The Cryptographic Sensor

Similar documents
Internet Engineering Task Force (IETF) Request for Comments: 6160 Category: Standards Track April 2011 ISSN:

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:

Digital Certificates Demystified

On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks

HTTPS is Fast and Hassle-free with Cloudflare

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Study on data encryption technology in network information security. Jianliang Meng, Tao Wu a

Use of Symmetric And Asymmetric Cryptography in False Report Filtering in Sensor Networks

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Cryptographic Concepts

Overview. SSL Cryptography Overview CHAPTER 1

Category: Informational January 2010 ISSN:

LIGHTWEIGHT KEY MANAGEMENT SCHEME FOR HIERARCHICAL WIRELESS SENSOR NETWORKS

Internet Engineering Task Force (IETF) Request for Comments: 5959 Category: Standards Track August 2010 ISSN:

Diffie-Hellman. Part 1 Cryptography 136

Internet Engineering Task Force (IETF) Request for Comments: 6032 Category: Standards Track. December 2010

Security in NFC Readers

Connecting Securely to the Cloud

Encryption. INST 346, Section 0201 April 3, 2018

This document is a preview generated by EVS

Kurose & Ross, Chapters (5 th ed.)

Certificateless Public Key Cryptography

Authentication Technology for a Smart eid Infrastructure.

Elliptic Curve Public Key Cryptography

Internet Engineering Task Force (IETF) Category: Informational ISSN: October 2013

Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

Practical Experiences with crypto on 8-bit

eidas Interoperability Architecture Version November 2015

Implementation of an RFID Key Management System for DASH7

Getting to Grips with Public Key Infrastructure (PKI)

Zero-Knowledge Proofs in M2M Communication

Updates: 2409 May 2005 Category: Standards Track. Algorithms for Internet Key Exchange version 1 (IKEv1)

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Security in Wireless Sensor Networks: an Overview

Introducing Hardware Security Modules to Embedded Systems

Dyadic Security Enterprise Key Management

A Two-Fold Authentication Mechanism for Network Security

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Key Protection for Endpoint, Cloud and Data Center

PKI Credentialing Handbook

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Computer Security: Principles and Practice

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

COMPGA12 1 TURN OVER

Public-key Cryptography: Theory and Practice

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Chongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Internet Engineering Task Force (IETF) Request for Comments: 6818 Updates: 5280 January 2013 Category: Standards Track ISSN:

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

The SafeNet Security System Version 3 Overview

Automotive Security An Overview of Standardization in AUTOSAR

SMart esolutions Information Security

Security in sensors, an important requirement for embedded systems

Introduction to Electronic Identity Documents

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

A Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.

NIST Cryptographic Toolkit

CSC 774 Network Security

Apple Inc. Certification Authority Certification Practice Statement

KNOWLEDGE SOLUTIONS. MIC2823 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 5 Day Course

Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN

Using existing security infrastructures

The Application of Elliptic Curves Cryptography in Embedded Systems

Uses of Cryptography

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Lecture 18 - Chosen Ciphertext Security

Standardisation efforst in lightweight cryptography

Grenzen der Kryptographie

White Paper for Wacom: Cryptography in the STU-541 Tablet

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

Building on existing security

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

TELIA MOBILE ID CERTIFICATE

SECURITY IN WIRELESS SENSOR NETWORKS USING ASSYMETRIC KEY BASED TECHNIQUES

Enhanced Management of Certificate Caching and Revocation Lists in VANET

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Category: Informational March Methods for Avoiding the "Small-Subgroup" Attacks on the Diffie-Hellman Key Agreement Method for S/MIME

Internet Engineering Task Force (IETF) S. Jiang Huawei Technologies Co., Ltd June The Secure Neighbor Discovery (SEND) Hash Threat Analysis

UNIT - IV Cryptographic Hash Function 31.1

SONERA MOBILE ID CERTIFICATE

DERIVED UNIQUE TOKEN PER TRANSACTION

Securing Smart Meters with MULTOS Technical Overview

Security Requirements for Crypto Devices

IBM i Version 7.2. Security Digital Certificate Manager IBM

Apple Inc. Certification Authority Certification Practice Statement

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Peer to Peer Authentication for Small Embedded Systems

Internet Engineering Task Force (IETF) Obsoletes: 6485 Category: Standards Track August 2016 ISSN:

Securing Network Communications

Transcription:

The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective security communication in wireless sensor networks (WSN). The problem of WSN is that they require minimizing energy consumptions. Computationally intensive cryptographic protocols can have too much spent energy. The proposed solution is to give the cryptographic calculations in a specialized chip cryptographic sensor. Cryptographic sensor will allow secure communications in WSN at a similar level as in other networks. Keywords: Wireless Sensor networks, Security of Wireless Sensor networks, Cryptographic sensor. 1 Introduction Nodes in WSN are typically equipped with interfaces for sensors. On this interface are connected sensors or actors. The aim of this work is the implementation of Public Key Cryptography in WSNs using cryptographic modules that is connected to the sensors. Thus connected cryptographic module will hereinafter refer as cryptographic sensor. 2 Related Works In the literature we meet with the claim that use of Public Key Cryptography is an energy-intensive [1]. There are discusses the use of Elliptic Curves Cryptography (ECC) [2]. In terms of the potential of ECC particularly that offer the same security keys for a much shorter, which shortens the length of energyintensive cryptographic operations. For example, RSA with 1024-bit keys (RSA-1024) is currently in normal commercial practice still acceptable level of safety. For many applications, and is equivalent in strength to ECC 160-bit keys (ECC-160). Currently, the recommended minimum size for RSA keys is 2048 (RSA-2048) ECC corresponds with 224-bit key (ECC-224) [3]. The authors [4] demonstrated that the authentication and key agreement can be efficiently implemented using ECC on nodes with limited energy sources (Micra2). In the literature, there are proposals simplified asymmetric cryptographic algorithms or arguments for using shorter keys. The aim is to reduce energy requirements for cryptographic operations. Undoubtedly an interesting solution is to find such protocols, where energy-intensive cryptographic operations should be made only selected nodes WSN (e.g. base station). Security and Protection of Information 2013 43

3 The proposed solution Cryptographic modules to protect users' personal assets are used in a variety of applications. From credit cards with chip over the smart cards in satellite receivers to travel documents in accordance with the ICAO 9303 standard. The result is that these modules today produced in millions series, and thus they have achieved a low price The proposed solution is to convert the energy-intensive cryptographic operations from the microcontroller of WSN to the cryptographic sensor. And if this is possible do not store important cryptographic assets to FALSH memory of node WSN, but in the cryptographic sensor. The exceptions are: The secret key for secure communication node-cryptographic sensor (see be-low). Current session keys and shared secrets for actual communication with neighboring nodes in WSN. Figure 1: WSN node with cryptographic sensor. We are testing cryptographic sensors by using the chips of bank smart cards (Figure 1). We are aware that for practical deployment would be appropriate to implement cryptographic module directly to a node. However, for the experiment are smart cards practical. 3.1 Cryptographic operations Cryptographic operations run by WSN node can be divided into the following types of cryptographic operations: 1. Operations before deploying WSN node (personalization of cryptographic sensor). 2. Operations during security initialization of node into WSN. Cryptographic operations can either when the node is starting up or by initializing a neighboring node. The reason is that authentication is the process by which one entity authenticates against another entity. Both entities in authentication perform cryptographic operations. The aim of cryptographic operations during node initialization is node authenticate and agree with its neighbors the cryptographic material that will be used to secure regular communication in WSN. 3. Operations when regular communication node in WSN. Use commonly used cryptographic protocols in WSN, but using cryptographic material generated during initialization node. 44 Security and Protection of Information 2013

3.2 The idea The basic idea is that the cryptographic sensor will be turned on only during security initialization of node into WSN. The period during which the on-going security initialization node is very short compared with the time during which the node operates. The amount of energy consumed for cryptographic operations will be negligible. 3.3 Connecting the cryptographic sensor to the node Smart card we connected to the UART interface of controller node. Connection is via T=1 protocol specified by ISO/IEC 7816-3. Securing this communication method assumes cryptographic secure messaging specified by ISO/IEC 7846-4. 4 Energy demands In terms of energy intensity of each type of cryptographic operations entirely different: Personalization of cryptographic sensor performs during the sensor is connected to an external power source. For operation the node in the WSN is not relevant. During security initialization node uses cryptographic sensor. Outside the security initialization cryptographic sensor is switched off. Frequency of initialization is of the order of days, weeks or months depending on the specific WSN. Although, cryptographic initialization is energy intensive (< 25 mws) and due to the fact that during the life cycle of the sensor is activated a few times, so the total share of the consumption of the sensor will be negligible. Power Cryptographic sensor is controlled by special software from the sensor s CPU. The algorithm ensures the gradual accumulation of energy and then its the subsequent fast output when cryptographic operations are performed. Current communication. Public key cryptography don't use. Cryptographic operations does not increase the current state of energy intensity (the cryptographic sensor is off). 5 Personalization of cryptographic sensor During personalization will be for each cryptographic sensor generated pair public / private key. The public key will then together with the identification of the node inserted into the certificate of public key. During personalization will into a cryptographic sensor load: Public key of certification authority. Pair public and private key of cryptographic sensor. Certificate of public key of cryptographic sensor. Secret key for secure messaging secure communication between a node and its cryptographic sensor. Optionally additional secret key for secure communication between crypto-graphic sensor and base station of WSN. This communication can be useful, for example in the case of a renewal certificate of the certification authority. For secure communication between a node and its cryptographic sensor (or be-tween cryptographic sensor and base station of WSN) can be used cryptographic secure messaging method specified in ISO/IEC 7846-4. Security and Protection of Information 2013 45

6 Public key infrastructure Used public key certificates can be for example according to the X.509 standard, respectively RFC 5280 [6]. This structure is however complicated processing. It seems preferable the use of EMV standard [5] designed for credit cards. EMV uses the data structure of the certificate with the items of fixed length. This structure is much easier to handle. This structure minimizes the size of the code that runs in the node and the cryptographic calculations to the maximum extent abandoning cryptographic sensor that is optimized for these calculations. EMV cards we have not yet had the opportunity to test. 7 Used cryptographic protocol The protocol includes mutual authentication between two nodes and on the basis of this authentication derive cryptographic material that subsequently will be used to derive cryptographic keys and shared secrets for calculating MAC (Message Authentication Code ensuring the integrity of transmitted messages). Figure 2: Security Initialization. The algorithm is as follows: 1. The neighbors shall exchange their cryptographic sensor s certificates of public keys (certificates are stored in the cryptographic sensors during its initialization). 2. Both neighbors verify the received certificate by the public key of certification authority stored in the cryptographic modules during their personalization. 3. Nodes generate random numbers and encrypt it by public key of neighbor. The result sign by its private key. 4. Nodes exchange results of previous step. 5. Nodes verify arrived message: (a) verify digital signature of neighbor, (2) decrypt content of message by its private key. 6. Nodes derived from decrypted content: secret session cryptographic keys, initialization vectors and shared secret for MAC calculation from received random numbers. 46 Security and Protection of Information 2013

8 Using nodes with cryptographic sensors Figure 3: WSN with cryptographic sensors. Even though from Figure 2 would seem to suggest that every node connected cryptographic sensor, so we believe that it can be very interesting at least some of the nodes equip by cryptographic sensors (Figure 3). If the sensor network nodes are equipped with no security options, then the attacker can easily generate a false event. In such a network it cannot verify whether an event is real or fake. In the case that there at least some WSN nodes with cryptographic sensors, then: In the case that there at least some WSN nodes with cryptographic sensors (Figure 4), then: Node with a cryptographic sensor can report an event to prove the authenticity of the supplement information (eg MAC). The base station can subsequently ask sensor node equipped with cryptographic sensor of proof of authenticity of the information (eg MAC) Figure 4: Some of the nodes in the area of event are equipped with cryptographic sensor. Security and Protection of Information 2013 47

9 Attacks The attack on the cryptographic material in the flash memory. This problem is the same as in the case of nodes without cryptographic sensor. The power management attack. Attacker node may falsely authenticate to WSN. That activates the initialization procedure of neighboring nodes and deprives them of their energy. Against these attacks is possible, for example, tracking the number of authentication defend orders and ignoring them after a certain time interval. 10 Conclusion The use of cryptographic security sensors effectively solves security of communication in WSN without compromises of cryptographic protocols. With low prices of cryptographic chip does not increase too much price of nodes. References [ 1 ] A. S. Wander, N. Gura, H. Eberle, V. Gupta and S. C. Shantz: Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks, Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications, 2005. [ 2 ] Elliptic Curve Cryptography, SECG Std. SEC1, 2000, available at http://www.secg.org/ collateral/sec1.pdf. [ 3 ] A. Liu and P. Ning: Tiny ECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks, [online], available at http://discovery.csc.ncsu.edu/pubs/ipsn08- TinyECC-IEEE.pdf [ 4 ] EMV, Integrated Circuit Card, Specifications for Payment Systems, Version 4.3, November 2011 [ 5 ] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280, IETF 2008 48 Security and Protection of Information 2013

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback