Internet DRAFT - draft-zhao-aalsec-access

draft-zhao-aalsec-access



      
         
     ROLL                                                     Wei-Cheng Zhao 
     Internet Draft                                               De-Yun Gao 
     Expires: November 11, 2013                                Hong-Ke Zhang 
                                                                Wan-Ting Zhu 
                                                 Beijing Jiaotong University 
                                                           November 19, 2014       
                                        
                 AAL security in Low Power and Lossy Networks 
	               draft-zhao-aalsec-access-00
      
     Abstract 

     Due to the seriously resource-constrained and easily attacked character 
     of Low Power and Lossy Networks-LNs, security becomes even harder to be 
     deployed. Here we present an AAL security scheme to protect devices in 
     AAL layer to help protect to communicate with each other safely including 
     a special key management, encryption, authentication and other security 
     measures.   
      
     Requirements Language 

     The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
     "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
     document are to be interpreted as described in [RFC2119]. 
      
     Status of this Memo 

     This Internet-Draft is submitted to IETF in full conformance with the 
     provisions of BCP 78 and BCP 79.
 
     Internet-Drafts are working documents of the Internet Engineering Task 
     Force (IETF), its areas, and its working groups.  Note that other groups 
     may also distribute working documents as Internet-Drafts. 

     Internet-Drafts are draft documents valid for a maximum of six months and 
     may be updated, replaced, or obsoleted by other documents at any time.  
     It is inappropriate to use Internet-Drafts as reference material or to 
     cite them other than as "work in progress". 

     The list of current Internet-Drafts can be accessed at 
     http://www.ietf.org/ietf/1id-abstracts.txt 

     -------The list of Internet-Draft Shadow Directories can be accessed at 
     http://www.ietf.org/shadow.html 
     This Internet-Draft will expire on June 6, 2014. 
     Copyright Notice 
     Copyright (c) 2013 IETF Trust and the persons identified as the document 
     authors.  All rights reserved.  
     This document is subject to BCP 78 and the IETF Trust's Legal Provisions 
     Relating to IETF Documents (http://trustee.ietf.org/license-info) in 
     effect on the date of publication of this document.  Please review these 

      
     Zhao et al.     Expires November 11, 2015          [Page 1] 
      
      
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
     documents carefully, as they describe your rights and restrictions with 
     respect to this document. Code Components extracted from this document 
     must include Simplified BSD License text as described in Section 4.e of 
     the Trust Legal Provisions and are provided without warranty as described 
     in the Simplified BSD License. 

Copyright Notice

     Copyright (c) 2013 IETF Trust and the persons identified as the document 
     authors. All rights reserved.
  
     This document is subject to BCP 78 and the IETF Trust's Legal Provisions 
     Relating to IETF Documents (http://trustee.ietf.org/license-info) in 
     effect on the date of publication of this document.  Please review these 
     documents carefully, as they describe your rights and restrictions with 
     respect to this document. Code Components extracted from this document
     must include Simplified BSD License text as described in Section 4.e of 
     the Trust Legal Provisions and are provided without warranty as described in 
     the Simplified BSD License.


     Table of contents 
      
       1.  Introduction: ............................................... 2 
       2.  Problem statement: .......................................... 3 
       3.  The whole security scheme ................................... 3 
       4.  Key management scheme ....................................... 5 
       5.  summarize and expectation ................................... 7 
       6. References ................................................... 7 
        6.1. Normative References ...................................... 7 
        6.2. Informative References.... ................................ 8 
       Acknowledgment................................................... 8 
      
      


     1. Introduction: 


     LLNs 
consist of low power devices which are seriously resource-constrained 
     in variety link quality condition. The low cost and limited power devices 
     can collect information like light intensity and transmit the data packets 
     though 802.15.4.Meanwhile, these devices can execute some control tasks 
     using typical sensor chip. Due to the situation that LLNs devices are 
     usually deployed at harsh outdoor environment where people can hardly get 
     into, LLNs are self-organized. 
 
     In this document, we discuss about LLN devices running IPv6 stack. We 
     firstly briefly introduce 6LoWPAN protocol below. 6LoWPAN is a protocol 
     aimed 
at 
importing 
IPv6 in LLNs. It compresses IP and transport layer header 
     (only UDP at present) and fragments packets which are too large for lower 
     layer transmission to realize above function. And AAL is a layer between 
     network layer and data link layer using 6LoWPAN protocol. 

     In this document, a distributed AAL security scheme for LLNs is proposed. 
     We put forward the key management scheme calling network routing protocol 
     RPL. And encryption as well as authentication is carrying on using the 
     key. AAL security scheme accomplish the safely communication using as few 
     resource as possible.   
      
      

     Zhao et al.      Expires November 11, 2015                           [Page 2] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        

     2. Problem statement: 


     Due to the transmission method of wireless broadcast, LLNs is naturally 
     vulnerable.   While,   these   low   power   devices   are   severely 
     resource-constrained which lead to the lack of computing power as well 
     as the memory capacity. Regular security mechanisms and frameworks are 
     too complex and not suitable for LLNs. 
      
      


     3. The whole security scheme 


     To guarantee communication safety between sensor nodes, security methods 
     are needed in LLNS. However, complicated security protocol can't be 
     executed due to the serious resource-limited characteristic of the sensor 
     nodes. Thus in the document we propose and imple a new security scheme 
     ensuring normal interaction between sensor nodes and being light-weighted. 
     As is mentioned in the introduction, 6LoWPAN is used to compress packets 
     as well as deal with large packets. 
       
                     
     +-----------------------------------------------------------------------------+ 
     |                                 Application                                 |  
     +-----------------------------------------------------------------------------+ 
     |                                     RPL + key rotation                      |            
     +-----------------------------------------------------------------------------+ 
     |                                            uIP                              |            
     +-----------------------------------------------------------------------------+ 
     |                                   6LoWPAN Header compression                |            
     +-----------------------------------------------------------------------------+ 
     |                      Security                                               |            
     +-----------------------------------------------------------------------------+ 
     |                    fragmentation                                            |            
     +-----------------------------------------------------------------------------+ 
     |                                            802.15.4                         |            
     +----------------------------------------------------------------------------+ 

                                    Figure1  System structure  

      
     The security scheme includes key-management, authentication, encryption 
     and other safety measures. During sending, packets delivered from 6LoWPAN 
     protocol are processed by the security scheme.  
                     

     Zhao et al.      Expires November 11, 2015                           [Page 3] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
     +-----------------------------------------------------------------------------+ 
     |  compressed  header  |  transport  layer  header  |    data                 |            
     +-----------------------------------------------------------------------------+ 

                                        Figure 2 Packet Format  

                      
     +-----------------------------------------------------------------------------+ 
     |IF_SECURE|   FRAG   |   ENCRPT   |AUTH|        RESERVE                       |            
     +-----------------------------------------------------------------------------+  
     0         1          2             3   4                                      7 
                                   Figure 3: Security Byte Format 
      
     Firstly, the packets are analyzed about packet type. We can analyze 
     specific security byte in the compressed header. The first bit(IF_SECURE) 
     stands for whether this packet goes though the security procedure. 
     IF_SECURE=0 means no security needed, IF_SECURE=1 means security scheme 
     deployed by the following bits. FRAG bit stands for whether this packet 
     is fragmented FRAG=0 means this packet is normally complete while FRAG=1 
     means this packet is fragment packet and needs special process. ENCRPT 
     bit stands for whether this packet should be encrypt. IF_SECURE=1 and 
     ENCRPT=0 means no need to encrypt this packet, IF_SECURE=1 and ENCRPT=1 
     means we should encrypt current packet. AUTH bit stands for whether this 
     packet should be authenticate. IF_SECURE=1 and AUTH=0 means no need to 
     authenticate this packet, IF_SECURE=1 and AUTH=1 means we should 
     authenticate current packet. The rest bits are reserved and default value 
     is 0. 

     +-----------------------------------------------------------------------------+ 
     |              key management                                                 |           
     +-----------------------------------------------------------------------------+ 
     |    authentication    |      encryption    |      anti-replay                |            
     +-----------------------------------------------------------------------------+ 
                                    Figure 4: Security Layer 
      
     If the packet is found to be a fragmented one, we need to take special 
     action before security goes forward. That is because we deployed security 
     scheme after 6LoWPAN, while 6LoWPAN detect maximum transmission unit in 
     link layer and extra secure bits are added during secure handle. In this 
     paper we get to a solution by move the fragment process part of 6LoWPAN 
     protocol from the top of the secure scheme to the bottom of it. Detailedly, 
     the packet firstly goes though 6LoWPAN without detect of the max length 
     and  fragment  after  secure  processes  (including  encryption  and 
     authentication) and process this step after all security movement ends. 
     That is to say, when the packet is too long to transfer, we wait until 

     Zhao et al.      Expires November 11, 2015                           [Page 4] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
     every step of security accomplish to decide whether this whole packet needs 
     to fragment.
 
     If the packet is found to be a DIO packet (detailedly introduce below), 
     step into the key rotating part. 

     Next(no matter what kinds of packet it is), authentication and encryption 
     parts get key from key management part(if needed in security byte 
     format).Key would be calling from the memory of device and encryption and 
     authentication would be applied. In most of the device, radio frequency 
     or CPU chip may provide encryption and authentication algorithm. To reduce 
     consumption of the resource serious device, hardware algorithm is a great 
     way to complete the complex computing. Specifically, only the load 
     (including the uncompressed transport layer header) is encrypted and the 
     whole packet is authenticated. That's because if we encrypt the header 
     we need to add a new header and make the packet much longer, while 
     authentication part doesn't get that problem.   
 
     Finally, the sequence number is added and the new secure packet is 
     transferred to lower layer to send. That is when we decide whether this 
     packet is too long and needs fragment. Receiving process is similar as 
     sending process including decryption, authentication, key management and 
     fragmentation.  


     4. Key management scheme 


     Traditional key management schemes are usually based on public key 
     encryption, which is difficult even impossible for LLNs to imply. However, 
     LLNs are more likely to sustain Eavesdropping attack due to Wireless 
     Broadcast Advantage of the LLNs devices. While traditional embedded key 
     management schemes usually use key pool approach which spends a lot of 
     memory to save keys and geographical position message is needed if we want 
     an advanced topology. Thus, a new efficient key management scheme is badly 
     needed. In this document, we propose a key management scheme based on LLNs 
     routing protocol RPL. 

     To start with, we introduce normal network method of LLNs applying RPL. 
     The root device broadcast DIO(a routing passage including link quality 
     message called rank ) to invite other devices nearby to join in its DODAG. 
     These devices get the passage and decide to join in by a parameter called 
     rank, and so on. This project continues until all the devices join in the 
     topology. In this document, security methods like authentication and 
     encryption are added though all the procedure and rotating happened during 
     DIO accept. 

     Firstly, a global public key is assigned to all devices for sequential 
     authentication. Then, first-round authentication happened to routing 
     packets DIO during networking period using previous public key. Packets 
     that pass the authentication will help their senders join the DODAG and 

     Zhao et al.      Expires November 11, 2015                           [Page 5] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
     lead to the first-round rotating. Child devices analyze DIO and generate 
     first-round encryption key by extracting rank, DODAG number as well as 
     father device ID as original data and encrypting this data by previous 
     key. DAO(response of DIO)including round number to identify key rotating 
     complete in its expand option is send after all above complete. Then both 
     child device and father device can delete the previous key (while father device
     need to wait for each child giving  successful response). Thereafter every DIO 
     lead to a new round key. 

     DIO is a route control packet whose transmission frequency depends on 
     network stability. Rotating caused by DIO connect security together with 
     link state, which improve security efficiency a lot. What is more, rank 
     of different devices are differ from each other as well as device ID, which 
     lead to the phenomenon that devices of different father devices use various 
     round key while these of the same father device share the same key. So 
     that the whole network use different round key to protect the devices from 
     password cracking while every single device only need to save two keys(the 
     key to communication with the father device and the key to communicate 
     with child devices). 

     Assume there are several LLNs devices deployed in the open-round. Root 
     device is very close to device A. Then the interaction diagram below shows 
     the detail process of how the devices join in the DODAG and how they manage 
     to rotate. 
            root                    A                         B                         C                  
            |                       |                         |                         |                  
            |-------DIOr0---------->|                         |                         |                   
            |                       |                         |                         |                  
            |<------DAOr0-----------|                         |                         |                   
            |                       |                         |                         |                  
            |                       |--------DIOa0 ---------->|                         |                  
            |                       |                         |                         |                  
            |                       |<-------DAOa0 -----------|                         |                  
            |                       |                         |                         |                  
            |                       |                         |<-------DISc0----------- |                  
            |                       |                         |                         |                  
            |                       |                         |--------DIOb0----------> |                  
           |                       |                         |                         |                  
            |                       |                         |<-------DAOb0------------|                  
            |                       |                         |                         |                  
                              .................................... 
                                         After n rounds  
                              .................................... 
            |                       |                         |                         |                  
            |<----- DIOrn ----------|                         |                         |                   

     Zhao et al.      Expires November 11, 2015                           [Page 6] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
            |<------DAOrn ----------|                         |                         |                   
            |                       |                         |                         |                  
            |                       |-------DIOan ----------->|                         |                  
            |                       |                         |                         |                  
            |                       |<------DAOan ------------|                         |                  
            |                       |                         |                         |                  
            |                       |                         |<------DIScn-------------|                  
            |                       |                         |                         |                  
            |                       |                         |-------DIObn------------>|                  
            |                       |                         |                         |                  
            |                       |                         |<------DAObn-------------|     
                               Figure 5: Interaction Diagram 
      


     5. summarize and expectation 


     We put forward a complete AAL security scheme above, especially focus on 
     the key management realizition.By using meaningful syliable in broadcast 
     DIO, we sucessfully carry on key distribution and rotating without using 
     extra link consume and internal memory.The keys are different in the whole 
     network while devices holding the same father device share the same device. 
     LLNs devices can apply this security scheme to complete safty communication. 

     While, this scheme is only suitable for the LLNs based on Ipv6 and deploying 
     RPL routing protocol.What's more, adding new devices to the previous LLNs 
     could cause great risk if the safty of this new one can not be detected.This 
     shortage should be solved in next vision by adding intrusion Detection 
     mechanism.We may also add application layer security and link layer 
     security in next verion. 
      
     This document does not specify any security considerations. 


     6. References 


     6.1. Normative References 

        [RFC6550] T. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, 
                  K. Pister, R. Struik, JP. Vasseur, and R. Alexander, "RPL: 
                  IPv6 Routing Protocol for Low-Power and Lossy Networks", 
                  RFC6550, March 2012. 

        [RFC2119] S.Bradner, "Key words for use in RFCs to Indicate Requirement 
                  Levels", BCP 14, RFC 2119, March 1997. 

        [RFC6552] P.Thubert, "RPL Objective Function 0", RFC6552, March 2012. 

     Zhao et al.      Expires November 11, 2015                           [Page 7] 
      
     Internet-Draft AAL             security in LLNs         November 19, 2014 
                                        
        [RFC6206] P.Levis, T.Clausen, J.Hui, O.Gnawali, and J.Ko, "The Trickle 
                  Algorithm", RFC6206, March 2011. 

      


     6.2. Informative References 


     Jennifer  Yick.  Wireless  sensor  network  survey[J].  Computer 
     networks,2008,52(12): 2292-2330. 

     Holzmann G  J. The SPIN Model Checker, Primer and Reference Manual. 
     Addison-Wesley, 2003. 

     POTTIE G J, KAISER W J. Wireless Integrated Network Sensors[J]. 
     Communications of the ACM (S0001-0782), 2000, 43(5) : 551-558. 

     Oscar  Delgado-Mohatar,  Amparo  Futer-Sabater,  Jose M.Sierra. 
     Alight-weight authentication scheme for wireless sensor networks. Ad Hoc 
     Networks 9(2011)727-35. 

     Javier Lopez, Rodrigo Roman, Isaac Agudo, Carmen Fernandez-Gago. Trust 
     management systems for wireless sensor networks: Best practices. Computer 
     Communications 33(2010)1086?093. 

     Su Zhong, Lin Chuang, Feng fujun, Ren Fengyuan. Key Management Schemes 
     and Protocols for Wireless Sensor Networks. Journal of Software,
     V01.18,No.5,May 2007,PP.1218-1231. 
      
      
     Authors' Addresses 
      
     Wei-Cheng Zhao, De-Yun Gao, Hong-Ke Zhang, Yan-fei Ma, Wan-Ting Zhu,  
     National Engineering Lab for NGI Interconnection Devices  
     Beijing Jiaotong University, China 
        
     Phone: +8613521693762 
     Email: 11111018@bjtu.edu.cn 
            gaody@bjtu.edu.cn 
            hkzhang@bjtu.edu.cn 
            11111019@bjtu.edu.cn 
      


     Acknowledgment 


     This work was supported by the National Major Projects of China 
       (Grant No. 2012ZX03005003).
      




     Zhao et al.      Expires November 11, 2015                           [Page 8]