1 / 15

A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks

A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks. Wensheng Zhang, Minh Tran, Sencun Zhu and Guohong Cao MobiHoc’07, Canada September 14, 2007. Key pairwise scheme requirements. Save scarce resources. Direct key establishment. High connectivity.

meriel
Télécharger la présentation

A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Random Perturbation-Based Scheme for Pairwise KeyEstablishment in Sensor Networks Wensheng Zhang, Minh Tran, Sencun Zhu and Guohong Cao MobiHoc’07, Canada September 14, 2007

  2. Key pairwise scheme requirements • Save scarce resources. • Direct key establishment. • High connectivity. • Resilience for a large number of nodes compromised. • Efficient to dynamic network (add nodes). Related Work

  3. Contribution • New PKE scheme for WSN depends on Blundo scheme. • Adding random noise on key. • Increase the security resilience.(>>t compromised nodes in B. scheme )

  4. A Polynomial-Based Key Predistribution Scheme Off-line phase: the authority randomly picks a t-degree symmetric, bivariate polynomial: For the node of id u, the preloaded share is Online phase: Any two nodes u and v, u compute the key shared with node v by evaluating f(u, y) at y = v. Also, Node v can compute f(v, u) in the similar way. Due to symmetric property f(u, v)=f(v,u).

  5. Notations • q, l: q is a prime number (q > 2), and l is the minimal integer such that 2l > q. Thus, every element in field Fq can be represented by l bits. • S: a set of legitimate IDs . • r: a positive integer such that 2r < q. • Φ: a set of perturbation polynomials . • f(x, y): a symmetric polynomial. • gu(y) (u ∈ S): a t-degree univariate polynomial that is preloaded to node (with id u) before it is deployed.

  6. Basic Idea of The RPB Scheme • Add noise to shared f (u,y) and f (v,y). • The noise not affect the shared f (x,y) totally. • Even if the attacker compromised t node, he cannot recover the coefficient of f (x,y). • See the following Fig.

  7. Ku,v=Kv,u Ku,v=-Kv,u Ku,v=+Kv,u

  8. RPB scheme • Initialization(offline) • The authority generate , where l-r bit can be use. • To increase the security: Pairwise K length= • Upload each node with:

  9. Pairwise Key Generation • The pairwise key will generate from shared polynomial Step 1: Node u evaluates gu(y) at y = v, and represents the evaluation result in l binary bits. Step 2: It uses the most significant l − r bits of gu(y), denoted as Ku,v, as the key. Step 3: Node u sends h(Ku,v) to node v Extension: The pairwise key will generate from multi shared polynomials Step 1 reputed for m times where And the pairwise key shared with v is But node u will send hash value to v, which is

  10. Pairwise Key Generation Con't • Pairwise key operation on v node. • Due to RPB su,i has 3 values -su,i, su,i, +su,i ,therefore Ku,v with m (su,i) need to 3m evaluations. • Example: • For each Ku,v= To find out Ku,v, node v computes H(Kv,u,i) for each i ∈{0, · · · , 8}, 9 Hashing

  11. Constructing S and Φ • The algorithm generate perturbation polynomial Qi(y) and the set of IDs to WSN. • The algorithm stops when the Si,k<N (N is the dedicated WSN size). • Algorithm complexity for finding out a perturbation polynomial is O(2l) evaluations of t-degree polynomials. S1 S1,0 S3 0 . . . . . . . q-1 Sn Q’n(y) Q’3(y) S1,w-1 Q’1(y) S2,0 S2,1 Groups Si divided according to l-r bits in the ID, so w=2l-r Q’2(y) S2,w-1 S2

  12. Complexity of system breaking is

  13. Security Analysis • Breaking • An adversary must compromise all the polynomials m in order to break down the system. • If Adv. compromises a node (i.e. get ) Unknown Unknown

  14. Analysis Con’t Comment :But the evaluation to get pairwise key =38=6561 hashing (very hard if not possible in WSN )

  15. Experiment Storage: RAM and ROM in MICA2 are 4KB and 128KB, the space requirements of about 0.33KB RAM and about 15KB ROM are affordable.

More Related