Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sensor Network Security through Identity-Based Encryption

Published byPiers Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Sensor Network Security through Identity-Based Encryption"— Presentation transcript:

1 Sensor Network Security through Identity-Based Encryption
Nigel Boston Department of Mathematics, University of South Carolina Departments of Mathematics and ECE, University of Wisconsin

2 Overview of Talk Challenges faced Existing approaches
Identity-based encryption Benefits of IBE for sensor networks Conclusions and future work

3 UW Sensor Networks UW WiSeNet Consortium (wisenet.engr.wisc.edu)
Eric Bach (Computer Sciences) Akbar Sayeed (ECE) Several students (Matt Darnall, Kamal Srinivasan, Harris Nover, …) Affiliated faculty from ECE, CS, CE, …

4 Challenges of Sensor Networks
Limited memory, storage, and power Unreliable communication, conflicts, and latency Exposure to physical attacks, remote, decentralized management

5 Security Requirements
Data confidentiality Data integrity Data freshness Availability Self-organization Time synchronization Secure localization Authentication

6 Attacks Denial of service attacks Sybil attack
Traffic analysis attacks Node replication attacks Attacks against privacy Physical attacks

7 Key Distribution Attacks
Want shared secret keys between nodes which may have been pre-initialized without prior contact. Want nodes able to communicate without involving base station. Want additional nodes able to join existing network, unauthorized nodes prevented.

8 Encryption Techniques
Symmetric key (stream ciphers or block ciphers) SPINS TinySec Random graph theory (Eschenauer-Gligor) Impractical for large scale sensor networks

9 TinySec Message authentication, integrity, confidentiality are provided. Based on Skipjack, 80-bit symmetric cipher. Secure, reasonably efficient (time, transmission overhead, memory) If no rekeying, then compromising one node compromises the whole network.

10 Limitations of Secret Key
Key distribution Protection of key material - resilience Rekeying, if possible, incurs additional energy consumption Public-key cryptography improves on these

11 Public-Key Cryptography
Encryption key public, decryption key private - broken by solving a hard math problem. Originally regarded as too slow and consuming too much power. RSA with exponent 3 (idea - cheap encryption, more powerful receiver does more expensive decryption). Hard problem - factoring integers. Rabin-Williams (RSA with exponent 2).

12 RSA-200 Factored May, RSA-200 factored, using number field sieve by Jens Franke et al equals x

13 Problems with RSA A polynomial-time factoring algorithm would render RSA probably useless. A quantum computer can factor in polynomial-time (record so far - 15). In constrained environments (smart cards, PDAs, …), long keys are impractical. Companies want comparable security with much shorter key lengths.

14 Elliptic Curves The solutions of
in a field naturally form a group (can add pts) Hard problem: given points P, Q, find integer n such that Q = P+…+P (n terms).

15 Elliptic Curve Addition

16 Elliptic Curve Cryptography
ECC ever more popular for mobile devices 160-bit ECC same security as 80-bit symmetric, as 1024-bit RSA Hyperelliptic curve cryptography (HCC) apparently offers no advantage Malan (2004) implemented sensor net ECC Sun Microsystems (2005) announced Sizzle

17 World’s Smallest Secure Server

18 Authentication As sensor devices improve, ECC ever better.
Problem - in public-key crypto, A writes to B using B’s public key. Trusted authority signs B’s public key so A, by checking this signature, can verify B’s identity. Recursive checking expensive if low-power.

19 Identity-Based Encryption
Shamir asked if arbitrary bit strings (B’s name) can be used as public keys. After B receives A’s message, B computes (with trusted authority) a private key Note - burden of checking is on the receiver - in sensor networks weak sends to strong!

20 Identity-Based Encryption II
Boneh and Franklin give solution using the Weil pairing on elliptic curves. Can also use other pairings (Tate, eta, Ate, …) - Ate is up to 6 times faster than the others. Cocks’s IBE scheme based on quadratic residues suffers from ciphertext expansion.

21 Pairings E is an elliptic curve defined over GF( ),
The points on E form an abelian group and we consider a bilinear non-degenerate pairing (computed by Miller’s algorithm)

22 IBE Details Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys. To operate, the PKG first publishes a "master" public key, and retains the corresponding master private key. Given the master public key, any party can compute a public key corresponding to the identity i by combining the master public key with the identity value. To obtain a corresponding private key, the party authorized to use identity i contacts the PKG, which uses the master private key to generate the private key for identity i.

23 Other Advantages of IBE
Advantages in sensor network - (1) Physically secured master device is trusted authority (2) Each node given private key in advance - private key generator can then be destroyed

24 Simultaneous Research
Several groups have apparently come up with this idea simultaneously. The group (Doyle et al.) at DCU, Dublin has gone furthest in implementation - found the energy performance of key negotiation using an IBE scheme based on Tate pairing on the ARM platform was 0.44J (cf. nodes limited to 1000J battery capacity).

25 Some Questions IBE uses hashing - what features desirable for sensor networks? Efficient Weil pairing computation uses randomization - possible to eliminate?

26 Conclusions Sensor networks face novel security problems due to constraints and method of deployment The key distribution problem can be addressed by using IBE to negotiate a shared secret key Calculation of pairs of keys demands reasonable power consumption

Download ppt "Sensor Network Security through Identity-Based Encryption"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Cryptographic Technologies

Cryptographic Technologies
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Similar presentations

Ads by Google