SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA A. De Benedictis, A. Gaglione, N. Mazzocca Securing a Re-Taskable Sensing System Seclab Group –

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

By Md Emran Mazumder Ottawa University Student no:
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Sri Lanka Institute of Information Technology
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Security Issues In Sensor Networks By Priya Palanivelu.
Cryptography Basic (cont)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Applied Cryptography for Network Security
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Wireless Sensor Network Security Anuj Nagar CS 590.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
Description of the monitoring system experimentation on the freight car pSHIELD Demonstrator Testbed Architecture pSHIELD Final Review Meeting, Bruxelles.
SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.
Security in Wireless Sensor Networks using Cryptographic Techniques By, Delson T R, Assistant Professor, DEC, RSET 123rd August 2014Department seminar.
Cryptography, Authentication and Digital Signatures
Midterm Review Cryptography & Network Security
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
To ensure secure and dependable monitoring of rail cars transporting hazardous materials, providing resiliency against both random and malicious threats.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Network Security Celia Li Computer Science and Engineering York University.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
MiniSec: A Secure Sensor Network Communication Architecture Carnegie Mellon UniversityUniversity of Maryland at College Park Mark Luk, Ghita Mezzour, Adrian.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
INCS 741: Cryptography Overview and Basic Concepts.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
NET 311 Information Security
SPINS: Security Protocols for Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA A. De Benedictis, A. Gaglione, N. Mazzocca Securing a Re-Taskable Sensing System Seclab Group – Dipartimento di Informatica e Sistemistica Università degli Studi di Napoli Federico II Via Claudio, 21 – Napoli – Italia {alessandra.debenedictis, andrea.gaglione, 1st International Workshop on Security and Performance in Emerging Distributed Architectures (SPEDA 2010) August 23-25, 2010, Atlanta, GA, USA

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA About me Alessandra De Benedictis Ph. D. Student in Computer and Control Engineering at the Department of Computer Science and System of the University of Naples Federico IIDepartment of Computer Scienceand System 2

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 3 Outline Overview of security issues in sensor networks and background description Introduction of a secure-layer to guarantee security requirements Design and implementation details Conclusions and future works

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Motivation and security challenges in sensor networks 4 Openness of wireless channels lets anyone be able to monitor or participate in communications WSN applications require security mechanisms WSN features: Very limited resources  limited memory and storage space  power limitations Unreliable communication  unreliable transfer  conflicts (due to the broadcast nature of WSN)  latency Unattended operations  exposure to physical attack  remote management makes impossible to detect physical tampering and physical maintenance issues

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Desired security requirements Desired properties of a secure sensor network communication architecture Data authentication  allows a receiver to verify that data really was sent by the claimed sender  Broadcast authentication Data confidentiality  protect information traveling through the network Data integrity  ensures the receiver that the received data has not been altered in transit by an adversary  achieved through data authentication Data freshness  implies that the data is recent  ensures protection against replay attack 5

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Symmetric vs Asymmetric Cryptography Limited computational complexity, well suited for resource constrained devices such as sensor nodes but... Key management is a fundamental concern 6 Alice Bob plaintext encryption ciphertextdecryption Alice Bob plaintext encryptionciphertextdecryption Bob’s Public Key Bob’s Privat e Key Symmetric Key Encryption (SKE)Public Key Cryptography (SKC) Stronger degree of security than SKE schemes, greater flexibility and manageability but also.. Higher computation and storage requirement …recent works demonstrated the feasibility of using Elliptic Curve Cryptography (ECC) schemes on sensor platforms, due to their fast computation, small key size and compact signatures features. Such schemes have been proved to guarantee an equivalent security degree then other SKC schemes (such as RSA) while adopting smaller keys and requiring slighter computations.

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Tenet: a re-taskable sensing system (1/2) 7 The Tenet system is an architecture for tiered sensor networks, proposed by the Uiversity of LA (UCLA), consisting of:  motes: simple sensor nodes processing locally-generated sensor data  masters: relatively unconstrained 32-bit platform nodes, performing multi-node data fusion and complex application logic Since masters have relatively plentiful processing and storage resources, it is possible to implement more sophisticated applications, such as cryptographic algorithms, by exploiting their capabilities

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Tenet: a re-taskable sensing system (2/2) 8 And return responses Motes process data, Applications run on masters, and masters task motes periodic(1 min) -> sample(TEMPERATURE) -> Send() A task is a linear data flow program consisting of a sequence of tasklet implementing such functionality as timers, sampling, data compression, thresholding, statistical operations, and other forms of simple signal processing. Masters can then fuse the results, re-task motes or trigger other sensing functionalities Example of task The tasking system enables an easier application development and a significant code reuse. Mote functionality is limited to executing tasks and returning responses, thus enabling energy-efficient operations.

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Proposal Enhancement of the Tenet system, by introducing a hybrid cryptosystem which aims to: 1. implement a mechanism for key exchanging between master and motes 2. achieve broadcast authentication of tasking messages by a master to the motes 3. achieve end-to-end encryption, integrity and freshness of response messages sent by motes to the master 9

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Enhanced Tenet software architecture (1/2) 10 Master side Improvement of the master side:  at application level: - introduction of the ECC Library to perform ECC operations - addition of the pubKeyExchange element to the Tasking Library; - modification of the TenetAPI in order to implement the digital signature of task messages sent from masters to motes  at OS level: - integration of a cryptographic system, with the management of the keyfiles containing the secret keys shared between the master and each of the motes Tenet Applications ECC Library Tasking Library + pubKeyExchange element + modified TenetAPI TinyOS_system-Minisec Application layer OS layer Key store  Application layer: includes Tenet applications running on masters, and the Tenet Tasking Library, which implements a collection of composable tasklet.  OS layer: implemented by TinyOS

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Enhanced Tenet software architecture (2/2) 11 Mote side Improvement of the mote side by adding:  at application level: the new tasklet pubKeyExchange to the Mote Tasking Library, that aims to perform ECC security operations according to the ECDH key agreement technique  at OS level: integration of a cryptographic system, with the management of the keyfile containing the secret key shared between the master and the mote Mote Tasking Library + TinyECC library + pubKeyExchange tasklet + modified TaskInstaller component TinyOS_system-Minisec Application layer Key file OS layer

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Adopted technologies TinyOS and MiniSec: MiniSec provides a secure network layer by modifying the TinyOS network stack:  GenericComm – generic network stack  AMStandard – Active Message transmission Provides data confidentiality, authentication and replay protection  provides for authentication and secrecy with a few block cipher calls (OCB mode)  better security and low energy consumption Implementation for Telos motes  300 bytes of RAM, 3KB of code memory 12 TinyECC: a configurable library for ECC operations in wireless sensor networks Includes support for the ECC schemes:  ECDH - key agreement scheme  ECDSA - digital signature scheme  ECIES – encryption scheme Easily integrated in sensor networks applications It has been tested on MicaZ, TelosB and Imote2 platforms running TinyOS

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 1 - Key agreement 13 Achieved via Tenet tasking system by adding a new tasklet which performs ECC security operations according to the ECDH key agreement tecnique pubKeyExchange(PPx, PPy) ->Send()

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 2 - Broadcast authentication Broadcast tasking messages from master to motes must be authenticated in such a way each mote can verify the identity of the master node:  master node signs tasking messages with its own private key and sends them to motes together with the signature.  on mote side the signature is verified with the master public key. Achieved by implementing the ECDSA scheme by using the primitives provided by TinyECC. Constraints:  during the initialization phase of the system the master should generate a key pair (private key – public key) and store its private key in the ECC Library.  each mote should be preloaded with the public key of the master 14

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 3 - End-to-end confidentiality, integrity and freshness of response messages 15 Achieved by opportunely integrating the MiniSec security layer into the Tenet system: plain task Encrypted response message shared key MASTERMOTE Motes perform encryption of outgoing task response messages which are identified with a specific tag ; Master decrypts incoming task response messages identified with the above mentioned specific tag

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 16 Conclusions and future works We have proposed the design of a hybrid cryptosystem aimed to secure the Tenet architecture. We have combined symmetric and asymmetric cryptographic schemes in order to achieve key exchange mechanisms (through the definition of a specific tasklet), end-to-end encryption, integrity and freshness of response packets sent from motes to the master, and broadcast authentication of tasking messages coming from the master to motes In Future works we plan to set up a more complete testbed for the evaluation of our schemes in terms of achieved security level, energy consumption and performances. Furthermore we intend to port our code to TinyOS 2.x in order to be compliant with Tenet-t2 release as well as to port it to other sensor platforms.

SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 17 Thanks for your kind attention For any questions contact us

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.