TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007 1

2 What is ??? Tiny OS Wireless Sensor Network Tiny Sec Link layer

Contents Motivation & TinySec Contributions by the paper. Difference between Sensor Networks and Other Networks. Security threats in WSN. What is TinySec and its goal. Why Link Architecture. Design Goals. Security Primitive. Design of TinySec. Modes of Encryption and their drawbacks. Security Analysis of TinySec. Implementation and Evaluation. 3

What was the motivation ??? Sensor Networks : Resource Constraint networks, small memory, weak processor, limited energy, less Bandwidth. 80 % of all wireless networks operate in the clear i.e. without cryptographic protection Need for an architecture which could change things around. – TinySec SW / HW 4

Contributions of this paper To introduce TinySec as a protocol for link layer cryptography in Sensor Networks. To Measure the bandwidth, latency and energy costs of TinySec. To encourage people to volunteer and perform research in further higher level of protocols. 5

What is the Difference between WSN and other Network ? WSN Bandwidth - less Devices have very little computational power Energy is less with Wireless Sensor devices Wireless Networks are difficult to protect Vulnerable to resource consumption Information – Hop by Hop. Other Networks Bandwidth –more Comparatively devices have more computational power. Energy for devices in other networks is high. Comparatively much easier to protect. Not Vulnerable to resource consumption. Information- end to end (not necessary for all networks) 6

Security Threats in WSN WSN are difficult to protect. WSN are in a Broadcast medium WSN are vulnerable to resource consumption attacks. Intruders can waste network bandwidth 7

What is TinySec and its Goal … Lightweight link layer Security Mechanism for Sensor Networks. Goal : Is to minimize the overhead with reasonable protection from – Energy – Bandwidth – Latency 8

Why Link Architecture ??? Conventional networks – authenticity and integrity, confidentiality – end to end mechanism (SSH, SSL). End to end Security is vulnerable to DOS (Denial of Attacks). Message integrity should not be checked at the end alone. 9

Design Goals Security – Access control – Message integrity – Message confidentiality Performance – Energy – Bandwidth – etc. Ease of use MESSAGE AUTHENTICATION CODE ENCRYPTION DECREASE MESSAGE LENGTH PUT IN TinyOS 10

Security Primitive Message Authentication code – A cryptographic checksum for checking the message integrity -MACMAC 11

Security Primitives (cont.) Encrypting the same plain text two times should get two different cipher texts Initialization Vectors ( IV) -A side input to the Encryption Algorithm -Not kept secret, sent with the message. 12 MESSAGE (YES/NO) + shared key

Why design TinySec ?? Why Design TinySec when existing protocols are present. - IPSec,SSL / SSH are too heavy weight to be used in Sensor Networks. -The packet format adds many bytes of overhead and they were not being designed to built on WSN. 13

Design of TinySec Two different security Options --Authentication Encryption TinySec –AE --Authenticated only – TinySec – Auth In both the cases the data is authenticated with MAC and thus maintaining Data Integrity. 14 Header MACs HeaderMessageMAC Message encrypted

How can we Encrypt ?? Requirements for encryption – To select an encryption scheme – To specify the IV format – 8 Byte IV format 15 CIPHER BLOCK CHAINING : CBC

Different modes of Encryption A stream Cipher uses a Key and IV. Together they are ex-ored with message to get the cipher text (C = M+K.IV). Drawbacks :- If same IV is used to encrypt 2 different packets then there is a possibility of retrieving both the packets. 16 Symmetric key encryption schemes Modes of operation using block cipher Stream Ciphers

What is CBC mode of Encryption?? Link – Link In (CBC) mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. XORed This way, each ciphertext block is dependent on all plaintext blocks processed up to that point. 17

Drawbacks of CBC Mode. Given two plaintexts P and P’.If the IV used for the two plaintexts are same then there exists a possibility that the length of the longest shared message is shared / known. 18

How does the packet format for TinySec Looks like ?? 19 Dest : Destination address AM : Active Message Handler type L: length of the data Src : source of the address

Security Analysis of TinySec Message Integrity and Authenticity Security of a CBC –MAC is proportional to the length of the MAC. Choice of 4 bytes MAC ?? 20

Implementation of TinySec Implemented on Berkeley Sensor Nodes Integrated into TOSSIM simulator 3000 Lines of nesC code Works in FIFO format Thus TinySec has got 2 priority Schedulers 21

Evaluation Energy Consumption Power Consumption Bandwidth - Energy : 24 bytes of data was transmitted 22

Evaluation 23

Evaluation (Cont) Since the power consumed by TinySec-AE is maximum ( for majority of time )the energy consumed by TinySec –AE will also be maximum While sending with TinySec the packets are also larger in length 24

Bandwidth To measure Bandwidth- 24 bytes packets were sent using TinyOS, TinySec –Auth, Tiny-Auth Enc. Measured the number of packets that were successfully received. 25

26

Conclusions We have learnt that there are design vulnerabilities in the conventional protocols for sensor networks. TinySec addresses this with extreme careful design and takes advantage of the limitations of Sensor Networks 27

References yers.asp 10_2004_fall/rhoyo.ppt des_of_operation#Cipher- block_chaining_.28CBC.29 28