A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor...
-
Upload
vernon-oliver -
Category
Documents
-
view
214 -
download
1
Transcript of A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor Networks
Author: Xiaojiang Du, Guizani M., Yang Xiao and Hsiao-Hwa ChenSource: Wireless Communications, IEEE, vol.8, no.3, pp.1223-1229, 2009Presenter: Yung-Chih LuDate: 2010/07/13
Outline
Introduction Related Work
L. Eschenauer and V. Gligor. “A Key-Management Scheme for Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov. 2002.
Proposed Scheme Performance Evaluaton Security Analysis Conclusion & Comment
Introduction(2/6)Similarities MANET WSN
Multi-hop routing Yes Yes
Auto-configurable wireless networks Yes Yes
Self-healing Yes Yes
Mobility of nodes Yes Yes
unlicensed spectrum Yes Yes
Differences MANET WSN
Limited computation No Yes
Global identification Yes No
Prone failures No Yes
Base station No Yes
Densely deployed in environment No Yes
The Topology changes frequently No Yes
Introduction(3/6) Sensor node constraints
Battery power • Computational energy consumption• Communication energy consumption
Transmission range Memory space Tamper protection
Evaluation/Comparison metrics Resilience against node capture Addition Revocation Supported network size suite all needs
E-G Scheme(1/3)
Key pre-distribution phase
Key pool(217-220 keys)
Key pool(217-220 keys)
Key ring(m keys)
Key ring(m keys)
Key ring(m keys)
……
two neighboring nodes have at least one the same key in their key rings
E-G Scheme(2/3) Shared-key discovery
Key ring(m keys)
Key ring(m keys)
Key ring(m keys)
wireless
sennor node discovers its neighbors to find the common shared-key in their key ring
the connected graph of secure link is formed
E-G Scheme(3/3)
Path-key establishment
Key ring(m keys)
Key ring(m keys)
Source sensor node
Target sensor node
Path key
Proposed Scheme(1/4)
Centralized Key Establishment
(1)Send EKRL[Key-request message ]
(L-sensor ID and location)
(2)DKUL[EKR
L
[Key-request message ]]= Key-request message
(3)run Centralized MST algorithm to determine the tree structure
(4) disseminates the parent-child relationships to all L-sensors
(5)Send EKUL[Ku,v]
(6)DKRL[EKU
L[Ku,v]]
= Ku,v
Proposed Scheme(2/4)
Centralized Key Establishment
L-sensor: KUH 、 KU
L and KRL
H-sensor: KUH 、 KR
H
all LUL and special key KH
KH is used by a symmetric encryption algorithm
KH
newKH
Proposed Scheme(3/4)
Distributed Key Establishment
(1)Send EKRL[Key-request message ]
(L-sensor ID and location)
(2)DKUL[EKR
L
[Key-request message ]]= Key-request message
(3)run Centralized MST algorithm to determine the tree structure
(4) disseminates the parent-child relationships to all L-sensors
(5)Send public key certificate
EKRH[KU
L]
(6)Proves the authenticity of a public key
Proposed Scheme(4/4)
Distributed Key Establishment
u v(1)Send KUu
(2)Send KUv(4)KR
uKUv (3)KR
vKUu
Ku,v = KRuKU
v = KRvKU
u
Performance Evaluation(1/2)Storage Saving
Cluster Head
Other Sensors
E-G Scheme mM mN
Proposed Scheme-
Centralized
(N+3)M 2N
Proposed Scheme-
Distributed
3M 2N
E-G:64-bit keyECC:160-bit keyE-G Scheme : ECC-Centralized : ECC-Distributed= 29.7 : 10.2 : 1
Security Analysis(1/2) Proposed Scheme
each sensor is preloaded with one unique private key. Each pair of communicating sensor has a different
shared key.
E-G Scheme Compromising probability C(m) =
Σ[(1-(1-m/P)c)j p(j)] / Σp(j)
p(j) = (Pj)(P-j
2(m-j))(2(m-j)m-j) / (p
m)2
p(1) = m!(P-m)!(P-m)!/P!m!(P-2m)!
m
j=1
m
j=1
Security Analysis(2/2)
E-G Scheme Proposed Scheme
Resilience against node capture
C(m) 0
Addition Establishes a key ring
Establishes shared key
Revocation Revokes the key ring
Revokes the shared key
Supported network size
Small large
Suite all needs No No
Evaluation/Comparison metrics