Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-dvir-roll-security-authentication-01 and draft-dvir-roll-security-key-agreement Amit Dvir Laboratory of Cryptography and System Security (CrySyS)

Published byIsabel Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-dvir-roll-security-authentication-01 and draft-dvir-roll-security-key-agreement Amit Dvir Laboratory of Cryptography and System Security (CrySyS)"— Presentation transcript:

1 draft-dvir-roll-security-authentication-01 and draft-dvir-roll-security-key-agreement Amit Dvir Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics this is joint work with Levente Buttyán, Tamás Holczer and Dóra László

2 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 2 RPL – WG Vs CrySyS Security View  A security framework.  Link-by-link protection.  External attacker, the basic assumption is trustful nodes.  After a while, a node in the field can be the problem  Nodes may be accessed physically/logically and get compromised.  Internal attacks by compromised nodes. WG CrySys Both are important and should be implemented.

3 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu Example 3 Duration: 1/1/09 – 31/12/12, Total effort: 370 PM, Total costs/funding: 4.0 / 2.8 Mio EUR The review went well

4 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu Security/Efficiency Trade off (or why protect some and not all)  An internal adversary can attack in many different ways.  Not all attacks may have a major influence.  Reconstructing the entire DAG, exhaust the nodes’ batteries, or eavesdropping a large part of the traffic can have major or even critical influence.  One way to achieve attacker’ goals is to change/modify the Version Number or to change/modify the DODAG node Rank. –Modifying these may have a global effect.  Therefore, in this draft we present a security scheme to prevent those attacks. 4

5 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 5 Version Number authentication  The DODAG root generates a random number v n, and computes a hash chain v n-1 = h(v n ), v n-2 = h(v n-1 ), …, v 0 = h(v 1 )  The DODAG root distributes the root v 0 of the version hash chain to all nodes in the network by –Including v 0 in a DIO message –Authenticating v 0 and the static fields of the DIO message, such that all other nodes can be sure that v 0 originates from the DODAG root Digital signature verifiable with the public key of the DODAG root –When the DODAG root sends out a DIO message with a new Version Number, it also releases the next version hash from the chain Note that the next version hash v i cannot be computed from the last released value v i-1 = h(v i ) due to the one-way property of the hash function h vnvn v n-1 = h(v n ) v 0 = h(v 1 ) root of the version hash chain

6 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu Compute hash chain for every Version number hash chain element Rank Authentication

7 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 7 Upon Version Number Update

8 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 8

9 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 9 Pairwise key establishment – LEAP++  Different draft  main assumptions: –Any node will not be compromised within T time after its deployment –Any node can discover its neighbors and set up keys with them within T kex < T time typically, T kex is a few seconds, so these assumptions make sense in practice –Each node has a preshared secret key K at boot/restart  protocol phases: –key pre-distribution phase –neighbor discovery phase –link key establishment phase –key erasure phase

10 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu 10. Hello Message - Any RPL message. Response Message - Unicast DIS. Ack Message (OPTIONAL) - Unicast DIO Pairwise key Hello Message - Any Unicast RPL message. Ack Message (OPTIONAL) - Any Unicast RPL message Cluster Key

11 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu Conclusion  We identified illegitimate Version Number increases and Rank value decreases as two powerful attacks against RPL.  We proposed solutions that prevents both of the attacks based on stable mechanisms.  We use public/private operations once in a long while; we use nearly only symmetric operations.  For the key exchange, we are using preinstalled keys for a short time. 11

12 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu Answers:  In theory, l should be 65535 to have a different value for each possible Rank value (Rank is 16 bits long [I-D.ietf- roll-rpl]). In practice, 256 is large enough as for most of the operations DAGRank [I-D.ietf-roll-rpl] is used (the DAG Rank of a node is the upper 8 bits of the Rank), which is 8 bits long.I-D.ietf- roll-rplI-D.ietf-roll-rpl –If DAGRank is used when defining the hash chain, then all occurrences of Rank must be substituted by DAGRank in the sequel 12

13 Laboratory of Cryptography and System Security CrySyS Adat- és Rendszerbiztonság Laboratórium www.crysys.hu  Elliptic Curve Cryptography –ECC-SECP256K1 with SHA-256 13

Download ppt "Draft-dvir-roll-security-authentication-01 and draft-dvir-roll-security-key-agreement Amit Dvir Laboratory of Cryptography and System Security (CrySyS)"

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Cryptography and Network Security

Cryptography and Network Security
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit

Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

Similar presentations

Ads by Google