Download presentation
Presentation is loading. Please wait.
1
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented by Gary Woo
2
2 CS 577 Outline Sensor Networks Design goals Design Analysis Implementation Evaluation Conclusion
3
3 CS 577 Sensor Networks “heterogeneous system combining tiny sensors and actuators with general-purpose computing elements” Nodes are low cost and low power Applications: –Habitat monitoring –Burglar alarms –Medical monitoring –Emergency response –Battlefield management
4
4 CS 577 Security –Message integrity (MAC) –Confidentiality (Encryption) –Replay protection (Counter/IV) Performance –Increase in processor/RAM demand is bad –Increase in message length is worse Ease of use Transparency Portability Design goals
5
5 CS 577 Design Modes –Authentication (TinySec-Auth) –Authenticated encryption (TinySec-AE) Encryption –Cipher Block Chaining –IV (8 bytes) formed by destination address, Active Message type, length, source, and 2 byte counter Message Integrity –MAC computed over entire message
6
6 CS 577 Cipher Block Chaining All nodes share secret key Provable secure when IV not repeated Pre-encrypt IV to avoid IV and Plain text incremented by 1 leakage Ciphertext stealing, min size = 8 bytes, otherwise same size as plaintext Plain text Initialization Vector Cipher text Encryption key Plain text Cipher text Encryption key
7
7 CS 577 Initialization Vector Counters provides 2 n + 1 packets before reuse Random provides 2 n/2 packets before reuse due to the birthday paradox (for any 23 people two will have matching birthdays greater than 50% of the time) Reuse destination address, active message type, and length New fields: source, 2 byte counter
8
8 CS 577 CBC MAC Ensures that bits changed in the message will be detected Reuse of CBC algorithm saves code space XORs the encryption of the message length with the first plaintext block (uses encrypted message length as IV)
9
9 CS 577 Packet format Early rejection (header not encrypted) Replaces 2 byte CRC and 1 byte group field with MAC TinySec-AE has Src (2 bytes) and Ctr (2 bytes) that TinySec-Auth doesn’t, which has 1 more byte than TinyOS
10
10 CS 577 Analysis MAC is 4 bytes, 1 in 2 32 chance of forging correctly 19.2kb/s channels allows only 40 attempts per second (2 31 attempts will take 20 months!) Denial of service, as link will be captured Avoids birthday paradox (uses counter) Each node can send 2 16 messages before reuse of IV CBC mode with IV reuse leaks longest shared prefix of the 2 messages (must be same src/dst pair, length, AM type) Should update keys before reuse
11
11 CS 577 Implementation Security –MAC and CBC for encryption Performance –Runs with 728 bytes of ram and 7146 bytes of program space Ease of use –Add “TINYSEC=true” when making code
12
12 CS 577 Implementation (cont.) Transparency –Runs at the Link Layer Portability –Distributed with TinyOS
13
13 CS 577 Implementation (cont.) TinySec implemented in 3000 lines of nesC Modified task scheduler (cryptographic operations higher priority than others) Uses top 2 bits of length selects TinySec mode –Max payload length is 29 bytes
14
14 CS 577 Evaluation Increased message length –Reduces bandwidth –Increase latency –Increases energy consumption Added cryptography –Increased computation time –Increased energy consumption
15
15 CS 577 Evaluation (Increased send time) Increased send time depends on TinySec mode About 1.6% increase for each byte
16
16 CS 577 Evaluation (Encryption computation time) Byte time must be small CBC operates on blocks of 8 bytes Rule of thumb: less than a few byte times
17
17 CS 577 Evaluation (Energy costs) Yellow shading shows extra energy costs of computing MAC and performing CBC Blue shading shows extra energy from increased message length TinyOS TinySec Auth TinySec AE
18
18 CS 577 Evaluation (Energy costs cont.) Increase for TinySec-Auth –1% from increased packet length –2% from extra computation Increase for TinySec-AE –6% from increased packet length –4% from extra computation
19
19 CS 577 Evaluation (Throughput) TinySec-Auth performs just as No TinySec TinySec-AE performs ~6% lower at >5 senders
20
20 CS 577 Evaluation (Latency) Increased message length –TinySec-Auth: 1 byte –TinySec-AE: 5 bytes
21
21 CS 577 Evaluation (Latency cont.) TinySec-Auth increase by 1.1 byte times TinySec-AE increase by 4.6 byte times
22
22 CS 577 Evaluation (Ease of use) No changes needed to higher layers (TinySec is at Link Layer) Need to modify makefile to enable TinySec Current work: –TinyPK (RSA to exchange keys) –TinyCrypt (elliptical curve cryptography) –SRI’s key exchange –SecureSense’s dynamic security service –Bosch burglar alarm
23
23 CS 577 Conclusion TinySec-Auth –Provides message integrity –Increases energy consumption by 3% TinySec-AE –Provides message integrity and confidentiality –Increases energy consumption by 10% Limited gains switching to hardware as increase message length is the cause
24
24 CS 577 References and Acknowledgements Author’s electronic version of paper (other figures and tables were taken from this document): –http://www.cs.berkeley.edu/~nks/papers/tinysec- sensys04.pdf
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.