Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Automated airport weather station wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Wireless security wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Ubiquitous IT Europe Forum 2008 Security Technologies in USN Dooho Choi ([email protected]) Information Security Research Division Ubiquitous IT Europe Forum 2008 1 IT R&D Global Leader Content I Definition of USN II Security Issues in USN III Current Research on USN Security in ETRI IV Conclusions Ubiquitous IT Europe Forum 2008 2 IT R&D Global Leader Definition of USN – broad meaning USN (Ubiquitous Sensor Network) : From Tag and/or Sensor node imbedded in various objects (Ubiquitous) Sensing and Generating Context information and Knowledge-based contents (Sensor) Network Infra for useroriented application services to anyone at anywhere and Source : Figure 1 – USN application image at ITU-T TSAG – C 22, A preliminary study on the Ubiquitous Sensor Network, Feb. 2007 Ubiquitous IT Europe Forum 2008 3 anytime (Network) IT R&D Global Leader Definition of USN – narrow meaning Sensor Node Application Network Sink Node (Base Station) Similar to the WSN(Wireless Senor Network) WSN(from Wikipedia) : A wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants, at different locations Ubiquitous IT Europe Forum 2008 4 Sensor Field IT R&D Global Leader Definition of USN – Features of USN USN consists of large number of small and low cost Sensor Nodes The node has sensing, processing, and wireless communication capabilities USN is densely deployed inside/close to the phenomenon USN node position is not engineered or predetermined Nodes are deployed in inaccessible terrain or harsh environments Protocols and algorithms have self-organization capabilities Nodes have to cooperate and partially process sensed data Ubiquitous IT Europe Forum 2008 5 IT R&D Global Leader Definition of USN - USN Applications Environmental applications – ecology, geophysics – Agriculture, Forest fire detection, Flood detection, etc. Health applications – Interfaces for the disabled – Tele-monitoring of human physiological data Home applications – Home network applications – Smart building (Intelligent Building System) Military applications – Enemy detection, DMZ guard Ubiquitous IT Europe Forum 2008 6 IT R&D Global Leader Content I Definition of USN II Security Issues in USN III Current Research on USN Security in ETRI IV Conclusions Ubiquitous IT Europe Forum 2008 7 IT R&D Global Leader Security Issues in USN We can make a Sensor Network to be secure (if we can apply existing cryptography to Sensor Network) – That is, most of attacks can be prevented by using elaborate cryptography (e.g. data encryption, message authentication, etc.) – However, the features of Sensor Network make it impossible to apply “existing cryptography & security technology” into Sensor Network Sensor Node – is vulnerable to attacks such as tampering and SCA(Side Channel Attack), etc. – is hard to apply existing security technology for its resource constraints Sensor Network – is vulnerable to attack for its wireless communication feature – is hard to adopt existing network security technology for its ad-hoc network features (actually, Sensor Network is special class of ad-hoc network) Ubiquitous IT Europe Forum 2008 8 IT R&D Global Leader Possible Attacks on USN Sensor Node can be attacked easily… – A node can be compromised by adversary the critical information in a sensor node is known to attacker – Compromised node can be used as a new attacking node (it is on the data path) – Ex) Sinkhole attack, Sybil attack, Hello flood attack Sensor Network can also be attacked easily… – The Sensor network attack can affect the routing topology – The attacks can be on the forwarding user data – Adversary nodes are invisible to other nodes – Ex) Selective forwarding, wormhole attack Ubiquitous IT Europe Forum 2008 9 IT R&D Global Leader Possible Attacks on USN Eavesdropping - Encryption can hide the message from the passive attack Node capturing - Tamper resistant technology can block this attack Bogus/Malfunctioning nodes - Proper bogus & malfunctioning nodes detection methods are required Traffic Analysis - Proper traffic analysis mechanisms are required Routing Attack - Authentication and secure routing methods are required DoS Attack - RF Jamming & Power consumption attack detection are required Ubiquitous IT Europe Forum 2008 10 IT R&D Global Leader Possible Attacks on Sensor Node Attacks on Sensor Node Cloning Attack EM Attack SCA Power Exhaustion Attack Fault injection Attack – Cloning attack, EM(Electromagnatic) attack, SCA, Power exhaustion attack, Fault injection attack are possible to a Sensor Node – Many attacks are possible because it is hard to implement tamper resistant technology to a Sensor Node for its resource constraints Ubiquitous IT Europe Forum 2008 11 IT R&D Global Leader Possible Attacks on Sensor Node Side Channel Attack plaintext Pi ciphertext Ci Smart Card Secret key d Side Channel Information (Timing, Power Trace, EM signal,…) Analysis V t Secret key d V t Source : Tsuyoshi Takagi, Future University Hakodate, Japan , Efficient and Secure Implementation of Pairing Based Cryptosystems Ubiquitous IT Europe Forum 2008 12 IT R&D Global Leader Security threats and Countermeasures Security threats and Countermeasures on USN which are classified from the viewpoints of Layer of USN Network Layer Possible Attacks Security Technology Physical Layer Physical Tampering Jamming Tamper proofing Spread-spectrum, priority messages Lower duty cycle Link Layer Collision Exhaustion Unfairness Error-correcting code Rate limitation Small frames Network Layer Neglect and greed Homing Misdirection Black holes Redundancy, Probing Cryptographically Encryption Authorization, Monitoring Authorization, Redundancy Transport Layer Flooding De-synchronization Monitoring, Client puzzles Data origin authentication Ubiquitous IT Europe Forum 2008 13 IT R&D Global Leader Content I Definition of USN II Security Issues in USN III Current Research on USN Security in ETRI IV Conclusions Ubiquitous IT Europe Forum 2008 14 IT R&D Global Leader Current Research on USN Security in ETRI ETRI is developing the light-weight Crypto Modules for RFID and/or Sensor node – Implementation of light weight Symmetric key crypto modules(AES, ARIA) – Implementation of light weight Asymmetric key crypto modules (scalar multiplication for ECC, modular exponentiation for RSA, pairing computation for pairing based cryptography) ETRI is also developing the Secure Node for USN – Research on Side Channel Analysis and its Countermeasures – Development of Secure Sensor Node – Development of Security extension of TinyOS (TinySec) Ubiquitous IT Europe Forum 2008 15 IT R&D Global Leader Current Research on USN Security in ETRI Light weight AES Crypto module Low power ECC Crypto module 20uW, 4K gates AES H/W IP Secure Passive RFID Tag – compatible with ISO 18000-6 Type C Data encryption/authentication on the passive RFID environment Low power consumed architecture - 21K gates H/W IP Secure Sensor Node - ECDH, ECDSA Low power RSA Crypto module Low power consumed architecture - 65K gates H/W IP Secure Sensor Node – Key distribution, certificate based Ubiquitous IT Europe Forum 2008 16 IT R&D Global Leader Current Research on USN Security in ETRI Research on Side Channel Analysis Number of Traces DPA Analysis Start Select a target S-box Input value of Selected S-box Frequency domain based DPA analysis result Frequency domain Energy-based DPA analysis result Frequency domain Pattern recognition–based DPA analysis result Key Crack Success Ubiquitous IT Europe Forum 2008 17 IT R&D Global Leader Current Research on USN Security in ETRI Development of a Secure Sensor Node – Strong security is provided with low power consumed H/W crypto module – Compatible with TinySec – Provides secure data communication, integrity and authentication – Resistant to DPA (Differential Power Analysis : SCA) attack Sensor : Si Photodiode EEPROM : light weight Security Module H/W configuration data Storage USB to serial : Host PC serial communication RF (CC2420) : IEEE 802.15.4 WPAN Features of ETRI Crypto Module MSP 430 uP: Main processor TinyOS porting Flash Memory : Sensor Security Platform Code Storage Ubiquitous IT Europe Forum 2008 RF Antenna : SMP & PCB pattern antenna Xilinx FPGA : • AES, ECC, RSA crypto algorithms • Low power consumption • Performance tuned at the level of Sensor OS 18 IT R&D Global Leader Current Research on USN Security in ETRI Summary of Security Enhancing Technology for Sensor Network Secure Key Management - Traditional public key cryptography - Enhanced private key cryptography Avoiding DoS Attack - Real time network mgmt. Secure multicasting/ broadcasting - Secure key distribution - Centralized group key mgmt. Secure Routing Protocol Sensor Privacy Intrusion Detection Secure Data Aggregation Secure Hardware Ubiquitous IT Europe Forum 2008 - Redundancy & Routing mgmt. at base station - Secure Route Discovery Protocol - Location Privacy & Privacy control by policy - Hiding data source ETRI’s Current Research Topics - Stand-alone architecture - Distributed and cooperative architecture, Hierarchical architecture - Data encryption, Message authentication code - Tamper-resistant hardware - Self-termination & Detection from neighborhoods 19 IT R&D Global Leader Content I Definition of USN II Security Issues in USN III Current Research on USN Security in ETRI IV Conclusions Ubiquitous IT Europe Forum 2008 20 IT R&D Global Leader Conclusions Everyone knows the USN technology is promising technology However, the possible security threats may spoil the technology and market So, it requires the development of security technology for USN The high resource constraints (low power consumption & low computing capability) should be considered to make security technologies for USN Also, the back-end USN infrastructure (such as middleware, etc.) and network features (such as Ad-hoc and wireless) should be considered to make proper security technologies for USN network. Ubiquitous IT Europe Forum 2008 21 IT R&D Global Leader Thank You! Ubiquitous IT Europe Forum 2008 22 IT R&D Global Leader