TinySec Link Layer Security Chris Karlof Naveen Sastry David Wagner University of California Berkeley Presenter Todd Fielder Overview Challenges Limited computing power Limited RAM Limited Bandwidth 1 bit consumes as much energy as 800 1000 instructions Goals Authenticity integrity and confidentiality End to end security not viable Intermediate sensors must access payload Aggregation Duplicate Elimination Design Goals Access Control and Message Integrity Access Control Prevent Unauthorized nodes from participating in the network Message Integrity Receiver can detect modified packets Confidentiality Semantic Security Prevents adversary from learning partial information Explicit Omission Replay Protection Same message played at a later time should reveal no additional information Security Primitives Message Authentication Codes Requires authorized senders and receivers to share a secret key Initialization Vectors Helps encryption achieve semantic security Typically sent in the clear Design Authenticated Encryption Encrypts payload and authenticates with a MAC Authentication Only Payload not encrypted IV Design IV adds overhead Length Generation IV s repeat after 2 n 1 packets are sent Probabilistically expect a collision at 2 n 2 IV structure is dst AM l src ctr Guarantees 2 16 packets before reuse from each node For n nodes n 2 16 packets At one packet per minute no IV reuse for 45 days No data for brute force attack on IV Can use key update protocol every 45 days to not have key reuse Encryption Scheme Block Cipher used due to potential for key reuse Stream ciphers insecure if key is reused IV encrypted Cipher text stealing used to ensure ciphertext is same length as plaintext Skipjack block cipher used AES and Triple DES too slow RC5 requires key schedule to be pre computed 104 bytes extra RAM per key Skipjack Block Cipher Developed by NSA Declassified in 1998 More Secure than DES 80 bit key DES 56 bit 32 rounds DES 16 rounds Packet Format Common Fields Destination Address Message Type and length Sent in clear to allow early rejection However this gives attacker knowledge of IV and now have a better chance of brute force attack IV dst AM l src ctr Src ctr 2 16 dst AM l src ctr 2 32 Implementation 3000 lines of nesC code language for TinyOS 728 Bytes of RAM 7146 Bytes of program space Two Priority Scheduler High Priority Real time Schedule for Cryptographic functions Must be completed by the time the radio sends the start signal Low priority FIFO run to completion schedule for all other tasks Currently uses network wide shared key Evaluation Two components add to costs of TinySec Increased packet size 1 or 5 bytes Increased computation Authenticated Encryption 4 Authentication only 2 Evaluation Cont Throughput Authentication Almost identical throughput Authenticated Encryption 6 less total throughput Questions
View Full Document
Unlocking...