The Cryptographic Sensor

Transcription

1 The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective security communication in wireless sensor networks (WSN). The problem of WSN is that they require minimizing energy consumptions. Computationally intensive cryptographic protocols can have too much spent energy. The proposed solution is to give the cryptographic calculations in a specialized chip cryptographic sensor. Cryptographic sensor will allow secure communications in WSN at a similar level as in other networks. Keywords: Wireless Sensor networks, Security of Wireless Sensor networks, Cryptographic sensor. 1 Introduction Nodes in WSN are typically equipped with interfaces for sensors. On this interface are connected sensors or actors. The aim of this work is the implementation of Public Key Cryptography in WSNs using cryptographic modules that is connected to the sensors. Thus connected cryptographic module will hereinafter refer as cryptographic sensor. 2 Related Works In the literature we meet with the claim that use of Public Key Cryptography is an energy-intensive [1]. There are discusses the use of Elliptic Curves Cryptography (ECC) [2]. In terms of the potential of ECC particularly that offer the same security keys for a much shorter, which shortens the length of energyintensive cryptographic operations. For example, RSA with 1024-bit keys (RSA-1024) is currently in normal commercial practice still acceptable level of safety. For many applications, and is equivalent in strength to ECC 160-bit keys (ECC-160). Currently, the recommended minimum size for RSA keys is 2048 (RSA-2048) ECC corresponds with 224-bit key (ECC-224) [3]. The authors [4] demonstrated that the authentication and key agreement can be efficiently implemented using ECC on nodes with limited energy sources (Micra2). In the literature, there are proposals simplified asymmetric cryptographic algorithms or arguments for using shorter keys. The aim is to reduce energy requirements for cryptographic operations. Undoubtedly an interesting solution is to find such protocols, where energy-intensive cryptographic operations should be made only selected nodes WSN (e.g. base station). Security and Protection of Information

2 3 The proposed solution Cryptographic modules to protect users' personal assets are used in a variety of applications. From credit cards with chip over the smart cards in satellite receivers to travel documents in accordance with the ICAO 9303 standard. The result is that these modules today produced in millions series, and thus they have achieved a low price The proposed solution is to convert the energy-intensive cryptographic operations from the microcontroller of WSN to the cryptographic sensor. And if this is possible do not store important cryptographic assets to FALSH memory of node WSN, but in the cryptographic sensor. The exceptions are: The secret key for secure communication node-cryptographic sensor (see be-low). Current session keys and shared secrets for actual communication with neighboring nodes in WSN. Figure 1: WSN node with cryptographic sensor. We are testing cryptographic sensors by using the chips of bank smart cards (Figure 1). We are aware that for practical deployment would be appropriate to implement cryptographic module directly to a node. However, for the experiment are smart cards practical. 3.1 Cryptographic operations Cryptographic operations run by WSN node can be divided into the following types of cryptographic operations: 1. Operations before deploying WSN node (personalization of cryptographic sensor). 2. Operations during security initialization of node into WSN. Cryptographic operations can either when the node is starting up or by initializing a neighboring node. The reason is that authentication is the process by which one entity authenticates against another entity. Both entities in authentication perform cryptographic operations. The aim of cryptographic operations during node initialization is node authenticate and agree with its neighbors the cryptographic material that will be used to secure regular communication in WSN. 3. Operations when regular communication node in WSN. Use commonly used cryptographic protocols in WSN, but using cryptographic material generated during initialization node. 44 Security and Protection of Information 2013

3 3.2 The idea The basic idea is that the cryptographic sensor will be turned on only during security initialization of node into WSN. The period during which the on-going security initialization node is very short compared with the time during which the node operates. The amount of energy consumed for cryptographic operations will be negligible. 3.3 Connecting the cryptographic sensor to the node Smart card we connected to the UART interface of controller node. Connection is via T=1 protocol specified by ISO/IEC Securing this communication method assumes cryptographic secure messaging specified by ISO/IEC Energy demands In terms of energy intensity of each type of cryptographic operations entirely different: Personalization of cryptographic sensor performs during the sensor is connected to an external power source. For operation the node in the WSN is not relevant. During security initialization node uses cryptographic sensor. Outside the security initialization cryptographic sensor is switched off. Frequency of initialization is of the order of days, weeks or months depending on the specific WSN. Although, cryptographic initialization is energy intensive (< 25 mws) and due to the fact that during the life cycle of the sensor is activated a few times, so the total share of the consumption of the sensor will be negligible. Power Cryptographic sensor is controlled by special software from the sensor s CPU. The algorithm ensures the gradual accumulation of energy and then its the subsequent fast output when cryptographic operations are performed. Current communication. Public key cryptography don't use. Cryptographic operations does not increase the current state of energy intensity (the cryptographic sensor is off). 5 Personalization of cryptographic sensor During personalization will be for each cryptographic sensor generated pair public / private key. The public key will then together with the identification of the node inserted into the certificate of public key. During personalization will into a cryptographic sensor load: Public key of certification authority. Pair public and private key of cryptographic sensor. Certificate of public key of cryptographic sensor. Secret key for secure messaging secure communication between a node and its cryptographic sensor. Optionally additional secret key for secure communication between crypto-graphic sensor and base station of WSN. This communication can be useful, for example in the case of a renewal certificate of the certification authority. For secure communication between a node and its cryptographic sensor (or be-tween cryptographic sensor and base station of WSN) can be used cryptographic secure messaging method specified in ISO/IEC Security and Protection of Information

4 6 Public key infrastructure Used public key certificates can be for example according to the X.509 standard, respectively RFC 5280 [6]. This structure is however complicated processing. It seems preferable the use of EMV standard [5] designed for credit cards. EMV uses the data structure of the certificate with the items of fixed length. This structure is much easier to handle. This structure minimizes the size of the code that runs in the node and the cryptographic calculations to the maximum extent abandoning cryptographic sensor that is optimized for these calculations. EMV cards we have not yet had the opportunity to test. 7 Used cryptographic protocol The protocol includes mutual authentication between two nodes and on the basis of this authentication derive cryptographic material that subsequently will be used to derive cryptographic keys and shared secrets for calculating MAC (Message Authentication Code ensuring the integrity of transmitted messages). Figure 2: Security Initialization. The algorithm is as follows: 1. The neighbors shall exchange their cryptographic sensor s certificates of public keys (certificates are stored in the cryptographic sensors during its initialization). 2. Both neighbors verify the received certificate by the public key of certification authority stored in the cryptographic modules during their personalization. 3. Nodes generate random numbers and encrypt it by public key of neighbor. The result sign by its private key. 4. Nodes exchange results of previous step. 5. Nodes verify arrived message: (a) verify digital signature of neighbor, (2) decrypt content of message by its private key. 6. Nodes derived from decrypted content: secret session cryptographic keys, initialization vectors and shared secret for MAC calculation from received random numbers. 46 Security and Protection of Information 2013

5 8 Using nodes with cryptographic sensors Figure 3: WSN with cryptographic sensors. Even though from Figure 2 would seem to suggest that every node connected cryptographic sensor, so we believe that it can be very interesting at least some of the nodes equip by cryptographic sensors (Figure 3). If the sensor network nodes are equipped with no security options, then the attacker can easily generate a false event. In such a network it cannot verify whether an event is real or fake. In the case that there at least some WSN nodes with cryptographic sensors, then: In the case that there at least some WSN nodes with cryptographic sensors (Figure 4), then: Node with a cryptographic sensor can report an event to prove the authenticity of the supplement information (eg MAC). The base station can subsequently ask sensor node equipped with cryptographic sensor of proof of authenticity of the information (eg MAC) Figure 4: Some of the nodes in the area of event are equipped with cryptographic sensor. Security and Protection of Information

6 9 Attacks The attack on the cryptographic material in the flash memory. This problem is the same as in the case of nodes without cryptographic sensor. The power management attack. Attacker node may falsely authenticate to WSN. That activates the initialization procedure of neighboring nodes and deprives them of their energy. Against these attacks is possible, for example, tracking the number of authentication defend orders and ignoring them after a certain time interval. 10 Conclusion The use of cryptographic security sensors effectively solves security of communication in WSN without compromises of cryptographic protocols. With low prices of cryptographic chip does not increase too much price of nodes. References [ 1 ] A. S. Wander, N. Gura, H. Eberle, V. Gupta and S. C. Shantz: Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks, Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, [ 2 ] Elliptic Curve Cryptography, SECG Std. SEC1, 2000, available at collateral/sec1.pdf. [ 3 ] A. Liu and P. Ning: Tiny ECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks, [online], available at TinyECC-IEEE.pdf [ 4 ] EMV, Integrated Circuit Card, Specifications for Payment Systems, Version 4.3, November 2011 [ 5 ] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280, IETF Security and Protection of Information 2013