Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context."— Presentation transcript:

1 SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context of Crisis Management and Societal Security Dennis K. Nilsson 080415

2 Sensor Networks Measurement Control Sensor node limitations Processing power Storage Bandwidth Energy

3 Security Possible? Current security algorithms Computational and memory expensive Authenticated broadcasting Communication overhead TESLA – suitable for desktop workstations

4 Agenda System Description Security Requirements SNEP – Sensor Network Encryption Protocol µTESLA – Authenticated broadcast Implementation and Evaluation Conclusion

5 System Description Nodes and powerful base stations Communication Node to base station Base station to node Base station to all nodes Trust base stations but not Individual nodes Wireless communication Design Symmetric cryptography – single block cipher for all cryptographic primitives

6 Security Requirements Data confidentiality Sensitive data should be kept secret Data authentication Receiver verifies data was sent from claimed sender Data integrity Ensures the receiver that data is unaltered in transit Data freshness Implies that data is recent and not replayed

7 SNEP Data confidentiality Two-party data authentication Data integrity Data freshness Prerequisites: Shared secret key (master key) between each node and the base station

8 SNEP Low communication overhead 8 bytes per message Does not transmit counter Keep state at both end points Achieves semantic security Randomization using shared counter

9 SNEP Encryption E = {D} MAC M = MAC(Kmac,C|E) Message from A to B A → B: {D}, MAC(Kmac,C|{D} )

10 µTESLA Redesign of TESLA protocol TESLA not suitable for sensor networks Authenticates initial packet with a digital signature Overhead of 24 bytes per packet (sensor node packet size ~30 bytes) Disclose key for previous intervals with every packet One-way key chain does not fit in memory

11 µTESLA Base station broadcasts authenticated messages to the nodes Base station and nodes loosely time synchronized Base station computes MAC on a packet with a key that is secret at that time Receiving node can verify that corresponding MAC key has not been disclosed MAC key chain – K i = F(K i+1 )

12 µTESLA - Example time P1 K0K0 P2P3P4P5 K1K2 P7P6 F K1K1 K2K2 F K3K3 F K4K4 F 12340 K3K4

13 µTESLA – Example, dropped msg time P1 K0K0 P2P3P4P5 K1K2 F K2K2 K1K1 F 12340

14 µTESLA Sender setup Generate one-way key chain of length n from randomly chosen K n Time is divided time intervals Each key is associated with one interval Bootstrap receiver A commitment of the key chain is stored in receiver, subsequent keys are self- authenticated

15 µTESLA Authenticating broadcast packets Receiver must ensure attacker does not know the disclosed key used for MAC (i.e., sender has not disclosed key yet) Sender-receiver must be loosely time synchronized and receivers must know the key disclosure schedule Authenticate received key K j : K i = F j-i (K j )

16 Implementation and evaluation RC5 block cipher small code size and high efficiency but 32-bit data rotates (8-bit CPU) Encryption Counter mode (same function for encryption and decryption) Random-number generation MAC(K rand,C) MAC CBC-MAC: {M}K encr, MAC(K mac,{M}K encr ) Key setup K encr, K mac, K rand derived from master key

17 Implementation and evaluation Code size Crypto library and protocol implementation – 2kB of program memory Performance Key setup 8000 cycles, 8-byte encryption 120 cycles, twenty 30-byte messages per second Energy costs Encrypting and signing: 6 bytes overhead per message (~20%) MAC computation 2%

18 Applications Authenticated routing Route discovery through periodic broadcast of beacons Combine µTESLA key disclosure with distribution of routing beacons Node-to-node key agreement Symmetric key protocol using base station as a trusted agent for key setup Base station generates and distributes key to nodes A and B using SNEP

19 Conclusion Designed and implemented security protocols for sensor networks Authenticated and confidential communication Authenticated broadcast Use symmetric cryptography Code reuse Communication costs are small Many elements of the design are universal and can be applied to other sensor networks

Download ppt "SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context."

Similar presentations

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
AES based secure LEACH for WSN’s. Obstacles of WSN Security Limited resources-Limited memory, code space and energy. Unreliable Communication-Densely.

AES based secure LEACH for WSN’s. Obstacles of WSN Security Limited resources-Limited memory, code space and energy. Unreliable Communication-Densely.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Cryptography for Backup Navigation

Cryptography for Backup Navigation
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.

1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit

Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 cs526 chow Wireless Sensor Network(WSN) vs. Mobile Ad Hoc Network (MANET) WSNMANET SimilarityWirelessMulti-hop networking SecuritySymmetric Key CryptographyPublick.

1 cs526 chow Wireless Sensor Network(WSN) vs. Mobile Ad Hoc Network (MANET) WSNMANET SimilarityWirelessMulti-hop networking SecuritySymmetric Key CryptographyPublick.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
1 Sensor Networks Security and Privacy in Sensor Networks Haowen Chan and Adrian Perrig SPINS Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen and.

1 Sensor Networks Security and Privacy in Sensor Networks Haowen Chan and Adrian Perrig SPINS Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen and.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.

Similar presentations

Ads by Google