Sistemas de Sensores en Red Lectura24

Outline
A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.

D. Tygar. SPINS: Security protocols for sensor
networks. In Proceedings of MOBICOM, 2001
Sensor networks and security are important
Sensors are deployed in hostile territory. The
communications are sparse because of energy
constraints, the computational resources are sparse.
However, attackers need not be energy constrained, they
can replay packets, inject spurious packets etc. and
affect the system
How do we make security (heavy weight) fit into sensor
scenarios (low resources)
Slides courtesy Adrian Perrig
07/30/16
CSE 4/60484: Networked Sensor Systems
page 1
Security in sensor networks

Emergency response: responders need security
Medical monitoring: automated drug delivery need security to ensure safety
Logistics and inventory management:
Battlefield management
Security:
Authentication
Ensures data integrity & origin
Prevents injecting bogus messages
Confidentiality
Ensures secrecy of data
Prevents eavesdropping
07/30/16
page 2
Challenges
Integrity of sensor: hard to manage without
expensive crypto processors or ensuring physical
security
Key distribution is a challenge
Dont want to store private keys in sensors
Key strength weakens with time
Freshness important
Prevent replay attack
Define notions of strong freshness (delay estimation, total
ordering) and weak freshness (partial ordering)
Keys are too long to store, much less process

Authenticated broadcast challenging
07/30/16
page 3
Challenge: Resource Constraints

Limited energy
Limited computation (4 MHz 8-bit)
Limited memory (512 bytes)
Limited code size (8 Kbytes)
~3.5 K base code (TinyOS + radio encoder)
Only 4.5 K for application & security
Limited communication (30 byte packets)

Energy-consuming communication
1 byte transmission = 11000 instructions
07/30/16
page 4
SPINS: Our Solution

SNEP
Sensor-Network Encryption Protocol
Secures point-to-point communication
TESLA
Micro Timed Efficient Stream Loss-tolerant Authentication
Provides broadcast authentication
07/30/16
page 5
System Assumptions
Communication patterns
Frequent node-base station exchanges
Frequent network flooding from base
Node-node interactions infrequent
Base station
Sufficient memory, power
Shares secret key with each node
Node
Limited resources, limited trust
07/30/16
page 6
SNEP Security Goals

Secure point-to-point communication
Confidentiality, secrecy
Authenticity and integrity
Message freshness to prevent replay
Why not use existing protocols?

E.g. SSL/TLS, IPSEC
07/30/16
page 7
Encryption methods (background)

Symmetric cryptography
Sender and receiver know the secret key (apriori )
Fast encryption, but key exchange should happen outside
the system
Asymmetric cryptography
Each person maintains two keys, public and private
M PrivateKey(PublicKey(M))
M PublicKey (PrivateKey(M))
Public part is available to anyone, private part is only

known to the sender
E.g. Pretty Good Privacy (PGP), RSA
07/30/16
page 8
Asymmetric Cryptography is Unsuitable

Overhead of digital signatures
High generation cost

High verification cost
High memory requirement
High communication cost
O(minutes)
O(seconds)
~128 bytes
SNEP only uses symmetric crypto
07/30/16
page 9
Basic Crypto Primitives

Code size constraints code reuse
Only use block cipher encrypt function
Counter mode encryption
Cipher-block-chaining message authentication code
(MAC)
Pseudo-Random Generator
07/30/16
page 10
SNEP Protocol Details

A and B share
Encryption keys: KAB KBA
MAC keys: K'AB K'BA
Counters: CA
CB
To send data D, A sends to B:

A B:
{D}<KAB, CA>
MAC( K'AB , [CA || {D}<KAB, CA>] )
07/30/16
page 11
SNEP Properties
Secrecy & confidentiality
Semantic security against chosen ciphertext attack
(strongest security notion for encryption)
Authentication
Replay protection
Code size: 1.5 Kbytes
Strong freshness protocol in paper
07/30/16
page 12
Broadcast Authentication
Broadcast is basic communication mechanism
Sender broadcasts data
Each receiver verifies data origin
Alice
Sender
M
Bob
07/30/16
Dave
M
Carol
page 13
Simple MAC Insecure for Broadcast
K
Sender
M, MAC(K,M)
K
07/30/16
Alice
M, MAC(K,M)
Bob
M', MAC(K,M') K
page 14
TESLA: Authenticated Broadcast

Uses purely symmetric primitives
Asymmetry from delayed key disclosure
Self-authenticating keys
Requires loose time synchronization
Use SNEP with strong freshness
07/30/16
page 15
TESLA Quick Overview I

Keys disclosed 2 time intervals after use
Receiver knows authentic K3
Authentication of P1: MAC(K5, P1 )

Authenticate K5
K3
K4
Time 4
Verify MAC
07/30/16
K5
Time 5
K6
Time 6
K7
Time 7
P1
P2
K3
K5
page 16
TESLA Quick Overview II

Perfect robustness to packet loss
Authenticate K5
K3
K4
Time 4
P1
K5
K6
Time 5
Time 6
K7
Time 7
P2
P3
P4
P5
K2 K2
K3
K4
K5
Verify MACs
07/30/16
page 17
TESLA Properties
Low overhead (1 MAC)
Communication (same as SNEP)
Computation (~ 2 MAC computations)
Perfect robustness to packet loss

Independent of number of receivers
07/30/16
page 18
Energy Cost for Sending a Message

Typical packet size: 28 bytes
Security Computation 2%
MAC transmission
21%
Data
transmission
77%
07/30/16
page 19
Conclusion
Strong security protocols affordable
First broadcast authentication
Low security overhead

Computation, memory, communication
Apply to future sensor networks

Energy limitations persist
Tendency to use minimal hardware
Base protocol for more sophisticated security

services
07/30/16
page 20

Sistemas de Sensores en Red Lectura24

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Sistemas de Sensores en Red Lectura24

Încărcat de

Drepturi de autor:

Formate disponibile

Outline

A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.

CSE 4/60484: Networked Sensor Systems

Security in sensor networks

CSE 4/60484: Networked Sensor Systems

Keys are too long to store, much less process

CSE 4/60484: Networked Sensor Systems

Challenge: Resource Constraints

Limited communication (30 byte packets)

CSE 4/60484: Networked Sensor Systems

SPINS: Our Solution

CSE 4/60484: Networked Sensor Systems

CSE 4/60484: Networked Sensor Systems

SNEP Security Goals

Why not use existing protocols?

CSE 4/60484: Networked Sensor Systems

Encryption methods (background)

Public part is available to anyone, private part is only

CSE 4/60484: Networked Sensor Systems

Asymmetric Cryptography is Unsuitable

High generation cost

SNEP only uses symmetric crypto

CSE 4/60484: Networked Sensor Systems

Basic Crypto Primitives

CSE 4/60484: Networked Sensor Systems

SNEP Protocol Details

To send data D, A sends to B:

CSE 4/60484: Networked Sensor Systems

CSE 4/60484: Networked Sensor Systems

Simple MAC Insecure for Broadcast

TESLA: Authenticated Broadcast

CSE 4/60484: Networked Sensor Systems

TESLA Quick Overview I

Authentication of P1: MAC(K5, P1 )

CSE 4/60484: Networked Sensor Systems

TESLA Quick Overview II

CSE 4/60484: Networked Sensor Systems

Perfect robustness to packet loss

CSE 4/60484: Networked Sensor Systems

Energy Cost for Sending a Message

CSE 4/60484: Networked Sensor Systems

Low security overhead

Apply to future sensor networks

Base protocol for more sophisticated security

CSE 4/60484: Networked Sensor Systems

S-ar putea să vă placă și