Securing instrumented environments over content-centric networking: the case of lighting control and NDN

Instrumented environments, such as modern building automation systems (BAS), are becoming commonplace and are increasingly interconnected with (and sometimes by) enterprise networks and the Internet. Regardless of the underlying communication platform, secure control of devices in such environments is a challenging task. The current trend is to move from proprietary communication media and protocols to IP over Ethernet. While the move towards IP represents progress, new and different Internet architectures might be better-suited for instrumented environments. In this paper, we consider security of instrumented environments in the context of Content-Centric Networking (CCN). In particular, we focus on building automation over Named-Data Networking (NDN), a prominent instance of CCN. After identifying security requirements in a specific BAS sub-domain (lighting control), we construct a concrete NDN-based security architecture, analyze its properties and report on preliminary implementation and experimental results. We believe that this work represents a useful exercise in assessing the utility of NDN in securing a communication paradigm well outside of its claimed forte of content distribution. At the same time, we provide a viable (secure and efficient) communication platform for a class of instrumented environments exemplified by lighting control.

[1]  A. Treytl,et al.  Security measures for industrial fieldbus systems - state of the art and solutions for IP-based approaches , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[2]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[3]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[4]  Atsushi Inoue,et al.  Security architecture for control networks using IPsec and KINK , 2005, The 2005 Symposium on Applications and the Internet.

[5]  Gene Tsudik,et al.  Server-Supported Signatures , 1996, ESORICS.

[6]  Christian Schwaiger,et al.  Smart card based security for fieldbus systems , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[7]  Markus Jakobsson,et al.  Efficient Constructions for One-Way Hash Chains , 2005, ACNS.

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Van Jacobson,et al.  A new approach to securing audio conference tools , 2011, AINTEC '11.

[10]  Gene Tsudik,et al.  Experimenting with Server-Aided Signatures , 2002, NDSS.

[11]  Giovanni Cutuli,et al.  Implementing encryption and authentication in KNX using Diffie-Hellman and AES algorithms , 2009, 2009 35th Annual Conference of IEEE Industrial Electronics.

[12]  S. Newton Art-Net and Wireless Routers , 2005, 2005 Asia-Pacific Conference on Communications.

[13]  Peng Ning,et al.  Hash-Based Sequential Aggregate and Forward Secure Signature for Unattended Wireless Sensor Networks , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.

[14]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[15]  David G. Holmberg,et al.  BACnet wide area network security threat assessment , 2011 .

[16]  Wolfgang Granzer,et al.  Security Analysis of Open Building Automation Systems , 2010, SAFECOMP.

[17]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[18]  W. Granzer,et al.  Security in networked building automation systems , 2006, 2006 IEEE International Workshop on Factory Communication Systems.

[19]  Wei Jiang,et al.  Analysis and prospect of control system for stage lighting , 2010, 2010 3rd International Congress on Image and Signal Processing.

[20]  J. Burke,et al.  Authenticated Lighting Control Using Named Data Networking , 2012 .

[21]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM '07.

[22]  Diana K. Smetters,et al.  VoCCN: voice-over content-centric networks , 2009, ReArch '09.

[23]  Yacine Challal,et al.  Efficient multicast source authentication using layered hash-chaining scheme , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[24]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.