Beruflich Dokumente
Kultur Dokumente
on
WSN Security
Piyush Mittal NIT, Rourkela
TinyOS
13/11/2010
wireless networks
1999 802.11, WEP 2000 2001
WEP broken [BGW] WEP badly broken [FMS] attacks pervasive
sensor networks
Berkeley motes
more TDMA flaws [WSK] GSM cloneable [BGW] GSM eavesdropping [BSW,BGW]
2002
2002
TinyOS 1.0 2003 TinyOS 1.1, TinySec
802.15.4 AES AR TinyOS 2 AES 13/11/2010 2
TinyOS
New
TinyOS
13/11/2010
Communications Security
TinyOS targets devices where energy and computation power are significant resource constraints. IEEE 802.15.4 takes a more modular approach to its design, and is suited for a variety of devices and applications.
TinyOS
13/11/2010
Need of TinyOS
Problems with traditional OS Multithreaded Architecture not useful Large Memory Footprint Does not help to conserve energy and power Requirements for Wireless Sensor Networks Efficient utilization of energy and power Small Footprint Should support variety in design and usage More emphasis on Concurrent execution
TinyOS
13/11/2010
Introduction to TinyOS
TinyOS began as a collaboration between University of California, Berkeley and Intel Research.[4] It is a free open source operating system designed for wireless sensor networks. It is an embedded operating system written in NesC It is power efficient as it makes the sensors sleep as soon as possible. Has small footprint as it uses a non-preemtable FIFO task scheduling. A typical TinyOS 'mote' platform has 10 KB of RAM, 100 KB of ROM.
TinyOS
13/11/2010
nesC
nesC (network embedded system C) is a language used to build applications in TinyOS. It is designed such a way to exhibit the concepts and execution model of TinyOS. nesC uses the filename extension .nc. Refer the tutorial given below to see a simple program in nesC. http://docs.tinyos.net/index.php/The_simplest TinyOS program
TinyOS
13/11/2010
TinyOS
13/11/2010
EXECUTIVE SUMMARY
The focus is on link layer security because, like other wireless networking technologies, the threat of interception by an adversary is always present. For resource-limited sensor networks, TinyOS is still the better choice. TinyOS packets can be encapsulated inside IEEE 802.15.4 frames, just like TCP/IP packets are encapsulated inside IEEE 802.11 frames.
TinyOS
13/11/2010
10
EXECUTIVE SUMMARY
The design and implementation of a TinyOS Sniffer tool is presented. A sniffer is the perfect tool for modern day network and security analysis. But such a tool is presently lacking in todays sensor network development kits. The current design is based on existing sensor network hardware and software components to enable a low-cost sniffer implementation.
TinyOS
13/11/2010
11
TinyOS
13/11/2010
12
Continue
TinyOS implements the Active Message (AM) system. AM types are similar to port numbers in TCP/IP. Each TinyOS packet includes an 8-bit AM type in the header.
TinyOS
13/11/2010
13
TinySec [3,5]
Early versions of TinyOS did not have security built in at all. In late 2004, the developers of TinyOS introduced TinySec. A lightweight generic link layer security package that developers can easily integrate into their TinyOS applications.
TinyOS
13/11/2010
14
SECURITY SERVICES
The security provided by TinyOS centers on message integrity and message confidentiality. TinyOS supports two security options: 1.authenticated-encryption (TinySec-AE) 2. authentication-only (TinySec-Auth) The default security mode of a TinySec-enabled application is TinySec-Auth.
TinyOS
13/11/2010
15
SECURITY SERVICES
The TinySec mode is indicated in the upper 2 bits (MSB) of the length field of the packet header. This modification is harmless because the maximum size of the data field in a TinyOS packet is 29 bytes, i.e., at most 5 bits of the length field will be used. That the TinyOS and the TinySec-Auth packets do not have a field for the source address. Receiver cant identify where the packet came from. Source address is only included in the TinySec-AE packet, if an application wants to implement ACL then it can only do so with TinySec-AE.
TinyOS
13/11/2010
16
(b) Tiny Sec-Auth packet format Dest (2) AM (1) Grp (1) Len (1) Data(029) (c) TinyOS packet format CRC (2)
Ctr- Counter for bit Scr- Source address MAC- Message Authentication Codes
TinyOS
13/11/2010
17
SECURITY PRIMITIVES
1. Message Authentication Codes (MAC) The MAC is 32-bit long, and is computed over the headers. While the security of the MAC is directly related to the length of the MAC. The developers argued in that given the expected low data rate of the sensor network, a 32-bit MAC may provide an enough level of security against blind forgeries. For example, if adversary tries to flood a19.2 kb/s channel with blind forgery attempts, it may take him over 20 months to succeed.
TinyOS
13/11/2010
18
SECURITY PRIMITIVES
2. Encryption Scheme The TinyOS source code includes implementation for both Skipjack and RC5. AES was later deemed to be equally suitable as well. Block cipher (Skipjack) mode is believed to degrade more gracefully when IV reuse occurs. Between two communicating nodes, the IV could be as small as a 16-bit value. If the IV is not expected to repeat in a long time, then a stream cipher like (RC5) performs much better.
TinyOS
13/11/2010
19
SECURITY PRIMITIVES
3. Initialization Vectors (IV) The first four bytes of the IV are borrowed from the existing header fields of the TinyOS packet: the destination address, the AM type, and the length of the packet. The last four bytes are comprised of the source address and a 16-bit counter. The last four bytes of the IV is chosen in this way to maximize the number of packets each node can send. .
TinyOS
13/11/2010
20
Continue
Since sensor networks must conserve power to be long-lived, the average packet rate in most sensor networks will be very low on the order of one packet per minute. In short, information may only leak when one node sends two different packets with the same first eight bytes and IV, to the same destination, with the same AM type, and of the same length.
TinyOS
13/11/2010
21
Hard Problems
Communication security Defeating traffic analysis. A library of secure distributed services & protocols Security against node compromise/capture e.g., routing that can tolerate just one malicious insider? Byzantine attack tolerance, on the cheap? Privacy
TinyOS
13/11/2010
22
Summary
Crypto helps, but isnt a total solution Be aware of the systems tradeoffs Seek robustness against insider attack Resilience gives a way to think about malicious/captured nodes The law of large numbers is your friend
TinyOS
13/11/2010
23
THANK YOU !
References :
[1] Hong-Siang Teo Security of Sensor Networks Naval post graduate school Monterey, California June 2006. [2] D. Whiting, R.Housley, and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610. Sep. 2003. [3]http://www.xbow.com/Support/Support_pdf_files/Get ting_Started_Guide.pdf [4] http://en.wikipedia.org/wiki/TinyOS [5] http://www.cs.berkeley.edu/~nks/tinysec/TinySecuserguide.pdf
TinyOS
13/11/2010
24