1 / 15

A Secure Key Agreement Scheme in Low-Energy Wireless Sensor Networks

A Secure Key Agreement Scheme in Low-Energy Wireless Sensor Networks International Federation for Information Processing 2006 2007.11.29. Presented by An Dong-hyeok. Table of Contents. 1. Introduction 2. Modified Rivest’s Scheme(MRS) 3. Secure Key Agreement Scheme 4. Performance

zilya
Télécharger la présentation

A Secure Key Agreement Scheme in Low-Energy Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Secure Key Agreement Scheme in Low-Energy Wireless Sensor Networks International Federation for Information Processing 2006 2007.11.29 Presented by An Dong-hyeok

  2. Table of Contents 1. Introduction 2. Modified Rivest’s Scheme(MRS) 3. Secure Key Agreement Scheme 4. Performance 5. Security Analysis 6. Conclusion

  3. 1. Introduction • wireless sensor network • faults of sensor nodes, energy depletion and security attack due to resource scarcity • need to the security communication protocol • symmetric cryptographic • the existing protocol, which are based on random key pre-distribution, has some drawbacks

  4. 1. Introduction • open problem in wireless sensor network • how to authenticate the key information of communicating nodes •  solution: key pre-distribution, shared-key discovery, path-key establishment • how to securely set up a session key between communicating nodes • how to minimize the amount of disclosed information about the keys to the other side

  5. 2. Modified Rivest’s Scheme(MRS) • notation • n: size of network • z, s, m: size of the key space, the key pool and the key chain • SK: session key generated between authorized nodes • KA, KB: secret key of node A and B • EK(M), DK(M): message M encrypted and decrypted with key K • h(): one-way hash function • p, q: prime numbers • r (or ri), s (or si): random numbers, 0 ≤ I < m

  6. 2. Modified Rivest’s Scheme(MRS) • MRS scheme is used in the shared-key discovery phase • A = {a1, a2, …, am}, B = {b1, b2, …, bm} • A: fA(x) = (x-a1)(x-a2)…(x-am) = xm + Am-1xm-1 + … + A1x + A0 • A  B: EK(A0), EK(A1), …, EK(Am-1) • B: f’A(x) = xm + EK(Am-1)xm-1 + … + EK(A1)x + EK(A0) • B  A: rf’A(b1), rf’A(b2), …, rf’A(bm) • A: DK(rf’A(bi)) = rfA(bi) • if rfA(bi) is zero, ith key of A is shared with B

  7. 3. Secure Key Agreement Scheme • assumption • sensor networks consist of base station and sensor nodes • base station is computationally robust and installed in a fixed and secure location • path-key establishment phase is used

  8. 3. Secure Key Agreement Scheme • Key Pre-distribution Phase • the base station picks a random key pool out of the total possible key space. • Negotiatory Keys(NKs) • A = {a1(=a11 || a12), a2(=a21 || a22), …, am(=am1 || am2)} • B = {b1(=b11 || b12), b2(=b21 || b22), …, bm (=bm1 || bm2)} • A’s first half of the key • {s11(=a11 || h(a11)), s21(=a21 || h(a21)), …, sm1(=am1 || h(am1))} • {s12(=h(a12) || a12), s22(=h(a22) || a22), …, sm2(=h(am2) || am2)}

  9. 3. Secure Key Agreement Scheme • Shared-Key Discovery(1) • 1) - fA(x) = (x-s11)(x-s21)…(x-sm1) = xm + Am-1xm-1 + … + A1x + A0 • -Alice send encrypted coefficients of fA(x) that are EKA(A0), EKA(A1), …, EKA(Am-1) to Bob • 2) - Bob applies Bob’s keys to f’A(x) and get f’A(ti1). • - Bob calculates M’ = r1’ f’A(t11), r2’f’A(t21), …, rm’f’A(tm1) and send M’ to Alice • - Bob send encrypted coefficients of fB(x) that are EKB(B0), EKB(B1), …, EKB(Bm-1) to Bob • - fB(x) = (x-t12)(x-t22)…(x-tm2) = xm + Bm-1xm-1 + … + B1x + B0

  10. 3. Secure Key Agreement Scheme • Shared-Key Discovery(2) • 3) - Alice decrypts M’, DKA(ri’f’A(ti1)), and calculates an m-bit bitmap with 1 at bits where DKA(ri’f’A(ti1)) is 0 • - If the number of bits with 1 in m-bit bitmap is more than 1, Alice divide bitmap by 2. • - f’B(x) = xm + EKB(Bm-1)xm-1 + … + EKB(B1)x + EKB(B0) • - Alice applies Alice’s keys to f’B(x) and get f’B(si1). • - Alice calculates M = r1f’B(s12), r2f’B(s22), …, rmf’B(sm2) and send M to Bob • - Alice send m-bit bitmap to Bob

  11. 3. Secure Key Agreement Scheme • Shared-Key Discovery(3) • 4) - Bob decrypts M, DKB(rif’B(si2)), and calculates an m-bit bitmap with 1 at bits where DKB(rif’B(si2)) is 0 • - If the number of bits with 1 in m-bit bitmap is more than 1, Alice divide bitmap by 2. • - Alice send m-bit bitmap to Bob • 5) - Each node generates a session key using both m-bit and m’bit bitmap • - A new session key SK is generated as the hashed value of the concatenation of shared key

  12. 4. Performance • key sharing probability Vs key pool size

  13. 4. Performance • session key exposure rate Vs key pool size

  14. 5. Security Analysis • Key Authentication • illegitimate nodes can’t generate a session key because they have no corresponding one-way hash function • reducing the number of disclosing shared keys • it is not difficult to guess any shared keys while the ratio of the shared keys to unshared keys is by higher than the reverse of it • make use of negotiatory keys instead the secret keys and mechanism which restricts the number of disclosed shared keys

  15. 6. Conclusion • negotiatory keys instead of the secret keys • random numbers instead of a random number • why is the proposed scheme proper to wireless sensor network • this paper contain no mention of the low energy • no simulations or experiments about network load and energy of sensor nodes • very simple idea

More Related