Escolar Documentos
Profissional Documentos
Cultura Documentos
Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context of Crisis Management and Societal Security Dennis K. Nilsson 080415
Sensor Networks
Measurement Control Sensor node limitations
Security Possible?
Authenticated broadcasting
Communication overhead TESLA suitable for desktop workstations
Agenda
System Description Security Requirements SNEP Sensor Network Encryption Protocol TESLA Authenticated broadcast Implementation and Evaluation Conclusion
System Description
Node to base station Base station to node Base station to all nodes Individual nodes Wireless communication Symmetric cryptography single block cipher for all cryptographic primitives
Design
Security Requirements
Data confidentiality
Data authentication
Data integrity
Data freshness
SNEP
Data confidentiality Two-party data authentication Data integrity Data freshness
Prerequisites:
Shared secret key (master key) between each node and the base station
SNEP
SNEP
Encryption
E = {D}<Kencr,C>
M = MAC(Kmac,C|E)
MAC
Message from A to B
A B: {D}<Kencr,C>, MAC(Kmac,C|{D}<Kencr,C>)
TESLA
Redesign of TESLA protocol TESLA not suitable for sensor networks
Authenticates initial packet with a digital signature Overhead of 24 bytes per packet (sensor node packet size ~30 bytes) Disclose key for previous intervals with every packet One-way key chain does not fit in memory
TESLA
Base station broadcasts authenticated messages to the nodes Base station and nodes loosely time synchronized Base station computes MAC on a packet with a key that is secret at that time Receiving node can verify that corresponding MAC key has not been disclosed MAC key chain Ki = F(Ki+1)
TESLA - Example
F K0 0 K1 1 P1 P2 F K2 2 P3 P4 K1 F K3 3 P5 F K4 4 P6 K2 P7 K3 K4 time
TESLA
Sender setup
Generate one-way key chain of length n from randomly chosen Kn Each key is associated with one interval
A commitment of the key chain is stored in receiver, subsequent keys are selfauthenticated
Bootstrap receiver
TESLA
small code size and high efficiency but 32-bit data rotates (8-bit CPU)
Counter mode (same function for encryption and decryption) MAC(Krand,C)
Encryption
Random-number generation
MAC
Key setup
Code size
Crypto library and protocol implementation 2kB of program memory Key setup 8000 cycles, 8-byte encryption 120 cycles, twenty 30-byte messages per second
Encrypting and signing: 6 bytes overhead per message (~20%) MAC computation 2%
Performance
Energy costs
Conclusion
Authenticated and confidential communication Authenticated broadcast Use symmetric cryptography Code reuse Communication costs are small
Many elements of the design are universal and can be applied to other sensor networks