SPINS: Security Protocols for Sensor Networks - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

SPINS: Security Protocols for Sensor Networks

Description:

Secret MAC key between A and B (depends on direction) K'AB ... Keys disclosed 2 time intervals after use. Receiver knows authentic K3 ... – PowerPoint PPT presentation

Number of Views:137
Avg rating:3.0/5.0
Slides: 24
Provided by: tsha9
Category:

less

Transcript and Presenter's Notes

Title: SPINS: Security Protocols for Sensor Networks


1
SPINS Security Protocols for Sensor Networks
  • Authors Adrian Perrig, Robert Szewczyk, Victor
    Wen,David Culler and J.D.Tygar
  • Presented By Tanu Sharma
  • (Some slides have been taken from authors sites)

2
Outline
  • Security for sensor networks
  • - Research Problem
  • Proposed Techniques
  • - SPINS building blocks
  • Applications
  • Related Work
  • Discussion
  • Conclusion

3
Sensor Networks are emerging
  • Many applications
  • - Real-time traffic monitoring
  • - Military applications
  • - Emergency and critical systems etc.
  • Need secure communication protocols

4
Security for Sensor Networks
  • Data Authentication
  • Data Confidentiality
  • Data Integrity
  • Data Freshness
  • - Weak Freshness
  • - Partial message ordering, no delay
    information
  • - Useful for sensor measurements
  • - Strong Freshness
  • - Total ordering on req-res pair, delay
    estimation
  • - Useful for time synchronization

5
Challenge Resource Constraints
  • Limited energy
  • Limited computation(4MHz 8-bit)
  • Limited memory(512 bytes)
  • Limited code size(8 Kbytes)
  • Limited communication(30 byte packets)
  • Energy consuming communication

6
Contributions
  • SNEP
  • -Sensor Network Encryption Protocol
  • -Secures point-to-point communication
  • µTESLA
  • -Micro Timed Efficient Stream Loss-tolerant
    Authentication
  • -Provides broadcast authentication

7
System Assumptions
  • Communication patterns
  • -Node to base station (e.g. sensor readings)
  • -Base station to node (e.g. specific requests)
  • -Base station to all nodes
  • Base Station
  • -Sufficient memory, power
  • -Shares secret key with each node
  • Node
  • -Limited resources, limited trust

8
Notation
9
SNEP
  • Data Confidentiality (Semantic Security )
  • Data Authentication
  • Replay Protection
  • Weak Freshness
  • Low Communication Overhead

10
Key Generation /Setup
Counter
KeyEncryption
RC5 Block Cipher
KeyMAC
Key Master
Keyrandom
  • Nodes and base station share a master key
    pre-deployment
  • Other keys are bootstrapped from the master key
  • Encryption key
  • Message Authentication code key
  • Random number generator key

11
Authentication, Confidentiality
Node B
Node A
M, MAC(KAB, M)
MltKAB, CAgt, MAC(KAB, CA MltKAB, CAgt)
  • Without encryption can have only authentication
  • For encrypted messages, the counter is included
    in the MAC
  • Base station keeps current counter for every node

12
Strong Freshness
Node B
Node A
Request, NA
ResponseltKBA, CB), MAC(KBA, NA CB
ResponseltKBA, CBgt)
  • Nonce generated randomly
  • Sender includes Nonce with request
  • Responder include nonce in MAC, but not in reply

13
Counter Exchange Protocol
  • Bootstrapping counter values

Node B
Node A
CA
CB, MAC(KBA, CACB)
MAC(KAB, CACB)
To synchronize A ?B NA B ?A CB,
MAC(KBA,NA CB).
14
µTESLA Authenticated Broadcast
  • TESLA efficient source authentication in
    multicast for wired networks.
  • Problems with TESLA
  • -Digital Signature for initial packet
    authentication
  • µTESLA uses only symmetric mechanism
  • -Overhead of 24 bytes per packet
  • µTESLA discloses key once per epoch
  • -One way key chain is too big
  • µTESLA restricts number of authenticated
    senders

15
Key Setup
F(Kn)
F(K1)
F(K2)
Kn
Kn-1
K1
K0
.
X
  • Main idea One-way key chains
  • K0 is initial commitment to chain
  • Base station gives K0 to all nodes

16
?TESLA Quick Overview I
  • Keys disclosed 2 time intervals after use
  • Receiver knows authentic K3
  • Authentication of P1MAC(K5,P1)


K4
K5
K6
K7
K3
t
Time 4
Time 5
Time 6
Time 7
P1
K3
17
?TESLA Quick Overview II
  • Perfect robustness to packet loss

K4
K5
K6
K7
K3
t
Time 4
Time 5
Time 6
Time 7
18
?TESLA Properties
  • Asymmetry from delayed key disclosure
  • Self-authenticating keys
  • Requires loose time synchronization
  • Low overhead (1 MAC)
  • - Communication (same as SNEP)
  • - Computation ( 2 MAC computations)
  • Independent of number of receivers

19
Applications
  • Authenticated Routing
  • Node to Node Agreement
  • A B NA, A
  • B S NA,NB, A, B, MAC(KBS, NA NB
    A B)
  • S A SKABKSA , MAC(KSA,NA A
    SKABKSA )
  • S B SKABKSB , MAC(KSB,NB B
    SKABKSB )

20
Related Work in Broadcast Authentication
  • Symmetric schemes
  • - Link-state routing updates
  • - Multi-MAC
  • Asymmetric schemes
  • - Merkle hash tree
  • Chained hashes
  • - EMSS
  • Hybrid schemes
  • -Stream signature
  • -K-times signature

21
Discussion Drawbacks
  • The ?TESLA protocol lacks scalability
  • - require initial key commitment with each
    nodes, which is very communication intensive
  • SPINS uses source routing, so vulnerable to
    traffic analysis

22
Discussion Risks Un-addressed
  • Information leakage through covert channels
  • No mechanism to determine and deal with
    compromised nodes.
  • Denial of service attacks
  • No Non-repudiation

23
Conclusion
  • Strong security protocols affordable
  • - First broadcast authentication
  • Low security overhead
  • - Computation, memory, communication
  • Apply to future sensor networks
  • -Energy limitations persist
  • -Tendency to use minimal hardware
  • Base protocol for more sophisticated security
    services
Write a Comment
User Comments (0)
About PowerShow.com