embedded security: from sensor networks to internet of...

Embedded Security: From Sensor Networks to Internet of Things (IoT)

Dr. Wen Hu, Michael Bruenig, Thomas Kothmayr (TUM), Corinna Schmitt (U Zurich) Principal Research Scientist/Research Project Leader CSIRO Digital Productivity Flagship, Australia

DIGITAL PRODUCTIVITY FLAGSHIP

• Wireless Sensor Networks – Homogenous devices – Resource, energy and form factor limited

Cryptography challenges in sensor networks

•  Very limited resources •  8-bit/16-bit microcontrollers •  Less than 10KB RAM •  AA batteries

•  Security algorithms are computational and memory intensives

SKC vs. PKC

•  Symmetric Key Cryptography (SKC) •  Low computation cost •  Smaller key sizes

•  Public Key Cryptography •  It provides more security than SKC…but it requires a nontrivial amount

of processing power and memory

Past 2004 2007

Future Imposible to use PKC

Possible to use PKC

Doubt in using PKC

Cryptography engines

•  Symmetric cryptography engine •  AES 128-bit, new transceivers such as Atmel AT86RF212

and AT86RF230

•  Asymmetric cryptography engine •  SHA-1, 1024/2048-bit RSA

secFleck

CSIRO ICT Centre – Marine Robotics & Sensor Networks

Evaluation (I)

Evaluation (II)


Examples --- secure communications

Node A


Generates a random n u m b e r N a ( b y fos_tpm_rand)

Base

E(Pkbase, Na, Req) fos_tpm_encryption E(Pkbase, Na, Req)

Decrypt with Skbase, G e n e r a t e a n e w session key (KBA), (fos_tpm_decryption fos_tpm_rand)

E(PkA, Na, KBA) (fos_tpm_encryption)

Decrypt with SkA, (fos_tpm_decryption)

Secure communication using SKC with KBA

Examples --- remote attestation

Attestator A

Dur ing boot t ime, update PCR I (Pi) (fos_tpm_pcrExtend)

Base Obtain Pi and generate a signature (fos_tpm_pcrQuote)

Challenger C

Generates a random n u m b e r N a ( b y fos_tpm_rand)

Issue PCR challenge (index = i, Na)

Challenge response S(Pi, Na, Ska)

Ask for A’s public key

A’s public key (Pka)

Verify the value Pi and t h e s i g n a t u r e (fos_tpm_verifyPcrQuote)

Summary

•  Strong (2048-bit) asymmetric key cryptography for message authenticity and

integrity, strong symmetric key cryptography for message confidentiality

•  Affordable (financially, form factor, and energy consumption)

•  Remote (platform and data) attestation for content trustworthiness

11

•  Internet of Things – Heterogeneous devices (cortex M*) –  Standard approach (802.15.4, RPL/6LoWPAN, COAP…)

13

Motivation •  Current situa2on: •  Many different use cases exist: Building system, medical apps, acquisi2on of resources.

•  Main task of sensor networks is the collec2on and transmission of different data.

•  Problem: •  Data can include sensi2ve informa2on. •  Trend: Integra2on of wireless sensor networks into the Internet (Internet of Things).

•  Trustworthiness of par2cipants can differ.

•  Requests for the security solu2on: •  Confiden2ality •  Data Integrity •  Data authen2city

A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication

14

Usage of standards •  Wireless Sensor Networks are comparable to Peer-‐to-‐Peer networks: •  Self-‐organizing network of sensor nodes •  Basic tasks of a node: Collect data, simple data processing, and forward data •  Constrained memory, baRery and compua2onal power •  IPv6 Connec2vity à Nodes connected to Internet

•  Different standardized security solu2ons exist: •  Technologies and implementa2ons (e.g. OpenSSL) exist and are well proven •  Exis2ng infrastructures (e.g. cer2ficate authori2es) can be used again.

•  Different standards for network stack in WSNs already exist: •  Physical & MAC Layer: IEEE 802.15.4 •  Rou2ng & Transport Layer: 6LoWPAN, RPL •  Applica2on Layer: CoAP


15

Benefits of a standards based approach Reuse of: •  Implementa2ons (OpenSSL, etc..) •  Engineering techniques •  Infrastructure (Cer2ficate Authori2es, etc..) •  Exper2se and Experience

à Easier security uptake Hardware used: •  TelosB / IRIS •  OPAL-‐Mote •  50kbyte SRAM •  48 MHz Microcontroller •  Trusted Plaaorm Module

Medium Access /Physical

Network

Transport

Security

Application

IEEE 802.15.4

UDP

IPv6BLIP, RPL

DTLSDTLS

CoAP, XML, ...


Opal node (front)

Radio

Microcontroller (32-bit)

LED

Opal node (back)


TPM

Radio Micro SD card slot

18

DTLS – Ultra short introduction DTLS:

•  Adap2on of TLS for datagram transport

•  Server and Client nego2ate Hash algorithm and Cipher in Handshake

•  Different authen2ca2on methods –  RSA, DAS, DH, ECC, PSK,… –  For us: RSA and later PSK

ClientHello*

ClientHelloVerify*

ClientHello

ServerHelloCertificate

[CertificateRequest]ServerHelloDone

[Certificate]ClientKeyExchange[CertificateVerify]ChangeCipherSpec

Finished

ChangeCipherSpecFinished

Flight 1

Flight 3

Flight 5

Flight 2

Flight 4

Flight 6

[…] Omission during server authenticated handshake. * Optional messages Encrypted up now

Client Server


19

Connecting to data sink


20

P2P Connection


21

Evaluation - DTLS Handshake •  Least understood component in IoT context

•  Previous work evaluated other components •  „Sizzle: A standards-‐based end-‐to-‐end security architecture for the embedded internet” à Server authen2cated handshake with RSA and ECC

•  “Securing Communica2on in 6LoWPAN with Compressed IPSec” à Compression techniques for IPSec header during applica2on data transfer

Challenge: IoT embedded nodes are limited to their resources! •  System’s performance –  Packet handling –  DTLS handshake performance

•  Energy consump2on •  Memory consump2on


22

Evaluation - System’s performance (packet handling) •  Linear increase of round trip 2me •  Jumps approximately every 100 bytes à 128 bytes maximum MTU in layer 2 by IEEE 802.15.4

à Including header and tailer •  Jumps occur earlier when sending DTLS protected

packets à Addi2onal DTLS header, HMAC size, Ini2aliza2on Vector


0

100

200

300

400

500

600

8 32 64 96 128 160 192 224 255

Roun

d-‐Trip-‐Tim

e (m

s)

Data packets per Template packetAES-‐128 Multihop (4)

AES-‐128 Single Hop

SHA-‐1 Multihop (4)

SHA-‐1 Single Hop

Ping Multihop (4)

Ping Single Hop

à Increasing packet size and processing overhead lead to an increased end-to-end transmission latency for DTLS packets compared to plaintext packets.

à  The decreased performance for transmission latency is mostly due to the large packet overhead of up to 64 bytes.

à  Calculation times DOES NOT contribute significantly: -  SHA-1 hash of 255 bytes plain text message: 9 ms -  Encryption with AES-128: 12 ms

23

Evaluation - System’s performance (DTLS handshake)


•  Measurement duration: –  Beginning of the handshake establishment –  Client received a „FINISHED“ message

•  15 measurements for each type of handshake

•  Timeout: 5 sec

à  Large standard deviation is caused by implementation behavior when messages lost.

-  DTLS states that an implementation should wait for an answer for a set amount of time after sending a flight. -  Retransmission if no answer is received during this period.

à  Time to execute a handshale is shorter for smaller RSA-keys and reduced by almost 2 sec when client authentication is omitted in the handshake.

à  Packet loss mainly in multi-hop environment and larger DTLS messages are sent. à  Total energy consumption of client does not increase significantly

- All TPM operations are only executed after successful receipt of all relevant server messages.

Average latency for a fully authenticated and a server authenticated DTLS handshake

24

Evaluation - Energy consumption Energy draw for a fully authenticated DTLS

handshake on OPAL node


Energy cost =

25

Evaluation - Memory consumption


ROM consumption (byte)à Total: 63,383 byte ROM

RAM consumption (byte)à Total: 17,839 byte RAM

•  Fully authenticates handshake with 2048-bit RSA keys •  OPAL resources: 48 kB RAM / 256 kB ROM

26

Established WSN at Department

Recording of received TinyIPFIX messages in Listerner provided by TinyOS

DTL

S ha

ndsh

ake

mes

sage

s

Dat

a tr

ansm

issi

on v

ia s

ecur

e co

nnec

tion

Wireshark recording on tun0 (only UDP packets)

IRIS with mts300 or mts400 S

Nodes with data collection purpose:

TelosB with activated sensors T

T

T

S

SS

T

S

SS

SS

S

S

Gateway (TelosB)

TelosB with aggregation purpose

2232 2270 11042222

1108 2250

1105

2243

1102 1106 11101107

11011103

X

X Opal

12


Gateway

12

11072270

1110

2243

2222

22501108

1104 1102

1105

1101

2232

1103

1106

27

Summary •  Today’s challenge:

•  Connec2on of different infrastructures on base of IP-‐communica2on •  Internet of Things

•  Adop2on of powerful and well known protocols is suitable! •  A standard based security architecture with two-‐way authen2ca2on for the Internet of Things was developed. •  The authen2ca2on is performed during a fully authen2cated DTLS handshake.

–  Exchange of X.509 cer2ficates containing RSA keys •  Secure provisioning:

–  Message integrity –  Confiden2ality –  Authen2city

•  Solu2on has affordable energy, end-‐to-‐end latency, and memory overhead

•  Interoperability can be ensured with different vendors •  Applica2on scenarios exchangeable


On-‐going work •  Opal on a chip (TI CC2538)

•  Cortex M3 (32KB RAM and 512KB ROM) •  IEEE 802.15.4 radio •  RSA, ECC in hardware •  ~$6

•  OpenMote

•  Has the dominated factor moved back to wireless transmissions?

•  More advanced crypto approaches?

•  Bluetooth LE security?

29

References 1.  "secFleck: A Public Key Technology Plaaorm for Wireless Sensor Networks", Wen Hu, Peter Corke,

Wen Chan Shih, Leslie Overs. In Proceedings of 6th European Conference on Wireless Sensor Networks (EWSN 09), February 11th-‐13th, Cork, Ireland.

2.  "Towards Trusted Wireless Sensor Networks". Wen Hu, Hailun Tan, Peter Corke, Wen Chan Shih,

Sanjay Jha. ACM Transac2ons on Sensor Networks (TOSN), Volume 7, Issue 1, August 2010. 3.  "DTLS based Security and Two-‐Way Authen2ca2on for the Internet of Things", Thomas Kothmayr,

Corinna SchmiR, Wen Hu, Michael Bruenig and Georg Carle. Ad Hoc Networks (Elsevier), Vol. 11 Issue 8, Page 2710 -‐ 2723 Nov 2013.

4.  “TLS-‐based Security with two-‐way Authen2ca2on for IoT”, C. SchmiR, B. S2ller, T. Kothmayr and Wen Hu, IETF Internet Drav, July 2013.

5.  "Towards Trustworthy Par2cipatory Sensing”, Akshay Dua, Nirupama Bulusu, Wuchang Feng, Wen Hu. In Proceedings of 4th USENIX Workshop on Hot Topics in Security (HotSec '09), August, 2009, Montreal, Canada.

embedded security: from sensor networks to internet of...

Documents