1 / 21

Toward Trusted Wireless Sensor Networks WEN HU HAILUN TAN PETER CORKE WEN CHAN SHIH SANJAY JHA

Toward Trusted Wireless Sensor Networks WEN HU HAILUN TAN PETER CORKE WEN CHAN SHIH SANJAY JHA. Presented by Vadim Kartuzov. What are Wireless Sensor Networks (WSN)?. Sensor node : microcontroller, a radio device, Sensor(s), power supply (battery) Sensors to measure: temperature,

badrani
Télécharger la présentation

Toward Trusted Wireless Sensor Networks WEN HU HAILUN TAN PETER CORKE WEN CHAN SHIH SANJAY JHA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Trusted Wireless Sensor NetworksWEN HUHAILUN TANPETER CORKEWEN CHAN SHIHSANJAY JHA Presented by Vadim Kartuzov

  2. What are Wireless Sensor Networks (WSN)? • Sensor node: • microcontroller, • a radio device, • Sensor(s), • power supply (battery) • Sensors to measure: • temperature, • sound, • vibration, • pressure, • Motion • Pollution • Small, low priced, and very limited resources Sensor networks: lots of sensors, distributed across an area to monitor and report data via to central monitoring center/ data storage Sensor /node / mote sink / Base Station

  3. Applications of WSN: Environment Monitoring

  4. Applications of WSN: Military (surveillance)

  5. Applications of WSN: Utilities (smart grid)

  6. Problem: Wireless Security • WSN applications are growing • Security is ignored because due to limited computational resources it is considered impractical • For future commercial deployments, privacy, authenticity and confidentiality will be required (i.e. Utilities usage monitoring and billing)

  7. Solution: trustedFleck implementation of a trusted sensor node that provides Internet-grade security at low system cost trustedFleck, uses a commodity Trusted Platform Module (TPM) chip to extend the capabilities of a standard wireless sensor node to provide security services such as • message integrity • confidentiality • authenticity • system integrity based on RSA public-key and XTEA-based symmetric-key cryptography • Platform Configuration Registers (PCR) for system configuration and detect code tempering • Remote attestation

  8. Related Work: overview of secure communications • RSA is the most widely used PKC (public key cryptography) • RSA is slow and computationally expensive => not used in WSN nodes • TinyPK - Smaller key => faster but results in weak security • XTEA faster than RSA • Tiny Elliptic Curve Cryptography (TinyECC) • Patented => requires licensing • No support for remote attestation • Attestation (verification that node has note been compromised) • Popular software-based mechanisms ie. Obfuscation of attestation code • software-based solutions are more vulnerable to attacks than hardware-based solutions • Hardware-based mechanisms • More secure => trustedFleck uses this mechanism

  9. A BRIEF INTRODUCTION TO THE RSA ALGORITHM AND TPM • RSA is an algorithm for Public Key Cryptography (PKC), also called asymmetric cryptography Encrypt: c = me mod n Decrypt: m= cd mod n RSA is a function of e (public exponent) and K (key size) trustedFleck uses e = 216 + 1 = 65, 537 (max) K = 2048-bit (future-proof)

  10. Trusted Platform Module(TPM) TPM is a dedicated security chip following the Trust Computing standard specification [TCG 2007]. The objective of a TPM is to provide a hardware-based root of trust for a computing system. • Cryptography operation engine • TPM is programmed with a unique RSA key pair and the private part never leaves nonvolatile protected memory • RSA engine for signature generation and message decryption • Secure Hash Algorithm (SHA) Engine • Random Number Generation (RNG) • Platform Configuration Register (PCR) • Stores integrity-sensitive messages in regard to platform environment • Located in nonvolatile protected memory (temper-proof)

  11. trustedFleck ARCHITECTURE: Hardware Module • Fleck module • Atmega 1281 micro-controller • Real-time clock • 1MB Flash memory • NRF905 Radio (1km) • Separate • program address space • data address space • TPM module • Atmel AT97SC3203S TPM • True random number generator • RSA operations

  12. trustedFleck ARCHITECTURE: Software Fleck operating system (FOS) • similar to MANTIS OS developed at the Department of Computer Science, University of Colorado at Boulder • FOS provides a priority-based, non-preemptive (cooperative) threading environment with separate fixed-size stacks for each thread, and a separate interrupt stack • FOS has the advantage of providing a simple concurrent programming model which does not require semaphores trustedFleck Primitives For the convenience of WSN application developers, we have implemented a set of TPM primitives as an FOS library module: • general TPM functions • symmetric and asymmetric key cryptography functions • trust functions.

  13. General TPM functions

  14. Symmetric and Asymmetric Key Cryptography functions RSA XTEA Each TPM has a unique 2048-bit private key established during manufacture which cannot be read.

  15. Trust functions (attestation) Attestation = integrity state verification Trust functions allow trustedFleck to attest to its state upon challenge from a remote device such as another trustedFleck or the base station. Such behavior is called remote attestation.

  16. PERFORMANCE EVALUATION • Asymmetric Key (RSA) Operations Software vs. Hardware The results show that the TPM chip can reduce the computation time of RSA encryption by a factor of 8000

  17. PERFORMANCE EVALUATION • Energy Consumption • Symmetric Key (XTEA) Operations (Software) • Symmetric key cryptography is significantly faster than hardware RSA asymmetric key cryptography (18 μs vs. 27 μs per 1 bit) • XTEA encryption consumes approximately 10 times less energy compared to hardware RSA encryption, and approximately 12,000 times less energy compared to software RSA encryption • XTEA implementation has less than 100 lines of C code, and requires 52 bytes of RAM and 1082 bytes of program space only. Software based approach consumes approximately 1300 times more energy than trustedFleck for an RSA encryption operation.

  18. trustedFleck vs. TinyECC(Elliptic Curve Cryptography) • Time and Energy (RSA 2048-bit is stronger than a ECC 192-bit) trustedFleck provides a stronger security level than TinyECC with a similar energy consumption • Space trustedFleck uses seven times less space than TinyECC (ROM and RAM)

  19. Node Lifetime Estimation (assume that the node is powered by 2 AA 2800-mAHr batteries) It shows that the trustedFleck operations are fairly affordable for a typical WSN node setting. For example, if the node performs sign, verify, PCR quote, and PCR quote verify operations twice per day, the expected node lifetime is 7.4 years. • The Financial Cost of the trustedFleck • An Atmel AT97SC3203S TPM chip costs $4.5 which is less than 5% of the cost of popular wireless sensor nodes such as Telosb, Iris mote, and Fleck (about $100)

  20. Conclusion • We have shown that E-commerce-strength RSA-based security is feasible on a sensor network device. • We have utilized commodity TPM hardware technology to create a trusted node that provides essential security services such as message integrity, confidentiality, authenticity and system integrity based on RSA public-key and XTEA-based symmetric-key cryptography. • Our evaluation shows that trustedFleck provides these services within the computational, memory and energy limits that apply to WSN nodes. Our results also show that trustedFleck significantly outperforms previous approaches such as TinyECC in terms of computational time and memory usage while providing stronger security levels. • Advantages of the hardware approach include secure storage of the private key and support for system configuration checking. An RSA-based security approach also allows for seamless and secure interoperability between WSNs and Internet-based applications.

  21. Questions?

More Related