Considering Security For ZigBee Protocol Using

Download PDF
0 downloads 0 Views 269KB Size Report
Comment
Figure 1 shows the architecture of. ZigBee protocol stack. The protocol stack of ZigBee consist four layers, physical (PHY) layer, MAC layer, network and security ...
Considering Security For ZigBee Protocol Using Message Authentication Code Suhas Kulkarni

Uttam Ghosh

Department of Information Science M. Tech, NMAMIT College, Niite C-DAC Intern Bangalore, India [email protected]

C-DAC Bangalore, India [email protected]

Haribabu Pasupuleti Principal technical officer C-DAC Bangalore, India [email protected] Abstract—ZigBee is a wireless technology developed as an open global standard. ZigBee main characteristics include low-power, low-complexity and cost-effective. In this paper we propose a secure routing protocol that makes use of less expensive message authentication code (MAC) and aggregate message authentication code for ZigBee networks. It has many advantages over existing secure routing protocols as the propose protocol provides end-toend, hop-to-hop and whole route authentications in a path. Further the propose protocol provides security against Blackhole attack and even in presence of multiple malicious nodes. Performance analysis is carried out to compare the propose secured routing algorithm against existing secured algorithms like AES-128 based on AODV, RSA based on AODV, DSA based on AODV and AODV without security. Resulting performance analysis graph shows that the propose routing protocol has significantly less routing overhead and routing latency as compared to other existing routing protocols. Index Terms —ZigBee security, message authentication code, mac, common key, shared key, aggregation of mac, ZigBee, hop-tohop authentication, end-to-end authentication and whole route authentication.

I. INTRODUCTION

drain [3]. ZigBee is categorized as a Smart Energy Profile (SEP). SEP provides a set of standard interfaces and interoperability between defined devices. Figure 1 shows the architecture of ZigBee protocol stack. The protocol stack of ZigBee consist four layers, physical (PHY) layer, MAC layer, network and security layer and application layer. The first two layers are defined by IEEE 802.15.4 WPAN standard and the remaining two layers are defined by ZigBee. ZigBee supports star, tree and generic mesh topologies as shown in Figure 2.

Application Layer

Defined by ZigBee Alliance

Network and Security

Defined by IEEE 802.15.4

MAC Layer PHY Layer

ZigBee is a networking technology that belongs to internet of things (IOT) and its characteristics include low-power, lowcost and low-complexity. ZigBee technology is intended to be simpler and less expensive as compared to other Wireless Personal Area Networks (WPANs) such as Bluetooth or Wi-Fi. ZigBee is highly scalable as it has potential to communicate with more than thousands of devices at a time in a network [1]. It is typically used in low data rate applications that require long battery life and secure networking. Occurrence of attacks like Blackhole attack or Denial of Service (DoS) attacks leads to power drain during routing process. ZigBee uses limited power this enhances battery life when compared to other WSN technologies [2]. High encryption standard algorithms are not suitable for securing the ZigBee protocol because they are highly complex and require high processing that leads to power

Fig 1. ZigBee architecture (layers)

In ZigBee network, there is a special type of node called coordinator that initiates the network. The coordinator node acts as a trust center for authenticating the end devices joining the ZigBee network. The trust center maintains both the network key and link key for providing end-to-end security between devices. Only those end devices authenticated by the trust center will be allowed for communicating in ZigBee network [3]. In order to design an ideal routing protocol, apart from ZigBee security aspect, it should minimize the routing overhead and latency or else it may lead to power drain and subsequently

minimize the battery life. In this paper we propose a light weight secure routing protocol that provides ZigBee security with less overhead, latency and complexity.

integrity. Depending on different situation environment, Message Authentication Code is used to provide end-to-end privacy and sometimes we use hop-to-hop authentication to overcome power consumption constraint to reduce overhead [14]. The rest of the paper is organized as follows: System model and key distribution followed in this paper is given in Section II. In Section III we present our secure routing protocol, which is followed by Section IV, where performance comparison of the proposed protocol and existing secure routing protocols is evaluated through analysis. Finally, Section V concludes the paper. II. SYSTEM MODEL AND KEY DISTRIBUTION

Fig 2. ZigBee topologies

We discuss about the different scenarios about Blackhole attack and colluding attack by multiple malicious node [4, 5]. Firstly we discuss about the Blackhole attack, nodes in adhoc networks that displays anomalous behavior and tends to transmit false routing information [6] are called malicious nodes. The malicious node may broadcast false routing information for a shortest route towards destination. Upon receiving this false information the source node sends packets through these malicious nodes without knowing that the node is malicious. The malicious node can perform two activities; it may either drop the packets or disruptand break the shortest path towards destination. As a result of this the packets sent by the source node never reach to the destination node. Blackhole attack disrupt the route discovery process and drain the power of the node by providing extra overhead and packet delivery ratio [7]. Secondly we discuss the colluding attack by multiple malicious nodes in a network. If the consecutive nodes are malicious in a path then it is difficult to verify the authenticity of the nodes. Even these malicious nodes may not detected by the watchdog protocol [8]. However, our proposed secured routing protocol overcome this and discusses the technique to withstand against multiple malicious nodes. Our proposed secured routing protocol is based on wellknown Ad-hoc On demand Distance Vector (AODV) routing protocol [9] that offers quick adaptation to dynamic link conditions, low processing, memory overhead, low network utilization and determines unicast route to the destination. AODV mainly designed for mobile ad hoc networks [10-13], a non-demand route acquisition algorithm that broadcasts route discovery packets during routing path establishment and unicast it towards the destination node. To the best of our knowledge, not many works have been done to provide Security to ZigBee.MAC aggregation [13] means every MAC from previous node is aggregated and forwarded to next nodes. MAC aggregation could be average, sum, ex-or etc. Main goal of data aggregation is to provide end-to-end privacy and aggregate

Table I presents notations and their abbreviation used in the proposed routing protocol. Key distribution is carried out by the trust center elected by end devices. To achieve the authentication process in secured routing protocol, we consider the following assumptions before deployment of network.   

Two keys are used, namely Common Key and Shared Key by all the nodes in the network. Secured key distributed. Every node that needs to be authenticated will have one Common key and (N-1) shared key.

Consider an example scenario consisting of 3 nodes in the network namely N1, N2 and N3. All the nodes N1, N2, N3 would have only one single Common Key called K. The Shared Keys K12 and K13 are shared between nodes N1 and N2 and between nodes N1 and N3 respectively. III. PROPOSED SECURED ROUTING PROTOCOL The proposed secured routing protocol schema for ZigBee network is secured against multiple malicious nodes and reduces overhead and latency. Proposed Secured routing protocol provide end-to-end authentication, hop-by-hop authentication and whole route authentication. End-to-end authentication is provided by source node during broadcast process towards destination node with the help of Shared Key. Hop-by-Hop Authentication is achieved by unicasting from destination node towards source node. Finally, the Whole route authentication is achieved by flooding the route request and authenticating node using Common Key. Assume internal malicious node or nodes in the path exists, then every node has to go through verification process twice. Firstly, when broadcasting towards the destination. Secondly, when unicasting towards the source node. Each successive node in path verifies the previous Message Authentication Code (MAC) using Common Key K. every node authentication is done using MAC with the help of Common key and then Shared

Key. This achieves every node authenticated using MAC. TABLE I. Notations and abbreviations used in proposed algorithm Notations

Abbreviation

K

Common key

KAB

Key shared between nodes A and B

I

Intermediate nodes between source and destination

RREQ

destination Route request

RREP

Route reply

S

Source

D

Destination Massage authentication code generatedby hashing

MAC`s

RREQ plusK MACsD

Massage authentication code generated by hashing the RREQ plusKab Aggregation of MAC received from success u

MACAI

intermediate node Mac generated by hashing theroute request/route

MACG

reply of previous node plusK MACGs/MACG

MAC generated by hashing theroute request/route reply of Source/Destination node

D

Algorithm 1: Source Node

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

At The Source Node Generate RREQs; Generate MACs` ← H(RREQs,K); Generate MACsd ← H(RREQs,Ksd); Broadcast ← (RREQs+MACs`MACsd); Set timer ; for(i=1 : i≤D : i++) if(MAC` i….D==MACG`) MAC` i….D is authenticated; else Drop RREQi…D end if recive ← (RREPi+MAC`i…D+,MACAi…D) then Generate MACG ←H(RREQi-1,K); if (MAC`i-1==MACG) Send data ; else Drop RREPi-1; end end

Proposed Secured routing protocol has three algorithms: Algorithm 1 is for Source node, Algorithm 2 for an Intermediate node and Algorithm 1 for Destination node. In the first step, Source node generates three main parameters to determine the path towards the destination they are Firstly, Route Request, Secondly MAC using Common Key K and finally, MAC using

Shared Key Ksd (key shared between source and destination). All these 3 parameters are broadcasted towards destination. After the path is determined destination node unicast towards source node. During unicasting process source node will receive three functional parameters they are Firstly Route Reply, Secondly Aggregated MAC and Finally MAC using Common Key. Source node will provide End-to-End authentication using Shared Key Ksd and Whole route authentication is carried out by source node. If verification is successful then route is considered secured and initiates data transmission. If in case verification fails consider if any one of the parameters fails then node drops the packets and needs to resend all the three parameters to determine path. Algorithm 2: Intermediate Node At the intermediate node 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

if receive ← (RREQi-1+MAC`i-1+MACsd) then Generate MACG ←H(RREQi-1,K); If(MAC`i-1==MACG) Generate MAC`i=H(RREQi,K); else Drop RREQi-1; end Broadcast ← (RREQi+MAC`i+MACsd); end if receive ← (RREPi-1+MAC`i-1+MACA i-1) then Generate MACG ←H(RREQi-1,K); if (MAC`i-1==MACG) Generate MACi =H(RREPi, k); else Drop RREPi-1; end goto step 13; aggregate MACA i=MACi + MACA i-1; Generate MACi`= H(RREPi,K); Unicast towards source node←(RREPi+MACAi+MAC`i); end

Algorithm 3: Destination Node At destination 1 if receive ← (RREQi+MAC`i+MACsd) 2 Generate MACG ; 3 if (MAC`i== MACG) 4 MAC`i is authenticated; 5 else 6 drop RREQi; 7 end 8 update RREQi to RREQs ; 9 Generate MACU ←H(RREQs,Ksd); 10 if (MACsd==MACU) 11 source is authorized; 12 end 13 Generate RREP¬D ; 14 Generate MAC`D ← H(RREPD,K); 15 Generate MACsd ← H(RREPD,KsD); 16 Unicast at src node ← (RREPD+MAC`D +MACsD); 17end

Second step intermediate nodes: It refers to all other nodes apart from source node and destination node. Here, each node

will receive route request and route reply. While broadcasting towards destination intermediate nodes will receive three functional parameters they are firstly Route Request, Second MAC using Common Key [K] and finally MACsd [generated with the help of Ksd] is forwarded between intermediate nodes and verified at the destination. Successive intermediate nodes would verify MAC [Common Key K] and it generates its very own MAC using Common Key K. While unicasting towards source node the intermediate nodes will receive 3 parametersthey are route reply, aggregated MAC of successive intermediate nodes using shared key and MAC using respective Common Key K. Every node gets verified with MAC and generates its very own MAC using both Common Key and Shared Key finally aggregated and transmitted towards the source node. Third and finally step destination node: It receives multiple paths Route Request, MAC and MACsd. Initially it would verify the MAC using Common Key. Next, Source verification is done using MACsd at destination that provides End-to-End Verification done using the Shared Key between source and destination. Destination node will determine the feasible path using standard AODV protocol. Finally destination node will generate 3 functional parameters they are Route Reply, MAC using Common Key and MAC using Shared Key that is unicasted towards the destination.

Fig 3. Example scenario.

This scenario discusses about multiple malicious node attacks and the way proposed routing protocol withstand against those attacks. We consider Figure 3 for the purpose of illustration where ‘S’ and ‘D’ are source and destination nodes and 1, 2, 3 and 4 are four intermediate nodes. Case 1: Blackhole attack: Here, a malicious node claims itself of having shortest path to destination node. Anyone of these cases may take place it may drop the packets [15], it may not have the shortest path to destination node or it may not forward packets to its neighbors [16]. Proposed Secured routing protocol overcomes these attacks let us consider node-1 is malicious then it would not have Shared Key and Common Key K. If in case packets are dropped the timer has been set to know packet has been lost in the routing process. Consider the case where node1, sends false routing information to its neighboring nodes, verification of previous nodes are carried out by the neighboring nodes. Node1 fails verification process it considered as malicious node. Case 1a: Consider node 3 in figure is malicious node it would declare itself as destination to other nodes. In this case it would not be having Shared Key [Ksd]. So, during authentication process the neighboring nodes and source node detects that a

Shared key is not authorized in MAC verification process. All the above cases discuss and conclude the way proposed secured routing protocol with stands against Blackhole attacks. Case 2: Consider node 2 and node 4 are malicious then node 3 would be authenticated by node 2 and node 4 would be authenticated by destination node D. But performing this process multiple malicious nodes can be detected.

Fig 4. Example scenario when two nodes are malicious.

Case 3: Consider the above scenario, as shown in Figure 4, for multiple malicious nodes where node 2 and node 3 both are malicious. During unicast process destination node decides the transmission path to source node. Source node verifies the whole transmission path using respective Shared Key such as Kds, K4s, K3s, K2s and K1s. Every node in transmission path should be authenticated by its adjacent nodes. The proposed secured routing algorithm improves security features for multiple malicious nodes. IV. PERFORMANCE ANALYSIS This section carries out performance analysis study to compare between different routing protocols by referring to the simulated results [13, 17]. Proposed Secured routing protocol is compared with AODV without security, AES-128 based on AODV, RSA [18] based on AODV and DSA [19] based on AODV routing protocol. In this study we consider two parameters routing latency and routing overhead [13] to compare different routing protocol performance analysis. Here the routing latency of a routing protocol is the time delay to establish a valid secure route. In case of a secure routing protocol, the routing latency includes the delay due to route discovery and additional security mechanisms used by the protocol. The routing overhead is the total number of bytes that are transmitted over the network for establishing a secure route between source and destination nodes. A. Mathematical Analysis Initially we need to calculate the complexity of proposed secured routing protocol. Next we derive complexity and substitute numerical values in respective algorithms. Deriving complexity of routing latency for secure routing protocol: • • • •

Considering each node takes time t. Each intermediate node sends both Route Request (RREQ) and Route Replay (RREP) and takes time of 2(t1+t2). Source node sends route request and destination node sends route reply and takes time (t1+ t2). Considering n number of intermediate nodes then overall

complexity of routing latency takes time (t1+t2) + 2n (t1+t2).

and Route Reply (RREP) packets respectively. •

TABLE II. Referred complexity values [13, 17, 20] Algorithm/

Pub. (ms)

Sub. (ms)

Total (ms)

0.04

0.03

0.07

0.01

0.01

0.02

Protocol AES (128 bit) SHA-256 RSA (2048 bit)

59.00

2.04

61.04

DSA (1024 bit)

5.10

9.80

14.90

We substitute values to derive routing latency and complexity based on pre-determined values to arrive at observed performance analysis results. These observed performance analysis results are plotted in below graph. From this graph we can conclude that AODV without security having least complexity and above that proposed secured routing protocol has better complexity. Next, we compare proposed routing algorithm with other existing protocols and conclude that proposed secured routing protocol shows very less routing latency. In general as the number of nodes increases the latency also increases. We consider x-axis as the number of nodes like 2, 4, 6, 8 and 10 and Y-axis as routing latency. We calculate routing latency values for respective algorithms based on AODV. It can be seen in Figure 5 that as the number of node increases the routing latency also increases for all protocols under consideration. Further, we can observe that the proposed secured routing protocol has least latency and less complexity as compared to other existing secure routing protocols.

The routing overhead for the source node and the destination node are X and Y respectively.

• Consider there are n number of intermediate nodes then the overall routing overhead complexity would be (X+Y) + n(X+Y) or (n+1) (X+Y).

Fig 6. Routing overhead VS number of nodes

Figure 6 shows that as the number of nodes increases the routing overhead also increases. From this figure it is possible to conclude that proposed protocol has less routing overhead compared to other existing secure routing protocols. VI.

CONCLUSION AND FUTURE WORK

This paper proposes secured routing algorithm and it improves routing security mechanisms by introducing new techniques in proposed system. This mainly satisfies the ZigBee security requirement by using less expensive secured routing protocol. Security mechanisms used by the protocol are less expensive Massage Authentication Code (MAC) and aggregated MAC. Performance analysis of routing latency and routing overhead is carried out by comparing proposed secured routing protocol with other secured routing protocol and proposed routing protocol concludes better performance. Evaluation metrics used in this study are routing overhead and routing latency. Also discuss the illustration how proposed secured routing protocol is secured against multiple malicious node attack and blackhole attack. Further it also provides endto-end authentication, Hop-by-Hop authentication and whole route authentication. Fig 5. Routing latency vs number of nodes.

Deriving Complexity of Routing Overhead [13]: •

The routing overhead for each intermediate node is (X+Y), where X and Y denote the size of Route Request (RREQ)

ACKNOWLEDGMENT I would like to thank Durga Naik K and my parents Suresh H Kulkarni and Vidya Kulkarni for their constant support. I

would also extend my sincere thanks to sister Sushma Kulkarni and lastly my beloved friends.

mobile ad hoc networks," in Ad Hoc Networks, vol. 9, Issue 7, pp.13271342, Sept. 2011. [11] W. S. Alnumay and P. Chatterjee and U. Ghosh, "Energy Aware Secure Routing for Wireless Ad Hoc Networks," in IETE Journal of Research, vol. 60, no. 1, pp. 50-59, 2014.

REFERENCES [1]

Hongwei Li, ZhongningJia and Xiaofeng Xue, "Application and Analysis of ZigBee Security Services Specification," in Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on , vol.2, pp.494-497,2010.

[2]

ZigBee Alliance Document 053474r17. January, 2008.

[3]

G. Dini and M. Tiloca, "Considerations on Security in ZigBee Networks," in Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), IEEE International Conference on,June 2010.

[4]

P. Chatterjee, U. Ghosh, I. Sengupta, and S. K. Ghosh., "A trust enhanced secure clustering framework for wireless ad hoc networks," in SpringerWireless Network, vol. 20, no. 7, pp. 1669-1684, Oct. 2014.

[5]

U. Ghosh and R. Datta, "A Secure Addressing Scheme for Large-Scale Managed MANETs," in Network and Service Management, IEEE Transactions on , vol.12, no.3, pp.483-495, Sept. 2015.

[6]

S. Sibichen and S.Sreedhar, "An efficient AODV protocol and encryption mechanism for security issues in adhoc networks," in Emerging Research Areas and 2013 International Conference on Microelectronics, Communications and Renewable Energy (AICERA/ICMiCR), 2013 Annual International Conference on, 2013.

[7]

Gao Xiaopeng and Chen Wei. “A Novel Gray Hole Attack Detection Scheme for Mobile Ad-Hoc Networks”, 2007 IFIP International Conference on Network and Parallel Computing Workshops, pp. 209214, 2007.

[8]

[9]

“ZigBee Specification”,

S. Marti, T. J. Giuli, K. Lai, and M. Baker., "Mitigating routing misbehavior in mobile ad hoc networks," in Proceedings of the 6th annual international conference on Mobile computing and networking (MobiCom '00), ACM, New York, USA, pp.255-265, 2000.

C.E. Perkins and E.M. Royer, "Ad-hoc On-Demand Distance Vector Routing,"inProceedings of the Second IEEE Workshop on Mobile Computer Systems and Applications (WMCSA '99). IEEE Computer Society, Washington, DC, USA, 1999.

[10] U. Ghosh, R. Datta, "A secure dynamic IP configuration scheme for

[12] U. Ghosh and R. Datta, "Identity based secure AODV and TCP for mobile ad hoc networks, " in Proceedings of the 1st International Conference on Wireless Technologies for Humanitarian Relief, ACM, New York, USA, pp. 339-346, 2011. [13] U. Ghosh and R.Datta, "SDRP: Secure and dynamic routing protocol for mobile ad-hoc networks," in IET Networks, vol.3, no.3, pp.235-243, Sept. 2014. [14] C.H. Hauser,T. Manivannan and D.E. Bakken, "Evaluating Multicast Message Authentication Protocols for Use in Wide Area Power Grid Data Delivery Services," in System Science (HICSS), 2012 45th Hawaii International Conference on , vol., no., pp.2151-2158, 4-7 Jan. 2012. [15] F. Iqbal, M. I. K. Babar, M. H. Zafar and M. F. Zuhairi,"I-AODV: Infrastructure based Ad Hoc On- Demand Distance Vector Routing Protocol for Vehicular Ad Hoc Networks," in IEEE International Conference on Smart Instrumentation, Measurement and Applications (ICSIMA), Kuala Lumpur, Malaysia, November 2013. [16] T. Fan-Hsun, C. Li-Der and C. Han-Chieh, "A survey of black hole attacks in wireless mobile ad hoc networks," in Human-centric Computing and Information Sciences, vol. 1, no. 1, 2011. [17] A.C.F. Chan andC. Castelluccia, "On the (Im)possibility of aggregate message authentication codes," in Information Theory, 2008. ISIT 2008. IEEE International Symposium on, vol., no., pp.235-239, July 2008. [18] X. Zhou and X. Tang, "Research and implementation of RSA algorithm for encryption and decryption," in Strategic Technology (IFOST), 6th International Forum on, vol.2, no., pp.1118-1121, Aug. 2011. [19] U. Ghosh and R. Datta, “Identity based secure aodv and tcp for mobile ad hoc networks,” in Proc. of ACM ACWR, pp. 339–346, 2011. [20] B. Park and W. Lee, "ISMANET: A Secure Routing Protocol Using Identity-Based Signcryption Scheme for Mobile Ad-Hoc Networks," in IEICE Transaction Communication, vol. 88, no. 6, pp. 2548–56, 2005.