MuGM IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Use of certificates as a base security level for securing PoS/MN multicast communication Date Submitted: November, 2012 Authors or Source(s): Daniel Corujo (ITAv), Antonio de la Oliva (UC3M) Abstract: This document describes the use of certificates as the base security layer for the IEEE d solution.
MuGM IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE ’ s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE ’ s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6
Security Schemes With large sensor networks as a typical groupcast control mechanism scenario, several considerations are posed: – Resource Constraints – Network Constraints – Malicious attacks As such, a scheme for groupcast authentication of the source of the information, in large user environments is needed
Authentication Scheme using Certificates Each device contains a public/private key pair, which is digitally signed by a Certificate Authority The PoS contains a public/private key pair, and establishes a relationship with a PKI infrastructure for validating the device certificates The PoS certificate can also be stored in the MIIS which access is secured by the use of certificates in a similar way
Authentication Scheme using Certificates Once the PoS certificate has been obtained The PoS multicast messages – By signing them with its certificate and indicating the current time The d nodes verify the authenticity of the received message – By verifying the certificate, signature and the current time
Considerations Certificate Revocation List – They can take up space in sensor nodes (which have memory restrictions) To authenticate each singular message, at least two signature verifications are needed Key updates are difficult PKC schemes are no longer impractical to WSNs due to Elliptic Curve Cryptography This can be simplified by securing MIIS communication and storing there the PoSs certificates