OnboardICNg: a Secure Protocol for On-boarding IoT Devices ... · OnboardICNg - Analytical...
Transcript of OnboardICNg: a Secure Protocol for On-boarding IoT Devices ... · OnboardICNg - Analytical...
OnboardICNg: a Secure Protocol forOn-boarding IoT Devices in ICN
Alberto Compagno1,3, Mauro Conti2 and Ralph Droms3
1Sapienza University of Rome2University of Padua3Cisco Systems
3rd ACM Conference on Information-Centric Networking
September 28, 2016
IoT Scenario
Internet
Publishesreadingsunderapropernamespacee.g.[1]:/coord/readings
[1]M.Enguehard,etal."SLICT:SecureLocalizedInformationCentricThings." ACMICN,2016.
Wireless mesh network of resource-constrained devices
IEEE 802.15.4 MAC2 of 20
Unauthorized access
Internet
Easy to deploy malicious devices
An attacker can waste devices’ resources:
bandwidth, energy, memory, computation
3 of 20
Unauthorized access in ICN
Internet
Even a more serious problem
Attacker can target network state (PIT, CS):
Interest flooding, cache pollution attacks
4 of 20
How to secure the network?
Internet
Create a network of trusted devices:
Device authentication and authorization to join the network
Prevent packets manipulation and injection:
Hop-by-hop packet integrity/authenticity check
5 of 20
Existing approaches
In IP wireless mesh network (ZigBee IP):
EAP-PSK with Protocol for Carrying Authentication forNetwork Access – EAP-PSK/PANA
EAP-TLS/PANA
In ICN wireless mesh network:
Nothing so far
6 of 20
Our proposal – OnboardICNg
We design OnboardICNg, an on-boarding protocol based onsymmetric encryption that:
Authenticates and authorizes new devices to join network
Provides the authentication of the network to the joiningdevice
Bootstraps the key material for MAC and network layer
Has a low cost in terms of devices’ resources
7 of 20
System model
AGWInternet
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
System model
InternetAGW
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
System model
AGWInternet
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
System Model
To secure communication we distribute:
kdj−AGW : a pairwise key between each device dj and AGW
Used to protect confidentiality and provide contentauthentications to content retrieved between dj and AGW(e.g., AGW queries and crypto material intended for dj)
kdj−dnbr : pairwise key between dj and dnbrUsed to trigger the 802.15.4 integrity (and optionallyconfidentiality)
9 of 20
System model
InternetAAM
AGW
Figure: Advanced Metering Infrastructure Scenario
Authentication Authorization Manager (AAM) authenticatesand authorizes devices
Pre-shared key (psk) between each device and AAM duringprovisioning phase
10 of 20
OnboardICNg - High level picture
Device
AAMAGW
dj
dnbr
(a) OnboardICNg
PANAAuthenticationAgent(PAA) AAM
PANAClient(PaC)
(b) EAP-PSK/PANA 12 of 20
AKEP2
OnboardICNg is built on AKEP2 scheme (which has proven to besecure)
AKEP2 provides:
Mutual authentication
Authenticated key exchange
A B
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
psk psk
k’=KDF(…,psk)k’=KDF(…,psk)
13 of 20
AKEP2
OnboardICNg is built on AKEP2 scheme (which has proven to besecure)
AKEP2 provides:
Mutual authentication
Authenticated key exchange
A B
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
psk psk
k’=KDF(…,psk)
k’=KDF(…,psk)
k’=KDF(…,psk)k’=KDF(…,psk)
13 of 20
AKEP2 in ICN
AKEP2 can be simply implemented in interest and content packets...but it is a two party protocol
A Bpsk psk
Payload
interestcontent
interest
interest
interest
content
content
content
k’
k’
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
14 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
15 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
AKEP2
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
OnboardICNg - Description
dnbr expressesaninteresttoretrieveauthorizationandcryptomaterial
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
OnboardICNg - Description
AAMauthenticatesandauthorizesdj
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
Cryptomaterial,kdj-AGW
AAMauthenticatesandauthorizesdj
15 of 20
OnboardICNg - Description
Cryptomaterial,k
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
Cryptomaterialtogeneratesdnbr proofauth.
K’
dj-AGW
15 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
Encryptedwithpsk toprotectconfidentiality
dnbr’s identity,proofauth.
Cryptomaterial,kdj-AGW
K’
15 of 20
OnboardICNg - Description
k’,k
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
Cryptomaterial,kdj-AGW
Encryptedwithpsk toprotectconfidentiality
dnbr’s identity,proofauth.
K’
dj-dnbr
15 of 20
OnboardICNg - Description
djpsk psk
dnbr AGW
K’
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
Encryptedwithk’
dj-AGWk,kdj-dnbr
Cryptomaterial,kdj-AGWk’,kdj-dnbr
15 of 20
OnboardICNg - Evaluation settings
We compare OnboardICNg with EAP-PSK/PANA
Specifically, constrained devices having a similar role:
dj with PaC ← joining devicednbr with PRE ← neighbor
OnboardICNg evaluation setting:
1+0 Encoding proposal for CCN [1]
resourced-constrained devices with hardware implementationof AES-128 (e.g., MSP430 MCU combined with the CC2420radio chip)
[1] CCN and NDN TLV encodings in 802.15.4 packets. https://www.ietf.org/mail-archive/web/icnrg/current/pdfs9ieLPWcJI.pdf.
16 of 20
OnboardICNg - Analytical evaluation
Communication cost comparison
Bytes transmitted/received between entities
549B
AGW/PAAdj/PaC
dnbr/PRE
OnboardICNg: 318B
EAP-PSK/PANA: 1380B 2481B
-70% -87%
17 of 20
OnboardICNg - Analytical evaluation
Computation cost comparison (milliseconds)
EAP-PSK/PANA OnboardICNgCrypto op. PaC PRE dj dnbrMAC gen./ver. 49,90 0,00 37,68 53,87
Keys gen./der. 22,75 0,00 23,05 0,90
Encrypt 0,00 0,00 0,00 0,30
Decrypt 0,30 0,00 0,60 0,30
Memory cost comparison (bytes)
EAP-PSK/PANA OnboardICNgPaC PRE dj dnbr224 0 332 159
Comparable memory and computation cost for the joiningdevice
Greater memory and computation cost on neighbor device,but... 18 of 20
Conclusion
OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN
Resilient to outsider and insider attacks
Securely bootstraps cryptographic material for subsequentsecure communication
Resource utilization compares favorably withEAP-PSK/PANA
Up to 87% less in communication costUp to 66% less in energy consumption
20 of 20
Conclusion
OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN
Resilient to outsider and insider attacks
Securely bootstraps cryptographic material for subsequentsecure communication
Resource utilization compares favorably withEAP-PSK/PANA
Up to 87% less in communication costUp to 66% less in energy consumption
Questions?email: [email protected]
20 of 20