Embedded Security: From Sensor Networks to Internet of Things (IoT)

Transcription

1 Embedded Security: From Sensor Networks to Internet of Things (IoT) Dr. Wen Hu, Michael Bruenig, Thomas Kothmayr (TUM), Corinna Schmitt (U Zurich) Principal Research Scientist/Research Project Leader CSIRO Digital Productivity Flagship, Australia DIGITAL PRODUCTIVITY FLAGSHIP

2 Wireless Sensor Networks Homogenous devices Resource, energy and form factor limited

3 Cryptography challenges in sensor networks Very limited resources 8-bit/16-bit microcontrollers Less than 10KB RAM AA batteries Security algorithms are computational and memory intensives

4 SKC vs. PKC Symmetric Key Cryptography (SKC) Low computation cost Smaller key sizes Public Key Cryptography It provides more security than SKC but it requires a nontrivial amount of processing power and memory Past Imposible to use PKC Doubt in using PKC Possible to use PKC Future

5 Cryptography engines Symmetric cryptography engine AES 128-bit, new transceivers such as Atmel AT86RF212 and AT86RF230 Asymmetric cryptography engine SHA-1, 1024/2048-bit RSA

6 secfleck CSIRO ICT Centre Marine Robotics & Sensor Networks

7 Evaluation (I)

8 Evaluation (II) CSIRO ICT Centre Marine Robotics & Sensor Networks

9 Examples --- secure communications Node A Base Generates a random number N a ( b y fos_tpm_rand) Decrypt with SkA, (fos_tpm_decryption) E(Pkbase, Na, Req) fos_tpm_encryption E(PkA, Na, KBA) (fos_tpm_encryption) Decrypt with Skbase, Generate a new session key (KBA), (fos_tpm_decryption fos_tpm_rand) Secure communication using SKC with K BA CSIRO ICT Centre Marine Robotics & Sensor Networks

10 Examples --- remote attestation Attestator A During boot time, update PCR I (Pi) (fos_tpm_pcrextend) Challenger C Generates a random number N a ( b y fos_tpm_rand) Obtain Pi and generate a signature (fos_tpm_pcrquote) Issue PCR challenge (index = i, Na) Ask for A s public key Base A s public key (Pka) Challenge response S(Pi, Na, Ska) Verify the value Pi and the signature (fos_tpm_verifypcrquote)

11 Summary Strong (2048-bit) asymmetric key cryptography for message authenticity and integrity, strong symmetric key cryptography for message confidentiality Affordable (financially, form factor, and energy consumption) Remote (platform and data) attestation for content trustworthiness 11

12 Internet of Things Heterogeneous devices (cortex M*) Standard approach ( , RPL/6LoWPAN, COAP )

13 Motivation Current situa2on: Many different use cases exist: Building system, medical apps, acquisi2on of resources. Main task of sensor networks is the collec2on and transmission of different data. Problem: Data can include sensi2ve informa2on. Trend: Integra2on of wireless sensor networks into the Internet (Internet of Things). Trustworthiness of par2cipants can differ. Requests for the security solu2on: Confiden2ality Data Integrity Data authen2city A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 13

14 Usage of standards Wireless Sensor Networks are comparable to Peer- to- Peer networks: Self- organizing network of sensor nodes Basic tasks of a node: Collect data, simple data processing, and forward data Constrained memory, barery and compua2onal power IPv6 Connec2vity à Nodes connected to Internet Different standardized security solu2ons exist: Technologies and implementa2ons (e.g. OpenSSL) exist and are well proven Exis2ng infrastructures (e.g. cer2ficate authori2es) can be used again. Different standards for network stack in WSNs already exist: Physical & MAC Layer: IEEE Rou2ng & Transport Layer: 6LoWPAN, RPL Applica2on Layer: CoAP A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 14

15 Benefits of a standards based approach Reuse of: Implementa2ons (OpenSSL, etc..) Engineering techniques Infrastructure (Cer2ficate Authori2es, etc..) Exper2se and Experience à Easier security uptake Application Security Transport Network Medium Access / Physical CoAP, XML,... DTLS UDP IPv6 BLIP, RPL IEEE Hardware used: TelosB / IRIS OPAL- Mote 50kbyte SRAM 48 MHz Microcontroller Trusted Plaaorm Module A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 15

16 Opal node (front) Microcontroller (32-bit) LED Radio

17 Opal node (back) Radio Micro SD card slot TPM CSIRO ICT Centre Marine Robotics & Sensor Networks

18 DTLS Ultra short introduction Flight 1 Flight 3 Flight 5 Client ClientHello* ClientHelloVerify* ClientHello ServerHello Certificate [CertificateRequest] ServerHelloDone [Certificate] ClientKeyExchange [CertificateVerify] ChangeCipherSpec Finished ChangeCipherSpec Finished Server Flight 2 Flight 4 Flight 6 DTLS: Adap2on of TLS for datagram transport Server and Client nego2ate Hash algorithm and Cipher in Handshake Different authen2ca2on methods RSA, DAS, DH, ECC, PSK, For us: RSA and later PSK [ ] Omission during server authenticated handshake. * Optional messages Encrypted up now A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 18

19 Connecting to data sink A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 19

20 P2P Connection A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 20

21 Evaluation - DTLS Handshake Least understood component in IoT context Previous work evaluated other components Sizzle: A standards- based end- to- end security architecture for the embedded internet à Server authen2cated handshake with RSA and ECC Securing Communica2on in 6LoWPAN with Compressed IPSec à Compression techniques for IPSec header during applica2on data transfer Challenge: IoT embedded nodes are limited to their resources! System s performance Packet handling DTLS handshake performance Energy consump2on Memory consump2on A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 21

22 Evaluation - System s performance (packet handling) Linear increase of round trip 2me Jumps approximately every 100 bytes à 128 bytes maximum MTU in layer 2 by IEEE à Including header and tailer Jumps occur earlier when sending DTLS protected packets à Addi2onal DTLS header, HMAC size, Ini2aliza2on Vector Round- Trip- Time (ms) Data packets per Template packet AES- 128 Multihop (4) AES- 128 Single Hop SHA- 1 Multihop (4) SHA- 1 Single Hop Ping Multihop (4) Ping Single Hop à Increasing packet size and processing overhead lead to an increased end-to-end transmission latency for DTLS packets compared to plaintext packets. à The decreased performance for transmission latency is mostly due to the large packet overhead of up to 64 bytes. à Calculation times DOES NOT contribute significantly: - SHA-1 hash of 255 bytes plain text message: 9 ms - Encryption with AES-128: 12 ms A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 22

23 Evaluation - System s performance (DTLS handshake) Measurement duration: Beginning of the handshake establishment Client received a FINISHED message 15 measurements for each type of handshake Timeout: 5 sec Average latency for a fully authenticated and a server authenticated DTLS handshake à Large standard deviation is caused by implementation behavior when messages lost. - DTLS states that an implementation should wait for an answer for a set amount of time after sending a flight. - Retransmission if no answer is received during this period. à Time to execute a handshale is shorter for smaller RSA-keys and reduced by almost 2 sec when client authentication is omitted in the handshake. à Packet loss mainly in multi-hop environment and larger DTLS messages are sent. à Total energy consumption of client does not increase significantly - All TPM operations are only executed after successful receipt of all relevant server messages. A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 23

24 Evaluation - Energy consumption Energy draw for a fully authenticated DTLS handshake on OPAL node Energy cost = A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 24

25 Evaluation - Memory consumption Fully authenticates handshake with 2048-bit RSA keys OPAL resources: 48 kb RAM / 256 kb ROM RAM consumption (byte) à Total: 17,839 byte RAM ROM consumption (byte) à Total: 63,383 byte ROM A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 25

26 Established WSN at Department T 2270 T 1104 S T S S S S S X S S S S Gateway Nodes with data collection purpose: S T IRIS with mts300 or mts400 TelosB with activated sensors Gateway (TelosB) TelosB with aggregation purpose X Opal DTLS handshake messages Data transmission via secure connection Wireshark recording on tun0 (only UDP packets) Recording of received TinyIPFIX messages in Listerner provided by TinyOS A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 26

27 Summary Today s challenge: Connec2on of different infrastructures on base of IP- communica2on Internet of Things Adop2on of powerful and well known protocols is suitable! A standard based security architecture with two- way authen2ca2on for the Internet of Things was developed. The authen2ca2on is performed during a fully authen2cated DTLS handshake. Exchange of X.509 cer2ficates containing RSA keys Secure provisioning: Message integrity Confiden2ality Authen2city Solu2on has affordable energy, end- to- end latency, and memory overhead Interoperability can be ensured with different vendors Applica2on scenarios exchangeable A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication 27

28 On- going work Opal on a chip (TI CC2538) Cortex M3 (32KB RAM and 512KB ROM) IEEE radio RSA, ECC in hardware ~$6 OpenMote Has the dominated factor moved back to wireless transmissions? More advanced crypto approaches? Bluetooth LE security?

29 References 1. "secfleck: A Public Key Technology Plaaorm for Wireless Sensor Networks", Wen Hu, Peter Corke, Wen Chan Shih, Leslie Overs. In Proceedings of 6th European Conference on Wireless Sensor Networks (EWSN 09), February 11th- 13th, Cork, Ireland. 2. "Towards Trusted Wireless Sensor Networks". Wen Hu, Hailun Tan, Peter Corke, Wen Chan Shih, Sanjay Jha. ACM Transac2ons on Sensor Networks (TOSN), Volume 7, Issue 1, August "DTLS based Security and Two- Way Authen2ca2on for the Internet of Things", Thomas Kothmayr, Corinna SchmiR, Wen Hu, Michael Bruenig and Georg Carle. Ad Hoc Networks (Elsevier), Vol. 11 Issue 8, Page Nov TLS- based Security with two- way Authen2ca2on for IoT, C. SchmiR, B. S2ller, T. Kothmayr and Wen Hu, IETF Internet Drav, July "Towards Trustworthy Par2cipatory Sensing, Akshay Dua, Nirupama Bulusu, Wuchang Feng, Wen Hu. In Proceedings of 4th USENIX Workshop on Hot Topics in Security (HotSec '09), August, 2009, Montreal, Canada. 29