1 / 21

Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks

Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks. Oct. 18, 2005. Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The University of Tennessee Knoxville, TN. Outline. Introduction Motivation and goal

lalasa
Télécharger la présentation

Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Oct. 18, 2005 Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The University of Tennessee Knoxville, TN

  2. Outline • Introduction • Motivation and goal • Foundations for self-certified key generation • Two-node self-certified key generation • Group self-certified key-generation • Conclusions and future work

  3. Introduction Self-Certified Group Key-Generation forAd Hoc Clusters in Wireless Sensor Networks ? Cluster B Cluster A Collaborative processing

  4. Introduction Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks ? Same shared key

  5. Introduction Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks ? Authenticated nodes are able to prove their identity to other nodes

  6. Motivation • Wireless sensor network (WSN) applications are growing • Military and civilian • Supported by diverse research on entire protocol stack • Security is expected to play a key role … • Confidentiality – nodes need to be able to exchange data “securely” • Authentication – nodes should be able to prove their identity to other nodes • Message integrity – a node receiving a message should be able to prove it has not been altered

  7. Motivation and goal • Public key infrastructure (PKI) is a powerful and proven technology for addressing the three issues mentioned • However, due to resource limitations in WSN, existing PKI solutions can not be directly applied • Low computational capabilities • Limited memory resources • Energy constraints imposed on communications Obtain an efficient and scalable self-certified key generation methodologies, specifically optimized for ad-hoc clusters of wireless sensor nodes.

  8. 1 2 3 K12 K21 K23 K32 Foundations for self-certified key generation • Once a dynamic cluster is established: • Initialize symmetric private keys (fixed or ephemeral) for pair nodes within the cluster (using self- certified DH) • Generate the group key: • Node #1 generates the group • key and via XOR it is • transferred to nodes 2 and 3 1 2 K12= K21 K12 K21

  9. Cluster B Cluster A Two-node self-certified key-generation • Fixed key: The private key shared by a pair of nodes is constant • Ephemeral key: The private key shared by the same pair of nodes change • The nodes use random terms that yield different keys for each session (much more secure) • self-certification • Each pair of nodes nodes will validate each others’ identities • Inherent in the key generation process

  10. Diffie-Hellman Key Generation using ECC Two-node self-certified key-generation • Uses 163 bits (equivalent of 1024 in RSA) and still retain the same “security strength” • Calculations take less time, less memory and less hardware P is a known point on the elliptic curve A B Y - private key (scalar) X- private key (scalar) Y x P X x P (Y x P) xX= XY xP = (X x P) xY The Discreet Log problem in ECC: by knowing X x P and P, one can not obtain x

  11. Key confirmation authentication Fixed Key Generation • Each node has a set of public and private keys: (Uv, Xv) • First option: issued by the CA (Certifying authority) • Second option: calculated by the node, using information issued by the CA Node i Node j IDi , Ui IDj , Uj xi[H(IDj , Uj) * Uj +R] = xj[H(IDi , Ui) * Ui +R] IDv: identification of node v - scalar Uv: node v’s public key - a point on the curve Xv : node v’s private key - scalar

  12. Fixed Key Generation (cont.) The case where (Uv, Xv) are issued by the CA: CA provides: Ui= hi * G Uj= hj * G xi= [H(IDi, Ui),* hi+d] mod org G xj= [H(IDj, Uj),* hj +d] mod org G Node i calculates: xi[H(IDj , Uj)*Uj +R] : : xi*xj *G Node j calculates: xj[H(IDi, Ui) *Ui +R] : : = xj*xi *G R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve hv : a random 163 bit number generated by the CA - scalar

  13. Fixed Key Generation (cont.) Contribution: xi[H(IDj , Uj),*Uj +R] = xiH(IDj , Uj),*Uj + xiR scalar Dynamic Point by scalar multiplication Offline point- by scalar multiplication 2 multiplications of a scalar by a point on the elliptic curve, with only one dynamic

  14. Key confirmation authentication Ephemeral Key Generation • Each node has a set of public and private keys: (Uv, Xv) • First option: issued by the CA • Second option: calculated by the node, using information issued by the CA Node j Node i IDi , Ui ,Evi IDj , Uj,Evj Pvj[H(IDi, Ui)*Ui + R] + (xj+ Pvj) Evi Pvi[H(IDj , Uj)*Uj + R] + (xi+ Pvi) Evj = IDv: identification of node v - scalar Uv: node v’s public key - a point on the curve Xv : node v’s private key - scalar Pvv : a random 163 bit number generated by node v - scalar Evv = Pvv * G

  15. Ephemeral Key Generation (cont.) Contribution: Calculated offline Pvi*H(IDj , Uj)*Uj +(xi+ Pvi) (Evj +R) - xi* R Dynamic Multiplication Performed by the node Dynamic Multiplication Performed by A neighbor (speed and energy) Off line Multiplication preformed ONCE (xi+ Pvi) (Evj +R) i (xi+ Pvi) , Evj

  16. Self-certified group key-generation Group-Key establishment based on Pairwise DH Key establishment Kij- Shared key of nodes i and j T - Required Public group key Kij Kab a b i DES ? XOR j DES ? XOR T ‘’’..’ T ‘’’..’’ T ’ T T T ‘’’..’’ If T= T ‘’’..’’ then: 1) The system is Authenticated 2) we have a group key

  17. Conclusions • We introduced an efficient ECC-based key generation methodology for ad hoc clusters in WSNs • Authentication is inherently included through self-certification • Both fixed and ephemeral key generations are treated • Off-loading was proposed • Gaining execution speed • Better power distribution across the network • Group key generation was described

  18. Future work • Fault tolerance • Including all the nodes in the chain transferring the group key • What happens when one or more nodes fail on the chain (generation of redundant paths) • Increasing the robustness of the key generation process: What happened when nodes are malicious? • Analysis of energy consumption • Protocol for neighbor node selection (Ephemeral key)

  19. Thank you. Questions?

  20. Backup slides

  21. Self certified DH key generation: Ephemeral key mathematical explanation - in the case where (Uv, Xv) are issued by the CA: As given by the CA: Ui= Pvi * G + hi * G = (Pvi + hi ) * G Uj= Pvj * G + hj * G = (Pvj + hj ) * G xi= [H(IDi, Ui),* hi+d] mod org G xj= [H(IDj, Uj),* hj +d] mod org G Node i calculates: Pvi[H(IDj , Uj),*Uj +R]+ (xi+ Pvi) Evj xj *G = Pvi*xj *G + xi* Pvj * G + Pvi* Pvj * G Evj Evj Node jcalculates: Pvj[H(IDi , Ui),*Ui +R]+ (xj+ Pvj) Evi xi *G = Pvj*xi *G + xj* Pvi * G + Pvj* Pvi * G Evi Evi R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve hv : a random 163 bit number generated by the CA - scalar

More Related