Personal Network Introduction
Personal Networks – a Tutorial
Connect All Your Electronic Devices with Personal Networks
Architectures, Technologies, Applications
Martin Jacobsson, TU Delft Ignas Niemegeers, TU Delft
Sonia Heemstra de Groot, TU Delft and TI-WMC
CCNC 2011, January 13, 2011, Las Vegas
Copyright 2011 All rights are reserved1
Personal Network Introduction
AcknowledgementsFor parts of this tutorial:• Sonia Heemstra de Groot (TI-WMC, NL)• Venkatesha Prasad (TU Delft, NL)• Ertan Onur (TU Delft, NL)• MAGNET Colleagues, in particular:
• Rasmus L Olesen (Aalborg, DK)• Martin Bauer, Erno Kovacs (NEC, DE)• Marc Girod Genet (ParisSud, FR)
• PNP2008 colleagues, in particular:• Frank den Hartog (TNO, NL)
Some of the material presented in these slides belong to these people and their copyright remains with them.
2
Personal Network Introduction
Tutorial Overview
• Introduction and PN applications• PN architecture• Local PN networking• Remote PN networking• PN Security• PN application support systems• PN Federations• Experimenting with PNs• Final bits
3
Personal Networks Introduction
Background and motivation
5
Personal Networks Introduction
A bit of history and acknowledgements
• Concepts presented originated in 2000 at Ericsson Research and TU Delft, The Netherlands
• Inspired by the work of Robin Kravetz at University of Illinois: Moped project
• Concepts worked out and prototyped in several large research projects: EU FP6 MAGNET and MAGNET- Beyond, and Dutch Freeband PNP2008 project
• Many small projects• Parallel to Mobile VCE project in UK: Personal Distributed
Environments (Irvine and Dunlop)
6
Personal Networks Introduction
Technology drivers
• Number and diversity of personal devices will be growing tremendously (vision of pervasive computing, driven by Moore’s law)
• Low cost air-interfaces covering a range of needs are becoming commonplace
• Infrastructure (Internet) access is becoming ubiquitous to fixed and mobile users, covering a wide range of user needs
• Growth of IP capable devices (e.g., IPv6 6LoWPAN)
7
Personal Networks Introduction
The future wireless world: explosion at the edges
PANsensor network
Sensor network
BAN
home network
emergencynetwork
VAN
Access Networks
ad hocnetwork
corporatenetwork
meshnetwork
Global core
Personal Networks Introduction
Even further: nanonetworks
Nano tube radio
Radio-controlled devices small enough to exist in a human's bloodstream
http://www.physics.berkeley.edu/research/zettl/projects/nanoradio/radio.html
Nano tube radio
Radio-controlled devices small enough to exist in a human's bloodstream
http://www.physics.berkeley.edu/research/zettl/projects/nanoradio/radio.html
Personal Networks Introduction
Characteristics of future networks• The capillaries of the Internet, is where the “revolution”
takes place: the Internet of Things • Huge scale: orders of magnitude more communicating
devices• Huge number of “owners” involved (not operators)• Unplanned and ad-hoc connected• Heterogeneity:
• capabilities and characteristics of devices• access technologies• applications/services, including surge in embedded applications
• Dynamics
Bound for future network chaos:scale, competing entities, spectrum, etc.
Personal Networks Introduction
New and some old concerns
• Manageability• Trustworthiness: security, dependability, robustness• Ease of use: end user (increasingly no direct end-user,
embedded applications)• Ease of developing applications/services• Spectrum usage• Energy concerns• Health (Radiation)
Personal Networks Introduction
Societal drivers
• New lifestyles: the boundary between private and professional life is becoming blurred
• Market pull: the need for ubiquitous communication is strengthened by our new lifestyle
• More and more networked devices and appliances
12
Personal Networks Introduction
Problems we are facing now
An increasing variety of • communication and security protocols, • complex configuration, and a • lack of integration between heterogeneous
technologies
is hampering ubiquitous communication using different devices
13
Personal Networks Introduction
Personal Networks (PNs) and their potential
14
Personal Network Introduction
What do PNs offer?
• Devices belonging to a user self-organize to form a geographically distributed secure overlay network of personal devices
• A platform for a multitude of personal applications and services to support private and professional activities in a person-centric, unobtrusive, dependable and trustworthy way
• A tool to cooperate with others through federation and interact with non-PN systems (Federations of PNs)
15
Personal Networks Introduction
What do PNs do?Connect personal devices near and far automatically and securely using any network infrastructure (3G, 4G, WIMAX, WLAN, Bluetooth, Zigbee etc…)
Network Infrastructure
Personal Networks Introduction
PN architecture illustrated
Personal Networks Introduction
Definitions
• Personal network (PN): Dynamic self-organizing secure overlay network of local and remote personal devices organized in clusters with support for personalized services
• PN Cluster: mostly referred as a set of colocated nodes in a PN, e.g. home cluster, office cluster, etc.
• Personal area network (PAN): is the (mobile) cluster colocated with the user
Personal Networks Introduction
Definitions (continued)
• Personal device vs. foreign device: a personal device is owned by the user, i.e., has all the rights to install the PN software and include the device in her PN. Foreign devices have another or multiple owners.
• Overlay network: the routing, addressing scheme, secure tunnels, etc. are defined by an application on top of a full meshed IP connectivity between nodes.
• Interconnecting infrastructure: provided by ISPs, WLAN providers, 3G, 4G, IMS/NGN or PSTN network operators.
19
Personal Networks Introduction
PN target characteristics
• Ease of use• No/minimal user training required• No system administrators
• Trustworthiness• Security, privacy and dependability
• Ubiquitous
• Should work everywhere a person and her/his devices are
• Low cost • Consumer technology• No installation costs
Personal Networks Introduction
PN as a product
A platform that makes ubiquitous communication between personal devices over any network technology and any operating system a reality
21
Personal Networks Introduction
Market potential
• All these devices are potential ingredients of a PN: • GSM: 3.5 billion• 3G: 500 million• Broadband: 350 million• Appliances : 5.5 million replaced in 2008 in
The Netherlands (TVs, PVRs, fridges, etc.)(numbers are for 2010)
• 1000 wireless devices per person on earth by 2017 (WWRF Book of Visions)
22
Personal Networks Introduction
TU Delft PN Prototype
• Software platform(*) running on your devices providing:• Secure ubiquitous communication• Automatic configuration• Network technology independence• Integration with common operating systems (Linux,
Android, others under development)• Supports and enhances existing applications and enables
new applications(*) Developed at TU Delft over the past six years
23
Personal Networks Introduction
PN Federations
24
Personal Networks Introduction
What is a PN Federation?
Home network
Corporatenetwork
Interconnecting structure
Vehicular areanetwork
Home network
PN2PN1
PN3
Personal Networks
PN Federation
• Federation member
Personal Networks Introduction
Key ideas of PN Federation
• Cooperation of multiple PNs
• Using selected resources and services of each other
• Driven by purpose or opportunity
• Temporary or long term for achieving a specific goal
• Ad hoc (neighbouring users and their devices) or mediated by a PN directory service (PNDS)
• Initiated via invitation, or announcements (push)
Personal Network Introduction
Research projects with PN-like goals• Universal Personal Networking (UPN): early 1990s at
Siemens, no breakthrough • Life-Works: more recent, Siemens• Moped: University of Illinois, Kravets (2001)• Personal Mobile Hub: IBM Research, Husemann et al.
(2004)• CoolTown: HP, Debaty and Caswell (2001)• Mobile People Architecture: Stanford, Maniatis et al.
(1999)• Personal Distributed Environment: Mobile VCE, UK,
Dunlop and Irvine (2003)• MyNet: Nokia and MIT, Arvind and Hicks (2006) • IST PACWOMAN and SHAMAN: EU FP7 (2002)
27
Personal Network Introduction
Commercial developments with a PN flavor
• Microsoft’s Personal Cloud (2010 announcement)• Apple’s MobileMe• Drop Box (product)• P2P Universal Computing Consortium (PUCC):
Japanese universities and companies, e.g. NTT Docomo, NEC, Toshiba, since 2004, demo at CCNP 2008 CES
• 3GPP: Personal Networks as part of AIPN (2009)• Ecma Technical Report on Personal Networks
(December 2010)
28
Personal Networks Introduction
PN and PN Federation Applications
29
Personal Networks Introduction
PN-enabled applications
• Access and share information on personal devices:calendar, contact list, photos, music, video, documents, YouTube downloads, etc.
• Access information from wearable sensors (e.g., health sensors)
• Access information from sensors in the home, around the home, car, etc.
• Control personal devices and appliances• Domotica, home security, energy management,
health, sports, well-being, etc.
30
Personal Networks Introduction
PN-Federation-enabled Applications
• Sharing of data, including, e.g., photos, ring tones, calendar events, point of interests, YouTube downloads, and more…
• Collaborative work during meetings• Collaborative work anywhere • Assisted living for elderly or impaired people• Collaborative work anywhere• Gaming
Personal Networks Introduction
32
Virtual Home Truck
Creating a virtual home environment in truck
Personal Networks Introduction
File access
Access the latest version of your files anywhere anytime with any device
Personal Networks Introduction
34
eHealth Scenario
eHomeCaresetting
Alarm center (ALA)
Relatives (RL)
Hospital (H)
Specialist (SPE) General practitioner (GP)
Interconnection structure
Nurse (N)
Personal Networks Introduction 35
PN Federation for sharing photos, videos, and printing services
PN2 PN3
PN1 PN4Jane
PN2 PN3
PN1 PN4Jane
Personal Networks Introduction 36
PN Federation for emergency relief
FederationFederation
Personal Networks Introduction
PN nodePersonal Network
Personal Network
Personal NetworkSensor Network Fednet
Fednet
Personal Network
FednetFederation manager
Non-professionalcare taker
Professionalcare taker
PN nodePersonal Network
Personal Network
Personal NetworkSensor Network Fednet
Fednet
Personal Network
FednetFederation manager
Non-professionalcare taker
Professionalcare taker
PN Federation for assisted living
Personal Networks Introduction
Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org
ECMA Homecare Scenario
Ecma TC32 PN&F Editing Group, “Personal Networks and their Federations,” Ecma Technical Report, 2009.http://www.ecma-international.org/memento/TC32-PNF-M.htm
Personal Networks Introduction 39
PN Federation for road safety?
locationspeed
ABS
stability controlproximity
locationspeed
ABS
stability controlproximity
Personal Network Architecture 1
Personal Network Architecture
Personal Network Architecture
Requirements• Easy cross-device applications support based on service
oriented architectures (SOA)• Context-awareness
• Secure Personal Communication• Automatic Addressing and Network Configuration• Routing, Broadcasting and Mobility
• Wireless Technology and Operating System Independent
2
Personal Network Architecture
Core Concept• Distinguish between:
• Personal Nodes – Devices owned/used/controlled by you• Foreign Nodes – All other devices
• One single and simple security system independent of link layer technologies• Compare this with Bluetooth, Wifi, VPN, etc.
Personal Network = The set of all your Personal Nodes
3
Personal Network Architecture
Three Layer View (1)
4
InterconnectingStructures
P-PANNetwork Level
Service Level
Public servicePrivate service
Personal nodePersonal deviceForeign nodeForeign deviceCluster
Cluster
Connectivity
LevelInterconnectingStructures
RCD1
RCD2
RCD3
RCD4
RCD5
RCD7
RCD6
PN
Air IF 1Air IF 2Air IF 3Dual Air IFRadio Controller
Personal Network Architecture
Three Layer View (2)Connectivity Level
• Works on top of available link layers• Network Level - Intra-cluster• How are Clusters formed?• How is the identification of gateways/border nodes done?
Network Level• Routing and addressing• Establishment of tunnels and their dynamic maintenance• How are nodes included in a PN? How to exclude nodes?• Naming within the PN
Service Level• Service Discovery• Context Discovery and Context-aware Service Discovery• Bridging heterogenous service platforms
5
Personal Network Architecture 6
Cluster and PN Formation• A security mechanism is used separate Personal from
Foreign Nodes. Clusters contain only Personal Nodes.• A PN is formed by constructing inter-Cluster tunnels
between Personal Clusters.
Personalisation• A new Node is included into the PN (or personalised) by
pairing it with a Node already personalised. It becomes a Personal Node.
• An intra-PN security mechanism makes sure that encryption keys are distributed to the new Node and that the PN is aware of the new Node.
• Configuration of the new Node can also take place (such as addressing).
Personalization of Nodes (1)
Personal Network Architecture
Mine Manual Pairing
Manual Pairing
Implicit Pairing
Personalization of Nodes (2)
Personal Network Architecture
Personalization of Nodes (3)• A new Node is included into the PN (or personalized) by
pairing it with a Node already personalized.• It becomes a Personal Node.
• An intra-PN security mechanism installs trust relationships between the new Node and the existing Nodes in the PN • Distribution of encryption keys
• Network-related configuration of a Node takes place after personalization• Such as addressing, awareness of PN Agent
8
Personal Network Architecture 9
The Network Architecture
Personal (Virtual) Network
Cluster
Cluster Cluster
Cluster
Cl.
EncryptedTunnel
Personal Network Architecture 10
The Big Picture
Personal Network Architecture 11
When a Node meets another Node
AB
{Hello, A}PID
{Hello, B}PID
{Mgmt Data}PID
{Data}PID
Personal Network Architecture
Personal Networks
Cluster 1
BA
12
Personal Network Architecture
Personal Networks
BA
Cluster 1
13
Personal Network Architecture
Personal Networks
Office ClusterP-PAN
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
14
Personal Network Architecture
Personal Networks
P-PAN
Office Cluster
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
15
Personal Network Architecture
Personal Networks
P-PAN
Office Cluster
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
16
Personal Network Architecture
Personal Networks
Office Cluster
Home ClusterP-PAN
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
17
PN Networking 1
Personal Network Networking
PN Networking
Three Layer View
2
InterconnectingStructures
P-PANNetwork Level
Service Level
Public servicePrivate service
Personal nodePersonal deviceForeign nodeForeign deviceCluster
Cluster
Connectivity
LevelInterconnectingStructures
RCD1
RCD2
RCD3
RCD4
RCD5
RCD7
RCD6
PN
Air IF 1Air IF 2Air IF 3Dual Air IFRadio Controller
PN Networking
Addressing• Each PN Node has an IP address• Flat addressing within the PN• Unique within the PN• Assigned at Personalization• Never changes
• TCP / UDP sessions are unaffected by mobility
• We used IPv6, but IPv4 is no problem
3
PN Networking
Cluster Routing (1)
Cluster
PN Networking
Cluster Routing (2)Mobile Ad Hoc (MANET) Routing• Support Mobility / Dynamic Links• Support Wireless / Heterogenous LinksMANET protocols used in our prototypes:• OLSR – Optimized Link State Routing• WRP – Wireless Routing ProtocolProactive protocols work the best for clusters:• Small and dense networks• Many node-node flows• Many short-lived sessions
5
PN Networking
FloodingCluster-wide / PN-wide Broadcasting• Service discovery• Context information dissemination• Various network organization protocols• Multicast applications
Existing ad hoc flooding protocols:• Blind Flooding• CBB – Counter-based Broadcasting• SMF – Simplified Multicast Forwarding
6
PN Networking
MANET Routing Domain
Personal Node Recognition (1)
7
PN Networking
Personal Node Recognition (2)Personal Neighbour Node Authentication:• Based on personalization• Filter out the other neighbors• Encrypt packets between personal nodes
Introduce a ”layer” below networking:• Implements personal neighbour node discovery and
authentication• Expose higher layers (e.g. routing) only to authenticated
neighbours• MANET routing protocol can be unmodified
8
PN Networking
Personal Node Recognition (3)
9
PN Networking
Personal Node Recognition (4)
10
3000::9
3000::9
3000::12
16F3A66F…
316BE6FC…
18A562BC…
00:30:45:B6:89:BA
00:30:67:F5:EF:27
00:30:34:B2:F7:98
00:30:43:AB:65:83
00:30:27:87:3B:7A
wifi1
eth0
eth0
wifi1
wifi1
B93BE8F9…
278C8D16…
A767C8DE…
Node ID Unicast KeyMAC address IF Bcast Key
PN Networking
Remote PN Networking
PN Networking
Why Inter-Cluster Tunneling
Why tunnels?
Encrypt traffic over the Internet• Based on keys established via personalization
Support Mobility within PNs• End-to-end packets (IP and upwards) are transmitted
unchanged and tunnelled.
12
PN Networking
Inter-Cluster Tunneling (1)
13
Office ClusterP-PAN
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
3000::1 3000::9 ……130.11.40.7 109.7.45.3
Dst Addr Src Addr DataDst Addr Src Addr
Tunnel IP Header PN-internal IP Hdr
PN Networking
Inter-Cluster Tunneling (2)
14
3000::1 3000::9 ……130.11.40.7 109.7.45.3
Dst Addr Src Addr DataDst Addr Src Addr
Tunnel IP Header PN-internal IP Hdr
Encrypted based on keys between 3000::1 and 3000::9
3000::1 3000::9 ……130.11.40.7 109.7.45.3
Dst Addr Src Addr DataDst Addr Src Addr
Tunnel IP Header PN-internal IP Hdr
……
UDP
A UDP header is sometimes necessary for NAT-traversals, like this:
PN Networking
Inter-Cluster Routing
15
Office ClusterP-PAN
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
PN Networking
Ad HocRouting Domain
Ad HocRouting Domain
Ad HocRouting Domain
Inter-Cluster Routing
16
Flat Ad Hoc Routing across an entire PN is possible!
However, the tunnel links are special• Slow, usually the bottlenecks• Most topology changes in a Cluster only have local
consequences within that Cluster
PN Networking
Inter-Cluster Routing
17
• Each Cluster is its own ad hoc routing domain• The tunnel inter-connect acts as a network switch• Gateway Nodes keep track of which Node is in which
Cluster• Packets to Nodes in other Clusters are forwarded over
the tunnels by the Gateway Nodes
Ad HocRouting Domain
Ad HocRouting Domain
Ad HocRouting Domain
PN Networking
PN Agent (1)
18
Office ClusterP-PAN
Home Cluster
Car Cluster
Infrastructure Networks
Personal NodeGateway NodeAccess RouterInter-Cluster Tunnels
PN Agent
Via the PN Agent, Gateway Nodes Exchange:• Care-of Addresses (CoA)• Which Nodes are in its Cluster• Link Quality Information
PN Networking
PN Agent (2)PN Agent:• Assists discovery and maintenance of tunnels wrt CoA
and mobility• Knows which Node is in which Cluster => Inter-Cluster
Routing
PN Agents are not strictly needed, pure P2P mechanismsare possible. However:• Bootstrap problem• Slowness in finding the latest CoA
19
PN Networking
Foreign PN Communication
PN to PN communication
PN Networking
Types of Foreign Communication (1)
21
PN Networking
Types of Foreign Communication (2)
22
PN Networking
Network Level Foreign Comm
23
PN Networking
Service Level Foreign Comm
24
PN Networking
Service vs. Network LevelService Level:• Using Service-Level Proxies• Two sessions instead of one (mainly problem for TCP)• Finer granularity access control
Network Level:• Using NAT/NAPT• End-to-end IP connectivity• Access control based on port numbers only
25
PN Networking
PN to PN Foreign Communication
26
PN Networking
Foreign Communication Mobility (1)
27
PN Networking
Foreign Communication Mobility (2)
28
Personal Network Security 1
Personal Network Security
Personal Network Security 2
Overview PN Security
• Device personalization• Imprinting• PN Formation Protocol• Eviction of nodes
• Establishment of secure communication• One-hop links• Inter-cluster
Personal Network Security 3
Personalization
Process of making a device member of a PN:• Under the control of the user• “Imprinting” the security credentials• Configuration of vital information
Personal Network Security 4
Imprinting
Based in the “resurrecting duckling” policy model• A new device (duckling) starts in the un-imprinted
state• The device becomes imprinted when the first master
device (mother) provides it with cryptographic material • Further imprinting attempts will fail if the device already
is imprinted• The master device can “kill” (remove the cryptographic
material of) the device and bring it back to the un- imprinted state
Personal Network Security 5
Imprinting in PNs
Using public key infrastructure PKI adapted to the PN:• PN certification authority (PNCA) signs the public key of
the duckling during imprinting• Generated certificate and PNCA certificate are stored in
duckling• PKI light weight solutions with elliptic curve
cryptography (ECC)Shared key:
• Pair-wise key with mother• Simple but with limited scalability
Personal Network Security 6
Certified PN Formation Protocol (PNFP)
From European Project Magnet BeyondTwo phases
• Imprinting• Establishment of pair-wise keys
Personal Network Security 7
Certified PNFP- Phase 1
• Form of authenticated Diffie-Hellman • Uses a location limited channel (LLC)
• Physical characteristics of channel provide security services• Examples of LLC: Cable, physical contact, NFC, audio, infrared,
user as a channel
• Public keys are exchanged between PNCA and new device using non-authenticated wireless channel
• Keys are later authenticated using a LLC• Two flavors:
• Using a private LLC• Using a public LLC
Personal Network Security 8
PNCA(mother)
Device A(duckling)
SKPNCA , PKPNCA
Computehm = hash (PKPNCA || PKA )
Continue only ifhm =hn
PKPNCA
PKA
hm
hn
CERT(PKA , PNCA), CERT(PKPNCA , PNCA)
non-authenticated channel
non-authenticated channel
Public LLC
SKA , PKA
Computehn = hash (PKPNCA || PKA )
Continue only ifhm =hn
Imprinting over a public LLC
Personal Network Security 9
Certified PNFP- Phase 2
• Two PN nodes use their certificates to authenticate each other and establish a pair-wise master key when they meet each other for the first time• Mainly optimization of computation
• Pair-wise master key used for further authentication and generation of pair-wise session keys• Less computationally demanding than asymmetric crypto
• Standard key agreement protocols can be used for establishment of pair-wise master keys
Personal Network Security 10
Eviction of Personal Nodes
• Certificates issued by PNCA have limited life time• Certificates need to be renewed
• For eviction before expiration of certificate: certificate revocation list (CRL) signed by the PNCA is sent to all nodes in the PN using PN-wide broadcasting
Personal Network Security 11
Secure Unicast PN Communication
• Pair-wise master key used for authentication and generation of session keys for encryption and integrity protection
• Use link layer encryption and session key types when available.• Often HW support
• Establishment of link layer session key depends on technology:• E.g. 4-way handshake protocol in IEEE802.11i
• If no link layer security is available, encryption has to be done at network layer
Personal Network Security 12
Secure Inter-Cluster Communication
• Gateways nodes are responsible for securing inter- cluster communication
• Encrypted tunnels (e.g., IPSec ESP)• Algorithm for key establishment similar to the second
phase of the CPFP• Gateway nodes exchange PNCA certificates• After successful authentication, session keys are generated
Personal Network Architecture 1
Personal Network Application Support Systems
Personal Network Architecture
Three Layer View
2
InterconnectingStructures
P-PANNetwork Level
Service Level
Public servicePrivate service
Personal nodePersonal deviceForeign nodeForeign deviceCluster
Cluster
Connectivity
LevelInterconnectingStructures
RCD1
RCD2
RCD3
RCD4
RCD5
RCD7
RCD6
PN
Air IF 1Air IF 2Air IF 3Dual Air IFRadio Controller
Personal Network Architecture
Application Support SystemsService-Oriented Architectures (SOA)• Offers self-configuration at the service/application level• Service discovery• Service session management• Access control for PN-PN and Federations
Context Management Framework• Collect, process, store, distribute context information
Naming• Naming of devices, services, etc.
3
Personal Network Architecture
Service-Oriented Architectures
Personal Network Architecture
Service Discovery Domains/Tiers
5
Personal Network Architecture
Service Management Node (1)
6
Personal Network Architecture
Service Management Node (2)
7
MAGNET Service Management Platform (MSMP)
ServiceDiscovery
Module
INSInteraction
Module
Service Discovery Adaptation sub-Layer
ServiceRanker
SCMFClient
Modified UPnPDevice Module
Modified UPnPControl Point Module
P2PServiceOverlay
(INS/Twine)
INSName
Resolver(INR)
INRName-tree
ServiceRepository
UPnP Interface(SSDP, SOAP, GENA)
SecurityManagement
AAAModule
Police&
ProfileDB
PN-F Service Discovery via the PN Agent To the SCMF
Service Session Management Module
Personal Network Architecture
Context Management
Personal Network Architecture
Context Management Framework
9
Data Source(Sensors)
Data Source(PHY/MAC
Parameters)
Data Source(…)
Data SourceAbstraction Layer
(DSAL)
Query Subscription
Context Access Layer(CAL)
Secure Context Management Framework
Context Aware ComponentContext Aware
ComponentContext Aware Component
Context Aware Service
Context Aware ApplicationContext Aware
ServiceContext Aware Service
Context Aware ApplicationContext Aware
Application
Response Notification
Context Agent
Communicationwith other Nodes
Data Tier
Middleware Tier
Application Tier
Personal Network Architecture
Context Modeling
10
• Common, ontology-based context model, modeling entities
• XML-based representation adding meta information like accuracy or confidence
• Context Access Language• synchronous query• asynchronous
subscribe/notify• modifications
Personal Network Architecture
Context Management Architecture
11
Cluster View
InterconnectingInfrastructures
PN View
BCNBasic Context Node
ECN
Enhanced Context Node
CMN
Context Management Node
CMNBCN
BCN
ECN
ECN
Personal Network Federations 1
Personal Network Federations
Personal Network Federations 2
Personal Network Federation (PN-F)
An agreed cooperation of independent PNs with the purpose of achieving a specific common goal
Personal Network Federations 3
PN-F for Sharing Photos, Videos, and Printing Services
PN2 PN3
PN1 PN4Jane
PN2 PN3
PN1 PN4Jane
Personal Network Federations 4
Other PNF Examples
• Disaster relief• Sharing content and services with friends/family• Sharing sensor information for road safety• Assisted living• Sharing access facilities to Internet• Sharing educational material during a class
Personal Network Federations 5
5
Extended availableservices to C
Initial availableservices to C
Exported services
PN A
PN C
PN B
Initial availableservices to A
Initial availableservices to B
Extended availableservices to A
PN Federation Concept
Personal Network Federations 6
PN-F Requirements
• Automatic set up, organization and maintenance• Management of memberships and resources• Mechanisms for joining a PN-F• Management of the resources committed to the PN• Service discovery within the scope of the PN-F• Identity management• Access control mechanisms• Security and privacy
Personal Network Federations 7
PN-F Architecture
Components:• Per PN Federation:
• Federation Manager• PN-F Profile
• Per PN:• Federation Agent• PN-F Participation Profile
Personal Network Federations 8
PNF managed by one of its members
PN1 PN2
Federation Agent GW GW Federation
Agent
PN-F participationProfile
PN-F profile
PN-F participationProfile
FederationManager
CreatorPN1 PN2
Federation Agent
Federation Agent GWGW GWGW Federation
AgentFederation
Agent
PN-F participationProfile
PN-F profile
PN-F participationProfile
FederationManager
FederationManager
Creator
Personal Network Federations 9
PNF managed by a third party
PN1 PN2
GW GW Federation Agent
PN-F participationProfile
PN-F profile
PN-F participationProfile
Creator
FederationManager
Federation Agent
PN1 PN2
GWGW GWGW Federation Agent
Federation Agent
PN-F participationProfile
PN-F profile
PN-F participationProfile
Creator
FederationManager
FederationManager
Federation Agent
Federation Agent
Personal Network Federations 10
Life Cycle of a PN-F
Initial
Definition PN-F profile by creator Discovery
Participation
Operation
Dissolution
PN-F Participation profile
Potential member
Joining
Access granted
Tear downEvolution
(Join, leave)
Personal Network Federations 11
Access Control
Two levels of access control:• First level: When a new member wants to join the
Federation• Second level: When a member wants to access a
service in the Federation
Personal Network Federations 12
First-Level Access Control
PN1
creator
PN2
Creating PN-F profileCreating PN-F Participation profile Initial phase
Discovery phase
Formation phase
AUTHENTICATION
AUTHORIZATIONPolicy evaluation
Credentials participant
Finding each other
Operation phase
First level access control
FederationAgent
FederationManager
PN-F services available for use
PN1
creator
PN2
Creating PN-F profileCreating PN-F Participation profile Initial phase
Discovery phase
Formation phase
AUTHENTICATION
AUTHORIZATIONPolicy evaluation
Credentials participant
Finding each other
Operation phase
First level access control
FederationAgent
FederationManager
PN-F services available for use
Personal Network Federations 13
Second-Level Access ControlPN1
creatorPN2
FederationManager
FederationAgent
FederationAgent
PN3
Operation phaseDirectory look up
Service location (PN3)Service RequestMembership credentials
AUTHENTICATION
Authorization policies
Access granted/denied
Second levelAccess control
PN1creator
PN2
FederationManager
FederationManager
FederationAgent
FederationAgent
FederationAgent
FederationAgent
PN3
Operation phaseDirectory look up
Service location (PN3)Service RequestMembership credentials
AUTHENTICATION
Authorization policies
Access granted/denied
Second levelAccess control
Personal Network Federations 14
Service Provisioning
Network Overlay• Virtual network with all the PN devices and services available in the
Federation
Service Proxy• Services are access at the gateway nodes by means of a service
proxy
Personal Network Federations 15
Network Overlay
PN1 PN2
GW GW
PN1 PN2
GW GW
Personal Network Federations 16
Service Proxy
PN1 PN2
client server
ServiceProxy 1
ServiceProxy 2
secure tunnel
GWGW
PN1 PN2
client server
ServiceProxy 1ServiceProxy 1ServiceProxy 1
ServiceProxy 2ServiceProxy 2ServiceProxy 2
secure tunnel
GWGW
Personal Network Federations 17
Security in PN Federations
• Trust between PN-F Creator and a New Member• Involving the services of a trusted third party (TTP).
Example: Personal Network Directory Service (PNDS)
• Security association between the PN-F Creator and a New Member• Using well-established protocols, as e.g. TLS
• Security Association among Members of the Federation• Group key• PN-F manager as certification authority
Personal Network Federations 18
Personal Network Directory Service
PN2PN1
Internet
Service operator network
PN directoryservice
PNDS APIPNDS API
PN2PN1
Internet
Service operator network
PN directoryservice
PNDS APIPNDS API
Personal Network Architecture
Demonstation of Personal Networks
A Three Cluster Demo
Personal Network Architecture
Demo Setup
Infrastructure Networks
PN Agent
2
Personal Network Architecture
Additional Notes
Personal Networks
Personal Network Architecture
Further ReadingEcma Internal TR-102http://www.ecma-
international.org/publications/techreports/E-TR-102.htm
http://www.pn-technology.com/
http://magnet.aau.dk/
7
Personal Network Architecture
BookPersonal Networks: Wireless Networking forPersonal DevicesMartin JacobssonIgnas NiemegeersSonia Heemstra de Groot
Wiley
http://www.pn-technology.com/
8