Scribd Logo
Hochladen

Willkommen bei Scribd!

  • TinyOS On WSN Security

    Hochgeladen von

    Piyush Mittal
    175 Ansichten24 Seiten
    Wireless Security

    Originaltitel

    TinyOS on WSN Security

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Wireless Security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    175 Ansichten24 Seiten

    TinyOS On WSN Security

    Hochgeladen von

    Piyush Mittal
    Wireless Security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 24

    TinyOS

    on

    WSN Security
    Piyush Mittal NIT, Rourkela

    TinyOS

    13/11/2010

    Learn From History


    cellphones
    1980 analog cellphones: AMPS

    Lets get it right the from the start

    analog cloning, scanners fraud pervasive & costly

    wireless networks
    1999 802.11, WEP 2000 2001
    WEP broken [BGW] WEP badly broken [FMS] attacks pervasive

    digital: TDMA, GSM 1990


    TDMA eavesdropping [Bar]

    sensor networks
    Berkeley motes

    more TDMA flaws [WSK] GSM cloneable [BGW] GSM eavesdropping [BSW,BGW]

    2002

    2002
    TinyOS 1.0 2003 TinyOS 1.1, TinySec
    802.15.4 AES AR TinyOS 2 AES 13/11/2010 2

    2000 Future: 3rd gen.: 3GPP,

    2003 WPA Future: 802.11i

    TinyOS

    Sensor Network Security


    Whats different about sensor nets? Strict resource constraints Insecure wireless networks No physical security Interaction with the physical environment

    New

    TinyOS

    13/11/2010

    Communications Security

    It doesnt matter how good your crypto is if it is never used.


    TinyOS 13/11/2010 4

    Implementation of security in WSN


    There are two dominant sensor network implementations in the market today, namely TinyOS and IEEE 802.15.4

    TinyOS targets devices where energy and computation power are significant resource constraints. IEEE 802.15.4 takes a more modular approach to its design, and is suited for a variety of devices and applications.

    TinyOS

    13/11/2010

    Need of TinyOS
    Problems with traditional OS Multithreaded Architecture not useful Large Memory Footprint Does not help to conserve energy and power Requirements for Wireless Sensor Networks Efficient utilization of energy and power Small Footprint Should support variety in design and usage More emphasis on Concurrent execution

    TinyOS

    13/11/2010

    Introduction to TinyOS
    TinyOS began as a collaboration between University of California, Berkeley and Intel Research.[4] It is a free open source operating system designed for wireless sensor networks. It is an embedded operating system written in NesC It is power efficient as it makes the sensors sleep as soon as possible. Has small footprint as it uses a non-preemtable FIFO task scheduling. A typical TinyOS 'mote' platform has 10 KB of RAM, 100 KB of ROM.

    TinyOS

    13/11/2010

    nesC
    nesC (network embedded system C) is a language used to build applications in TinyOS. It is designed such a way to exhibit the concepts and execution model of TinyOS. nesC uses the filename extension .nc. Refer the tutorial given below to see a simple program in nesC. http://docs.tinyos.net/index.php/The_simplest TinyOS program

    TinyOS

    13/11/2010

    Application-Specific Platform Support


    A typical TinyOS configuration has four subsystems 1.sensors/actuators 2.communications 3.storage 4.processor/power management

    TinyOS

    13/11/2010

    EXECUTIVE SUMMARY
    The focus is on link layer security because, like other wireless networking technologies, the threat of interception by an adversary is always present. For resource-limited sensor networks, TinyOS is still the better choice. TinyOS packets can be encapsulated inside IEEE 802.15.4 frames, just like TCP/IP packets are encapsulated inside IEEE 802.11 frames.

    TinyOS

    13/11/2010

    10

    EXECUTIVE SUMMARY
    The design and implementation of a TinyOS Sniffer tool is presented. A sniffer is the perfect tool for modern day network and security analysis. But such a tool is presently lacking in todays sensor network development kits. The current design is based on existing sensor network hardware and software components to enable a low-cost sniffer implementation.

    TinyOS

    13/11/2010

    11

    SECURITY ARCHITECTURE OF TINYOS


    TinyOS's component library includes network protocols, distributed services, sensor drivers, and data acquisition tools. The topology of a sensor network based on TinyOS devices depends entirely on the application and the networking stack used. A TinyOS device is addressed by a 16-bit address, augmented with an 8-bit group ID. The group ID is similar to the network address for a group of cooperating nodes. It allows multiple distinct groups of motes to share the same radio channel.

    TinyOS

    13/11/2010

    12

    Continue
    TinyOS implements the Active Message (AM) system. AM types are similar to port numbers in TCP/IP. Each TinyOS packet includes an 8-bit AM type in the header.

    TinyOS

    13/11/2010

    13

    TinySec [3,5]
    Early versions of TinyOS did not have security built in at all. In late 2004, the developers of TinyOS introduced TinySec. A lightweight generic link layer security package that developers can easily integrate into their TinyOS applications.

    TinyOS

    13/11/2010

    14

    SECURITY SERVICES
    The security provided by TinyOS centers on message integrity and message confidentiality. TinyOS supports two security options: 1.authenticated-encryption (TinySec-AE) 2. authentication-only (TinySec-Auth) The default security mode of a TinySec-enabled application is TinySec-Auth.

    TinyOS

    13/11/2010

    15

    SECURITY SERVICES
    The TinySec mode is indicated in the upper 2 bits (MSB) of the length field of the packet header. This modification is harmless because the maximum size of the data field in a TinyOS packet is 29 bytes, i.e., at most 5 bits of the length field will be used. That the TinyOS and the TinySec-Auth packets do not have a field for the source address. Receiver cant identify where the packet came from. Source address is only included in the TinySec-AE packet, if an application wants to implement ACL then it can only do so with TinySec-AE.

    TinyOS

    13/11/2010

    16

    TinyOS packet format


    Dest (2) AM (1) Len (1) Scr(2) Ctr (2) Encrypted Data (029) IV MAC (4)

    (a) Tiny Sec-AE packet format


    Dest (2) AM (1) Len(1) Data(029) MAC (4)

    (b) Tiny Sec-Auth packet format Dest (2) AM (1) Grp (1) Len (1) Data(029) (c) TinyOS packet format CRC (2)

    AM- Active Message Dest- Destination Address Len- Length of packet

    Ctr- Counter for bit Scr- Source address MAC- Message Authentication Codes

    TinyOS

    13/11/2010

    17

    SECURITY PRIMITIVES
    1. Message Authentication Codes (MAC) The MAC is 32-bit long, and is computed over the headers. While the security of the MAC is directly related to the length of the MAC. The developers argued in that given the expected low data rate of the sensor network, a 32-bit MAC may provide an enough level of security against blind forgeries. For example, if adversary tries to flood a19.2 kb/s channel with blind forgery attempts, it may take him over 20 months to succeed.

    TinyOS

    13/11/2010

    18

    SECURITY PRIMITIVES
    2. Encryption Scheme The TinyOS source code includes implementation for both Skipjack and RC5. AES was later deemed to be equally suitable as well. Block cipher (Skipjack) mode is believed to degrade more gracefully when IV reuse occurs. Between two communicating nodes, the IV could be as small as a 16-bit value. If the IV is not expected to repeat in a long time, then a stream cipher like (RC5) performs much better.

    TinyOS

    13/11/2010

    19

    SECURITY PRIMITIVES
    3. Initialization Vectors (IV) The first four bytes of the IV are borrowed from the existing header fields of the TinyOS packet: the destination address, the AM type, and the length of the packet. The last four bytes are comprised of the source address and a 16-bit counter. The last four bytes of the IV is chosen in this way to maximize the number of packets each node can send. .

    TinyOS

    13/11/2010

    20

    Continue
    Since sensor networks must conserve power to be long-lived, the average packet rate in most sensor networks will be very low on the order of one packet per minute. In short, information may only leak when one node sends two different packets with the same first eight bytes and IV, to the same destination, with the same AM type, and of the same length.

    TinyOS

    13/11/2010

    21

    Hard Problems
    Communication security Defeating traffic analysis. A library of secure distributed services & protocols Security against node compromise/capture e.g., routing that can tolerate just one malicious insider? Byzantine attack tolerance, on the cheap? Privacy

    TinyOS

    13/11/2010

    22

    Summary
    Crypto helps, but isnt a total solution Be aware of the systems tradeoffs Seek robustness against insider attack Resilience gives a way to think about malicious/captured nodes The law of large numbers is your friend

    TinyOS

    13/11/2010

    23

    THANK YOU !
    References :
    [1] Hong-Siang Teo Security of Sensor Networks Naval post graduate school Monterey, California June 2006. [2] D. Whiting, R.Housley, and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610. Sep. 2003. [3]http://www.xbow.com/Support/Support_pdf_files/Get ting_Started_Guide.pdf [4] http://en.wikipedia.org/wiki/TinyOS [5] http://www.cs.berkeley.edu/~nks/tinysec/TinySecuserguide.pdf

    TinyOS

    13/11/2010

    24

    Das könnte Ihnen auch gefallen