Internet DRAFT - draft-annu-t2trg-ike-for-wsn-security
draft-annu-t2trg-ike-for-wsn-security
INTERNET-DRAFT Annu
Intended Status: Standards Track NIT Delhi
Expires: January 30, 2019 K.Verma
NIT Delhi
August 3, 2018
ike for wsn security
draft-annu-t2trg-ike-for-wsn-security-00.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Annu, K.Verma Expires January 30,2019 [Page 1]
INTERNET DRAFT ike for wsn security August 3, 2018
Abstract
This document specifies an internet key exchange(ike) protocol for
wireless sensor network.IKE is a component of IPsec used for
performing mutual authentication and establishing and maintaining
security associations.This document preassumed that readers are
familier with basic concept of sensor network.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . .2
2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . .2
3 IKE Introduction . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Ike Message Flow . . . . . . . . . . . . . . . . . . . . . .3
4 IKE Protocol Variations.. . . . . . . . . . . . . . . . . . .4
5 Solution . . . . . .. . . . . . . . . . . . . . . . . . . . .8
6 Comparision Between Protocols Used . . . . . . . . . . . . . 8,9
7 IANA Consideration . . . . . . . . . . . . . . . . . . . . .9
8 Security Considerations . . . . . . . . . . . . . . . . . . .9
9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . .10
10 References . . . . . . . . . . . . . . . . . . . . . . . . ..10
11 Acknowledgement . . .. . . . . . .. . . . . . . . . . . . . .10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 11
1 Introduction
In wsn providing secure communication between two nodes or
between nodes and BS is major issue. This document helps in
identifing faulty nodes and separate them from the rest of the
network and create tunnel for secure communication , so that the
acquired data remains reliable. So for secure communication and
protecting network from vulnerable node we used ike.
2 Terminology
2.1 SA: Security Association
2.2 encp: Encryption
2.3 DH: Diffie-Hellman key exchange
2.4 Auth: Authentication
2.5 WSN: Wireless Sensor Network
2.6 IKE: Internet Key Exchange
2.7 Node: Sensor nodes
2.8 BS: Base Station
2.9 Reci: Receiver
Annu, K.Verma Expires January 30,2019 [Page 2]
INTERNET DRAFT ike for wsn security August 3, 2018
3 Ike intoduction
Ike is used in conjunction with IPsec to dynamically and
automatically create SA.IKE performs mutual authentication
between two parties and establishes an IKE SA that includes
shared secret information that can be used to efficiently
establish SAs for Encapsulating Security Payload (ESP) [RFC 4303]
and/or Authentication Header (AH) [RFC 4302] and a set of
cryptographic algorithms to be used by the SAs to protect the
traffic that they carry. for more details see [RFC 7296].
3.1 Ike message flow
IKE message flow always consists of a request followed by a
response.It is the responsibility of the requester to ensure
reliability. If the response is not received within a timeout
interval, the requester needs to retransmit the request
3.1.1 IKE phase one
The first request/responce of an IKE session negotiates
security parameters for the IKE_SA, sends nonces, and sends
Diffie-Hellman values.
+-------+ +--------+
| sender| |receiver|
+---+---+ +--+-----+
| |
| sender sends its SA to recei. |
+-----------------------------> |
| encp/hash methods.... |
| |
| |
| receiver returns its selection|
|of methods |
| <-----------------------------+
| |
| |
| receiver and sender exchange |
| DH public keys |
| <---------------------------> |
| |
| sender and receiver have |
| authenticated each other |
| <---------------------------> |
| |
| sender and receiver started |
| exchanging data |
| <---------------------------> |
| |
+ +
fig.1 IKE phase one process
Annu, K.Verma Expires January 30,2019 [Page 3]
INTERNET DRAFT ike for wsn security August 3, 2018
3.1.2 IKE phase two:
The second request/response (IKE_AUTH) transmits identities,
proves knowledge of the secrets corresponding to the two
identities, and sets up an SA for the first AH and/or
ESP CHILD_SA.
+-------+ +--------+
| sender| |receiver|
+---+---+ +--+-----+
| sender sends its ipsec SA |
| to recei |
+-----------------------------> |
| |
| |
| |
| recei. send its ipsec SA to |
| sender |
| <-----------------------------+
| |
| |
| ipsec tunnel is created and |
| all data is encrypted |
| <---------------------------> |
| |
| |
| |
+ +
fig.2 IKE phase two process
4 IKE protocol variations :
IKE uses RSA as public key cryptography algorithm that is based
on Diffie-Hellman (DH) see 9.2[1] key exchange which is very
heavy, in term of arithmetic operations, for very constrained
resources devices such as the case for WSNs. So that's why we
use other protocols for encp/auth/integrity instead of RSA and
DH.
some of these protocols are:
a) LEAP
b) SPINS
c) Minisec
d) Tinysec
Annu, K.Verma Expires January 30,2019 [Page 4]
INTERNET DRAFT ike for wsn security August 3, 2018
4.1)LEAP(Localized Encryption And authentication Protocol):
key management protocol for Sensor Networks designed to support
secure communications in these networks. It provides authen and
confidentiality.
LEAP has following features:
1)LEAP provides four types of keys for each sensor node- an
individual key shared with the base station, a pairwise key
shared with other Sensor Node, a Clustered key shared with
multiple neighbouring nodes, and a group key shared by all
nodes in the network.
2)LEAP includes use of one-way key chains for local broadcast
authentication.
3)Key sharing mechanism of LEAP supports in- network processing
Thus LEAP can prevent or make it complex to attack nodes on
the sensor network.
+-----+----+-----+----+--------+------------+
| | e | f | | | |
| | n | r | m | o | a |
| p | c | e | a | v | k g |
| r | r | s | c | e | e r |
| o | y | h | | r | y e |
| t | p | n | u | h | e |
| o | t | e | s | e | m |
| c | i | s | e | a | e |
| o | o | s | d | d | n |
| l | n | | | | t |
+-------------------------------------------+
|leap | yes| no |yes |Variable|pre-deployed|
| | | | | | Variable |
+-----+----+-----+----+--------+------------+
fig.3 LEAP PROTOCOL
Annu, K.Verma Expires January 30,2019 [Page 5]
INTERNET DRAFT ike for wsn security August 3, 2018
4.2) SPINS(Security Protocols for Wireless Sensor Networks):
SPINS see 9.2[2] consists of two main protocol:
1)SNEP: In SNEP, plain text block is encrypted with a counter
using CTR encryption algorithm. The counter is not included
in the message.Each message has a MAC computed with CBC-MAC
see 10.2[4] nalgorithm in the encrypted data. The MAC is
computed once for each package
SNEP has following advantages:
a.SNEP uses a shared counter so it need not to be transmitted
with the message.
b.It adds only 8 bytes to a message.
c.It offers following kind of security to the data in transit
Semantic Security
Data Authentication
Replay Protection
Weak Freshness
Low communication overhead
2) mueTESLA: In this protocol a node stores the packet in the
buffer till the key is disclosed. The time when the key is
disclosed , the base-station broadcasts verification key to
all the receivers, which the node can use to authenticate
the packet stored in its buffer. Each MAC key is a sequence
of keys generated by one way function F. The sender chooses
last key Kn and repeatedly applies F to compute the keys
Ki = F(Ki+1)
+-----+----+-----+----+--------+-----------+
| | e | f | | | |
| | n | r | m | o | a |
| p | c | e | a | v | k g |
| r | r | s | c | e | e r |
| o | y | h | | r | y e |
| t | p | n | u | h | e |
| o | t | e | s | e | m |
| c | i | s | e | a | e |
| o | o | s | d | d | n |
| l | n | | | | t |
+------------------------------------------+
|spins| yes| yes |yes | 8 Bytes|symmetric |
| | | | | | delayed |
+-----+----+-----+----+--------+-----------+
fig.4 SPINS PROTOCOL
Annu, K.Verma Expires January 30,2019 [Page 6]
INTERNET DRAFT ike for wsn security August 3, 2018
4.3) Minisec:
MiniSec see 9.2[3] is a secure network layer protocol that have
lower energy consumption than TinySec but level of security
matches with that of Zigbee. It uses offset Codebook Mode(OCB)
as its block cipher mode of operation. Two passes are required
for secrecy and authentication.OCB mode for faster
MAC + ciphertext.
+-----+----+-----+----+--------+-----------+
| | e | f | | | |
| | n | r | m | o | a |
| p | c | e | a | ^ | k g |
| r | r | s | c | e | e r |
| o | y | h | | r | y e |
| t | p | n | u | h | e |
| o | t | e | s | e | m |
| c | i | s | e | a | e |
| o | o | s | d | d | n |
| l | n | | | | t |
+------------------------------------------+
|mini | yes| yes |yes |4+3Bytes| any |
|sec | | | | | |
+-----+----+-----+----+--------+-----------+
fig.5 MINISEC PROTOCOL
4.4) Tinysec: It provides all the services provided by SNEP like
authentication,message integrity,confidentiality and replay
protection.Major difference is that no counters are used in
TINYSEC.
Two variants of TINYSEC are available
TINYSEC-AE( authentication Encryption)
TINYSEC-Auth(Authentication Only)
+-----+----+-----+----+--------+-----------+
| | e | f | | | |
| | n | r | m | o | a |
| p | c | e | a | v | k g |
| r | r | s | c | e | e r |
| o | y | h | | r | y e |
| t | p | n | u | h | e |
| o | t | e | s | e | m |
| c | i | s | e | a | e |
| o | o | s | d | d | n |
| l | n | | | | t |
+------------------------------------------+
|tiny | yes| no |yes | 4 Bytes| any |
|sec | | | | | |
+-----+----+-----+----+--------+-----------+
fig.6 TINYSEC PROTOCOL
Annu, K.Verma Expires January 30,2019 [Page 7]
INTERNET DRAFT ike for wsn security August 3, 2018
5 Solutions:
As we already discribed in section 4 we have different protocols
for encp,auth,integrity and freshness in wsn. So during the phase
one of the ike sender and receiver shoule aggred upon one of the
protocols stated above. Sender send its SA proposal to receiver
and after that receiver reply with the selection of methods. Then
sender and receiver auth each other. so with this authentication
between sender and receiver the problem which we discussed in
section 1 (faulty node identification) is resolved bcoz before
communication started each node needed to be authenticated.
After completion of phase 1[fig 1] ,phase 2 [fig 2] started in
that phase also sender and receiver exchage their SA. when the
exchange of SA is completed then a secured tunnel is created
between twop nodes. nodes can be either two sensors or may be
sensor and base station. And the communication through this tunnel
is secure.
+-------------------+ +------------------+
| | | |
| Protected | tunnel mode SA | Protected |
| Endpont | <------------------------> | Endpoint |
| | | |
| | | |
+-------------------+ +------------------+
fig.7 Tunnel Created
6 comparision between protocols used:
+-------------+--------+---------+-------+-------------+
| | | | | |
| | LEAP |SPINS |Tinysec| Minisec |
| | | | | |
+------------------------------------------------------+
| Overhead |Variable| 8 | 4 | 4+3 |
| (Bytes) | | | | |
+------------------------------------------------------+
| Encryption | yes | yes | yes | yes |
| | | | | |
+------------------------------------------------------+
| Mac Used | yes | yes | yes | yes |
| | | | | |
+------------------------------------------------------+
| Freshness | no | yes | no | yes |
| | | | | |
+------------------------------------------------------+
| Key |pre-Dep |symmetric| Any | Any |
| Aggrement | loyed |Delayed | | |
+-------------+------------------+-------+--------------
Annu, K.Verma Expires January 30,2019 [Page 8]
INTERNET DRAFT ike for wsn security August 3, 2018
+
low | +---------+ +-------+
| | Minisec | | LEAP |
| | | | |
S | +---------+ +---------+ +-------+
e | | SPINS |
c | +---------+
u |
r |
i |
t |
y |
|
| +---------+
| | Tinysec |
| +---------+
|
high |
+-------------------------------------------------+
low high
Energy Consumption
7 IANA Considerations
Nil
8 Security considerations
Generally IKE is protocol of ipsec protocol suite.
IKE provides the following benefits for IPsec:
a)Automatically negotiates IPsec parameters.
b)Performs DH exchanges to calculate shared keys, making sure each
SA has a key that is independent of other keys, encrypt keys.
c)Automatically negotiates SAs when the sequence number in the
AH or ESP header overflows, making sure IPsec can provide the
anti-replay service by using the sequence number.
In our proposed method we used Ike for wsn security and auth for
the solutions we discussed in sec.5 we can use any protocol.
At the time of SA sender and receiver choose energy efficient and
secure protocol as comparision discussed in section 6.
Annu, K.Verma Expires January 30,2019 [Page 9]
INTERNET DRAFT ike for wsn security August 3, 2018
9 Conclusion
This document is mainly focussed over the security in wsn. Sensor
nodes are constraints in term of size, power consumption, memory
processing power. Due to limited battery and processing power.
This document implemented IKE with energy efficient protocls used
for sensor network instead of RSA and DH as discussed in sec 4.
With the scheme proposed by this document we can encrypt data and
auth nodes and create a secured tunnel for further communication.
10 References
10.1 Normative References
[RFC 4302] https://www.rfc-editor.org/rfc/pdfrfc/rfc4302.txt.pdf
[RFC 4303] https://www.rfc-editor.org/rfc/pdfrfc/rfc4303.txt.pdf
[RFC 7296] C.Kaufman,Ed. "Internet Key Exchange(IKEv2)Protocol"
10.2 Informative References
[1] http://www.cse.nd.edu/~cseprog/proj00/proceedings.pdf#page=67
[2] https://link.springer.com/content/pdf/
10.1023%2FA%3A1016598314198.pdf
[3] https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4379708
[4] https://www.rfc-editor.org/rfc/pdfrfc/rfc3610.txt.pdf
11 Acknowledgement:
This document is prepared for M. Tech 2nd year Major Project in
National Institute of Technology, Delhi.
Annu, K.Verma Expires January 30,2019 [Page 10]
INTERNET DRAFT ike for wsn security August 3, 2018
Authors' Addresses
Annu
M.Tech Student
Department of Computer Science & Engineering
National Institute of Technology, Delhi
Narela, Delhi-110040,INDIA
Phone: +91-9729995908
EMail: 172211003@nitdelhi.ac.in
Karan Verma
Assistant Professor
Department of Computer Science & Engineering
National Institute of Technology, Delhi
Narela, Delhi-110040,INDIA
Phone: +91-7568169258
EMail: karan.verma.phd@gmail.com
Annu, K.Verma Expires January 30,2019 [Page 11]