Presentation is loading. Please wait.

Presentation is loading. Please wait.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Similar presentations


Presentation on theme: "TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder."— Presentation transcript:

1 TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder

2 Overview Challenges: Limited computing power Limited RAM Limited Bandwidth 1 bit consumes as much energy as 800-1000 instructions! Goals Authenticity, integrity, and confidentiality End-to-end security not viable Intermediate sensors must access payload Aggregation Duplicate Elimination

3 Design Goals Access Control and Message Integrity Access Control: Prevent Unauthorized nodes from participating in the network. Message Integrity: Receiver can detect modified packets Confidentiality Semantic Security: Prevents adversary from learning partial information. Explicit Omission Replay Protection: Same message played at a later time should reveal no additional information

4 Security Primitives Message Authentication Codes Requires authorized senders and receivers to share a secret key. Initialization Vectors Helps encryption achieve semantic security Typically sent in the clear

5 Design Authenticated Encryption Encrypts payload and authenticates with a MAC Authentication Only Payload not encrypted

6 IV Design IV adds overhead Length Generation IV’s repeat after 2^n + 1 packets are sent Probabilistically, expect a collision at 2^(n/2). IV structure is dst||AM||l||src||ctr. Guarantees 2^16 packets before reuse from each node. For n nodes, n*2^16 packets. At one packet per minute, no IV reuse for 45 days. No data for brute force attack on IV Can use key update protocol every 45 days to not have key reuse.

7 Encryption Scheme Block Cipher used due to potential for key reuse Stream ciphers insecure if key is reused. IV encrypted. Cipher text stealing used to ensure ciphertext is same length as plaintext. Skipjack block cipher used AES and Triple-DES too slow. RC5 requires key schedule to be pre-computed 104 bytes extra RAM per key

8 Skipjack Block Cipher Developed by NSA Declassified in 1998 More Secure than DES 80 bit key (DES: 56 bit) 32 rounds (DES: 16 rounds)

9 Packet Format Common Fields: Destination Address Message Type, and length. Sent in clear to allow early rejection. However, this gives attacker knowledge of IV and now have a better chance of brute force attack. IV: dst||AM||l||src||ctr Src||ctr = 2^16 dst||AM||l||src||ctr = 2^32

10 Implementation 3000 lines of nesC code language for TinyOS) 728 Bytes of RAM 7146 Bytes of program space Two Priority Scheduler High Priority, Real-time Schedule for Cryptographic functions Must be completed by the time the radio sends the start signal. Low priority, FIFO, run to completion schedule for all other tasks. Currently uses network wide shared key.

11 Evaluation Two components add to costs of TinySec Increased packet size 1 or 5 bytes Increased computation Authenticated Encryption: 4% Authentication only: 2%

12 Evaluation Cont. Throughput: Authentication: Almost identical throughput. Authenticated Encryption: 6% less total throughput.

13 Questions?


Download ppt "TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder."

Similar presentations


Ads by Google