Sensor Network Security through Identity-Based Encryption

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Encryption Public-Key, Identity-Based, Attribute-Based.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Cryptographic Technologies
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Introduction to Public Key Cryptography
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
An Efficient Identity-based Cryptosystem for
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.
Asymmetric-Key Cryptography Also known as public-key cryptography, performs encryption and decryption with two different algorithms. Each node announces.
Security in Wireless Sensor Networks using Cryptographic Techniques By, Delson T R, Assistant Professor, DEC, RSET 123rd August 2014Department seminar.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
James Higdon, Sameer Sherwani
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Cryptography and Network Security (CS435) Part Eight (Key Management)
Elliptical Curve Cryptography Manish Kumar Roll No - 43 CS-A, S-7 SOE, CUSAT.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Lecture 2: Introduction to Cryptography
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Applied cryptography Project 2. 2CSE539 Applied Cryptography A demo Chat server registration Please enter a login name : > Alice Please enter the.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Celia Li Computer Science and Engineering York University.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)
Identity Based Encryption
Security through Encryption
Security Of Wireless Sensor Networks
Security of Wireless Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

Sensor Network Security through Identity-Based Encryption Nigel Boston Department of Mathematics, University of South Carolina Departments of Mathematics and ECE, University of Wisconsin

Overview of Talk Challenges faced Existing approaches Identity-based encryption Benefits of IBE for sensor networks Conclusions and future work

UW Sensor Networks UW WiSeNet Consortium (wisenet.engr.wisc.edu) Eric Bach (Computer Sciences) Akbar Sayeed (ECE) Several students (Matt Darnall, Kamal Srinivasan, Harris Nover, …) Affiliated faculty from ECE, CS, CE, …

Challenges of Sensor Networks Limited memory, storage, and power Unreliable communication, conflicts, and latency Exposure to physical attacks, remote, decentralized management

Security Requirements Data confidentiality Data integrity Data freshness Availability Self-organization Time synchronization Secure localization Authentication

Attacks Denial of service attacks Sybil attack Traffic analysis attacks Node replication attacks Attacks against privacy Physical attacks

Key Distribution Attacks Want shared secret keys between nodes which may have been pre-initialized without prior contact. Want nodes able to communicate without involving base station. Want additional nodes able to join existing network, unauthorized nodes prevented.

Encryption Techniques Symmetric key (stream ciphers or block ciphers) SPINS TinySec Random graph theory (Eschenauer-Gligor) Impractical for large scale sensor networks

TinySec Message authentication, integrity, confidentiality are provided. Based on Skipjack, 80-bit symmetric cipher. Secure, reasonably efficient (time, transmission overhead, memory) If no rekeying, then compromising one node compromises the whole network.

Limitations of Secret Key Key distribution Protection of key material - resilience Rekeying, if possible, incurs additional energy consumption Public-key cryptography improves on these

Public-Key Cryptography Encryption key public, decryption key private - broken by solving a hard math problem. Originally regarded as too slow and consuming too much power. RSA with exponent 3 (idea - cheap encryption, more powerful receiver does more expensive decryption). Hard problem - factoring integers. Rabin-Williams (RSA with exponent 2).

RSA-200 Factored May, 2005 - RSA-200 factored, using number field sieve by Jens Franke et al 2799783391 1221327870 8294676387 2260162107 0446786955 4285375600 0992932612 8400107609 3456710529 5536085606 1822351910 9513657886 3710595448 2006576775 0985805576 1357909873 4950144178 8631789462 9518723786 9221823983 equals 3532461934 4027701212 7260497819 8464368671 1974001976 2502364930 3468776121 2536794232 0005854795 6528088349 x 7925869954 4783330333 4708584148 0059687737 9758573642 1996073433 0341455767 8728181521 3538140930 4740185467

Problems with RSA A polynomial-time factoring algorithm would render RSA probably useless. A quantum computer can factor in polynomial-time (record so far - 15). In constrained environments (smart cards, PDAs, …), long keys are impractical. Companies want comparable security with much shorter key lengths.

Elliptic Curves The solutions of in a field naturally form a group (can add pts) Hard problem: given points P, Q, find integer n such that Q = P+…+P (n terms).

Elliptic Curve Addition

Elliptic Curve Cryptography ECC ever more popular for mobile devices 160-bit ECC same security as 80-bit symmetric, as 1024-bit RSA Hyperelliptic curve cryptography (HCC) apparently offers no advantage Malan (2004) implemented sensor net ECC Sun Microsystems (2005) announced Sizzle

World’s Smallest Secure Server

Authentication As sensor devices improve, ECC ever better. Problem - in public-key crypto, A writes to B using B’s public key. Trusted authority signs B’s public key so A, by checking this signature, can verify B’s identity. Recursive checking expensive if low-power.

Identity-Based Encryption 1984 - Shamir asked if arbitrary bit strings (B’s name) can be used as public keys. After B receives A’s message, B computes (with trusted authority) a private key Note - burden of checking is on the receiver - in sensor networks weak sends to strong!

Identity-Based Encryption II 2001 - Boneh and Franklin give solution using the Weil pairing on elliptic curves. Can also use other pairings (Tate, eta, Ate, …) - Ate is up to 6 times faster than the others. Cocks’s IBE scheme based on quadratic residues suffers from ciphertext expansion.

Pairings E is an elliptic curve defined over GF( ), The points on E form an abelian group and we consider a bilinear non-degenerate pairing (computed by Miller’s algorithm)

IBE Details Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a "master" public key, and retains the corresponding master private key. Given the master public key, any party can compute a public key corresponding to the identity i by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use identity i contacts the PKG, which uses the master private key to generate the private key for identity i.

Other Advantages of IBE Advantages in sensor network - (1) Physically secured master device is trusted authority (2) Each node given private key in advance - private key generator can then be destroyed

Simultaneous Research Several groups have apparently come up with this idea simultaneously. The group (Doyle et al.) at DCU, Dublin has gone furthest in implementation - found the energy performance of key negotiation using an IBE scheme based on Tate pairing on the ARM platform was 0.44J (cf. nodes limited to 1000J battery capacity).

Some Questions IBE uses hashing - what features desirable for sensor networks? Efficient Weil pairing computation uses randomization - possible to eliminate?

Conclusions Sensor networks face novel security problems due to constraints and method of deployment The key distribution problem can be addressed by using IBE to negotiate a shared secret key Calculation of pairs of keys demands reasonable power consumption