Presentation is loading. Please wait.

Presentation is loading. Please wait.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.

Published byFlorence Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh."— Presentation transcript:

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh

2 Overview  Motivation  TinySec-Introduction  Sensor Networks Security threats and Need for link layer security architecture design  Design goals  Tiny sec Design  Security Analysis of Tinysec  Performance Evaluation of Tiny Sec  Conclusion

3 Motivation Sensor networks : Resource constraint networks – small memories, weak processors, limited energy. Conventional security protocols (802.11b, 802.15.4 are found to be insecure, adds lot of overhead (16-32 bytes) ). Need for a new security architecture for sensor networks –TINYSEC.

4 TINYSEC Light weight and efficient generic link layer security package. Developers can easily integrate into sensor network applications. A research platform that is easily extensible and has been incorporated into higher level protocols.

5 Security threats in Sensor Networks Use of wireless communications -In a broadcast medium, adversaries can easily eavesdrop on, intercept, inject and alter transmitted data. Adversaries can Interact with networks from a distance by expensive radio transceivers and powerful workstations. Resource consumption attacks: Adversaries can repeatedly send packets to drain nodes battery and waste network bandwidth, can steal nodes. However, these threats are not addressed. Focus is on guaranteeing message authenticity, integrity and confidentiality.

6 Motivation for Link layer security in Sensor Networks End-End security Mechanisms : Suitable only for conventional networks using end-end communications where intermediate routers only need to view the message headers. BUT, in Sensor networks In-network processing is done to avoid redundant messages-Requires intermediate nodes to have access to whole message packets and just not the headers as in conventional networks...contd..

7 Motivation for Link layer security in Sensor Networks Why end-end security mechanisms not suitable for sensor networks? If message integrity checked only at the destination, the networks may route packets injected by an adversary many hops before they are detected. This will waste precious energy. A link layer security mechanism can detect unauthorized packets when they are first injected onto the network.

8 Design Goals Security Goals Performance Goals Usability Goals

9 Security Goals A link layer security protocol should satisfy three basic security properties: Access control and Message integrity - prevent unauthorized parties from participating Confidentiality - keeping information secret form unauthorized parties Explicit omission: Replay protection - an adversary eavesdropping a legitimate message sent between 2 authorized parties and replays it at a some time later

10 Performance goals A system using cryptography will incur increased overhead in length of the message. Increased message length results- - decreased message throughput -increased latency -Increased Power Consumption( Sensor Networks  )

11 Usability Goals Security Platform- Higher level security protocols can use Tinysec to create secure pair wise communication between neighboring nodes. To reduce the effort, TinySec should provide proper interfaces Transparency- Should be transparent to the user Portability- Should fit into the radio stack so that porting the radio stack from one platform to another is easy.

12 Security Primitives Message Authentication code - A cryptographic checksum for checking the message integrity Initialization vector (IV) -A side input to the encryption algorithm. - Provides Semantic Security

13 TINYSEC-DESIGN Two Security Options 1.Authentication Encryption (Tinysec-AE) 2. Authentication only (Tinysec-Au) Encryption :  Specifying the IV format  Selecting an encryption Scheme( CBC)

14 Tinysec IV format IV too long- add unnecessary bits to the packet Too short – Risk of repetition How long should be the IV? N bit IV repeat after 2^n +1. If we use a n bit counter repetitions will not happen before that point.

15 Encryption schemes CBC is the most appropriate scheme for sensor networks –why? Works better with repeated IVs. IVs can be pre encrypted for use since it is proved that CBS mode is highly secure with non repeated IVS. One drawback- Message expansion  Use Cipher text stealing-Cipher text length=plaintext length

16 TinySec packet Format

17 Security Analysis of TinySec Message Integrity and Authenticity Security of CBC-MAC is proportional to the length of the MAC. Is the choice of 4 byte MAC- less secure then? – NO!!!!!..Not for sensor networks! Given 4 byte MAC- adversary should make at least 2^31 tries. Even if the adversary flood the channel, he can send only 40 forgery attempts/sec, sending 2^31 would take 20 months. Battery operated nodes do not have that much energy to collect all those packets.

18 Confidentiality analysis for Tinysec Combination of carefully formatted IVs, low data rates and CBC mode for encryption achieves high confidentiality in TinySec. The format of the last 4 bytes –maximizes the number of packets each node can send before there is a repetition of IV. For a network of n nodes, n.2^16 packets will be sent before the reuse of IV.

19 Keying Mechanisms Appropriate keying mechanism for a particular network depends on several factors. Tinysec key- A pair of skipjack key-one for authentication, one or encryption. Simplest keying mechanism: Use a single key for the entire network, Preload the key before deployment.-Adversary can compromise on node and get the key.. 

20 Keying mechanism –contd. Use per-link keying, separate Tinysec key for each pair of node wishing to communicate. Drawback: Key distribution becomes a challenge. Allow a group of nodes to share a TinySec key rather than each pairs. Group keying provides an intermediate level of resilience.

21 Implementation of TinySec Implemented on Berkeley sensor nodes. Integrated into TOSSIM simulator. 3000 lines of nesC code. TinyOS 1.1.2 radio stack modified to incorporate TinySec. Level of protection can be included in the data payload.

22 Performance Evaluation of TinySec Increases the computation costs and the energy cost of sending a packet, but these costs must be modest compared to the security that Tinysec provides.

23 Cipher Performance

24 Energy Costs

25 Throughput

26 Performance summary The energy, bandwidth and latency overhead –all are less than 10% by using Tinysec. Overhead-due to the increased packet size for cryptography. Tinysec is very competitive with other solutions. Tinysec has gathered a number of external users.

27 Conclusions We have learnt that there are design vulnerabilities in the conventional protocols for sensor networks. Conventional protocols tend to be conservative in their security guarantees, typically adding 16-32 bytes of overhead. Tinysec addresses these with extreme careful design and takes advantages of the limitations of sensor networks.

28 References Source : http://www.ece.mtu.edu/ee/faculty/cchigan/EE59 70-Seminar/TinySec.ppt

Download ppt "TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh."

Similar presentations

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Similar presentations

Ads by Google