Industrialised, Integrated, Intelligent sustainable Construction - I3con
Industrialised, Integrated, Intelligent sustainable Construction - I3con
Industrialised, Integrated, Intelligent sustainable Construction - I3con
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
HANDBOOK 2 SUSTAINABLE CONSTRUCTION<br />
recover their cryptographic material, and possibly pose as one or more authorized nodes of the<br />
network.<br />
Security should satisfy a number of basic requirements, i.e. availability, data access control, integrity,<br />
message confidentiality and control the access to task the sensor and retrieve the data in the presence<br />
of adversaries [15]. Service and network availability is of great concern because energy is a limited<br />
resource in sensor nodes that is consumed for processing and communications. Equipped with richer<br />
resources, the adversaries can launch serious attacks such as resource consumption attacks and node<br />
compromise attacks. Link layer access control implies that the link layer protocol should prevent<br />
unauthorized parties from participating in the network. Legitimate nodes should be able to detect<br />
messages from unauthorized nodes and reject them. Closely related to message authenticity is<br />
message integrity. Data integrity guarantees that data should arrive unaltered to their destination. If an<br />
adversary modifies a message from an authorized sender while the message is in transit, the receiver<br />
should be able to detect this tampering. Confidentiality means keeping information secret from<br />
unauthorized parties. It is typically achieved with encryption preventing the recovery of whole/partial<br />
message by adversaries. Data encryption guarantees that sensitive data are not revealed to third<br />
parties, intruders, etc. Data is encrypted for coping with attacks that target sensitive information<br />
relayed and processed by the WSN. Access control service is to provide a secure access to WSN<br />
infrastructure for sensor tasking and data retrieval.<br />
As far as I3CON project is concerned, data encryption, data integrity and access control have been<br />
selected as the most prominent security functions. The first two can be provided as middleware<br />
services, i.e., they do not affect existing interfaces and are transparent to the communication between<br />
sensor nodes. Both of these security functions have been designed and implemented by Intracom (an<br />
I3CON project partner) in their testbed environment and reported in [3]. The following section<br />
describes the access control service development and implementation carried out by TRT (UK).<br />
WSN Access Control Service<br />
The overall requirement is to create a general access control mechanism that provides secure access to<br />
data. There is an implementation requirement for a modern access control architecture that can<br />
support efficient, effective and secure modern working practices. Concepts such as secure<br />
communication of sensitive information, roles and separation of duties are important. Access control<br />
requirements generally cover Authentication, Authorisation and Accounting (AAA). AAA is a way to<br />
control: who is allowed access to data, what services they are allowed to use once they have access,<br />
and recording what they have done. An AAA framework defines how control of access to information<br />
and services (data and applications) is performed. Authentication is the process of checking that a<br />
requestor is who (or what) he/she claims to be. Authorisation is the process of giving a requestor<br />
permission to access an application or access some data. Accounting (Auditing) is the process that all<br />
actions are recorded with an auditing process and usage of resources can be accounted for with an<br />
accounting facility.<br />
As previously described, the I3CON solution defines a REST web services API to provide clients<br />
with a mechanism to task (i.e. conFigure) and query the WSN. Sensor tasking and querying are<br />
distinct operations that clients must only be allowed to perform if they have been granted the<br />
necessary rights to do so. This requires the I3CON REST web service to enforce a level of access<br />
control that can authenticate clients and ensure that they have authority to make a particular request.<br />
An I3CON WSN access control mechanism has been implemented that provides authentication of<br />
REST clients and restricts access to specific resources based on a combination of URL patterns and<br />
roles assigned to the client. The implementation is based on the Spring Framework’s security project<br />
[16], which provides comprehensive application-layer security services to Java based applications.<br />
Spring Security provides support for authentication (i.e. the process of establishing that a client is who<br />
they say they are), and for authorisation (i.e. the process of establishing that a client is allowed to<br />
perform an operation). A wide range of authentication mechanisms is supported, including HTTP<br />
BASIC authentication [17], OpenID [18] and HTTP X.509 [19]. The I3CON solution uses HTTP<br />
139