OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN

Transcription

1 OnboardICNg: a Secure Protocol for On-boarding IoT Devices in ICN Alberto Compagno 1,3, Mauro Conti 2 and Ralph Droms 3 1 Sapienza University of Rome 2 University of Padua 3 Cisco Systems 3rd ACM Conference on Information-Centric Networking September 28, 2016

2 IoT Scenario Internet Publishes readings under a proper namespace e.g. [1]: /coord/readings [1] M. Enguehard, et al. "SLICT: Secure Localized Information Centric Things." ACM ICN, Wireless mesh network of resource-constrained devices IEEE MAC 2 of 20

3 Unauthorized access Internet Easy to deploy malicious devices An attacker can waste devices resources: bandwidth, energy, memory, computation 3 of 20

4 Unauthorized access in ICN Internet Even a more serious problem Attacker can target network state (PIT, CS): Interest flooding, cache pollution attacks 4 of 20

5 How to secure the network? Internet Create a network of trusted devices: Device authentication and authorization to join the network Prevent packets manipulation and injection: Hop-by-hop packet integrity/authenticity check 5 of 20

6 Existing approaches In IP wireless mesh network (ZigBee IP): EAP-PSK with Protocol for Carrying Authentication for Network Access EAP-PSK/PANA EAP-TLS/PANA In ICN wireless mesh network: Nothing so far 6 of 20

7 Our proposal OnboardICNg We design OnboardICNg, an on-boarding protocol based on symmetric encryption that: Authenticates and authorizes new devices to join network Provides the authentication of the network to the joining device Bootstraps the key material for MAC and network layer Has a low cost in terms of devices resources 7 of 20

8 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet 8 of 20

9 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet AGW queries devices / issues commands 8 of 20

10 System model AGW Internet Figure: Advanced Metering Infrastructure Scenario Application Gateway (AGW) provides connectivity to Internet AGW queries devices / issues commands Devices retrieve content only from AGW 8 of 20

11 System Model To secure communication we distribute: k dj AGW : a pairwise key between each device d j and AGW Used to protect confidentiality and provide content authentications to content retrieved between d j and AGW (e.g., AGW queries and crypto material intended for d j ) k dj d nbr : pairwise key between d j and d nbr Used to trigger the integrity (and optionally confidentiality) 9 of 20

12 System model AGW Internet AAM Figure: Advanced Metering Infrastructure Scenario Authentication Authorization Manager (AAM) authenticates and authorizes devices Pre-shared key () between each device and AAM during provisioning phase 10 of 20

13 OnboardICNg - High level picture AGW AAM d j Device d nbr Figure: OnboardICNg 11 of 20

14 OnboardICNg - High level picture AGW AAM d j Device d nbr (a) OnboardICNg PANA Authentication Agent (PAA) AAM PANA Client (PaC) (b) EAP-PSK/PANA 12 of 20

15 AKEP2 OnboardICNg is built on AKEP2 scheme (which has proven to be secure) AKEP2 provides: Mutual authentication Authenticated key exchange A B s identity B A s identity, proof of A authenticity k =KDF(,) Proof of B authenticity k =KDF(,) 13 of 20

16 AKEP2 OnboardICNg is built on AKEP2 scheme (which has proven to be secure) AKEP2 provides: Mutual authentication Authenticated key exchange A B s identity B k =KDF(,) A s identity, proof of A authenticity k =KDF(,) Proof of B authenticity k =KDF(,) k =KDF(,) 13 of 20

17 AKEP2 in ICN AKEP2 can be simply implemented in interest and content packets...but it is a two party protocol A interest B content B s identity k interest content A s identity, proof of A authenticity Payload interest k content Proof of B authenticity interest content 14 of 20

18 OnboardICNg - Description d j d nbr Certifies to d j that the network is authentic AGW AAM interest content 15 of 20

19 OnboardICNg - Description k d j AKEP2 d nbr s identity d j s identity, proof auth. d nbr Certifies to d j that the network is authentic AGW AAM d nbr s identity, proof auth. interest content 15 of 20

20 OnboardICNg - Description k d j d nbr s identity d j s identity, proof auth. d nbr Certifies to d j that the network is authentic AGW AAM d nbr s identity, proof auth. interest content 15 of 20

21 OnboardICNg - Description k d j d nbr s identity d nbr d nbr expresses an interest to retrieve authorization and crypto material AGW AAM d j s identity, proof auth. d nbr s identity, proof auth. interest content 15 of 20

22 OnboardICNg - Description k d j d nbr s identity d nbr AAM authenticates and authorizes d j AGW AAM d j s identity, proof auth. d nbr s identity, proof auth. interest content 15 of 20

23 OnboardICNg - Description k d j d nbr s identity d nbr AAM authenticates and authorizes d j AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. interest content 15 of 20

24 OnboardICNg - Description K d j d nbr s identity d nbr Crypto material to generates d nbr proof auth. AGW AAM d j s identity, proof auth. Crypto material, kd j -AGW d nbr s identity, proof auth. interest content 15 of 20

25 OnboardICNg - Description K d j d nbr s identity d nbr Encrypted with to protect confidentiality AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. interest content 15 of 20

26 OnboardICNg - Description K d j d nbr s identity d nbr Encrypted with to protect confidentiality AGW AAM d j s identity, proof auth. Crypto material, k dj -AGW k, k d j -d nbr d nbr s identity, proof auth. interest content 15 of 20

27 OnboardICNg - Description Encrypted with k d j d nbr AGW AAM d nbr s identity K d j s identity, proof auth. Crypto material, k dj -AGW d nbr s identity, proof auth. k d, k j -d nbr dj -AGW k, k dj -d nbr interest content 15 of 20

28 OnboardICNg - Evaluation settings We compare OnboardICNg with EAP-PSK/PANA Specifically, constrained devices having a similar role: d j with PaC joining device d nbr with PRE neighbor OnboardICNg evaluation setting: 1+0 Encoding proposal for CCN [1] resourced-constrained devices with hardware implementation of AES-128 (e.g., MSP430 MCU combined with the CC2420 radio chip) [1] CCN and NDN TLV encodings in packets. pdfs9ielpwcji.pdf. 16 of 20

29 OnboardICNg - Analytical evaluation Communication cost comparison Bytes transmitted/received between entities d j /PaC d nbr /PRE AGW/PAA OnboardICNg: 549 B 318 B EAP-PSK/PANA: 1380 B 2481 B -70% -87% 17 of 20

30 OnboardICNg - Analytical evaluation Computation cost comparison (milliseconds) EAP-PSK/PANA OnboardICNg Crypto op. PaC PRE d j d nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der. 22,75 0,00 23,05 0,90 Encrypt 0,00 0,00 0,00 0,30 Decrypt 0,30 0,00 0,60 0,30 Memory cost comparison (bytes) EAP-PSK/PANA OnboardICNg PaC PRE d j d nbr Comparable memory and computation cost for the joining device Greater memory and computation cost on neighbor device, but of 20

31 OnboardICNg - Analytical evaluation Energy cost comparison 19 of 20

32 Conclusion OnboardICNg is the first protocol providing secure authentication and authorization for IoT over ICN Resilient to outsider and insider attacks Securely bootstraps cryptographic material for subsequent secure communication Resource utilization compares favorably with EAP-PSK/PANA Up to 87% less in communication cost Up to 66% less in energy consumption 20 of 20

33 Conclusion OnboardICNg is the first protocol providing secure authentication and authorization for IoT over ICN Resilient to outsider and insider attacks Securely bootstraps cryptographic material for subsequent secure communication Resource utilization compares favorably with EAP-PSK/PANA Up to 87% less in communication cost Up to 66% less in energy consumption Questions? 20 of 20