Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Collaborative Processing in Sensor Networks Lecture 7 - Light-weight Security Solutions Hairong Qi, Associate Professor Electrical Engineering and Computer.

Published byMarshall Scott Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Collaborative Processing in Sensor Networks Lecture 7 - Light-weight Security Solutions Hairong Qi, Associate Professor Electrical Engineering and Computer."— Presentation transcript:

1 1 Collaborative Processing in Sensor Networks Lecture 7 - Light-weight Security Solutions Hairong Qi, Associate Professor Electrical Engineering and Computer Science University of Tennessee, Knoxville http://www.eecs.utk.edu/faculty/qi Email: hqi@utk.edu Lecture Series at ZheJiang University, Summer 2008

2 2 Research Focus - Recap Develop energy-efficient collaborative processing algorithms with fault tolerance in sensor networks –Where to perform collaboration securely? –Computing paradigms –Who should participate in the collaboration securely? –Reactive clustering protocols –Sensor selection protocols –How to conduct collaboration securely? –In-network processing –Self deployment Coverage

3 3 What is Network Security? Confidentiality: only sender, intended receiver should “understand” message contents –sender encrypts message –receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) Non-repudiation Access Control and Availability: services must be accessible and available to legitimate users (no DoS attacks)

4 4 secure sender secure receiver channel data, control messages data Alice Bob Trudy Friends and Foes: Alice, Bob, Trudy Well-known fixtures in network security world Bob, Alice want to communicate “securely” Trudy (intruder) may intercept, delete, add messages

5 5 What Can the “Enemy” Do ? A lot! –Eavesdrop: intercept messages –Actively insert messages into connection –Impersonation: can fake (spoof) source address in packet (or any field in packet) –Hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place –Denial of service: prevent service from being used by others (e.g., by overloading resources)

6 6 plaintext ciphertext K A encryption algorithm decryption algorithm Alice’s encryption key Bob’s decryption key K B The Language of Cryptography Symmetric key crypto: sender, receiver keys identical Public-key crypto: encryption key public, decryption key secret (private)

7 7 Symmetric Key Cryptography All users (e.g., Bob and Alice) share and know the same (symmetric) key: K (e.g., DES) Encryption and decryption algorithms are identical plaintext ciphertext Encryption /Decryption algorithm Encryption /Decryption algorithm Alice Bob Problem: How can Bob and Alice share the same key in the first place?

8 8 Public Key Cryptography Radically different approach [Diffie-Hellman76, RSA78] –Uncovered an entire new approach to cryptography –W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE transactions on Information Theory, IT 22:644-654, 1976. Sender, receiver do not share secret key Public encryption key known to all Private decryption key known only to receiver

9 9 A B (X - private key) (Y - private key) a,p: known numbers (p - prime number) a X mod p a y mod p [a y mod p] x mod p = a XY mod p = [a x mod p] y mod p x,y,a,p  typically 1024 bits long x,y,a,p  typically 1024 bits long The Discrete Log problem: by knowing a x mod p, a and p, one cannot obtain x The Discrete Log problem: by knowing a x mod p, a and p, one cannot obtain x Diffie-Hellman Key Generation

10 10 Public Key Cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B - Given a public key it should be impossible to compute the private key Requirements : 1 2 K (K (m)) = m B B - +

11 11 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). K B + K B - RSA (Rivest-Shamir-Adelman): Choosing Keys

12 12 RSA: Encryption, Decryption Given (n,e) and (n,d) as computed above: 1. To encrypt bit pattern, m (m<n), compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c

13 13 RSA: Why is That? (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n (Fermat's Little Theorem) yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 C – the encrypted message (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) = m (since m<n)

14 14 “I am Alice” R Bob computes K (R) A - “send me your public key” K A + (K (R)) = R A - K A + and knows only Alice could have the private key, that encrypted R such that (K (R)) = R A - K A + Authentication There is a clear need to “prove” the identity of a sender Insufficient options: –ID by IP # ? –Send secret password along with message ? –Choose a random number, R …

15 15 I am Alice R T K (R) - Send me your public key T K + A K (R) - Send me your public key A K + T K (m) + T m = K (K (m)) + T - Trudy gets sends m to Alice encrypted with Alice’s public key A K (m) + A m = K (K (m)) + A - R Man-in-the-middle Attack Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

16 16 Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA Certification Authorities Question: How do you “prove” that a key is really your key ? Solutions: Certification authority (CA) - binds public key to particular entity (for example: Bob). Bob registers its public key with CA. –Bob provides “proof of identity” to CA. –CA creates certificate binding Bob to its public key. –Certificate containing Bob’s public key digitally signed by CA – CA says “this is Bob’s public key”

17 17 Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B + Certification Authorities (cont.) When Alice wants Bob’s public key: –gets Bob’s certificate (Bob or elsewhere). –apply CA’s public key to Bob’s certificate, get Bob’s public key

18 18 What is an Elliptic Curve? In GF (p) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points ( x; y ) that satisfy the equation : For a given P and Q, where P = Y  Q, there is no available algorithm to recover y P, Q: Points on the curve Y: Large scalar ( e.g 160) ( e.g 160) Using ECC (Elliptic Curve Cryptography) the Discrete-log problem takes the following form:

19 19 y- private key (scalar) z - private key (scalar) G - a generating point (y x G) y x ( z x G) = (y x z ) x G = z x (y x G ) (z x G) Alice Bob Diffie-Hellman Public Key Distribution Using ECC Why use Elliptic Curve Cryptography (ECC)? Calculations take less time, less memory and less hardware We use 160 bits (instead of 1024 bits used not in EC modular exponentiation, e.g. DH over a prime) and still retain the same “security strength” Point-by-scalar multiplication is the core!

20 20 Loading keys into sensor nodes prior to deployment Two nodes find a common key between them after deployment (a.k.a. “key discovery” phase) Possible solutions: –Master key – one key to all networks –(+) Minimal communications (low power consumption) –(+) Memory efficient, Key discovery is not really needed –(-) However, once key is compromised entire network is compromised –N-1 keys to each node –(+) Key discovery is not really needed –(-) Cannot add new nodes! –(-) Memory requirements are not practical (non-scalable) Prior Work: Key Pre-distribution Schemes

21 21 Prior Work: Key Pre-distribution Schemes (cont.) –Random Key Predistribution Each node is provided with a subset of a large key pool –(+) Ability to add nodes after deployment –(+) Lower network compromise with captured nodes –(-) Key discovery is needed Fundamental limitations to random key pre-distribution schemes: –Scalability – the memory, network size –Communication framework - finding nodes sharing keys –Cryptographic robustness – inherently offer “statistical” security, which is always questionable

22 22 Potential Solutions How to reduce the amount of point-by-scalar multiplication? –Self-certified key generation –Fixed key generation (1 multiplication) –Ephemeral key generation (2 multiplication) –Off-loading 1 multiplication to neighbors –Group key generation How to mitigate denial-of-service attack? How to reduce the complexity of point-by-scalar multiplication? Cluster A Cluster B

23 23 Reference O. Arazi, H. Qi, “A Public-Key Cryptographic Methodology for Denial of Service Mitigation in Wireless Sensor Networks," in Proc. IEEE SECON 2007. O. Arazi, H. Qi, “An Efficient Computation of Inverse Multiplicative Operations," IEEE Trans. on Computers, 2008. O.Arazi, H. Qi, "Load-Balanced Key Establishment Methodologies in Wireless Sensor Networks," International Journal of Sensor Networks (IJSN) (Special issue on Security for Sensor Networks), Vol. 1, No. 2, April 2006. O. Arazi, D. Rose, H. Qi, I. Elhanany B. Arazi, "Self-Certified Public Key Generation on the Intel Mote 2 Sensor Network Platform" 3rd Annual IEEE Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), Sept., 2006, Reston, VA. O. Arazi and H. Qi, "Self-Certified Group Key Generation for Ad Hoc Clusters in Wireless Sensor Networks," in Proc. of the 14th IEEE International Conference on Computer Communications and Networks (ICCCN), San Diego, CA, Oct. 17-19, 2005. B.Arazi, I. Elhanany, O. Arazi, and H. Qi, "Revisiting Public Key Cryptography for Wireless Sensor Network," IEEE Computer Magazine, pp. 85-87, Nov. 2005.

Download ppt "1 Collaborative Processing in Sensor Networks Lecture 7 - Light-weight Security Solutions Hairong Qi, Associate Professor Electrical Engineering and Computer."

Similar presentations

LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.

LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.
1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.
Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:

Network Security Hwajung Lee. What is Computer Networks? A collection of autonomous computers interconnected by a single technology –Interconnected via:
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Authentication Digital Signature Key distribution.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.

1 ITC242 – Introduction to Data Communications Week 11 Topic 17 Chapter 18 Network Security.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
Public Key Cryptography

Public Key Cryptography
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Similar presentations

Ads by Google