Osiguravanje međuoperabilnosti za Internet stvari: iskustvo s testiranjem CoAP protokola

Constrained Application Protocol (CoAP) is a specialized web transfer protocol, designed for realizing interoperation with constrained networks and nodes for machine to machine applications like smart energy, building automation, etc. As an important ubiquitous application protocol for the future Internet of Things, CoAP will be potentially implemented by a wide range of smart devices to achieve cooperative services. Therefore, a high level of interoperability of CoAP implementations is crucial. In this context, CoAP Plugtest – the first formal CoAP interoperability testing event was held in Paris, March 2012 to motivate vendors to verify the interoperability of their equipments. The event turned to be successful due to our contribution, including the test method and tool. This paper presents the testing method and procedure for the CoAP Plugtest event. To carry out the tests, a set of test objectives concerning the most important properties of CoAP have been selected and used to measure the interoperability of CoAP implementations. The process of verification has been automated by implementing a test validation tool based on the technique of passive testing. By using the test tool, a number of devices were successfully tested.Constrained Application Protocol (CoAP) je specijalizirani prijenosni protokol, dizajniran za realizaciju međuoperabilnosti uz ograničene mrežame i čvorove za primjene poput pametne energije, automatizacije u zgradarstvu itd. Kao važan i sveprisutan protokol za Internet stvari CoAP bi mogao biti implementiran kod velikog broja pametnih uređaja kako bi se ostvarile kooperativne usluge. Zbog toga je od velike važnosti postic´i visoku razinu međuoperabilnosti CoAP implementacija. U tom kontekstu, CoAP Pluqtest - prvo formalno testiranje CoAP međuoperabilnosti je održano u Parizu u ožujku 2012. kako bi se motivirali prodavači da provjere međuoperabilnost svoje opreme. Testiranje je bilo uspješno zahvaljujući našem doprinosu koji uključuje metodu i alate za testiranje. U ovom radu prikazana je metoda i procedura testiranja za CoAP Pluqtest. Kako bi se proveli testovi odabran je skup ciljeva koji se odnose na najvažnija svojstva CoAP protokola i oni su korišteni za mjerenje međuoperabilnosti CoAP implementacija. Proces verifikacije je automatiziran implementacijom alata za provjeru testa koji se temelji na tehnici pasivnog testiranja. Korištenjem alata za testiranje uspješno su testirani brojni uređaji

Applications of Context-Aware Systems in Enterprise Environments

In bring-your-own-device (BYOD) and corporate-owned, personally enabled (COPE) scenarios, employees’ devices store both enterprise and personal data, and have the ability to remotely access a secure enterprise network. While mobile devices enable users to access such resources in a pervasive manner, it also increases the risk of breaches for sensitive enterprise data as users may access the resources under insecure circumstances. That is, access authorizations may depend on the context in which the resources are accessed. In both scenarios, it is vital that the security of accessible enterprise content is preserved. In this work, we explore the use of contextual information to influence access control decisions within context-aware systems to ensure the security of sensitive enterprise data. We propose several context-aware systems that rely on a system of sensors in order to automatically adapt access to resources based on the security of users’ contexts. We investigate various types of mobile devices with varying embedded sensors, and leverage these technologies to extract contextual information from the environment. As a direct consequence, the technologies utilized determine the types of contextual access control policies that the context-aware systems are able to support and enforce. Specifically, the work proposes the use of devices pervaded in enterprise environments such as smartphones or WiFi access points to authenticate user positional information within indoor environments as well as user identities

Wide-Area Situation Awareness based on a Secure Interconnection between Cyber-Physical Control Systems

Posteriormente, examinamos e identificamos los requisitos especiales que limitan el diseño y la operación de una arquitectura de interoperabilidad segura para los SSC (particularmente los SCCF) del smart grid. Nos enfocamos en modelar requisitos no funcionales que dan forma a esta infraestructura, siguiendo la metodología NFR para extraer requisitos esenciales, técnicas para la satisfacción de los requisitos y métricas para nuestro modelo arquitectural. Estudiamos los servicios necesarios para la interoperabilidad segura de los SSC del SG revisando en profundidad los mecanismos de seguridad, desde los servicios básicos hasta los procedimientos avanzados capaces de hacer frente a las amenazas sofisticadas contra los sistemas de control, como son los sistemas de detección, protección y respuesta ante intrusiones. Nuestro análisis se divide en diferentes áreas: prevención, consciencia y reacción, y restauración; las cuales general un modelo de seguridad robusto para la protección de los sistemas críticos. Proporcionamos el diseño para un modelo arquitectural para la interoperabilidad segura y la interconexión de los SCCF del smart grid. Este escenario contempla la interconectividad de una federación de proveedores de energía del SG, que interactúan a través de la plataforma de interoperabilidad segura para gestionar y controlar sus infraestructuras de forma cooperativa. La plataforma tiene en cuenta las características inherentes y los nuevos servicios y tecnologías que acompañan al movimiento de la Industria 4.0. Por último, presentamos una prueba de concepto de nuestro modelo arquitectural, el cual ayuda a validar el diseño propuesto a través de experimentaciones. Creamos un conjunto de casos de validación que prueban algunas de las funcionalidades principales ofrecidas por la arquitectura diseñada para la interoperabilidad segura, proporcionando información sobre su rendimiento y capacidades.Las infraestructuras críticas (IICC) modernas son vastos sistemas altamente complejos, que precisan del uso de las tecnologías de la información para gestionar, controlar y monitorizar el funcionamiento de estas infraestructuras. Debido a sus funciones esenciales, la protección y seguridad de las infraestructuras críticas y, por tanto, de sus sistemas de control, se ha convertido en una tarea prioritaria para las diversas instituciones gubernamentales y académicas a nivel mundial. La interoperabilidad de las IICC, en especial de sus sistemas de control (SSC), se convierte en una característica clave para que estos sistemas sean capaces de coordinarse y realizar tareas de control y seguridad de forma cooperativa. El objetivo de esta tesis se centra, por tanto, en proporcionar herramientas para la interoperabilidad segura de los diferentes SSC, especialmente los sistemas de control ciber-físicos (SCCF), de forma que se potencie la intercomunicación y coordinación entre ellos para crear un entorno en el que las diversas infraestructuras puedan realizar tareas de control y seguridad cooperativas, creando una plataforma de interoperabilidad segura capaz de dar servicio a diversas IICC, en un entorno de consciencia situacional (del inglés situational awareness) de alto espectro o área (wide-area). Para ello, en primer lugar, revisamos las amenazas de carácter más sofisticado que amenazan la operación de los sistemas críticos, particularmente enfocándonos en los ciberataques camuflados (del inglés stealth) que amenazan los sistemas de control de infraestructuras críticas como el smart grid. Enfocamos nuestra investigación al análisis y comprensión de este nuevo tipo de ataques que aparece contra los sistemas críticos, y a las posibles contramedidas y herramientas para mitigar los efectos de estos ataques

Privacy in Mobile Agent Systems: Untraceability

Agent based Internet environments are an interesting alternative to existing approaches of building software systems. The enabling feature of agents is that they allow software development based on the abstraction (a "metaphor") of elements of the real world. In other words, they allow building software systems, which work as human societies, in which members share products and services, cooperate or compete with each other. Organisational, behavioural and functional models etc applied into the systems can be copied from the real world. The growing interest in agent technologies in the European Union was expressed through the foundation of the Coordination Action for Agent-Based Computing, funded under the European Commission's Sixth Framework Programme (FP6). The action, called AgentLink III is run by the Information Society Technologies (IST) programme. The long-term goal of AgentLink is to put Europe at the leading edge of international competitiveness in this increasingly important area. According to AgentLink "Roadmap for Agent Based Computing"; agent-based systems are perceived as "one of the most vibrant and important areas of research and development to have emerged in information technology in recent years, underpinning many aspects of broader information society technologies"; However, with the emergence of the new paradigm, came also new challenges. One of them is that agent environments, especially those which allow for mobility of agents, are much more difficult to protect from intruders than conventional systems. Agent environments still lack sufficient and effective solutions to assure their security. The problem which till now has not been addressed sufficiently in agent-based systems is privacy, and particularly the anonymity of agent users. Although anonymity was studied extensively for traditional message-based communication for which during the past twenty five years various techniques have been proposed, for agent systems this problem has never been directly addressed. The research presented in this report aimed at filling this gap. This report summarises results of studies aiming at the identification of threats to privacy in agent-based systems and the methods of their protection.JRC.G.6-Sensors, radar technologies and cybersecurit