Security in Wireless Sensor Networks: Blocking and Tackling

1. Security in Wireless Sensor Networks:Blocking and Tackling K. Pister

2. Security Goals Encryption Make sure that no one can see the data Integrity Avoid forged data/control Discard replayed packets Discard random, malformed, or corrupted packets Authentication Accept only trusted motes Join only trusted networks Commissioning and Binding Join only the right trusted network

3. Conclusion • Building secure sensor networks is straightforward • Low power • Low (enough) computational complexity • Challenges • Perception: too hard, easy, not necessary • Commissioning and binding • Standards work is underway in the IETF

4. I don’t need security Natanz Nuclear Facility, Iran (Wikipedia) • Lighting control • “We’re just doing lighting control” • Industrial rotation rate sensor • “It’s just an input” • Home temperature sensor • “Thieves target houses with <your company> thermostats set on ‘vacation’ ”

5. I’ve got security! …. (not) REDACTED! • “Channel hopping is impossible to track” • “We have a secret algorithm” • “We keep the key secret” • HD DVD/Blueray 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 • “Our keys are completely random. We use Linux rand() four times!”

6. I need security • Streetline: Urban-scale parking sensor network • Single vendor, single installer, single data destination • Chevron: Industrial process sensors • Many vendors, many installers, many destinations • Consumers: Home automation • Many vendors, innumerate installers

7. AES128 decrypt 128 Plaintext 128 Key Shared Key Cipher • AES Advanced Encryption Standard • Approved by NSA for US Top Secret docs • Software • 1ms, 10uJ • Hardware • 1us, 1nJ AES128 encrypt 128 128 Plaintext ciphertext 128 Key

8. Shared-key Encryption & Integrity Authenticate payload & headers using AES128 CBC-MAC Generates “secure checksum” Message Integrity Code – 4B MIC Encrypt payload and MIC with AES128 CTR Append a 2 byte CRC checksum On reception Verify CRC Removes >99.999% of corrupted packets Decrypt payload, MIC Verify message integrity Packet A B ACK Authenticate integrity Encrypt in place Checksum

9. Random Number Generators • Often the weak link in a well-designed system • rand(), time(), … • How do you find randomness in a digital system? • Thermal noise • RF • Sensor inputs • Oscillator frequency differences • NIST CTR_DRBG (deterministic random bit generator) • Accumulate 128 bits of entropy • Seed a DRBG • Apply AES with feedback to generator RN

10. K K K K K KJ1 K KJ2 Key Distribution • Pre-shared keys • Single Shared • Shared join key  unique session keys • Unique join keys  unique session keys • Access Control List (ACL), Network ID • Allows segregation of networks • Powerful combination • Secure • Enables Binding • All shared-key (not PKI) K1 K2 K1 K2 K1 K2

11. Use cases One supplier/installer One supplier, separate installers Multiple suppliers, one installer Multiple suppliers, multiple installers, multiple neighboring users ? ? ? • Building 2 networks • HVAC • Security • Fire • Tenant networks • Building 1 networks • HVAC • Security • Fire • Tenant networks New mote

12. Cell-phone commissioning KJ1 • QR codes • Web databases • Cell localization • End state: • ACLs • Unique keys • Proper binding

13. Standards • IEEE • 802.15.4e • IETF • CoAP • DTLS • 6TiSCH • OpenWSN.berkeley.edu