Presentation is loading. Please wait.

Presentation is loading. Please wait.

TinySec: Security for TinyOS

Published byAlexandra Gray Modified over 6 years ago

Similar presentations

Presentation on theme: "TinySec: Security for TinyOS"— Presentation transcript:

1 TinySec: Security for TinyOS
Chris Karlof Naveen Sastry David Wagner January 15, 2003

2 Security Risks in Wireless Sensory Networks
Eavesdropping Confidentiality Packet Injection Access control Integrity Jamming Replay Denial of Service K TinySec K Fix the picture K Adversary

3 TinySec Architectural Features
Single shared global cryptographic key Link layer encryption and integrity protection  transparent to applications New radio stack based on original Cryptography based on a block cipher K K K

4 Prior Wireless Security Schemes
802.11b / WEP Weaknesses found GSM IP /IPSEC Still secure Sensor networks have tighter resource requirements Both & GSM use stream ciphers Tricky to use correctly Designed by non-cryptographers, in a committee

5 25 packets/sec vs. 40 packets/sec
TinySec Summary Security properties Access control Integrity Confidentiality Performance 5 bytes / packet overhead Peak bandwidth (8 bytes data): 25 packets/sec vs. 40 packets/sec (TinySec) (MHSR) Ok for 25 pkts / sec, not for 28

6 Block Ciphers Pseudorandom permutation (invertible)
DES, RC5, Skipjack, AES Maps n bits of plaintext to n bits of ciphertext Used to build encryption schemes and message authentication codes (MAC)

7 Packet Format Key Differences Total: +5 bytes No CRC -2 bytes
dest AM IV length data MAC 2 1 4 Key Differences No CRC bytes No group ID -1 bytes MAC bytes IV bytes Total: bytes Encrypted MAC’ed

8 TinySec Interfaces TinySec BlockCipher BlockCipherMode MAC
MHSRTinySecM TinySecM CBC-ModeM RC5M CBC-MACM TinySec TinySecM: bridges radio stack and crypto libraries BlockCipher 3 Implementations: RC5M, SkipJackM, IdentityCipher (SRI has implemented AES) BlockCipherMode CBCModeM: handles cipher text stealing No length expansion when encrypting data MAC CBCMACM: computes message authentication code using CBC TinySec component composed of several modules TinySec interface bridges the radio stack and crypto libraries and MHSR makes all crypto calls into there BlockCipher interface for block cipher, have three implementations, can easily add more BlockCipherMode for encryption schemes MAC for calculating message authentication codes Both make use of BlockCipher interface CBCModeM, our implementation of BlockCipherMode implements cipher text stealing. Encryption schemes normally work on block sized chunks. CTS is a trick with the final blocks that results in no message expansion in ciphertext.

9 Security Analysis Access control and integrity
Probability of blind MAC forgery 1/232 Replay protection not provided, but can be done better at higher layers Confidentiality – Reused IVs can leak information IV reuse will occur after 216 messages from each node [1 msg / min for 45 days] Solutions increase IV length  adds packet overhead key update protocol  adds complexity Applications have different confidentiality requirements Need a mechanism to easily quantify and configure confidentiality guarantees Applications may provide IVs implicitly Apps may be able to guarantee sufficient variability in their messages (eg through timestamps) How secure is it? Prob of blind MAC forgery ½^32. Industrial strength is higher, but this is still pretty good. Strength of confidentiality is largely determined by IV length. IV reuse can leak information. CBC mode leaks common prefixes with same IV, same packets. Couple of ways to do IV, but reuse will occur after about 2^16 messages Solutions: increase IV, key update protocol. Applications may not need full IV (need good configuration) Applications may be able to help (guarantee sufficient variability)

Download ppt "TinySec: Security for TinyOS"

Similar presentations

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.

TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Similar presentations

Ads by Google