1 / 28

Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme

Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme. Benedikt Bock Hasso-Plattner-Institute, Digital Engineering Faculty, University of Potsdam. Wireless Personal Area Network. Smart Home [2]. Smart Parking [1]. Chip Memory ≤ 32kB

collice
Download Presentation

Link Layer Key Revocation and Rekeying for the Adaptive Key Establishment Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Link Layer Key Revocation and Rekeying for theAdaptive Key Establishment Scheme Benedikt Bock Hasso-Plattner-Institute, Digital Engineering Faculty, University of Potsdam

  2. Wireless Personal Area Network AKES Key Revocation and Rekeying Smart Home [2] Smart Parking [1]

  3. Chip Memory ≤ 32kB Processor 32MHz ARM Cortex M3 Programm Memory ≤ 512kB Energy BatteryPowered ConstraintsofIoT Devices CC2538 [3] AKES Key Revocation and Rekeying

  4. IEEE 802.15.4 AKES Key Revocation and Rekeying

  5. IEEE 802.15.4 AKES Key Revocation and Rekeying

  6. Key Management Key Management Session Key Establishment Rekeying Key Revocation AKES Key Revocation and Rekeying

  7. Adaptive Key Establishment Scheme [4] AKES Key Revocation and Rekeying

  8. Adaptive Key Establishment Scheme [4] Key Management Session Key Establishment Rekeying Key Revocation • Pairwisesessionkeyestablishmentbased on predistributedkeys • Works with all predistributionschemes (e. g. fully pairwisekeysscheme [5]) • Denial-of-sleep resilient Key Predistribution AKES Key Revocation and Rekeying

  9. Key Revocation and Rekeying • Distributed • All nodessharetheresponsibility to find and evictnodes. • Consensus between all nodesisnecessary • Moore et al. [6] proposed a suicidebasedapproach • Assumesintrusiondetectionsystem on eachnode • Assumeseven network topology • Chuang et al. [7] proposed a pkcbasedapproach • High calculationcost • Centralized • Single instanceisresponsible to find and evictnodes • Dini et al. [8] proposed a floodingbasedprotocol • Usesbroadcasts and thereforeassumesthatmessagesarereceived and mayberouted via evictednodes • Assumesknown network topology • Raza et al. [9] Proposed a unicastbasedapproch • Based on CoAP and thereforeroutesmessages via evictednodes. AKES Key Revocation and Rekeying

  10. Approach • Design Goals • Energy-efficientoperation • Avoidevictednodes • Independence from network topology • Live Feedback • Incorporationintoprotocols • Centralized • Unicastbased • Link layer source routing AKES Key Revocation and Rekeying

  11. Approach - Overview AKES Key Revocation and Rekeying

  12. Approach - Overview AKES Key Revocation and Rekeying

  13. Approach - Overview AKES Key Revocation and Rekeying

  14. Approach - Overview AKES Key Revocation and Rekeying

  15. Approach - Overview AKES Key Revocation and Rekeying

  16. Approach - Overview AKES Key Revocation and Rekeying

  17. Approach - Overview AKES Key Revocation and Rekeying

  18. Approach - Overview AKES Key Revocation and Rekeying

  19. Approach – Control Flow AKES Key Revocation and Rekeying

  20. Approach – Control Flow AKES Key Revocation and Rekeying

  21. Approach – Distribution Flow AKES Key Revocation and Rekeying

  22. Focus on messagedistribution Border Nodes and Nodes Based on Contiki-NG Base Station Based on Python aiocoapasCoAPlibrary Implementation AKES Key Revocation and Rekeying

  23. Evaluation • Based on Coojasimulation • Simulation speed 100% • Base Station connected via Unix sockets • Measurements • Total duration • Numberofsentframes • Sentframes per node AKES Key Revocation and Rekeying

  24. Evaluation – Total Duration • Duration of 55.5 secondswith 100 nodes and 1 bordernode • Half amountofnodesmeans half duration • Double amountofbordernodesmeans half duration Approximately linear scalability AKES Key Revocation and Rekeying

  25. Evaluation – Sent Frames • Additional bordernodesreducetheamountof send framessignificantly • Sentframes per nodearereducedwith an additional bordernode Additonalbordernodesimproveenergyefficiency AKES Key Revocation and Rekeying

  26. Fragmentation of link layerframes Optimizelayer 3 adaption Further evaluationwithinphysicaltestbed Future Work AKES Key Revocation and Rekeying

  27. References AKES Key Revocation and Rekeying

  28. Q&A

More Related