cccp secure remote storage for computational rfids
play

CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, - PowerPoint PPT Presentation

CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu (UMass Amherst) A. Juels (RSA) The Security Division of EMC NSF-627529 Shane Clark, USENIX Security 09 Tuesday, August 18, 2009 RFID tags


  1. CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu (UMass Amherst) A. Juels (RSA) The Security Division of EMC NSF-627529 Shane Clark, USENIX Security ’09 Tuesday, August 18, 2009

  2. RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009

  3. RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009

  4. RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009

  5. RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009

  6. Computational RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009

  7. CRFIDs • Batteryless • Powered by harvested energy • Interact with RFID readers • Programmable WISP 1.0 Shane Clark, USENIX Security ’09 3 Tuesday, August 18, 2009

  8. CRFIDs • Tiny energy reservoir • Frequent power loss • Limited use of local storage WISP 1.0 Shane Clark, USENIX Security ’09 3 Tuesday, August 18, 2009

  9. Local Storage... at a Price Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read 0.64 Write 56.97 Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009

  10. Local Storage... at a Price Energy Consumption ( � J) Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read Read 0.64 0.64 • Erase-before-write Write Write 56.97 56.97 Erase 46.81 Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009

  11. Local Storage... at a Price Energy Consumption ( � J) Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read Read 0.64 0.64 • Erase-before-write Write Write 56.97 56.97 • Small nonvolatile memory Erase 46.81 • WISP 4.0: 32 KB flash Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009

  12. Inexpensive Radio CPU Flash Radio Mote [Hydrowatch] Shane Clark, USENIX Security ’09 5 Tuesday, August 18, 2009

  13. Inexpensive Radio CPU Radio CPU Flash Radio Flash Mote CRFID [Hydrowatch] Shane Clark, USENIX Security ’09 5 Tuesday, August 18, 2009

  14. Outsource Storage? Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009

  15. Outsource Storage? Receive Send Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009

  16. Outsource Storage? Problem: a reader is not necessarily trustworthy Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009

  17. Outsource Storage? Junk Read Problem: a reader is not necessarily trustworthy Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009

  18. Cryptographic Computational Continuation Passing Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009

  19. Cryptographic Computational Continuation Passing ENC MAC Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009

  20. Cryptographic Computational Continuation Passing DEC MAC ENC MAC Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009

  21. Goal: Computational Progress • Change of computational state toward a goal � Example: completion of a loop • Eliminate Sisyphean tasks Shane Clark, USENIX Security ’09 8 Tuesday, August 18, 2009

  22. Sisyphean Tasks • Some workloads may never complete given typical energy availability • Manually splitting tasks is not necessarily easy or effective Shane Clark, USENIX Security ’09 9 Tuesday, August 18, 2009

  23. Mementos [Ransford ’08] Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  24. Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  25. Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  26. Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  27. Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles { } T1 T2 T3 T4 Checkpoint Retrieve Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  28. Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles { } T1 T2 T3 T4 Checkpoint Retrieve • Problem: flash write takes precious energy. Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009

  29. Security Goals • Confidentiality • Integrity • Authentication • Data Freshness • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009

  30. Security Goals • Confidentiality • Integrity • Authentication • Data Freshness • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009

  31. Security Goals Reboots every few seconds • Confidentiality T i n y c a p a c i t o r • Integrity No battery Small RAM • Authentication • Data Freshness Expensive flash • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009

  32. Security Primitives • Stream cipher for confidentiality • UMAC for integrity/authentication [Black ’99] • Low cost in terms of energy Shane Clark, USENIX Security ’09 12 Tuesday, August 18, 2009

  33. Security Primitives • Stream cipher for confidentiality • UMAC for integrity/authentication [Black ’99] • Low cost in terms of energy • Challenge: Maintaining the keystreams Shane Clark, USENIX Security ’09 12 Tuesday, August 18, 2009

  34. Precomputation? • Keystreams are required by the cipher and the MAC • Cannot reuse keystream bits • Not enough energy to compute on the fly Shane Clark, USENIX Security ’09 13 Tuesday, August 18, 2009

  35. Good Power Seasons • Times when the CRFID is idle • CRFID is awake and has no computation left to complete. • CRFID finds a reader that does not understand CCCP. • Plentiful energy � time to produce keystream bits Shane Clark, USENIX Security ’09 14 Tuesday, August 18, 2009

  36. Data Freshness • Some state must be in trusted storage • Nonvolatile memory is too expensive to use frequently • How can we use it frugally? Shane Clark, USENIX Security ’09 15 Tuesday, August 18, 2009

  37. Hole Punching Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  38. Hole Punching 00000111 2 (=7 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  39. Hole Punching 00000111 2 (=7 10 ) 00001000 2 (=8 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  40. Hole Punching 00000111 2 (=7 10 ) 11111111 2 (erase) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  41. Hole Punching 00000111 2 (=7 10 ) 11110000000 1 (=7 10 ) 11111111 2 (erase) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (b) Unary Counter (a) Binary Counter (complemented) Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  42. Hole Punching 00000111 2 (=7 10 ) 11110000000 1 (=7 10 ) 11111111 2 (erase) 11100000000 1 (=8 10 ) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (b) Unary Counter (a) Binary Counter (complemented) Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009

  43. Protocol Reader e t a t s CRFID Shane Clark, USENIX Security ’09 17 Tuesday, August 18, 2009

  44. Protocol Reader e t a t s CRFID Non-autonomous communication Shane Clark, USENIX Security ’09 17 Tuesday, August 18, 2009

  45. Store Procedure Reader CRFID Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  46. Store Procedure Reader Query CRFID Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  47. Store Procedure Reader Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  48. Store Procedure Reader Need to store Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  49. Store Procedure Reader Chunk size Need to store Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  50. Store Procedure Reader Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  51. Store Procedure Reader Ciphertext+MAC Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  52. Store Procedure Store Reader Ciphertext+MAC Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009

  53. Retrieve Procedure Reader CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009

  54. Retrieve Procedure Retrieve Reader CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009

  55. Retrieve Procedure Retrieve Reader Ciphertext+MAC CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009

  56. Retrieve Procedure Retrieve Reader Ciphertext+MAC CRFID 1. Verify 2. Dec Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009

Recommend


More recommend