Advanced Information Security – Final Project Made Harta Dwijaksara.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
AES based secure LEACH for WSN’s. Obstacles of WSN Security Limited resources-Limited memory, code space and energy. Unreliable Communication-Densely.
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
IEEE (May 2003) Low-Rate WPAN Low-Power.
ECGR-6185 ZIGBEE Advanced Embedded Systems University of North Carolina –Charlotte Gajendra Singh Some figures borrowed from Zigbee Alliance web pages.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.
1 Computer Networks Local Area Networks. 2 A LAN is a network: –provides Connectivity of computers, mainframes, storage devices, etc. –spans limited geographical.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
ZIGBEE Erkan Ünal CSE 401 SPECIAL TOPICS IN COMPUTER NETWORKS.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
Security Considerations for IEEE Networks Karthikeyan Mahadevan.
Internetworking Between ZigBee/ and IPv6/802.3 Network
Advisor: Quincy Wu Speaker: Kuan-Ta Lu Date: Aug. 19, 2010
1 Measuring and Explaining Differences in Wireless Simulation Models Dheeraj Reddy, George F. Riley, Yang Chen, Bryan Larish Georgia Institute of Technology.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks – Chris Karlof, Naveen Sastry & David Wagner Dr. Xiuzhen Cheng Department of Computer.
SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Computer Networks. Introduction Computer Network2 A History Lesson of Networking 1969 – ARPANET, first packet switched network consist of UCLA, Stanford,
Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter :呂天龍 1.
Advanced Computer Networks Fall 2013
ProjectIEEE Working Group on Mobile Broadband Wireless Access TitleIEEE MBWA Security Architecture.
Effects of Multi-Rate in Ad Hoc Wireless Networks
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Sensor Network Security: Survey Team Members Pardeep Kumar Md. Iftekhar Salam Ah. Galib Reza 110/28/2015.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
1 July, 2002 doc:.: /275r0 Daniel V. Bailey, Ari Singer, NTRU 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Doc.: IEEE b Submission January 2005 Robert Cragie, Jennic Ltd.Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Doc.: IEEE Submission September 16, 2004 Poor & Struik / Ember & CerticomSlide 1 Project: IEEE P Working Group for Wireless Personal.
Security in Wireless Sensor Networks by Toni Farley.
Azam Supervisor : Prof. Raj Jain
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.
Doc.: IEEE k Submission ETRI Sep 2011 Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission.
Submission November, 2003 Rene Struik, Certicom Corp.Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks.
Evaluating Mobility Support in ZigBee Networks
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Introduction to Network Systems Security Mort Anvari.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
b Submission May, 2004 Rene Struik, Certicom Corp.Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
TinySec: Security for TinyOS
July, 2003 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Proposed Changes to ] Date Submitted:
Submission Title: [NTRU Security Tutorial]
March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Call for Proposals] Date Submitted:
December 7, 2018 doc.: IEEE r0 July, 2003
Jul 12, /12/10 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Frame signaling options for Security.
February 24, 2019 doc.: IEEE r0 July, 2003
Aug Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Explanation and Revision of Previous Time.
Secret-Key Encryption
Aug Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Explanation and Revision of Previous Time.
Presentation transcript:

Advanced Information Security – Final Project Made Harta Dwijaksara

 Introduction  IEEE Security  Contribution  Motivation and Related Work  Nonce Design  Security Analysis  Conclusion and Future Work  Reference

 Pervasive Computing  Internet of things On ubiquitous computing era, electronic home appliances are typically interconnected within network to each other (ZigBee Network, WSN  IEEE based devices)

 ’s role becomes more important IEEE is a standard which specifies the physical layer and media access control for low rate wireless personal area networks (LR-WPAN)

 ACL (Access Control List) and Security Suites *) AddressSec. SuiteKeyLast IVReplay Ctr. 2a:c4:5d:6f:11:88:87:b5 AES-CTR98ab4f …. ….. …. ….. …. ….. …. ….. …. ….. …. ….. 98:3d:c4:fc:56:45:4c:87 AES-CBC-MAC-6476bc ACL entries 00:b6:d1:45:01:76:44:c4 AES-CCM-64b5a3d *) IEEE, “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specification for Low-Rate Wireless Personal Area Networks (WPANs)” IEEE Computer Society, 2006

 Integrity and Confidentiality  Message Integrity : AES-CBC-MAC-{4/8/16}  Encryption : AES-128 Source Address (8 bytes) Frame Counter (4 bytes) Key Counter (1 bytes) MIC generation Encryption mechanism CCM nonce format (13 bytes)

 Medium Access Control payload format for each security suites AES-CTR (Encryption only) AES-CBC-MAC (Integrity only) AES-CCM (Encryption & Integrity)

 Security threats related to nonce  Same key in multiple ACL entries  No Support for Group Keying  Network Shared Keying Incompatible with Replay Protection  Loss of ACL state due to Power Interruption If same key is used for different ACL entry  reuse nonce c1 = Ek(key, nonce) xor m 1 c2 = Ek(key, nonce) xor m 2 c1 xor c2 = m1 xor m2 This completely breaks the confidentiality property if network shared key is used  default ACL Default ACL entry will record: security suite, key and replay counter A send message to C  replay counter 0..n C will record the highest watermark  n B send message to C  no clue about n If B’s replay counter < n, all B packet will be rejected

 Point out several attacks possible on the enabled device due to incomplete design of nonce  Elaborate the requirements for nonce design in standard  Design a new nonce format  Provides comparison to the existing nonce design

 Nonce has really important role but the current nonce design is still incomplete  Sastry Naveen and Wagner David *) propose that the nonce (replay counter) should be exposed to higher layer so the application could manage their own counter high water mark per each sender  Yang Xiao, Hsiao-Hwa Chen and Bo Sun **) suggest to use timestamp as nonce *) IEEE, “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specification for Low-Rate Wireless Personal Area networks (WPANs)” IEEE Computer Society, 2006 **) Yang Xiao, Hsiao-Hwa Chen and Bo Sun, “Security Services and Enhancement in the IEEE Wireless Sensor Networks”, IEEE BLOBECOM, 2005

 Nonce requirements  Nonce should contain source of the packet to make it unique per device  The value for nonce should also be unique per each packet sent  Its value should also sequentially increase each time used  Having holds those requirements combination of source address and timestamp is the best choice

 New nonce’s format mth dt hrs min sec ms Where: mth (4 bits long): month (1 ~ 12) dt (5 bits long): date (1 ~ 31) hr (5 bits long): hour (0 ~ 24) min (6 bits long): minute (0 ~ 60) sec (6 bits long): second (0 ~ 60) ms (13 bits long): millisecond (0 ~ 1000)

 New ACL entry  New MAC packet payload AES-CTR (encryption only) AES-CCM (encryption and integrity)

 Verification  Threshold value ( δ )  Maximum end-to-end (eT)  Minimum time to finish cryptography process (cT)  Estimation of local and global clock difference (tT) δ = eT + cT + tT

 End-to-end delay (ns2 simulation result)  cryptography process *) : at least 3.75ms  clock difference : precision within millisecond ms simulation time (s) End-to-end delay for network Will depend on deployment Environment of network *) Vitaletti Andrea, Palombizio Gianni, “Rijndael for Sensor Networks: Is Speed the Main Issue?”,Electronic Notes in Theoretical Computer Science, Elsevier, 2007

 Communication with acknowledgement  The maximum waiting time for (macAckWaitDuration)  The number attempt allowed (n)  Clock Synchronization  Global vs Local  Precision within milliseconds (very relax)  Elson *) and Denis **) claim can get 1µs and 61µs  Clock synchronization is not a problem Δ = δ + (macAckWaitDuration * n) *) Elson, Jeremy and Estrin, Deborah, “Time Synchronization for Wireless Sensors Networks”, Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile Computing, April-2001 **) Cox Denis, Jovanov Emil and Milenkovic Aleksandar, “Time Synchronization for ZigBee”, IEEE, 2005

 Recall the security threats:  Same key in multiple ACL entries  No Support for Group Keying  can be supported  Network Shared Keying Incompatible with Replay Protection  Loss of ACL state due to Power Interruption  when power is recovered assign ACL with current timestamp if network shared key is used  default ACL Default ACL entry will record: security suite, key and replay counter A send message to C  replay counter : timestamp C will record the latest timestamp from A B send message to C  if B send data after A, B’s timestamp must be > A’s timestamp If B’s replay counter will alwas > n Network Shared Keying can be well supported If same key is used for different ACL entry c1 = Ek(key, nonce 1 ) xor m 1 c2 = Ek(key, nonce 2 ) xor m 2 c1 xor c2 ≠ m1 xor m2 The value of nonce will never be reused It is OK if there are same key in multiple ACL entries

 Even looks very simple nonce has very crucial role in providing security service for standard  To be well designed, nonce’s value should be unique and sequentially increased  Applying timestamp as part of nonce it is not a trivial work  Further research can be done on group key management for compliant network

 [1] Craige Robert, “ZigBee Security” ZigBee Alliance ZARC Task Group, 2009  [2] Farahani Shahin, “Zigbee Wireless Networks and Transceiver”, Elsevier,  [3] IEEE, “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specification for Low-Rate Wireless Personal Area Networks (WPANs)” IEEE Computer Society, 2006  [4] Sastry Naveen, Wagner David, “Security Consideration for IEEE Networks”, Proceedings of the 3rd ACM workshop on Wireless security, 2004  [5] Vitaletti Andrea, Palombizio Gianni, “Rijndael for Sensor Networks: Is Speed the Main Issue?”,Electronic Notes in Theoretical Computer Science, Elsevier, 2007  [6] Wikipedia, “IEEE ”, , accessed March 20thhttp://en.wikipedia.org/wiki/IEEE_  [7] Yang Xiao, Hsiao-Hwa Chen and Bo Sun, “Security Services and Enhancement in the IEEE Wireless Sensor Networks”, IEEE BLOBECOM, 2005  [8] FIPS Publication, “Advanced Encryption Standard” U.S. DoC/NIST, 2001  [9] Elson, Jeremy and Estrin, Deborah, “Time Synchronization for Wireless Sensors Networks”, Workshop on Parallel and Distributed Computing Issues in Wireless Networks and Mobile Computing, April-2001  [10] Cox Denis, Jovanov Emil and Milenkovic Aleksandar, “Time Synchronization for ZigBee”, IEEE, 2005

Q&A Thank You