Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.

Published byCorey Cooper Modified over 9 years ago

Similar presentations

Presentation on theme: "Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao."— Presentation transcript:

1 Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao

2 Outline Research problem – Group key updating Previous work Proposed solution –B-PCGR –C-PCGR –RV-PCGR Performance evaluation Conclusion

3 Research Problem Sensor Network –Hostile environment –Adversary may use compromised nodes Inject false sensing report Modify the reports sent by other nodes Symmetric cryptographic techniques –Sensor nodes are randomly divided into multiple groups –Nodes in the same group share a symmetric group key –Each message is attached with multiple MACs, each is generated using one group key Problem –Node compromises –Innocent nodes should update their group keys

4 Previous Work Centralized solution –SKDC: Use central controller to distribute new keys (Hugh, et al.) –Logic tree-based schemes (Wallner et al., Wong et al. Balenson et al.) High communication cost Rekeying delay Distributed Solution –Blundo’s scheme: Allows a set of nodes to set up a group key in distributed way (C. Blundo et al.) Not scalable: storage cost / each node must know other trusted group members

5 Motivation Preload future keys to individual nodes before deployment –Avoid high communication overhead Neighbors collaborate with each other to effectively protect and appropriately use the preloaded keys. – Security – Relieves high cost of centralized management

6 System Model Large scale wireless sensor network Deployed in a hostile environment Each node is innocent –Before deployment –Cannot be compromised during the first several minutes Each pair of neighboring nodes can establish a pairwise key Compromised nodes can be detected within a certain time period Nodes are loosely synchronized Group rekeying is started periodically

7 Basic Predistribution and Local Collaboration- Based Group Rekeying (B-PCGR) Group Key Predistribution –The setup sever decides the total number of groups. For each group i, it constructs a t-degree univariate g-polynomial g i (x). g i (0) is the initial group key, g i (j) (j >= 1) is the group key of version j. –A node is randomly assigned to a group before deployment. –A group key polynomial (g-polynomial) g i (x) is preloaded in each node based on the group it belongs to. –New group keys are generated and distributed using g- polynomial at key updating times.

8 B-PCGR (2) Local Collaboration-Based Key Protection –Each node N u randomly pick a bivariate encryption polynomial (e-polynomial) –N u Encrypts its g-polynomial g(x) using its e-polynomial e u (x,y) to get its g’-polynomial g’(x) = g(x) + e u (x,u) –N u distributes the share of e u (x,y) to its n neighbors N vi (i = 0,…,n-1). Each neighbor N vi receives share e u (x,vi) –N u removes e u (x,y) and g(x), but keeps g’(x) and uses g(0) as its current group key.

9 B-PCGR (3) Local Collaboration-Based Group Key Updating –Each node maintains a rekeying timer Periodically notify the node to update its group key and the current version of the group key c –To update keys Each innocent node N u increases its c by one N u returns share e vi (c,u) to each trusted neighbor N vi N u receives a share e u (c,vi) from each trusted neighbor N vi. Having received μ + 1 shares, N u can reconstruct a unique μ- degree polynomial e u (c,y)

10 B-PCGR (4) NuNu N v1 N v2 N v3 N v4 N v5 N v0 g(x) g’(x) = g(x) + e u (x,u) e u (x,v1) e u (x,v0) e u (x,v2) e u (x,v3) e u (x,v4) e u (x,v5) e u (x,v1) e u (x,v2) e u (x,v3) e u (x,v4) e u (x,v5) e u (x,v0) e u (c,v1) e u (c,v2) e u (c,v3) e u (c,v4) e u (c,v5) e u (c,v0) Compute e u (c,y) g(c) = g’(c) - e u (c,u)

11 B-PCGR (5) Security Analysis –For a certain group, its g-polynomial g(x) is compromised if and only if A node N u of the group is compromised, and At least μ + 1 neighbors of N u are compromised; or At least t + 1 past keys of the group are compromised

12 Enhancements to B-PCGR Limitations of B-PCGR –No more than μ neighbors can be compromised –No more than t keys from the same group can be compromised Improve B-PCGR –Cascading PCGR (C-PCGR) First limitation –Random Variance-Based PCGR (RV-PCGR) Second limitation

13 C-PCGR (1) Difference from B-PCGR –The e-polynomial shares of N u are distributed to its multi-hop neighbors –e-polynomial shares are distributed/collected in a cascading way –Differs from B-PCGR in the second and third steps Polynomial encryption and share distribution Key updating –The paper describes the case that e-polynomial shares are distributed to its 1- and 2-hop neighbors

14 C-PCGR (2) Polynomial Encryption and Share Distribution –Each node N u picks two e-polynomials (degree of x is t, degree of y is μ) 0-level e-polynomial e u,0 (x,y) 1-level e-polynomial e u,1 (x,y) –N u encrypts its g(x) using e u,0 (x,y) to get its g’(x) = g(x) + e u,0 (x,u) –N u keeps g(0) and g’(x), removes g(x) and e u,0 (x,y), distributes the shares of e u,0 (x,y) to its neighbors. Neighbor N v is given e u,0 (x,v) –Having received 0-level e-polynomial shares from its neighbors, each node N v uses its 1-level e-polynomial e v,1 (x,y) to encrypt each received 0-level polynomial e u,0 (x,v) to obtain e’ u,0 (x,v) = e u,0 (x,v) + e v,1 (x-1,v) –N v keeps e u,0 ’(x,v) and e u,0 (c+1,v), which will be returned to N u at the next key updating time –N v removes e u,0 (x,v) and distribute shares of its 1-level polynomial e v,1 (x,y) to neighbors

15 C-PCGR (3) NuNu N v0 N v1 N v2 N v3 N v5 N v4 g(0) & g’(x) = g(x) + e u,0 (x,u) e u,0 (x,v2) e u,0 (x,v1) e u,0 (x,v0) e u,0 (1,v1) e’ u,0 (x,v1) = e u,0 (x,v1) + e v1,1 (x-1,v1) e v1,1 (x,v3) e v1,1 (x,v4) e v1,1 (x,v5) ev1,1(x,v4 ) ev1,1(x,v3 )

16 C-PCGR (4) Key updating –Each innocent node N u increases its c by one, and returns shares e v,0 (c,u) and e v,1 (c,u) to each trusted neighbor N v (We assume that N u has received these shares from N v ) –N u receives its own 0-level and 1-level polynomial shares from its neighbors (e u,0 (c,v) and e u,1 (c,v) from each trusted neighbor N v ) –Having received µ + 1 0-level e-polynomial shares, N u reconstructs a unique polynomial e u,0 (c,x) which is used to compute its new group key g(c) = g’(c) – e u,0 (c,u) –Having received µ + 1 1-level e-polynomial shares, N v computes a unique polynomial e v,1 (c,x) and then generates a share e u,0 (c+1,v) = e’ u,0 (c+1,v) – e v,1 (c,v), which will be returned to neighbor N u at the next key updating time.

17 C-PCGR (5) NuNu N v0 N v1 N v2 N v3 N v5 N v4 g(0) g’(x) e u,0 (1,v1) e’ u,0 (x,v1) e u,0 (1,v2) e u,0 (1,v1) e u,0 (1,v0) e v1,1 (1,v5) e v1,1 (1,v4) e v1,1 (1,v3) g(1) = g’(1) – e u,0 (1,u) g’(x) e u,0 (2,v1) = e’ u,0 (2,v1) + e v1,1 (1,v1) e’ u,0 (x,v1)

18 C-PCGR (6) Security Analysis –For a certain group, its g-polynomial g(x) is compromised if and only if A node N u of the group is compromised, and The adversary has compromised at least μ + 1 neighbors of N u, each of which also has μ + 1 neighbors compromised; or At least t + 1 past keys of the group are compromised

19 RV-PCGR(1) Aims to address another limitation of B-PCGR –If the adversary has obtained t + 1 keys of a certain group (g(0),g(1),…,g(t)), the adversary can break the g-polynomial of the group (g(x)). Basic Idea –Let the length of g(j) be 2L bits. –Add a L bit random number σ j to each g(j) to obtain g r (j) –The highest L bit of g(j) and g r (j) are same, but the lowest L bits are different –Even the adversary compromises t + 1 keys (g r (0),g r (1),…,g r (t)), it cannot break the future keys of the group

20 RV-PCGR(2) Predistribution of g-polynomial –Each g(x) is constructed over an extended finite field F(2 2L ) –The group key of any version j is defined as the highest L bits of g(j) Encrypting g-polynomial and distributing components –N u randomly picks a t-degree e-polynomial e u (x) to encrypt its g- polynomial g(x) to get its g’-polynomial g’(x) = g(x) XOR e u (x) –Nu randomly decomposes e u (x) into μ + 1 components, denoted as e u,i (x) (i = 0,…, μ) –Components are evenly distributed to the neighbors, each neighbor gets only one components.

21 RV-PCGR(3) Key Updating –To update keys, each innocent node N u increases its key version c by one, and returns e r v,j (c) = e v,j (c) XOR σ’ c,v to each trusted neighbor N v σ’ c,v is randomly picked from {0,…,2L-1} –Having received μ + 1 distinct shares, N u computes e r u (c). Knowing e r u (c), N u can compute g r (c) = g’(c) XOR e r u (c)

22 RV-PCGR(4) Security Analysis –The adversary can only obtain g r (i), while the calculated by node N u has already included a random variance. –The adversary needs to guess all the σ j to figure out the original g(x) Complexity o(2 (t+1)L )

23 Performance Evaluation

24 Conclusion The paper proposed a family of predistribution and local collaboration-based group rekeying schemes –Address the node compromise problem –Improve the effectiveness of filtering false data in sensor networks The schemes are based on the idea: – Future group keys can be preloaded before deployment –Neighbors can collaborate to protect and appropriately use the preloaded keys

Download ppt "Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao."

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.

Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Similar presentations

Ads by Google