Download presentation
Published byPiers Marsh Modified over 9 years ago
1
Sensor Network Security through Identity-Based Encryption
Nigel Boston Department of Mathematics, University of South Carolina Departments of Mathematics and ECE, University of Wisconsin
2
Overview of Talk Challenges faced Existing approaches
Identity-based encryption Benefits of IBE for sensor networks Conclusions and future work
3
UW Sensor Networks UW WiSeNet Consortium (wisenet.engr.wisc.edu)
Eric Bach (Computer Sciences) Akbar Sayeed (ECE) Several students (Matt Darnall, Kamal Srinivasan, Harris Nover, …) Affiliated faculty from ECE, CS, CE, …
4
Challenges of Sensor Networks
Limited memory, storage, and power Unreliable communication, conflicts, and latency Exposure to physical attacks, remote, decentralized management
5
Security Requirements
Data confidentiality Data integrity Data freshness Availability Self-organization Time synchronization Secure localization Authentication
6
Attacks Denial of service attacks Sybil attack
Traffic analysis attacks Node replication attacks Attacks against privacy Physical attacks
7
Key Distribution Attacks
Want shared secret keys between nodes which may have been pre-initialized without prior contact. Want nodes able to communicate without involving base station. Want additional nodes able to join existing network, unauthorized nodes prevented.
8
Encryption Techniques
Symmetric key (stream ciphers or block ciphers) SPINS TinySec Random graph theory (Eschenauer-Gligor) Impractical for large scale sensor networks
9
TinySec Message authentication, integrity, confidentiality are provided. Based on Skipjack, 80-bit symmetric cipher. Secure, reasonably efficient (time, transmission overhead, memory) If no rekeying, then compromising one node compromises the whole network.
10
Limitations of Secret Key
Key distribution Protection of key material - resilience Rekeying, if possible, incurs additional energy consumption Public-key cryptography improves on these
11
Public-Key Cryptography
Encryption key public, decryption key private - broken by solving a hard math problem. Originally regarded as too slow and consuming too much power. RSA with exponent 3 (idea - cheap encryption, more powerful receiver does more expensive decryption). Hard problem - factoring integers. Rabin-Williams (RSA with exponent 2).
12
RSA-200 Factored May, RSA-200 factored, using number field sieve by Jens Franke et al equals x
13
Problems with RSA A polynomial-time factoring algorithm would render RSA probably useless. A quantum computer can factor in polynomial-time (record so far - 15). In constrained environments (smart cards, PDAs, …), long keys are impractical. Companies want comparable security with much shorter key lengths.
14
Elliptic Curves The solutions of
in a field naturally form a group (can add pts) Hard problem: given points P, Q, find integer n such that Q = P+…+P (n terms).
15
Elliptic Curve Addition
16
Elliptic Curve Cryptography
ECC ever more popular for mobile devices 160-bit ECC same security as 80-bit symmetric, as 1024-bit RSA Hyperelliptic curve cryptography (HCC) apparently offers no advantage Malan (2004) implemented sensor net ECC Sun Microsystems (2005) announced Sizzle
17
World’s Smallest Secure Server
18
Authentication As sensor devices improve, ECC ever better.
Problem - in public-key crypto, A writes to B using B’s public key. Trusted authority signs B’s public key so A, by checking this signature, can verify B’s identity. Recursive checking expensive if low-power.
19
Identity-Based Encryption
Shamir asked if arbitrary bit strings (B’s name) can be used as public keys. After B receives A’s message, B computes (with trusted authority) a private key Note - burden of checking is on the receiver - in sensor networks weak sends to strong!
20
Identity-Based Encryption II
Boneh and Franklin give solution using the Weil pairing on elliptic curves. Can also use other pairings (Tate, eta, Ate, …) - Ate is up to 6 times faster than the others. Cocks’s IBE scheme based on quadratic residues suffers from ciphertext expansion.
21
Pairings E is an elliptic curve defined over GF( ),
The points on E form an abelian group and we consider a bilinear non-degenerate pairing (computed by Miller’s algorithm)
22
IBE Details Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a "master" public key, and retains the corresponding master private key. Given the master public key, any party can compute a public key corresponding to the identity i by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use identity i contacts the PKG, which uses the master private key to generate the private key for identity i.
23
Other Advantages of IBE
Advantages in sensor network - (1) Physically secured master device is trusted authority (2) Each node given private key in advance - private key generator can then be destroyed
24
Simultaneous Research
Several groups have apparently come up with this idea simultaneously. The group (Doyle et al.) at DCU, Dublin has gone furthest in implementation - found the energy performance of key negotiation using an IBE scheme based on Tate pairing on the ARM platform was 0.44J (cf. nodes limited to 1000J battery capacity).
25
Some Questions IBE uses hashing - what features desirable for sensor networks? Efficient Weil pairing computation uses randomization - possible to eliminate?
26
Conclusions Sensor networks face novel security problems due to constraints and method of deployment The key distribution problem can be addressed by using IBE to negotiate a shared secret key Calculation of pairs of keys demands reasonable power consumption
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.