TinySec: Security for TinyOS

Slides:



Advertisements
Similar presentations
TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.
Advertisements

ECE454/CS594 Computer and Network Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE Wireless Local Area Networks (WLAN’s).
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.
Lecture 23 Symmetric Encryption
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks – Chris Karlof, Naveen Sastry & David Wagner Dr. Xiuzhen Cheng Department of Computer.
SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
Chapter 4 Application Level Security in Cellular Networks.
WEP Protocol Weaknesses and Vulnerabilities
Network Security David Lazăr.
Security for Sensor Networks: Cryptography and Beyond David Wagner University of California at Berkeley In collaboration with: Chris Karlof, David Molnar,
Sensor Network Security: Survey Team Members Pardeep Kumar Md. Iftekhar Salam Ah. Galib Reza 110/28/2015.
Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.
Security in WSN Vinod Kulathumani West Virginia University.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.
WEP – Wireless Encryption Protocol A. Gabriel W. Daleson CS 610 – Advanced Security Portland State University.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Symmetric Cryptography
Home: Tel: , H.P.: Office: 공) 7710A
Wireless Protocols WEP, WPA & WPA2.
Encryption and Network Security
CSCE 715: Network Systems Security
Block Cipher Modes CS 465 Make a chart for the mode comparisons
ANALYSIS OF WIRED EQUIVALENT PRIVACY
Cryptography Basics and Symmetric Cryptography
Cryptography Lecture 10.
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
Cryptography Lecture 11.
csci5233 computer security & integrity (Chap. 4)
Security Of Wireless Sensor Networks
Symmetric-Key Encryption
Outline Using cryptography in networks IPSec SSL and TLS.
Block Ciphers (Crypto 2)
Security of Wireless Sensor Networks
SPINS: Security Protocols for Sensor Networks
Cryptography Lecture 10.
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
CRYPTOGRAPHY & NETWORK SECURITY
Lecture 36.
Lecture 36.
Presentation transcript:

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003 http://www.cs.berkeley.edu/~nks/tinysec

Security Risks in Wireless Sensory Networks Eavesdropping Confidentiality Packet Injection Access control Integrity Jamming Replay Denial of Service K TinySec K Fix the picture K Adversary

TinySec Architectural Features Single shared global cryptographic key Link layer encryption and integrity protection  transparent to applications New radio stack based on original Cryptography based on a block cipher K K K

Prior Wireless Security Schemes 802.11b / WEP Weaknesses found GSM IP /IPSEC Still secure Sensor networks have tighter resource requirements Both 802.11 & GSM use stream ciphers Tricky to use correctly Designed by non-cryptographers, in a committee

25 packets/sec vs. 40 packets/sec TinySec Summary Security properties Access control Integrity Confidentiality Performance 5 bytes / packet overhead Peak bandwidth (8 bytes data): 25 packets/sec vs. 40 packets/sec (TinySec) (MHSR) Ok for 25 pkts / sec, not for 28

Block Ciphers Pseudorandom permutation (invertible) DES, RC5, Skipjack, AES Maps n bits of plaintext to n bits of ciphertext Used to build encryption schemes and message authentication codes (MAC)

Packet Format Key Differences Total: +5 bytes No CRC -2 bytes dest AM IV length data MAC 2 1 4 Key Differences No CRC -2 bytes No group ID -1 bytes MAC +4 bytes IV +4 bytes Total: +5 bytes Encrypted MAC’ed

TinySec Interfaces TinySec BlockCipher BlockCipherMode MAC MHSRTinySecM TinySecM CBC-ModeM RC5M CBC-MACM TinySec TinySecM: bridges radio stack and crypto libraries BlockCipher 3 Implementations: RC5M, SkipJackM, IdentityCipher (SRI has implemented AES) BlockCipherMode CBCModeM: handles cipher text stealing No length expansion when encrypting data MAC CBCMACM: computes message authentication code using CBC TinySec component composed of several modules TinySec interface bridges the radio stack and crypto libraries and MHSR makes all crypto calls into there BlockCipher interface for block cipher, have three implementations, can easily add more BlockCipherMode for encryption schemes MAC for calculating message authentication codes Both make use of BlockCipher interface CBCModeM, our implementation of BlockCipherMode implements cipher text stealing. Encryption schemes normally work on block sized chunks. CTS is a trick with the final blocks that results in no message expansion in ciphertext.

Security Analysis Access control and integrity Probability of blind MAC forgery 1/232 Replay protection not provided, but can be done better at higher layers Confidentiality – Reused IVs can leak information IV reuse will occur after 216 messages from each node [1 msg / min for 45 days] Solutions increase IV length  adds packet overhead key update protocol  adds complexity Applications have different confidentiality requirements Need a mechanism to easily quantify and configure confidentiality guarantees Applications may provide IVs implicitly Apps may be able to guarantee sufficient variability in their messages (eg through timestamps) How secure is it? Prob of blind MAC forgery ½^32. Industrial strength is higher, but this is still pretty good. Strength of confidentiality is largely determined by IV length. IV reuse can leak information. CBC mode leaks common prefixes with same IV, same packets. Couple of ways to do IV, but reuse will occur after about 2^16 messages Solutions: increase IV, key update protocol. Applications may not need full IV (need good configuration) Applications may be able to help (guarantee sufficient variability)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.