lightweight security protocol t aejoon p ark real-time computing laboratory department of eecs the...
TRANSCRIPT
![Page 1: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/1.jpg)
LiLightweight ghtweight SSecurity ecurity PProtocolrotocolLiLightweight ghtweight SSecurity ecurity PProtocolrotocol
TTAEJOONAEJOON P PARKARK
Real-Time Computing Laboratory
Department of EECS
The University of Michigan
““Security in Networked Embedded Systems”Security in Networked Embedded Systems”
![Page 2: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/2.jpg)
CHALLENGES
• Security Efficiency, user-friendlyness
• Dynamic, unmanned, renewable
• Compatible with existing app/svc
KEY MANAGEMENT
• Process to generate, store, protect, transfer, use & destroy key
• Also trust management, pricing, privacy
• e-Business, PayTV, Internet
CRYPTO KEY• Secure only if key length large enough
>> 75 bits (M. Blaze)
• Same key forever ?
• Nullifying effect of key in ciphertext ?e.g., 802.11 WEP
CRYPTOGRAPHY
• Only use ciphers carefully studied
• Resistence to cryptanalysis Processing
• Key search attack ?e.g., DES ~ 256
How to Secure Systems How to Secure Systems ??How to Secure Systems How to Secure Systems ??
Secure System• Confidentiality• Integrity, Authenticity• Access Control• Availability
![Page 3: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/3.jpg)
Security in Networked Embedded SystemsSecurity in Networked Embedded SystemsSecurity in Networked Embedded SystemsSecurity in Networked Embedded Systems
No fixed infrastructure, self-organizing
Battery-powered
A large number of nodes
Dynamic addition / removal
Possibly mobile, unattended
CHALLENGES
Wireless
Limited Energy
Large-scale
easier eavesdropping, jamming
OUR APPROACH
Lightweight Not sacrificing security level
Distributed, P2P
Tailored to Threat / Svc
![Page 4: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/4.jpg)
Threat ModelThreat ModelThreat ModelThreat Model
OUTSIDER INSIDER
Data Attacks• Traffic capture / replay• Spoofing if unencrypted• Man-in-the-middle attack
Radio Attacks• High-power jamming• Detection of radio sources,
Hot spots
Physical Attacks• Reprogram as malicious• Destroy device• Extract key material
Data Attacks• Traffic injection / flooding• Unlimited spoofing• DoS attack
Service Disruption Attacks• Routing – altered route
updates, selective relaying• Disruption of clock synch.
Misc.• Service/data to adversary• Malicious service to net.
![Page 5: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/5.jpg)
Why LiSP Why LiSP ??Why LiSP Why LiSP ??THREATTHREAT DEFENSEDEFENSE PROBLEMPROBLEM SOLUTIONSOLUTION
Shared secret-key
Re-keying
• Globally• Group-based• Pairwise
• Periodically• Event-triggered
SoftTamper-Proofing
via
Program-IntegrityVerification
H/WH/W
S/WS/W
Tamperresistance
• Obfuscation
• Result Checking
• Self-Decrypting programs
• Expensive• Not absolutely safe
• O: No security• RC,SD: Incurs
runtime overhead• SD: How to protect
decryption routine?
Attack on DataAttack on Data
• Eavesdropping
• Data Modification/ injection
• Service disruptionDoS
Attack on DevicesAttack on Devices
The adversary can• capture• reverse-engineer• re-program• clonesensor device(s)
• Large overhead of (unicast) re-keying
Group-shared
Pairwise-shared• Large overhead of
encr/decr per link
Globally shared
• Vulnerable to node compromises
Group-basedKey Management
• Hierarchical nets• via Key Broadcast
DistributedKey Management
• Peer-to-peer nets
• via Distributed Key Servers
![Page 6: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/6.jpg)
LiSP ArchitectureLiSP ArchitectureLiSP ArchitectureLiSP Architecture
Goal: A lightweight security framework for various NEST applicationsGoal: A lightweight security framework for various NEST applications
PROGRAM
INTEGRITY
VERIFICATION
PROGRAM
INTEGRITY
VERIFICATION
INTRUSION
DETECTION
INTRUSION
DETECTION KEY
MANAGEMENT
KEY
MANAGEMENT
SECURITY TRADEOFFSECURITY TRADEOFF
Probe Monitor
Re-key
Activate / Locknew
sensor
suspicioussensor
compromisedsensor
Reconfigure
Reconfigure
![Page 7: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/7.jpg)
Group Key ManagementGroup Key ManagementGroup Key ManagementGroup Key Management
OBJECTIVEOBJECTIVE
Static Preloaded Key Dynamic Key
Periodic Renewal of Group-Key (GK)
Maximize Performance given Key Renewal Frequency
KEY IDEAKEY IDEA
Unicasting Broadcasting (without retransmissions / ACKs)
Authentication & Recovery of GK using One-Way Hash FunctionAuthenticate GK without dedicated MAC field
Detect / recover lost (corrupted) GK
Double-Buffering for Robustness to Inter-Sensor Clock Skews
![Page 8: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/8.jpg)
Key Buffer
Key Slots
SENSOR
Group Key ManagementGroup Key ManagementGroup Key ManagementGroup Key Management
GK6GK4 GK5 GK7
HHHHGK3
HGK2
HGK1
Ucast Bcast Bcast
KEY
SERVERGK5
lost/corrupted
GK3
GK2 = H(GK3)GK1 = H(GK2)
GK1
GK2
GK4
GK3
GK3
GK2
GK4
GK3
GK4
GK4
GK5 = H(GK6)
GK5
GK4
GK6
Communicationvs Processing
Much less C at the expense of reasonable P
Energy-efficient because C >>> P
![Page 9: Lightweight Security Protocol T AEJOON P ARK Real-Time Computing Laboratory Department of EECS The University of Michigan “Security in Networked Embedded](https://reader035.vdocument.in/reader035/viewer/2022072017/56649f035503460f94c17727/html5/thumbnails/9.jpg)
DARPA DemoDARPA DemoDARPA DemoDARPA Demo
Visualize rekeying process via GUI & Mote LEDs
1. Key Distribution
2. Key Recovery
Randomly skipping key disclosure(s)
3. Tradeoffs
Adjust rekeying period & length of key buffer
Tool for Visualizing Key Management