„make the best decision from the available …...„make the best decision from the available...
TRANSCRIPT
„make the best decision from
the available knowledge and
support appropriate actions to
reach the defined goals“
General project overview:
Project acronym: AutHoNe
Full name: Autonomic Home Networking
Funding: BMBF (Federal Ministery of Education and
Research)
Project partners and their developments:
Fraunhofer FOKUS:
• Multi Client Systems
• Sensor Description Language
• Multitechnology/Multiprotocol Gateways
• FOKUS Sensor Node
• Energy Efficency
Siemens AG:
• Self-managed heterogeneous Sensor and Actuator
Networks
• Rule-based Auto-configuration and Fault-handling
• Role-specific over-the-air Software Update
• Data-centric Distributed Software Architecture
Hirschmann Automation and Control GmbH:
• Collaborative Observation in Wireless Sensor
Networks
• Network Monitoring
• Functional Safety for Industrial Application
• Low Power Design
Technische Universität München:
• Future Internet, Internet of Things, Pervasive
Computing
• Knowledge Plane with Knowledge based Autonomic
Management
• Security and Trusted Computing
• Remote Access
• Services and Applications
Celtic project consortium:
The AutHoNe project is embedded in a Celtic/Eureka
project consortium with participants from France and
Sweden
Schweden:
• University of Lund
• Sony Ericsson
France:
• Ginkgo Networks
• France Telecom R&D
• LIP6 - Pierre&Marie Curie University Paris
http://www.celtic-initiative.org/Projects/AUTHONE/
Three main technical objectives are addressed:
• The development of an agent technology (intelligent, active, policy-
oriented, multiagent…) for realising autonomic behavior
• The study of mechanisms, protocols and an architecture for distributed,
self-organizing communication
• The investigation of new autonomic technologies, functionalities and
control schemes for home and industrial network environments.
The world is moving towards autonomic equipment. The AutHoNe project is developing an intelligent autonomic paradigm in networks for home and
building environments or industrial automation. The final goal is to create a
technological competitive edge for European players in the domain of
customer specific autonomic networks.
The main objective of AutHoNe is to design an innovative home
network communication archi-
tecture allowing self-manage-
ment, configuration and
maintenance required for future
application scenarios. Key
issues are concepts for trust
and security and the integration
of wireless sensor networking
technologies.
This new architecture is composed of 4 functional and logical planes (data, control, management and
knowledge) allowing the system to self-configure,
self-secure and self-monitor in real time so that the
home network is always optimised with respect to
context information and user requirements.
http://www.authone.de
Visitor
Mobile Devices
Appliances
Monitoring
Probe
Internet
Home Gateway
with Autonomic Intelligence
and Control Interface
DSL
WiMAX
Autonomic
Firewall
Dis tributed
S ensor/Actuator
Network
Dis tributed
S ensor/Actuator
Network
Monitoring
Probe
WLAN,
Bluetooth
„Remote“ Access viaUMTS, GPRS
PC
Landlord
Full Control
Trust determines
Access Rights
AutHoNe - Home Network
• Self management
• Visualization of Network State
• Autonomic Control
• “Plug and Play”
Knowledge Plane
Control Plane
Data PlaneManagement Plane
Remote Access
Inter-Home connectivity
NAT breaks the end-to-end connectivity model of the Internet
NAT/FW-Traversal
State of the Art
Not available for legacy applications
Applicability issues
Overhead through connectivity tests (ICE)
Reuse of already gained knowledge
NAT-Test decoupled from NAT-Traversal
Results in a much faster connection establishment
Decisions based on
Supported NAT-Traversal
techniques
User-Input
Registered Applications
Prof. Dr.-Ing. Georg Carle
[carle |kinkelin |pahl |mueller |braun|schmitt]@net.in.tum.de · http://www.net.in.tum.de
Security and Trust
Metering
Video Streaming
Knowledge Platform
Further AutHoNe Applications
Knowledge
Knowledge Agent
KAKA
KAKA
KA
23°CLight is on Call from +49 89 2..
My IP is 127.0.0.1Window open
KA
AutHoNe IDs
Cryptographic Identifiers for homes, devices and users
Used for routing inside and between homes
Home Certification Authority
Certifies devices and users (entities)
Entity certificates express membership to a certain home
Trust Relationships between homes and devices
Exchange Home Certificate with friendly home networks
Enable authentication of entities of other homes
Service Access Control
Based upon policies specified in XACML
Generation of policies
Trusted Computing in Home Networking
Saveguard for keying material prevents identity theft
Novel and secure applications in home networking
Device X
Device ID Key (RSA Key)
Device Certificate (signed by HGw)
Home ID Key (RSA Key)
Home Certificate (self signed)
Device ID = hash( Public Part
of Device ID Key )
Home Gateway
Home Network A
Home Network B
Device Y
Home Gateway
Trust Relationship
Home ID = hash( Public Part
of Home ID Key )
Media Streaming ServiceClient
(powerful)
A/V Stream
Media Transcoder
A/V Stream
A/V Stream
Control
Control
Client
(limited ressources)
Control
Service
Technique Success Rate
UDP Hole Punching 88.08%
TCP-Hole Punching 52.65%
TCP-Traversal 83.78%
TCP-Traversal
incl. tunneling 94.99%
UPnP 13.01%
Field-Test Results
http://nattest.net.in.tum.de
999 tested NATs
(Cross Domain) Media Streaming based on DPWS
Discovery of Services through Multicast
Knowledge based approach for Transcoding
Knowledge Platform gives us the address for the appropriate transcoder,
e.g. small devices need certain bandwith and do not accept HD
Transcoding is done transparently and can be seen as a web service
Authentication of Users based on cryptographic Ids
Policy-based authorization
Content browsing through DPWS
Stream Protection
SSL tunnel
DRM
Requester R
Private Network A
APP. A APP. B
Public Internet Service S
Private Network B
APP. C APP. D
STUN
Server
Data
Relay
(2) (2)
ANTS
(1)(1)
Signaling
Infrastructure (3)
ANTS
(4)
Assisted Device Registration System
Service for easy to use certificate distribution for home devices
VoIP Security Service for Home Networks
Enables privacy and confidentiality for VoIP in home networking
Security is based upon our security infrastructure and trust model
Bluetooth Proximity Detection
Location based services in the home network
Ambient information service
Sensors in Home Networking
Gateway from Sensor Networks to AutHoNe Knowledge Platform
Enabler for home control applications
Malware detection
Advanced security features based on network monitoring / behaviour analysis
Malware detection (worms, trojan horses)
The purpose of our Knowledge Platform is to provide an information overlay to standard
networks. The overlay will provide a common control channel between the different nodes
of a network.
Knowledge Agent
Gives access to the knowledge overlay
Manages information brokering to and from the node
Accessed by local software and other Knowledge Agents
Knowledge Trees
Node Tree
- Stores the structure of the information availiable locally at the node
- Available at every node
Shared Tree
- Stores the structure of the information available in the whole subnet (home)
- Available at dedicated nodes
Accessed by the Knowledge Agent
Knowledge Store
Stores the information on the node
Accessed by the Knowledge Agent
We are establishing a versatile metering infrastructure for our AutHoNe-networks.
Obtain knowledge of the network state additional to that from “regular” nodes
Detect bottlenecks
Detect malfunction
Detect errors
Detect security risks
Be highly customizable concerning the metered values as well as the topology
Adopt the metering process to the situation inside the network
Integrate nodes with different capabilities into the metering process
Aggregate Knowledge dynamically
Overcome the borders of single
metering tasks through the newly
available connection over the
AutHoNe-control-overlay
pcap
rx-rate
tx-rate
mtu
…
E xamination (e.g. S NO R T ) KA
Node
Meter
E xaminer
K nowledge Agent
pcap
rx-rate
tx-rate
mtu
…
pcap
rx-rate
tx-rate
mtu
…
E xamination (e.g. S NO R T ) KA
Node
Meter
E xaminer
K nowledge Agent
Node
Meter
E xaminer
K nowledge Agent