1. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA A. De Benedictis, A. Gaglione, N. Mazzocca Securing a Re-Taskable Sensing System Seclab Group – http://www.seclab.unina.ithttp://www.seclab.unina.it Dipartimento di Informatica e Sistemistica Università degli Studi di Napoli Federico II Via Claudio, 21 – 80125 Napoli – Italia Email: {alessandra.debenedictis, andrea.gaglione, nicola.mazzocca}@unina.it 1st International Workshop on Security and Performance in Emerging Distributed Architectures (SPEDA 2010) August 23-25, 2010, Atlanta, GA, USA

2. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA About me Alessandra De Benedictis Ph. D. Student in Computer and Control Engineering at the Department of Computer Science and System of the University of Naples Federico IIDepartment of Computer Scienceand System alessandra.debenedictis@unina.it 2

3. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 3 Outline Overview of security issues in sensor networks and background description Introduction of a secure-layer to guarantee security requirements Design and implementation details Conclusions and future works

4. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Motivation and security challenges in sensor networks 4 Openness of wireless channels lets anyone be able to monitor or participate in communications WSN applications require security mechanisms WSN features: Very limited resources  limited memory and storage space  power limitations Unreliable communication  unreliable transfer  conflicts (due to the broadcast nature of WSN)  latency Unattended operations  exposure to physical attack  remote management makes impossible to detect physical tampering and physical maintenance issues

5. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Desired security requirements Desired properties of a secure sensor network communication architecture Data authentication  allows a receiver to verify that data really was sent by the claimed sender  Broadcast authentication Data confidentiality  protect information traveling through the network Data integrity  ensures the receiver that the received data has not been altered in transit by an adversary  achieved through data authentication Data freshness  implies that the data is recent  ensures protection against replay attack 5

6. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Symmetric vs Asymmetric Cryptography Limited computational complexity, well suited for resource constrained devices such as sensor nodes but... Key management is a fundamental concern 6 Alice Bob plaintext encryption ciphertextdecryption Alice Bob plaintext encryptionciphertextdecryption Bob’s Public Key Bob’s Privat e Key Symmetric Key Encryption (SKE)Public Key Cryptography (SKC) Stronger degree of security than SKE schemes, greater flexibility and manageability but also.. Higher computation and storage requirement …recent works demonstrated the feasibility of using Elliptic Curve Cryptography (ECC) schemes on sensor platforms, due to their fast computation, small key size and compact signatures features. Such schemes have been proved to guarantee an equivalent security degree then other SKC schemes (such as RSA) while adopting smaller keys and requiring slighter computations.

7. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Tenet: a re-taskable sensing system (1/2) 7 The Tenet system is an architecture for tiered sensor networks, proposed by the Uiversity of LA (UCLA), consisting of:  motes: simple sensor nodes processing locally-generated sensor data  masters: relatively unconstrained 32-bit platform nodes, performing multi-node data fusion and complex application logic Since masters have relatively plentiful processing and storage resources, it is possible to implement more sophisticated applications, such as cryptographic algorithms, by exploiting their capabilities

8. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Tenet: a re-taskable sensing system (2/2) 8 And return responses Motes process data, Applications run on masters, and masters task motes periodic(1 min) -> sample(TEMPERATURE) -> Send() A task is a linear data flow program consisting of a sequence of tasklet implementing such functionality as timers, sampling, data compression, thresholding, statistical operations, and other forms of simple signal processing. Masters can then fuse the results, re-task motes or trigger other sensing functionalities Example of task The tasking system enables an easier application development and a significant code reuse. Mote functionality is limited to executing tasks and returning responses, thus enabling energy-efficient operations.

9. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Proposal Enhancement of the Tenet system, by introducing a hybrid cryptosystem which aims to: 1. implement a mechanism for key exchanging between master and motes 2. achieve broadcast authentication of tasking messages by a master to the motes 3. achieve end-to-end encryption, integrity and freshness of response messages sent by motes to the master 9

10. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Enhanced Tenet software architecture (1/2) 10 Master side Improvement of the master side:  at application level: - introduction of the ECC Library to perform ECC operations - addition of the pubKeyExchange element to the Tasking Library; - modification of the TenetAPI in order to implement the digital signature of task messages sent from masters to motes  at OS level: - integration of a cryptographic system, with the management of the keyfiles containing the secret keys shared between the master and each of the motes Tenet Applications ECC Library Tasking Library + pubKeyExchange element + modified TenetAPI TinyOS_system-Minisec Application layer OS layer Key store  Application layer: includes Tenet applications running on masters, and the Tenet Tasking Library, which implements a collection of composable tasklet.  OS layer: implemented by TinyOS

11. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Enhanced Tenet software architecture (2/2) 11 Mote side Improvement of the mote side by adding:  at application level: the new tasklet pubKeyExchange to the Mote Tasking Library, that aims to perform ECC security operations according to the ECDH key agreement technique  at OS level: integration of a cryptographic system, with the management of the keyfile containing the secret key shared between the master and the mote Mote Tasking Library + TinyECC library + pubKeyExchange tasklet + modified TaskInstaller component TinyOS_system-Minisec Application layer Key file OS layer

12. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA Adopted technologies TinyOS and MiniSec: MiniSec provides a secure network layer by modifying the TinyOS network stack:  GenericComm – generic network stack  AMStandard – Active Message transmission Provides data confidentiality, authentication and replay protection  provides for authentication and secrecy with a few block cipher calls (OCB mode)  better security and low energy consumption Implementation for Telos motes  300 bytes of RAM, 3KB of code memory 12 TinyECC: a configurable library for ECC operations in wireless sensor networks Includes support for the ECC schemes:  ECDH - key agreement scheme  ECDSA - digital signature scheme  ECIES – encryption scheme Easily integrated in sensor networks applications It has been tested on MicaZ, TelosB and Imote2 platforms running TinyOS

13. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 1 - Key agreement 13 Achieved via Tenet tasking system by adding a new tasklet which performs ECC security operations according to the ECDH key agreement tecnique pubKeyExchange(PPx, PPy) ->Send()

14. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 2 - Broadcast authentication Broadcast tasking messages from master to motes must be authenticated in such a way each mote can verify the identity of the master node:  master node signs tasking messages with its own private key and sends them to motes together with the signature.  on mote side the signature is verified with the master public key. Achieved by implementing the ECDSA scheme by using the primitives provided by TinyECC. Constraints:  during the initialization phase of the system the master should generate a key pair (private key – public key) and store its private key in the ECC Library.  each mote should be preloaded with the public key of the master 14

15. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 3 - End-to-end confidentiality, integrity and freshness of response messages 15 Achieved by opportunely integrating the MiniSec security layer into the Tenet system: plain task Encrypted response message shared key MASTERMOTE Motes perform encryption of outgoing task response messages which are identified with a specific tag ; Master decrypts incoming task response messages identified with the above mentioned specific tag

16. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 16 Conclusions and future works We have proposed the design of a hybrid cryptosystem aimed to secure the Tenet architecture. We have combined symmetric and asymmetric cryptographic schemes in order to achieve key exchange mechanisms (through the definition of a specific tasklet), end-to-end encryption, integrity and freshness of response packets sent from motes to the master, and broadcast authentication of tasking messages coming from the master to motes In Future works we plan to set up a more complete testbed for the evaluation of our schemes in terms of achieved security level, energy consumption and performances. Furthermore we intend to port our code to TinyOS 2.x in order to be compliant with Tenet-t2 release as well as to port it to other sensor platforms.

17. SPEDA 2010 – August, 23-25, 2010, Atlanta, GA, USA 17 Thanks for your kind attention For any questions contact us