiemo Voigt, Contiki—a lightweight and flexible operating system for tiny networked sensors. In 29th Annual IEEE International Conference on Local Computer Networks (LCN’04), pp. 455–462, Tampa, FL, USA, 16–18 November 2004.
P. K. Dutta, J. W. Hui, D. C. Chu, and D. E. Culler, Securing the deluge network programming system. In Proceedings of the 5th International Conference on Information Processing in Sensor Networks, pp. 326–333. ACM, 2006.
Laurent Eschenauer and Virgil D. Gligor, A key-management scheme for distributed sensor networks. In CCS ’02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 41–47, New York, NY, USA. ACM, 2002.
Chien-Liang Fok, Gruia-Catalin Roman, and Chenyang Lu, Agilla: a mobile agent middleware for self-adaptive wireless sensor networks. ACM Transactions on Autonomous and Adaptive Systems, Vol. 4, No. 3, 2009.
S. Graham and P. Kumar, editors. In Proceedings of PWC 2003: Personal Wireless Communication, Vol. 2775 of Lecture Notes in Computer Science, pp. 458–475, Chapter Convergence of Control, Communication, and Computation. Springer, Berlin, 2003.
J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. E. Culler, and K. Pister, System Architecture Directions for Networked Sensors. In Proceedings of the 9th Symposium on Architectural Support to Programming Languages and Operating Systems (ASPLOS’00), pp. 93–104, Cambridge, MA, USA, November, 2000.
J. W. Hui and D. Culler, The dynamic behavior of a data dissemination protocol for network programming at scale. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys’04), pp. 81–94, Baltimore, MD, USA, 03–05 November 2004.
Chris Karlof, Naveen Sastry, and David Wagner. Tinysec: a link layer security architecture for wireless sensor networks. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys’04), pp. 162–175, Baltimore, MD, USA, 3–5 November 2004.
Philip Koopman, Embedded system security, IEEE Computer, Vol. 37, No. 7, pp. 95–97, 2004.
Lamport, L., Password authentication with insecure communication, Communications of the ACM, Vol. 24, No. 11, pp. 770–772, 1981.
LAN/MAN Standards Committee of the IEEE Computer Society, IEEE Standard for Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements – Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low Rate Wireless Personal Area Networks (LR-WPANs), September 2006, revision of 2006.
P. Levis and D. E. Culler, Matè: a Tiny Virtual Machine for Sensor Networks. In Proceedings of the 10th ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), pp. 85–95, San Jose, CA, 5–9 October 2002.
P. Levis, S. Madden, D. Gay, J. Polastre, R. Szewczyk, A. Woo, E. Brewer, and D. Culler, The emergence of networking abstractions and techniques in Tiny OS. In Proceedings of the 1st Symposium on Networked System Design and Implementation (NSDI’04), pp. 1–14, San Francisco, CA, USA, 2004.
Donggang Liu and Peng Ning, Multilevel μtesla: broadcast authentication for distributed sensor networks, ACM Transaction on Embedded Computing Systems, Vol. 3, No. 4, pp. 800–836, 2004.
Ting Liu and Margaret Martonosi, Impala: a middleware system for managing autonomic, parallel sensor systems. In Proceedings of the Ninth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP’03), San Diego, CA, USA, 11–13 June 2003.
Samuel R. Madden, Michael J. Franklin, Joseph M. Hellerstein, and Wei Hong, TinyDB: an acquisitional query processing system for sensor networks, ACM Transactions on Database Systems, Vol. 30, No. 1, pp. 122–173, 2005.
David J. Malan, Matt Welsh, and Michael D. Smith, Implementing public-key infrastructure for sensor networks, ACM Transactions on Sensor Networks, Vol. 4, No. 4, pp. 1–23, 2008.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, Boca Raton, 1996.
Mohammad M. Molla and Sheikh Iqbal Ahamed, A survey of middleware for sensor network and challenges. In Proccedings of 2006 International Conference on Parallel Processing—Workshops, pp. 228–233, Columbus, OH, 14–18 August 2006.
Moteiv. Tmote Sky, http://www.moteiv.com.
National Institute of Standards and Technology, FIPS PUB 180-1: Secure Hash Standard. National Institute for Standards and Technology, Gaithersburg, MD, USA, April 1995.
National Institute of Standards and Technology (NIST), SKIPJACK and KEA Algorithm Specifications, 1998.
Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and Doug J. Tygar, SPINS: security protocols for sensor networks. In Proceedings of the Seventh Annual International Conference on Mobile Computing and Networks, pp. 189–199, Rome, Italy, 16–21 July 2001.
Adrian Perrig, John Stankovic, and David Wagner, Security in wireless sensor networks, Communications of the ACM, Vol. 47, No. 6, pp. 53–57, 2004.
Neeli R. Prasad and Mahbubul Alam, Security framework for wireless sensor networks, Wireless Personal Communications, Vol. 37, No. 3–4, pp. 455—469, 2006.
S. Ravi, A. Raghunathan, and S. T. Chakradhar, Tamper resistance mechanisms for secure, embedded systems. In VLSI Design, 605 pp. IEEE Computer Society, Washington, DC, USA, 2004.
S. Ravi, A. Raghunathan, P.C. Kocher, and Hattangady S. Security in embedded systems: design challenges, ACM Transactions on Embedded Computing Systems, Vol. 3, No. 3, pp. 461–491, 2004.
R. L. Rivest, The RC5 encryption algorithm. In B. Preenel, editor, Proceedings of the 2nd International Workshop on Fast Software Encryption, Vol. LNCS 1008, pp. 86–96, Leuven, Belgium. Springer, Berlin, 14–16 December 1994.
Kay Römer, Oliver Kasten, and Friedemann Mattern, Middleware challenges for wireless sensor networks. Mobile Computing and Communications Review, Vol. 6, No. 4, pp. 59–61, 2002.
RUNES Consortium. Reconfigurable Ubiquitous Networked Embedded Systems (RUNES), European Commission, 6th Framework Programme, contract number IST-004536, http://www.ist-runes.org
Stefan Schmidt, Holger Krahn, Stefan Fischer, and Dietmar Watjen, A security architecture for mobile wireless sensor networks. In Proceedings of the European Workshop on Security in Ad-hoc and Sensor Networks (ESAS’04), pp. 166–177, Lecture Notes in Computer Science No. 3313, Heidelberg, Germany, 6 August 2004. Springer, Berlin, 2005.
Hannu Sikkilä, Mikael Soini, Petri Oksa, Lauri Sydänheimo, and Markku Kivikoski, Kilavi wireless communication protocol for the building environment-security issues. In Proceedings of the IEEE Tenth International Symposium on Consumer Electronics (ISCE’06), pp. 1–6, St. Petersburg, Russia, 28 June–01 July 2006.
B. Sinopoli, C. Sharp, Schenato L., S. Schaffert, and S. Sastry, Distributed control applications within sensor networks, Proceedings of the IEEE, Vol. 91, No. 8, pp. 1235–1246, 2003.
Michael N. K. Soini, Jana Van Greunen, Jan M. Rabaey, and Lauri T. Sydänheimo, Beyond sensor networks: Zuma middleware. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC 2007), pp. 4318–4323, Hong Kong, 2007.
Eduardo Souto, Germano Guimarães, Glauco Vasconcelos, Mardoqueu Vieira, Nelson S. Rosa, Carlos André Guimarães Ferraz, Eduardo Souto Judith Kelner, Germano Guimarães, Glauco Vasconcelos, Mardoqueu Vieira, Nelson S. Rosa, Carlos André Guimarães Ferraz, and Judith Kelner, Mires: a publish/subscribe middleware for sensor networks, Personal and Ubiquitous Computing, Vol. 10, No. 1, pp. 37–44, 2006.
Miaomiao Wang, Jiannong Cao, Jing Li, and Sajal K. Das, Middleware for wireless sensor networks: a survey, Journal of Computer Science and Technology, Vol. 23, No. 3, pp. 305–326, 2008.
Yang Yu, Bhaskar Krishnamachari, and Viktor K. Prasanna, Issues in designing middleware for wireless sensor networks, IEEE Network, Vol. 18, No. 1, pp. 15–21, 2004.
Sencun Zhu, Sanjeev Setia, and Sushil Jajodia, Leap+: efficient security mechanisms for large-scale distributed sensor networks, ACM Transactions on Sensor Networks, Vol. 2, No. 4, pp. 500–528, 2006.
Zigbee alliance website, http://www.zigbee.org/en/index.asp.
Acknowledgements
This work has been partially supported by CHAT, “Control of Heterogeneous Automation Systems: Technologies for scalability, reconfigurability and security,” funded by the European Commission under FP7 with contract number INFSO-ICT-224428; CONET, the Cooperating Objects Network of Excellence funded by the European Commission under FP7 with contract number FP7-2007-2-224053; and by Cassa di Risparmio di Pisa, Lucca e Livorno.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dini, G., Savino, I.M. A Security Architecture for Reconfigurable Networked Embedded Systems. Int J Wireless Inf Networks 17, 11–25 (2010). https://doi.org/10.1007/s10776-010-0116-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10776-010-0116-y