onboardicng: a secure protocol for on-boarding iot devices...
TRANSCRIPT
![Page 1: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/1.jpg)
OnboardICNg: a Secure Protocol forOn-boarding IoT Devices in ICN
Alberto Compagno1,3, Mauro Conti2 and Ralph Droms3
1Sapienza University of Rome2University of Padua3Cisco Systems
3rd ACM Conference on Information-Centric Networking
September 28, 2016
![Page 2: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/2.jpg)
IoT Scenario
Internet
Publishesreadingsunderapropernamespacee.g.[1]:/coord/readings
[1]M.Enguehard,etal."SLICT:SecureLocalizedInformationCentricThings." ACMICN,2016.
Wireless mesh network of resource-constrained devices
IEEE 802.15.4 MAC2 of 20
![Page 3: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/3.jpg)
Unauthorized access
Internet
Easy to deploy malicious devices
An attacker can waste devices’ resources:
bandwidth, energy, memory, computation
3 of 20
![Page 4: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/4.jpg)
Unauthorized access in ICN
Internet
Even a more serious problem
Attacker can target network state (PIT, CS):
Interest flooding, cache pollution attacks
4 of 20
![Page 5: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/5.jpg)
How to secure the network?
Internet
Create a network of trusted devices:
Device authentication and authorization to join the network
Prevent packets manipulation and injection:
Hop-by-hop packet integrity/authenticity check
5 of 20
![Page 6: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/6.jpg)
Existing approaches
In IP wireless mesh network (ZigBee IP):
EAP-PSK with Protocol for Carrying Authentication forNetwork Access – EAP-PSK/PANA
EAP-TLS/PANA
In ICN wireless mesh network:
Nothing so far
6 of 20
![Page 7: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/7.jpg)
Our proposal – OnboardICNg
We design OnboardICNg, an on-boarding protocol based onsymmetric encryption that:
Authenticates and authorizes new devices to join network
Provides the authentication of the network to the joiningdevice
Bootstraps the key material for MAC and network layer
Has a low cost in terms of devices’ resources
7 of 20
![Page 8: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/8.jpg)
System model
AGWInternet
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
![Page 9: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/9.jpg)
System model
InternetAGW
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
![Page 10: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/10.jpg)
System model
AGWInternet
Figure: Advanced Metering Infrastructure Scenario
Application Gateway (AGW) provides connectivity to Internet
AGW queries devices / issues commands
Devices retrieve content only from AGW
8 of 20
![Page 11: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/11.jpg)
System Model
To secure communication we distribute:
kdj−AGW : a pairwise key between each device dj and AGW
Used to protect confidentiality and provide contentauthentications to content retrieved between dj and AGW(e.g., AGW queries and crypto material intended for dj)
kdj−dnbr : pairwise key between dj and dnbrUsed to trigger the 802.15.4 integrity (and optionallyconfidentiality)
9 of 20
![Page 12: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/12.jpg)
System model
InternetAAM
AGW
Figure: Advanced Metering Infrastructure Scenario
Authentication Authorization Manager (AAM) authenticatesand authorizes devices
Pre-shared key (psk) between each device and AAM duringprovisioning phase
10 of 20
![Page 13: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/13.jpg)
OnboardICNg - High level picture
Device
AAMAGW
dj
dnbr
Figure: OnboardICNg
11 of 20
![Page 14: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/14.jpg)
OnboardICNg - High level picture
Device
AAMAGW
dj
dnbr
(a) OnboardICNg
PANAAuthenticationAgent(PAA) AAM
PANAClient(PaC)
(b) EAP-PSK/PANA 12 of 20
![Page 15: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/15.jpg)
AKEP2
OnboardICNg is built on AKEP2 scheme (which has proven to besecure)
AKEP2 provides:
Mutual authentication
Authenticated key exchange
A B
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
psk psk
k’=KDF(…,psk)k’=KDF(…,psk)
13 of 20
![Page 16: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/16.jpg)
AKEP2
OnboardICNg is built on AKEP2 scheme (which has proven to besecure)
AKEP2 provides:
Mutual authentication
Authenticated key exchange
A B
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
psk psk
k’=KDF(…,psk)
k’=KDF(…,psk)
k’=KDF(…,psk)k’=KDF(…,psk)
13 of 20
![Page 17: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/17.jpg)
AKEP2 in ICN
AKEP2 can be simply implemented in interest and content packets...but it is a two party protocol
A Bpsk psk
Payload
interestcontent
interest
interest
interest
content
content
content
k’
k’
B’sidentity
A’sidentity, proofofAauthenticity
ProofofBauthenticity
14 of 20
![Page 18: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/18.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
15 of 20
![Page 19: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/19.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
AKEP2
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
![Page 20: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/20.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
Certifiestodj thatthenetworkisauthentic AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
![Page 21: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/21.jpg)
OnboardICNg - Description
dnbr expressesaninteresttoretrieveauthorizationandcryptomaterial
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
![Page 22: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/22.jpg)
OnboardICNg - Description
AAMauthenticatesandauthorizesdj
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
15 of 20
![Page 23: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/23.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
k’
Cryptomaterial,kdj-AGW
AAMauthenticatesandauthorizesdj
15 of 20
![Page 24: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/24.jpg)
OnboardICNg - Description
Cryptomaterial,k
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
Cryptomaterialtogeneratesdnbr proofauth.
K’
dj-AGW
15 of 20
![Page 25: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/25.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
Encryptedwithpsk toprotectconfidentiality
dnbr’s identity,proofauth.
Cryptomaterial,kdj-AGW
K’
15 of 20
![Page 26: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/26.jpg)
OnboardICNg - Description
k’,k
djpsk psk
dnbr AGW
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
Cryptomaterial,kdj-AGW
Encryptedwithpsk toprotectconfidentiality
dnbr’s identity,proofauth.
K’
dj-dnbr
15 of 20
![Page 27: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/27.jpg)
OnboardICNg - Description
djpsk psk
dnbr AGW
K’
interestcontent
AAM
dnbr’s identity
dj’s identity,proofauth.
dnbr’s identity,proofauth.
Encryptedwithk’
dj-AGWk,kdj-dnbr
Cryptomaterial,kdj-AGWk’,kdj-dnbr
15 of 20
![Page 28: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/28.jpg)
OnboardICNg - Evaluation settings
We compare OnboardICNg with EAP-PSK/PANA
Specifically, constrained devices having a similar role:
dj with PaC ← joining devicednbr with PRE ← neighbor
OnboardICNg evaluation setting:
1+0 Encoding proposal for CCN [1]
resourced-constrained devices with hardware implementationof AES-128 (e.g., MSP430 MCU combined with the CC2420radio chip)
[1] CCN and NDN TLV encodings in 802.15.4 packets. https://www.ietf.org/mail-archive/web/icnrg/current/pdfs9ieLPWcJI.pdf.
16 of 20
![Page 29: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/29.jpg)
OnboardICNg - Analytical evaluation
Communication cost comparison
Bytes transmitted/received between entities
549B
AGW/PAAdj/PaC
dnbr/PRE
OnboardICNg: 318B
EAP-PSK/PANA: 1380B 2481B
-70% -87%
17 of 20
![Page 30: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/30.jpg)
OnboardICNg - Analytical evaluation
Computation cost comparison (milliseconds)
EAP-PSK/PANA OnboardICNgCrypto op. PaC PRE dj dnbrMAC gen./ver. 49,90 0,00 37,68 53,87
Keys gen./der. 22,75 0,00 23,05 0,90
Encrypt 0,00 0,00 0,00 0,30
Decrypt 0,30 0,00 0,60 0,30
Memory cost comparison (bytes)
EAP-PSK/PANA OnboardICNgPaC PRE dj dnbr224 0 332 159
Comparable memory and computation cost for the joiningdevice
Greater memory and computation cost on neighbor device,but... 18 of 20
![Page 31: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/31.jpg)
OnboardICNg - Analytical evaluation
Energy cost comparison
19 of 20
![Page 32: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/32.jpg)
Conclusion
OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN
Resilient to outsider and insider attacks
Securely bootstraps cryptographic material for subsequentsecure communication
Resource utilization compares favorably withEAP-PSK/PANA
Up to 87% less in communication costUp to 66% less in energy consumption
20 of 20
![Page 33: OnboardICNg: a Secure Protocol for On-boarding IoT Devices ...conferences.sigcomm.org/acm-icn/2016/slides/Session5/compagno.pdf · nbr MAC gen./ver. 49,90 0,00 37,68 53,87 Keys gen./der](https://reader031.vdocuments.mx/reader031/viewer/2022022714/5c0c4d3809d3f295058be3a1/html5/thumbnails/33.jpg)
Conclusion
OnboardICNg is the first protocol providing secure authenticationand authorization for IoT over ICN
Resilient to outsider and insider attacks
Securely bootstraps cryptographic material for subsequentsecure communication
Resource utilization compares favorably withEAP-PSK/PANA
Up to 87% less in communication costUp to 66% less in energy consumption
Questions?email: [email protected]
20 of 20