security in heavily constraint environments
DESCRIPTION
Security in Heavily Constraint Environments. Francisco Rodríguez-Henríquez CINVESTAV-IPN Sección de COmputación, Depto. De Ing. Eléctrica. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/1.jpg)
Security in Heavily Constraint Environments
Francisco Rodríguez-HenríquezCINVESTAV-IPN
Sección de COmputación, Depto. De Ing. Eléctrica
![Page 2: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/2.jpg)
IntroductionMobile Internet has made information
exchange a common practice among mobile-device users. Most of the times this
information is confidential, and that’s why we need to protect data more than ever.
The techniques needed to protect data are covered by the field of cryptography but
cryptography is only one part of computer security. WAP has a security layer called
WTLS where it is defined the protocols used to carry on the security issue in mobile
devices.
![Page 3: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/3.jpg)
Background
Mobile Commerce requirements: Secure exchange of documents and
data via the Mobile Internet Secure payment transactions via the Mobile Internet
InternetMobileDevices
W P
@
![Page 4: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/4.jpg)
Background (2)ComputerSecurity
Privacy/E2E-securityencryptiondecryption
AuthenticationPIN verificationdigital signatures
Integritydigital signaturesMAC
Non-repudiationdigital signatures
Cryptography
![Page 5: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/5.jpg)
Cryptography
Public Key Algorithms RSA ECC
Private Key Algorithms AES DES
![Page 6: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/6.jpg)
Characteristics of Traditional IT Applications Mostly based on interactive (=
traditional) computers „One user – one computer“ paradigm Static networks Large number of users per network
Q: How will the IT future look?
![Page 7: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/7.jpg)
Traditional Security Applications (wireless) LAN / WLAN
(Local Area Network)
![Page 8: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/8.jpg)
Traditional Security Applications WAN
(Wide Area Network)
![Page 9: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/9.jpg)
Other Traditional Security Applications
AntivirusFirewallsBiometrics
![Page 10: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/10.jpg)
The IT Future 2. Bridge sensors 3. Cleaning robots 6. Car with various IT
services 8. Networked robots 9. Smart street lamps 14. Pets with electronic
sensors 15. Smart windows
![Page 11: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/11.jpg)
Characteristics of Pervasive Computing Systems
Embedded nodes (no traditional computers)
Connected through wireless, close-range network (“Pervasive networks”)!
Ad-hoc networks: Dynamic addition and deletion of nodes
Power/computation/memory constrained! Vulnerable
![Page 12: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/12.jpg)
Why Security in Pervasive Applications?
Pervasive nature and high-volume of nodes increase risk potential (e.g., hacking into a car)
Wireless channels are vulnerable (passive and active attacks)
Privacy issues (geo-location, medical sensors, monitoring of home activities, etc.)
Stealing of services (sensors etc.)
![Page 13: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/13.jpg)
Examples for Pervasive Computing
PDAs, 3G cell phones, ... Living spaces will be stuffed with nodes So will cars Wearable computers (clothes, eye glasses, etc.) Household appliances Smart sensors in infrastructure (windows, roads,
bridges, etc.) Smart bar codes (autoID) “Smart Dust” ...
![Page 14: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/14.jpg)
Will that ever become reality??
We don’t know, but: CPUs sold in 2000
![Page 15: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/15.jpg)
Security and Economics of Pervasive Networks „One-user many-nodes“ paradigm (e.g.
102-103 processors per human) Many new applications we don‘t know yet Very high volume applications Very cost sensitive People won‘t be willing to pay for security
per se People won‘t buy products without security
![Page 16: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/16.jpg)
Where are the challenges for embedded security? Designers worry about IT functionality,
security is ignored or an afterthought Attacker has easy access to nodes Security infrastructure (PKI etc.) is
missing: Protocols??? Side-channel and tamper attacks Computation/memory/power
constrained
![Page 17: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/17.jpg)
Why do constraints matter? Almost all ad-hoc protocols (even
routing!) require crypto ops for every hop At least symmtric alg. are needed Asymmetric alg. allow fancier protocols
Question: What type of crypto can we do?
![Page 18: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/18.jpg)
Classification by Processor Power
Very rough classification of embedded processors
Class speed : high-end Intel
Class 0: few 1000 gates ?Class 1: 8 bit P, 10MHz 1: 103
Class 2: 16 bit P, 50MHz 1: 102
Class 3: 32 bit P, 200MHz 1: 10
![Page 19: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/19.jpg)
Case Study Class 0: RFIDRecall: Class 0 = no P, few 1000 gates
Goal: RFID as bar code replacement Cost goal 5 cent (!) allegedly 500 x 109 bar code scans worldwide per day
(!!) AutoID tag: security “with 1000 gates” [CHES 02]
Ell. curves (asymmetric alg.) need > 20,000 gates DES (symmetric alg.) needs > 5,000 gates Lightweight stream ciphers might work
![Page 20: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/20.jpg)
Status Quo: Crypto for Class 1
Recall: Class 1 = 8 bit P, 10MHz
Symmetric alg: possible at low data ratesAsymm.alg: very difficult without
coprocessor
![Page 21: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/21.jpg)
Status Quo: Crypto for Class 2
Recall: Class 2 = 16 bit P, 50MHz
Symmetric alg: possibleAsymm.alg: possible if carefully implemented, and algorithms carefully selected (ECC
feasible; RSA & DL still hard)
![Page 22: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/22.jpg)
Status Quo: Crypto for Class 3
Recall: Class 1 = 32 bit P, 200MHz
Symmetric alg: possibleAsymm.alg: full range (ECC, RSA, DL)
possible, some care needed for implementation
![Page 23: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/23.jpg)
Open (Research) Questions
1. Symmetric algorithm for class 0 (e.g., 1000 gates) which are secure and well understood?
2. Alternative asymm. alg. for class 0 and class 1 (8 bit P) with 10x time-area improvement over ECC?
3. Are asymm. alg. which are “too short” (e.g., ECC with 100 bits) usable?
4. Ad-hoc protocols without long-term security needs?
5. Side-channel protection at very low costs?
![Page 24: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/24.jpg)
Security Challenges: Many Security Assumptions Change
No access to backbone: PKI does not work New threats: sleep deprivation attack Old threats (e.g., confidentiality) not
always a problem Nodes have incentives to cheat in
protocols Security protocols ???
![Page 25: Security in Heavily Constraint Environments](https://reader036.vdocuments.site/reader036/viewer/2022062408/56813e7a550346895da89eca/html5/thumbnails/25.jpg)
Our Research Crypto algorithms in highly constrained
environments Low-cost hardware for public-key algorithm Ultra low-cost hardware for symmetric algorithms Software for public-key, symmetric algorithms on
low-end processors Protocols for ad-hoc networks
Secure communication in complex technical systems (airplanes, cars, etc.)
Establishing trust in networks