nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Secure Erasure and Code Update in Legacy Sensors

verfasst von : Ghassan O. Karame, Wenting Li

Erschienen in: Trust and Trustworthy Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Sensors require frequent over-the-air reprogramming to patch software errors, replace code, change sensor configuration, etc. Given their limited computational capability, one of the few workable techniques to secure code update in legacy sensors would be to execute Proofs of Secure Erasure (PoSE) which ensure that the sensor’s memory is purged before sending the updated code. By doing so, the updated code can be loaded onto the sensor with the assurance that no other malicious code is being stored. Although current PoSE proposals rely on relatively simple cryptographic constructs, they still result in considerable energy and time overhead in existing legacy sensors.

In this paper, we propose a secure code update protocol which considerably reduces the overhead of existing proposals. Our proposal naturally combines PoSE with All or Nothing Transforms (AONT); we analyze the security of our scheme and evaluate its performance by means of implementation on MicaZ motes. Our prototype implementation only consumes 371 bytes of RAM in TinyOS2, and improves the time and energy overhead of existing proposals based on PoSE by almost 75 %.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel MWA Skew SRAM Based SIMPL Systems for Public-Key Physical Cryptography

Nächstes Kapitel Efficient Provisioning of a Trustworthy Environment for Security-Sensitive Applications

In case the code size to be updated is smaller than the total writable memory of the device, the verifier pads the code with zeros until it reaches the device’s memory size.

As shown in [22], computing an HMAC-SHA1 over 648 KB of data in a MicaZ mote requires almost 90 s.

The maximum claimed transmission throughput of TI-CC2420 radio chip used in MicaZ motes is 250 kbps, which translates to 31250 bytes/sec. However, our experiments show that the effective throughput is around 8860 bytes/sec using TinyOS 2.0.

For that purpose, we extended the ProgFlash interface using AVR Libc.

In this case, the probability to detect that a prover did not delete 1,000 bits of its old code is 0.9.

ATmega128 Datasheet: Available from http://www.atmel.com/images/doc2467.pdf

MicaZ: Wireless Measurement System. http://www.openautomation.net/uploadsproductos/micaz_datasheet.pdf

Building a Secure System using TrustZone Technology (2009). http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD 29-GENC-009492C_trustzone_security_whitepaper.pdf

Software Guard Extensions Programming Reference (2013). https://software.intel.com/sites/default/files/329298-001.pdf

Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 9:1–9:10. ACM, New York, NY, USA (2008)

Bauer, S., Priyantha, N.B.: Secure data deletion for linux file systems. In: Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM 2001. USENIX Association, Berkeley, CA, USA (2001)

Boyko, V.: On the security properties of OAEP as an all-or-nothing transform. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 503–518. Springer, Heidelberg (1999) CrossRef

Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 400–409. ACM, New York, NY, USA (2009)

Deng, J., Han, R., Mishra, S.: Secure code distribution in dynamically programmable wireless sensor networks. In: Proceedings of the 5th International Conference on Information Processing in Sensor Networks, IPSN 2006, pp. 292–300. ACM, New York, NY, USA (2006)

10.

Desai, A.: The security of all-or-nothing encryption: protecting against exhaustive key search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 359–375. Springer, Heidelberg (2000) CrossRef

11.

Dutta, P.K., Hui, J.W., Chu, D.C., Culler, D.E.: Securing the deluge network programming system. In: Proceedings of the 5th International Conference on Information Processing in Sensor Networks, IPSN 2006, pp. 326–333. ACM, New York, NY, USA (2006)

12.

Eldefrawy, K., Francillon, A., Perito, D., Tsudik, G.: SMART: secure and minimal architecture for (establishing a dynamic) root of trust. In: NDSS 2012, 19th Annual Network and Distributed System Security Symposium, San Diego, USA, 5–8 February 2012

13.

Jakobsson, M., Johansson, K.-A.: Practical and secure software-based attestation. In: LightSec (2011)

14.

Jakobsson, M., Stewart, G.: Mobile malware: why the traditional AV paradigm is doomed, and how to use physics to detect undesirable routines. In: BlackHat (2013)

15.

Juels, A., Jr., B.S.K.: PORs: proofs of retrievability for large files. In: ACM Conference on Computer and Communications Security, pp. 584–597 (2007)

16.

Karame, G.O., Soriente, C., Lichota, K., Capkun, S.: Securing cloud data in the new attacker model. IACR Cryptology ePrint Archive 2014, p. 556 (2014)

17.

Karlof, C., Sastry, N., Wagner, D.: Tinysec: a link layer security architecture for wireless sensor networks. In: Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, SenSys 2004, pp. 162–175. ACM, New York, NY, USA (2004)

18.

Koeberl, P., Schulz, S., Sadeghi, A.-R., Varadharajan, V.: Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems, EuroSys 2014, pp. 10:1–10:14. ACM, New York, NY, USA (2014)

19.

Liu, A., Ning, P.: Tinyecc: a configurable library for elliptic curve cryptography in wireless sensor networks. In: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, IPSN 2008, IEEE Computer Society, Washington, DC, USA (2008)

20.

Martinovic, I., Pichota, P., Schmitt, J.B.: Jamming for good: a fresh approach to authentic communication in wsns. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 161–168. ACM, New York, NY, USA (2009)

21.

Payne, W.H., Rabung, J.R., Bogyo, T.P.: Coding the lehmer pseudo-random number generator. Commun. ACM 12(2), 85–86 (1969)CrossRefMATH

22.

Perito, D., Tsudik, G.: Secure code update for embedded devices via proofs of secure erasure. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 643–662. Springer, Heidelberg (2010) CrossRef

23.

Reardon, J., Basin, D., Capkun, S.: Sok: secure data deletion. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 301–315. IEEE Computer Society, Washington, DC, USA (2013)

24.

Reardon, J., Ritzdorf, H., Basin, D., Capkun, S.: Secure data deletion from persistent media. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 271–284. ACM, New York, NY, USA (2013)

25.

Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997) CrossRef

26.

Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: Scuba: secure code update by attestation in sensor networks. In: Proceedings of the 5th ACM Workshop on Wireless Security, WiSe 2006, pp. 85–94. ACM, New York, NY, USA (2006)

27.

Seshadri, A., Perrig, A., Doorn, L.V., Khosla, P.: Swatt: software-based attestation for embedded devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2004)

28.

Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552–561. ACM, New York, NY, USA (2007)

29.

Shacham, H., Waters, B.: Compact proofs of retrievability. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 90–107. Springer, Heidelberg (2008) CrossRef

30.

Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM 2004, pp. 7–7. USENIX Association, Berkeley, CA, USA (2004)

31.

Stinson, D.R.: Something about all or nothing (transforms). Des. Codes Crypt. 22(2), 133–138 (2001)MathSciNetCrossRefMATH

32.

Titzer, B.L., Lee, D.K., Palsberg, J.: Avrora: scalable sensor network simulation with precise timing. In: Proceedings of the 4th International Symposium on Information Processing in Sensor Networks, IPSN 2005. IEEE Press, Piscataway, NJ, USA (2005)

33.

Ugus, O., Westhoff, D., Bohli, J.-M.: A rom-friendly secure code update mechanism for wsns using a stateful-verifier t-time signature scheme. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 29–40. ACM, New York, NY, USA (2009)

Titel: Secure Erasure and Code Update in Legacy Sensors
verfasst von: Ghassan O. Karame
Wenting Li
Verlag: Springer International Publishing
Buch: Trust and Trustworthy Computing
Print ISBN: 978-3-319-22845-7

Electronic ISBN: 978-3-319-22846-4

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-22846-4_17

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"