Download
1 / 13
130 likes | 242 Vues
This presentation by Todd Fielder at the University of California, Berkeley, discusses TinySec, a security framework designed for low-power and resource-constrained networks. It highlights inherent challenges like limited computing power, RAM, and bandwidth while aiming for complete authenticity, integrity, and confidentiality. Key design goals include access control, message integrity protection, and semantic security to prevent adversaries from recovering sensitive information. The presentation also covers encryption methods, packet formats, and an overview of the implementation challenges and evaluation results of TinySec.
E N D
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder
Overview • Challenges: • Limited computing power • Limited RAM • Limited Bandwidth • 1 bit consumes as much energy as 800-1000 instructions! • Goals • Authenticity, integrity, and confidentiality • End-to-end security not viable • Intermediate sensors must access payload • Aggregation • Duplicate Elimination
Design Goals • Access Control and Message Integrity • Access Control: Prevent Unauthorized nodes from participating in the network. • Message Integrity: Receiver can detect modified packets • Confidentiality • Semantic Security: Prevents adversary from learning partial information. • Explicit Omission • Replay Protection: Same message played at a later time should reveal no additional information
Security Primitives • Message Authentication Codes • Requires authorized senders and receivers to share a secret key. • Initialization Vectors • Helps encryption achieve semantic security • Typically sent in the clear
Design • Authenticated Encryption • Encrypts payload and authenticates with a MAC • Authentication Only • Payload not encrypted
IV Design • IV adds overhead • Length • Generation • IV’s repeat after 2^n + 1 packets are sent • Probabilistically, expect a collision at 2^(n/2). • IV structure is dst||AM||l||src||ctr. • Guarantees 2^16 packets before reuse from each node. • For n nodes, n*2^16 packets. • At one packet per minute, no IV reuse for 45 days. • No data for brute force attack on IV • Can use key update protocol every 45 days to not have key reuse.
Encryption Scheme • Block Cipher used due to potential for key reuse • Stream ciphers insecure if key is reused. • IV encrypted. • Cipher text stealing used to ensure ciphertext is same length as plaintext. • Skipjack block cipher used • AES and Triple-DES too slow. • RC5 requires key schedule to be pre-computed • 104 bytes extra RAM per key
Skipjack Block Cipher • Developed by NSA • Declassified in 1998 • More Secure than DES • 80 bit key (DES: 56 bit) • 32 rounds (DES: 16 rounds)
Packet Format • Common Fields: Destination Address Message Type, and length. • Sent in clear to allow early rejection. • However, this gives attacker knowledge of IV and now have a better chance of brute force attack. • IV: dst||AM||l||src||ctr • Src||ctr = 2^16 • dst||AM||l||src||ctr = 2^32
Implementation • 3000 lines of nesC code language for TinyOS) • 728 Bytes of RAM • 7146 Bytes of program space • Two Priority Scheduler • High Priority, Real-time Schedule for Cryptographic functions • Must be completed by the time the radio sends the start signal. • Low priority, FIFO, run to completion schedule for all other tasks. • Currently uses network wide shared key.
Evaluation • Two components add to costs of TinySec • Increased packet size • 1 or 5 bytes • Increased computation • Authenticated Encryption: 4% • Authentication only: 2%
Evaluation Cont. • Throughput: • Authentication: Almost identical throughput. • Authenticated Encryption: 6% less total throughput.
