who’s watching your network a communications security architecture and cryptographic mechanisms

Wh

o’s

wat

chin

g y

ou

r n

etw

ork

http://www.nai.com/nai_labs/asp_set/crypto/crypt_senseit.asp

A Communications Security Architecture and Cryptographic Mechanisms for Distributed

Sensor Networks

DARPA SensIT WorkshopOctober 8, 1999

David Carman, Dr. Brian Matt,David Balenson, and Peter Kruus

NAI Labs, The Security Research DivisionNetwork Associates, Inc.

Sponsored by the DARPA/ITO Sensor Information Technology (SensIT) Program

Through Air Force Research Laboratory (AFRL) Contract No. F30602-99-C-0185Dr. Sri Kumar, DARPA, Program Manager

Scott Shyne, AFRL, COTR

Wh

o’s

wat

chin

g y

ou

r n

etw

ork

SensIT-100799-2http://www.nai.com/nai_labs/asp_set/crypto/crypt_senseit.asp

Presentation OutlinePresentation Outline

• Research Status– Goals and Objectives– Hard Problems– Related Work– New Ideas

• Support for Demonstration– Sensor Node Architecture– User Platform Architecture– Project Timeline– Demo 1 Security Software

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Goal and ObjectivesGoal and Objectives

• Goal– Develop a communications security architecture incorporating

cryptographic security mechanisms that efficiently support the provision of required integrity, authentication, and confidentiality security services within distributed networks of resource-limited sensors

• Objectives– Identify practical cryptographic mechanisms and protocols that

can be selectively employed by resource-limited sensor nodes– Design a communications security architecture suitable for

use by distributed networks of resource-limited sensor nodes– Implement a prototype system and simulation that can be

used to demonstrate efficient and practical communications security for distributed networks of resource-limited sensor in a variety of environments and scenarios

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Hard ProblemsHard Problems

• Resource-Limitations– power budget, processing budget, continuous operation

• Range of Security Services Across Different Layers– confidentiality, integrity, authentication (with varying

granularity), anti-replay, non-repudiation, anonymity, denial-of-service, authorization

• Minimal Preconfiguration• Intermittent Group Connectivity• Key Management for Multi-hop Routing• Keying and authenticating unattended sensors

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Related WorkRelated Work

• Wireless Security Research– DARPA GloMo Program– Bluetooth Technology– Charon

• Smart Card Security Research

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


DARPA GloMo ProgramDARPA GloMo Program

• GloMo provides mobile users access to a range of information services (e.g., email, www, video/voice conferencing, whiteboard).www.darpa.mil/ato/programs/glomo/index.htm

• GloMo network characteristics:

– Sporadic network connectivity.

– Wireless spread spectrum.

– Self-organizing, multi-hop, heterogeneous networks.

– Security technologies and techniques applied at the application, networking, and wireless link/node layers.

* Courtesy DARPA ATO GloMo Program website.* Courtesy DARPA ATO GloMo Program website.

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


GloMo - Applicability to SensITGloMo - Applicability to SensIT

• GloMo security research does– allocate security services to various layers– offer a scalable group key management scheme

– examine implementing crypto in Ps vs. ASICs vs. FPGAs

• GloMo security research does not provide solutions for– intermittent group connectivity– multi-hop routing– security with limited preconfiguration– continuous, unattended operation

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Bluetooth TechnologyBluetooth Technology

• Specification for wireless data/voice communication– www.bluetooth.com

• Low-cost, short-range radio link facilitating protected ad hoc connections for mobile communications

• Frequency-hopped transceiver with data rate of 1Mb/s• Applicability to SensIT

– Does provide security solutions for link-level privacy (encryption) and entity authentication using a challenge-response scheme

– Does not provide• protection for other network layers

• intermittent group connectivity

• multi-hop routing

• unattended operation

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


CharonCharon

• Armando Fox and Steven Gribble - UC Berkeley– www.cs.berkeley.edu/~gribble/cs294-7_wireless/Charon.html

• Kerberos-based protocol for indirect authentication and secure communications with PDA-class mobile devices

• Uses a Kerberos-style trusted server to provide confidentiality and authentication between end-entities

• Applicability to SensIT– Does provide a solution to interactively authenticate management

nodes– Does not provide

• protection for other network layers

• intermittent group connectivity

• multi-hop routing

• unattended operation

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Smart Card CharacteristicsSmart Card Characteristics

• Smart cards contain small (~25mm2) micro-controllers that provide portable, relatively secure, low cost computing power and data storage.

• Smart card characteristics:

– Main power provided by card readers (may have battery-backed memory)

– Typically 8-bit CPUs with math / crypto co-processor, low memory

– Limitations include small size / gate count and card interface

– Physical vulnerabilities include fault analysis and power analysis

• Smart cards security applications include:

– access control, secure peer-to-peer communications, e-commerce, secure storage

* Courtesy of cmpnet.com ©1997* Courtesy of cmpnet.com ©1997

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Smart Card Security - Applicability to SensITSmart Card Security - Applicability to SensIT

• Applicability to SensIT– Provide some security solutions for resource-limited platforms

• math, crypto co-processors

• non-volatile data and key storage (EEPROM, FLASH, BBRAM)

• research in new protocols / algorithms for resource limited point-to -point authentication, encryption, etc.

– Does not offer solutions for group keying• Smart card client/server security model not applicable to group

security - does not provide routing security

• Smart card systems do not provide security with limited preconfiguration

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


New IdeasNew Ideas

• Multi-Layer Protection– Varying Authentication Granularity by Security Layer– Varying Confidentiality Keying Granularity by Security Layer

• Confidential Query/Tasking with Minimal Preconfiguration

• Anonymous Addressing with Minimal Preconfiguration• Location-Dependent Cryptography

– Security for geo-routing

• Rippled Key Cryptography

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Multi-Layer ProtectionMulti-Layer Protection

Link Layer

Network Layer

Application Layer

Confidentiality Authentication

Device Key Device Key

Mission KeyMission Key

Ad hoc Key Ad hoc Key

EphemeralAd hoc Key

Public/PrivateKeypair

• Provide confidentiality and authentication with varying levels of granularity at different network layers

• Provides progressively stronger key binding with minimal use of public key cryptography

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Sensor Network Key Management (for Demo?)Sensor Network Key Management (for Demo?)

KKdevicedevice

KKmission1mission1

KKmission2mission2

KKadhocadhoc

Super Node- Distributes Mission Key- Signs Mobile Code

Super Node- Distributes Mission Key- Signs Mobile Code

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Confidential Query/Tasking withMinimal Preconfiguration

Confidential Query/Tasking withMinimal Preconfiguration

Kquery = OWF(Attribute, KMission, Nonce)Attribute Type = ID or Capability or Location

Kquery = OWF(Attribute, KMission, Nonce)Attribute Type = ID or Capability or Location

EKquery(Query or Task Message), Nonce,

Attribute Type

ManagementNode

SensorNodes

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Anonymous Addressing withMinimal Preconfiguration

Anonymous Addressing withMinimal Preconfiguration

Does Nonce2 = OWF(Attribute(s), KMission, Nonce1) ?Attribute Type = ID, Capability, and/or Location, etc.

Does Nonce2 = OWF(Attribute(s), KMission, Nonce1) ?Attribute Type = ID, Capability, and/or Location, etc.

EKquery(Query or Task Message), Nonce1,

Nonce2, Attribute Type

ManagementNode

SensorNodes

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Location-Dependent CryptographyLocation-Dependent Cryptography

Kadhoc = OWF(Location attributes, KMission, Nonce)Kadhoc = OWF(Location attributes, KMission, Nonce)

Continuing research isaddressing how best to expresscomplex closed polygons and

multiple areas

Continuing research isaddressing how best to expresscomplex closed polygons and

multiple areas

SensorNodes

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Rippled Key CryptographyRippled Key Cryptography

• Intelligent Key Sharing Between Groups– eliminates inefficiencies of translation (decryption/re-encryption)– defines scheme for wrapping of session keys, application keys,

mission keys, and attribute keys

logical keying relationships

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Near-Term Project Tasks (Task 1 only)Near-Term Project Tasks (Task 1 only)

• Architecture and Mechanisms Study and Specification– Study sensor environment, communications, security

requirements and constraints– Develop an appropriate communications security architecture

comprised of selected cryptographic mechanisms

• Deliverables:– Requirements and Constraints REPORT; Month 06– Draft Design and Specification REPORT; Month 18– Final Design and Specification REPORT; Month 28

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Support for SensIT DemonstrationSupport for SensIT Demonstration

• Sensor Node Architecture• User Platform Architecture• Sensor Network Key Management• Project Timeline• Demo 1 Security Software

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Sensor Node Strawman ArchitectureSensor Node Strawman Architecture

Comm API

Network Routinghandles external msg. traffic

Comm H/W Initialization- Network address- Functionality- Security parameters

Data Acq.

SecurityManager

= security functionality

Message Handlinghandles internal msg. traffic

GPSTime,Loc

Data Acq. API

Sensor HWTamper Sensor

S/PDM

T/SDM

DC

DM

HI

DM

MobileCode

IP

Data Req.Mgr.

Func.Mgr.

FunctionalDB

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


User Platform Strawman ArchitectureUser Platform Strawman Architecture

DM

MobileCode

Nodes

Network Routing

Message Handling

Communications Link

DM

DeviceStatus

DM

TimeSeries

DM

Detection/Classification

DM

HighLevel

Initialization- Security parameters

DM

SecurityMgmt.

SecurityManager

= security functionality

GPS Time,Loc

GUIDisplay

DB Languagequery generator

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Jun1999

Jun2000

Jun2001

Dec1999

1 2 3 4 5 6 7 8 9 10 2511 26 27 29 31 353228 33 3630 34

Requirements& Constraints

REPORT

Requirements& Constraints

REPORT

DraftDesign &

SpecificationREPORT

DraftDesign &

SpecificationREPORT

DemoDemo

FinalReportFinal

Report

FinalDesign &

SpecificationREPORT

FinalDesign &

SpecificationREPORT

Dec2000

PrototypeToolkit

SOFTWARE

PrototypeToolkit

SOFTWARE

Project TimelineProject Timeline

12 13 14 15 16 17 18 19 20 21 22 23 24

Dec2001

Jun2002

PreliminarySOFTWAREfor Demo 1




Apr2000

Apr2001

Wh

o’s

wat

chin

g y

ou

r n

etw

ork


Demo 1 Security SoftwareDemo 1 Security Software

• Demo 1 Approach: – Embed (hide) security functionality beneath Network API– Low-risk, very little integration (only with Sensor.com?)

• Link Layer Security Software– Embedded beneath the WINS Network API on all nodes– Provides confidentiality, integrity, coarse authentication, and

anti-replay

• Network/Mission Layer Security Software– Embedded beneath the WINS Network API on all nodes– Provides confidentiality, integrity, mission group authentication

who’s watching your network a communications security architecture and cryptographic mechanisms

Documents