DOC PREVIEW
Sizzle - A Standards-based end-to-end Security Architecture for the Embedded Internet

This preview shows page 1-2-3 out of 10 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Sizzle: A Standards-based end-to-end Security Architecturefor the Embedded InternetVipul Gupta, Matthew Millard∗, Stephen Fung*, Yu Zhu*,Nils Gura, Hans Eberle, Sheueling Chang ShantzSun Microsystems Laboratories16 Network Circle, UMPK16 160Menlo Park, CA [email protected], [email protected], [email protected]@hotmail.com, {nils.gura, hans.eberle, sheueling.chang}@sun.comAbstractThis paper introduces Sizzle, the first fully-implementedend-to-end security architecture for highly constrained em-bedded devices. According to popular perception, public-key cryptography is beyond the capabilities of such devices.We show that elliptic curve cryptography (ECC) not onlymakes public-key cryptography feasible on these devices, itallows one to create a complete secure web server stackincluding SSL, HTTP and user application that runs effi-ciently within very tight resource constraints. Our smallfootprint HTTPS stack needs less than 4KB of RAM andinteroperates with an ECC-enabled version of the Mozillaweb browser. We have implemented Sizzle on the 8-bitBerkeley/Crossbow Mica2 ”mote” platform where it cancomplete a full SSL handshake in less than 4 seconds (ses-sion reuse takes under 2 seconds) and transfer 450 bytes ofapplication data over SSL in about 1 second. We presentadditional optimizations that can further improve perfor-mance. To the best of our knowledge, this is the world’ssmallest secure web server (in terms of both physical di-mensions and resources consumed) and significantly lowersthe barrier for connecting a variety of interesting new de-vices (e.g. home appliances, personal medical devices) tothe Internet without sacrificing end-to-end security.1. IntroductionIn the last several years, the Internet has grown rapidlybeyond servers, desktops and laptops to include handhelddevices like PDAs and smart phones. There is now a grow-ing realization that this trend will continue as increasing∗This work was performed while the authors were on a student intern-ship from the Univ. of Waterloo, Canada.numbers of even simpler, more constrained devices (sen-sors, home appliances, personal medical devices) get con-nected to the Internet. The term “embedded Internet” isoften used to refer to the phase in the Internet’s evolutionwhen it is invisibly and tightly woven into our daily lives.Embedded devices with sensing and communication capa-bilities will enable the application of computing technolo-gies in settings where they are unusual today: habitat mon-itoring [26], medical emergency response [31], battlefieldmanagement and home automation.Many of these applications have security requirements.For example, health information must only be made avail-able to authorized personnel (authentication) and be pro-tected from modification (data integrity) or disclosure (con-fidentiality) in transit. Even seemingly innocuous data suchas temperature and pressure readings may need to be se-cured. Consider the case of a chemical plant where sensorsare used to continuously monitor the reactions used in man-ufacturing the final product. Without adequate security, anattacker could feed highly abnormal readings into the mon-itoring system and trigger catastrophic reactions.Secure Sockets Layer (SSL)1[10] is the most popu-lar security protocol on the Internet today. It is built intomany popular applications, including all well known webbrowsers, and is widely trusted to secure sensitive trans-actions including on-line banking, stock trading, and e-commerce. This paper describes our investigation into us-ing the same protocol to secure the embedded Internet.SSL combines public-key cryptography for key-distribution/authentication with symmetric-key cryptogra-phy for data encryption and integrity. Public-key cryptog-raphy is widely believed to be beyond the capabilities ofembedded devices. This perception is primarily driven by1Throughout this paper, we use SSL to refer to all versions of this pro-tocol including version 3.1 aka Transport Layer Security (TLSv1.0) [8].experiments involving RSA, today’s dominant public-keycryptosystem [5].First proposed by Victor Miller [19] and independentlyby Neal Koblitz [17] in the mid-1980s, Elliptic Curve Cryp-tography (ECC) is emerging as an attractive alternative toRSA for resource-constrained environments. Recent workin our research group has shown that it is possible to developan efficient software implementation of ECC for 8-bit CPUsand bring the advantages of public-keycryptographyto con-strained devices where traditional alternatives like RSA areimpractical [14].On top of this ECC implementation, we have built asmall-footprint secure web server stack (including HTTPand SSL), called Sizzle2, that runs efficiently under tight re-source constraints and interoperates with an ECC-enabledversion of the Mozilla web browser [11]. The main contri-butions of this paper are:• We describe the first fully-implemented, end-to-endsecurity architecture for embedded devices.• We describe the challenges posed by tight resourceconstraints on these devices and design choices wemade to overcome them.• We measure the performance and resource utilizationof various subcomponents as well as the complete sys-tem and show that they are reasonable for their in-tended application scenarios.The remainder of this paper is organizedas follows: Sec-tion 2 reviews related work. Section 3 provides an overviewof Elliptic Curve Cryptography. Section 4 discusses theSSL protocol and its use of ECC. Section 5 describes Siz-zle including its main features and the overall architecture.We present performance results and resource consumptionstatistics for Sizzle in Section 6. Finally, Section 7 summa-rizes our conclusions.2. Related WorkSecure web servers for small devices have been built byPeerSec Networks [22] and Zingg [32]. However, none ofthese efforts has produced an implementation suitable forhighly constrained embedded platforms such as the 8-bitBerkeley/Crossbow Mica2 motes shown in Figure 1. The“mote” is particularly interesting because it is emerging asthe preferred platform for much of sensor related researchin academia and industry [28].The Mini Web Server with SSL [32] targets theIPC@CHIP platform which has a 20MHz, 16-bit Intel80186 processor, 512KB of Flash, 512KB of RAM and abuilt-in Ethernet connection. The SSL code size is around2This name derives from ”Slim SSL” (SSSL).Figure 1. The Berkeley/Crossbow family of"mote" devices [7] (left to


Sizzle - A Standards-based end-to-end Security Architecture for the Embedded Internet

Download Sizzle - A Standards-based end-to-end Security Architecture for the Embedded Internet
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Sizzle - A Standards-based end-to-end Security Architecture for the Embedded Internet and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Sizzle - A Standards-based end-to-end Security Architecture for the Embedded Internet 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?