INTERNET-DRAFT Annu Intended Status: Standards Track NIT Delhi Expires: January 30, 2019 K.Verma NIT Delhi August 3, 2018 ike for wsn security draft-annu-t2trg-ike-for-wsn-security-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright and License Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Annu, K.Verma Expires January 30,2019 [Page 1] INTERNET DRAFT ike for wsn security August 3, 2018 Abstract This document specifies an internet key exchange(ike) protocol for wireless sensor network.IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations.This document preassumed that readers are familier with basic concept of sensor network. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . .2 2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . .2 3 IKE Introduction . . . . . . . . . . . . . . . . . . . . . . 3 3.1 Ike Message Flow . . . . . . . . . . . . . . . . . . . . . .3 4 IKE Protocol Variations.. . . . . . . . . . . . . . . . . . .4 5 Solution . . . . . .. . . . . . . . . . . . . . . . . . . . .8 6 Comparision Between Protocols Used . . . . . . . . . . . . . 8,9 7 IANA Consideration . . . . . . . . . . . . . . . . . . . . .9 8 Security Considerations . . . . . . . . . . . . . . . . . . .9 9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . .10 10 References . . . . . . . . . . . . . . . . . . . . . . . . ..10 11 Acknowledgement . . .. . . . . . .. . . . . . . . . . . . . .10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 11 1 Introduction In wsn providing secure communication between two nodes or between nodes and BS is major issue. This document helps in identifing faulty nodes and separate them from the rest of the network and create tunnel for secure communication , so that the acquired data remains reliable. So for secure communication and protecting network from vulnerable node we used ike. 2 Terminology 2.1 SA: Security Association 2.2 encp: Encryption 2.3 DH: Diffie-Hellman key exchange 2.4 Auth: Authentication 2.5 WSN: Wireless Sensor Network 2.6 IKE: Internet Key Exchange 2.7 Node: Sensor nodes 2.8 BS: Base Station 2.9 Reci: Receiver Annu, K.Verma Expires January 30,2019 [Page 2] INTERNET DRAFT ike for wsn security August 3, 2018 3 Ike intoduction Ike is used in conjunction with IPsec to dynamically and automatically create SA.IKE performs mutual authentication between two parties and establishes an IKE SA that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) [RFC 4303] and/or Authentication Header (AH) [RFC 4302] and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. for more details see [RFC 7296]. 3.1 Ike message flow IKE message flow always consists of a request followed by a response.It is the responsibility of the requester to ensure reliability. If the response is not received within a timeout interval, the requester needs to retransmit the request 3.1.1 IKE phase one The first request/responce of an IKE session negotiates security parameters for the IKE_SA, sends nonces, and sends Diffie-Hellman values. +-------+ +--------+ | sender| |receiver| +---+---+ +--+-----+ | | | sender sends its SA to recei. | +-----------------------------> | | encp/hash methods.... | | | | | | receiver returns its selection| |of methods | | <-----------------------------+ | | | | | receiver and sender exchange | | DH public keys | | <---------------------------> | | | | sender and receiver have | | authenticated each other | | <---------------------------> | | | | sender and receiver started | | exchanging data | | <---------------------------> | | | + + fig.1 IKE phase one process Annu, K.Verma Expires January 30,2019 [Page 3] INTERNET DRAFT ike for wsn security August 3, 2018 3.1.2 IKE phase two: The second request/response (IKE_AUTH) transmits identities, proves knowledge of the secrets corresponding to the two identities, and sets up an SA for the first AH and/or ESP CHILD_SA. +-------+ +--------+ | sender| |receiver| +---+---+ +--+-----+ | sender sends its ipsec SA | | to recei | +-----------------------------> | | | | | | | | recei. send its ipsec SA to | | sender | | <-----------------------------+ | | | | | ipsec tunnel is created and | | all data is encrypted | | <---------------------------> | | | | | | | + + fig.2 IKE phase two process 4 IKE protocol variations : IKE uses RSA as public key cryptography algorithm that is based on Diffie-Hellman (DH) see 9.2[1] key exchange which is very heavy, in term of arithmetic operations, for very constrained resources devices such as the case for WSNs. So that's why we use other protocols for encp/auth/integrity instead of RSA and DH. some of these protocols are: a) LEAP b) SPINS c) Minisec d) Tinysec Annu, K.Verma Expires January 30,2019 [Page 4] INTERNET DRAFT ike for wsn security August 3, 2018 4.1)LEAP(Localized Encryption And authentication Protocol): key management protocol for Sensor Networks designed to support secure communications in these networks. It provides authen and confidentiality. LEAP has following features: 1)LEAP provides four types of keys for each sensor node- an individual key shared with the base station, a pairwise key shared with other Sensor Node, a Clustered key shared with multiple neighbouring nodes, and a group key shared by all nodes in the network. 2)LEAP includes use of one-way key chains for local broadcast authentication. 3)Key sharing mechanism of LEAP supports in- network processing Thus LEAP can prevent or make it complex to attack nodes on the sensor network. +-----+----+-----+----+--------+------------+ | | e | f | | | | | | n | r | m | o | a | | p | c | e | a | v | k g | | r | r | s | c | e | e r | | o | y | h | | r | y e | | t | p | n | u | h | e | | o | t | e | s | e | m | | c | i | s | e | a | e | | o | o | s | d | d | n | | l | n | | | | t | +-------------------------------------------+ |leap | yes| no |yes |Variable|pre-deployed| | | | | | | Variable | +-----+----+-----+----+--------+------------+ fig.3 LEAP PROTOCOL Annu, K.Verma Expires January 30,2019 [Page 5] INTERNET DRAFT ike for wsn security August 3, 2018 4.2) SPINS(Security Protocols for Wireless Sensor Networks): SPINS see 9.2[2] consists of two main protocol: 1)SNEP: In SNEP, plain text block is encrypted with a counter using CTR encryption algorithm. The counter is not included in the message.Each message has a MAC computed with CBC-MAC see 10.2[4] nalgorithm in the encrypted data. The MAC is computed once for each package SNEP has following advantages: a.SNEP uses a shared counter so it need not to be transmitted with the message. b.It adds only 8 bytes to a message. c.It offers following kind of security to the data in transit Semantic Security Data Authentication Replay Protection Weak Freshness Low communication overhead 2) mueTESLA: In this protocol a node stores the packet in the buffer till the key is disclosed. The time when the key is disclosed , the base-station broadcasts verification key to all the receivers, which the node can use to authenticate the packet stored in its buffer. Each MAC key is a sequence of keys generated by one way function F. The sender chooses last key Kn and repeatedly applies F to compute the keys Ki = F(Ki+1) +-----+----+-----+----+--------+-----------+ | | e | f | | | | | | n | r | m | o | a | | p | c | e | a | v | k g | | r | r | s | c | e | e r | | o | y | h | | r | y e | | t | p | n | u | h | e | | o | t | e | s | e | m | | c | i | s | e | a | e | | o | o | s | d | d | n | | l | n | | | | t | +------------------------------------------+ |spins| yes| yes |yes | 8 Bytes|symmetric | | | | | | | delayed | +-----+----+-----+----+--------+-----------+ fig.4 SPINS PROTOCOL Annu, K.Verma Expires January 30,2019 [Page 6] INTERNET DRAFT ike for wsn security August 3, 2018 4.3) Minisec: MiniSec see 9.2[3] is a secure network layer protocol that have lower energy consumption than TinySec but level of security matches with that of Zigbee. It uses offset Codebook Mode(OCB) as its block cipher mode of operation. Two passes are required for secrecy and authentication.OCB mode for faster MAC + ciphertext. +-----+----+-----+----+--------+-----------+ | | e | f | | | | | | n | r | m | o | a | | p | c | e | a | ^ | k g | | r | r | s | c | e | e r | | o | y | h | | r | y e | | t | p | n | u | h | e | | o | t | e | s | e | m | | c | i | s | e | a | e | | o | o | s | d | d | n | | l | n | | | | t | +------------------------------------------+ |mini | yes| yes |yes |4+3Bytes| any | |sec | | | | | | +-----+----+-----+----+--------+-----------+ fig.5 MINISEC PROTOCOL 4.4) Tinysec: It provides all the services provided by SNEP like authentication,message integrity,confidentiality and replay protection.Major difference is that no counters are used in TINYSEC. Two variants of TINYSEC are available TINYSEC-AE( authentication Encryption) TINYSEC-Auth(Authentication Only) +-----+----+-----+----+--------+-----------+ | | e | f | | | | | | n | r | m | o | a | | p | c | e | a | v | k g | | r | r | s | c | e | e r | | o | y | h | | r | y e | | t | p | n | u | h | e | | o | t | e | s | e | m | | c | i | s | e | a | e | | o | o | s | d | d | n | | l | n | | | | t | +------------------------------------------+ |tiny | yes| no |yes | 4 Bytes| any | |sec | | | | | | +-----+----+-----+----+--------+-----------+ fig.6 TINYSEC PROTOCOL Annu, K.Verma Expires January 30,2019 [Page 7] INTERNET DRAFT ike for wsn security August 3, 2018 5 Solutions: As we already discribed in section 4 we have different protocols for encp,auth,integrity and freshness in wsn. So during the phase one of the ike sender and receiver shoule aggred upon one of the protocols stated above. Sender send its SA proposal to receiver and after that receiver reply with the selection of methods. Then sender and receiver auth each other. so with this authentication between sender and receiver the problem which we discussed in section 1 (faulty node identification) is resolved bcoz before communication started each node needed to be authenticated. After completion of phase 1[fig 1] ,phase 2 [fig 2] started in that phase also sender and receiver exchage their SA. when the exchange of SA is completed then a secured tunnel is created between twop nodes. nodes can be either two sensors or may be sensor and base station. And the communication through this tunnel is secure. +-------------------+ +------------------+ | | | | | Protected | tunnel mode SA | Protected | | Endpont | <------------------------> | Endpoint | | | | | | | | | +-------------------+ +------------------+ fig.7 Tunnel Created 6 comparision between protocols used: +-------------+--------+---------+-------+-------------+ | | | | | | | | LEAP |SPINS |Tinysec| Minisec | | | | | | | +------------------------------------------------------+ | Overhead |Variable| 8 | 4 | 4+3 | | (Bytes) | | | | | +------------------------------------------------------+ | Encryption | yes | yes | yes | yes | | | | | | | +------------------------------------------------------+ | Mac Used | yes | yes | yes | yes | | | | | | | +------------------------------------------------------+ | Freshness | no | yes | no | yes | | | | | | | +------------------------------------------------------+ | Key |pre-Dep |symmetric| Any | Any | | Aggrement | loyed |Delayed | | | +-------------+------------------+-------+-------------- Annu, K.Verma Expires January 30,2019 [Page 8] INTERNET DRAFT ike for wsn security August 3, 2018 + low | +---------+ +-------+ | | Minisec | | LEAP | | | | | | S | +---------+ +---------+ +-------+ e | | SPINS | c | +---------+ u | r | i | t | y | | | +---------+ | | Tinysec | | +---------+ | high | +-------------------------------------------------+ low high Energy Consumption 7 IANA Considerations Nil 8 Security considerations Generally IKE is protocol of ipsec protocol suite. IKE provides the following benefits for IPsec: a)Automatically negotiates IPsec parameters. b)Performs DH exchanges to calculate shared keys, making sure each SA has a key that is independent of other keys, encrypt keys. c)Automatically negotiates SAs when the sequence number in the AH or ESP header overflows, making sure IPsec can provide the anti-replay service by using the sequence number. In our proposed method we used Ike for wsn security and auth for the solutions we discussed in sec.5 we can use any protocol. At the time of SA sender and receiver choose energy efficient and secure protocol as comparision discussed in section 6. Annu, K.Verma Expires January 30,2019 [Page 9] INTERNET DRAFT ike for wsn security August 3, 2018 9 Conclusion This document is mainly focussed over the security in wsn. Sensor nodes are constraints in term of size, power consumption, memory processing power. Due to limited battery and processing power. This document implemented IKE with energy efficient protocls used for sensor network instead of RSA and DH as discussed in sec 4. With the scheme proposed by this document we can encrypt data and auth nodes and create a secured tunnel for further communication. 10 References 10.1 Normative References [RFC 4302] https://www.rfc-editor.org/rfc/pdfrfc/rfc4302.txt.pdf [RFC 4303] https://www.rfc-editor.org/rfc/pdfrfc/rfc4303.txt.pdf [RFC 7296] C.Kaufman,Ed. "Internet Key Exchange(IKEv2)Protocol" 10.2 Informative References [1] http://www.cse.nd.edu/~cseprog/proj00/proceedings.pdf#page=67 [2] https://link.springer.com/content/pdf/ 10.1023%2FA%3A1016598314198.pdf [3] https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4379708 [4] https://www.rfc-editor.org/rfc/pdfrfc/rfc3610.txt.pdf 11 Acknowledgement: This document is prepared for M. Tech 2nd year Major Project in National Institute of Technology, Delhi. Annu, K.Verma Expires January 30,2019 [Page 10] INTERNET DRAFT ike for wsn security August 3, 2018 Authors' Addresses Annu M.Tech Student Department of Computer Science & Engineering National Institute of Technology, Delhi Narela, Delhi-110040,INDIA Phone: +91-9729995908 EMail: 172211003@nitdelhi.ac.in Karan Verma Assistant Professor Department of Computer Science & Engineering National Institute of Technology, Delhi Narela, Delhi-110040,INDIA Phone: +91-7568169258 EMail: karan.verma.phd@gmail.com Annu, K.Verma Expires January 30,2019 [Page 11]