Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? Ortal Arazi Electrical & Computer Engineering Department The University.

Published byJayson Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? Ortal Arazi Electrical & Computer Engineering Department The University."— Presentation transcript:

1 1 Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? Ortal Arazi Electrical & Computer Engineering Department The University of Tennessee Knoxville, TN 37996-2100

2 Ortal Arazi – Research overview (second presentation) 2 Outline What is an Elliptic Curve? Point by Scalar multiplication Experimental results Experimental results Scalar by Scalar multiplication

3 Ortal Arazi – Research overview (second presentation) 3 What is an Elliptic Curve? In GF(2 m ) an ordinary elliptic curve E suitable for elliptic curve cryptography is defined by the set of points (x; y) that satisfy the equation : Example:

4 Ortal Arazi – Research overview (second presentation) 4 Point by Scalar multiplication: Q- point on the curve K- scalar k*Q=? Point by scalar multiplication involves Point additions and multiplications of a pint by 2 How do we multiply a point by 2? How do we add two points? These arithmetics involve calculations over the field GF(2 m ) C=Q For i=2 to n C=2*C If k(i)=1 then C=C+Q C= k*Q Example: (k=1101, Q-point, n=4) 13*Q=? K(2)=1, K(3)=0, K(4)=1, C=Q i=2: C=2*Q C=2*Q+Q=3*Q i=3: C=2*3*Q=6*Q i=4: C=2*6*Q=12*Q C=12*Q+Q=13*Q

5 Ortal Arazi – Research overview (second presentation) 5 Cryptocomplexity Analysis The number of MIPS years it takes to compute an elliptic curve logarithm MIPS: million of instructions per second. A MIPS computer performs about 2 40 elliptic curve additions per year

6 Ortal Arazi – Research overview (second presentation) 6 Experimental results on the motes: Experimental results on the TPR 2400CA TelosB motes: (1)(2) The curves that we are using:

7 Ortal Arazi – Research overview (second presentation) 7 Experimental results on the motes: Experimental results on the TPR 2400CA TelosB motes: Time computed for establishing an online pairwise self-certified fixed and ephemeral key

8 Ortal Arazi – Research overview (second presentation) 8 Fixed key Vs. Ephemeral key Fixed key: The private key shared by a pair of nodes is constant Ephemeral key: The private key shared by the same pair of nodes change Cluster A Cluster B Offloading the calculations

9 Ortal Arazi – Research overview (second presentation) 9 Scalar by Scalar Multiplication All calculations over an Elliptic curve are modulo the order of the curve For example: If the order of the curve is Ord G, then: What is Ord G? A number in which multiplying G (a point ton the curve) by a scalar is periodic. i.e. when exceeding ordG you start from the beginning: 1×G = (ordG + 1)×G.  s×P = (s mod ordG)×P. What does all this have to do with WSN?

10 Ortal Arazi – Research overview (second presentation) 10 Self certified DH key generation Node i Node j In both Fixed and Ephemeral key generations, each node needs to multiply 2 scalars mod ord G each node needs to multiply 2 scalars mod ord G Fixed: x i * H(ID j, U j ) * U j + x i R Ephemeral: Pvi* H(IDj, Uj) * Uj + (xi+ Pvi) (Evj +R) - xi * R

11 Ortal Arazi – Research overview (second presentation) 11 The Montgomery Multiplication a b Montgomery (mod n) X- number of bits in the scalar Step (1) Step (2) Montgomery (mod n) How do we achieve the multiplication ?

12 Ortal Arazi – Research overview (second presentation) 12 The Montgomery Multiplication (cont) s = 0 for i = 0 to n-1 (r- a number obtained form the curve) (u is the least significant coefficient of the value obtained from multiplying the least significant coefficient of t, by r.) (the least significant coefficient of v is now 0) (s is obtained by erasing the least significant coefficient of v) if s = 164 (or 132) bits then s = s – OrdG p q 16 (128 or 160 bits) 0 n-1 Ord G: 163 or 131 bits

13 Ortal Arazi – Research overview (second presentation) 13 The Montgomery Multiplication (cont) X i, Pvi H(IDj, Uj) 16 0 n-1 Ord G: 163 or 131 bits Type of key issued: On-line scalar multiplication - What we need After Montgomery - What we have Fixed xi * H(IDj, Uj) Mod Ord G xi*H(IDj, Uj)*2 -16n Mod Ord G Ephemeral Pvi * H(IDj, Uj) Mod Ord G Pvi*H(IDj, Uj)*2 -16n Mod Ord G

14 Ortal Arazi – Research overview (second presentation) 14 The Montgomery Multiplication (cont) How do we generatexi * H(IDj, Uj) Mod Ord G How do we generate xi * H(IDj, Uj) Mod Ord G instead of xi*H(IDj, Uj)*2 -16n Mod Ord G? use the Montgomery procedure again ? use the Montgomery procedure again ? Problem: using more resources (time, memory and energy) Do not change it, change the calculations of the secrect key x i ! Do not change it, change the calculations of the secrect key x i !

15 Ortal Arazi – Research overview (second presentation) 15 The Montgomery Multiplication (cont) Calculations of node i: Calculations of node j:

16 Ortal Arazi – Research overview (second presentation) 16 Mathematical equations: Calculations of node i: Calculations of node j:

17 Ortal Arazi – Research overview (second presentation) 17 Summery Despite the elaborate calculations, point by scalar multiplications is feasible on a WS mote Cryptocomplexity Analysis shows that using ECC is highly desirable Offloading will help in: gaining execution speed and better power distribution across the network The need for scalar by scalar Multiplication was introduced. The Montgomery multiplication procedure was introduced saving resources (energy, memory and time) saving resources (energy, memory and time) Implementing the Montgomery multiplication procedure only ONCE is feasible, hence saving more resources (energy, memory and time)

18 Ortal Arazi – Research overview (second presentation) 18 Future directions Finish the implementation of a self-certified DH key generation Implementation of a group key generation Fault tolerance key exchange Ensuring group key generation even if some of the nodes fail Probability of failure as a function of node density % of nodes without a group key (treated as malicious or malfunctioned) Reduction of the time it takes to calculate the shared keys by the pairs a b c K ab K ba K ac K ca

19 Ortal Arazi – Research overview (second presentation) 19 Future directions Self certified DH key exchange between cluster heads (within different clusters) Using base stations to help with the calculations Key exchange between nodes and the base station (taking into advantage the fact that the base station does not have computational problems ) Hijacking of nodes by malicious party (how do we establish a way to distinguish the attackers) Mobile nodes

20 Ortal Arazi – Research overview (second presentation) 20 Questions?

Download ppt "1 Calculations over an Elliptic curve, HOW DO WE DO IT? Why do we need it for WSN? Ortal Arazi Electrical & Computer Engineering Department The University."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Cryptography and Network Security

Cryptography and Network Security
1 Fault-Tolerant Computing Systems #6 Network Reliability Pattara Leelaprute Computer Engineering Department Kasetsart University

1 Fault-Tolerant Computing Systems #6 Network Reliability Pattara Leelaprute Computer Engineering Department Kasetsart University
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Copyright 2004 Koren & Krishna ECE655/DataRepl.1 Fall 2006 UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Fault Tolerant Computing.

Copyright 2004 Koren & Krishna ECE655/DataRepl.1 Fall 2006 UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Fault Tolerant Computing.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.

LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
A One Round Protocol for Tripartite Diffie Hellman By Dane Vanden Berg.

A One Round Protocol for Tripartite Diffie Hellman By Dane Vanden Berg.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Homework #4 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.

A Public Key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography David J. Malan, Matt Welsh, Michael D. Smith Presented.
A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

A Dual Field Elliptic Curve Cryptographic Processor Laboratory for Reliable Computing (LaRC) Electrical Engineering Department National Tsing Hua University.

Similar presentations

Ads by Google