View
222
Download
2
Embed Size (px)
Citation preview
Using the CC2420 with AES Support
Eric Famiglietti and Simone Willett
WSN Encryption IssuesLack of physical protection
Resource constraintsPublic-key cryptography, RSA
Unsuitable for low power and limited memory
Key establishment/distribution problemSymmetric-key algorithms
WSN Encryption ExamplesIdentity-based encryption
http://eprint.iacr.org/2007/020.pdfSolves problem of public-key exchange
RSA, Elliptic curve cryptographyhttp://www.cs.wayne.edu/~weisong/papers/walters
05-wsn-security-survey.pdf
TinySecDES, RC5, Skipjack, AES
AESAdvanced Encryption Standard
Successor of DES
Symmetric key encryption standard
Used worldwide
Fixed block size of 128 bits
Key size of 128, 192, or 256 bits
Number of rounds of encryption10, 12, 14 respectively
AES: PerformanceFaster in hardware
Good performance was an explicit goalPerforms well on a variety of hardware
Trust ManagementWe are primarily concerned with authorization,
as opposed to authentication.
Authentication is the mechanism whereby systems may securely identify their users.
Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system.
Trust Management, the bottomline
Main GoalWe would like to set up a public key encryption
to authorize the sender and receiver then establish AES session keys.Verification takes 2 minutes. - unrealistic
Sprocket currently works with software created AES keys that are sent across the air and verified by the nodes.
Do all AES encryption on the chip.
Trust Mangement = RT0Flexible approach to access control in distributed
systems
Access control decisions are based on the policy statements, called credentials,
Permissions in RT0 are represented by roles.
Credentials are made by different principals and stored in a distributed manner
CredentialA credential is a statement
Signed by the issuerAbout a subjectContaining info about the subject.
Requirements:Unforgeable.Verifiable (belongs to the entity asking for the
service)SignedHave well defined semantics.
Example
CertificateContains credential information in an over the
air format.
A role A.r denotes the set of entities that are members of it.Example: UVM.studentId Alice
Entities can define roles, issue credentials, and make requests.
In our case identities are pubic keys.
Certificate ValidityCredentials contain private information and
should be treated as such (e.g. medical record).
Since an authorizer receives certificates from an unknown potentially untrustworthy entities, the validity must be checked
Signatures
Certificate must not have expired.
Show Verify ExampleForm 1 is A.r E
Form 1
Public Key 40 bytes.
Role 1
Pub Key2 40 bytes.
Signature 2(21) = 42 bytes.
Total 124 bytes.
Project Currently symmetric keys are being used to
encrypt with software.
We want to use the hardware to make this a faster process.CC2420 chip that has AES support.
Allow for multiple keys and decryptionMany motes talking at once
http://focus.ti.com/lit/ds/swrs041b/swrs041b.pdf
Steps1) Use the hardware version of AES in a simple
Blink program.
2) Use hardware AES to send and receive packets that are encrypted.
3) Integrate into the overall project.
4) Test and optimize.
Encryption on CC2420Use Hardware security in CC2420.
The encryption provides a plain AES encryption, with 128 bit plaintext and 128 bit keys.
To encrypt a plaintext, a node first writes the plaintext to the stand-alone buffer SABUF, and issues a SAES command to initiate the encryption.
When encryption is complete, the ciphertext is written to the buffer, overwriting the plaintext.
Interfacesinterface CC2420Register as SECCTRL0;
interface CC2420Register as SECCTRL1;
interface CC2420Ram as KEY0;
interface CC2420Ram as SABUF;
interface CC2420Strobe as SAES;
interface CC2420Strobe as SNOP;
How to startFirst power up the chip.
Initialize the key.
Encrypt.
Send
Decrypt.
Show AES Standalone example
Referenceswww.cs.purdue.edu/homes/ninghui/readings/trus
t/rt_slides.pdf.
Theory.stanford.edu/~ninghui/talks/rt_oakland02_slides.pdf.
Cis.sjtu.edu.cn/…/The_Standalone_AES_Encryption_of_CC2420_(TinyOS_2.10_and_MICAz)