Presentation is loading. Please wait.

Presentation is loading. Please wait.

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

Published byAndrew Grant Modified over 10 years ago

Similar presentations

Presentation on theme: "TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002."— Presentation transcript:

1 TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002

2 Goals of TinySec Access Control –Authorized participants only Integrity –Altering and retransmitting a message should be difficult Confidentiality Transparent to applications and programmers

3 Block Ciphers Pseudorandom permutation (invertible) –DES, RC5, Skipjack, AES –Maps n bits of plaintext to n bits of ciphertext Block size n is typically 64 or 128 bits Key size k is typically 64 or 128 bits

4 Symmetric key encryption Confidentiality achieved by encryption Encryption schemes (modes) can be built using block ciphers –CBC-mode: break a m bit message into 64 bit chunks (m 1,m 2,..) –Transmit (c 1, c 2, …) and iv iv m2m2 m1m1 c1c1 c2c2 EkEk EkEk EkEk CBC-Mode iv is needed to achieve semantic security –A message looks different every time it is encrypted –iv reuse may leak information

5 Message Authentication Codes Encryption is not enough to ensure message integrity –Receiver cannot detect changes in the ciphertext –Resulting plaintext will still be valid Integrity achieved by a message authentication code –A t bit cryptographic checksum with a k bit key from an m bit message –Can detect both malicious changes and random errors –Replaces CRC –Can be built using a block cipher –MAC key should be different than encryption key length m2m2 m1m1 MAC EkEk EkEk EkEk CBC-MAC Mode

6 Packet Format destAMIVlengthdataMAC 21414 Encrypted MACed Key Differences No CRC -2 bytes No group ID -1 bytes MAC +4 bytes IV +4 bytes Total: +5 bytes

7 Usage: How does this change my life? Need to be aware of keys & keyfile –Currently, keys part of program, not intrinsic to mote (similar to moteID) –Plan to use EEPROM to tie key to mote –Makerules generates a keyfile if none exists and then uses it for programming all motes; –Keyfiles tied to a particular TinyOS installation. Manual transfer needed to install motes from different computers. Only application level code change: –Just use SecureGenericComm instead of GenericComm Works on Simulator

8 Implications for reliable transport CRC is replaced by MAC CRC is lightweight, MAC computation is expensive (~1000 vs. ~10000 cycles for 24 byte packet) MAC still detects errors, but computation must be completed in time for ACK transmission For each 8 bytes received, a block cipher called is needed (~1750 cycles) too expensive to run in SpiByteFifo event handler Cant run as a task: no real-time completion guarantees Trick: Run synchronously in event handler with interrupts enabled Like a preemptive priority scheduler that only TinySec can use (!!)

9 Tradeoffs 1 Early rejection –Still possible to reject based on dest or AM type –Question: Group ID provided weak access control; still needed? Short packets are expensive –Min data size is 8 bytes (size of block cipher) –Restriction can be elminated with reduced security (run in stream cipher mode) –Question: Is this a good tradeoff? Packet length not affected for more than 8 bytes of data

10 Analysis Access control and integrity –Probability of blind MAC forgery 1/2 32 –Industrial strength is usually 1/2 64 or less –Replay protection not provided, but can be done better at higher layers Confidentiality –Lots of ways to structure and manage IVs, but IV reuse will occur after ~65000 messages from each node –For CBC mode, IV reuse is not as severe has other modes Does not necessarily leak plaintext –Common solution is to increase IV length adds packet overhead

11 Performance: RC5 Cipher Rol32 cyclesRC5 cipher op cycles Time C version207~5750 +1.70 ms SPINS [C + asm]~85 avg~2775 avg.75 ms TinySec [C + asm]~42 avg~1775 avg.50 ms Number Block Cipher Ops (m byte msg) CBC-Encryption CBC-MAC Total

12 Current Status Working w/ Phil to get into broken/experimental TinySec needs to be incorporated into January retreat demos.

13 TinyOS System Changes MicaHighSpeedRadio TinySec CBC-Mode RC5 CBC-MAC

14 Tradeoffs 2: IV allocations Most secure idea for IV: src IDcounter IV 22 Counter must be persistent across reboot Gives each sender ~65000 messages before IV is reused (worst case) Question: src ID good for security (replay, IV) useful for other things?

15

Download ppt "TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002."

Similar presentations

Hashes and Message Digests

Hashes and Message Digests
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
Chapter 4: Modes of Operation CS 472: Fall 2012. Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.

Chapter 4: Modes of Operation CS 472: Fall Encrypting a Large Massage 1.Electronic Code Book (ECB) 2.Cipher Block Chaining (CBC) 3.Output Feedback.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Similar presentations

Ads by Google