System Architecture Design

More documents

Recommendations

Info

pSHIELDSystem Architecture DesignPUThe railway freight cars would be filled with sensors & intrusion detection devices, gateway node forsensors, control unit featuring embedded CPUand OS, GPS and communication interfaces such asGSM. Thesensors will sense the physical environment andsend the data to the control unit throughinternal network of IW. The control unit based onpredefined logic will detect abnormal events. The controlunit then initiates the transmissionof warning message and event data tothe railway control center. Thedetection of abnormal operating orenvironmental conditionson board of vehicles aswell as threats ofburglary represents anexample application of great interest for the freight train monitoring. Thusbothnatural and malicious faults can have an impact on system availabilityand indirectly on safety. Themonitoringsystem ofpSHIELD demonstrator is aimed tothe detection of abnormal operating orenvironmental conditions on board of vehicles as well as threats of burglary. For these two cases, thebasic working logic of the system is as follows:• Case of abnormal environmental or operational conditions: whenever an abnormal event(e.g.very high temperature or out of range vibrations) is detected by sensor/sensors, its transmissionunit is activated and data isreceived by gateway node. Central unit having CPUand OS validatesdata and - if the anomaly is confirmed- it activates GPS to achieve the current position andcommunicationn interfaces tosend an appropriate warning messagee to the control centerCase of intrusions: whenever intrusion detectiondevice detects an opening, central unit activates GPS toachieve the current position and communicationn interface to send an appropriate alarm message to thecontrol centre.4.4.2 System architecture for Integration and Interoperation for IRISOne of theobjectives of pSHIELD is to achieve Integration and Interoperation of heterogeneous services,systems and devices. The pSHIELD demonstrator will address the interoperability of informationn fromRailway Infrastructuredomain to third party service providers through an M2M platform provided byTelenor Objects, Norway. The demonstrator will make the information coming from the sensors at theIntelligentt Wagon Infrastructure (IWI) accessiblee from anywhere at any time. Howeverit is assumed thatonly authorized services providers can access them. pSHIELD demonstrator will address the integrationof sensordata with the M2M platform. The figure belowillustrates the concept of Integrationn andInteroperation of heterogeneous services, systems and devices in pSHIELD demonstrator.Figure 15 – Integration & Interoperation concept of heterogeneousservices.PUD2.3.2Issue 5Page 60 of 122
pSHIELDSystem Architecture DesignPUShepherd platform provided by Telenor Objects acts as M2M platform. Shepherd allows any pluggableobjects (here micro and power nodes) to be connected to the platform through devices APIs and makesthe sensor information securely and reliably available to the service providers or users through applicationinterface.4.5 System Architecture SPD functionalitiesFollowing are the core SPD functionalities pSHIELD envisioned:• Identification: Identification process ascertains the identity of an entity. For example, the processvalidates that the individual or process presenting the identity is indeed the owner of the identity.pSHIELD system includes the identification process of several of its components such as nodes,applications, processes and individuals. A simple identification process in the middleware layercan validate the authorized nodes of the system.• Authentication: An entity usually makes claims about itself for identification towards a system.Then the system needs to verify the claims. A part of the entity’s identity attribute is used to verifythat the claims made by it about itself are true. Authentication is the process of identifying anindividual who wants to access a system. Access is granted when the presented claims is equalto the information stored in the system. An entity can be a node, an application, process or anindividual.• Security accounting and audit: Accounting functionality tracks security events such asauthentication and authorization failures. It mainly monitors the system from security point ofviews and keeps record of the events. Accounting includes the audit functionality. Security auditrefers to systematic and measurable assessment of security of system or application. It includesmainly security vulnerability analysis of system. A system may generate audit reports usingsoftware. Security audit can also be manual.• Integrity: The pSHIELD railway freight transportation scenario mainly aims at monitoringhazardous materials transported by trains in carriages equipped with a wireless sensor network,devices for intrusion detection and access control and a location-aware communicationtransceiver. Having a wireless monitoring system installed per train carriage increases the needfor security. It is essential, given the hazardous nature of the transported materials, to eliminateany risk of harming human lives or the environment through malicious attacks. Cryptographicfunctionality will be adopted to counter these malicious attacks. Cryptography has been anestablished mean for many years to provide security and information protection against differentforms of attacks. It is seen as the basis for the provision of different systems security,fundamentally by seeking to achieve a number of goals, that are: confidentiality, authenticity, dataintegrity and non-repudiation.PUD2.3.2Issue 5 Page 61 of 122
Page 1 and 2:
Project no: 100204pSHIELDpilot embe
Page 3 and 4:
Contents1 Executive Summary .......
Page 5 and 6:
FiguresFigure 1 - A generic embedde
Page 7 and 8:
Figure 45 - pSHIELD Security Agent
Page 9 and 10: MGFMIPSMLNeLNFMRFPNMPNMPSNoLNVMOLOS
Page 11 and 12: Issue 5Page xi
Page 13 and 14: pSHIELDSystem Architecture DesignPU
Page 19 and 20: pSHIELDSystem Architecture Design3.
Page 31 and 32: pSHIELDSystem Architecture Design
Page 39 and 40: pSHIELDSystem Architecture Design
Page 47 and 48: pSHIELDSystem Architecture Designen
Page 59: pSHIELDSystem Architecture DesignPU
Page 111 and 112:
pSHIELDSystem Architecture DesignPU
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
show all

System Architecture Design

Create successful ePaper yourself

Delete template?

Save as template?