SPINS: Security Protocols for Sensor Networks

Presented By

Guidance by

Kiran Shinde

Prof. Mrs. Pallavi kulkarni

Overview

What are Sensor Network Security Goals System Assumptions SPINS-building blocks 1.SNEP 2.MICRO-TESLA Application Advantages and Disadvantages Conclusion

What are Sensor Networks?

Wireless networks consisting of a large number of small, low-cost and low-power nodes (motes) Sensor nodes can be densely deployed very close to the phenomenon to be observed Can also be deployed in hostile environments where physical access to nodes not possible Possess self-organizing capabilities nodes can get added and deleted dynamically

Sensor Network contd..

Core of a mote is a small, low-cost, low-power computer Computer monitors one or more sensors and connects to outside world with a radio link Radio communication range is typically a few tens of meters Typical power consumption is 10 mA while running, and 10 A in sleep mode Computer, sensors, antenna and batteries packaged in small containers a few mm thick

Security Goals

Confidentiality Data in transit to be kept secret from eavesdroppers Symmetric key ciphers preferred for their low power consumption
Node2

Node1

Msg

Base Station

Adversary

Authentication

Security Goals

Nodes need to verify each others' identities Public key digital signatures too expensive Symmetric key MACs commonly used
Node 1

I am the Base Station, Change these parameters

Node 2

Adversary
Node 3 Node 4

Base Station

Security Goals..

Integrity Wireless networks inherently unreliable Adversary can tamper with messages Message integrity codes for data integrity
Msg1

Node1

Msg1

Base Station

Adversary

Security Goals

Freshness Prevent adversaries from replaying old protocol instances and stale data readings

Session keys from past associations should not be reused in later ones. Two Types.. 1. Weak Freshness

2. Strong Freshness

System Assumptions

Communication patterns
-Node to base station (e.g. sensor readings) -Base station to node (e.g. specific requests) -Base station to all nodes Base

Base Station
-Sufficient memory, power -Shares secret key with each node
C E

Station

G F D B A

Node
-Limited resources, limited trust

SPINS: Building Blocks

SNEP

Sensor-Network Encryption Protocol Secures point-to-point communication Micro Timed Efficient Stream Loss-tolerant Authentication Provides broadcast authentication

TESLA

Block Cipher: RC5

Plaintext 1100 1100 RC5 block cipher

Key
11010010

Ciphertext
10001101

Main Feature: Data dependent Rotation Parameterized for word size, number of rounds, length of the key Low memory requirements Subset of RC5 with 40% reduction in code size Reused to save memory

First Protocol: SNEP

Use simple symmetric encryption function (RC5) provides: Encryption & Decryption Message Authentication Code Pseudorandom number generation Hash Function Secrecy and Confidentiality Semantic security against chosen ciphertext attack (strongest security notion for encryption) Authentication Replay protection

Key Generation/Setup
Counter KeyEncryption

Key Master

RC5 Block Cipher

KeyMAC
Keyrandom

Nodes and base station share a master key pre-deployment Other keys are bootstrapped from the master key:

Encryption key Message Authentication code key Random number generator key

SNEP Encryption (CTR Mode)

Counter+1 Counter+1

KeyEncryption

RC5 Block Cipher

Keydecryption

RC5 Block Cipher

Pj+1

Cj+1

Pj+1

E = {D}<Keyencryption, counter> Counter is shared state RC5 generates random data to XOR with message Weak freshness guaranteed Try different counter if messages are lost

Decryption is identical

Last resort: explicit resynchronization of counter

SNEP MAC (CBC Mode)

X1 X2 + KMAC RC5 KMAC RC5 KMAC XN + RC5

MAC

Message Authentication Code = MAC(KMAC, X) MAC uses Cipher Block Chaining (CBC) Every block of input affects output

Authentication, Confidentiality
Node A Msg, MAC(KMAC, Msg) Node B

{Msg}<Kencryption, Counter), MAC(KMAC, Counter|| {Msg}<Kencryption, Counter>)

Without encryption, can have authentication only For encrypted messages, the counter is included in the MAC Base station keeps current counter for every node

Strong Freshness
Node A Request, Nonce Node B

{Response}<Kencryption, Counter), MAC(KMAC, Nonce || Counter|| {Response}<Kencryption, Counter>)

Nonce generated randomly Sender includes Nonce with request Responder include nonce in MAC, but not in reply

TESLA (micro TESLA)

TESLA : efficient source authentication in multicast for wired networks. TESLA: authentication in broadcast for WSNs.

TESLA removes or adapts the expensive features of TESLA Asymmetric digital signature is replaced by symmetric key Frequency of key disclosure is greatly lessened. Only the Base Station stores the key chain. Inter-node communication is made possible by the Base Station

Simple MAC Insecure for Broadcast

K

Sender
M, MAC(K,M) M, MAC(K,M)

R1

R4
M, MAC(K,M)

TESLA: Authenticated
Broadcast

Uses purely symmetric primitives

Asymmetry from delayed key disclosure

Self-authenticating keys
Requires loose time synchronization

Use SNEP with strong freshness

Key Setup

Kn

F(Kn)

Kn-1

F(K2) .

K1

F(K1)

K0

Main idea: One-way key chains K0 is initial commitment to chain Base station gives K0 to all nodes

Broadcast

K0
0 1

K1
2

K2
3

K3
4

time

Divide time into intervals Associate Ki with interval i Messages sent in interval i use Ki in MAC Ki is revealed at time i + Nodes authenticate Ki and messages using Ki

TESLA Issues

Important parameters: time interval, disclosure delay Delay must be greater than RTT to ensure integrity Parameters define maximum delay until messages can be processed Nodes must buffer broadcasts until key is disclosed Requires loose time synchronization in network Base station commits to maximum number of broadcasts when forming chain

When current chain is exhausted, all nodes must be bootstrapped with a new one

Node to Node Key Agreement

Node A
A,NA
Random Nonce

Node B

Base Station

NA, NB, A, B, MAC(KmacB, NA | NB | A | B)

Make random KAB

{KAB}KencryB, MAC(KmacB, {KAB}KencryB) {KAB}KencryA, MAC(KmacA, {KAB}KencryA)

{Msg}Kab, MAC(KAB, {Msg}Kab)

Secure channel

Lots of Communication

Applications of Sensor Networks

Military applications (battlefield surveillance, NBC attack detection and reconnaissance) Environmental applications (forest fire detection, flood detection, tracking movement of birds) Health applications (telemonitoring of physiological data, hospital drug administration) Home applications (home automation such as vacuum cleaners, microwave, fridge, DVRs) Commercial applications (fault detection in bridges, automatic meter reading, traffic analysis)

Discussion: Drawbacks

The TESLA protocol lacks scalability - require initial key commitment with each nodes, which
is very communication intensive

SPINS uses source routing, so vulnerable to traffic analysis

Conclusion

Strong security protocols affordable

- First broadcast authentication

Low security overhead

- Computation, memory, communication

Apply to future sensor networks

-Energy limitations persist -Tendency to use minimal hardware

Base protocol for more sophisticated security services

THANK YOU..

Questions ???