1 / 13

TinySec: Link Layer Security

TinySec: Link Layer Security. Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder. Overview. Challenges: Limited computing power Limited RAM Limited Bandwidth 1 bit consumes as much energy as 800-1000 instructions! Goals

obelia
Download Presentation

TinySec: Link Layer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder

  2. Overview • Challenges: • Limited computing power • Limited RAM • Limited Bandwidth • 1 bit consumes as much energy as 800-1000 instructions! • Goals • Authenticity, integrity, and confidentiality • End-to-end security not viable • Intermediate sensors must access payload • Aggregation • Duplicate Elimination

  3. Design Goals • Access Control and Message Integrity • Access Control: Prevent Unauthorized nodes from participating in the network. • Message Integrity: Receiver can detect modified packets • Confidentiality • Semantic Security: Prevents adversary from learning partial information. • Explicit Omission • Replay Protection: Same message played at a later time should reveal no additional information

  4. Security Primitives • Message Authentication Codes • Requires authorized senders and receivers to share a secret key. • Initialization Vectors • Helps encryption achieve semantic security • Typically sent in the clear

  5. Design • Authenticated Encryption • Encrypts payload and authenticates with a MAC • Authentication Only • Payload not encrypted

  6. IV Design • IV adds overhead • Length • Generation • IV’s repeat after 2^n + 1 packets are sent • Probabilistically, expect a collision at 2^(n/2). • IV structure is dst||AM||l||src||ctr. • Guarantees 2^16 packets before reuse from each node. • For n nodes, n*2^16 packets. • At one packet per minute, no IV reuse for 45 days. • No data for brute force attack on IV • Can use key update protocol every 45 days to not have key reuse.

  7. Encryption Scheme • Block Cipher used due to potential for key reuse • Stream ciphers insecure if key is reused. • IV encrypted. • Cipher text stealing used to ensure ciphertext is same length as plaintext. • Skipjack block cipher used • AES and Triple-DES too slow. • RC5 requires key schedule to be pre-computed • 104 bytes extra RAM per key

  8. Skipjack Block Cipher • Developed by NSA • Declassified in 1998 • More Secure than DES • 80 bit key (DES: 56 bit) • 32 rounds (DES: 16 rounds)

  9. Packet Format • Common Fields: Destination Address Message Type, and length. • Sent in clear to allow early rejection. • However, this gives attacker knowledge of IV and now have a better chance of brute force attack. • IV: dst||AM||l||src||ctr • Src||ctr = 2^16 • dst||AM||l||src||ctr = 2^32

  10. Implementation • 3000 lines of nesC code language for TinyOS) • 728 Bytes of RAM • 7146 Bytes of program space • Two Priority Scheduler • High Priority, Real-time Schedule for Cryptographic functions • Must be completed by the time the radio sends the start signal. • Low priority, FIFO, run to completion schedule for all other tasks. • Currently uses network wide shared key.

  11. Evaluation • Two components add to costs of TinySec • Increased packet size • 1 or 5 bytes • Increased computation • Authenticated Encryption: 4% • Authentication only: 2%

  12. Evaluation Cont. • Throughput: • Authentication: Almost identical throughput. • Authenticated Encryption: 6% less total throughput.

  13. Questions?

More Related