Transcript Spartan RPC

Using the CC2420 with
AES Support
Eric Famiglietti and Simone Willett
WSN Encryption Issues
 Lack of physical protection
 Resource constraints
 Public-key cryptography, RSA
 Unsuitable for low power and limited memory
 Key establishment/distribution problem
 Symmetric-key algorithms
WSN Encryption Examples
 Identity-based encryption
 http://eprint.iacr.org/2007/020.pdf
 Solves problem of public-key exchange
 RSA, Elliptic curve cryptography
 http://www.cs.wayne.edu/~weisong/papers/walters05wsn-security-survey.pdf
 TinySec
 DES, RC5, Skipjack, AES
AES
 Advanced Encryption Standard
 Successor of DES
 Symmetric key encryption standard
 Used worldwide
 Fixed block size of 128 bits
 Key size of 128, 192, or 256 bits
 Number of rounds of encryption
 10, 12, 14 respectively
AES: Performance
 Faster in hardware
 Good performance was an explicit goal
 Performs well on a variety of hardware
Trust Management
 We are primarily concerned with authorization, as
opposed to authentication.
 Authentication is the mechanism whereby systems may
securely identify their users.
 Authorization is the mechanism by which a system
determines what level of access a particular
authenticated user should have to secured resources
controlled by the system.
Trust Management, the
bottomline
Main Goal
 We would like to set up a public key encryption to
authorize the sender and receiver then establish AES
session keys.
 Verification takes 2 minutes. - unrealistic
 Sprocket currently works with software created AES
keys that are sent across the air and verified by the
nodes.
 Do all AES encryption on the chip.
Trust Mangement = RT0
 Flexible approach to access control in distributed
systems
 Access control decisions are based on the policy
statements, called credentials,
 Permissions in RT0 are represented by roles.
 Credentials are made by different principals and stored
in a distributed manner
Credential
 A credential is a statement
 Signed by the issuer
 About a subject
 Containing info about the subject.
 Requirements:




Unforgeable.
Verifiable (belongs to the entity asking for the service)
Signed
Have well defined semantics.
Example
Certificate
 Contains credential information in an over the air
format.
 A role A.r denotes the set of entities that are members
of it.
 Example: UVM.studentId Alice
 Entities can define roles, issue credentials, and make
requests.
 In our case identities are pubic keys.
Certificate Validity
 Credentials contain private information and should be
treated as such (e.g. medical record).
 Since an authorizer receives certificates from an
unknown potentially untrustworthy entities, the validity
must be checked
 Signatures
 Certificate must not have expired.
Show Verify Example
 Form 1 is A.r  E
 Form 1
 Public Key 40 bytes.
 Role 1
 Pub Key2 40 bytes.
 Signature 2(21) = 42 bytes.
 Total 124 bytes.
Project
 Currently symmetric keys are being used to encrypt
with software.
 We want to use the hardware to make this a faster
process.
 CC2420 chip that has AES support.
 Allow for multiple keys and decryption
 Many motes talking at once
 http://focus.ti.com/lit/ds/swrs041b/swrs041b.pdf
Steps
1) Use the hardware version of AES in a simple Blink
program.
2) Use hardware AES to send and receive packets that
are encrypted.
3) Integrate into the overall project.
4) Test and optimize.
Encryption on CC2420
 Use Hardware security in CC2420.
 The encryption provides a plain AES encryption, with
128 bit plaintext and 128 bit keys.
 To encrypt a plaintext, a node first writes the plaintext to
the stand-alone buffer SABUF, and issues a SAES
command to initiate the encryption.
 When encryption is complete, the ciphertext is written
to the buffer, overwriting the plaintext.
Interfaces
 interface CC2420Register as SECCTRL0;

interface CC2420Register as SECCTRL1;

interface CC2420Ram as KEY0;

interface CC2420Ram as SABUF;

interface CC2420Strobe as SAES;

interface CC2420Strobe as SNOP;
How to start
 First power up the chip.
 Initialize the key.
 Encrypt.
 Send
 Decrypt.
Show AES Standalone
example
References
 www.cs.purdue.edu/homes/ninghui/readings/trust/rt_sli
des.pdf.
 Theory.stanford.edu/~ninghui/talks/rt_oakland02_slides
.pdf.
 Cis.sjtu.edu.cn/…/The_Standalone_AES_Encryption_o
f_CC2420_(TinyOS_2.10_and_MICAz)