Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Lourdes López Santidrián1 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Ubiquitous and Secure Networks and Services Redes.

Published byMaurice Solt Modified over 10 years ago

Similar presentations

Presentation on theme: "© Lourdes López Santidrián1 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Ubiquitous and Secure Networks and Services Redes."— Presentation transcript:

1 © Lourdes López Santidrián1 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Ubiquitous and Secure Networks and Services Redes y Servicios Ubicuos y Seguros Unit 5: Ubiquitous Systems Security Lourdes López Santidrián llopez@diatel.upm.es, lourdes.lopez@upm.es

2 © Lourdes López Santidrián2 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security VULNERABILITIES OF UBIQUITOUS NETWORKS AND SERVICES UNIT 5: Ubiquitous Systems Security

3 © Lourdes López Santidrián3 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Why WSN are vulnerable against attacks? The sensor nodes are constrained by: mBattery life. mComputational capabilities. mMemory. mCommunication band. Is easy to physically access to nodes: mHuman or machine can reprogram them. mHuman or machine can destroy them. The communication channel is public. It is difficult to monitor and control the distributed elements.

4 © Lourdes López Santidrián4 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Threats Common Attacks: mEavesdropping (passive). mData injection (active). mMessage modification (active). mMessage replay (active). Denial of Service Attacks (DoS): mJamming: target the communication channel. mPower exhaustion: target the nodes. Node Compromise: mAn attacker can read or modify the internal memory of a node.

5 © Lourdes López Santidrián5 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Threats Side-channel Attacks: mMonitoring of the nodes physical properties. mAcquisition of security credentials (secret keys). Impersonation Attacks: mSybil attack (creation of fake identities). mReplication attack (creation of duplicate identities). Protocol-specific Attacks: mRouting protocols. Spoofed Routing Information. HELLO Flood Attack. mAggregation protocols: falsifying information. mTime synchronization protocols.

6 © Lourdes López Santidrián6 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Services Confidentiality mOnly the desired recipients can understand the message. mMay be not mandatory. Integrity mIf the data produced and sent over the network are altered, the receiver will have a proof. mIn most cases it is a mandatory feature.

7 © Lourdes López Santidrián7 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Services Authentication mA receiver can verify that the data is really sent by the claimed sender. mIt is mandatory if the network needs a barrier between external and internal members. Authorization mIt states that only authorized entities can be able to perform certain operations. Availability mThe users of a WSN must be capable of accessing its services whenever they need them.

8 © Lourdes López Santidrián8 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Services Freshness mThe data produced by the WSN must be recent Forward and Backward Secrecy mForward secrecy: where a node should not be able to read any future messages after it leaves the network mBackward secrecy: where a node is not able to read a previously transmitted message. Self-organization mNodes must be independent and flexible in order to react against problems.

9 © Lourdes López Santidrián9 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security Services Auditing mThe elements of a WSN must be able to store any events that occur inside the network. Non-repudiation mA node cannot deny sending a message, or a recipient cannot deny the reception of a message. mEvidence that the message was sent is necessary. Privacy and Anonymity mThe identity of the nodes should be hidden or protected.

10 © Lourdes López Santidrián10 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security CRYPTOGRAPHIC MECHANISMS AS THE BASIS OF THE SECURITY UNIT 5: Ubiquitous Systems Security

11 © Lourdes López Santidrián11 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Secret/Symmetric Key Cryptography K A B K m c = E K (m) m c D K (c) = D K (E K (m)) Confidentiality Integrity

12 © Lourdes López Santidrián12 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Secret/Symmetric Key Algorithms Algorithm Time (ms) CPU Cycles Power (μJ) ROM Memory (Kb) SkipJack 2,16 (3)15.925,2 (3)51,4 (3)19 (4) RC5 1,50 (2)11.059,2 (1)36,00 (1)16 (3) RC6 10,78 (5)79.478,7 (5)258,72 (5)16 (3) TEA 2,56 (4)18.874,4 (4)61,44 (4)15,5 (1) XTEA 1,45 (1)12.450,2 (2)40,7 (2)15,5 (1) DES 608,00 (6)4.482.662,4 (6)14.592,00 (6)31 (6)

13 © Lourdes López Santidrián13 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Public/Asymmetric Key Cryptography KS B A B KS A m KP A KP B …. c = KP B (m) m c KS B (c) = KS B (KP B (m)) Confidentiality Authentication Key agreement

14 © Lourdes López Santidrián14 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Public/Asymmetric Key Algorithm Elliptic Curve Cryptography (ECC) TinyECC mECC-based signature generation and verification (ECDSA). mEncryption and decryption (ECIES). mKey Agreement (ECDH).

15 © Lourdes López Santidrián15 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Hash Functions One-way functions: mIf we have m (any size) and H hash function (digital fingerprint): h = H(m) with fix size. mIt is almost impossible calculate m from H -1 (h) Can be used to build: m Message Integrity Code (MIC). m Message Authentication Code (MAC). Authentication. Integrity.

16 © Lourdes López Santidrián16 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security INTRUSION DETECTION UNIT 5: Ubiquitous Systems Security

17 © Lourdes López Santidrián17 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Definition of Intrusion Detection Anomaly detection: mAnalyze the network or system and infer what is normal from the analysis. mApplication of statistical or heuristic measures. mIf an event isnt normal generate an alert Misuse detection: mKnow what an attack is. mDetection of attacks.

18 © Lourdes López Santidrián18 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security ID Components for WSN Neighbor monitoring mWatchdog. Data fusion mLocal: neighboring nodes. mGlobal: overlapping areas. Topology discovery. Route tracing. History.

19 © Lourdes López Santidrián19 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security SECURITY MANAGEMENT UNIT 5: Ubiquitous Systems Security

20 © Lourdes López Santidrián20 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Key Management Key Management Systems (KMS): mCreation. mDistribution. mMaintenance of secret keys. IEEE 802.15.4 does not specify how secret keys should be exchanged. A key-exchange protocol is needed: mKey pool Framework. mMathematical Framework. mNegotiation Framework. mPublic Key Framework.

21 © Lourdes López Santidrián21 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Security at WSN Standards Security at WSN Standards IEEE 802.15.4-2066 security: mConfidentiality: HW support for AES-128. mIntegrity: MIC or MAC. mReceived Message Authentication: Access Control List (ACL). ZigBee 2006 and 2007 security: mStandard Security. mConfidentiality and Authentication at NWK and APS levels. mAll nodes on the network trust each other. ZigBee PRO security: mHigh Security. mMaster key for Symmetric-Key-Key-Exchange.

Download ppt "© Lourdes López Santidrián1 Ubiquitous and Secure Networks and Services: Ubiquitous Systems Security Ubiquitous and Secure Networks and Services Redes."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Cryptographic Technologies

Cryptographic Technologies
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Similar presentations

Ads by Google