Architecting Secure Mobile Architecting Secure Mobile P2P Systems P2P Systems James Walkerdine James Walkerdine , Peter Phillips, , Peter Phillips, Simon Lock Simon Lock Lancaster University Lancaster University
Architecting Secure Mobile Architecting Secure Mobile P2P SystemsP2P Systems
James WalkerdineJames Walkerdine, Peter Phillips, , Peter Phillips,
Simon LockSimon Lock
Lancaster UniversityLancaster University
OverviewOverview
Mobility, P2P and SecurityMobility, P2P and Security ChallengesChallenges
Overview of the PEPERS projectOverview of the PEPERS project
The PEPERS Development MethodologyThe PEPERS Development Methodology Architectural supportArchitectural support Tool support (video)Tool support (video)
EvaluationEvaluation
MotivationMotivation
Advances in wireless networking and mobile technology Advances in wireless networking and mobile technology now make mobile P2P feasiblenow make mobile P2P feasible
Mobile P2P can support organisations that have:Mobile P2P can support organisations that have: Decentralised management styleDecentralised management style Geographically dispersed or highly mobile workforcesGeographically dispersed or highly mobile workforces Wide range of computing and communication devicesWide range of computing and communication devices
The ad-hoc and heterogeneous nature poses significant The ad-hoc and heterogeneous nature poses significant design challenges – especially with regards to security design challenges – especially with regards to security
Mobile P2P and SecurityMobile P2P and Security
Connecting trusted and non-trusted devices requires:Connecting trusted and non-trusted devices requires: Secure communication and storage (via encryption)Secure communication and storage (via encryption) Robust authenticationRobust authentication
Difficult to achieve in decentralised and highly dynamic Difficult to achieve in decentralised and highly dynamic environmentsenvironments
Adapting traditionally centralised company security Adapting traditionally centralised company security policiespolicies Consider distributed, mobile and intermittently connected Consider distributed, mobile and intermittently connected
platformsplatforms
PEPERSPEPERS
Mobile Peer-to-Peer Security Infrastructure (EU project)Mobile Peer-to-Peer Security Infrastructure (EU project) Develop an infrastructure to support the design, development Develop an infrastructure to support the design, development
and operational deployment of secure mobile P2P and operational deployment of secure mobile P2P applicationsapplications
Jan 06 – Jun 08Jan 06 – Jun 08
PartnersPartners UK: Lancaster and City Universities, SymbianUK: Lancaster and City Universities, Symbian Greece: ATC, G4S, PhililetherosGreece: ATC, G4S, Phililetheros Italy: EngineeringItaly: Engineering
PEPERS DevelopmentsPEPERS Developments
Development Framework Runtime Framework
Design
and
Architecture
Framework
(DAF)
Static
Verification
Framework
(SVF)
Execution
Framework
(EF)
Dynamic
Verification
Framework
(DVF)
Development Platform Runtime Platform
DevelopmentMethodology
P2P ApplicationReference
Architectures
Tool Support
User Partner ScenariosUser Partner Scenarios
PhileleftherosPhileleftheros Use mobile devices to support communication Use mobile devices to support communication
between journalists, photographers, etc, in the fieldbetween journalists, photographers, etc, in the field Support the process of publication creationSupport the process of publication creation
G4SG4S Use mobile devices to support guard patrols on Use mobile devices to support guard patrols on
clients site (e.g. door codes), etcclients site (e.g. door codes), etc Communication with HQCommunication with HQ
PEPERS Development PEPERS Development MethodologyMethodology
(PDM)(PDM)
OverviewOverview
A Methodology and Support ToolA Methodology and Support Tool
Supports developers in building secure mobile Supports developers in building secure mobile P2P applicationsP2P applications
Stems from our previous workStems from our previous work BANKSEC - Secure Component based developmentBANKSEC - Secure Component based development P2P ARCHITECT - Architecting Dependable P2P P2P ARCHITECT - Architecting Dependable P2P
SystemsSystems
Secure Mobile P2P Development Secure Mobile P2P Development ConsiderationsConsiderations
Make security central to the designMake security central to the design Development perspectiveDevelopment perspective Organisational perspectiveOrganisational perspective
Consider requirements and constraints on security cause Consider requirements and constraints on security cause by:by: MobilityMobility Network and CommunicationNetwork and Communication P2P TechnologyP2P Technology
Be architecturally drivenBe architecturally driven
Key types of P2P TopologyKey types of P2P Topology
Structured indirectcommunication
ring server/superpeermodel
Example SystemsAzureus Bit Torrent
Direct Connect (although not all servers communicate)
Unstructured indirectcommunication
server/superpeermodel
Example SystemsGnutella (v0.6), Kazaa
DirectCommunication
Example SystemsARPANet
Un-structured indirectcommunication
Example SystemsGnutella (v0.4), FreeNet
Structured indirectcommunication
Example SystemsPastry, Chord
Decentralised
Single centralisedindex server
Example SystemsNapster, OpenNap
Computational model(no autonomy)
Example SystemsSETI@home
Semi-Centralised
Hybrids (examples)
Unstructured indirectcommunication overlaid
over a structured indirectcommunication architecture
Example SystemsStructella
Topology support for SecurityTopology support for Security
MediumHighHighMediumMediumMediumMediumMediumHighMediumunstructured indirect communication overlaid over a structured indirect communication model
HighHighMediumHighHighHighHighHighMediumHighunstructured indirect communication server/super peer
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
Potentially High
PotentiallyHigh
Potentially High
Potentially High
Hybrid topologies(general)
HighMediumMediumHighHighHighHighHighLowHighSemi-Centralised
LowLowHighLowLowLowMediumLowHighLowDecentralisedUn-structured Direct Communication
MediumHighHighMediumMediumMediumMediumLowMediumMediumDecentralisedStructured Indirect Communication
HighHighLowHighLowMediumHighHighHighMediumDecentralisedDirect Communication
TrustRecoveryPrivacyPeer / User Management
MonitoringLoggingEncryptionAuthentication / Authorisation
Attack Resistance
Attack Detection
Development MethodologyDevelopment Methodology
5 stage method5 stage method Spiral – developers do not need follow fixed phasesSpiral – developers do not need follow fixed phases Iterative – stages can be revisited (e.g. when new Iterative – stages can be revisited (e.g. when new
requirements are discovered, etc)requirements are discovered, etc) Flexible – can accommodate different software engineering Flexible – can accommodate different software engineering
techniques (components, etc)techniques (components, etc)
Each stage contains activities geared specifically for Each stage contains activities geared specifically for supporting secure mobile P2P application developmentsupporting secure mobile P2P application development
Requirements Elicitation
Propose System Architecture
Start
Propose Sub-System Design
System Implementation
Verification and Validation
Each stage tailoredto consider P2P,Security and Mobile aspects
Support ToolSupport Tool
Web basedWeb based
Knowledge base of analysis and reference architecturesKnowledge base of analysis and reference architectures
Support for identifying, specifying and managing requirementsSupport for identifying, specifying and managing requirements
Support for P2P topology selectionSupport for P2P topology selection
Support for the identification of key secure mobile P2P Support for the identification of key secure mobile P2P application functionalityapplication functionality
Support for Secure Mobile P2P Application Reference Support for Secure Mobile P2P Application Reference Architecture selectionArchitecture selection
Support for Sub-system identification and initial descriptionSupport for Sub-system identification and initial description
Support for general managerial and trace ability activities. Support for general managerial and trace ability activities.
G4S Case StudyG4S Case Study
Allow guards and mobile patrols to Allow guards and mobile patrols to transmit/receive sensitive datatransmit/receive sensitive data With one anotherWith one another With the ARCWith the ARC
Often ad-hoc exceptional situationsOften ad-hoc exceptional situations Emergencies guards are responding tooEmergencies guards are responding too Change in guard roles (team leader, etc)Change in guard roles (team leader, etc) Access privileges can changeAccess privileges can change
Requirements Elicitation
Propose System Architecture
Start
Propose Sub-System Design
System Implementation
Verification and Validation
Propose System ArchitecturePropose System Architecture
Key ActivitiesKey Activities Select P2P suitable topologiesSelect P2P suitable topologies Derive system functional capabilitiesDerive system functional capabilities Select mobile P2P application reference architecturesSelect mobile P2P application reference architectures Establish architectural modelEstablish architectural model Describe sub-systemsDescribe sub-systems Initial PEPERS runtime platform considerationInitial PEPERS runtime platform consideration Where possible, allocate requirements to sub-systemsWhere possible, allocate requirements to sub-systems Evaluate architectureEvaluate architecture
Application Reference ArchitecturesApplication Reference Architectures
Developed within PEPERSDeveloped within PEPERS Key P2P application domains (IM, shared workspace, DL,…)Key P2P application domains (IM, shared workspace, DL,…) Decentralised and semi-centralised versionsDecentralised and semi-centralised versions
Provide guidance on the functionality and structure that Provide guidance on the functionality and structure that would be required for particular types of applicationwould be required for particular types of application
Identified capabilitiesIdentified capabilities Represent abstract system functionalityRepresent abstract system functionality Capabilities of individual layers and whole architecturesCapabilities of individual layers and whole architectures
Shared Workspace ApplicationShared Workspace ApplicationReference ArchitectureReference Architecture
Application/GUI
Real-time ConnectionMonitor/Synchronisation
Distributed Authentication/Authorisation
Awareness Monitor
DecentralisedP2P
Communication
Encryption
Distributed Logging
P2P Network Layer
KnownPeer
RepositoryDistributedLog Storage
Workspace Management
LocalData
Case StudyCase Study
Designers began to investigate the suitability of the different P2P topologies Designers began to investigate the suitability of the different P2P topologies and reference architecturesand reference architectures
Semi-centralised topology chosenSemi-centralised topology chosen Fitted in with their current systemsFitted in with their current systems
Distributed Repository, Shared Workspace reference architectures chosenDistributed Repository, Shared Workspace reference architectures chosen
Sub-systems identified, high level architecture createdSub-systems identified, high level architecture created Drawing upon reference architectures – though not all sub-systems usedDrawing upon reference architectures – though not all sub-systems used
Identifed suitable PEPERS runtime platform modules that can be usedIdentifed suitable PEPERS runtime platform modules that can be used
Tool VideoTool Video
NetworkNative
ApplicationsCamera
Device - Symbian OS
Database
User Interface
MultimediaManagement
P2PCommunication
Authentication/Authorisation
Encryption
ApplicationServer
Application
EvaluationEvaluation
Two evaluations performedTwo evaluations performed External (mobile phone software companies, developers, etc)External (mobile phone software companies, developers, etc) Internal (PEPERS partners)Internal (PEPERS partners)
Good starting point for building secure mobile P2P applicationsGood starting point for building secure mobile P2P applications
ImprovementsImprovements More thorough security and mobility analysisMore thorough security and mobility analysis
Threat analysis, weightings for security propertiesThreat analysis, weightings for security properties Degree of mobilityDegree of mobility
Encourage the consideration of technologiesEncourage the consideration of technologies Support other non-functional properties (reliability, scalability, etc)Support other non-functional properties (reliability, scalability, etc) Rationale behind tool recommendationsRationale behind tool recommendations Better integration with 3Better integration with 3rdrd party tools party tools
SummarySummary
Mobile P2P systems are now a feasible possibilityMobile P2P systems are now a feasible possibility Introduces new challenges in terms of mobility and securityIntroduces new challenges in terms of mobility and security
Presented the PDM and supporting toolPresented the PDM and supporting tool Method to support the development of secure mobile P2P systemsMethod to support the development of secure mobile P2P systems Focused on the architectural support the PDM providesFocused on the architectural support the PDM provides
Evaluation has shown benefits, but still areas of improvementEvaluation has shown benefits, but still areas of improvement
Tool and further information can be found at www.pepers.orgTool and further information can be found at www.pepers.org