1 / 22

Using the CC2420 with AES Support

Using the CC2420 with AES Support. Eric Famiglietti and Simone Willett. WSN Encryption Issues. Lack of physical protection Resource constraints Public-key cryptography, RSA Unsuitable for low power and limited memory Key establishment/distribution problem Symmetric-key algorithms.

dalit
Download Presentation

Using the CC2420 with AES Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Using the CC2420 with AES Support Eric Famiglietti and Simone Willett

  2. WSN Encryption Issues • Lack of physical protection • Resource constraints • Public-key cryptography, RSA • Unsuitable for low power and limited memory • Key establishment/distribution problem • Symmetric-key algorithms

  3. WSN Encryption Examples • Identity-based encryption • http://eprint.iacr.org/2007/020.pdf • Solves problem of public-key exchange • RSA, Elliptic curve cryptography • http://www.cs.wayne.edu/~weisong/papers/walters05-wsn-security-survey.pdf • TinySec • DES, RC5, Skipjack, AES

  4. AES • Advanced Encryption Standard • Successor of DES • Symmetric key encryption standard • Used worldwide • Fixed block size of 128 bits • Key size of 128, 192, or 256 bits • Number of rounds of encryption • 10, 12, 14 respectively

  5. AES: Performance • Faster in hardware • Good performance was an explicit goal • Performs well on a variety of hardware

  6. Trust Management • We are primarily concerned with authorization, as opposed to authentication. • Authentication is the mechanism whereby systems may securely identify their users. • Authorization is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system.

  7. Trust Management, the bottomline

  8. Main Goal • We would like to set up a public key encryption to authorize the sender and receiver then establish AES session keys. • Verification takes 2 minutes. - unrealistic • Sprocket currently works with software created AES keys that are sent across the air and verified by the nodes. • Do all AES encryption on the chip.

  9. Trust Mangement = RT0 • Flexible approach to access control in distributed systems • Access control decisions are based on the policy statements, called credentials, • Permissions in RT0 are represented by roles. • Credentials are made by different principals and stored in a distributed manner

  10. Credential • A credential is a statement • Signed by the issuer • About a subject • Containing info about the subject. • Requirements: • Unforgeable. • Verifiable (belongs to the entity asking for the service) • Signed • Have well defined semantics.

  11. Example

  12. Certificate • Contains credential information in an over the air format. • A role A.r denotes the set of entities that are members of it. • Example: UVM.studentIdAlice • Entities can define roles, issue credentials, and make requests. • In our case identities are pubic keys.

  13. Certificate Validity • Credentials contain private information and should be treated as such (e.g. medical record). • Since an authorizer receives certificates from an unknown potentially untrustworthy entities, the validity must be checked • Signatures • Certificate must not have expired.

  14. Show Verify Example • Form 1 is A.r E • Form 1 • Public Key 40 bytes. • Role 1 • Pub Key2 40 bytes. • Signature 2(21) = 42 bytes. • Total 124 bytes.

  15. Project • Currently symmetric keys are being used to encrypt with software. • We want to use the hardware to make this a faster process. • CC2420 chip that has AES support. • Allow for multiple keys and decryption • Many motes talking at once • http://focus.ti.com/lit/ds/swrs041b/swrs041b.pdf

  16. Steps • Use the hardware version of AES in a simple Blink program. • Use hardware AES to send and receive packets that are encrypted. • Integrate into the overall project. • Test and optimize.

  17. Encryption on CC2420 • Use Hardware security in CC2420. • The encryption provides a plain AES encryption, with 128 bit plaintext and 128 bit keys. • To encrypt a plaintext, a node first writes the plaintext to the stand-alone buffer SABUF, and issues a SAES command to initiate the encryption. • When encryption is complete, the ciphertext is written to the buffer, overwriting the plaintext.

  18. Interfaces • interface CC2420Register as SECCTRL0; • interface CC2420Register as SECCTRL1; • interface CC2420Ram as KEY0; • interface CC2420Ram as SABUF; • interface CC2420Strobe as SAES; • interface CC2420Strobe as SNOP;

  19. How to start • First power up the chip. • Initialize the key. • Encrypt. • Send • Decrypt.

  20. Show AES Standalone example

  21. References • www.cs.purdue.edu/homes/ninghui/readings/trust/rt_slides.pdf. • Theory.stanford.edu/~ninghui/talks/rt_oakland02_slides.pdf. • Cis.sjtu.edu.cn/…/The_Standalone_AES_Encryption_of_CC2420_(TinyOS_2.10_and_MICAz)

More Related