4 research outputs found
Adaptable Security in Wireless Sensor Networks by Using Reconfigurable ECC Hardware Coprocessors
Specific features of Wireless Sensor Networks (WSNs) like the open accessibility to nodes, or the easy observability of radio communications, lead to severe security challenges. The application of traditional security schemes on sensor nodes is limited due to the restricted computation capability, low-power availability, and the inherent low data rate. In order to avoid dependencies on a compromised level of security, a WSN node with a microcontroller and a Field Programmable Gate Array (FPGA) is used along this work to implement a state-of-the art solution based on ECC (Elliptic Curve Cryptography). In this paper it is described how the reconfiguration possibilities of the system can be used to adapt ECC parameters in order to increase or reduce the security level depending on the application scenario or the energy budget. Two setups have been created to compare the software- and hardware-supported approaches. According to the results, the FPGA-based ECC implementation requires three orders of magnitude less energy, compared with a low power microcontroller implementation, even considering the power consumption overhead introduced by the hardware reconfiguratio
A network access control framework for 6LoWPAN networks
Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes
Routing and Mobility on IPv6 over LoWPAN
The IoT means a world-wide network of interconnected objects based on standard communication
protocols. An object in this context is a quotidian physical device augmented with
sensing/actuating, processing, storing and communication capabilities. These objects must be
able to interact with the surrounding environment where they are placed and to cooperate with
neighbouring objects in order to accomplish a common objective. The IoT objects have also the
capabilities of converting the sensed data into automated instructions and communicating them
to other objects through the communication networks, avoiding the human intervention in several
tasks. Most of IoT deployments are based on small devices with restricted computational
resources and energy constraints. For this reason, initially the scientific community did not
consider the use of IP protocol suite in this scenarios because there was the perception that it
was too heavy to the available resources on such devices. Meanwhile, the scientific community
and the industry started to rethink about the use of IP protocol suite in all IoT devices and now
it is considered as the solution to provide connectivity between the IoT devices, independently
of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite
protocol in all devices and the amount of solutions proposed, many open issues remain unsolved
in order to reach a seamless integration between the IoT and the Internet and to provide the
conditions to IoT service widespread. This thesis addressed the challenges associated with the
interconnectivity between the Internet and the IoT devices and with the security aspects of
the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how
to provide valuable information to the Internet connected devices, independently of the supported
IP protocol version, without being necessary accessed directly to the IoT nodes. In order
to solve this problem, solutions based on Representational state transfer (REST) web services
and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web
service and the transition mechanism runs only at the border router without penalizing the IoT
constrained devices. The mitigation of the effects of internal and external security attacks
minimizing the overhead imposed on the IoT devices is the security challenge addressed in this
thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely
initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to
manage traditional firewalls. It is based on filtering at the border router the traffic received
from the Internet and destined to the IoT network according to the conditions announced by
each IoT device. The second is a network access security framework that can be used to control
the nodes that have access to the network, based on administrative approval, and to enforce
security compliance to the authorized nodes. The third is a network admission control framework
that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with
the Internet, which drastically reduces the number of possible security attacks. The network
admission control was also exploited as a management mechanism as it can be used to manage
the network size in terms of number of nodes, making the network more manageable, increasing
its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como
da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos
que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede
global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos
standard. Neste contexto, um objeto é um objeto fÃsico do dia a dia ao qual foi adicionada a
capacidade de medir e de atuar sobre variáveis fÃsicas, de processar e armazenar dados e de
comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de
cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos
também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros
objetos através da rede de comunicações, evitando desta forma a intervenção humana em
diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos
dispositivos autónomos com restrições ao nÃvel dos recursos computacionais e de retenção de
energia. Por esta razão, inicialmente a comunidade cientÃfica não considerou adequado o uso
da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito
pesada para os recursos computacionais disponÃveis. Entretanto, a comunidade cientÃfica e a
indústria retomaram a discussão acerca dos benefÃcios do uso da pilha protocolar em todos os
dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre
os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar Ã
Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de
soluções propostas, são vários os problemas por resolver no que concerne à integração contÃnua
e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste
tipo de tecnologias.
Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de
segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer
informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo
IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram
propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição
IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são
suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne
à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos
iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um
mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e
que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo
filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo
com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução,
é uma framework de network admission control que controla quais os dispositivos que podem
aceder à rede com base na autorização administrativa e que aplica polÃticas de conformidade
relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network
admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem
com outros dispositivos legÃtimos e com a Internet o que reduz drasticamente o número de
ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma
vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a
mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida
Nanoecc: Testing The Limits Of Elliptic Curve Cryptography In Sensor Networks
By using Elliptic Curve Cryptography (ECC), it has been recently shown that Public-Key Cryptography (PKC) is indeed feasible on resource-constrained nodes. This feasibility, however, does not necessarily mean attractiveness, as the obtained results are still not satisfactory enough. In this paper, we present results on implementing ECC, as well as the related emerging field of Pairing-Based Cryptography (PBC), on two of the most popular sensor nodes. By doing that, we show that PKC is not only viable, but in fact attractive for WSNs. As far as we know pairing computations presented in this paper are the most efficient results on the MICA2 (8-bit/7.3828-MHz ATmega128L) and Tmote Sky (16-bit/8.192-MHz MSP-430) nodes. © 2008 Springer-Verlag Berlin Heidelberg.4913 LNCS305320Estrin, D., Govindan, R., Heidemann, J.S., Kumar, S., Next century challenges: Scalable coordination in sensor networks (1999) MobiCom 1999. Mobile Computing and Networking, pp. 263-270. , Seattle, WA USA, ppAkyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E., Wireless Sensor Networks: A survey (2002) Computer Networks, 38 (4), pp. 393-422Karlof, C., Wagner, D., Secure routing in Wireless Sensor Networks: Attacks and countermeasures. Elsevier's AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols 293-315 (2003) (Also apeared in 1st IEEE International Workshop on Sensor Network Protocols and Applications)Wood, A.D., Stankovic, J.A., Denial of service in sensor networks (2002) IEEE Computer, 35 (10), pp. 54-62Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D.: SPINS: Security protocols for sensor networks. Wireless Networks 8(5), 521-534 (2002) (Also appeared in MobiCom 2001)Karlof, C., Sastry, N., Wagner, D., Tinysec: A link layer security architecture for Wireless Sensor Networks (2004) 2nd ACM SensSys, pp. 162-175Watro, R.J., Kong, D., fen Cuti, S., Gardiner, C., Lynn, C., Kruus, P., Tinypk: Securing sensor networks with public key technology (2004) SASN 2004. 2nd ACM Workshop on Security of ad hoc and Sensor Networks, pp. 59-64. , Washington, DC, ppGura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, 3156, pp. 119-132. Springer, Heidelberg (2004)Malan, D.J., Welsh, M., Smith, M.D., A Public-Key Infrastructure for key distribution in TinyOS based on Elliptic Curve Cryptography (2004) SECON 2004. 1st IEEE Intl' Conf. on Sensor and Ad Hoc Communications and NetworksOliveira, L.B., Aranha, D., Morais, E., Daguano, F., López, J., Dahab, R., Tiny-Tate: Computing the TinyTate in resource-constrained nodes (2007) 6th IEEE International Symposium on Network Computing and Applications, , Cambridge,MAMiller, V., Uses of elliptic curves in cryptography, advances in cryptology (1986) LNCS, 218, pp. 417-426. , Williams, H.C, ed, CRYPTO 1985, Springer, HeidelbergKoblitz, N., Elliptic curve cryptosystems (1987) Mathematics of computation, 48, pp. 203-209Scott, M.: MIRACL - A Multiprecision Integer and Rational Arithmetic C/C++ Library. Shamus Software Ltd, Dublin, Ireland (2003), http://www.shamus.ieZhou, L., Haas, Z.J., Securing Ad Hoc Networks (1999) IEEE Network, 13 (6), pp. 24-30Hubaux, J.P., Buttyán, L., Capkun, S., The quest for security in mobile ad hoc networks (2001) 2nd ACM international symposium on Mobile ad hoc networking & computing, pp. 146-155. , ACM Press, New YorkEschenauer, L., Gligor, V.D., A key management scheme for distributed sensor networks (2002) CCS 2002. 9th ACM conf. on Computer and communications security, pp. 41-47Zhu, S., Setia, S., Jajodia, S., LEAP: Efficient security mechanisms for large-scale distributed sensor networks (2003) CCS 2003. 10th ACM conference on Computer and communication security, pp. 62-72. , ACM Press, New YorkPietro, R.D., Mancini, L.V., Mei, A., Random key-assignment for secure Wireless Sensor Networks (2003) SASN 2003. 1st ACM workshop on Security of ad hoc and sensor networks, pp. 62-71Kannan, R., Ray, L., Durresi, A.: Security-performance tradeoffs of inheritance based key predistribution for Wireless Sensor Networks. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, 3313, Springer, Heidelberg (2005)Çamtepe, S.A., Yener, B.: Combinatorial design of key distribution mechanisms for Wireless Sensor Networks. In: Samarati, P., Ryan, P.Y A, Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, 3193, pp. 293-308. Springer, Heidelberg (2004)Liu, D., Ning, P., Li, R.: Establishing pairwise keys in distributed sensor networks. ACM Transactions on Information and System Security (TISSEC) 8(1), 41-77 (2005)(Also appeared in ACM CCS 2003)Du, W., Deng, J., Han, Y.S., Varshney, P.K., Katz, J., Khalili, A.: A pairwise key pre-distribution scheme for Wireless Sensor Networks. ACM Transactions on Information and System Security 8(2), 228-258 (2005) (Also appeared in ACM CCS 2003)Oliveira, L.B., Wong, H.C., Dahab, R., Loureiro, A.A.F., On the design of secure protocols for hierarchical sensor networks (2007) International Journal of Networks and Security (IJSN) 2(3/4), pp. 216-227. , Special Issue on Cryptography in NetworksOliveira, L.B., Ferreira, A., cca, M.A.V., Wong, H.C., Bern, M., Dahab, R., Loureiro, A.A.F., Secleach-on the security of clustered sensor networks (2007) Signal Process, 87 (12), pp. 2882-2895Hwang, J., Kim, Y., Revisiting random key pre-distribution schemes for Wireless Sensor networks (2004) 2nd ACM workshop on Security of ad hoc and sensor networks, pp. 43-52. , ACM Press, New Yorkhttp://discovery.csc.ncsu.edu/software/TinyECC, Liu, A, Kampanakis, P, Ning, P, Tinyecc: Elliptic Curve Cryptography for sensor networks ver. 0.3, 2007Guajardo, J., Bluemel, R., Krieger, U., Paar, C.: Efficient implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x family of microcontrollers. In: Kim, K.-c. (ed.) PKC 2001. LNCS, 1992, Springer, Heidelberg (2001)Wang, H., Sheng, B., Li, Q., Elliptic Curve Cryptography based access control in sensor networks. International Journal of Security and Networks (IJSN) (2006) Special Issue on Security Issues on Sensor Networks 1(3/4), pp. 127-137Polastre, J., Szewczyk, R., Culler, D., Telos: Enabling ultra-low power wireless research (2005) IPSN 2005. 4th international symposium on Information processing in sensor networks, p. 48. , IEEE Press, Piscataway, NJ, USAZhang, Y., Liu, W., Lou, W., Fang, Y., Securing sensor networks with location-based keys (2005) WCNC 2005. IEEE Wireless Communications and Networking ConferenceOliveira, L.B., Dahab, R.: Pairing-based cryptography for sensor networks. In: 5th IEEE International Symposium on Network Computing and Applications, Cambridge, MA (fast abstract) (2006)Doyle, B., Bell, S., Smeaton, A.F., McCusker, K., O'Connor, N., Security considerations and key negotiation techniques for power constrained sensor networks (2006) The Computer Journal, 49 (4), pp. 443-453McCusker, K., O'Connor, N., Diamond, D., Low-energy finite field arithmetic primitives for implementing security in Wireless Sensor Networks (2006) 2006 Intl. Conf. on Communications, Circuits and systems. Computer, Optical and BroadbandCommunicationsComputational Intelligence, 3, pp. 1537-1541Bellare, M., Namprempre, C., Neven, G., Unrestricted aggregate signatures. Cryptology ePrint Archive (2006), http://eprint.iacr.org, Report 2006/285Oliveira, L.B., Dahab, R., Lopez, J., Daguano, F., Loureiro, A.A.F., Identity-based encryption for sensor networks (2007) PERCOMW 2007. 5th IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 290-294Segars, S., ARM7TDMI power consumption (1997) IEEE Micro, 17 (4), pp. 12-19López, J., Dahab, R., An overview of Elliptic Curve Cryptography (2000), Technical Report IC-00-10, Institute of Computing, UNIAMPMenezes, A., Okamoto, T., Vanstone, S., Reducing elliptic curve logarithms to logarithms in a finite field (1993) IEEE Transactions on Information Theory, 39 (5), pp. 1639-1646Sakai, R., Ohgishi, K., Kasahara, M., CryptoSystems based on pairing (2000) SCIS 2000. Symposium on Cryptography and Information Security, pp. 26-28Joux, A.: A one round protocol for tripartite diffie-hellman. J. Cryptology 17(4), 263-276 (2004) (Proceedings of ANTS-IV, 2000)Galbraith, S., Pairings, Advances in Elliptic Curve Cryptography (2005) London Mathematical Society Lecture Notes, pp. 183-213. , Blake, I, Seroussi, C, Smart, N, eds, Cambridge University Press, Cambridge(2006) ATmegal28(L) datasheet, , http://www.atmel.comTl, M.S.P., (2002) 430F1611, Datasheet, , http://www.ti.com41 Daggett Dr (2003) San Jose, CA 95134: MPR/MIB Mote Hardware Users Manual - Document 7430-0021-05, , Crossbow Technology, Inc(2006) Tmote Sky datasheet, , http://www.moteiv.comLevis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Culler, D., TinyOS: An operating system for Wireless Sensor Networks (2004) Ambient Intelligence, , Weber, W, Rabaey, J, Aarts, E, eds, Springer, New YorkGay, D., Levis, P., von Behren, J.R., Welsh, M., Brewer, E.A., Culler, D.E., The nesC language: A holistic approach to networked embedded systems (2003) ACM Conf. on Programming Language Design and Implementation, pp. 1-11Scott, M., Szczechowiak, P., Optimizing multiprecision multiplication for Public Key Cryptography. Cryptology ePrint Archive (2007), Report 2007/299Hankerson, D., Menezes, A., Vanstone, S., (2004) Guide to Elliptic Curve Cryptography, , Springer. HeidelbergScott. M.: Optimal irreducible polynomials for GF(2m) arithmetic. Cryptology ePrint Archive, Report 2007/192 (2007)Scott, M., (2006) Implementing cryptographic pairingsBarreto, P.S.L.M., Galbraith, S., hEigeartaigh, C.O., Scott, M., Efficient pairing computation on supersingular abelian varieties (2006) Designs Codes And Cryptography, , Boston/Norwell USAScott, M.: Computing the Tate Pairing. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, 3376, pp. 293-304. Springer, Heidelberg (2005)Hess, F., Smart, N., Vercauteren, F., The Eta Pairing revisited (2006) IEEE Transactions on Information Theory, 52 (10), pp. 4595-4602Arazi, O., Qi, H., Load-balanced key establishment methodologies in Wireless Sensor Networks. International Journal of Security and Networks (IJSN) (2006) Special Issue on Security Issues on Sensor Networks 1(3/4), pp. 158-166Blaß, E.O., Zitterbart, M., Towards Acceptable Public-Key Encryption in Sensor Networks (2005) The 2nd Int'l Workshop on Ubiquitous Computing, ACM SIGMI