Download presentation
Presentation is loading. Please wait.
1
1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The University of Tennessee Knoxville, TN Oct. 18, 2005
2
Electrical & Computer Engineering Department The University of Tennessee 2 Outline Introduction Motivation and goal Foundations for self-certified key generation Two-node self-certified key generation Group self-certified key-generation Conclusions and future work
3
Electrical & Computer Engineering Department The University of Tennessee 3 Introduction Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks ? Cluster A Cluster B Collaborative processing
4
Electrical & Computer Engineering Department The University of Tennessee 4 Introduction Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks ? Same shared key
5
Electrical & Computer Engineering Department The University of Tennessee 5 Introduction Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks ? Authenticated nodes are able to prove their identity to other nodes
6
Electrical & Computer Engineering Department The University of Tennessee 6 Motivation Wireless sensor network (WSN) applications are growing Military and civilian Military and civilian Supported by diverse research on entire protocol stack Supported by diverse research on entire protocol stack Security is expected to play a key role … Confidentiality – nodes need to be able to exchange data “securely” Confidentiality – nodes need to be able to exchange data “securely” Authentication – nodes should be able to prove their identity to other nodes Authentication – nodes should be able to prove their identity to other nodes Message integrity – a node receiving a message should be able to prove it has not been altered Message integrity – a node receiving a message should be able to prove it has not been altered
7
Electrical & Computer Engineering Department The University of Tennessee 7 Motivation and goal Public key infrastructure (PKI) is a powerful and proven technology for addressing the three issues mentioned However, due to resource limitations in WSN, existing PKI solutions can not be directly applied Low computational capabilities Low computational capabilities Limited memory resources Limited memory resources Energy constraints imposed on communications Energy constraints imposed on communications Obtain an efficient and scalable self-certified key generation methodologies, specifically optimized for ad-hoc clusters of wireless sensor nodes. ad-hoc clusters of wireless sensor nodes.
8
Electrical & Computer Engineering Department The University of Tennessee 8 Foundations for self-certified key generation Once a dynamic cluster is established: 1.Initialize symmetric private keys (fixed or ephemeral) for pair nodes within the cluster (using self- certified DH) 2.Generate the group key: Node #1 generates the group Node #1 generates the group key and via XOR it is key and via XOR it is transferred to nodes 2 and 3 transferred to nodes 2 and 3 12 K 12 K 21 K 12 = K 21 1 3 2 K 12 K 21 K 23 K 32
9
Electrical & Computer Engineering Department The University of Tennessee 9 Two-node self-certified key-generation Fixed key: The private key shared by a pair of nodes is constant is constant Ephemeral key: The private key shared by the same pair of nodes change nodes change The nodes use random terms that yield The nodes use random terms that yield different keys for each session (much more secure) different keys for each session (much more secure)self-certification Each pair of nodes nodes will validate each others’ identities Each pair of nodes nodes will validate each others’ identities Inherent in the key generation process Inherent in the key generation process Cluster A Cluster B
10
Electrical & Computer Engineering Department The University of Tennessee 10 Diffie-Hellman Key Generation using ECC Uses 163 bits (equivalent of 1024 in RSA) and still retain the same “security strength” Calculations take less time, less memory and less hardware A B X- private key (scalar) Y - private key (scalar) P is a known point on the elliptic curve X x P (Y x P) x X= XY x P = (X x P) x Y Y x P The Discreet Log problem in ECC: by knowing X x P and P, one can not obtain x Two-node self-certified key-generation
11
Electrical & Computer Engineering Department The University of Tennessee 11 Fixed Key Generation Node iNode j ID j, U j ID i, U i ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA (Certifying authority) First option: issued by the CA (Certifying authority) Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA x i [ H ( ID j, U j ) * U j + R ] = x i [ H ( ID j, U j ) * U j + R ] = x j [ H ( ID i, U i ) * U i + R ] Key confirmation authentication
![Electrical & Computer Engineering Department The University of Tennessee 11 Fixed Key Generation Node iNode j ID j, U j ID i, U i ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA (Certifying authority) First option: issued by the CA (Certifying authority) Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA x i [ H ( ID j, U j ) * U j + R ] = x i [ H ( ID j, U j ) * U j + R ] = x j [ H ( ID i, U i ) * U i + R ] Key confirmation authentication](http://images.slideplayer.com./32/9975882/slides/slide_11.jpg "Electrical & Computer Engineering Department The University of Tennessee 11 Fixed Key Generation Node iNode j ID j, U j ID i, U i ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA (Certifying authority) First option: issued by the CA (Certifying authority) Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA x i [ H ( ID j, U j ) * U j + R ] = x i [ H ( ID j, U j ) * U j + R ] = x j [ H ( ID i, U i ) * U i + R ] Key confirmation authentication")
12
Electrical & Computer Engineering Department The University of Tennessee 12 Fixed Key Generation (cont.) R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: x i [ H ( ID j, U j ) * U j + R ] : : x i * x j *G x i * x j *G The case where (U v, X v ) are issued by the CA: CA provides: U i = h i * G U j = h j * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G Node j calculates: x j [ H ( ID i, U i ) * U i + R ] :: = x j * x i *G
![Electrical & Computer Engineering Department The University of Tennessee 12 Fixed Key Generation (cont.) R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: x i [ H ( ID j, U j ) * U j + R ] : : x i * x j *G x i * x j *G The case where (U v, X v ) are issued by the CA: CA provides: U i = h i * G U j = h j * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G Node j calculates: x j [ H ( ID i, U i ) * U i + R ] :: = x j * x i *G](http://images.slideplayer.com./32/9975882/slides/slide_12.jpg "Electrical & Computer Engineering Department The University of Tennessee 12 Fixed Key Generation (cont.) R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: x i [ H ( ID j, U j ) * U j + R ] : : x i * x j *G x i * x j *G The case where (U v, X v ) are issued by the CA: CA provides: U i = h i * G U j = h j * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G Node j calculates: x j [ H ( ID i, U i ) * U i + R ] :: = x j * x i *G")
13
Electrical & Computer Engineering Department The University of Tennessee 13 Fixed Key Generation (cont.) x i [ H ( ID j, U j ), * U j + R ] = x i H ( ID j, U j ), * U j + x i R scalar 2 multiplications of a scalar by a point on the elliptic curve, with only one dynamic Dynamic Point by scalar multiplication Offline point- by scalar multiplication Contribution:
![Electrical & Computer Engineering Department The University of Tennessee 13 Fixed Key Generation (cont.) x i [ H ( ID j, U j ), * U j + R ] = x i H ( ID j, U j ), * U j + x i R scalar 2 multiplications of a scalar by a point on the elliptic curve, with only one dynamic Dynamic Point by scalar multiplication Offline point- by scalar multiplication Contribution:](http://images.slideplayer.com./32/9975882/slides/slide_13.jpg "Electrical & Computer Engineering Department The University of Tennessee 13 Fixed Key Generation (cont.) x i [ H ( ID j, U j ), * U j + R ] = x i H ( ID j, U j ), * U j + x i R scalar 2 multiplications of a scalar by a point on the elliptic curve, with only one dynamic Dynamic Point by scalar multiplication Offline point- by scalar multiplication Contribution:")
14
Electrical & Computer Engineering Department The University of Tennessee 14 Ephemeral Key Generation ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Pv v : a random 163 bit number generated by node v - scalar Ev v = Pv v * G Pv i [ H(ID j, U j )* U j + R ] + ( x i + Pv i ) Ev j = Pv j [ H(ID i, U i )* U i + R ] + ( x j + Pv j ) Ev i Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA First option: issued by the CA Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA Node i Node j ID i, U i, Ev i ID j, U j, Ev j Key confirmation authentication
![Electrical & Computer Engineering Department The University of Tennessee 14 Ephemeral Key Generation ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Pv v : a random 163 bit number generated by node v - scalar Ev v = Pv v * G Pv i [ H(ID j, U j )* U j + R ] + ( x i + Pv i ) Ev j = Pv j [ H(ID i, U i )* U i + R ] + ( x j + Pv j ) Ev i Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA First option: issued by the CA Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA Node i Node j ID i, U i, Ev i ID j, U j, Ev j Key confirmation authentication](http://images.slideplayer.com./32/9975882/slides/slide_14.jpg "Electrical & Computer Engineering Department The University of Tennessee 14 Ephemeral Key Generation ID v : identification of node v - scalar U v : node v’s public key - a point on the curve X v : node v’s private key - scalar Pv v : a random 163 bit number generated by node v - scalar Ev v = Pv v * G Pv i [ H(ID j, U j )* U j + R ] + ( x i + Pv i ) Ev j = Pv j [ H(ID i, U i )* U i + R ] + ( x j + Pv j ) Ev i Each node has a set of public and private keys: (U v, X v ) First option: issued by the CA First option: issued by the CA Second option: calculated by the node, using information issued by the CA Second option: calculated by the node, using information issued by the CA Node i Node j ID i, U i, Ev i ID j, U j, Ev j Key confirmation authentication")
15
Electrical & Computer Engineering Department The University of Tennessee 15 Ephemeral Key Generation (cont.) Pv i * H(ID j, U j )* U j + ( x i + Pv i ) (Ev j + R) - x i * R Pv i * H(ID j, U j )* U j + ( x i + Pv i ) (Ev j + R) - x i * R DynamicMultiplication Performed by the node Off line Multiplication preformed ONCE DynamicMultiplication Performed by A neighbor (speed and energy) (speed and energy) Contribution: i ( x i + Pv i ), Ev j ( x i + Pv i ) (Ev j + R) Calculated offline
16
Electrical & Computer Engineering Department The University of Tennessee 16 Group-Key establishment based on Pairwise DH Key establishment K ij - Shared key of nodes i and j T - Required Public group key ajib T DES ? XOR K ab T T ’ T ‘’’.. ’ T ‘’’.. ’’ DES ? XOR K ij If T= T ‘’’.. ’’ then: 1) The system is Authenticated 2) we have a group key T ‘’’.. ’’ Self-certified group key-generation
17
Electrical & Computer Engineering Department The University of Tennessee 17 Conclusions We introduced an efficient ECC-based key generation methodology for ad hoc clusters in WSNs Authentication is inherently included through self- certification Both fixed and ephemeral key generations are treated Off-loading was proposed Gaining execution speed Gaining execution speed Better power distribution across the network Better power distribution across the network Group key generation was described
18
Electrical & Computer Engineering Department The University of Tennessee 18 Future work Fault tolerance Including all the nodes in the chain transferring the group key Including all the nodes in the chain transferring the group key What happens when one or more nodes fail on the chain (generation of redundant paths) What happens when one or more nodes fail on the chain (generation of redundant paths) Increasing the robustness of the key generation process: What happened when nodes are malicious? What happened when nodes are malicious? Analysis of energy consumption Protocol for neighbor node selection (Ephemeral key)
19
Electrical & Computer Engineering Department The University of Tennessee 19 Thank you. Questions?
20
Electrical & Computer Engineering Department The University of Tennessee 20 Backup slides
21
Electrical & Computer Engineering Department The University of Tennessee 21 Self certified DH key generation: Ephemeral key mathematical explanation - in the case where (U v, X v ) are issued by the CA: As given by the CA: U i = Pv i * G + h i * G = ( Pv i + h i ) * G U j = Pv j * G + h j * G = ( Pv j + h j ) * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: Pv i [ H ( ID j, U j ), * U j + R ]+ ( x i + Pv i ) Ev j x j *G x j *G = Pv i * x j *G + x i * Pv j * G + Pv i * Pv j * G Ev j Ev j Ev j Ev j Node jcalculates: Pv j [ H ( ID i, U i ), * U i + R ]+ ( x j + Pv j ) Ev i x i *G x i *G = Pv j * x i *G + x j * Pv i * G + Pv j * Pv i * G Ev i Ev i Ev i Ev i
![Electrical & Computer Engineering Department The University of Tennessee 21 Self certified DH key generation: Ephemeral key mathematical explanation - in the case where (U v, X v ) are issued by the CA: As given by the CA: U i = Pv i * G + h i * G = ( Pv i + h i ) * G U j = Pv j * G + h j * G = ( Pv j + h j ) * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: Pv i [ H ( ID j, U j ), * U j + R ]+ ( x i + Pv i ) Ev j x j *G x j *G = Pv i * x j *G + x i * Pv j * G + Pv i * Pv j * G Ev j Ev j Ev j Ev j Node jcalculates: Pv j [ H ( ID i, U i ), * U i + R ]+ ( x j + Pv j ) Ev i x i *G x i *G = Pv j * x i *G + x j * Pv i * G + Pv j * Pv i * G Ev i Ev i Ev i Ev i](http://images.slideplayer.com./32/9975882/slides/slide_21.jpg "Electrical & Computer Engineering Department The University of Tennessee 21 Self certified DH key generation: Ephemeral key mathematical explanation - in the case where (U v, X v ) are issued by the CA: As given by the CA: U i = Pv i * G + h i * G = ( Pv i + h i ) * G U j = Pv j * G + h j * G = ( Pv j + h j ) * G x i = [ H ( ID i, U i ),* h i + d ] mod org G x j = [ H ( ID j, U j ),* h j + d ] mod org G R : the CA’s public key = d*G - a point on the curve d : the CA’s private key - scalar G : a generating group-point, used by all relevant nodes - a point on the curve h v : a random 163 bit number generated by the CA - scalar Node i calculates: Pv i [ H ( ID j, U j ), * U j + R ]+ ( x i + Pv i ) Ev j x j *G x j *G = Pv i * x j *G + x i * Pv j * G + Pv i * Pv j * G Ev j Ev j Ev j Ev j Node jcalculates: Pv j [ H ( ID i, U i ), * U i + R ]+ ( x j + Pv j ) Ev i x i *G x i *G = Pv j * x i *G + x j * Pv i * G + Pv j * Pv i * G Ev i Ev i Ev i Ev i")
Similar presentations
