OnboardICNg: a Secure Protocol for On-boarding IoT Devices...

OnboardICNg: a Secure Protocol forOn-boarding IoT Devices in ICN

Alberto Compagno1,3, Mauro Conti2 and Ralph Droms3

1Sapienza University of Rome2University of Padua3Cisco Systems

3rd ACM Conference on Information-Centric Networking

September 28, 2016

IoT Scenario

Internet

Publishesreadingsunderapropernamespacee.g.[1]:/coord/readings

[1]M.Enguehard,etal."SLICT:SecureLocalizedInformationCentricThings." ACMICN,2016.

Wireless mesh network of resource-constrained devices

IEEE 802.15.4 MAC2 of 20

Unauthorized access

Internet

Easy to deploy malicious devices

An attacker can waste devices’ resources:

bandwidth, energy, memory, computation

3 of 20

Unauthorized access in ICN

Internet

Even a more serious problem

Attacker can target network state (PIT, CS):

Interest flooding, cache pollution attacks

4 of 20

How to secure the network?

Internet

Create a network of trusted devices:

Device authentication and authorization to join the network

Prevent packets manipulation and injection:

Hop-by-hop packet integrity/authenticity check

5 of 20

Existing approaches

In IP wireless mesh network (ZigBee IP):

EAP-PSK with Protocol for Carrying Authentication forNetwork Access – EAP-PSK/PANA

EAP-TLS/PANA

In ICN wireless mesh network:

Nothing so far

6 of 20

Our proposal – OnboardICNg

We design OnboardICNg, an on-boarding protocol based onsymmetric encryption that:

Authenticates and authorizes new devices to join network

Provides the authentication of the network to the joiningdevice

Bootstraps the key material for MAC and network layer

Has a low cost in terms of devices’ resources

7 of 20

System model

AGWInternet

Figure: Advanced Metering Infrastructure Scenario

Application Gateway (AGW) provides connectivity to Internet

AGW queries devices / issues commands

Devices retrieve content only from AGW

8 of 20

System model

InternetAGW





8 of 20

System model

AGWInternet





8 of 20

System Model

To secure communication we distribute:

kdj−AGW : a pairwise key between each device dj and AGW

Used to protect confidentiality and provide contentauthentications to content retrieved between dj and AGW(e.g., AGW queries and crypto material intended for dj)

kdj−dnbr : pairwise key between dj and dnbrUsed to trigger the 802.15.4 integrity (and optionallyconfidentiality)

9 of 20

System model

InternetAAM

AGW


Authentication Authorization Manager (AAM) authenticatesand authorizes devices

Pre-shared key (psk) between each device and AAM duringprovisioning phase

10 of 20

OnboardICNg - High level picture

Device

AAMAGW

dj

dnbr

Figure: OnboardICNg

11 of 20

OnboardICNg - High level picture

Device

AAMAGW

dj

dnbr

(a) OnboardICNg

PANAAuthenticationAgent(PAA) AAM

PANAClient(PaC)

(b) EAP-PSK/PANA 12 of 20

AKEP2

OnboardICNg is built on AKEP2 scheme (which has proven to besecure)

AKEP2 provides:

Mutual authentication

Authenticated key exchange

A B

B’sidentity

A’sidentity, proofofAauthenticity

ProofofBauthenticity

psk psk

k’=KDF(…,psk)k’=KDF(…,psk)

13 of 20

AKEP2

OnboardICNg is built on AKEP2 scheme (which has proven to besecure)

AKEP2 provides:

Mutual authentication

Authenticated key exchange

A B

B’sidentity



psk psk

k’=KDF(…,psk)

k’=KDF(…,psk)

k’=KDF(…,psk)k’=KDF(…,psk)

13 of 20

AKEP2 in ICN

AKEP2 can be simply implemented in interest and content packets...but it is a two party protocol

A Bpsk psk

Payload

interestcontent

interest

interest

interest

content

content

content

k’

k’

B’sidentity



14 of 20

OnboardICNg - Description

djpsk psk

dnbr AGW

interestcontent

Certifiestodj thatthenetworkisauthentic AAM

15 of 20


djpsk psk

dnbr AGW

AKEP2

interestcontent


dnbr’s identity

dj’s identity,proofauth.

dnbr’s identity,proofauth.

k’

15 of 20


djpsk psk

dnbr AGW

interestcontent


dnbr’s identity



k’

15 of 20


dnbr expressesaninteresttoretrieveauthorizationandcryptomaterial

djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity



k’

15 of 20


AAMauthenticatesandauthorizesdj

djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity



k’

15 of 20


djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity



k’

Cryptomaterial,kdj-AGW

AAMauthenticatesandauthorizesdj

15 of 20


Cryptomaterial,k

djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity



Cryptomaterialtogeneratesdnbr proofauth.

K’

dj-AGW

15 of 20


djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity


Encryptedwithpsk toprotectconfidentiality



K’

15 of 20


k’,k

djpsk psk

dnbr AGW

interestcontent

AAM

dnbr’s identity



Encryptedwithpsk toprotectconfidentiality


K’

dj-dnbr

15 of 20


djpsk psk

dnbr AGW

K’

interestcontent

AAM

dnbr’s identity



Encryptedwithk’

dj-AGWk,kdj-dnbr

Cryptomaterial,kdj-AGWk’,kdj-dnbr

15 of 20

OnboardICNg - Evaluation settings

We compare OnboardICNg with EAP-PSK/PANA

Specifically, constrained devices having a similar role:

dj with PaC ← joining devicednbr with PRE ← neighbor

OnboardICNg evaluation setting:

1+0 Encoding proposal for CCN [1]

resourced-constrained devices with hardware implementationof AES-128 (e.g., MSP430 MCU combined with the CC2420radio chip)

[1] CCN and NDN TLV encodings in 802.15.4 packets. https://www.ietf.org/mail-archive/web/icnrg/current/pdfs9ieLPWcJI.pdf.

16 of 20

OnboardICNg - Analytical evaluation

Communication cost comparison

Bytes transmitted/received between entities

549B

AGW/PAAdj/PaC

dnbr/PRE

OnboardICNg: 318B

EAP-PSK/PANA: 1380B 2481B

-70% -87%

17 of 20


Computation cost comparison (milliseconds)

EAP-PSK/PANA OnboardICNgCrypto op. PaC PRE dj dnbrMAC gen./ver. 49,90 0,00 37,68 53,87

Keys gen./der. 22,75 0,00 23,05 0,90

Encrypt 0,00 0,00 0,00 0,30

Decrypt 0,30 0,00 0,60 0,30

Memory cost comparison (bytes)

EAP-PSK/PANA OnboardICNgPaC PRE dj dnbr224 0 332 159

Comparable memory and computation cost for the joiningdevice

Greater memory and computation cost on neighbor device,but... 18 of 20


Energy cost comparison

19 of 20

Conclusion

OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN

Resilient to outsider and insider attacks

Securely bootstraps cryptographic material for subsequentsecure communication

Resource utilization compares favorably withEAP-PSK/PANA

Up to 87% less in communication costUp to 66% less in energy consumption

20 of 20

Conclusion

OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN

Resilient to outsider and insider attacks

Securely bootstraps cryptographic material for subsequentsecure communication

Resource utilization compares favorably withEAP-PSK/PANA

Up to 87% less in communication costUp to 66% less in energy consumption

Questions?email: [email protected]

20 of 20

OnboardICNg: a Secure Protocol for On-boarding IoT Devices...

Documents

Transcript of OnboardICNg: a Secure Protocol for On-boarding IoT Devices...