Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author: Hangyang Dai and Hongbing Xu

Similar presentations


Presentation on theme: "Author: Hangyang Dai and Hongbing Xu"— Presentation transcript:

1 Key Predistribution Approach in Wireless Sensor Networks Using LU Matrix
Author: Hangyang Dai and Hongbing Xu Source: IEEE Sensor Journal, vol. 10, no. 8, pp , Aug (Impact Factor = 1.581) Presenter: Yung-Chih Lu Date: 2010/08/04

2 Outline Introduction Proposed Scheme Performance & Security Evaluation
Conclusion

3 Introduction(1/4) location finding system mobilizer Base station
sensing unit processing unit transceiver Unit microprocessor digital/ analog converter sensor storage device power unit Power generation Wireless Sensor Network Sensor Architecture

4 Introduction(2/4) LU Matrix
Lower Triangular Matrix      Upper Triangular Matrix

5 Introduction(3/4) The type of key agreement protocol Trusted-server:
The trusted server shares a key with every node and transmits session keys to the nodes on quest. Public-key: Perform a public-key infrastructure. Key predistribution: Keys are distributed to all sensor nodes prior to deployment.

6 Introduction(4/4) Constraints Requirements Limited energy consumption
Low transmission range Limited Memory overhead Requirements High network connectivity Robust resilience against node capture Low memory overhead

7 Eschenauer-Gligor Scheme(1/5)
L. Eschenauer and V. Gligor. “A Key-Management Scheme for Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov Key pre-distribution phase P :key pool size , k = key ring size Pr[ two key rings share at least a key] = 1 - Pr[ two nodes do not share any key] = 1 - (C(P, k) / C(P, k)) × (C(k, 0) × C(P-k, k) / C(P, k)) = Stirling’s approximation : Example1: P=1000 , k=100 Pr = ≒ ×e-83/ ×e-78 ≒ 1 Example2: P=1000 , k=10 ≒ ×e-9 / ×e-9 ≒ =

8 Eschenauer-Gligor Scheme(2/5)

9 Eschenauer-Gligor Scheme(3/5)
L-Sensor : Low-end sensor H-Sensor : High-end sensor Key pre-distribution phase Key pool Keys Key identities Key ring (k keys) :L-Sensor Key identity = key mod 232 H-Sensor : L-Sensors ID、 L-Sensors key identifiers and Kci L-Sensor : k keys、 key identifiers and Kci Kci = EKx(ci) Kx = K1⊕,…, ⊕Kk ci = H-Sensor ID H-sensor

10 Eschenauer-Gligor Scheme(4/5)
Shared-key discovery Step1:Each L-sensor Broadcasts a list of key identities. Step2:L-sensor runs a challenge-response protocol if L-sensor find the common key. Key ring (k keys) :L-Sensor Key ring (k keys) Key ring (k keys) Key ring (k keys) H-sensor Key ring (k keys) Key ring (k keys) α = Dki[Eki(α)] Eki(α) Key ring (k keys) Key ring (k keys) Key ring (k keys) Key ring (k keys) Key ring (k keys)

11 Eschenauer-Gligor Scheme(5/5)
Path-key establishment Key ring (k keys) :L-Sensor Key ring (k keys) Key ring (k keys) Key ring (k keys) H-sensor Key ring (k keys) Key ring (k keys) α = Dkp[Ekp(α)] Key ring (k keys) Key ring (k keys) Key ring (k keys) Ekc(kp) Ekp(α) Key ring (k keys) Key ring (k keys) Ekc(kp)

12 Pairwise Key Predistribution Scheme(1/5)
Galois Field q elements (q is a prime number) Field is closed under additive and multiplicative operator The sign is GF(q) s is a primitive number Example: GF(7) 3 mod 7 = 3 3^2 mod 7=2 3^3 mod 7 =6 3^4 mod 7 =4 3^5 mod 7 =5 3^6 mod 7 = 1 The order of 3 is 6 3 is a primitive number W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili. “A pairwise key predistribution scheme for wireless sensor networks.” ACM Trans. Inf. Syst. Secur., vol. 8, no. 2, pp. 228–258, 2005. linear independent Node k only store the seed sk k=1,2,…,N

13 Pairwise Key Predistribution Scheme(2/5)
Blom’s scheme D : a symmetric matrix of size (λ+1)×(λ+1) G : a matrix of size (λ+1)×N 1X + 1Y = 0 …(1) 3X + 2Y = 0 …(2) 2X + 4Y = 0 …(3) (2) – 2.(1) X = 0 …(4) substitute (4) into (1) X = Y = 0 Example: N=2 , λ=2 , GF(7) D.G = A=(D.G)T = A.G = K12 = K21 = 3 [ ] 1 6 2 6 3 5 2 5 2 [ ] 1 1 3 2 2 4 2 0 4 4 0 6 = mod 7 . [ ] 2 4 0 0 4 6 [ ] 2 0 4 4 0 6 T [ ] 2 4 0 0 4 6 [ ] 1 1 3 2 2 4 [ ] 0 3 3 4 . = mod 7 λ-secure property guarantees that no coalition of up to λ nodes (not including i and j) have any information about Kij or Kji.

14 Pairwise Key Predistribution Scheme(3/5)
Key pre-distribution phase Step1:Generating a G matrix Step2:Generating ω D matrices D1,…,Dω Step3:Caculating Ai = (Di.G)T i = 1,…, ω Step4:Selecting τ spaces per node 2≦τ<ω Example: ω=3 , τ=2 , each L-sensor store (λ+1)×τ elements H-sensor Step3: A1 A2 A3 L1-Sensor L2-Sensor Step4 Step4: A1(1) A3(1) Seed sk k=1,…,N Seed: s1 A2(2) A3(2) Seed: s2

15 Pairwise Key Predistribution Scheme(4/5)
Key agreement phase Step1:Each L-sensor Broadcasts a message message = L-sensor’s id + the indices of the spaces + seed Step2:Two L-sensors can establish a common secret key if they both hold a common key space. H-sensor message A1(1) A3(1) A2(2) A3(2) Seed: s2 Seed: s1

16 Pairwise Key Predistribution Scheme(5/5)
Pactual[ two nodes share at least a space] = 1 – Pactual[two nodes do not share any space]

17 [ ] Proposed Scheme(1/6) Blundo Polynomial-based protocol
Setup server randomly generates a symmetric bivariate t-degree polynomial Example: f(x,y) = 4x2y2 + x3y1 + x1y3 It’s a symmetric bivariate 3-degree polynomial over a finite field Fq [ ] 0 0 1 0 4 0 1 0 0

18 Proposed Scheme(2/6) Blundo Polynomial-based protocol Step1: computes
1: Lu-Sensor ID 2: Lv-Sensor ID f(1,y) = 4y2 + y1 +y3 f(2,y) = 16y2 + 8y1 + 2y3 Step2:The Setup server loads the sensor node with coefficients Step3:Each sensor node broadcasts its own ID Step4:Receiver use ID to compute a shared secret key Kuv = f(u,v) = f(v,u) = Kvu K12 = f(1,2) = 26 = f(2,1) = K21 H-sensor Lu-Sensor y1 y2 y3 Lv-Sensor 1 4 y1 y2 y3 8 16 2

19 Proposed Scheme(3/6) Polynomial predistribution phase Polynomial pool
(Bivariate t-degree Polynomial + Unique ID) Assuming that u11=1, u22=2, u33=3

20 Proposed Scheme(4/6) Polynomial predistribution phase
Randomly distribute one row of L and one column of U to each sensor node r1 : 1st row , c1 : 1st column r2 : 2nd row , c2 : 2nd column

21 Proposed Scheme(5/6) Shared key establishment phase SB: node B’s ID
To Match or Not To Match? MAC: message-authentication code CLR: is a confirmation

22 Proposed Scheme(6/6) Example: ω=3 , τ=2 , …
Step1:Generating a Polynomial Pool (ω Polynomials) P1,…,Pω Step2:Selecting τ polynomials per node 2≦τ<ω Example: ω=3 , τ=2 , each L-sensor store (t+1)×τ elements H-sensor Step1: P1 P2 P3 L1-Sensor L2-Sensor Step2: P1(r1) P1(c1) P3(r1) P3(c1) P2(r2) P2(c2) P3(r2) P3(c2)

23 Performance & Security Evaluation(1/4)

24 Performance & Security Evaluation(2/4)
network connectivity

25 Performance & Security Evaluation(3/4)
resilience against node capture k=400

26 Performance & Security Evaluation(4/4)
memory overhead Compare with Blundo scheme

27 Conclusion High network connectivity memory space saving
certain threshold node to node authentication


Download ppt "Author: Hangyang Dai and Hongbing Xu"

Similar presentations


Ads by Google