Cryptography Reference
In-Depth Information
5.2.2 TinySec
TinySec is a lightweight link-layer security architecture for WSN (Karlof et al. 2004).
It was designed with the intention of being easily portable on most of the existing
sensors and addresses message integrity, data confidentiality, replay protection, and
access control. However, it does not address attacks related to resource exhaustion and
node capture.
This security framework supports two modes of architecture, namely, authenti-
cated encryption (TinySec-AE) and authentication only (TinySec-Auth). TinySec-AE is
a full-security suite and offers packet authentication through Message Authentication
Code (MAC) and data payload encryption, whereas in TinySec-Auth MAC is used to
authenticate the entire packet, but the payload is not encrypted. MAC can be viewed
as a distinct class of hash functions that facilitates message authentication and integ-
rity through symmetric techniques. The intent of designing a MAC is that it is com-
putationally infeasible to produce a matching output without prior knowledge of the
key. The sender sends the plain text and its corresponding MAC to the receiver. The
receiver ensures message authenticity and integrity by recomputing MAC and compar-
ing it with the sender's MAC. MAC is also useful in detecting transmission errors so
that the Bit Error Rate (BER) is not affected.
In TinySec, Cipher Block Chaining (CBC) is used for encryption with an 8-byte
Initialization Vector (IV) to achieve semantic security, i.e., encrypting the plain text
two times should result in different cipher texts. The length of the IV plays a crucial
role in security and performance in any network. Especially in a WSN environment,
if the length of the IV is too long, there would be an unnecessary addition of redun-
dant data that would result in increased usage of expensive resources and degradation
of overall throughput. In contrast, if the IV is too short, there could be the risk of a
security attack due to the possibility of a repeating IV. Using the pigeonhole principle
mentioned in Karlof et al. (2004), an IV in this model encompasses a counter (CTR)
to prevent repetitions of IVs. The structure of an IV includes Destination address
(DEST), Active Message (AM) handler type, Length of data payload (LEN), Source
address (SRC), and a 16-bit counter. AM in this model carries the same functionality
as port numbers in the TCP/IP model.
Figures 5.1 and 5.2 depict the packet formats in bytes for TinySec-AE and
TinySec-Auth , respectively . Although this model demonstrates the ability to effectively
Figure 5.1. TinySec-AE Packet Format in Bytes
Search WWH ::




Custom Search