TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

Slides:

Advertisements

Similar presentations

Hashes and Message Digests

Advertisements

Block Cipher Modes of Operation and Stream Ciphers

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

ECE454/CS594 Computer and Network Security

Lecture 5: Cryptographic Hashes

“Advanced Encryption Standard” & “Modes of Operation”

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

Chapter 5 Cryptography Protecting principals communication in systems.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Encryption Schemes Second Pass Brice Toth 21 November 2001.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.

Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks – Chris Karlof, Naveen Sastry & David Wagner Dr. Xiuzhen Cheng Department of Computer.

SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.

Chapter 20 Symmetric Encryption and Message Confidentiality.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Lecture 4: Using Block Ciphers

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.

WEP Protocol Weaknesses and Vulnerabilities

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

Security for Sensor Networks: Cryptography and Beyond David Wagner University of California at Berkeley In collaboration with: Chris Karlof, David Molnar,

Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.

Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

Security in WSN Vinod Kulathumani West Virginia University.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

TinySec: Performance Characteristics Chris K :: Naveen S :: David W January 16, 2004.

Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Privacy and Integrity: “ Two Essences of Network Security” Presenter Prosanta Gope Advisor Tzonelih Hwang Quantum Information and Network Security Lab,

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam Modified by Sarjana Singh.

1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.

Presentation Road Map 1 Authenticated Encryption 2 Message Authentication Code (MAC) 3 Authencryption and its Application Objective Modes of Operation.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Lecture 4 Page 1 CS 236 Stream and Block Ciphers Stream ciphers convert one symbol of plaintext immediately into one symbol of ciphertext Block ciphers.

Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.

Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.

MiniSec: A Secure Sensor Network Communication Architecture Carnegie Mellon UniversityUniversity of Maryland at College Park Mark Luk, Ghita Mezzour, Adrian.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.

Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.

Message Authentication Code

TinySec: Security for TinyOS

Block cipher and modes of encryptions

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

csci5233 computer security & integrity (Chap. 4)

Security Of Wireless Sensor Networks

Security of Wireless Sensor Networks

Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.

Secret-Key Encryption

Presentation transcript:

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002

Goals of TinySec Access Control –Authorized participants only Integrity –Altering and retransmitting a message should be difficult Confidentiality Transparent to applications and programmers

Block Ciphers Pseudorandom permutation (invertible) –DES, RC5, Skipjack, AES –Maps n bits of plaintext to n bits of ciphertext Block size n is typically 64 or 128 bits Key size k is typically 64 or 128 bits

Symmetric key encryption Confidentiality achieved by encryption Encryption schemes (modes) can be built using block ciphers –CBC-mode: break a m bit message into 64 bit chunks (m 1,m 2,..) –Transmit (c 1, c 2, …) and iv iv m2m2 m1m1 c1c1 c2c2 EkEk EkEk EkEk CBC-Mode iv is needed to achieve semantic security –A message looks different every time it is encrypted –iv reuse may leak information

Message Authentication Codes Encryption is not enough to ensure message integrity –Receiver cannot detect changes in the ciphertext –Resulting plaintext will still be valid Integrity achieved by a message authentication code –A t bit cryptographic checksum with a k bit key from an m bit message –Can detect both malicious changes and random errors –Replaces CRC –Can be built using a block cipher –MAC key should be different than encryption key length m2m2 m1m1 MAC EkEk EkEk EkEk CBC-MAC Mode

Packet Format destAMIVlengthdataMAC Encrypted MACed Key Differences No CRC -2 bytes No group ID -1 bytes MAC +4 bytes IV +4 bytes Total: +5 bytes

Usage: How does this change my life? Need to be aware of keys & keyfile –Currently, keys part of program, not intrinsic to mote (similar to moteID) –Plan to use EEPROM to tie key to mote –Makerules generates a keyfile if none exists and then uses it for programming all motes; –Keyfiles tied to a particular TinyOS installation. Manual transfer needed to install motes from different computers. Only application level code change: –Just use SecureGenericComm instead of GenericComm Works on Simulator

Implications for reliable transport CRC is replaced by MAC CRC is lightweight, MAC computation is expensive (~1000 vs. ~10000 cycles for 24 byte packet) MAC still detects errors, but computation must be completed in time for ACK transmission For each 8 bytes received, a block cipher called is needed (~1750 cycles) too expensive to run in SpiByteFifo event handler Cant run as a task: no real-time completion guarantees Trick: Run synchronously in event handler with interrupts enabled Like a preemptive priority scheduler that only TinySec can use (!!)

Tradeoffs 1 Early rejection –Still possible to reject based on dest or AM type –Question: Group ID provided weak access control; still needed? Short packets are expensive –Min data size is 8 bytes (size of block cipher) –Restriction can be elminated with reduced security (run in stream cipher mode) –Question: Is this a good tradeoff? Packet length not affected for more than 8 bytes of data

Analysis Access control and integrity –Probability of blind MAC forgery 1/2 32 –Industrial strength is usually 1/2 64 or less –Replay protection not provided, but can be done better at higher layers Confidentiality –Lots of ways to structure and manage IVs, but IV reuse will occur after ~65000 messages from each node –For CBC mode, IV reuse is not as severe has other modes Does not necessarily leak plaintext –Common solution is to increase IV length adds packet overhead

Performance: RC5 Cipher Rol32 cyclesRC5 cipher op cycles Time C version207~ ms SPINS [C + asm]~85 avg~2775 avg.75 ms TinySec [C + asm]~42 avg~1775 avg.50 ms Number Block Cipher Ops (m byte msg) CBC-Encryption CBC-MAC Total

Current Status Working w/ Phil to get into broken/experimental TinySec needs to be incorporated into January retreat demos.

TinyOS System Changes MicaHighSpeedRadio TinySec CBC-Mode RC5 CBC-MAC

Tradeoffs 2: IV allocations Most secure idea for IV: src IDcounter IV 22 Counter must be persistent across reboot Gives each sender ~65000 messages before IV is reused (worst case) Question: src ID good for security (replay, IV) useful for other things?