End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

Transcription

1 End-to-End Security in Wireless Sensor (WSNs) Talk by Supervised by Dr. Corinna Schmitt University of Zurich

2 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 2

3 Motivation Growing importance of Wireless Sensor (WSNs) Many works devoted to hop-by-hop security Only a few consider end-to-end security Interesting security challenges due to different preconditions Future: Different directions and solution approaches High influence by applications 3

4 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 4

5 The Notion of «Security» Definition of (end-to-end) security depends on context «Inexistence of (successful) attacks» [3] «The state of being free from danger or threat» [4] To provide security, we need Confidentiality, authenticity, integrity and privacy! System security vs. network security 5

6 Symmetric Encryption Bob c Alice c = f(m, k) Eve? = f 1 (c,? ) m = f 1 (c, k) m {0, 1} n = message k = shared secret key c {0, 1} n = cipher text f = cryptographic function 6

7 The Key Distribution Problem secure channel share secret key Approaches: 1. Secure key exchange over insecure connections (e.g. Diffie-Hellman) 2. Use two keys for encryption / decryption Asymmetric encryption (e.g. RSA) 7

8 Asymmetric Encryption Bob c 1 Alice c 2 c 1 = f m 1, PU A m 2 = f c 2, PR B Eve? m 1 = f c 1, PR A c 2 = f(m 2, PU B ) PR x = private key of x PU x = public key of x c 1, c 2, PU A, PU B 8

9 Message Authentication Bob Alice c 1 Hi, I m Bob. Take this message! Eve c 1 = f m 1, PU A m 1 = f c 1, PR A Alice has no chance to ensure the authenticity of the message! 9

10 Message Authentication Code (MAC) Bob c 1 = f c m, PU A t 1 = f t c 1, k t (c 1, t 1 ) (c 1, t 1 ) (c 2, t 1 ) Eve Alice m 1 = f c c 1, PR A t 1 = f t c 1, k t t 1 = t 1 m 2 = f c 2, PR A t 2 = f c 1, k t t 2 t 1 c 2 = f c m 2, PU A 10

11 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 11

12 Internet-of-Things Network of uniquely identified objects Firstly defined in 1999 by Kevin Ashton Virtual representation of «things» in an internet-like structure Support daily processes by minimizing differences between real and virtual world Internet IP communication WSNs are an integral part of the IoT! From point-to-point to end-to-end communication 12

13 WSN Applications Monitoring! Deploy a WSN over a region to monitor some phenomenon Geo fencing Military: intrusion detection Structural health monitoring Natural disaster prevention (e.g floods) Health Care Traffic management Smart grid 13

14 WSNs vs IP Massive resource constraints Computational power (slower CPUs) Main memory (often in the range of B-KB) Power supply (batteries) «Young» technology, hence expect growing Importance Number of application scenarios Variety of requirements and contexts 14

15 Challenges in WSNs Key exchange: existing protocols are not feasible Asymmetric encryption (e.g. RSA) need lots of computations Trade-off between end-to-end security and information aggregation Deployment of ISO/OSI protocol stack difficult (resources) Current technologies (e.g. SSL/TLS) not feasible in WSNs 15

16 WSNs: Hop-by-Hop Security Sensors Sink WSN Encrypted links Use hop-by-hop principle to generate end-to-end security 16

17 WSNs: End-to-End Security Sensors User Internet WSN Sensor-to-sensor Sensor-to-user 17

18 E2E Security in WSNs: Summary Sensor-to-sensor: End-to-end: Sensors in-between cannot decrypt messages. No information aggregation possible Hop-by-Hop: Any two sensors need a shared secret key to communicate! Transmission radius is also important. Sensor-to-user: For communication over the Internet 18

19 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 19

20 The Key Distribution Problem - Reloaded Equip sensors with secret keys before deployment Key space K consists of a set of different keys. Sensors i and j Provide each sensor i with a random set K i k k K i K j i and j can communicate. K. Is referred to as key pre-distribution. 20

21 Key pre-distribution Secure? From a theoretical point of view, no Are the security flaws of practical relevance? Context-dependent Inherent trade-off Resilience ( probability of a sensor s attack resistence) Resources (can t distribute arbitrary many keys) and effect of node capturing 21

22 Key pre-distribution What if there is no such key k? Figure from [1] Differentiated key pre-distribution [1] 22

23 Example 1: Differentiated Key pre- Distribution (1) + Defines node classes and distributes the secret keys accordingly + Much more sophisticated, theoretically well-founded + Improves link resilience and probability of secure communication No breakthrough Mainly work arounds for existing problems/flaws No information about authentication and integrity provisioning 23

24 Example 1: Differentiated Key pre- Distribution (2) Figures from [1] Pe2e: Probability of secure message transmission between sensor and sink Nc: Number of sensors disclosed to an attacker r: Radius of communication for each sensor in meters GPSR (Greedy Perimeter Stateless Routing) and minhop: Routing schemes 24

25 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 25

26 Example 2: E2E Secure Communication between WSNs and the Internet (1) Proxy model Reduces the burden of sensors Decreases scalability Increases complexity (e.g. need for application specific proxies WSNs as an extension of the Internet IP! No proxy, but an edge-router for forwarding «Real» end-to-end security, edge-router sees no clear text 26

27 Example 2: E2E Secure Communication between WSNs and the Internet (2) Deployment and four phases Deployment phase: before actual deployment, exchange information for services and secure communication 1. User registration phase: users of the system get certificates and access passports 2. Request phase: the gateway verifies the request of the user Check the access rights 3. Session key agreement phase: exchange of security credentials 4. Key confirmation phase: verify the completion of the hand-shake Complicated protocol, for detailed explanation and analysis, consult [2] 27

28 Example 2: E2E Secure Communication between WSNs and the Internet (3) Sensor node Gateway Service Provider User CERT, AUTH Access control Id sensor, CERT Send different values such that the user can compute the shared key Verify the shared keys, secure connection established 28

29 Example 2: Properties (according to the authors) Mutual authentication Access control Mutual key confirmation Key freshness Privacy protection DDoS resistance Replay attacks still possible security flaws due to concrete implementations!? Performance: At least better than standard TLS!? Still assumes a secure pre-deployment phase! 29

30 Content 1. Motivation 2. Security Issues and Principles 3. Internet-of-Things and Wireless Sensor 4. Examples 1. Example 1: Differentiated Key pre-distribution 2. Example 2: End-to-End Secure Communication between WSNs and the Internet 5. Conclusion 30

31 Summary: P2P vs WSN End-to-End Security (1) Asymmetric Encryption Standards Key Distribution after Deployment Experience Authenticity Integrity Privacy Conventional WSN Sensor-to- Sensor Matured technologies Approaches exist Poor/no support 31

32 Summary: P2P vs WSN End-to-End Security (2) Two main security criteria Hardware and resources Application and context Challenge: Provision of security under massive resource constraints End-to-End Intermediate sensors perform only forwarding of cipher text. Privacy, authenticity, integrity Confidentiality: Data is not revealed at forwarding nodes! 32

33 References [1] W. Gu, N. Dutta, S. Chellappan, X. Bai, Providing End-to-end Secure Communications in Wireless Sensor, IEEE Transactions on Network and Service Management, IEEE, New York, NY, USA, Vol. 9, No. 3, pp , 2011 [2] H. Yu, J. He, T. Zhang, P. Xiao, Y. Zhang, Enabling End-to-end Secure Communications between Wireless Sensor and the Internet, Journal World Wide Web, Springer, New York, NY, USA, Vol.16, Issue 4, pp , 2013 [3] U. Maurer, Cryptography, Lecture Notes of the Course «Cryptography» taught at ETH Zurich, p. 3, 2014 [4] Definition from the Oxford Dictionaries (Online Version),

34 Discussion H1: The concept of key pre-distribution will not be replaced in the next 10 years. 34

35 Discussion H2: Optimization of current asymmetric encryption schemes will become a long-term solution due to technical advances in sensor design. The introduction of entirely new schemes is likely unnecessary. 35

36 Discussion H3: The WSN research community needs to introduce new schemes to provide user privacy before the paradigm of the Internet-of-Things (IoT) or Web-of- Things become reality. 36

37 Discussion H4: The manifold deployment scenarios of WSNs make the definition of multiple standards inevitable. 37

38 Discussion What is your opinion about WSNs? Smart traffic management Computer controlled cars Smart home or any other application? 38

39 39

40 Deployed Solutions 6LoWPAN as WSN version of IPv6 IPSec mandatory in IPv6, integration in 6LoWPAN in progress MicroSSL for 8-bit flash micro controller (1.3 KB) Sizzle: security architecture (using SSL and HTTP) Uses public key encryption, but is proxy based 40