Published on February 22, 2014
Sizzle: SSL on Motes Vipul Gupta, Sun Labs (Joint work with S. Chang Shantz, H. Eberle, S. Fung*, N. Gura, M. Millard*, A. Patel*, A. Wander*, M. Wurm*, Y. Zhu*) *Student intern CENTS Retreat, Granlibakken Conference Center, Tahoe City, Jan 12-14, 2005
Outline • • • • • Sensor network security background Elliptic Curve Cryptography (ECC) overview Sizzle (Slim SSL) – HTTPS server on motes Demo Conclusion 2
Sensor Network Security • General perception: public-key cryptography is impractical • Previous symmetric-key based approaches: • Key distribution problem • Link level security (not end-to-end) • Compromising a few nodes jeopardizes security of entire network • Sizzle: Standards-based end-to-end security architecture (ECC + SSL) 3
Elliptic Curve Cryptography • Computationally highly efficient public-key cryptosystem, highest security strength per bit • Savings in memory, Sym. 80 112 128 192 256 RSA 1,024 2,048 3,072 7,680 15,360 ECC 160 224 256 384 521 Ratio MIPS yrs 1012 6:1 1024 9:1 1028 12:1 1047 20:1 1066 30:1 bandwidth, power • Advantage improves as security needs increase • Endorsed/standardized by NIST, ANSI, IEEE, IETF • Good match for AES More information: http://research.sun.com/projects/crypto/ 4
ECC on Small Devices Berkeley/Crossbow MICA “mote” ECC (8-bit, Atmel ATmega processor, 128KB FLASH, 4KB SRAM, 4KB EEPROM) ECC secp160r1 ECC secp224r1 RSA 1024 (pub**) RSA 1024 (priv) RSA-2048 (pub**) RSA-2048 (priv) Time* (s) 0.81 2.19 0.43 10.99 1.94 83.26 RSA priv 90 80 70 Data bytes 282 422 542 930 1332 1853 Code bytes 3682 4812 1073 6292 2854 7736 * 8MHz Atmel ATmega ** e=65537 More information: Gura et al., CHES 2004 paper Time (sec) Algorithm RSA pub 38x 60 50 40 30 20 13x 10 0 Current Future Security levels 5
Sizzle Overview • World's smallest secure web server • Uses ECC key exchange in SSL* • Interoperates with ECC-enabled Mozilla/Firefox/OpenSSL • Lowers barrier for connecting interesting new devices to the Internet, and controlling/ monitoring them securely *Based on IETF internet-draft draft-ietf-tls-ecc-xx.txt 6
Sizzle Features • Uses 160-bit ECC (on curve secp160r1) • ECDH-ECDSA-RC4-SHA cipher suite • Minimizes SRAM memory usage and SSL handshake overhead, e.g. • Static info stored in program memory • Small session identifiers, certs • Implements session reuse, persistent HTTP(S) 7
Sizzle Architecture and Statistics Gateway Sensors/ Actuators Monitoring station TCP/IP RS232 Sizzle on “mote” End-to-end security with SSL • Memory usage from objdump: ~3KB (RAM), ~60KB (FLASH) on Mica2 mote • Page load time in sec (450-byte HTTPS transfer on Mica2 w/ Tiny OS 1.1.6): Full Handshake RSA ECC 16.8 4.9 Session Persistent Reuse HTTP(S) 2.9 1.1 Plain HTTP 0.9 8
Performance Details (RSA) RSA decryption dominates Handshake Data Transfer 9
Performance Details (ECC) Reduces cost of public-key operation in full handshake Handshake Data Transfer 10
Performance Details (Session Reuse) Eliminates public-key operation, still incurs cost of abbreviated handshake Handshake Data Transfer NOTE: In data transfer phase, bulk encryption/authentication overhead is dwarfed by transmission time. 11
Performance Details (Persistent HTTPS) • Amortizes the cost of an SSL handshake (full or abbreviated) across multiple data transfers Gateway Client Mote Time Establish TCP Connect to Mote SSL Handshake HTTP Request and Response n HTTP Request and Response n+1 HTTP Request and Response n+2 12
Sizzle Demonstration • ECC-enabled Mozilla communicating with Sizzle • Secure monitoring and control of a “wireless thermostat” • Comparison of ECC v/s RSA-based handshake • Impact of session reuse and persistent HTTP(S) 13
Takeaway Elliptic Curve Cryptography (ECC) makes public-key cryptography feasible on mote-like devices and creates the opportunity to reuse standard security protocols on the “embedded” Internet. 14
References • V. Gupta et al., “Sizzle: A Standards-based end-to- end Security Architecture for the Embedded Internet”, PerCom 2005, Mar. 2005* • N. Gura et al., “Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs”, CHES 2004, Aug. 2004 • V. Gupta et al., “ECC Cipher Suites for TLS”, IETF internet-draft, Dec. 2004 • V. Gupta et al., "Integrating Elliptic Curve Cryptography into the Web's Security Infrastructure", WWW 2004, May 2004 *Mark Weiser Best Paper Award at PerCom 2005 15
firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com http://research.sun.com/projects/crypto
This presentation describes Sizzle, the world’s smallest secure web server. ... SSL on Motes (The World's Smallest Secure Web Server) Download. of 16
Sizzle: SSL on Motes Vipul Gupta, Sun Labs (Joint work with S. Chang Shantz, H. Eberle, S. Fung*, ... • World's smallest secure web server
Sizzle is believed to be the world's smallest secure Web server created ... motes ," which are battery ... creation of a complete Web server stack with SSL
... platforms like the Berkeley/Crossbow " motes ... a complete secure Web server stack including SSL, ... the world's smallest secure Web server ...
SAP Note 510007 Setting up SSL on Web Application Server ... up SSL on the Web Application Server ... Motes (The World's Smallest Secure Web Server) ...
Sizzle is the world’s smallest secure web server ... The Mini Web Server with SSL ... Time taken for three kinds of SSL handshake on different motes ...
... A Standards-based end-to-end Security Architecture for the ... this is the world’s smallest secure web server ... The Mini Web Server with SSL ...
... A Standards-based End-to-End Security Architecture for the ... world’s smallest secure web server ... SSL in 0.4 seconds. Sizzle is the world’s ...