Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.

Published byWillis Tate Modified over 9 years ago

Similar presentations

Presentation on theme: "1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut."— Presentation transcript:

1 1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut

2 2 Original paper  Chris Karlof, Naveen Sastry, David Wagner, “TinySec: A Link Security Architecture for Wireless Sensor Networks”, SenSys’04, 2004.

3 3 Outline  Introduction  Design of TinySec  Security analysis  Implementation & evaluation  Conclusion

4 4 Introduction  Without adequate security, widespread deployment could be curtailed  Motivation for link-layer security Security mechanism in conventional networks, such as SSH, SSL, or IPSec is end-to-end Dominant traffic pattern in sensor networks is many-to-one In-network processing requires intermediate nodes to process the contents of message Link-layer security architecture can detect unauthorized packets when they are first injected into the network

5 5 Security risks and threat models  Security risks in sensor networks Wireless communication is vulnerable to attacks. Adversary can easily eavesdrop on, intercept, inject, and alter transmitted data Adversaries are not restricted by limited resources Useless packets can be repeatedly sent to drain the nodes’ batteries and waste network bandwidth Sensor nodes can be easily compromised  This paper focuses on message authenticity, integrity, and confidentiality Resource consumption attacks, physical tamper resistance, and node capture attacks are NOT addressed

6 6 Design goals for TinySec  Security goals Access control and message integrity Confidentiality Explicit omission: replay protection  Performance Using cryptography will incur increased overhead in extra demands on the processor and RAM The increased message length decreases the throughput and increase latency, more importantly, it increases the power consumption  Ease of use Higher level security protocols will rely on the link-layer security as a primitive It should be transparent to applications

7 7 Security primitives  Message authentication codes (MAC) A common solution to achieve message authenticity and integrity MAC can be viewed as “cryptographically secure checksum”  Generated with a key shared by both sender & receiver  Must be hard to forge without the secret key  Initialization vectors (IV) For achieving semantic security IV is a side input to the algorithm to add variation to the encryption process

8 8 Mode of Operation  Block ciphers operate on blocks of plaintext and ciphertext Usually 64 bits A cryptographic mode combines the basic cipher, some sort of feedback, and some simple operations  Block cipher modes ECB, CBC, CFB, CTR, OFB

9 9 Cipher block chaining mode The results of the encryption of previous blocks are fed back into the encryption of the current block.

10 10 TinySec design  Existing schemes are inadequate Well-studies protocols are too heavy-weight for use in sensor networks Schemes for cellular telephony, and ad-hoc wireless networks have serious limitations We must design a new scheme!  Two security options are supported in TinySec Authenticated encryption (TinySec-AE) Authentication only (TinySec-Auth)

11 11 Encryption  TinySec IV format Tradeoff between long and short IV How long is long enough?  Pigeonhole principle and birthday paradox  The structure of IV is dst||AM||l||src||ctr  Encryption schemes Stream cipher has a devastating failure mode: if the same IV is ever used, it is often possible to recover both plaintext Block cipher is preferred  It is as robust as possible in the presence of repeated IV  MAC algorithms use a block cipher

12 12 Why CBC mode  Cipher block chaining mode (CBC) degrades more gracefully in the presence of repeated IVs Only the length (in blocks) of the longest shared prefix of plaintext P and P ’ will be leaked  Modify the CBC mode to be used with a counter as IV When work with a counter IV, CBC will have occasional leakage A simple fix: pre-encrypt the IV Use ciphertext stealing to avoid message expansion  Block cipher candidates AES, 3DES, RC5 and Skipjack

13 13 Message integrity  Authentication is still necessary even with encryption Flip bits in unauthenticated encrypted message can cause predictable changes in plaintext Unauthenticated messages are vulnerable to cut- and-paste attack  TinySec always authenticates messages, but encryption is optional It uses a cipher block chaining construction, CBC- MAC for computing and verifying MACs

14 14 Packet format

15 15 Security analysis  Security of CBC-MAC is directly related to the length of the MAC Conventional security protocols use 8- or 16-byte MACs  Is 4-byte MAC safe for sensor networks? An adversary has a 1 in 2 32 chances in blindly forging a MAC If a forgery will be successful or not can only be determined on-line Sending 2 31 packets on a 19.2kb/s channel would take over 20 months! It turns to a DoS attack

16 16 Security analysis cont’  Confidentiality The security of CBS mode encryption reduces to the length of the IV (if there is no IV reuse) TinySec uses an 8-byte IV. However, only 4 bytes are ‘real’, other 4 bytes are borrowed from the existing header fields  Avoid reuse of IVs Using 4-byte counter is a bad idea Generating IVs randomly is also a poor choice (birthday paradox) IV format in TinySec guarantees that each node can send at least 2 16 packets before IV reuse occurs. Namely, no IV reuse for over 45 days at the data rate of 1 packet per minute

17 17 Keying mechanisms  TinySec is not limited to any particular keying mechanism

18 18 Implementation  TinySec was implemented in nesC, the programming language used for TinyOS Requires 728 bytes of RAM and 7146 bytes of program space ( 256B RAM and 8152B ROM at expense of 6% slower )  TinySec is integrated with TinyOS Two-priority scheduler is implemented to achieve the real-time deadline

19 19 Evaluation  Two main components to the costs: larger packet sizes when using TinySec, and the extra computation time and energy needed for cryptography

20 20 Cipher performance

21 21 Energy cost

22 22 Throughput

23 23 Latency

24 24

25 25 Conclusion  We introduce TinySec, the first fully-implemented protocol for link-layer cryptography in sensor networks.  We explore some of the tradeoffs between performance, transparency, and cryptographic security, and propose a design that meets the needs in sensor networks  The experiment result shows that the implementation of TinySec are minimal for sensor network applications  TinySec is a research platform that is easily extensible and has been incorporated into higher level protocols

26 26 Thank you!

Download ppt "1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut."

Similar presentations

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Similar presentations

Ads by Google