TinySec: A Link Layer Security Architecture for Wireless Sensor Networks



Similar documents
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

Chapter 6 CDMA/802.11i

SPINS: Security Protocols for Sensor Networks

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

The Misuse of RC4 in Microsoft Word and Excel

Vulnerabilities in WEP Christopher Hoffman Cryptography

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Wireless Networks. Welcome to Wireless

Authenticated encryption

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security vulnerabilities in the Internet and possible solutions

Wireless security. Any station within range of the RF receives data Two security mechanism

MiniSec: A Secure Sensor Network Communication Architecture

Network Security. Modes of Operation. Steven M. Bellovin February 3,

How To Secure A Wireless Sensor Network

Security in Wireless and Mobile Networks

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Authentication and Encryption: How to order them? Motivation

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

Wireless Sensor Networks Chapter 14: Security in WSNs

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Wireless Security. Jason Bonde ABSTRACT. 2. BACKGROUND In this section we will define the key concepts used later in the paper.

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Netzwerksicherheit: Anwendungen

Lecture 9 - Message Authentication Codes

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

NLM-MAC: Lightweight Secure Data Communication Framework Using Authenticated Encryption in Wireless Sensor Networks

Message Authentication Code

Security in IEEE WLANs

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Provide Practical Security Mechanism to Wireless Sensor Networks Using Modified Motesec Protocol

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

Tutorial 3. June 8, 2015

Wireless Network Security Spring 2014

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Message Authentication Codes

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model

Security Sensor Network. Biswajit panja

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

How To Secure A Wireless Sensor Network

Securing the MAVLink Communication Protocol for Unmanned Aircraft Systems

Application of Synchronous Dynamic Encryption System (SDES) in Wireless Sensor Networks

Wireless Security: Token, WEP, Cellular

How To Secure My Data

CSE/EE 461 Lecture 23

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Security in Sensor Networks: Industry Trends, Present and Future Research Directions. Sensor Networks are Here!

Client Server Registration Protocol

FlexiSec: A Configurable Link Layer Security Architecture for Wireless Sensor Networks

CS 758: Cryptography / Network Security

Chapter 17. Transport-Level Security

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Chapter 7 Transport-Level Security

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

MAC. SKE in Practice. Lecture 5

Wireless LAN Security Mechanisms

Message Authentication Codes. Lecture Outline

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

EXAM questions for the course TTM Information Security May Part 1

CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE i): A Comparison with DES and RSA

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Network Security Technology Network Management

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Modes of Operation of Block Ciphers

Chap. 1: Introduction

Secure Sockets Layer

Key Management (Distribution and Certification) (1)

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

CSC 774 Advanced Network Security. Outline. Related Work

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)

SSL A discussion of the Secure Socket Layer

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

AN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS

Distributed Systems Security

Security of MICA*-based / ZigBee Wireless Sensor Networks

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

How To Write A Transport Layer Protocol For Wireless Networks

Transcription:

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastr, David Wagner Presented By: Tristan Brown

Outline Motivation Cryptography Overview TinySec Design Implementation and Evaluation Results

Motivation Need a secure communications platform for sensor networks Data is broadcast for all to hear. Sensor network nodes have severely limited resources. Can t use existing architectures designed for powerful devices.

Cryptography Overview Why use crypto? Provide probabilistic guarantees about messages sent/received on the network. Access control/message integrity Confidentiality Replay Protection

Access Control/Message Integrity Ensure only authorized senders are allowed to send messages. Ensure messages are unmodified after transmission. Can achieve both with a Message Authentication Code (MAC).

Message Authentication Codes Essentially a keyed checksum of the message Access Control: Cannot compute MAC without the key. Message Integrity: Any change to the message invalidates the MAC.

Confidentiality Keep message content from unauthorized viewers. Semantic security: ideally should prevent adversary from learning anything about the encrypted message. Achieved by message encryption with an Initialization Vector (IV)

Initialization Vector Plaintext prefix to the encrypted message Used to add variation to otherwise identical messages Without, identical messages would encrypt identically, violating semantic security.

Replay Protection Prevent a legitimate message from being resent later. Can be achieved by a monotonically increasing message counter. Not addressed by TinySec; authors believe higher layer protocols should handle this.

TinySec Design Unsuitability of existing schemes requires a new design High level protocols like SSL or IPSEC are too heavyweight. Existing wireless security designs are still too limiting Insecure (WEP) Incomplete (SNEP)

Two-teir design Based on the TinyOS Packet TinySec-Auth replaces the CRC and group field with a MAC TinySec-AE adds encryption to TinySec-Auth

Packet Format

MAC Protects the entire packet (except the MAC itself). Uses CBC-MAC with packet length XORed with the first block. Store 4 bytes of the result.

MAC Is 4 bytes secure? Requires 2 31 tries on average to brute force a single message. Given a 20kbps channel would take 20 months; far longer than a node lifetime. Numerous MAC failures would give away the attacker.

MAC Remove the CRC and group field to make room for the MAC. Groups can be created by using different keys for the CBC. MAC provides integrity protection making the CRC redundant Result: MAC increases packet size by only 1 byte.

Encryption Two components Initialization Vector Cipher Encrypt only the message Allows nodes to perform early rejection based on AM.

Initialization Vector 8 byte IV 4 bytes are taken from TinySec-Auth header fields 2 bytes are source address 2 bytes are a simple counter Results in 4 byte packet size increase

Initialization Vector How secure is this? Assuming all other header fields don t change, takes 2 16 packets to repeat an IV. At 1 packet/minute, will take 45 days to repeat an IV Repeated IV leaks limited information (due to cipher choice). If cipher is rekeyed, repeated IV isn t a problem.

Cipher What kind of cipher should be used? Stream cipher Use key and IV to generate keystream, XOR with data If IV is repeated, can recover XOR of plaintexts. Block Cipher (CBC) XOR first block with IV, encrypt For successive blocks XOR with prior ciphertext and encrypt.

CBC In case of a repeated IV only leaks the similarity of the first n identical blocks. Uses same cipher construct as CBC- MAC (save on code space) Must not use same key for encryption and CBC-MAC!

Keying Simple mechanism: use a single pair of keys for all nodes Entire network vulnerable to a single-node exploit. Link keying: use separate keys for every pair of nodes that communicates Key distribution is complex Group keying: Group nodes together, use different keys for each group.

Implementation and Evaluation Implemented for TinyOS on Mica platform Used skipjack as the block cipher for CBC/CBC-MAC Unencumbered by patents (unlike rc5) High performance and secure. Used single network-wide keypair for simplicity.

Performance Small throughput drop/latency rise consistent with the increased packet size No other noticeable difference (all computation can be completed as the packet is transmitted/received)

Power Consumption

Results Mostly effective authentication/encryption for sensor network environment Reduced size IV/MAC offset by inability to exploit the network without severely impacting it (node death) Some assumptions might not hold in all environments

Results Open Problems No keying mechanism (area of active research) Security assumptions made based on node lifetime; keys may outlive nodes.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information