Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Published byEvan Pierce Modified over 4 years ago

Similar presentations

Presentation on theme: "Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor."— Presentation transcript:

1 Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor networks and security are important Sensors are deployed in hostile territory. The communications are sparse because of energy constraints, the computational resources are sparse. However, attackers need not be energy constrained, they can replay packets, inject spurious packets etc. and affect the system How do we make security (heavy weight) fit into sensor scenarios (low resources) Slides courtesy Adrian Perrig

2 Security in sensor networks
Emergency response: responders need security Medical monitoring: automated drug delivery - need security to ensure safety Logistics and inventory management: Battlefield management Security: Authentication Ensures data integrity & origin Prevents injecting bogus messages Confidentiality Ensures secrecy of data Prevents eavesdropping

3 Challenges Integrity of sensor: hard to manage without expensive crypto processors or ensuring physical security Key distribution is a challenge Don’t want to store private keys in sensors Key strength weakens with time Freshness important Prevent replay attack Define notions of strong freshness (delay estimation, total ordering) and weak freshness (partial ordering) Keys are too long to store, much less process Authenticated broadcast challenging

4 Challenge: Resource Constraints
Limited energy Limited computation (4 MHz 8-bit) Limited memory (512 bytes) Limited code size (8 Kbytes) ~3.5 K base code (“TinyOS” + radio encoder) Only 4.5 K for application & security Limited communication (30 byte packets) Energy-consuming communication 1 byte transmission = instructions

5 SPINS: Our Solution TESLA SNEP Sensor-Network Encryption Protocol
Secures point-to-point communication TESLA Micro Timed Efficient Stream Loss-tolerant Authentication Provides broadcast authentication

6 System Assumptions Communication patterns Base station Node
Frequent node-base station exchanges Frequent network flooding from base Node-node interactions infrequent Base station Sufficient memory, power Shares secret key with each node Node Limited resources, limited trust

7 SNEP Security Goals Secure point-to-point communication
Confidentiality, secrecy Authenticity and integrity Message freshness to prevent replay Why not use existing protocols? E.g. SSL/TLS, IPSEC

8 Encryption methods (background)
Symmetric cryptography Sender and receiver know the secret key (apriori ) Fast encryption, but key exchange should happen outside the system Asymmetric cryptography Each person maintains two keys, public and private M  PrivateKey(PublicKey(M)) M  PublicKey (PrivateKey(M)) Public part is available to anyone, private part is only known to the sender E.g. Pretty Good Privacy (PGP), RSA

9 Asymmetric Cryptography is Unsuitable
Overhead of digital signatures High generation cost O(minutes) High verification cost O(seconds) High memory requirement High communication cost ~128 bytes SNEP only uses symmetric crypto

10 Basic Crypto Primitives
Code size constraints  code reuse Only use block cipher encrypt function Counter mode encryption Cipher-block-chaining message authentication code (MAC) Pseudo-Random Generator

11 SNEP Protocol Details A and B share
Encryption keys: KAB KBA MAC keys: K'AB K'BA Counters: CA CB To send data D, A sends to B: A  B: {D}<KAB, CA> MAC( K'AB , [CA || {D}<KAB, CA>] )

12 SNEP Properties Secrecy & confidentiality Authentication
Semantic security against chosen ciphertext attack (strongest security notion for encryption) Authentication Replay protection Code size: 1.5 Kbytes Strong freshness protocol in paper

13 Broadcast Authentication
Broadcast is basic communication mechanism Sender broadcasts data Each receiver verifies data origin Alice M Sender M Dave M M Bob Carol

14 Simple MAC Insecure for Broadcast
Sender Alice K M, MAC(K,M) Bob K M, MAC(K,M) M', MAC(K,M')

15 TESLA: Authenticated Broadcast
Uses purely symmetric primitives Asymmetry from delayed key disclosure Self-authenticating keys Requires loose time synchronization Use SNEP with strong freshness

16 TESLA Quick Overview I
Keys disclosed 2 time intervals after use Receiver knows authentic K3 Authentication of P1: MAC(K5, P1 ) F Authenticate K5 F K5 F K6 K3 K4 K5 K6 K7 t Time 4 Time 5 Time 6 Time 7 P1 P2 K5 Verify MAC K3

17 TESLA Quick Overview II
Perfect robustness to packet loss F Authenticate K5 K3 K4 K5 K6 K7 t Time 4 Time 5 Time 6 Time 7 P1 K2 P2 K2 P3 K3 P4 K4 P5 K5 Verify MACs

18 TESLA Properties Low overhead (1 MAC)
Communication (same as SNEP) Computation (~ 2 MAC computations) Perfect robustness to packet loss Independent of number of receivers

19 Energy Cost for Sending a Message
Typical packet size: 28 bytes Security Computation 2% MAC transmission 21% Data transmission 77%

20 Conclusion Strong security protocols affordable Low security overhead
First broadcast authentication Low security overhead Computation, memory, communication Apply to future sensor networks Energy limitations persist Tendency to use minimal hardware Base protocol for more sophisticated security services

Download ppt "Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor."

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Cryptography Basic (cont)

Cryptography Basic (cont)
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 cs526 chow Wireless Sensor Network(WSN) vs. Mobile Ad Hoc Network (MANET) WSNMANET SimilarityWirelessMulti-hop networking SecuritySymmetric Key CryptographyPublick.

1 cs526 chow Wireless Sensor Network(WSN) vs. Mobile Ad Hoc Network (MANET) WSNMANET SimilarityWirelessMulti-hop networking SecuritySymmetric Key CryptographyPublick.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Sensor Networks Security and Privacy in Sensor Networks Haowen Chan and Adrian Perrig SPINS Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen and.

1 Sensor Networks Security and Privacy in Sensor Networks Haowen Chan and Adrian Perrig SPINS Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen and.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
Wireless Sensor Networks Security Lindsey McGrath and Christine Weiss.

Wireless Sensor Networks Security Lindsey McGrath and Christine Weiss.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Security Introduction Class 11 18 February 2003. Overview  Security Properties  Security Primitives  Sample Protocols.

Security Introduction Class February Overview  Security Properties  Security Primitives  Sample Protocols.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) 975-3658 Security Considerations for Wireless Sensor Networks.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Similar presentations

Ads by Google