TinySec: A Link Layer Security Architecture for Wireless Sensor NetworksOverviewMotivationTINYSECSecurity threats in Sensor NetworksMotivation for Link layer security in Sensor NetworksSlide 7Design GoalsSecurity GoalsPerformance goalsUsability GoalsSecurity PrimitivesTINYSEC-DESIGNTinysec IV formatEncryption schemesTinySec packet FormatSecurity Analysis of TinySec Message Integrity and AuthenticityConfidentiality analysis for TinysecKeying MechanismsKeying mechanism –contd.Implementation of TinySecPerformance Evaluation of TinySecCipher PerformanceEnergy CostsThroughputPerformance summaryConclusionsReferencesTinySec: A Link Layer Security Architecture TinySec: A Link Layer Security Architecture for Wireless Sensor Networksfor Wireless Sensor NetworksSeetha ManickamSeetha ManickamModified by Sarjana SinghModified by Sarjana SinghOverviewOverviewMotivation TinySec-IntroductionSensor Networks Security threats and Need for link layer security architecture designDesign goalsTiny sec DesignSecurity Analysis of TinysecPerformance Evaluation of Tiny SecConclusionMotivationMotivation•Sensor networks : Resource constraint networks – small memories, weak processors, limited energy.•Conventional security protocols (802.11b , 802.15.4 are found to be insecure , adds lot of overhead (16-32 bytes) ).•Need for a new security architecture for sensor networks –TINYSEC .TINYSEC TINYSEC •Light weight and efficient generic link layer security package.•Developers can easily integrate into sensor network applications.•A research platform that is easily extensible and has been incorporated into higher level protocols.Security threats in Sensor NetworksSecurity threats in Sensor Networks•Use of wireless communications -In a broadcast medium, adversaries can easily eavesdrop on, intercept, inject and alter transmitted data.•Adversaries can Interact with networks from a distance by expensive radio transceivers and powerful workstations.•Resource consumption attacks: Adversaries can repeatedly send packets to drain nodes battery and waste network bandwidth, can steal nodes.•However , these threats are not addressed. Focus is on guaranteeing message authenticity, integrity and confidentiality.Motivation for Link layer security in Motivation for Link layer security in Sensor NetworksSensor Networks•End-End security Mechanisms : Suitable only for conventional networks using end-end communications where intermediate routers only need to view the message headers. •BUT, in Sensor networks In-network processing is done to avoid redundant messages-Requires intermediate nodes to have access to whole message packets and just not the headers as in conventional networks. ..contd..Motivation for Link layer security in Motivation for Link layer security in Sensor NetworksSensor Networks•Why end-end security mechanisms not suitable for sensor networks?•If message integrity checked only at the destination, the networks may route packets injected by an adversary many hops before they are detected. This will waste precious energy.•A link layer security mechanism can detect unauthorized packets when they are first injected onto the network.Design GoalsDesign Goals•Security Goals•Performance Goals•Usability GoalsSecurity GoalsSecurity Goals•A link layer security protocol should satisfy three basic security properties:•Access control and Message integrity -prevent unauthorized parties from participating•Confidentiality - keeping information secret form unauthorized parties•Explicit omission: Replay protection -an adversary eavesdropping a legitimate message sent between 2 authorized parties and replays it at a some time laterPerformance goalsPerformance goals•A system using cryptography will incur increased overhead in length of the message.•Increased message length results- -decreased message throughput -increased latency -Increased Power Consumption( Sensor Networks  )Usability GoalsUsability Goals•Security Platform- Higher level security protocols can use Tinysec to create secure pair wise communication between neighboring nodes.•To reduce the effort, TinySec should provide proper interfaces•Transparency- Should be transparent to the user•Portability- Should fit into the radio stack so that porting the radio stack from one platform to another is easy.Security PrimitivesSecurity Primitives•Message Authentication code - A cryptographic checksum for checking the message integrity•Initialization vector (IV) -A side input to the encryption algorithm. - Provides Semantic SecurityTINYSEC-DESIGNTINYSEC-DESIGNTwo Security Options 1.Authentication Encryption (Tinysec-AE) 2. Authentication only (Tinysec-Au)•Encryption :  Specifying the IV format  Selecting an encryption Scheme( CBC)Tinysec IV formatTinysec IV format•IV too long- add unnecessary bits to the packet•Too short – Risk of repetition•How long should be the IV? N bit IV repeat after 2^n +1. If we use a n bit counter repetitions will not happen before that point.Encryption schemesEncryption schemes•CBC is the most appropriate scheme for sensor networks –why?•Works better with repeated IVs.•IVs can be pre encrypted for use since it is proved that CBS mode is highly secure with non repeated IVS.•One drawback- Message expansion •Use Cipher text stealing-Cipher text length=plaintext lengthTinySec packet FormatTinySec packet FormatSecurity Analysis of TinySecSecurity Analysis of TinySecMessage Integrity and AuthenticityMessage Integrity and Authenticity•Security of CBC-MAC is proportional to the length of the MAC.•Is the choice of 4 byte MAC- less secure then? – NO!!!!! ..Not for sensor networks!•Given 4 byte MAC- adversary should make at least 2^31 tries. Even if the adversary flood the channel, he can send only 40 forgery attempts/sec, sending 2^31 would take 20 months. Battery operated nodes do not have that much energy to collect all those packets.Confidentiality analysis for TinysecConfidentiality analysis for Tinysec•Combination of carefully formatted IVs , low data rates and CBC mode for encryption achieves high confidentiality in TinySec.•The format of the last 4 bytes –maximizes the number of packets each node can send before there is a repetition of IV.•For a network of n nodes, n.2^16 packets will be sent before the reuse of IV.Keying MechanismsKeying Mechanisms•Appropriate keying mechanism for a