Qualitative and Quantitative Security Analyses for Zigbee Wireless Sensor Networks
Total Page:16
File Type:pdf, Size:1020Kb
Downloaded from orbit.dtu.dk on: Sep 27, 2018 Qualitative and Quantitative Security Analyses for ZigBee Wireless Sensor Networks Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming Publication date: 2011 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Yuksel, E., Nielson, H. R., & Nielson, F. (2011). Qualitative and Quantitative Security Analyses for ZigBee Wireless Sensor Networks. Kgs. Lyngby, Denmark: Technical University of Denmark (DTU). (IMM-PHD-2011; No. 247). General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Qualitative and Quantitative Security Analyses for ZigBee Wireless Sensor Networks Ender Y¨uksel Kongens Lyngby 2011 IMM-PHD-2011-247 Technical University of Denmark Informatics and Mathematical Modelling Building 321, DK-2800 Kongens Lyngby, Denmark Phone +45 45253351, Fax +45 45882673 [email protected] www.imm.dtu.dk IMM-PHD: ISSN 0909-3192 Summary Wireless sensor networking is a challenging and emerging technology that will soon become an inevitable part of our modern society. Today wireless sensor networks are broadly used in industrial and civilian application areas includ- ing environmental monitoring, surveillance tasks, healthcare applications, home automation, and traffic control. The challenges for research in this area are due to the unique features of wireless sensor devices such as low processing power and associated low energy. On top of this, wireless sensor networks need secure communication as they operate in open fields or unprotected environments and communicate on broadcasting technology. As a result, such systems have to meet a multitude of quantitative constraints (e.g. timing, power consumption, memory usage, communication bandwidth) as well as security requirements (e.g. authenticity, confidentiality, integrity). One of the main challenges arise in dealing with the security needs of such systems where it is less likely that absolute security guarantees can be sustained { because of the need to balance security against energy consumption in wireless sensor network standards like ZigBee. This dissertation builds on existing methods and techniques in different areas and brings them together to create an efficient verification system. The overall ambition is to provide a wide range of powerful techniques for analyzing models with quantitative and qualitative security information. We stated a new approach that first verifies low level security protocols in a ii qualitative manner and guarantees absolute security, and then takes these ver- ified protocols as actions of scenarios to be verified in a quantitative manner. Working on the emerging ZigBee wireless sensor networks, we used probabilistic verification that can return probabilistic results with respect to the trade–off between security and performance. In this sense, we have extended various existing ideas and also proposed new ideas to improve verification. Especially in the problem of key update, we believe we have contributed to the solution for not only wireless sensor networks but also many other types of systems that require key updates. Besides we produced automated tools that were intended to demonstrate what kind of tools can developed on different purposes and application domains. Resum´e Tr˚adløsesensor netværk er en udfordrende og ny teknologi, der snart vil blive en uundg˚aeligdel af vores moderne samfund. I dag anvendes tr˚adløsesen- sor netværk bredt i industrielle og civile anvendelsesomr˚ader,herunder miljø- overv˚agning,tilsynsopgaver, sundhedsprodukter, home automation, og trafik kontrol. Udfordringerne for forskningen p˚a dette omr˚adeskyldes de unikke egenskab- ber ved tr˚adløsesensor enheder, s˚asomlav processorkraft og tilhørende lavt energiforbrug. Yderligere er tr˚adløsesensor netværk nødt til at understøtte sikker kommunikation, da de opererer i ˚abneomr˚adereller ubeskyttede miljøer og kommunikerer vha. radio-teknologi. Som en følge heraf er disse systemer nødt til at opfylde en lang række af de kvantitative begrænsninger (f.eks timing, strømforbrug, hukommelsesforbrug, kommunikation b˚andbredde)s˚a vels som sikkerhedsmæssige krav (f.eks autentifikation, fortrolighed, integritet). En af hoved udfordringerne er at opn˚adet rette niveau af sikkerhed i s˚adanne systemer, hvor det er usandsynligt, at absolutte sikkerheds garantier kan opret- holdes { p˚agrund af behovet for at afbalancere sikkerhed mod energiforbruget i tr˚adløsesensor netværk standarder som ZigBee. Denne afhandling bygger p˚aeksisterende metoder og teknikker inden for forskel- lige omr˚aderog bringer dem sammen med henblik p˚aat skabe et effektivt veri- fikationssystem. Den overordnede ambition er at give en bred vifte af kraftfulde teknikker til at analysere modeller med kvantitative og kvalitative sikkerhedso- plysninger. Vi præsenterer en ny tilgang, der først verificerer lav-niveau sikkerheds pro- iv tokoller p˚a en kvalitativ m˚adeog garanterer absolut sikkerhed, og derefter tager disse verificerede protokoller som aktioner i scenarier, der derefter verifi- ceres kvantitativt. Med udgangspunkt i de nye ZigBee tr˚adløsesensor netværk, benytter vi probabilistisk verifikation { og dermed f˚arvi et probabilistisk indblik i et trade-off mellem sikkerhed og ydeevne. Vi har s˚aledesudvidet forskellige eksisterende ideer og foresl˚aetnye ideer til forbedring af verifikationen. Specielt mener vi at vi for problemet med nøgle- opdatering har bidraget til en løsning for ikke blot tr˚adløsesensor netværk, men ogs˚amangeandre typer af systemer, der kræver nøgle-opdateringer. Derudover har vi produceret automatiserede værktøjer, der har til form˚alat vise, hvad slags værktøjer der kan udvikles for forskellige form˚alog anvendelsesomr˚ader. Preface This thesis was prepared at the department of Informatics and Mathematical Modelling, the Technical University of Denmark in partial fulfillment of the requirements for acquiring the Ph.D. degree in Computer Science. The Ph.D study has been carried out under the supervision of Professor Hanne Riis Nielson and Professor Flemming Nielson in the period of September 2007 to January 2011 (excluding the leave of absence period from January 2010 to May 2010). Most of the work behind this dissertation has been carried out independently and I take full responsibility for its contents. A part of the scientific work in this thesis is based on our published work in [YNN08, YNN09a, YNN09b, YNN10a, YNN11a] with my two supervisors as co-authors. Another part is based on our published work in [YNN+10b, YNN11c] in collaboration with Marta Kwiatkowska and Matthias Fruth from Oxford University. In addition, a part from this thesis is under submission to a conference [YNN11b]. Lyngby, January 2011 Ender Y¨uksel vi Acknowledgements First and foremost, my thanks go to my supervisors, Hanne Riis Nielson and Flemming Nielson, without whose support, guidance and enthusiasm this work would never have been completed. I consider myself very lucky to be working with them since my master thesis, and I am grateful to them for providing me with the opportunities to work on important research projects and teach stimulating courses. I would like to thank Marta Kwiatkowska, Matthias Fruth, Dave Parker, Gethin Norman, and all other members of Quantitative Analysis and Verification at Oxford University for their guidance and support during my stay in Oxford and since then. I would like to thank Gavin Lowe from Oxford University for good advice and interesting discussions on my work with security protocols. I would also like to thank Robert Cragie from ZigBee Alliance, for his generous technical help in my work on ZigBee. Thanks must go to Bo Friis Nielsen, Luz Esparza, and Kebin Zeng from Math- ematical Statistics group at DTU, and all members of the MT-LAB project for their close collaboration and comments on various parts of my work. I am also indebted to MT-LAB and SENSORIA projects, together with FIRST and ITMAN PhD schools since I was engaged to and supported by these bodies during my PhD studies. viii I would like to thank Mehmet B¨ulent Orencik¨ from Technical University of Istanbul who has been my role model and inspiration to continue for an academic carrieer. I want to thank current and former members of the Language-Based Technology group at DTU: Alejandro M. Hernandez, Carroline D.P.K. Ramli, Christian W. Probst, Christoffer R. Nielsen, Eva Bing, Fan Yang, Fuyuan Zhang, Han Gao, Henrik Pilegaard, Jose N.C. Quaresma, J¨orgKreiker, Lijun Zhang, Marian S. Adler, Matthieu S.B. Queva, Michael J.A. Smith, Michal T. Terepata, Nataliya Skrypnyuk, Piotr Filipiuk, Sebastian Nanz, Sebastian A. M¨odersheim,Ye Zhang for creating a friendly and stimulating working environment. I am grateful to the members of my thesis assessment committee, Fabio Mar- tinelli, Jan Madsen, and Stephen Gilmore for accepting