TinySec : Link Layer Security Architecture for Wireless Sensor Networks

Chris Karlof :: Naveen Sastry :: David Wagner

Presented by Anil Karamchandani10/01/2007

1

2

What is ???

Tiny OS

Wireless Sensor

NetworkTiny Sec

Link layer

Contents • Motivation & TinySec • Contributions by the paper .• Difference between Sensor Networks and Other Networks .• Security threats in WSN.• What is TinySec and its goal .• Why Link Architecture .• Design Goals .• Security Primitive.• Design of TinySec .• Modes of Encryption and their drawbacks.• Security Analysis of TinySec .• Implementation and Evaluation.

3

What was the motivation ???• Sensor Networks : Resource Constraint

networks , small memory , weak processor , limited energy , less Bandwidth .

• 80 % of all 802.11 wireless networks operate in the clear i.e. without cryptographic protection

• Need for an architecture which could change things around. – TinySec

• SW / HW

4

Contributions of this paper

• To introduce TinySec as a protocol for link layer cryptography in Sensor Networks.

• To Measure the bandwidth , latency and energy costs of TinySec .

• To encourage people to volunteer and perform research in further higher level of protocols.

5

What is the Difference between WSN and other Network ?

WSN• Bandwidth - less• Devices have very little

computational power• Energy is less with Wireless

Sensor devices• Wireless Networks are

difficult to protect • Vulnerable to resource

consumption• Information – Hop by Hop .

Other Networks • Bandwidth –more• Comparatively devices have

more computational power.• Energy for devices in other

networks is high.• Comparatively much easier to

protect .• Not Vulnerable to resource

consumption.• Information- end to end (not

necessary for all networks)

6

Security Threats in WSN

• WSN are difficult to protect .• WSN are in a Broadcast medium

• WSN are vulnerable to resource consumption attacks .

• Intruders can waste network bandwidth

7

What is TinySec and its Goal …

• Lightweight link layer Security Mechanism for Sensor Networks .

• Goal : Is to minimize the overhead with reasonable protection from – Energy – Bandwidth– Latency

8

Why Link Architecture ???• Conventional networks – authenticity and

integrity , confidentiality – end to end mechanism (SSH , SSL).

• End to end Security is vulnerable to DOS (Denial of Attacks).

• Message integrity should not be checked at the end alone.

9

Design Goals • Security

– Access control– Message integrity– Message confidentiality

• Performance– Energy– Bandwidth– etc.

• Ease of use

• MESSAGE AUTHENTICATION CODE

• ENCRYPTION

• DECREASE MESSAGE LENGTH

• PUT IN TinyOS

10

Security Primitive

• Message Authentication code – A cryptographic checksum for checking the

message integrity

- MAC

11

Security Primitives (cont .)

Encrypting the same plain text two times should get two different cipher texts

Initialization Vectors ( IV)-A side input to the Encryption Algorithm-Not kept secret , sent with the message .

12

MESSAGE

(YES/NO)

+ shared key

+ shared key

Why design TinySec ??

• Why Design TinySec when existing protocols are present .

- IPSec ,SSL / SSH are too heavy weight to be used in Sensor Networks .

-The packet format adds many bytes of overhead and they were not being designed to built on WSN.

13

Design of TinySec

• Two different security Options --Authentication Encryption TinySec –AE

--Authenticated only – TinySec – Auth

In both the cases the data is authenticated with MAC and thus maintaining Data Integrity.

14

Header MACs

HeaderMessage MAC

Message

encrypted

How can we Encrypt ??

• Requirements for encryption – To select an encryption scheme

– To specify the IV format– 8 Byte IV format

15

CIPHER BLOCK CHAINING

: CBC

Different modes of Encryption

• A stream Cipher uses a Key and IV . • Together they are ex-ored with message to get

the cipher text (C = M+K.IV).• Drawbacks :- If same IV is used to encrypt 2

different packets then there is a possibility of retrieving both the packets.

16

Symmetric key encryption schemes

Modes of operation using block cipherStream Ciphers

What is CBC mode of Encryption??

• Link – • In (CBC) mode, each block of plaintext is

XORed with the previous ciphertext block before being encrypted.

• This way, each ciphertext block is dependent on all plaintext blocks processed up to that point.

17

Drawbacks of CBC Mode .

• Given two plaintexts P and P’ .If the IV used for the two plaintexts are same then there exists a possibility that the length of the longest shared message is shared / known .

18

How does the packet format for TinySec Looks like ??

19

Dest : Destination

addressAM : Active Message

Handler typeL: length of the

data Src : source of the address

Security Analysis of TinySec Message Integrity and Authenticity

• Security of a CBC –MAC is proportional to the length of the MAC .

• Choice of 4 bytes MAC ??

20

Implementation of TinySec

• Implemented on Berkeley Sensor Nodes• Integrated into TOSSIM simulator• 3000 Lines of nesC code • Works in FIFO format • Thus TinySec has got 2 priority Schedulers

21

Evaluation• Energy Consumption• Power Consumption• Bandwidth

- Energy : 24 bytes of data was transmitted

22

Evaluation

23

Evaluation (Cont)• Since the power consumed by TinySec-AE is

maximum ( for majority of time )the energy consumed by TinySec –AE will also be maximum

• While sending with TinySec the packets are also larger in length

24

Bandwidth

• To measure Bandwidth- 24 bytes packets were sent using TinyOS , TinySec –Auth , Tiny-Auth Enc .

• Measured the number of packets that were successfully received .

25

26

Conclusions

• We have learnt that there are design vulnerabilities in the conventional protocols for sensor networks.

• TinySec addresses this with extreme careful design and takes advantage of the limitations of Sensor Networks

27

References

• http://www.webopedia.com/quick_ref/OSI_Layers.asp

• http://camars.kaist.ac.kr/~hyoon/courses/cs710_2004_fall/rhoyo.ppt

• http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29

28