90 likes | 249 Vues
Li ghtweight S ecurity P rotocol. “Security in Networked Embedded Systems”. T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan. C RYPTOGRAPHY. C RYPTO K EY. Secure only if key length large enough >> 75 bits (M. Blaze).
E N D
Lightweight Security Protocol “Security in Networked Embedded Systems” TAEJOON PARK Real-Time Computing Laboratory Department of EECS The University of Michigan
CRYPTOGRAPHY CRYPTO KEY • Secure only if key length large enough • >> 75 bits (M. Blaze) • Only use ciphers carefully studied • Resistence to cryptanalysis £ • Processing £ • Nullifying effect of key in ciphertext ? • e.g., 802.11 WEP • Key search attack ? • e.g., DES ~ 256 • Same key forever ? CHALLENGES KEY MANAGEMENT • Security £ • Efficiency, user-friendlyness ¤ • Process to generate, store, • protect, transfer, use & destroy key • Dynamic, unmanned, renewable • Also trust management, pricing, privacy • Compatible with existing app/svc • e-Business, PayTV, Internet How to Secure Systems ? Secure System • Confidentiality • Integrity, Authenticity • Access Control • Availability
CHALLENGES OUR APPROACH Lightweight Wireless Not sacrificing security level easier eavesdropping, jamming Limited Energy Distributed, P2P Large-scale Tailored to Threat / Svc Security in Networked Embedded Systems No fixed infrastructure, self-organizing Battery-powered A large number of nodes Dynamic addition / removal Possibly mobile, unattended
Data Attacks Data Attacks • Traffic capture / replay • Spoofing if unencrypted • Man-in-the-middle attack • Traffic injection / flooding • Unlimited spoofing • DoS attack Radio Attacks Service Disruption Attacks • High-power jamming • Detection of radio sources, • Hot spots • Routing – altered route updates, selective relaying • Disruption of clock synch. Misc. Physical Attacks • Reprogram as malicious • Destroy device • Extract key material • Service/data to adversary • Malicious service to net. Threat Model OUTSIDER INSIDER
Attack on Data Group-based Key Management Globally shared Shared secret-key H/W • Expensive • Not absolutely safe Tamper resistance • Vulnerable to node compromises • Globally • Group-based • Pairwise • Hierarchical nets • via Key Broadcast • Eavesdropping Soft Tamper-Proofing via Program-Integrity Verification Group-shared • Data • Modification/ injection S/W • O: No security • Obfuscation • Large overhead of (unicast) re-keying Distributed Key Management • RC,SD: Incurs runtime overhead • Result Checking Re-keying Pairwise-shared • Peer-to-peer nets • via Distributed Key Servers • SD: How to protect decryption routine? • Self-Decrypting programs • Periodically • Event-triggered • Service disruption • DoS • Large overhead of encr/decr per link Attack on Devices • The adversary can • capture • reverse-engineer • re-program • clone • sensor device(s) Why LiSP ? THREAT DEFENSE PROBLEM SOLUTION
PROGRAM INTEGRITY VERIFICATION INTRUSION DETECTION KEY MANAGEMENT suspicious sensor compromised sensor Probe Monitor new sensor Activate / Lock Re-key Reconfigure Reconfigure SECURITY TRADEOFF LiSP Architecture Goal: A lightweight security framework for various NEST applications
KEY IDEA Unicasting à Broadcasting (without retransmissions / ACKs) Authentication & Recovery of GK using One-Way Hash Function Authenticate GK without dedicated MAC field Detect / recover lost (corrupted) GK Double-Buffering for Robustness to Inter-Sensor Clock Skews Group Key Management OBJECTIVE Static Preloaded Key àDynamic Key Periodic Renewal of Group-Key (GK) Maximize Performance given Key Renewal Frequency
H H H H H H GK5 GK1 GK2 GK3 GK4 GK5 GK6 GK7 lost/corrupted Ucast Bcast Bcast GK3 GK4 SENSOR Key Buffer GK1 GK5 GK2 = H(GK3) GK1 = H(GK2) GK5 = H(GK6) GK4 GK2 GK3 GK2 GK3 GK4 Key Slots Much less C at the expense of reasonable P Communication vs Processing Energy-efficient because C>>>P Group Key Management KEY SERVER GK3 GK4 GK4 GK6
DARPA Demo Tool for Visualizing Key Management 1. Key Distribution Visualize rekeying process via GUI & Mote LEDs 2. Key Recovery Randomly skipping key disclosure(s) 3. Tradeoffs Adjust rekeying period & length of key buffer