Security in Distributed Wireless Sensor Networks · Security in Distributed W Hon. Prof. Dr. Peter...
Transcript of Security in Distributed Wireless Sensor Networks · Security in Distributed W Hon. Prof. Dr. Peter...
Security in Distributed W
Hon. Prof. Dr. Peter Langendörf
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Wireless Sensor Networks
fer & Prof. Dr. Ing. Rolf Kraemer
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Outline
• Wireless Sensor Networks and Se
• Security Engineering
S S N d A hit t• Secure Sensor Node Architecture
• Conclusion
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ecurity
e
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Wireless Sensor Networks
source
Interne
destination
node
Multihop Network
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Clustered NetIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
et
WPAN/WSNclustercluster
BAN or PAN Network
h li tmesh router
BAN or PAN Network
hp-microelectronics com © 2008 - All rights reserved
mesh client
end nodetworkhp-microelectronics.com © 2008 - All rights reserved
Security Fundamentals
• ConfidentialityInformation should only be reveInformation should only be reveother entity should not be able toeavesdropping or from read in m
• Data IntegrityThe receiver of information wantmodified in transit, either intentio
• AccountabilityThe entity requesting a service, tpacket must be uniquely identifia
• AvailabilityL iti t titi h ld b blLegitimate entities should be ablservice/information and to enjoy
• Controlled AccessA service or information access
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
A service or information access authorized entities
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ealed to authorized entities; anyealed to authorized entities; any o discover the information from
memory
ts to be sure that data is not onally or be accident.
triggering an action, or sending a able
l t t ile to access a certain y proper operation
should only be granted to
hp-microelectronics com © 2008 - All rights reserved
should only be granted to
hp-microelectronics.com © 2008 - All rights reserved
Security features
• Authentication (data and source arepudiation p
Does not help against insider attIntrusion detection (identification
• SecrecyUse of appropriate cipher means
• Service IntegrityPlausibility check of sensor read
• AvailabilityDenial of service may cause seriGraceful degradation needed
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Graceful degradation needed
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
authentication (data integrity))/non
tacksn of compromised nodes)
s
dings
ious harm
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Basic Threads
• EavesdroppingListening to a communication toListening to a communication to
• MasqueradingPretending to have another entit
• Authorization ViolationUsing services without being allo
• Provoking loss or modification of • Forgery
Creating new or false informatio• RepudiationRepudiation
Denial that one participated in or• Sabotage
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
o get unauthorized informationo get unauthorized information
ty identifier
owed to use themf information
n
r was the origin of communication
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Classification of Threats
• Outsider attacksEavesdropping JammingAlter packetsDestroying nodes
• Insider attacks (Compromised senAuthorized participant Steal secrets or disrupt normal f
• Base station/cluster head as poinPowerful device; Tamperproof HW; Scalability may become a seriou
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Battery power of nodes around t
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
nsor nodes; laptops)
functioning
t of trust?
us problem
hp-microelectronics com © 2008 - All rights reserved
the base station
hp-microelectronics.com © 2008 - All rights reserved
Security Threat Analysis for sen
Dolev-Yao (known) :
Extended Dolev-Yao:(WSN relevant)
ParadoxState of the art:
Options for security improvement:Options for security improvement:Tamper-resistant nodes ( ⇒ too expen“Probabilistic” security ( ⇒ attacker
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
sor nodes
Threat-Model with up to5 years delay
ExtendedDolev-YaoDolev-Yao
intercept over-hear
physicallyread out
nsive)r receives only limited gain)
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Physical Attacks & Security
• Device classes (FIPS 140-02 level1unprotected (L1 u L2)unprotected (L1 u. L2)partly protected (L3)tamper resistant (L4)
• Attackerclever outsider (<5000 EUR)
“insufficient knowledge of the knowledgeable insider (>5000 EU
“substantial technical educatiosubstantial technical educatiofunded organisation (several 100
“teams of specialists”
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
1-level4)
system”UR)on/experience”on/experience0 KEUR)
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
WSN Security Tomography
Appsppsensed data injection, access sensed data, service disruption, etc.
Middlew
OSexploiting backdoors, buffer overflows, remote node programming, direct programming, denial of service attacks
Sensor
intamper with sensor,
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
inin
falsified sensor reading
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Transportssend erroneous data, injewrong control packets, sechanged data, duplicate p
Networkrouting loop, black hole greholes, wormhole, injectingnetwork partitioning, etc
g , pdata, eavesdrop
ware
MACScomplete jamming
eavesdropping, man-in-thmiddle, replay, spoofing
complete jamming, selective/partly jamming, eavesdropping, replay attacks
nvasive attacks, semi-
HW RF
hp-microelectronics com © 2008 - All rights reserved
nvasive attacks, non-nvasive attacks
hp-microelectronics.com © 2008 - All rights reserved
Real Life Connectivity
• Figures show WSN deployed on aflat parking lotflat parking lot
• Expected: simple, circular shape o“region of communication” – notregion of communication – not realistic
• Instead:• Instead: Correlation between distance anloss rate is weak; iso-loss-lines anot circular but irregularnot circular but irregularAsymmetric links are relatively frequent (up to 15%)Si ifi t h t t PER
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Significant short-term PER variations even for stationary no
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
a
of
nd are
hp-microelectronics com © 2008 - All rights reserved
odes
hp-microelectronics.com © 2008 - All rights reserved
Three regions of communication
• Effective region: PER i t tl 10%consistently < 10%
• Transitional region: anything in between, with large variation for nodes at same distance
• Poor region: PER well beyond 90%
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
n
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Open issues: Detection of comp
• Secure routing protocols
• Secure & efficient time synchron
• Secure localization
• Efficient cipher means
• Secure misbehaviour detection
• Means for non security experts to
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
promised nodes
isation
o design secure WSNs
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Security En
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ngineering
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Security Engineering in WSN
• Limitations:Processing power : 8 or 16 bMemory : 16 to 256Memory : 16 to 256Energy resources : typical s
energy hA ti Ti 1 15Active Time: 1-15 yeaCost : 1-100 $Security: open to
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
bit µC6 kByte6 kByte
small batteries 1000-5000 mAhharvestingars
security critical
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
How to distribute secret keys in
• Secure channelPre deploymentPre-deployment
• Third party security authorityTransitivity of trust (If node A and A and B)
• Public key based key establishmenComputation of session key basedpair
• Key agreement based on one way fy g yDiffie-Hellman
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
networks
B trust C, C can generate key for
td on a unique public/private key
unctions
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Diffie-Hellman Key Establishmen
• If we have a one-way-function:yy=a x, it is infeasible to computea b x= b a x (commutative)
Alicerandom a and xcompute a’= a x
a’, xcompute a a x
compute shared keyk=a b’=a b x
b’
• Advantages:Simple protocolSimple protocolKey agreement of peers without
• Problems:O f ti (Elli ti
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
One-way-function (Elliptic curvelogarithm) is computationally exAuthentication between Alice an
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
nt
e a for given x and y
xBob
generate random bgenerate random bcompute b’= b xcompute shared keyk=b a’=a b xk b a a b x
t prior knowledge
t h di t
hp-microelectronics com © 2008 - All rights reserved
e cryptography, discrete xpensivend Bob is not supportedhp-microelectronics.com © 2008 - All rights reserved
Authentication: How to prove th
• By Third PartySecurity AuthorityTransitivity of trust
• By Secret keysAlice and Bob share a secret key
• By Inverted hash key chains (e.g. If H( ) i t i tibl h h fIf H(x) is a not-invertible hash funAuthentication with tuple (xn,H(xxn authenticates the one who senProblem:Problem:
lot of storage (for each cominitial trust (how can I authe
• Signed certificatesSigned certificatesneeds public key cryptographyOffline certification
Problem:
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
computational expensive
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
hat Alice is Alice
yTESLA)
tinctionxn+1)); trust anchor H(Xn)nt H(xn) earlier
mmunication previous hash keys)enticate the first message)
y
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Combining Security & Embedde
Application Requirements
Sec. MAC_2
AES ConfigKIT1. Req. vs. f
Sec. random generator
qmodules
2. Interopermodules
Resilient data aggregation alg 2
3. Security o
Resilient data aggregation alg_2
Tailora
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Secure local.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ed Systems Design
Sensor node description
features of
rability of
R ili d i l 1Sec. robust data storage
Application
Sec rout 1
of combination Resilient data aggregation alg_1CDA_alg2
ECCe .Sec. rout_1r made security rchitecture Sec. MAC_1 AES
ECCOS
Secu
relo
cal.
S d HW
hp-microelectronics com © 2008 - All rights reserved
Sensor node HW
hp-microelectronics.com © 2008 - All rights reserved
Setup of Hardware Repository
Parametrisation
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Parametrisation
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Structural view/ l ti fselection of
sub-components
Re-usable XML,part of
hp-microelectronics com © 2008 - All rights reserved
part of hardware repository
hp-microelectronics.com © 2008 - All rights reserved
Setup of Software Repository
-structural view-dependency graphdependency graph-selection of sub-components
Setting of parameters
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Setting of parameters,dependencies, requiremen
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Re-usable XML
hp-microelectronics com © 2008 - All rights reserved
ntsRe-usable XML,part of software repository
hp-microelectronics.com © 2008 - All rights reserved
configKIT-approach
User Interface ApplicatiHardwareselection
Apde
User Interface, Applicati
Module Selectioe
•Resolve Dependenc•Semantic Evaluatio•Estimation ofIn
terfa
c
Estimation of-Code size-Security properties-Energy assessmen
Des
igne
r
Hardware Softw
gy
Mod
ule
D Updaterepository
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
HardwareRepository (XML)
SoftwReposito
M
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ion designerpplicationescription
refineion designer
onciesn
List of potentialsolutions
satisfying requirements
snt Blueprint for
ware
Blueprint for system integration
hp-microelectronics com © 2008 - All rights reserved
wareory (XML)
hp-microelectronics.com © 2008 - All rights reserved
configKIT for Application Designers
Selectio-Selectio-Selectio-Definitio
-Eacimm
Fa
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
-Prop-Inclu
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
s
on of hardwareon of hardwareon of required functionson of security propertiesy p p
ch change of inputs g pmediately updates the result
ast and easy refinement process
hp-microelectronics com © 2008 - All rights reserved
posed software configurationuding prediction of footprinthp-microelectronics.com © 2008 - All rights reserved
Secure Sensor No
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ode Architecture
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Secure Sensor Node
I-Cache(16 kB) Car
CardBus
MIPSProcessor
(16 kB)
Brid
geM
aste
r)
(Ma
AMBAEJTAGCore B (M
UART 0 (Master) D-SPRAM
(8 kB)(
Data I/O Control (Master)Packet Filter / Checksum
(Debug)
( )
CPU Control Bus
UARTEPP
Data I/O
UARTEPP
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
rdBus
(Linux/Windows Host)
aster)
UARTA AHB Bus
Serial 1+2
Brid
ge
FlashMemory Controller(AHB Slave)
GPIOGPIOB
&Sum1
SRAMRegisters
&Control
CheckSum
ECC
SRAM (32 kB) AESInternal SRAM (32 kB) AES / MD5
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
ECC Processor B233: Optimized
MULT RED ALUSel.
Acc
.
Orig
. Des
ign
BUS
Memory Regist
Area consumption: optimized vs. origi
Partial Multiplier Length of Operand [bits] Area
2 segments 1284 segments 64
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
4 segments 648 segments 32
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
d Version
ogic
Design :
• Modular Architecture
ontr
ol lo
Modular Architecture
• Reduction done on partial results
ter
Co • Regular Structure
inal ECC Processor Version2Poly. Mult.
[mm2] optimizedPoly. Mult. area [mm2]
original Version1.17 2.180.62 1.51
hp-microelectronics com © 2008 - All rights reserved
0.62 1.510.44 1.67
hp-microelectronics.com © 2008 - All rights reserved
Competitive Position: ECC
Company Size KGatesKGates
Elliptic Semi: B-233
71
IHP B-233 72-42 0
IBM B-163+GF(p)
117163 GF(p)IHP B-163 47
Advantages of IHP: • Minimal area consumption
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
• Iterative Karatsuba approach (pat• Flexible ECC Designs (patent filed
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Energy J
Time/Op Technology usedmJ ms used
0.14 6.68 0.13µm
0.02-0.04 0.08-0.35 0.25µm
- 0.19 0.13µm
0.01 0.06 0.25µm
hp-microelectronics com © 2008 - All rights reserved
tent filed)d)
hp-microelectronics.com © 2008 - All rights reserved
AES
1. Add key operation: the incoming/outgoin1. Add key operation: the incoming/outgoin
2. SBOX: The S-Box maps an 8-bit-input into
3. Shift Row: The shift row operation is perfo
4. Mix Column: In the mix column operation
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
ng data is “XORed” with the current round keyng data is XORed with the current round key
o an 8-bit-output.( result depends on the direction)
orming a cyclic shift within a single row.
n each column is multiplied with a given polynomial
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Competitive Position: AES
Company Size Gates cycle
1Elliptic Semi: AES
8.000 +1.400 bit
Memory IHP AES 8.450
IAIK Graz 8.930
Advantages of IHP: • Integration with ECC • Integration with protocols such as
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ih
Integration with protocols such as• Results equivalent to those of the
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
Clock es per
128 Bit
Clock frequency
Throughput
379 100 MHz 33,7 Mbit/s
70 66 MHz 108MBit/s
64 64 MHz 128MBit/s
s TCP
hp-microelectronics com © 2008 - All rights reserved
s TCPe Inventor of AES (Rijmen TU Graz)
hp-microelectronics.com © 2008 - All rights reserved
Conclu
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
usions
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
Conclusions
• Security in distributed systems is• Several approaches have been foSeveral approaches have been fo
applied to several problem areas• Distributed wireless sensor-netwo
distributed systems that do not aldistributed systems that do not alsecurity
• We have used a combined HW/SWof high grade encryption mechaniof high grade encryption mechani
• We have developed a security desengineer security in sensor-netwo
• The results have been demonstra• The results have been demonstra
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
still a hot issue to solvellowed and have successfully beenllowed and have successfully been
orks are a special class of llow rigorous means to achievellow rigorous means to achieve
W approach to be able to make use isms like AES or ECCisms like AES or ECCsign environment that allows to orks as required and achievableted and have been patentedted and have been patented
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved
TANDEM: Power Switches
µCPowerMgmt.
Power
µIPMS430
SensorPower SwitchPowerSupply
I/O
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www ihIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ih
µCµ
Memory Hardware-MemoryAccelerator e.g.
ECC
Bass BandAnalog
Frontend
hp-microelectronics com © 2008 - All rights reservedhp-microelectronics.com © 2008 - All rights reserved