PANA Working Group Weihong Wang Internet-Draft Zhejiang University of Technology, China Intended status: Experimental Tieming Chen Expires: January 3, 2010 Zhejiang University of Technology, China Yubing Lin Zhejiang University of Technology, China Yiling Cui Zhejiang University of Technology, China July 4, 2009 Basic Security Requirements of Authentication Protocol on Ad hoc draft-ietf-pana-statemachine-13.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 3, 2010. Weihong Wang, et al. Expires January 3, 2010 [Page 1] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document specifies basic security standards for authentication protocol on Ad hoc. The security standards are based on the ECDH to discover a authentication protocol between two nodes, and on the TinyOS simulation platform and Mica nodes. This document also defines elements of procedure for authentication protocol, including System Initialization, Key extract and the identity authentication. With these standards, authentication between two nodes can be completed in a certain time and a certain circles. Weihong Wang, et al. Expires January 3, 2010 [Page 2] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Overview of ECC Encryption and TinyOS . . . . . . . . . . . . 5 3.1. ECC Encryption . . . . . . . . . . . . . . . . . . . . . . 5 3.2. TinyOS . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2.1 Struce of TinyOS. . . . . . . . . . . . . . . . . . . . 6 3.2.2 NesC programming language . . . . . . . . . . . . . . . 7 3.3 Introduction of TinyECC. . . . . . . . . . . . . . . . . . . 8 3.3.1 System's main modules . . . . . . . . . . . . . . . . . 8 3.3.2 Working process . . . . . . . . . . . . . . . . . . . . 8 4. Protocol Description . . . . . . . . . . . . . . . . . . . . . 9 4.1. Flow and Structure . . . . . . . . . . . . . . . . . . . . 9 4.2. Implementation . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Analysis of Protocol . . . . . . . . . . . . . . . . . . . 10 4.3.1 Performance Analysis . . . . . . . . . . . . . . . . . 10 4.3.2 Security Analysis . . . . . . . . . . . . . . . . . . . 11 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11 5.1. Privacy Considerations . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Weihong Wang, et al. Expires January 3, 2010 [Page 3] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 1. Introduction he main safety problems that are needed to solve in WSN are confidentiality, node authentication, message integrity, freshness etc. Public-key cryptosystem is the most extensive tool to solve the problem of information security. Many scholars have token research on the using of public key algorithm on sensor node, and obtained someachievements. Gura and his partner have realized the ECC and RSA algorithm on 8-bit microcontroller. R.Watro proposed a TinyPK entity authentication schema based on the low exponent RSA algorithm. In 2006 the scholar of NCSU, An Liu and Peng Ning provided an Elliptic Curve Cryptography library TinyECC based on TinyOs. This is great progress. In 2007, based on TinyECC, Leonardo B and other four Brazil scholars realized the Tate paring on the sensor node, this is the first implementation of Pairing-based cryptosystem on wireless sensor node. With the increase of hardware speed, use of public key cryptography in the sensors will become more and more common. Identity authentication is an effective way to solve the security issues of WSN. The papers structure is: Section 2 describes the theoretical background we use in this article, as well as the knowledge of the environment of the development platform. In section 3 based on the Tate Pairing, this paper designs a safe and effective ID-based node authentication scheme. In The fourth quarter, this paper implements the authentication scheme, and analyzes its results. Finally, its the conclusion and future outlook Overview of WSN and Authentication. Weihong Wang, et al. Expires January 3, 2010 [Page 4] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 2. Terminology Weihong Wang, et al. Expires January 3, 2010 [Page 5] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 3. Overview of ECC Encryption and TinyOS 3.1 ECC Encryption The basement of Elliptic Curve can be used in Public Key cryptosystem is: The point set of Elliptic Curve defined on finite domain composite a circulatory loop. Then we can use the discrete logarithm problem on the Elliptic Curve point set.Continuous Elliptic Curve is not suitable for encryption and decryption. The ECC is based on discrete points. Weihong Wang, et al. Expires January 3, 2010 [Page 6] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 3.2 TinyOS 3.2.1 Struce of TinyOS TinyOS is a Micro-OS designed by the University of California, Berkeley,which is designed for the WSNs. Because there are many nodes in WSN and most of them are work on concurrency, the OS adopts technologies of lightweight threads, active information communication, event-driven model and components-based programming, After the study found that these technologies help to improve the performance of wireless sensor networks, enjoy the advantage of hardware characteristics, lower power consumption and simplify application development. TinyOS uses component model. From bottom to up, its components can be divided into: abstract hardware components, composite components and high-level software components. TinyOS's high-level components send commands to the low-level components, and the low-level components report events to high-level components. The whole structure looks like a Network protocol stack. The bottom level components are responsible to communicate with the hardware, send and receive the bit stream and map the physic hardware to the TinyOS components (eg: RRM). The composite components simulate the senior hardware behavior.Make the data communicate with the high-level components in byte unit, and communicate with low-level in bit unit. It achieves the Encoding and Decoding work in internal. The high-level software model achieves the control, route and data transmission. Weihong Wang, et al. Expires January 3, 2010 [Page 7] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 3.2.2 NesC programming language TinyOS is Micro-OS code and realized with the NesC programming language. NesC's syntax is similar to C programming language, and it's a component-based programming language. It is an extension of C language. A NesC application is consisted of many components connected together. These components include configuration components and module components. Every relatively independent hardware or software modules can be realized with one or more components to. TinyOS is built on such idea which makesthe application of the system reductive. (1) Interface: Interface is two-way, defined many commands and events. Commands are realized by the providers and the active operation for an event is implements by the users. (2) Configuration: The configuration is a component which can be used to assemble the components. It is used to connect the various components of the interface providers and users. Such an act is called conduction or wiring. (3) Module: Module provides the application code, implemented one or more interfaces. The realization of all methods is defined in this place. Inside the module, it defines the interface it provides and used. And realizes the commands in the interface it provides and the events in the interface it uses. Weihong Wang, et al. Expires January 3, 2010 [Page 8] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 3.3 Introduction of TinyECC TinyECC is a code packet provided by a North Carolina State University develops team. It provides a base arithmetic operation of ECC on TinyOS. It provides all ECC operations on domain, including the point add, double and scalar multiplication. 3.3.1 System's main modules (1) NN module: The methods in this module are modified from RSAREF2.0. It provides the realization of large numbers operations in different sensor nodes (Micaz and TELOSB). (2) ECC module: The ECC module provides many basic operations on elliptic curve. For example, initialization of an elliptic curve, point adding, point doubling, point scalar multiplication and some operations based on sliding window. (3) ECDSA module: This module realized a signature protocol based on ECC. ECDSA is based on ECC component, SHA1 hash component and NN component. It realized a signature protocol based on ECC. ECC is the core of TinyECC. It calls the CurveParam component to initialize an Elliptic Curve and the NN component to realize the large number operations. 3.3.2 Working process (1) Initialize an elliptic curve: The TinyECC provides an interface CurveParam to initialize an elliptic curve. This interface was implemented by secp128r1, secp128r2, secp160k1, secp160r2, secp160r2, secp192k1 and secp192r17, which defined 7 elliptic curves with 128,160 and 192bits. (2) Base operations on elliptical curve: The ECC interface defined all base operations of the points set on elliptical curve, including the point add, double, scalar multiplication and optimized operation based on sliding window methods. For example, we can call ECC.win_mul(&myTb,RInv,&pointArray) to realize a scalar multiplication. Weihong Wang, et al. Expires January 3, 2010 [Page 9] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 4. Protocol Description 4.1 Flow and Structure This section describes the nodes authentication based on TinyECC. Based on TinyECC, we designed a simple node authentication protocol on WSNs to realize simple node authentication. The protocol can be divided into the following steps: Alice Bob | 1. A selects random number a, and sends Ta=a*P to B. | +------------------------------------------------------->| | | | 2. B selects random number b, and sends Tb=b*P to A. | |<-------------------------------------------------------+ | | | 3. A calculates Tab=a*b*P, and it to B. | +------------------------------------------------------->| | | | 4. B calculates Tba=b*a*P, and it to A. | |<-------------------------------------------------------+ A calculates Tb and verifies it. B calculates Ta and verifies it. 4.2 Implementation This protocol is based on TinyECC. The call relation between components of this program can be described as: main compoment | | | | | | base node compoment | | | | | | | | | | | | | | | | | ECC NN Timer, Led, GenericComm Weihong Wang, et al. Expires January 3, 2010 [Page 10] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 The main component is entrance of this program. It provides the StdControl interface which realizes some hardware initialization work. BaseNode is the core of the program. It calls the Timer component to trigger event in times; calls the Leds component to trigger indicators; uses the GenericComm component to send messages and receive messages; calls the ECC and NN components to realize the data encryption in the process of the protocol. 4.3 Analysis of Protocol 4.3.1 Performance Analysis For the protocol, the largest comustion is the point multiplication. The number of computing for both sides of communication show as table 1. +-------------------+----------------------------------+ | Node | Counts of Point multiplication | +-------------------+----------------------------------+ | A | 3 | +-------------------+----------------------------------+ | B | 3 | +-------------------+----------------------------------+ Table 1: Number of Computing The protocol is Lightweight two-way authentication protocol. Though the three times of point multiplication, it completes the two-way authentication and is based on the ECDH. Weihong Wang, et al. Expires January 3, 2010 [Page 11] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 4.3.2 Security Analysis Definition: Passive attack means that enemy just collects information in passive way, rather than obtain the data through active access. Data legitimate users would not be aware of such activities. Passive attacks includesniffer, information-collecting etc. Conclusion: If the ECDH problem is difficult on the point group G, then the authentication scheme is secure against impersonation under passive attack. 5. Security Considerations 5.1. Privacy Considerations Weihong Wang, et al. Expires January 3, 2010 [Page 12] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 6. IANA Considerations This document does not propose a standard and does not require the PANA to do anything. 7. Contributors This draft is a product of a design team which also included Marcelo Bagnulo and Philip Matthews who both have made major contributions to this document. Weihong Wang, et al. Expires January 3, 2010 [Page 13] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 8. Acknowledgments The following people have contributed to this document. Listing their names here does not mean that they endorse the document, but that they have contributed to its substance. Dujuan Yan, Sugang Bai, Liang Ge, 9. References 9.1. Normative References Weihong Wang, et al. Expires January 3, 2010 [Page 14] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 9.2. Informative References Weihong Wang, et al. Expires January 3, 2010 [Page 15] Internet-Draft Basic Security Requirements of Authentication Protocol on Ad hoc July 2009 Authors' Addresses Weihong Wang Zhejiang University of Technology, China Phone: +86 0571-85290115 Email: wwh@zjut.edu.cn Tieming Chen Zhejiang University of Technology, China Phone: +86 0571-85290110 Email: tiemingchen@gmail.com Yubing Lin Zhejiang University of Technology, China Phone: +86 0571-85290115 Email: yulin@126.com Yiling Cui Zhejiang University of Technology, China Phone: +86 0571-85294110 Email: cyllingling_00@126.com Weihong Wang, et al. Expires January 3, 2010 [Page 16]