IoT-SecurityECC-v4
-
Upload
abe-arredondo -
Category
Documents
-
view
18 -
download
0
Transcript of IoT-SecurityECC-v4
Internet of Things Security with Certificate Authority using
Elliptic Curve CryptographyZigBee Networks 802.15.4 Protocol
Abe Arredondo, aa44757Luis Stolk, les2862
Distributed Information System Security, Fall 2014Dr. William Bard
December 5th, 2014
IoT Security with CA & ECC 1
Table of Contents
Abstract
1. Introduction: The Internet of Things
2. ZigBee Access Point Antenna
3. IoT ECC & Medical Applications
4. The ZigBee Vulnerability Problem
5. Use Cases
6. Solution by Key Distribution Center
7. Innovative Proposed Solution using CA and ECC
8. ZigBee and X.509v3
References
IoT Security with CA & ECC 2
Internet of Things Security with Certificate Authority using Elliptic Curve Cryptography
ZigBee Networks 802.15.4 Protocol
AbstractData communication from Machine to Machine (M2M) over the Internet of
Things (IoT) is increasing at an exponentially higher rate than human
communication over the existing World Wide Web internet of web sites. The
commercial adoption of ZigBee into smart devices presents security
vulnerabilities due to the constraints of the Wireless Sensor Network (WSN)
devices lacking standard security protocols usage, computing capacity, and
power limitations. In this paper, we show the vulnerabilities in the ZigBee
protocol, and propose an innovative hybrid solution for improved security
over ZigBee WSN for nodes entering and exiting a dynamic large scale IoT
mesh network.
IoT Security with CA & ECC 3
1. Introduction: The Internet of Things The Internet of Things (IoT) is the integration of wireless sensors, diverse
networks, and protocol technologies; to ID, and monitor, all objects [8p].
Gartner estimates that by 2020 there will be 30 Billion devices connected to
the IoT [5p]. A wireless sensor is the primary atomic device of the IoT, and
could be as simple as a reflective label containing an ID and manufacturing
information. A wireless sensor Network (WSN) is a distributed Ad Hoc
autonomous architecture that makes decisions on sensed physical
environmental measurements. The WSN devices are inexpensive, low power,
and do not have much processing or storage capabilities. Figure 1 below
shows an example of a wireless sensor node from Myria-Node. [8]
IoT Security with CA & ECC 4
Figure 1, Wireless Sensor
As the IoT interacts and bring value to the future of the connected world we
find that the communications protocols are different. Existing Wi-Fi uses
802.11 and the IoT uses 802.15.4. Early adopters of the IoT use an 802.15.4
protocol called Zigbee, which is used for creating IPv6 internet protocol mesh
networks for short range, line of sight and low rate data transfers. Because a
WSN devices could be battery operated ZigBee is intended to be simpler
than the Bluetooth or Wi-Fi networks [4]
Piro, et.al, in [2] his 802.15.4 security framework research refers to these
nodes as Reduced Functioning Devices (RFD) because they lack power and
communication resources. Although Myria and other TinyOS Nodes are
considered here as reduced function IoT devices they can routinely measure
the following.
● Temperature
● Humidity
● Air pressure
● Illumination
● CO2 concentrations
● Acceleration
● Mechanic pressure
IoT Security with CA & ECC 5
● Passive infrared (movement)
● Reed switches
● Light beam (gate sensor)
● A/C current
● Heart rate
One of the fastest growing focus areas of the IoT includes wearable sensors
for health care to monitor patient medical information in real time. However,
there are ZigBee security vulnerabilities, which are explained later in this
paper, that could leak private information [1]. ZigBee security is based on
128 bit Advanced Encryption Standard (AES) Counter Cipher Block Chaining
Message Authentication Code (CCM) AES-128-CCM [7] algorithms and
provides support for public key infrastructure using standard X.509 v3
certificates including 256 bit Elliptic Curve Cryptography (ECC) cipher suite
[5].
In the following sections we will introduce our research focus area, that is,
the conjunction of the Internet of Things and Elliptic Curves Cryptography
implementation in Medical Applications. Later, this study explains the
security vulnerabilities that Zigbee devices present when implemented using
the original standard. Section 8 describes our final security solution using
certificate authorities (CA) and ECC. We will show that our proposal reduces
IoT Security with CA & ECC 6
the vulnerability of these sensor devices as well the improves in the
reliability of such implementation
2. ZigBee Access Point Antenna
Multiple 802.15.4 access point antenna devices can be found at the ZigBee
alliance website [5]. This section outlines the Cisco 500 Series Wireless
Personal Area Network (WPAN) Figure 2 shows an Industrial Routers (IR500)
that provides unlicensed 915 MHz (902-928 MHz) medical band WPAN
communications. IoT wireless sensor networks are primarily AdHoc -- line of
sight -- mesh networks; however, these antennas enhance the range and
enable RF mesh connectivity of IEEE 802.15.4 g/e IETF IPv6 over Low power
WPAN (6LowPAN) IoT networks. Specifically, ZigBee antennas as described
here, provide the following network security features:
● Access control and authentication based on X.509 certs, IEEE
802.1x, and utility public key infrastructure (PKI) using AES-128
● Device and platform integrity based on firmware signing and
cert-based, role-based access control (RBAC) configuration
IoT Security with CA & ECC 7
Figure 2. ZigBee Access Point Antenna
3. IoT ECC & Medical ApplicationsCryptographic algorithms such as the Data Encryption Standard (DES) have
been shown to be vulnerable for public key generation. Other techniques
have been created to offer better performance and security than DES public
key algorithms. Because of its security, combined with the performance and
efficiency, we chose the Elliptic Curve Cryptography as our proposed
algorithm to generate public keys. One of the advantages of the elliptic
curve implementation on the security side is that it relies on the hard elliptic
curve logarithmic problem. Another advantage is that ECC can use much
smaller key sizes than RSA, something that is ideal for wireless sensor
applications that rely on small data space.
IoT Security with CA & ECC 8
The Elliptic Curve Cryptography is based in the usage of curves whose
variables and coefficients are finite; there are two type of curves that are
commonly used in the application of this algorithm: Prime curves and Binary
curves. Basically, the two of them can be distinguished easily from one to
another, the Prime curve is best when used on hardware applications, while
the Binary curve is usually better when applied over to software applications
[9]. Because the ECC generated key is much smaller in size, it is specifically
useful in mobile devices and wireless sensor networks. In fact, it should be
the appropriate implementation as the algorithm solution for public key
generation in this investigation.
In our use case, the large medical network would consist of a Body Area
Network, as shown in Figure 3. In this graphic from Young S. Lee, et.al. [1]
the body area network contains the ZigBee sensors that reads vital signs
from patients; a second layer is the Personal Area (off-body) Network, these
are computing devices that communicate from the body area network and
process the information received, like for example pagers, cell phones or a
personal computers. Finally, this data could be transmitted over the internet
providing the vital information to end points of importance that are allowed
to read the data: Physicians, Emergency Centers, Primary Care providers.
IoT Security with CA & ECC 9
Figure 3. Medical use of WSN [1]
Medical network applications could be considered critical and delicate
because of the type of personal information that resides in it. In the Internet
of Things, when sensors are the principal point of the initial transaction of
information in the network, the risk of data being stolen increases as the
amount of sensors in the network increment. Having stronger security
measures helps to decrease the risk of attacks to the network and helps
protect patients personal data. This is why cryptographic algorithms play a
highly important role in the network security. But it is important as well that
these algorithms produces a highly secured key generation. ECC adds much
longer key sequences ensuring local IoT network security, the closing section
of this study shows how efficient certificate authority in combination with
IoT Security with CA & ECC 10
ECC provides the best security and efficiency. The next section first
enumerates the security vulnerabilities of a standard ZigBee network.
4. The ZigBee Vulnerability ProblemAs explained by Wissam Razouka, et.al. the 802.15.4 ZigBee protocol
presents the following security weaknesses [3].
1. The first problem is with key distribution, as security keys are transmitted
in ZigBee networks either over-the-air or pre-installed onto the devices in
an insecure way [10]. There are different ZigBee key distribution
approaches depending on the security level as follows.
A. Using the ZigBee high security level, the network key is
encrypted and transmitted over the air using the Master key,
which is shared among all nodes. Thus, the compromise of one
single node leads to an untrusted relationship between all
communicating devices in the network.
B. Key Establishment is where the WSN device negotiates with the
Key Distribution Center and keys are established at either end
without being transported with the following methods.
● SKKE (Symmetric Key Establishment)
IoT Security with CA & ECC 11
● CBKE (Certificate-based Key Establishment) This solution
with ECC is explained later in this study as the final
recommended solution
● ASKE (Alpha-secure Key Establishment)
C. Using the ZigBee Standard Security level, the safety of the
system becomes even more critical as the network key is
transmitted unencrypted over-the-air. This alternative reveals
the keys in clear text and cannot be recommended for security
purposes.
D. Using pre-installed network keys onto each legitimate device of
the ZigBee network. This is done manually using a
commissioning tool. This approach may be impractical for large
networks.
2. Razouka [3] explains the second ZigBee vulnerability is where the notion
of frame counter is offered as a security service and emphasized as the
freshness protection. It uses an ordered sequence of inputs to reject
frames that have been replayed. This is not a strong approach because an
adversary can choose superior values to avoid the rejection of specific
frames, as the standard ZigBee protocol frame counter uses incrementing
values rather than random values. It is also easy to overflow the frame
counters; as pointed out in previous published studies [11].
IoT Security with CA & ECC 12
3. Another weakness that is found in the ZigBee security model is that the
forward security requirement, that is, the master and link keys are never
revoked from a wireless sensor node exiting a network [3]. For example if
a hospital or hotel using ZigBee wishes to open doors, improve energy
efficiency, or collect patient vital signs such a venue needs a better
approach to manage thousands of ZigBee devices. A possible situation
explained in the use case below is where one -- or many -- of the ZigBee
devices are lost, misused, or stolen. The extraction of ZigBee data is
already demonstrated and published [12][13].
4. Eavesdropping and data manipulation is demonstrated using software and
hardware for attacking purposes such as traffic sniffing, data injection,
and packet decoding. A $40 AVR RZ Raven USB devices (RZUSB) can be
used to exploit many security vulnerabilities related to ZigBee enabled
systems. Another example is the KillerBee software suite freely available
[14].
Two solutions to handle the Zigbee vulnerabilities will be discussed in the
next sections of this paper.
IoT Security with CA & ECC 13
5. Use CasesImagine that one of the node devices from a Zigbee network is lost or stolen.
The problem is that the Zigbee communications protocol provides an
attacker access to the network device Master Key, because the key is never
revoked. This problem promotes the vulnerability of all the sensors in the
network. If the compromised sensor was found in a hospital network
gathering constant vital information from patients, such as; pulse, blood
pressure, and temperature among others. The personal medical data being
transmitted among the sensors is at high risk of being compromised.
Figure 4 shows WSN type sensors that purpose to read specific vital signs
from patients. These sensors are spatially distributed and communicate
among each other continuously with the only purpose to transmit and read
data from the patients then deliver the messages up through a Gateway in
an 802.15.4 IoT network. The sensor data finally reaches to the end
recipients, in this case doctors, nurses or any other points of interest on a
Wi-Fi 802.11 network. As patients, and sensors, transition into and out of the
grid these Wireless Sensor must account for Key revocation [2].
In a WSN using a ZigBee protocol, the way that the node is able to enter the
network is by using a set of keys which enables the node to start
communicating with other existing nodes in the network. In the case of a
ZigBee device, these keys must be securely installed either pre-installed at
IoT Security with CA & ECC 14
the point of manufacturing or over-the-air by an established Trust Center
[15]. Imagine that a specific WSB wants to enter to the Wireless Body Area
Network (WBAN), but this node could have been programmed to steal data
from patients, and because this node already has the master key installed, it
can easily be added to the network and directly establish communication in
order to retransmit data to a different location. Another similar case would
be when a node exits from the network, it carries the master key which is
never revoked from it; at any time the device could enter the network again
with malicious purposes.
IoT Security with CA & ECC 15
Figure 4. Topology Layout Use Case
6. Solution by Key Distribution CenterThree entities are involved in the proposal as explained by Wissam Razouka,
et.al. [3]: the Trust Center or Key Distribution Center, the initiator node A,
and the responder node B. Each node i stores its identifier IDi and its secret
IoT Security with CA & ECC 16
key Ki. The Key Distribution Center has access to a database where
information related to the network is stored (in this case we are interested in
the IDs and secret keys related to the nodes). No keys are shared
permanently among the nodes, which decreases considerably the ability to
compromise the network upon the exposure of one single node. Finally, the
temporary session key Ks, is a one-time-use key shared between both the
initiator and responder nodes during a given communication. In this
approach, Razouka proposes to use random numbers as nonces to ensure
the freshness of the messages containing the session keys. The nonce Ni is
updated after each communication to prevent replay attacks. An
improvement could be to use a timestamp as the nonce. In the figure below
Figure 5 the term Trust Center is interchangeable with Key Distribution
Center.
Figure 5. Key Distribution Center Zigbee Alternative
IoT Security with CA & ECC 17
The following steps outline the algorithmic solution described by Razouka [3]
that map to a key distribution center model.
Step 1: As shown in the figure 5 above, the initiator A sends a request to
establish communication with the node B. The message (1)
contains the node’s identifier IDA , a nonce NA generated by A and
HA which is a hash of NA along with the private key KA . Razouka
adds the nonce to this step to provide freshness and ensure that
when receiving the next message, A will be sure that the
communication has not been replayed as NA is random and
different for each session. The authors of this report believe that a
time stamp is a better choice as a nonce. Only the Key Distribution
Center has access to KA and can rebuild HA to verify if A is a
legitimate node. Note that HA is a one way function, as hash
functions are required to be irreversible. Therefore, even if this
message is disclosed, the attack cannot be successful, as only
legitimate parties possess the secret key KA to recover the plain
message of the next step [3].
• Step 2: The responder B build its own message in the same way, and sends
the received information related to A along with its information to
the Key Distribution Center as a request for authentication and
also to obtain a new temporary session key.
IoT Security with CA & ECC 18
• Step 3: The Key Distribution Center receives the message (2) from B, and
verifies at first whether the forwarded message is valid or not by
rebuilding H’A and H’B using KA and KB for the stored IDA and IDB
respectively. Comparing H’A with HA and H’B with HB proves the
message is legitimate as only A and B possess the secret keys KA
and KB and are able to build a valid message. Steps 3 and 4 are
almost simultaneous each with its own nodes private key.
• Step 4: The Key Distribution Center generate a the session key KS, and
sends it in an encrypted form using KA and KB to both A and B
respectively. The nonces NA and NB provide protection against
replay attacks. Note that in this solution, both nodes A and B
authenticate as legitimate nodes, and can verify the freshness of
the received messages from the Key Distribution Center.
• Step 5: Finally the nodes A and B receive the encrypted information, and
retrieve the secret session key using their private keys KA and KB
respectively. A and B are sure that the received message is fresh
as it contains the nonces NA and NB. At this point, both the initiator
A and the responder B can communicate in a secure way using the
session key KS.
The Key Distribution Center can make a periodical verification, and verify if
all nodes are still in the WSN. If not, the KDC can revoke the access from a
IoT Security with CA & ECC 19
specific node simply by deleting or disabling its related information in the
database. This technique prevents from exploiting secret information by an
adversary. While Razouka solution is secure it is also slow, our proposed
innovative solution extends the Key Distribution Center using faster
Certificate Authorities and is explained in the next section.
7. Innovative Proposed Solution using CA and ECC
Our Proposal is to use a hybrid of cryptographic methods, algorithms, and
security policies to form a combined innovative solution, fully compliant with
the ZigBee standard and wireless sensor networks. Our goal is to design the
most secure, fastest, and scalable 802.15.4 network possible. Our
contributions include policies and ECC key distribution methods for wireless
sensor nodes specifically when entering and exiting the local IoT network. As
explained in section 4, ZigBee vulnerabilities, the ZigBee security model
neglects the forward security requirement of revoking keys from a node
when a sensor leaves the grid [3]. The proposal is based on hierarchical
Certificate Authority (CA) wireless gateways that can calculate, store, and
distribute private keys, the directory of ID name identifiers, and digitally
signed certificates. [16, pp 423]. This local CA is responsible for only its
domain or venue. If 2 entities wish to communicate from different domains
IoT Security with CA & ECC 20
then the CA gateways can exchange keys by a global CA wireless gateway.
Our innovative solution uses Elliptic Curve Cryptographic algorithm to
generate the initial asymmetric key only when a new node enters the local
IoT network. The ZigBee method followed is Certificate-based Key
Establishment (CBKE) using the ECC algorithm. Figure 6 shows a
representation of the CA cryptographic method outlined in the following
paragraphs.
Figure 6. Certificate Authority Cryptographic Scheme [16]
IoT Security with CA & ECC 21
To make our proposed solution fast we follow the approach, first suggested
by Kohnfelder [17], and that is, to use certificates that can be used by
participants -- in our case IoT nodes -- to exchange keys without contacting a
public-key authority, in a way that is as reliable as if the keys were obtained
directly from a public-key authority. A certificate consists of a public key, an
identifier of the key owner, and the whole block signed by a trusted third
party. In this case the certificate authority is the hierarchical gateway trusted
by the WSN IoT community. A node can present its public key to the
authority in a secure manner and obtain a certificate. The node can then
publish the certificate. Anyone needing this sensor’s public key can obtain
the certificate and verify that it is valid by way of the attached trusted
signature. A sensor can also convey its key information to another by
transmitting its certificate. Other nodes can verify that the certificate was
created by the authority. Each sensor node applies to the certificate
authority, supplying a public key and requesting a certificate. Application
must be done when the sensor was manufactured or my manual sensor
configuration. Viewing figure 6, for sensor A, the authority provides a
certificate of the form shown where the private key used by the authority
and a timestamp. Sensor A may then pass this certificate on to any other
sensor on the grid, who reads and verifies the certificate. The recipient
sensor uses the authority’s public key to decrypt the certificate. Because the
certificate is readable only using the gateway authority’s public key, this
IoT Security with CA & ECC 22
verifies that the certificate came from the certificate authority. The sensor’s
ID and Public Key provide the recipient with the name and public key of the
certificate’s holder. The timestamp validates the currency of the certificate
and serves as an expiration date. If a certificate is sufficiently old, it is
assumed to be expired [16,pp 429]. One of the policies of the Gateway is to
poll the local IoT network every night to see if any node has left the grid and
thus revoke its keys. The X.509 standards has become universally accepted
for formatting public-key certificates. X.509 certificates are used in most
network security applications, including IP security, transport layer security
(TLS), which are discussed in detail in the next section.
8. ZigBee and X.509v3The ZigBee standard calls for compatibility with X.509 Version 3. As
explained in Stallings [16, pp 435] X.509 defines a framework for the
provision of authentication services by the X.500 directory to its users, in out
IoT study users are wireless sensor nodes. The directory serves as a
repository of public-key certificates and is located on the local IoT Gateway.
Each certificate contains (1) the public key of a node and (2) is signed with
the private key of a trusted certification authority. X.509 is based on the use
of public-key cryptography and digital signatures. The standard does not
dictate the use of a specific algorithm but recommends RSA.
IoT Security with CA & ECC 23
The unique identifier fields in the X.509 standard are intended to handle the
possible reuse of subject and/or issuer names over time; in our case a WSN
that enters and exits the network multiple times. The CA signs the certificate
with its private key. If the corresponding public key is known to a node, then
that node can verify that a certificate signed by the CA is valid. All node
certificates can be placed in the IoT Gateway directory for access by all
nodes. A node can transmit its certificate directly to other nodes. In either
case, once B is in possession of A’s certificate, B has confidence that
messages it encrypts with A’s public key will be secure from eavesdropping.
With a large community of nodes X.509 suggests using a hierarchy of CAs.
An arbitrarily long path of CAs can be followed to produce a chain. An IoT
chain where any node can communicate with any other node following a
path to another user’s X.509 public key certificate. When a node receives a
certificate in a message, the node must determine whether the certificate
has been revoked. The node can check the directory each time a certificate
is received.To avoid the delays, and power consumption associated with
directory searches, it is likely that the node would maintain a local cache of
certificates and lists of revoked certificates.
IoT Security with CA & ECC 24
References
[1] An Efficient Encryption Scheme using Elliptic Curve Cryptography (ECC) with Symmetric Algorithm for Healthcare System. Young Sil Lee, Esko Alasaarela and Hoon Jae Lee. Department of Ubiquitous IT, Dongseo University Graduate School, Department of Electronic Engineering, University of Oulu 47 Jurye-ro, Sasang-gu, Busan, Rep. of Korea FI-90014, Oulu, Finland.
[2] A standard compliant security framework for IEEE 802.15.4 networks.G. Piro, G. Boggia, and L. A. Grieco Department of Electrical and Information Engineering (DEI) Email: {g.piro, g.boggia, a.grieco}@poliba.it Politecnico di Bari, Italy
[3] New security approach for ZigBee Weaknesses. Wissam Razouka, Garth V. Crosbyb, Abderrahim Sekkakia. Hassan II University, Faculty of science, Dept of mathematics and computer science, 5366, Casablanca, Morocco Southern Illinois University, Dept of technology, Engineering building, 62901, Illinois, USA
[4] Wikipeida ZigBee Definition: https://en.wikipedia.org/wiki/ZigBee
[5] ZigBee Organization Allicance: http://www.zigbee.org/News/AlliancePressReleases.aspx?Contenttype=ArticleDet&moduleId=778&Aid=446&PR=PR
[6] Cisco 500 Series WPAN Industrial Routers http://www.cisco.com/c/en/us/products/routers/500-series-wpan-industrial-routers/index.html#
[7] Wikepedia CCM Mode (Counter CBC-MAC) http://en.wikipedia.org/wiki/CCM_mode
IoT Security with CA & ECC 25
[8] Myria Node Motes Wireless Sensor Devices http://www.sense-os.nl/-/internet-of-things-wireless-sensor-networks
[9] Bard William. Distributed Information System Security, Fall 2014. Course slides. Session 2 - ESE02n.ppt, Page 5: Elliptic Curves Over Zp
[10] Kyung Choi, Minjung Yun, Kijoon Chae, and Mihui Kim. An enhanced key management using zigbee pro for wireless sensor networks. Information Networking (ICOIN), 2012 International Conference on, pages 399–403. IEEE, 2012.
[11] Naveen Sastry and David Wagner. Security considerations for ieee 802.15. 4 networks. In Proceedings of the 3rd ACM workshop on Wireless security, pages 32–42. ACM, 2004.
[12] Travis Goodspeed. Extracting keys from second generation zigbee chips. Black Hat USA, 2009.
[13] GoodFET Project. [online]. available: http://goodfet.sourceforge. net.
[14] Joshua Wright Killerbee: Practical zigbee exploitation framework or wireless hacking and the kinetic world available:http://www.willhackforsushi.com/presentations/ toorcon11-wright.pdf.
[15] ZigBee Security Document by Robert Cragie https://docs.zigbee.org/zigbee-docs/dcn/09-5378.pdf
[16] William Stallings. Cryptography and Network Security, Sixth Edition. Pearson education inc. 2014
[17] Kohnfelder. L. Towards a Practical Public Key Cryptosystem. Machelor’s Thesis M.I.T. 1978
IoT Security with CA & ECC 26