Home >Documents >Security in Heavily Constraint Environments

Security in Heavily Constraint Environments

Date post:07-Jan-2016
View:26 times
Download:7 times
Share this document with a friend
Security in Heavily Constraint Environments. Francisco Rodríguez-Henríquez CINVESTAV-IPN Sección de COmputación, Depto. De Ing. Eléctrica. Introduction. - PowerPoint PPT Presentation
  • Security in Heavily Constraint EnvironmentsFrancisco Rodrguez-HenrquezCINVESTAV-IPNSeccin de COmputacin, Depto. De Ing. Elctrica

  • IntroductionMobile Internet has made information exchange a common practice among mobile-device users. Most of the times this information is confidential, and thats why we need to protect data more than ever.

    The techniques needed to protect data are covered by the field of cryptography but cryptography is only one part of computer security. WAP has a security layer called WTLS where it is defined the protocols used to carry on the security issue in mobile devices.

  • Background

    Mobile Commerce requirements:Secure exchange of documents and data via the Mobile InternetSecure payment transactions via the Mobile Internet

  • Background (2)

  • CryptographyPublic Key AlgorithmsRSAECCPrivate Key AlgorithmsAESDES

  • Characteristics of Traditional IT ApplicationsMostly based on interactive (= traditional) computersOne user one computer paradigmStatic networksLarge number of users per network

    Q: How will the IT future look?

  • Traditional Security Applications (wireless) LAN / WLAN (Local Area Network)

  • Traditional Security ApplicationsWAN (Wide Area Network)

  • Other Traditional Security Applications


  • The IT Future2. Bridge sensors3. Cleaning robots6. Car with various IT services8. Networked robots9. Smart street lamps14. Pets with electronic sensors15. Smart windows

  • Characteristics of Pervasive Computing SystemsEmbedded nodes (no traditional computers)Connected through wireless, close-range network (Pervasive networks)!Ad-hoc networks: Dynamic addition and deletion of nodesPower/computation/memory constrained!Vulnerable

  • Why Security in Pervasive Applications?Pervasive nature and high-volume of nodes increase risk potential (e.g., hacking into a car)Wireless channels are vulnerable (passive and active attacks)Privacy issues (geo-location, medical sensors, monitoring of home activities, etc.)Stealing of services (sensors etc.)

  • Examples for Pervasive ComputingPDAs, 3G cell phones, ...Living spaces will be stuffed with nodesSo will carsWearable computers (clothes, eye glasses, etc.)Household appliancesSmart sensors in infrastructure (windows, roads, bridges, etc.)Smart bar codes (autoID)Smart Dust...

  • Will that ever become reality??We dont know, but: CPUs sold in 2000

  • Security and Economics of Pervasive NetworksOne-user many-nodes paradigm (e.g. 102-103 processors per human) Many new applications we dont know yetVery high volume applicationsVery cost sensitivePeople wont be willing to pay for security per se People wont buy products without security

  • Where are the challenges for embedded security?Designers worry about IT functionality, security is ignored or an afterthought Attacker has easy access to nodes Security infrastructure (PKI etc.) is missing: Protocols???Side-channel and tamper attacksComputation/memory/power constrained

  • Why do constraints matter?Almost all ad-hoc protocols (even routing!) require crypto ops for every hopAt least symmtric alg. are neededAsymmetric alg. allow fancier protocols

    Question: What type of crypto can we do?

  • Classification by Processor PowerVery rough classification of embedded processors

    Class speed : high-end IntelClass 0: few 1000 gates ?Class 1: 8 bit P, 10MHz 1: 103Class 2: 16 bit P, 50MHz 1: 102Class 3: 32 bit P, 200MHz 1: 10

  • Case Study Class 0: RFIDRecall: Class 0 = no P, few 1000 gatesGoal: RFID as bar code replacementCost goal 5 cent (!)allegedly 500 x 109 bar code scans worldwide per day (!!) AutoID tag: security with 1000 gates [CHES 02]Ell. curves (asymmetric alg.) need > 20,000 gatesDES (symmetric alg.) needs > 5,000 gatesLightweight stream ciphers might work

  • Status Quo: Crypto for Class 1Recall: Class 1 = 8 bit P, 10MHz Symmetric alg: possible at low data ratesAsymm.alg: very difficult without coprocessor

  • Status Quo: Crypto for Class 2Recall: Class 2 = 16 bit P, 50MHz Symmetric alg: possibleAsymm.alg: possible if carefully implemented, and algorithms carefully selected (ECC feasible; RSA & DL still hard)

  • Status Quo: Crypto for Class 3Recall: Class 1 = 32 bit P, 200MHz Symmetric alg: possibleAsymm.alg: full range (ECC, RSA, DL) possible, some care needed for implementation

  • Open (Research) QuestionsSymmetric algorithm for class 0 (e.g., 1000 gates) which are secure and well understood? Alternative asymm. alg. for class 0 and class 1 (8 bit P) with 10x time-area improvement over ECC?Are asymm. alg. which are too short (e.g., ECC with 100 bits) usable?Ad-hoc protocols without long-term security needs? Side-channel protection at very low costs?

  • Security Challenges: Many Security Assumptions ChangeNo access to backbone: PKI does not workNew threats: sleep deprivation attackOld threats (e.g., confidentiality) not always a problemNodes have incentives to cheat in protocols Security protocols ???

  • Our Research Crypto algorithms in highly constrained environmentsLow-cost hardware for public-key algorithmUltra low-cost hardware for symmetric algorithmsSoftware for public-key, symmetric algorithms on low-end processors Protocols for ad-hoc networksSecure communication in complex technical systems (airplanes, cars, etc.)Establishing trust in networks

Popular Tags:

Click here to load reader

Embed Size (px)