Security for Micro Server
Student name : Nguyen Thanh Hoa
Supervisor : Prof. Yoshiyasu Takefuji
Student ID : 80825511
Email : hoant@sfc.keio.ac.jp
ABSRACT
In recent years, the applications of ubiquitous sensors have become very important in the real world. However, it is dangerous if security crackers can access to the sensor nodes or micro servers because they can attack them. Therefore, the minimum security is needed in the ubiquitous sensor networks.
Researchers have focused on creating a small system composed of sensors and a micro server where it has a small sized memory, multi-function, low cost, but without security consideration. The security problem in the micro server is a challenging task because of the very limited flash memory. IPSec is our target where we can implement it for tiny microcontrollers. This paper describes the implementation of simple IPSec protocol for 8-bit flash microcontrollers that is suitable for very small sensors and micro server systems.
KEY WORDS - security, IPSec, sensor, micro server, 8-bit microcontroller.
1. Introduction
Nowadays, with the development of technology science, we can have small sensors and micro servers very easily. Security is an important issue when these devices are used in health care applications, home appliances and so on. However, researchers have focused on creating sensors and micro server has smaller size, multi-function, low cost so security is challenging tasks because of very small processors and very limited memory.
Cryptography is the art of secret writing. Cryptography guarantee security properties such as authentication or secrecy in the information exchange between users and server. This paper analyzes normal security methods using cryptography and then proposes a very simple IPSec protocol that can protect very small sensors and micro server.
2. Related Work
There are two main types of security for TCP/IP stack: security for application layer and security for network layer.
2.1 Security for application layer
To secure for application layer we can establish SSH - Secure Shell protocol by using 3DES for encryption and RSA for authentication. However, the significant parameters are the speed of execution, the difficulty of key generation and establishment of system parameters and the size of data to be stored made RSA is not suitable for securing the micro server.
2.2 Security for network layer
IPSec is a suitable protocol for securing network connections but it is complex protocol. This provides the ability to encrypt any higher layer protocol and authenticating each IP packet. IPSec offers the greatest flexibility of all the existing TCP/IP cryptosystems.
In IPSec, there are two main protocols to provide packet-level security: AH - Authentication Header and ESP - Encapsulating Security Payload. AH protocol provides integrity, authentication and non repudiation. ESP protocol provides confidential protection, authentication and integrity. This protocol has encryption and authentication. Authentication is optional but if we use encryption without authentication then ESP protocol is insecure and hackers can attack this connection [1].
Although a normal IPSec protocol is more complex than SSH, but is more feasible because we will propose a simple IPSec protocol as the following section.
3. Basic method
As we analyze IPSec protocol in previous section, ESP protocol has encryption and authentication and AH has only authentication. To have a very simple IPSec protocol from a complex IPSec protocol we have to simplify functions of IPSec protocol. ESP protocol is enough for securing connections between peers so establishing a simple IPSec protocol is only simple ESP protocol implementation.
Figure 1: A simple IPSec protocol.
RFC 4303 standard describes ESP in detail and ESP is complex protocol. For us, we can establish ESP protocol with one encryption algorithm which has high confidence and a hash function for authentication which has smallest code size.
DES now is insecure that many papers mentioned. However, AES algorithm is fast in both software and hardware, easy to implement and requires little memory. In recent years, AES is deployed on a large scale. Therefore, we choose only AES algorithm for encryption in ESP protocol.
We can see a simple IPSec protocol using a simple ESP which uses only AES for encryption and only hash function MD5 for authentication on figure 1.
4. The Implementation Method
There are 4 steps to establish this simple IPSec protocol for micro server:
Step 1: Implementing AES algorithm with optimization code size.
Step 2: Implementing MD5 hash function.
Step 3: Establishing ESP protocol: processing ESP header, IP header and encryption/decryption higher payload, implementing authentication.
Step 4: Testing the securable connection between client and micro server when a simple IPSec is established in micro server and client use a normal IPSec protocol.
5. Experimental Study
We already did step 1 and 2: implementing AES algorithm with 3 Kbytes flash memory and implementing MD5 hash function with 2 Kbytes memory.
Now, we are establishing ESP with code size is less than 7Kbytes (3Kbytes for AES, 2Kbytes for MD5 and 2Kbytes for ESP header and others processing) and testing this simple IPSec with a normal IPSec protocol of client. In the client's site, we use strongSwan to establish full IPSec protocol. StrongSwan is the open source IPSec-based VPN solution for Linux.
6. Conclusion
In this paper, we have analyzed security methods for micro server which has limited memory and small processor. By this analysis, we can see that IPSec is good choice for micro server security. We proposed a very simple IPSec protocol for establishing securable layer in a simple TCP/IP stack. This simple IPSec protocol can establish securable connections which satisfy security requirement of micro server or sensors.
7. Future Work
In the near future, we will complete testing this simple IPSec in micro server with a normal IPSec protocol of client to realize a very small security system for micro server.
References
[1] F. Amin, A. H. Jahangir, and H. Rasifard. Analysis of Public-Key Cryptography for Wireless Sensor Networks Security. 31 JULY 2008.
[2] Steve Friedl. An Illustrated Guide to IPSec. Available from http://unixwiz.net/techtips/iguide-ipsec.html
[3] RFC 4303. IP Encapsulating Security Payload (ESP). 2005. Available at http://www.ietf.org/rfc/rfc3686.txt
[4] RFC 3686. Using Advanced Encryption Standard (AES) Counter Mode with IPSec Encapsulating Security Payload (ESP). 2004. Available at http://www.ietf.org/rfc/rfc3686.txt[5] The open-source uIP TCP/IP stack. Available from www.dunkels.com/adam/uip [6] Konrad Lorincz, David J. Malan, Thaddeus R.F. Fulford-Jones, Alan Nawoj, Antony Clavel, Victor Shnayder, Geoffrey Mainland, and Matt Welsh - Harvard University and Steve Moulton - Boston University. Sensor Networks for Emergency Response: Challenges and Opportunities.
[7] Advanced encryption standard. Available from
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard [8] Adam Dunkels, Juan Alonso, Thiemo Voigt Swedish Institute of Computer Science. Making TCP/IP Viable for Wireless Sensor Networks.
[9] StrongSwan. Available at http://www.strongswan.org/
[10] Atmega168 datasheet. Atmel Corporation. Available at