TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Similar documents
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

An Efficient Key Update Scheme for Wireless Sensor Networks

05 - WLAN Encryption and Data Integrity Protocols

Sensor Networks. Xueying Zhang, Howard M. Heys, and Cheng Li. Electrical and Computer Engineering. Faculty of Engineering and Applied Science

Wireless Security Security problems in Wireless Networks

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

On the Internet, nobody knows you re a dog.

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

CS 161 Computer Security

How Insecure is Wireless LAN?

CIS 4360 Secure Computer Systems Symmetric Cryptography

MiniSec: A Secure Sensor Network Communication Architecture

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Top-Down Network Design

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CSC 774 Advanced Network Security

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Lecture 1 Applied Cryptography (Part 1)

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Top-Down Network Design

Providing Transparent Security Services to Sensor Networks

Sensor-to-cloud connectivity using Sub-1 GHz and

1 Achieving IND-CPA security

Block Cipher Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

Overview of Security

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Chapter 24 Wireless Network Security

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Distributed Systems. Lecture 14: Security. 5 March,

Summary on Crypto Primitives and Protocols

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Block Cipher Modes of Operation

Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this

Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl

WiMAX Security: Problems & Solutions

Stream Ciphers An Overview

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

(2½ hours) Total Marks: 75

IPSec. Overview. Overview. Levente Buttyán

Cryptology complementary. Symmetric modes of operation

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Crypto: Symmetric-Key Cryptography

Symmetric Encryption 2: Integrity

CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE i): A Comparison with DES and RSA

Stream Ciphers. Stream Ciphers 1

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven

A practical integrated device for lowoverhead, secure communications.

CE Advanced Network Security Wireless Security

Network Encryption 3 4/20/17

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

Network Design Considerations for Grid Computing

CS 268: Computer Networking. Taking Advantage of Broadcast

Authentication for Bulk Data Dissemination in Sensor Networks. Using Symmetric Keys 1

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

IP Security. Have a range of application specific security mechanisms

Overview. SSL Cryptography Overview CHAPTER 1

CS 332 Computer Networks Security

Network Security Essentials

The Final Nail in WEP s Coffin

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

Information Security CS526

Security. Communication security. System Security

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Secure Lossless Aggregation in Smart Grid M2M Networks

Advanced WiFi Attacks Using Commodity Hardware

The Salsa20 Family of Stream Ciphers

Chapter 7 CONCLUSION

Double-DES, Triple-DES & Modes of Operation

A SIMPLE INTRODUCTION TO TOR

Wireless Network Security Spring 2015

Architectural Support for Copy and Tamper Resistant Software

CSCE 715: Network Systems Security

Wireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking

CIS 5373 Systems Security

Virtual private networks

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER

ZIGBEE. Erkan Ünal CSE 401 SPECIAL TOPICS IN COMPUTER NETWORKS

S Series Switches. MACsec Technology White Paper. Issue 1.0. Date HUAWEI TECHNOLOGIES CO., LTD.

CPSC 467b: Cryptography and Computer Security

Content of this part

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

Transport Layer Security

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Symmetric-Key Cryptography

Network Security. Chapter 4 Symmetric Encryption. Cornelius Diekmann With contributions by Benjamin Hof. Technische Universität München

Mobile Routing : Computer Networking. Overview. How to Handle Mobile Nodes? Mobile IP Ad-hoc network routing Assigned reading

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Communication Layer, Attacks and Security Mechanisms of Wireless Sensor Network

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

0x1A Great Papers in Computer Security

First Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Transcription:

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1

Introduction What is TinySec? Link-layer security architecture for wireless sensor networks Why do we need TinySec? Sensor Networks need a way to communicate securely Wireless inherently insecure due to it s broadcast nature Existing secure protocols are too bloated for wireless sensor networks Sensor networks have limited computational resources, battery life and communication capabilities 2

Contributions TinySec is the first fully-implemented link-layer layer security protocol for wireless sensor networks TinySec is implemented in official TinyOS release Tradeoffs between performance, transparency and security are discussed The authors try to balance this tradeoff for the application (wireless sensor networks) Bandwidth, latency and power consumption are analyzed for TinySec It is feasible to implement this in software TinySec is a basis for higher level security protocols 3

Sensor Networks Heterogeneous system of sensor with general-purpose computing elements Most networks will consist of hundreds or thousands of sensors Generally used to collection some information about an environment 4

Mica2 Representative Hardware Several cubic inches 8 MHz 8-bit 8 Atmel CPU 128 kb instruction memory 4 kb RAM (data) 512 kb flash memory 19.2 kbps radio with a range of ~100 meters Operates for ~ 2 weeks at full power Run TinyOS 5

Mica2 Hardware 6

Security Risks & Threat Models Broadcast medium Adversaries can listen to data, intercept data, inject data and alter transmitted data What TinySec does Guarantee message authenticity, integrity and confidentiality What TinySec doesn t protect against Resource consumption attacks Physical tamper resistance Node capture attacks 7

Link-Layer Layer vs End-to to-end End-to to-end security Typical approach in wired networks Packets are encrypted by the sender and decrypted by the receiver Nodes relaying the message don t decrypt the message, relay as-is Transport layer Link-layer security Each physical transmission of the packet gets encoded and decoded Data link layer 8

Why Link-Layer Layer Security? Sensor networks typically have a many-to to-one one architecture All sensors transmit their readings to the base station Ideally duplicate messages (from different sensors) will be dropped Link-layer architecture needed Link-layer architecture detects bad packets immediately Saves resources 9

Design Goals: Security Access Control Unauthorized parties should not be able to participate Solution: MAC code Message Integrity If a message is modified in transit, it needs to be detected Solution: MAC code Message Confidentiality Information needs to be kept private from unauthorized parties Solution: Encryption 10

Design Goals: Security (Omission) Replay Protection An unauthorized party resends a legitimate packet which it overheard at a later time Typical defense: associate counter with each message Problem: state needs to be kept for this and we don t have the resources for this Solution: Let a higher level protocol deal with this if it is a problem 11

Design Goals: Performance Overhead Increase in message length Decrease throughput Increase latency Increase power consumption Increase in computation (encryption) Increase power consumption 8 bytes is ~25% of packet size Traditional security protocols use 8-168 bytes at least 12

Design Goals: Ease of Use Higher level security protocols will rely on TinySec Transparency TinySec should be transparent to the application developer when in use Portability TinySec should support different CPU and radio hardware Any necessary porting should be as painless as possible 13

Security Primitives: MAC Message Authentication Code (MACs( MACs) Solution to message authenticity and integrity Cryptographically secure CRC Sender and Receiver share a private key Sender computes MAC over message using private key and includes it in the packet Receiver does the same, if MAC computed is different from MAC in the message, receiver rejects the message 14

Security Primitives: IV Initialization Vectors (IVs) Encryption mechanism Side input to encryption algorithm Helps to achieve Semantic Security Adversaries should have no better than a 50% chance at guessing any yes/no question about a message IV adds variation to Encryption Important when encrypted messages vary little IV is publicly included as part of message Tradeoff on IV length of overhead vs resource usage 15

TinySec Design TinySec-AE Authentication & Encryption MAC computed over encrypted data and the packet header Ensures data received is from a trusted node Prevents adversaries from seeing data TinySec-Auth Authentication Only Only ensure data received is from a trusted node Good when data does not need to be private 16

TinySec Encryption Encryption Scheme Cipher block chaining (CBC) IV format 8 byte IV Want to minimize overhead while getting enough security Part of IV is a counter More on this later 17

Encryption Algorithm Options Stream ciphers Faster than block ciphers (good!) If we ever use the same IV, it is highly likely both messages can be decrypted (bad!) We have limited resources to vary the IV Must use a block cipher algorithm Block ciphers Keyed pseudorandom permutation over bit strings Operates on blocks of data (message broken up into blocks) 18

More on Block Ciphers Good MAC algorithms use block cipher-s Two bird with one stone (save code space) Mode of operation Counter (CTR) Similar to stream ciphers reject Cipher block chaining (CBC) Can be made to work with IVs that may repeat XOR encryption of message length with first plaintext block Examples include: DES, AES, RC5, Skipjack Skipjack chosen due to licensing issues and practicality of software implementation 19

Packet Format TinyOS Packet Format 36 Bytes TinySec-Auth Packet Format 37 Bytes TinySec-AE Packet Format 41 Bytes IV 20

Packet Format Explained Destination, AM and length sent unencrypted Used for early rejection of messages Only data is encrypted (TinySec-AE) Take 2 bytes for CRC and put them toward 4 bytes used for MAC (+2 bytes) MAC computed over entire packet (data + header) Group field dropped (-1( 1 byte) Differentiates between multiple sensor networks MAC does this for us TinySec-AE additional fields (+4 bytes) src source address ctr counter These add variability to the IV 21

Security Analysis Message Integrity and Authenticity Based on MAC length (4 bytes for TinySec) 1 in 2^32 chance to guess it Adversary must send 2^32 packets to correctly fake a message This is not OK for regular networks, given our data rate, this is ok It would take 20 months to send this many packets at 19.2kb/s (What if hardware improves significantly?) (How will TinySec keep up?) (Authors argue that the trend is not in this direction) 22

Security Analysis Message Confidentiality Security based on IV length, assuming no reuse 8 byte counter or 16 byte random would be sufficient However, we have an 8 byte total IV 2 Destination, 1 AM, 1 Length, 2 Source and 2 Counter Try to maximize packets each node can send before global reuse of an IV Each node can send 2^16 packets before IV reuse Assume same destination, AM and length At 1 packet per minute -> > reuse will not occur for 45 days (Again, what if this changes?) IV reuse only problem when using same private key 23

Keying Mechanisms How do we distribute private keys to trusted nodes? Keys preconfigured Network-wide wide 1 key for all nodes in the network Per-link Each pair of nodes that communicate share a key Per-group Each set of nodes that communicate share a key (Slightly off topic, but relevant to making the system work) 24

Implementation TinySec implemented for TinyOS Runs on Mica, Mica2, and Mica2Dot 3000 lines of nesc code TinySec uses 728 bytes of RAM and 7146 bytes of program space (Good!) Needed to modify the TinyOS scheduler to be a priority FIFO queue (2 priorities) Cryptographic operations highest priority 25

Implementation TinySec is independent of the encryption algorithm used Both RC5 and SkipJack implemented Upper two bits of length field hijacked to determine mode of operation Enabling TinySec is as simple as defining an environment variable in your makefile For testing, network-wide wide key used 26

Evaluation Cost of TinySec? Larger packets more overhead Decrease throughput Increase Latency Increase power consumption This occurs regardless of implementation Encryption algorithm (MAC and encryption) Increase power consumption This can be vary depending on implementation Hardware support could remove this cost 27

Evaluation Cipher Costs Cipher algorithm Affects computation time Thus affects power consumption overhead Must complete in time for data to be ready for the radio 28

Evaluation Energy Cost 29

Evaluation Energy Cost Sampled current drawn for sending 24 bytes of data Power draw at the beginning is cryptographic operations + sending start symbol TinyOS 0.00016 mah TinySec-Auth 0.000165 mah (+3%) TinySec-AE 0.000176 mah (+10%) Most of excess power draw comes from radio use of additional overhead (not CPU draw) Helps support argument that we can do this in software 30

Evaluation - Throughput 31

Evaluation - Throughput Computed how many packets could be sent in 30 seconds Varied the number of senders 24 bytes of data sent TinySec-Auth almost identical to TinyOS TinySec-AE is ~6% lower with more than 5 senders Payloads later varied to equate packet size Shows that added throughput comes totally from additional packet size (Obvious, but good to show) 32

Evaluation - Latency 33

Evaluation - Latency 36 nodes setup in 6 x 7.75 ft grid Network diameter is 10 hops Message path: Base station, node, landmark, node, base Minimum hop count = 4 For each route length, route 200 packets Average transmission times per hop count Additional latency attributed to additional overhead 34

Conclusions TinySec addresses an area which was previously unimplemented Link-layer security for wireless sensor networks Very easy for developers to take advantage of Performance and resource hit is not bad TinySec-Auth very close to TinyOS TinySec-AE performs well 35

Comments (Good explanation) (Authors thoroughly evaluated the system) (System proved to satisfy the authors goals) (Covers a gap in wireless networking) (Many other projects seem to be using TinySec) 36

Acknowledgements www.xbow.com Slide 6 - mica2 picture http://camars.kaist.ac.kr/~hyoon/courses/cs710_ 2004_fall/rhoyo.ppt Slide 6 - mica2 picture Slide 20 Packet format pictures Original Paper Slide 28 Table 3 Slide 29 Figure 2 Slide 31 Figure 3 Slide 33 Figure 4 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback