1 / 28

TinySec : Link Layer Security Architecture for Wireless Sensor Networks

TinySec : Link Layer Security Architecture for Wireless Sensor Networks. Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007. What is ???. Tiny OS. Link layer. Wireless Sensor Network. Tiny Sec. Contents. Motivation & TinySec

portia-dennis
Télécharger la présentation

TinySec : Link Layer Security Architecture for Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007

  2. What is ??? Tiny OS Link layer Wireless Sensor Network Tiny Sec

  3. Contents • Motivation & TinySec • Contributions by the paper . • Difference between Sensor Networks and Other Networks . • Security threats in WSN. • What is TinySec and its goal . • Why Link Architecture . • Design Goals . • Security Primitive. • Design of TinySec . • Modes of Encryption and their drawbacks. • Security Analysis of TinySec . • Implementation and Evaluation.

  4. What was the motivation ??? • Sensor Networks : Resource Constraint networks , small memory , weak processor , limited energy , less Bandwidth . • 80 % of all 802.11 wireless networks operate in the clear i.e. without cryptographic protection • Need for an architecture which could change things around. – TinySec • SW / HW

  5. Contributions of this paper • To introduce TinySec as a protocol for link layer cryptography in Sensor Networks. • To Measure the bandwidth , latency and energy costs of TinySec . • To encourage people to volunteer and perform research in further higher level of protocols.

  6. What is the Difference between WSN and other Network ? WSN Other Networks Bandwidth –more Comparatively devices have more computational power. Energy for devices in other networks is high. Comparatively much easier to protect . Not Vulnerable to resource consumption. Information- end to end (not necessary for all networks) • Bandwidth - less • Devices have very little computational power • Energy is less with Wireless Sensor devices • Wireless Networks are difficult to protect • Vulnerable to resource consumption • Information – Hop by Hop .

  7. Security Threats in WSN • WSN are difficult to protect . • WSN are in a Broadcast medium • WSN are vulnerable to resource consumption attacks . • Intruders can waste network bandwidth

  8. What is TinySec and its Goal … • Lightweight link layer Security Mechanism for Sensor Networks . • Goal : Is to minimize the overhead with reasonable protection from • Energy • Bandwidth • Latency

  9. Why Link Architecture ??? • Conventional networks – authenticity and integrity , confidentiality – end to end mechanism (SSH , SSL). • End to end Security is vulnerable to DOS (Denial of Attacks). • Message integrity should not be checked at the end alone.

  10. Design Goals • Security • Access control • Message integrity • Message confidentiality • Performance • Energy • Bandwidth • etc. • Ease of use • MESSAGE AUTHENTICATION CODE • ENCRYPTION • DECREASE MESSAGE LENGTH • PUTIN TinyOS

  11. Security Primitive • Message Authentication code • A cryptographic checksum for checking the message integrity • MAC

  12. Security Primitives (cont .) Encrypting the same plain text two times should get two different cipher texts Initialization Vectors ( IV) -A side input to the Encryption Algorithm -Not kept secret , sent with the message . + shared key + shared key MESSAGE (YES/NO)

  13. Why design TinySec ?? • Why Design TinySec when existing protocols are present . - IPSec ,SSL / SSH are too heavy weight to be used in Sensor Networks . -The packet format adds many bytes of overhead and they were not being designed to built on WSN.

  14. Design of TinySec • Two different security Options --Authentication Encryption TinySec –AE --Authenticated only – TinySec – Auth In both the cases the data is authenticated with MAC and thus maintaining Data Integrity. encrypted Message Header MAC Message MACs Header

  15. How can we Encrypt ?? • Requirements for encryption • To select an encryption scheme • To specify the IV format • 8 Byte IV format CIPHER BLOCK CHAINING : CBC

  16. Different modes of Encryption Symmetric key encryption schemes • A stream Cipher uses a Key and IV . • Together they are ex-ored with message to get the cipher text (C = M+K.IV). • Drawbacks :- If same IV is used to encrypt 2 different packets then there is a possibility of retrieving both the packets. Stream Ciphers Modes of operation using block cipher

  17. What is CBC mode of Encryption?? • Link – • In (CBC) mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. • This way, each ciphertext block is dependent on all plaintext blocks processed up to that point.

  18. Drawbacks of CBC Mode . • Given two plaintexts P and P’ .If the IV used for the two plaintexts are same then there exists a possibility that the length of the longest shared message is shared / known .

  19. How does the packet format for TinySec Looks like ?? Dest : Destination address AM : Active Message Handler type L: length of the data Src : source of the address

  20. Security Analysis of TinySec Message Integrity and Authenticity • Security of a CBC –MAC is proportional to the length of the MAC . • Choice of 4 bytes MAC ??

  21. Implementation of TinySec • Implemented on Berkeley Sensor Nodes • Integrated into TOSSIM simulator • 3000 Lines of nesC code • Works in FIFO format • Thus TinySec has got 2 priority Schedulers

  22. Evaluation • Energy Consumption • Power Consumption • Bandwidth - Energy : 24 bytes of data was transmitted

  23. Evaluation

  24. Evaluation (Cont) • Since the power consumed by TinySec-AE is maximum ( for majority of time )the energy consumed by TinySec –AE will also be maximum • While sending with TinySec the packets are also larger in length

  25. Bandwidth • To measure Bandwidth- 24 bytes packets were sent using TinyOS , TinySec –Auth , Tiny-Auth Enc . • Measured the number of packets that were successfully received .

  26. Conclusions • We have learnt that there are design vulnerabilities in the conventional protocols for sensor networks. • TinySec addresses this with extreme careful design and takes advantage of the limitations of Sensor Networks

  27. References • http://www.webopedia.com/quick_ref/OSI_Layers.asp • http://camars.kaist.ac.kr/~hyoon/courses/cs710_2004_fall/rhoyo.ppt • http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29

More Related