Node*Manager*

The#Node#Manager#(NM)#runs#exclusively#on#WSN#devices,#and#its#goal#is#to#provide#auxiliary# information# regarding# the# operational# status# of# the# node# to# the# other# components# of# the# model.# This# operational# information# may# enable# the# selection# of# the# most# appropriate# endBtoBend# security# mode# in# the# context# or# the# application,# or# the# dynamic# adaptation# of# security# in# the# light# of# the# available# resources.# As# an# example,# as# long# as# an# application# allows#it,#security#may#dynamically#adapt#to#employ#smaller#cryptographic#keys#or#a#different# symmetric#or#asymmetric#algorithm,#in#order#to#save#resources.##

Other#possible#application#of#this#component#is#that#the#Security#Manager#on#a#device#can# use#the#information#provided#by#the#NM#to#inform#the#SM#on#the#WSN#gateway#about#the# availability#of#critical#resources#on#the#WSN#device.#This#knowledge#may#support#the#clean# shutdown# of# sensing# devices# reaching# the# end# of# its# lifetime,# or# the# reconfiguration# of# particular#communication#and#security#mechanisms.#

3.3 E

9

9

*

Contrary#to#the#current#Internet#security#architecture,#in#the#context#of#which#mechanisms# and# protocols# are# usually# designed# for# devices# without# serious# resource# constraints,# mechanisms# appropriate# to# InternetBintegrated# WSN# must# be# carefully# designed# to# cope# with# the# characteristics# and# limitations# of# WSN# devices# and# lowBenergy# wireless# communications.#On#the#other#hand,#such#mechanisms#must#be#able#to#support#appropriate# security# requirements,# as# defined# for# particular# sensing# applications.# Such# aspects# dictate# that#new#research#solutions#must#be#evaluated#with#these#two#aspects#in#mind,#in#order#to# search#for#acceptable#compromises#between#resource#usage#and#appropriate#security.# With# the# previous# aspects# in# mind,# we# approach# the# design# of# a# framework# for# reconfigurable# endBtoBend# security# with# InternetBintegrated# WSN,# which# accompanies# the# design,#evaluation#and#employment#of#new#security#mechanisms#supporting#measurable#and# controllable#endBtoBend#security# in#the#context#of#InternetBintegrated#sensing#applications.## The# framework# illustrated# in# Figure# 3.3# enables# the# static# configuration,# as# well# as# the# dynamic#reconfiguration#of#endBtoBend#security,#as#required#for#applications#with#particular# functional# and# security# requirements.# We# also# consider# that# such# requirements# may# be# described# by# appropriate# application# security# and# functional# profiles.# As# previously# discussed,#the#reconfiguration#of#security#may#also#take#place#upon#particular#events#from# the#SM#and#IDS#components,#as#we#consider#in#our#reference#model#for#endBtoBend#security.#

Figure*3.3*9*A*framework*for*reconfigurable*end9to9end*security*with*Internet9integrated*WSN*

As#Figure#3.3#illustrates,#the#impact#of#endBtoBend#security#may#be#measured#considering#the# functional# requirements# of# sensing# applications# and# the# characteristics# of# the# employed#

Dy na m ic /St at ic +R ec on fig ur at io n Application+security+ Profile En d: to :en d+ Sec ur ity mo de Access+Control+ Information Security+properties+ required Identification+and+ Certification+ information Device+Capabilities Communication+ requirements Lifetime+requirements Application+functional+ Profile Impact+of+ end:to:end+security Supported+lifetime Supported+ communications+rate

wireless# sensing# devices.# In# particular,# applications# are# characterized# by# particular# requirements# in# terms# of# how# communications# are# to# be# supported# and# their# expected# lifetime,#factors#that#directly#influence#the#overall#cost#of#endBtoBend#security.#Applications# can# decide# on# the# security# mode# to# be# employed,# in# a# perBdevice# basis,# and# considering# requirements#predefined#for#the#application#at#hand.##

As#previously#discussed,#application#security#profiles#may#describe#the#requirements#of#the# application#in#terms#of#security#and#securityBrelated#configurations#such#as#the#cryptographic# suites# to# employ# and# the# size# of# cryptographic# keys,# among# others.# Application# functional# profiles#identify#the#type#of#devices#employed#and#its#capabilities,#and#the#communication# and# lifetime# requirements# of# the# application.# We# also# consider# that# the# remaining# information# required# for# particular# endBtoBend# security# mechanisms# must# be# available,# namely# access# control# information# and# publicBkeys# or# certificates# identifying# the# communicating#entities.#

The# research# solutions# described# in# the# following# chapters# of# the# thesis# provide# different# approaches# to# endBtoBend# security# in# the# context# of# InternetBintegrated# WSN.# Such# mechanisms# also# support# complementary# approaches# to# security,# which# may# enable# applications#to#statically#or#dynamically#configure#endBtoBend#security#for#particular#devices,# as# the# framework# in# Figure# 3.3# illustrates.# VeryBconstrained# wireless# sensing# devices# may# employ#mechanisms#with#delegation#of#security#operations#to#more#powerful#devices,#while# more# capable# sensing# devices# may# support# more# functionalities# or# even# full# endBtoBend# security.#

As# previously# discussed,# the# measurement# of# the# impact# of# endBtoBend# security# is# an# important#component#of#the#framework#illustrated#in#Figure#3.3.#In#Figure#3.4#we#illustrate# how#the#effectiveness#and#efficiency#of#the#research#proposals#is#evaluated#experimentally#in# subsequent# chapter# of# the# thesis.# In# this# methodology# we# consider# the# impact# of# the# proposed# mechanisms# both# on# the# lifetime# of# sensing# applications# and# on# the# maximum# achievable# communications# rate,# two# fundamental# requirements# for# the# effectiveness# of# sensing# applications# employing# InternetBintegrated# sensing# devices.# Memory# is# also# an# important#aspect#to#be#considered,#given#the#limited#RAM#and#ROM#memory#available#on# wireless#sensing#platforms.#

As# Figure# 3.4# illustrates,# the# impact# of# security# on# the# (limited)# energy# available# on# WSN# sensing# devices# influences# the# achievable# lifetime# of# the# application.# This# is# a# particularly# important# aspect# to# consider,# given# that# securityBrelated# operations# may# be# particularly# expensive#in#current#sensing#platforms.#Energy#is#required#to#support#authentication#and#key# agreement#in#the#context#of#the#initial#endBtoBend#authentication#phase,#and#also#to#process# security# for# normal# communications# afterwards.# We# must# also# consider# the# impact# of# the# processing#and#transmission#of#information#required#for#the#support#of#security,#for#example# new#security#headers#or#authentication#and#integrity#codes.#Considering#the#communications# rate# of# applications,# we# must# also# consider# the# computational# time# required# to# support#

authentication#and#key#agreement,#and#also#the#delay#introduced#on#communications#by#the# processing#of#security#and#the#transmission#of#securityBrelated#data,#as#in#the#case#of#energy.#

Figure*3.4*–*Methodology*for*the*experimental*evaluation*of*end9to9end*security*

In#conclusion,#the#previously#described#approaches#target#the#identification#and#employment# of# endBtoBend# security# solutions# that# are# controllable# from# the# point# of# view# of# its# requirements# of# resources# on# constrained# WSN# devices,# while# guaranteeing# appropriate# security#for#sensing#applications#employing#InternetBintegrated#WSN.#In#this#context,#in#the# following# chapters# of# the# thesis# we# propose# and# evaluate# research# solutions# to# support# security# with# 6LoWPANBbased# endBtoBend# communications# at# the# network,# transport# and# application#layers.#

3.4 S

*

In#the#present#chapter#we#begin#by#discussing#our#preliminary#research#efforts#in#the#context# of#the#GINSENG# research# project.# As# discussed,# despite#the#absence#of# particular#research# proposals# or# mechanisms,# this# work# provided# the# ground# for# the# design# of# the# reference#

Energy'for'end+to+end' authentication'and' key'agreement Memory' requirements Energy'to'process' end+to+end' authentication Maximum'lifetime'of' applications Energy'for'end+to+end' authentication' communications Energy'for'secure' communications Energy'to'process' security Energy'for' communications'with' security Total'delay'due'to' authentication'and' key'agreement Delay'due'to'the' processing'of' authentication Maximum' communications'rate' of'applications Delay'due'to' authentication' communications Total'delay'due'to' security Delay'due'to'the' processing'of'security Delay'due'to' communications'with' security Functional'and' security'requirements' of'applications Effectiveness'of' end+to+end'security

model#for#endBtoBend#security,#which#we#discuss#later#in#the#chapter.#As#we#have#previously# discussed,# our# research# efforts# later# evolved# to# focus# on# security# for# endBtoBend# communications#with#InternetBintegrated#WSN#and#M2M#environments.#We#have#also#noted# that# our# model# has# considered# from# the# start# the# usage# 6LoWPANBbased# technologies# to# enable#such#endBtoBend#communications.#The#same#applies#to#the#consideration#of#metrics# and#profiles#for#the#evaluation#of#the#impact#of#security.#

We# have# also# presented# the# methodology# considered# in# the# following# chapters# for# the# experimental# evaluation# of# the# various# research# proposals.# Among# other# aspects,# we# consider#the#impact#of#the#proposed#mechanisms#on#the#energy#and#on#the#computational# time# required# from# constrained# sensing# platforms,# two# aspects# that# directly# influence# the# lifetime# of# sensing# applications# and# the# communications# rate# that# such# applications# may# effectively#sustain#over#time.#Other#aspect#we#discuss#is#that#applications#may#dynamically#or# statically#reconfigure#or#select#the#most#appropriate#endBtoBend#security#mode#from#among# a# set# of# available# mechanisms.# This# approach# may# be# useful# in# the# context# of# a# security# architecture# supporting# InternetBintegrated# WSN# and# endBtoBend# security# mechanisms# sideBbyBside# with# other# required# functionalities.# Other# than# functional# or# security# requirements,# applications# may# also# adapt# according# to# external# conditions# or# particular# deployment#characteristics.##