SPINS: Security Protocols for Sensor

NetworksAdrian Perrig, Robert Szewczyk,

Victor Wen, David Culler, and J.D. Tygar – University of California,

Berkeley

Presented By: Kimberly Yonce

Outline Wireless Sensor Networks SPINS Building Blocks

SNEP TESLA

Related Work Limitations/Future Work/Comments

Wireless Sensor Networks (WSN) A wireless network

consisting of spatially distributed autonomous devices using sensors to cooperatively monitor different locations.

Types of Sensors: temperature, sound, vibration, pressure, motion, and light.

WSN Applications Habitat monitoring

ZebraNet: Animals are equipped with tracking nodes that contain GPS to monitor position and speed of movement and light sensors to indicate current environment.

WSN Applications Fire Detection

SmokeNet: Sensors monitor smoke detection in a building. Sensors worn by firefighters monitor heart rate and air tank level as well as their location.

WSN Applications Medical Uses

Vital Sign Monitoring Patient Tracking Emergency Triage Stroke Rehabilitation

WSN Applications Military Uses

Military Vehicle Tracking

Mine Fields Sniper Localization

Traffic Monitoring Intrusion Detection

Sensor Network at UC Berkeley

Sensor Hardware

Sensor Hardware SmartDust TinyOS CPU: 8-bit, 4MHz Storage: 8 KB instruction

flash, 512 bytes RAM, 512 bytes EEPROM

916 MHz radio Bandwidth: 10 Kbps OS Code Space: 3500

bytes Available Code Space:

4500 bytes

WSN Challenges Severely resource-constrained

environments: Processing power Storage Bandwidth Energy

Is Security Possible? RSA

Performs operations on 2 large prime numbers N (modulus of the public and private keys) is

recommended to be at least 2048 bits long Digital Signatures

High communication overhead of 50-1000 bytes per packet

High overhead to create and verify the signatures

Is Security Possible? DES

64 bit block size Key length 56 bits 512-entry Sbox table 256-entry table for various permutations

AES 128 bit fixed block size Key size of 128, 192, or 256 bits 800 bytes of lookup tables

WSN Communication Patterns Sensor Readings

Node to Base Station Specific Requests

Base Station to Node Reprogramming

Network, Routing Beacons Base Station broadcast

to all Nodes

Sensor Network Security Requirements Data Confidentiality Data Authentication Data Integrity Data Freshness

Weak Freshness Strong Freshness

SPINS Building Blocks SNEP

Data confidentiality Two-party data authentication Integrity Freshness

TESLA Authentication for data broadcasts

SNEP Low communication overhead Uses MAC to achieve two-party authentication

and data integrity A shared counter between sender and receiver

helps ensure semantic security

CKmacCK encrencrDCKMACDBA

,,: ,,

SNEP with Strong Freshness

AA RNBA ,:

CKBAmacCKB encrencrRCNKMACRAB ,, ,,:

TESLA TESLA authenticates initial packet with a

digital signature. TESLA uses only symmetric mechanisms.

Instead of disclosing a key in each packet, a key is disclosed once per epoch.

TESLA restricts number of authenticated senders.

Broadcast from Base Station vs. Broadcast from a node

Cryptography Implementation Block Cipher

RC5 – small code size and high efficiency Variable block size (32, 64, or 128 bits) Key Size (0 to 255) # of Rounds (0 to 255) Modular additions and XORs Feistal like structure

Encryption Function Counter (CTR) Mode

Same function for encryption and decryption Stream cipher in nature

MAC Generation

Key Setup

Evaluation Code Size

RAM Requirements

Evaluation Energy Costs

20%1%

1%

1%

7%

2%

71%

MAC Transmission

Encryption Computation

EncryptionTransmissionComputation

Freshness Transmission

MAC Computation

Data Transmission

Related Work Carman, Kruus, and Matt analyze a variety

of approaches for key agreement and distribution in sensor networks.

TEA by Wheeler and Needham or TREYFER by Yuval are smaller alternatives as symmetric ciphers.

Karlof and Wagner investigate security goals for routing in sensor networks.

Deng et al. analyze attacks against the base station.

Limitations/Future Work TESLA requires loose time

synchronization between nodes Counter must be updated at sender and

receiver Information leakage through covert

channels Only ensure that a compromised sensor

does not reveal the keys of all the sensors in the network

Limitations/Future Work Does not consider DoS Does not achieve non-repudiation Relies on the base station being trusted,

and therefore does not consider attacks on the base station itself.

Questions/Comments