Presentation is loading. Please wait.

Presentation is loading. Please wait.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

Published byMarybeth Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo."— Presentation transcript:

1 LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo

2 Contents  Introduction  Preliminaries  The Proposed Scheme  CAS  DAS  BAS  HAS  Performance Analysis  Conclusions  Discussion 2 / 27

3 Introduction  In Wireless Sensor Networks, broadcast/multicast from not only sink, but also a sensor node becomes crucial function  Authentication of them is highly important  Several symmetric key cryptography based μTESLA-like schemes have been pro posed 3 / 27

4 Introduction  Weak points of μTESLA-like schemes  All the receivers have to buffer all the messages within one time interval  Wormhole attacks Caused by forged message, due to delay of the disclosed keys  Arbitrary flooding in current time interval Nodes should buffer Transmission is expensive Denial-of-Service attacks 4 / 27

5 Introduction  Solutions  TIK protocol Require a heavy burden of memory  Public key cryptography based No longer impractical primitive 5 / 27

6 Preliminaries  The Bloom Filter  Hashing input value k times If all bits are 1, true member Otherwise, discard  False positive probability Initial Configuration Verification 6 / 27

7 Preliminaries  The Merkle hash tree 7 / 27

8 CAS  The Certificate-Based Authentication Scheme  Drawbacks  Communication overhead Including Certification  Computation overhead Two signature verification M: Message, tt: time-stamp, SIG{}: signature, U ID : user’s ID, SK: Secret key, PK: public key, Cert U ID : user’s certificate, ExpT: expiration time, and h():hashed value 8 / 27

9 DAS  The Direct Storage Based Authentication Scheme  Instead of certificate, list is used  User’s ID & public key  Scalability problem 9 / 27

10 BAS  The Bloom Filter Based Authentication Scheme  System Preparation  Sink construct Bloom filter & counting Bloom filter 10 / 27

11 BAS 11 / 27

12 BAS  Message Signing and Authentication  Based on ECDSA’s partial message recovery 12 / 27

13 BAS  Message Signing and Authentication  Broadcast  Check authenticity by verifying public key W pub ’s membership with bloom filter Hashing { U ID || W pub } specific times If all hashed values on the bloom filter are 1, OK Otherwise, discard received message 13 / 27

14 BAS  Message Signing and Authentication  Verify signature 14 / 27

15 BAS  User Revocation Update counting bloom filter Update bloom filter Update bloom filter of every node 15 / 27

16 BAS  User Addition  Generate more (ID, PK) pairs than need in system preparation phase, assign a pair when new nodes join WSN  Add user, after revocation of old members No increasing the probability of a false positive Procedure is same as revocation’s one 16 / 27

17 BAS  The minimum probability of a false positive regarding F (The probability of False Positive) m/N (bits/User) m: storage space bits N: the number of users Generate PK/SK pairs: computationally feasible 17 / 27

18 BAS  The number of users  Thus, we need to consider of trade-off between the maximum supported number of users and the probability of a false positive given a fixed storage 18 / 27

19 HAS  The Hybrid Authentication Scheme (HAS)  Supporting more users using the Merkle Hash tree & Bloom filter  Trading the message length for the storage space  System Preparation  Calculate trade-off maximum number of user & false positive rate  Construct of Merkle hash tree Each leaf is user’s public key The sink prunes it into a small tree  Generate Bloom filter Elements of group are small trees 19 / 27

20 HAS  Message Signing and Authentication  Broadcast  Received node Calculate the corresponding root node using AAI U ID Verify the root node value using bloom filter Verify the signature in the same way of BAS Auxiliary Authentication Information of node ID 20 / 27

21 Performance Analysis  Communication Overhead 21 / 27

22 Performance Analysis  Computational Overhead  Measure energy consumption of signature verification on two processor 22 / 27

23 Performance Analysis  Security Strength  BAS Instant authentication –Impossible to launch attack using authentication delay Suitable for military application with f req =6.36*10 -20 Protection from replay attack with time stamp  Jamming attacks emitting random bits CAS is weak, since every message has certificate HAS and BAS are robust –Authentication using Bloom filter is cheap 23 / 27

24 Performance Analysis  Security Strength  Jamming attacks using valid PK attached to irregularly modified message HAS and BAS –After verifying signature, recognize that message is bed. Implement an alert report mechanism –When failing to authenticate messages in a row –Repot to the sink –The sink invest the network –Detection & Remedy are out of scope in this paper 24 / 27

25 Conclusions  Reveal the problems of SKC based multi user broadcast authentication schemes  Authentication delay  Vulnerabilities  Propose PKC based schemes using Bloom filter & Merkel hash tree  Minimizing energy dissipation  Analyze performance & security 25 / 27

26 Discussion  Shortcoming  Evaluate overhead of only proposed schemes  We can’t know how much energy resource is consumed compared to when μTESLA-like schemes are used. 26 / 27

27 Thank you 27 / 27

Download ppt "LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo."

Similar presentations

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.

LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Murat Demirbas Youngwhan Song University at Buffalo, SUNY
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
LPT for Data Aggregation in Wireless Sensor networks Marc Lee and Vincent W.S Wong Department of Electrical and Computer Engineering, University of British.

LPT for Data Aggregation in Wireless Sensor networks Marc Lee and Vincent W.S Wong Department of Electrical and Computer Engineering, University of British.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

Similar presentations

Ads by Google