PANA Working Group Weihong Wang
Internet-Draft Zhejiang University of Technology, China
Intended status: Experimental Tieming Chen
Expires: January 3, 2010 Zhejiang University of Technology, China
Yubing Lin
Zhejiang University of Technology, China
Yiling Cui
Zhejiang University of Technology, China
July 4, 2009
Basic Security Requirements of Authentication Protocol on Ad hoc
draft-ietf-pana-statemachine-13.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 3, 2010.
Weihong Wang, et al. Expires January 3, 2010 [Page 1]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document specifies basic security standards for authentication
protocol on Ad hoc. The security standards are based on the ECDH to
discover a authentication protocol between two nodes, and on the
TinyOS simulation platform and Mica nodes. This document also
defines elements of procedure for authentication protocol, including
System Initialization, Key extract and the identity authentication.
With these standards, authentication between two nodes can be
completed in a certain time and a certain circles.
Weihong Wang, et al. Expires January 3, 2010 [Page 2]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Overview of ECC Encryption and TinyOS . . . . . . . . . . . . 5
3.1. ECC Encryption . . . . . . . . . . . . . . . . . . . . . . 5
3.2. TinyOS . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2.1 Struce of TinyOS. . . . . . . . . . . . . . . . . . . . 6
3.2.2 NesC programming language . . . . . . . . . . . . . . . 7
3.3 Introduction of TinyECC. . . . . . . . . . . . . . . . . . . 8
3.3.1 System's main modules . . . . . . . . . . . . . . . . . 8
3.3.2 Working process . . . . . . . . . . . . . . . . . . . . 8
4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 9
4.1. Flow and Structure . . . . . . . . . . . . . . . . . . . . 9
4.2. Implementation . . . . . . . . . . . . . . . . . . . . . . 9
4.3. Analysis of Protocol . . . . . . . . . . . . . . . . . . . 10
4.3.1 Performance Analysis . . . . . . . . . . . . . . . . . 10
4.3.2 Security Analysis . . . . . . . . . . . . . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5.1. Privacy Considerations . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 12
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.1. Normative References . . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
Weihong Wang, et al. Expires January 3, 2010 [Page 3]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
1. Introduction
he main safety problems that are needed to solve in WSN are
confidentiality, node authentication, message integrity,
freshness etc. Public-key cryptosystem is the most extensive tool
to solve the problem of information security. Many scholars have
token research on the using of public key algorithm on sensor node,
and obtained someachievements.
Gura and his partner have realized the ECC and RSA
algorithm on 8-bit microcontroller. R.Watro proposed a TinyPK
entity authentication schema based on the low exponent RSA algorithm.
In 2006 the scholar of NCSU, An Liu and Peng Ning provided an
Elliptic Curve Cryptography library TinyECC based on TinyOs. This is
great progress. In 2007, based on TinyECC, Leonardo B and other four
Brazil scholars realized the Tate paring on the sensor node, this is
the first implementation of Pairing-based cryptosystem on wireless
sensor node. With the increase of hardware speed, use of public key
cryptography in the sensors will become more and more common.
Identity authentication is an effective way to solve the security
issues of WSN.
The papers structure is: Section 2 describes the theoretical
background we use in this article, as well as the knowledge of the
environment of the development platform. In section 3 based on the
Tate Pairing, this paper designs a safe and effective ID-based node
authentication scheme. In The fourth quarter, this paper implements
the authentication scheme, and analyzes its results. Finally,
its the conclusion and future outlook Overview of WSN and
Authentication.
Weihong Wang, et al. Expires January 3, 2010 [Page 4]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
2. Terminology
Weihong Wang, et al. Expires January 3, 2010 [Page 5]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
3. Overview of ECC Encryption and TinyOS
3.1 ECC Encryption
The basement of Elliptic Curve can be used in Public Key
cryptosystem is: The point set of Elliptic Curve defined on finite
domain composite a circulatory loop. Then we can use the discrete
logarithm problem on the Elliptic Curve point set.Continuous
Elliptic Curve is not suitable for encryption and decryption.
The ECC is based on discrete points.
Weihong Wang, et al. Expires January 3, 2010 [Page 6]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
3.2 TinyOS
3.2.1 Struce of TinyOS
TinyOS is a Micro-OS designed by the University of California,
Berkeley,which is designed for the WSNs. Because there are many
nodes in WSN and most of them are work on concurrency, the OS
adopts technologies of lightweight threads, active information
communication, event-driven model and components-based programming,
After the study found that these technologies help to improve the
performance of wireless sensor networks, enjoy the advantage of
hardware characteristics, lower power consumption and simplify
application development. TinyOS uses component model. From bottom
to up, its components can be divided into: abstract hardware
components, composite components and high-level software
components.
TinyOS's high-level components send commands to the low-level
components, and the low-level components report events to
high-level components. The whole structure looks like a Network
protocol stack. The bottom level components are responsible to
communicate with the hardware, send and receive the bit stream
and map the physic hardware to the TinyOS components (eg: RRM).
The composite components simulate the senior hardware behavior.Make
the data communicate with the high-level components in byte unit,
and communicate with low-level in bit unit. It achieves the
Encoding and Decoding work in internal. The high-level software
model achieves the control, route and data transmission.
Weihong Wang, et al. Expires January 3, 2010 [Page 7]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
3.2.2 NesC programming language
TinyOS is Micro-OS code and realized with the NesC programming
language. NesC's syntax is similar to C programming language,
and it's a component-based programming language. It is an
extension of C language. A NesC application is consisted of
many components connected together. These components include
configuration components and module components. Every relatively
independent hardware or software modules can be realized with one
or more components to.
TinyOS is built on such idea which makesthe application of the
system reductive.
(1) Interface: Interface is two-way, defined many commands and
events. Commands are realized by the providers and the active
operation for an event is implements by the users.
(2) Configuration: The configuration is a component which can
be used to assemble the components. It is used to connect the
various components of the interface providers and users. Such
an act is called conduction or wiring.
(3) Module: Module provides the application code, implemented
one or more interfaces. The realization of all methods is defined
in this place. Inside the module, it defines the interface it
provides and used. And realizes the commands in the interface
it provides and the events in the interface it uses.
Weihong Wang, et al. Expires January 3, 2010 [Page 8]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
3.3 Introduction of TinyECC
TinyECC is a code packet provided by a North Carolina State
University develops team. It provides a base arithmetic
operation of ECC on TinyOS. It provides all ECC operations
on domain, including the point add, double and scalar
multiplication.
3.3.1 System's main modules
(1) NN module: The methods in this module are modified from
RSAREF2.0. It provides the realization of large numbers
operations in different sensor nodes (Micaz and TELOSB).
(2) ECC module: The ECC module provides many basic operations
on elliptic curve. For example, initialization of an elliptic
curve, point adding, point doubling, point scalar
multiplication and some operations based on sliding window.
(3) ECDSA module: This module realized a signature protocol
based on ECC.
ECDSA is based on ECC component, SHA1 hash component and NN
component. It realized a signature protocol based on ECC.
ECC is the core of TinyECC. It calls the CurveParam component
to initialize an Elliptic Curve and the NN component to realize
the large number operations.
3.3.2 Working process
(1) Initialize an elliptic curve: The TinyECC provides an
interface CurveParam to initialize an elliptic curve. This
interface was implemented by secp128r1, secp128r2, secp160k1,
secp160r2, secp160r2, secp192k1 and secp192r17, which defined
7 elliptic curves with 128,160 and 192bits.
(2) Base operations on elliptical curve: The ECC interface defined
all base operations of the points set on elliptical curve,
including the point add, double, scalar multiplication and
optimized operation based on sliding window methods.
For example, we can call ECC.win_mul(&myTb,RInv,&pointArray)
to realize a scalar multiplication.
Weihong Wang, et al. Expires January 3, 2010 [Page 9]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
4. Protocol Description
4.1 Flow and Structure
This section describes the nodes authentication based on TinyECC.
Based on TinyECC, we designed a simple node authentication protocol
on WSNs to realize simple node authentication. The protocol can be
divided into the following steps:
Alice Bob
| 1. A selects random number a, and sends Ta=a*P to B. |
+------------------------------------------------------->|
| |
| 2. B selects random number b, and sends Tb=b*P to A. |
|<-------------------------------------------------------+
| |
| 3. A calculates Tab=a*b*P, and it to B. |
+------------------------------------------------------->|
| |
| 4. B calculates Tba=b*a*P, and it to A. |
|<-------------------------------------------------------+
A calculates Tb and verifies it. B calculates Ta and verifies it.
4.2 Implementation
This protocol is based on TinyECC. The call relation between
components of this program can be described as:
main compoment
| |
| |
| |
base node compoment |
| | | |
| | | |
| | | |
| | | |
ECC NN Timer, Led, GenericComm
Weihong Wang, et al. Expires January 3, 2010 [Page 10]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
The main component is entrance of this program. It provides
the StdControl interface which realizes some hardware initialization
work. BaseNode is the core of the program. It calls the Timer
component to trigger event in times; calls the Leds component to
trigger indicators; uses the GenericComm component to send messages
and receive messages; calls the ECC and NN components to realize the
data encryption in the process of the protocol.
4.3 Analysis of Protocol
4.3.1 Performance Analysis
For the protocol, the largest comustion is the point multiplication.
The number of computing for both sides of communication show as
table 1.
+-------------------+----------------------------------+
| Node | Counts of Point multiplication |
+-------------------+----------------------------------+
| A | 3 |
+-------------------+----------------------------------+
| B | 3 |
+-------------------+----------------------------------+
Table 1: Number of Computing
The protocol is Lightweight two-way authentication protocol. Though
the three times of point multiplication, it completes the two-way
authentication and is based on the ECDH.
Weihong Wang, et al. Expires January 3, 2010 [Page 11]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
4.3.2 Security Analysis
Definition: Passive attack means that enemy just collects information
in passive way, rather than obtain the data through active access.
Data legitimate users would not be aware of such activities. Passive
attacks includesniffer, information-collecting etc.
Conclusion: If the ECDH problem is difficult on the point group G,
then the authentication scheme is secure against impersonation under
passive attack.
5. Security Considerations
5.1. Privacy Considerations
Weihong Wang, et al. Expires January 3, 2010 [Page 12]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
6. IANA Considerations
This document does not propose a standard and does not require the
PANA to do anything.
7. Contributors
This draft is a product of a design team which also included Marcelo
Bagnulo and Philip Matthews who both have made major contributions to
this document.
Weihong Wang, et al. Expires January 3, 2010 [Page 13]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
8. Acknowledgments
The following people have contributed to this document. Listing their
names here does not mean that they endorse the document, but that
they have contributed to its substance.
Dujuan Yan, Sugang Bai, Liang Ge,
9. References
9.1. Normative References
Weihong Wang, et al. Expires January 3, 2010 [Page 14]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
9.2. Informative References
Weihong Wang, et al. Expires January 3, 2010 [Page 15]
�
Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009
Authors' Addresses
Weihong Wang
Zhejiang University of Technology, China
Phone: +86 0571-85290115
Email: wwh@zjut.edu.cn
Tieming Chen
Zhejiang University of Technology, China
Phone: +86 0571-85290110
Email: tiemingchen@gmail.com
Yubing Lin
Zhejiang University of Technology, China
Phone: +86 0571-85290115
Email: yulin@126.com
Yiling Cui
Zhejiang University of Technology, China
Phone: +86 0571-85294110
Email: cyllingling_00@126.com
Weihong Wang, et al. Expires January 3, 2010 [Page 16]
�