Transcript Ubiquitous IT Europe Forum 2008

Ubiquitous IT Europe Forum 2008
Security Technologies in USN
Dooho Choi
([email protected])
Information Security Research
Division
Ubiquitous IT Europe Forum 2008
1
IT R&D Global Leader
Content
I
Definition of USN
II
Security Issues in USN
III
Current Research on USN Security in ETRI
IV
Conclusions
Ubiquitous IT Europe Forum 2008
2
IT R&D Global Leader
Definition of USN
– broad meaning
USN (Ubiquitous Sensor
Network) :
From Tag and/or Sensor
node imbedded in various
objects (Ubiquitous)
Sensing and Generating
Context information and
Knowledge-based contents
(Sensor)
Network Infra for useroriented application services
to anyone at anywhere and
Source : Figure 1 – USN application image at ITU-T TSAG – C 22,
A preliminary study on the Ubiquitous Sensor Network, Feb. 2007
Ubiquitous IT Europe Forum 2008
3
anytime (Network)
IT R&D Global Leader
Definition of USN
– narrow meaning
Sensor Node
Application
Network
Sink Node
(Base Station)
Similar to the WSN(Wireless Senor Network)
WSN(from Wikipedia) : A wireless network
consisting of spatially distributed autonomous
devices using sensors to cooperatively monitor
physical or environmental conditions, such as
temperature, sound, vibration, pressure, motion or
pollutants, at different locations
Ubiquitous IT Europe Forum 2008
4
Sensor Field
IT R&D Global Leader
Definition of USN
– Features of USN
USN consists of large number of small and low cost Sensor Nodes
 The node has sensing, processing, and wireless communication capabilities
USN is densely deployed inside/close to the phenomenon
USN node position is not engineered or predetermined
 Nodes are deployed in inaccessible terrain or harsh environments
 Protocols and algorithms have self-organization capabilities
 Nodes have to cooperate and partially process sensed data
Ubiquitous IT Europe Forum 2008
5
IT R&D Global Leader
Definition of USN
- USN Applications
 Environmental applications
– ecology, geophysics
– Agriculture, Forest fire detection, Flood detection, etc.
 Health applications
– Interfaces for the disabled
– Tele-monitoring of human physiological data
 Home applications
– Home network applications
– Smart building (Intelligent Building System)
 Military applications
– Enemy detection, DMZ guard
Ubiquitous IT Europe Forum 2008
6
IT R&D Global Leader
Content
I
Definition of USN
II
Security Issues in USN
III
Current Research on USN Security in ETRI
IV
Conclusions
Ubiquitous IT Europe Forum 2008
7
IT R&D Global Leader
Security Issues in USN
 We can make a Sensor Network to be secure (if we can apply existing
cryptography to Sensor Network)
– That is, most of attacks can be prevented by using elaborate cryptography (e.g. data
encryption, message authentication, etc.)
– However, the features of Sensor Network make it impossible to apply “existing
cryptography & security technology” into Sensor Network
 Sensor Node
– is vulnerable to attacks such as tampering and SCA(Side Channel Attack), etc.
– is hard to apply existing security technology for its resource constraints
 Sensor Network
– is vulnerable to attack for its wireless communication feature
– is hard to adopt existing network security technology for its ad-hoc network features
(actually, Sensor Network is special class of ad-hoc network)
Ubiquitous IT Europe Forum 2008
8
IT R&D Global Leader
Possible Attacks on USN
 Sensor Node can be attacked easily…
– A node can be compromised by adversary  the critical information in a sensor node
is known to attacker
– Compromised node can be used as a new attacking node (it is on the data path)
– Ex) Sinkhole attack, Sybil attack, Hello flood attack
 Sensor Network can also be attacked easily…
– The Sensor network attack can affect the routing topology
– The attacks can be on the forwarding user data
– Adversary nodes are invisible to other nodes
– Ex) Selective forwarding, wormhole attack
Ubiquitous IT Europe Forum 2008
9
IT R&D Global Leader
Possible Attacks on USN

Eavesdropping
- Encryption can hide the message from the passive attack

Node capturing
- Tamper resistant technology can block this attack

Bogus/Malfunctioning nodes
- Proper bogus & malfunctioning nodes detection methods are required

Traffic Analysis
- Proper traffic analysis mechanisms are required

Routing Attack
- Authentication and secure routing methods are required

DoS Attack
- RF Jamming & Power consumption attack detection are required
Ubiquitous IT Europe Forum 2008
10
IT R&D Global Leader
Possible Attacks on Sensor Node
 Attacks on Sensor Node
Cloning
Attack
EM Attack
SCA
Power
Exhaustion
Attack
Fault injection
Attack
– Cloning attack, EM(Electromagnatic) attack, SCA, Power exhaustion attack, Fault
injection attack are possible to a Sensor Node
– Many attacks are possible because it is hard to implement tamper resistant technology
to a Sensor Node for its resource constraints
Ubiquitous IT Europe Forum 2008
11
IT R&D Global Leader
Possible Attacks on Sensor Node
 Side Channel Attack
plaintext Pi
ciphertext Ci
Smart Card
Secret key d
Side Channel Information
(Timing, Power Trace, EM signal,…)
Analysis
V
t
Secret key d
V
t
Source : Tsuyoshi Takagi, Future University Hakodate, Japan ,
Efficient and Secure Implementation of Pairing Based Cryptosystems
Ubiquitous IT Europe Forum 2008
12
IT R&D Global Leader
Security threats and Countermeasures
 Security threats and Countermeasures on USN which are classified from the
viewpoints of Layer of USN
Network Layer
Possible Attacks
Security Technology
Physical Layer
Physical Tampering
Jamming
Tamper proofing
Spread-spectrum, priority messages
Lower duty cycle
Link Layer
Collision
Exhaustion
Unfairness
Error-correcting code
Rate limitation
Small frames
Network Layer
Neglect and greed
Homing
Misdirection
Black holes
Redundancy, Probing
Cryptographically Encryption
Authorization, Monitoring
Authorization, Redundancy
Transport Layer
Flooding
De-synchronization
Monitoring, Client puzzles
Data origin authentication
Ubiquitous IT Europe Forum 2008
13
IT R&D Global Leader
Content
I
Definition of USN
II
Security Issues in USN
III
Current Research on USN Security in ETRI
IV
Conclusions
Ubiquitous IT Europe Forum 2008
14
IT R&D Global Leader
Current Research on USN Security in ETRI
 ETRI is developing the light-weight Crypto Modules for RFID and/or
Sensor node
– Implementation of light weight Symmetric key crypto modules(AES, ARIA)
– Implementation of light weight Asymmetric key crypto modules
(scalar multiplication for ECC, modular exponentiation for RSA, pairing computation for
pairing based cryptography)
 ETRI is also developing the Secure Node for USN
– Research on Side Channel Analysis and its Countermeasures
– Development of Secure Sensor Node
– Development of Security extension of TinyOS (TinySec)
Ubiquitous IT Europe Forum 2008
15
IT R&D Global Leader
Current Research on USN Security in ETRI

Light weight AES Crypto module




Low power ECC Crypto module



20uW, 4K gates AES H/W IP
Secure Passive RFID Tag – compatible with ISO 18000-6 Type C
Data encryption/authentication on the passive RFID environment
Low power consumed architecture - 21K gates H/W IP
Secure Sensor Node - ECDH, ECDSA
Low power RSA Crypto module


Low power consumed architecture - 65K gates H/W IP
Secure Sensor Node – Key distribution, certificate based
Ubiquitous IT Europe Forum 2008
16
IT R&D Global Leader
Current Research on USN Security in ETRI
 Research on Side Channel Analysis
Number of Traces
DPA Analysis Start
Select a target S-box
Input value of Selected
S-box
Frequency domain based
DPA analysis result
Frequency domain Energy-based
DPA analysis result
Frequency domain Pattern
recognition–based DPA analysis
result
Key Crack Success
Ubiquitous IT Europe Forum 2008
17
IT R&D Global Leader
Current Research on USN Security in ETRI
 Development of a Secure Sensor Node
– Strong security is provided with low power consumed H/W crypto module
– Compatible with TinySec
– Provides secure data communication, integrity and authentication
– Resistant to DPA (Differential Power Analysis : SCA) attack
Sensor : Si Photodiode
EEPROM : light weight
Security Module H/W
configuration data Storage
USB to serial :
Host PC serial
communication
RF (CC2420) :
IEEE 802.15.4
WPAN
Features of ETRI Crypto Module
MSP 430 uP: Main processor
TinyOS porting
Flash Memory :
Sensor Security Platform
Code Storage
Ubiquitous IT Europe Forum 2008
RF Antenna :
SMP & PCB
pattern antenna
Xilinx FPGA :
• AES, ECC, RSA crypto algorithms
• Low power consumption
• Performance tuned at the level of
Sensor OS
18
IT R&D Global Leader
Current Research on USN Security in ETRI
 Summary of Security Enhancing Technology for Sensor Network
Secure Key
Management
- Traditional public key cryptography
- Enhanced private key cryptography
Avoiding DoS Attack
- Real time network mgmt.
Secure multicasting/
broadcasting
- Secure key distribution
- Centralized group key mgmt.
Secure Routing Protocol
Sensor Privacy
Intrusion Detection
Secure Data
Aggregation
Secure Hardware
Ubiquitous IT Europe Forum 2008
- Redundancy & Routing mgmt. at base station
- Secure Route Discovery Protocol
- Location Privacy & Privacy control by policy
- Hiding data source
ETRI’s Current
Research Topics
- Stand-alone architecture
- Distributed and cooperative architecture, Hierarchical architecture
- Data encryption, Message authentication code
- Tamper-resistant hardware
- Self-termination & Detection from neighborhoods
19
IT R&D Global Leader
Content
I
Definition of USN
II
Security Issues in USN
III
Current Research on USN Security in ETRI
IV
Conclusions
Ubiquitous IT Europe Forum 2008
20
IT R&D Global Leader
Conclusions
 Everyone knows the USN technology is promising technology
 However, the possible security threats may spoil the technology and market
 So, it requires the development of security technology for USN
 The high resource constraints (low power consumption & low computing
capability) should be considered to make security technologies for USN
 Also, the back-end USN infrastructure (such as middleware, etc.) and network
features (such as Ad-hoc and wireless) should be considered to make proper
security technologies for USN network.
Ubiquitous IT Europe Forum 2008
21
IT R&D Global Leader
Thank You!
Ubiquitous IT Europe Forum 2008
22
IT R&D Global Leader