Letterkenny Institute of Technology M.Sc. Thesis Lightweight Cryptography and Authentication Protocols for Secure Communications between Resource-Limited Devices and Wireless Sensor Networks: Evaluation and Implementation Author: Piotr Książak Student No L00057123 Supervisors: William Farrelly, M.Sc. Prof. Paul McKevitt, University of Ulster Department of Computing Letterkenny, September 2010 Declaration I hereby declare that for a period of 1 year following the date, on which this dissertation is deposited in the library of the Letterkenny Institute of Technology, the dissertation shall remain confidential with access or copying prohibited. Following the expiry of this period, I permit the librarian of the Institute to allow the dissertation to be copied in whole or in part without reference to me, on the understanding that such authority applies to single copies made for study purposes and is subject to normal conditions of acknowledgement. This restriction does not apply to the publication of the title or abstract of the dissertation. II Acknowledgements I am pleased to have the opportunity to express my gratitude to all people who helped me accomplish this dissertation. Firstly, I would like to thank my primary supervisor William Farrelly, Letterkenny Institute of Technology for his day-to-day support, great involvement and a huge amount of patience required to monitor my research. Thank you Billy, without your help this project would not have come to a successful end – it wouldn‟t even have started. Secondly, I would like to appreciate the help received from the co-supervisor Prof. Paul McKevitt, University of Ulster and my team-mate Markus Korbel who gave me many useful research hints and had to put up with me on a daily basis. I would also like to thank Mark Leeney for the mathematical-related help as well as Ruth Lennon, Liam McIntyre and the colleagues of the WiSAR project for the help with collecting research sources. I also like to express my gratitude for the help of Dr. David Gray, Cora Tine Teo and Dr. Damien McKeever, Cora Tine Teo who introduced me to the wonderful world of fight-for-a-byte microcontroller programming. I can‟t forget to thank people who greatly contributed to the field of the constrained devices security, especially Dr. Pedro Peris Lopez, Delft University of Technology and Dr. François-Xavier Standaert, Université catholique de Louvain who sacrificed his time to clarify some uncertainties. Their work was a backbone to the implementation part of this project. Finally, I would like to thank my mother Ewa and my fiancée Marta Szymańska who had to put up with my daily complaints about the workload I undertook and helped me to find the time for this. III Abstract This dissertation examines the theoretical context for the security of wireless communication between ubiquitous computing devices and presents an implementation that addresses this need. The number of Resource-Limited Wireless Devices utilized in many areas of the IT industry is growing rapidly. Some of the applications of these devices pose real security threats that can be addressed using authentication and cryptography. Many of the available authentication and encryption software solutions are predicated on the availability of ample processing power and memory. These demands cannot be met by the majority of ubiquitous computing devices, thus there is a need to apply lightweight cryptography primitives and lightweight authentication protocols that meet these demands in any application of security to devices with limited resources. The analysis of the lightweight solutions is divided into two major sections: Lightweight Authentication Protocols and Lightweight Encryption Algorithms. Further sections of this work describe the proposed prototype‟s Wireless Sensor Network including a study of its limitations. A number of protocols in the field of Authentication and in the field of Encryption are analyzed. The Gossamer Authentication Protocol and the Scalable Encryption Algorithm (SEA) are chosen as the basis of prototype implementation in the C- language on a development platform of the 8051-compatible Nordic Semiconductor nRF9E5 microcontroller. A security framework is developed that combines the attributes of the Gossamer protocol and the SEA to provide an implementation of inter-device security. The Gossamer Protocol is additionally used as a means of exchanging session keys for use with the SEA encryption protocol. A brief performance analysis of the prototype running on the nRF9E5 microcontroller is provided by way of conclusion. The resuls of the software implementation of the Gossamer were unsatisfactory both in terms of the code space needs (approximately 1700 bytes excluding shared libraries) and the execution time (almost 150 milliseconds). In contrast, the SEA implementation‟s results were satisfactory above expectations with the code space requirements smaller than 600 bytes (excluding shared libraries) and the performance of 27 milliseconds per one 96-bit block of data. IV Table of Contents Declaration ................................................................................................................. II Acknowledgements ................................................................................................... III Abstract ..................................................................................................................... IV List of Figures ........................................................................................................... VII 1. Introduction .......................................................................................................... 1 1.1 Project Background ....................................................................................... 1 1.2 Risk Analysis - Pharmaceutical Industry Example ......................................... 2 1.3 Objectives ...................................................................................................... 3 1.4 Research Hypothesis .................................................................................... 4 1.5 The structure of the Thesis ............................................................................ 4 2. Security in Wireless Resource-Limited Devices .................................................. 5 2.1 General Statement of the Problem ................................................................ 5 2.2 Authentication ................................................................................................ 5 2.2.1 Authentication with Resource-Limited Devices ....................................... 6 2.2.2 Known and possible attacks.................................................................... 7 2.2.3 Identified protocols effective in the context of Infrastructure Wireless Sensor Network (IWSN) ...................................................................................... 8 2.3 Encryption.................................................................................................... 26 2.3.1 Problem of Encryption in the context of IWSN ...................................... 26 2.3.2 Known and possible attacks.................................................................. 27 2.3.3 Identified algorithms effective in the context of Infrastructure WSN ...... 28 3. Resource-Limited Devices ................................................................................. 32 3.1 IWSN introduction. ....................................................................................... 33 3.2 Description of the technical problem of authentication and encryption in the context of the IWSN. ............................................................................................. 36 3.3 What are the specific problems associated with Resource Limited Devices 36 3.4 Technical description of the processor and its implications for effective security implementation ........................................................................................ 38 3.5 Technical description of the memory structure and its limitations for effective security implementations ....................................................................................... 39 3.6 Technical description of the radio transceiver and its limitations for effective security implementations ....................................................................................... 41 V 3.7 Overcoming limitations: Code Banking on the nRF9E5 ............................... 42 4. Implementation .................................................................................................. 46 4.1 Hardware-related requirements for the implementation ............................... 46 4.2 Integrated Development Environment (IDE) and Hardware utilised. ........... 46 4.3 Design - algorithms for both authentication and encryption ......................... 47 4.4 Coding - Main elements of code explained .................................................. 50 4.4.1 Gossamer Implementation .................................................................... 51 4.4.2 Scalable Encryption Algorithm (SEA) Implementation .......................... 57 4.5 Testing ......................................................................................................... 62 4.5.1 Testing environment ............................................................................. 62 4.5.2 One Round Step-By-Step Test ............................................................. 62 4.5.3 Long-term test ......................................................................................