PlusMoSmart

Make wireless networks usable for mobile IoT connectivity for public services in smart cities in a secure and plannable manner.

Wireless Communication in Critical Infrastrucuture Networks

Wireless networks offer many advantages and are ubiquitous in our daily lives. They allow for a quick, easy, and cost-efficient interconnection of all kinds of devices ranging from conventional computers and smartphones to tiny sensors commonly deployed in smart homes. This trend has of course long since arrived in the industry where cost-efficiency is of utmost importance. Furthermore, networks from public service providers could particularly benefit from the advantages of wireless networks which allows for the connection of inaccessible or widespread systems. Here, prominent examples would be the interconnection of smart metering infrastructure or wind parks. However, wireless networks have inherent security risks which need to be addressed properly. In particular, this includes the easier physical access to the network and devices as well as the utilization of third-party infrastructure. A fundamental tool for safeguarding the communication of these systems is proper end-to-end security as provided for example by TLS. These, however, can constitute a significant overhead for low-cost resource-constrained systems and must therefore be evaluated for their overhead and optimized for the desired application.

Our Contribution

The PlusMoSmart project aims to make wireless networks usable for critical infrastructure providers in a secure and plannable manner. Within the scope of this project, we are currently evaluating the overhead of the Transport Layer Security (TLS) protocol. As this protocol is widely used and provably secure, it constitutes a prime candidate for proper end-to-end encryption and integrity protection of wireless communications in critical infrastructure. However, a multitude of available algorithms, parameters, and configuration options leads to fluctuating overhead. We aim to examine these fluctuations thoroughly and study as many overhead dimensions as possible. In particular, we want to examine the overhead of TLS with regard to bandwidth, CPU, memory, latency, and power consumption. With this, we want to get a comprehensive overview of the fluctuations, identify the most significant influences, and identify trade-off potential.

Concept Figure
Concept for the adaptation of a common TLS library by a profile secletion mechanism.

Based on these insights, we strive to subsequently optimize TLS dynamically to current resource constraints. The above figure illustrates the intended adjustments to a TLS library. A profile selector shall be added to the TLS library such that the interaction of an application with the library remains largely untouched. However, this selector can be additionally provided with current constraints from various sources. Based on these, it selects the most suitable profile precalculated from our comprehensive preceding measurements. Information about the wireless network and its current utilization combined with information from the application promises to provide a solid basis for the proper selection of profiles.

Funding

BSI

This project is funded by the German Federal Ministry for Information Security (BSI) under project funding reference number 01MO23003D.