1 / 9

Li ghtweight S ecurity P rotocol

Li ghtweight S ecurity P rotocol. “Security in Networked Embedded Systems”. T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan. C RYPTOGRAPHY. C RYPTO K EY. Secure only if key length large enough >> 75 bits (M. Blaze).

starbuck
Download Presentation

Li ghtweight S ecurity P rotocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lightweight Security Protocol “Security in Networked Embedded Systems” TAEJOON PARK Real-Time Computing Laboratory Department of EECS The University of Michigan

  2. CRYPTOGRAPHY CRYPTO KEY • Secure only if key length large enough • >> 75 bits (M. Blaze) • Only use ciphers carefully studied • Resistence to cryptanalysis £ • Processing £ • Nullifying effect of key in ciphertext ? • e.g., 802.11 WEP • Key search attack ? • e.g., DES ~ 256 • Same key forever ? CHALLENGES KEY MANAGEMENT • Security £ • Efficiency, user-friendlyness ¤ • Process to generate, store, • protect, transfer, use & destroy key • Dynamic, unmanned, renewable • Also trust management, pricing, privacy • Compatible with existing app/svc • e-Business, PayTV, Internet How to Secure Systems ? Secure System • Confidentiality • Integrity, Authenticity • Access Control • Availability

  3. CHALLENGES OUR APPROACH Lightweight Wireless Not sacrificing security level easier eavesdropping, jamming Limited Energy Distributed, P2P Large-scale Tailored to Threat / Svc Security in Networked Embedded Systems No fixed infrastructure, self-organizing Battery-powered A large number of nodes Dynamic addition / removal Possibly mobile, unattended

  4. Data Attacks Data Attacks • Traffic capture / replay • Spoofing if unencrypted • Man-in-the-middle attack • Traffic injection / flooding • Unlimited spoofing • DoS attack Radio Attacks Service Disruption Attacks • High-power jamming • Detection of radio sources, • Hot spots • Routing – altered route updates, selective relaying • Disruption of clock synch. Misc. Physical Attacks • Reprogram as malicious • Destroy device • Extract key material • Service/data to adversary • Malicious service to net. Threat Model OUTSIDER INSIDER

  5. Attack on Data Group-based Key Management Globally shared Shared secret-key H/W • Expensive • Not absolutely safe Tamper resistance • Vulnerable to node compromises • Globally • Group-based • Pairwise • Hierarchical nets • via Key Broadcast • Eavesdropping Soft Tamper-Proofing via Program-Integrity Verification Group-shared • Data • Modification/ injection S/W • O: No security • Obfuscation • Large overhead of (unicast) re-keying Distributed Key Management • RC,SD: Incurs runtime overhead • Result Checking Re-keying Pairwise-shared • Peer-to-peer nets • via Distributed Key Servers • SD: How to protect decryption routine? • Self-Decrypting programs • Periodically • Event-triggered • Service disruption • DoS • Large overhead of encr/decr per link Attack on Devices • The adversary can • capture • reverse-engineer • re-program • clone • sensor device(s) Why LiSP ? THREAT DEFENSE PROBLEM SOLUTION

  6. PROGRAM INTEGRITY VERIFICATION INTRUSION DETECTION KEY MANAGEMENT suspicious sensor compromised sensor Probe Monitor new sensor Activate / Lock Re-key Reconfigure Reconfigure SECURITY TRADEOFF LiSP Architecture Goal: A lightweight security framework for various NEST applications

  7. KEY IDEA Unicasting à Broadcasting (without retransmissions / ACKs) Authentication & Recovery of GK using One-Way Hash Function Authenticate GK without dedicated MAC field Detect / recover lost (corrupted) GK Double-Buffering for Robustness to Inter-Sensor Clock Skews Group Key Management OBJECTIVE Static Preloaded Key àDynamic Key Periodic Renewal of Group-Key (GK) Maximize Performance given Key Renewal Frequency

  8. H H H H H H GK5 GK1 GK2 GK3 GK4 GK5 GK6 GK7 lost/corrupted Ucast Bcast Bcast GK3 GK4 SENSOR Key Buffer GK1 GK5 GK2 = H(GK3) GK1 = H(GK2) GK5 = H(GK6) GK4 GK2 GK3 GK2 GK3 GK4 Key Slots Much less C at the expense of reasonable P Communication vs Processing Energy-efficient because C>>>P Group Key Management KEY SERVER GK3 GK4 GK4 GK6

  9. DARPA Demo Tool for Visualizing Key Management 1. Key Distribution Visualize rekeying process via GUI & Mote LEDs 2. Key Recovery Randomly skipping key disclosure(s) 3. Tradeoffs Adjust rekeying period & length of key buffer

More Related