late a lightweight
play

LATe: A Lightweight cole Mines-Tlcom Authenticated Time - PowerPoint PPT Presentation

Nov 02, 2022 •323 likes •742 views

IMT Atlantique Bretagne-Pays de la Loire LATe: A Lightweight cole Mines-Tlcom Authenticated Time Synchronization Protocol for IoT Renzo E. NAVAS, Laurent TOUTAIN Table of contents 1/26 1 Problem Statement and SoA 2 LATe Protocol 3

  1. IMT Atlantique Bretagne-Pays de la Loire LATe: A Lightweight École Mines-Télécom Authenticated Time Synchronization Protocol for IoT Renzo E. NAVAS, Laurent TOUTAIN

  2. Table of contents 1/26 1 Problem Statement and SoA 2 LATe Protocol 3 Formal Verification 4 Real World Issues 5 Comparison to other protocols 6 Perspectives and Conclusion InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  3. Problem Statement 2/26 Why do we need time synchronization? Timestamp measurements (application data) Validate cryptographic credentials (e.g. OAuth tokens) Is a way to assure freshness of transactions InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  4. Problem Statement 3/26 why do we need secure time synchronization?

  5. Problem Statement 4/26 Modified from Source: Ben Stansall / AFP - Getty Images file.

  6. Problem Statement 5/26 What happens if the source of time of a system is not secure? None of the aforementioned use cases could be guaranteed (i.e. can be attacked). Security bootstrapping problem Many security services rely on synchronized time. How to securely synchronize time? A leap of faith needed... (make it short) InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  7. State of the Art: Standards 6/26 Patches to well-known standards: • Annex K for Precision Time Protocol (PTP). Network Time Protocol (NTP) symmetric key authentication scheme and Autokey . IETF Network Time Security (NTS) [1] work-in-progress. Current Standards are not optimized for IoT. • e.g. NTS at least 4 messages (2 cookie + 2 sync). Not compact representations. Focused on precision. Work done for Wireless Sensor Networks: • Similar constraints. Lack of standard, will compare later. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  8. Proposed Solution 7/26 LATe Synchronization Protocol InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  9. LATe: Protocol Goals 8/26 Functional Goal : Provide a Time Client with the time representation from a trusted Time Server. Non-goal : Precise time synchronization. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  10. LATe: Protocol Goals 9/26 Security Goals : • Data Authentication/Integrity • Freshness (i.e. no replay attack) Design Goals : • Lightweight (minimize energy ). • Agnostic to underlying layers • Cryptographic agility • Built upon standards InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  11. LATe Messages Exchange 10/26 protocol LATe synchronization protocol K CS K CS Time Client Time Server fresh N C ID C , N C N C , Time S , MAC K CS ( N C , Time S ) sync Time Figure: LATe Synchronization Protocol Diagram. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  12. Time Synchronization Calculation 11/26 RTT = T Msg 2 − T Msg 1 Time Client = Time S + RTT 2 Uncertainity ± RTT 2 InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  13. Message Encoding: IoT Standards! 12/26 CBOR : Concise Binary Object Representation [RFC7049] for Data representation COSE : CBOR Object Signing and Encryption [RFC8152] for Security Services (i.e. the MAC’ed response) InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  14. Message Encoding: IoT Standards! 13/26 Application: Two new CBOR Maps (Key-Value pairs) • TIC Information • TOC Response Security: TOC Response will be authenticated using a COSE_Mac0 structure InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  15. Message Encoding: TIC 14/26 Parameter name CBOR Key Value Type Description nonce 4 binary string A random nonce Key-ID is an opaque value and identifies the kid 5 binary string cryptographic key to be used in the response Identifies the crypto- alg 6 int graphic algorithm to be (optional) used in the response Identifies the intended server 7 string Server for time synchro- (optional) nization (Absulute URI) Table: CBOR Map "TIC Information" object definition InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  16. Message Encoding: TIC 15/26 { nonce:h'73616E206C6F7265', kid :h'0001', alg :4 /*HMAC w/SHA-256 truncated to 64 bits*/ } Listing 1: TIC Information on CBOR diagnostic notation. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  17. Message Encoding: TIC 16/26 D83B # tag(59) (TIC Info.) A3 # map(3) 04 # unsigned(4) (=nonce) 48 # bytes(8) 73616E206C6F7265 # Nonce Value 05 # unsigned(5) (=kid) 42 # bytes(2) 0001 # Key-ID Value 06 # unsigned(6) (=alg) 04 # unsigned(4) Listing 2: TIC Information CBOR object (19 Bytes). InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  18. ... what about the security goals?

  19. Formal Method Verification 18/26 Formal Method (vs. provable secure) Scyther tool Dolev-Yao attacker model, black box cryptography Automatic proofs InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  20. Formal Method Verification: Results 19/26 Data authentication-integrity: OK. Freshness? • Not enough to prove it! • Must prove injective synchronization property. . Figure: Scyther Results

  21. Is never enough... real world 20/26 From a model to real world: simplifications, abstractions, generalizations. a model does not map 1 to 1 with reality can the use case live with that? • NASA Apollo Moon Missions where ok with newtonian physics and simplifications (only one gravitational body considered; jupiter, venus off) can security? • your system is secure.. with 99% provability. • how a proof on a model translates to reality? means that axioms and logic of deduction are valid (leap of faith?). epistemology, philosophy of science [2] (inductivism, falsifiability)

  22. Is never enough... real world 21/26 Real Nonces/Crypto • Finite length: birthday attack, pre-play attack. • True Random? YES/NO • Avoid randomness altogether (auth. 1st msg. LATe v2) Real attackers • real humans, AI-powered cyberattacks. • attacker model enough? Real systems • software, implementations, bugs • hardware, internal time representation, bugs • side-channel attacks

  23. why is LATe lightweight?

  24. Comparison to other protocols I 23/26 Figure: Secure Time Synchronization protocols baseline comparison InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  25. Comparison to other protocols II 24/26 Standards : NTS 268 Bytes; PTP-K 512 Bytes. WSN Best : SPS 41 Bytes. LATe : 30 Bytes. 25% less TX/RX than SPS. • Minimizing energy consumption is our priority. • Radio TX/RX is the most energy consuming activity. • �→ Minimizing Radio TX/RX is our priority. Trade-off energy vs time precision. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  26. Perspectives and Conclusion 25/26 Gap protocol designers and cryptography • Computer verif tools shortens the gap. TLS 1.3 design. IoT needs time synchronization, but no standard exists. LATe offers authenticated end-to-end, coarse-grained solution. Go for an IoT secure time sync. open protocol? • IETF-draft https://datatracker.ietf.org/doc/ draft-navas-ace-secure-time-synchronization/ InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  27. The End 26/26 Thank you! Questions?

  28. Appendix

  29. LATe v2 2/13 protocol LATe synchronization protocol v2 K CS K CS Time Client Time Server fresh N C ID C , N C , MAC K CS ( ID C , N C ) Time S , MAC K CS ( ID C , N C , Time S ) sync Time Figure: LATe Synchonization Protocol V2. InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

  30. LATe Embedded on IETF Ace Framework I 3/13 Auth. Server Client Resource Server (Time Server) | (Time Client) | | | | +------ Res. Req.----->+ | | | | | | | +<-4.01 Unauthorized---+ | | (TIC Info) | +<---LATe MSG1-----+ | | | | | | | +----LATe MSG2---->+ | | | | | +-------POST /time---->+ /time | | (AUTH TOC Response) | | | | | +<----2.04 Changed-----+ | | | + + + Figure: LATe on IETF ACE Scenario 1 InterOSS 2018 Renzo E. Navas LATe: A Lightweight Authenticated Time Synchronization Protocol for IoT IMT Atlantique

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
Catching Idlers with Ease: A Lightweight Wait-State Profiler for MPI Programs Guoyong Mao, David

Catching Idlers with Ease: A Lightweight Wait-State Profiler for MPI Programs Guoyong Mao, David

Catching Idlers with Ease: A Lightweight Wait-State Profiler for MPI Programs Guoyong Mao, David Bhme, Markus Geimer, Marc-Andr Hermanns, Daniel Lorenz and Felix Wolf Petascale Tools Workshop, Madison, WI, USA, August 4, 2014 Late sender

504 views • 29 slides
Late binding Ch 15.3 Highlights - Late binding for variables - Late binding for functions

Late binding Ch 15.3 Highlights - Late binding for variables - Late binding for functions

Late binding Ch 15.3 Highlights - Late binding for variables - Late binding for functions Review: Derived classes Today we will deal more with inheritance Mainly we will focus on how you can store a child class in a parent container (sort

550 views • 30 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K. Schramm Workshop on Fast Software Encryption 2007 Outline Introduction Why lightweight? Why choose DES? DESL: DES Lightweight Why change DES?

364 views • 12 slides
Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background:

Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background:

Hermes: A Language for Lightweight Encryption Torben gidius Mogensen RC 2020 Background: Lightweight Encryption Lightweight: Meant to be fast. Symmetric key: Same key used for encryption and decryption. Used in embedded systems, browsers,

300 views • 12 slides
Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and

Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and

Lightweight Cryptography and and RFID Security Svetla Nikova COSIC KUL COSIC, KULeuven and UTwente d UT t Overview Lightweight cryptography - state of the art Comparison Standard vs. Lightweight Comparison Standard vs. Lightweight

599 views • 39 slides
NRHS Late Starts and Class Sizes April 6, 2016 1 Late Start Key Questions How have late

NRHS Late Starts and Class Sizes April 6, 2016 1 Late Start Key Questions How have late

NRHS Late Starts and Class Sizes April 6, 2016 1 Late Start Key Questions How have late starts been used at NRHS this year? What has been the staff, parent, and student reaction to late starts? What is proposed for the 2016-17 year?

424 views • 16 slides
Lightweight Session Programming in Scala Alceste Scalas Nobuko Yoshida Theory and Applications

Lightweight Session Programming in Scala Alceste Scalas Nobuko Yoshida Theory and Applications

t i f a c r t A C o m p * t * l e * n t e e * A s t P i W s E n e O o C l l C D O * o * e c C s u u m E e e E R n * o e t v t y s d d a E * a e u l t a Lightweight Session

1.08k views • 62 slides
You've Got Mail Problems: The Safety Net For 'Late' Proposals By Amy Conant The U.S. Government

You've Got Mail Problems: The Safety Net For 'Late' Proposals By Amy Conant The U.S. Government

You've Got Mail Problems: The Safety Net For 'Late' Proposals By Amy Conant The U.S. Government Accountability Office takes a hard line when it comes to proposal submissions: Late is late. This policy often proves frustrating to contractors who

216 views • 3 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides
Container-based virtualization Process-level Extensively used in Lightweight virtualization

Container-based virtualization Process-level Extensively used in Lightweight virtualization

C NTR Lightweight OS Containers Jrg Thalheim, Pramod Bhatotia Pedro Fonseca Baris Kasikci USENIX ATC 2018 Container-based virtualization Process-level Extensively used in Lightweight virtualization production isolation Namespaces

250 views • 22 slides
Upstream Graphics: Too Little, Too Late Upstream Graphics: Too Little, Too Late Daniel Vetter,

Upstream Graphics: Too Little, Too Late Upstream Graphics: Too Little, Too Late Daniel Vetter,

Upstream Graphics: Too Little, Too Late Upstream Graphics: Too Little, Too Late Daniel Vetter, Intel OTC @danvet LPC 2019, Lisbon Everything Great About Upstream Graphics: Too Little, Too Late Upstream Graphics: Too Little, Too Late Daniel

365 views • 25 slides
Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez

Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez

Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez Blanter, Ferenc Balla, Matthijs Steen, Ruben Meerkerk, Ratih Ngestrini [ Faculty of Science Information and Computing Sciences] 1 Scala and Lightweight

1.33k views • 56 slides
The DES he DES LA LATE TE Trial rial Cheol Whan Lee, MD, Seung-Jung Park, MD, PhD, On Behalf

The DES he DES LA LATE TE Trial rial Cheol Whan Lee, MD, Seung-Jung Park, MD, PhD, On Behalf

Optimal Duration of Clopidogrel Therapy with DES to Reduce Late Coronary Arterial Thrombotic Event The DES he DES LA LATE TE Trial rial Cheol Whan Lee, MD, Seung-Jung Park, MD, PhD, On Behalf of the DES LATE Investigators Division of

620 views • 32 slides
Econ 2148, fall 2017 Instrumental variables II, continuous treatment Maximilian Kasy Department

Econ 2148, fall 2017 Instrumental variables II, continuous treatment Maximilian Kasy Department

Instrumental variables Econ 2148, fall 2017 Instrumental variables II, continuous treatment Maximilian Kasy Department of Economics, Harvard University 1 / 35 Instrumental variables Recall instrumental variables part I Origins of

627 views • 35 slides
Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable

Is it too late for PAKE? John Engler (UC Berkeley) Chris Karlof Elaine Shi Dawn Song (Usable Security (PARC) (UC Berkeley) Systems) What is PAKE? Password Authenticated Key Exchange 1 Enter Password 2 Crypto

206 views • 9 slides
LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago

LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago

Main: Defining LATE Example of Normal Model Nonparametric Identification of the Roy Model LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago Extract from: Building Bridges Between Structural and

1.01k views • 88 slides
LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago

LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago

LATE and the Generalized Roy Model: Some Relationships James J. Heckman University of Chicago Extract from: Building Bridges Between Structural and Program Evaluation Approaches to Evaluating Policy James J. Heckman (JEL 2010) Econ 312,

875 views • 66 slides
Exploring Marginal Treatment Effects Flexible estimation using Stata Martin Eckhoff Andresen

Exploring Marginal Treatment Effects Flexible estimation using Stata Martin Eckhoff Andresen

Exploring Marginal Treatment Effects Flexible estimation using Stata Martin Eckhoff Andresen Statistics Norway Oslo, September 12th 2018 Martin Andresen (SSB) Exploring MTEs Oslo, 2018 1 / 25 Introduction Motivation Instrumental variables

715 views • 25 slides
Doing More When Youre Running LATE: Applying Marginal Treatment Effect Methods to Examine

Doing More When Youre Running LATE: Applying Marginal Treatment Effect Methods to Examine

Doing More When Youre Running LATE: Applying Marginal Treatment Effect Methods to Examine Treatment Effect Heterogeneity in Experiments Amanda E. Kowalski Associate Professor, Department of Economics, Yale Faculty Research Fellow, NBER

1.19k views • 100 slides
State Fiscal Stabilization Fund (SFSF) Closeout and Late Liquidation August 2011 Agenda 2

State Fiscal Stabilization Fund (SFSF) Closeout and Late Liquidation August 2011 Agenda 2

State Fiscal Stabilization Fund (SFSF) Closeout and Late Liquidation August 2011 Agenda 2 Closeout procedures Late liquidation requests SFSF monitoring Resources and Q&amp;A Closeout procedures 3 Key information for SFSF

361 views • 20 slides
Instance Search Task Wenhui Jiang (jiang1st@bupt.edu.cn) Zhicheng Zhao, Fei Su, Mei Liu,

Instance Search Task Wenhui Jiang (jiang1st@bupt.edu.cn) Zhicheng Zhao, Fei Su, Mei Liu,

BUPT-MCPRL at Trecvid2015 Instance Search Task Wenhui Jiang (jiang1st@bupt.edu.cn) Zhicheng Zhao, Fei Su, Mei Liu, Shanwei Zhao, Anni Cai MCPR Lab Beijing University of Posts and Telecommunications Brief Overview Three local features

393 views • 16 slides

More recommend