CCCP: Secure Remote Storage for Computational RFIDs M. Salajegheh, S. Clark , B. Ransford, K. Fu (UMass Amherst) A. Juels (RSA) The Security Division of EMC NSF-627529 Shane Clark, USENIX Security ’09 Tuesday, August 18, 2009
RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009
RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009
RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009
RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009
Computational RFID tags Shane Clark, USENIX Security ’09 2 Tuesday, August 18, 2009
CRFIDs • Batteryless • Powered by harvested energy • Interact with RFID readers • Programmable WISP 1.0 Shane Clark, USENIX Security ’09 3 Tuesday, August 18, 2009
CRFIDs • Tiny energy reservoir • Frequent power loss • Limited use of local storage WISP 1.0 Shane Clark, USENIX Security ’09 3 Tuesday, August 18, 2009
Local Storage... at a Price Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read 0.64 Write 56.97 Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009
Local Storage... at a Price Energy Consumption ( � J) Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read Read 0.64 0.64 • Erase-before-write Write Write 56.97 56.97 Erase 46.81 Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009
Local Storage... at a Price Energy Consumption ( � J) Energy Consumption ( � J) • Energy intensive writes 128 Bytes Read Read 0.64 0.64 • Erase-before-write Write Write 56.97 56.97 • Small nonvolatile memory Erase 46.81 • WISP 4.0: 32 KB flash Shane Clark, USENIX Security ’09 4 Tuesday, August 18, 2009
Inexpensive Radio CPU Flash Radio Mote [Hydrowatch] Shane Clark, USENIX Security ’09 5 Tuesday, August 18, 2009
Inexpensive Radio CPU Radio CPU Flash Radio Flash Mote CRFID [Hydrowatch] Shane Clark, USENIX Security ’09 5 Tuesday, August 18, 2009
Outsource Storage? Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009
Outsource Storage? Receive Send Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009
Outsource Storage? Problem: a reader is not necessarily trustworthy Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009
Outsource Storage? Junk Read Problem: a reader is not necessarily trustworthy Shane Clark, USENIX Security ’09 6 Tuesday, August 18, 2009
Cryptographic Computational Continuation Passing Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009
Cryptographic Computational Continuation Passing ENC MAC Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009
Cryptographic Computational Continuation Passing DEC MAC ENC MAC Shane Clark, USENIX Security ’09 7 Tuesday, August 18, 2009
Goal: Computational Progress • Change of computational state toward a goal � Example: completion of a loop • Eliminate Sisyphean tasks Shane Clark, USENIX Security ’09 8 Tuesday, August 18, 2009
Sisyphean Tasks • Some workloads may never complete given typical energy availability • Manually splitting tasks is not necessarily easy or effective Shane Clark, USENIX Security ’09 9 Tuesday, August 18, 2009
Mementos [Ransford ’08] Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles { } T1 T2 T3 T4 Checkpoint Retrieve Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Mementos [Ransford ’08] Task = { } T1 T2 T3 T4 Energy = • Checkpoint state (locally) as energy wanes • Spread computations over multiple lifecycles { } T1 T2 T3 T4 Checkpoint Retrieve • Problem: flash write takes precious energy. Shane Clark, USENIX Security ’09 10 Tuesday, August 18, 2009
Security Goals • Confidentiality • Integrity • Authentication • Data Freshness • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009
Security Goals • Confidentiality • Integrity • Authentication • Data Freshness • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009
Security Goals Reboots every few seconds • Confidentiality T i n y c a p a c i t o r • Integrity No battery Small RAM • Authentication • Data Freshness Expensive flash • Availability Shane Clark, USENIX Security ’09 11 Tuesday, August 18, 2009
Security Primitives • Stream cipher for confidentiality • UMAC for integrity/authentication [Black ’99] • Low cost in terms of energy Shane Clark, USENIX Security ’09 12 Tuesday, August 18, 2009
Security Primitives • Stream cipher for confidentiality • UMAC for integrity/authentication [Black ’99] • Low cost in terms of energy • Challenge: Maintaining the keystreams Shane Clark, USENIX Security ’09 12 Tuesday, August 18, 2009
Precomputation? • Keystreams are required by the cipher and the MAC • Cannot reuse keystream bits • Not enough energy to compute on the fly Shane Clark, USENIX Security ’09 13 Tuesday, August 18, 2009
Good Power Seasons • Times when the CRFID is idle • CRFID is awake and has no computation left to complete. • CRFID finds a reader that does not understand CCCP. • Plentiful energy � time to produce keystream bits Shane Clark, USENIX Security ’09 14 Tuesday, August 18, 2009
Data Freshness • Some state must be in trusted storage • Nonvolatile memory is too expensive to use frequently • How can we use it frugally? Shane Clark, USENIX Security ’09 15 Tuesday, August 18, 2009
Hole Punching Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Hole Punching 00000111 2 (=7 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Hole Punching 00000111 2 (=7 10 ) 00001000 2 (=8 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Hole Punching 00000111 2 (=7 10 ) 11111111 2 (erase) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (a) Binary Counter Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Hole Punching 00000111 2 (=7 10 ) 11110000000 1 (=7 10 ) 11111111 2 (erase) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (b) Unary Counter (a) Binary Counter (complemented) Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Hole Punching 00000111 2 (=7 10 ) 11110000000 1 (=7 10 ) 11111111 2 (erase) 11100000000 1 (=8 10 ) 00001000 2 (=8 10 ) 00001000 2 (=8 10 ) (b) Unary Counter (a) Binary Counter (complemented) Shane Clark, USENIX Security ’09 16 Tuesday, August 18, 2009
Protocol Reader e t a t s CRFID Shane Clark, USENIX Security ’09 17 Tuesday, August 18, 2009
Protocol Reader e t a t s CRFID Non-autonomous communication Shane Clark, USENIX Security ’09 17 Tuesday, August 18, 2009
Store Procedure Reader CRFID Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Query CRFID Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Need to store Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Chunk size Need to store Query CRFID Tasks 1..k Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Reader Ciphertext+MAC Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Store Procedure Store Reader Ciphertext+MAC Chunk size Need to store Query CRFID Tasks 1..k 1. Enc 2. MAC 3. Hole punch Shane Clark, USENIX Security ’09 18 Tuesday, August 18, 2009
Retrieve Procedure Reader CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009
Retrieve Procedure Retrieve Reader CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009
Retrieve Procedure Retrieve Reader Ciphertext+MAC CRFID Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009
Retrieve Procedure Retrieve Reader Ciphertext+MAC CRFID 1. Verify 2. Dec Shane Clark, USENIX Security ’09 19 Tuesday, August 18, 2009
Recommend
More recommend