Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hyunsung Kim Dept. of Cyber Security, Kyungil University Korea Non-interactive Hierarchical Key Agreement Protocol over WHMS.

Published byAlfred Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "Hyunsung Kim Dept. of Cyber Security, Kyungil University Korea Non-interactive Hierarchical Key Agreement Protocol over WHMS."— Presentation transcript:

1 Hyunsung Kim Dept. of Cyber Security, Kyungil University Korea Non-interactive Hierarchical Key Agreement Protocol over WHMS

2 Sensor Network Sensor node Sensing Processing Communication 2 29

3 Sensor Network (Limitations) Modest processing power – 8 MHz Very little storage – a few hundred kilobits Short communication range – consumes a lot of power Small form factor – several mm 3 Minimal energy – constrains protocols Batteries have a finite lifetime Passive devices provide little energy 3 29

4 Sensor Network (Example) 4 29

5 Sensor Network (Example) 5 29

6 Sensor Network (Example) 6 29

7 7 29 Index Aging Society Wireless Health Monitoring Systems WHMS Security Concerns WHMS Privacy Issues Non-Interactive Hierarchical Key Agreement Protocol Conclusion

8 Aging Society 8 29

9 Aging Society 9 29

10 Aging Society 10 29

11 Wireless Health Monitoring Systems (WHMSs) The integration of IT technology into traditional medicine Diagnosis, monitoring and treatment of illness at remote It can help individuals to improve their personal health and wellbeing 11 29

12 WHMS System Configuration 12 29 Internet Physician, PH i uHealth Server, SV EHR Patient PA i GW i SN i1 SN i2 SN i3 SN i4 SN i5 SN i6 Access point Tier 1Tier 2Tier 3 data generationdata transmissiondata storage and access

13 WHMS Security Concerns Data Encryption: The data is encrypted so that it is not disclosed whilst in transit Data Integrality: The recipient can be sure that the data has not been altered or changed Authentication: It is an efficient method against impersonation attacks Freshness Protection: This prevents the attacker from replaying the old frames 13 29

14 WHMS Privacy Issues All communications are required to be encrypted to protect the user’s privacy It is also necessary that, specific users should not be identified unless there is a need Educating general people to know privacy issues 14 29

15 One round communication to setup a session key between two communication parties Non-Interactive Hierarchical Key Agreement Protocol Non-interactive Hierarchical access control EHR security provision Non-Interactive Hierarchical Key Agreement Protocol over WHMS 15 29

16 Notations SymbolDescription PA i Patient i PH i Attending physician i of PA i SVu-Health server GW i Gateway i SN i,j Sensor node j in the GW i ID i Entity i’s identifier AD i Amplified identity of ID i (S 1, S 2, S 3, S 4 ) Private key set of PKG, S i  Z q * SKSession key established between two entities riri Random number G 1, G 2 Cyclic groups of prime order q PA generator of G 1 ê Bilinear map G 1  G 1  G 2 H() One way hash function H : {0, 1} *  G 1 * EK(M)EK(M)Symmetric key encryption of M by using a key K ∙Multiplication ||Concatenation 16 29

17 Bilinear Pairing Definition 1: Let G is an additive group of prime order q and G T a multiplicative group of the same order. Let P denote a generator of G. An admissible pairing is a bilinear map ê : G  G  G T Bilinear : given Q, R  G and a, b  Z * q, we have ê(aQ, bR) = ê(Q, R) ab Non-degenerate : ê(P, P)  1 G T Computable : ê is efficiently computable 17 29

18 Permission Hierarchy 18 29 SV PH 1 PH 2 PH i … SN 1,1,1 GW 1,1 SN 1,1,k GW 1,j GW 2,1 GW 2,j GW i,1 GW i,j ……… … SN 2,1,1 SN 2,1,k … SN i,j,1 SN i,j,k … … … … Tier 1 Tier 2 Tier 3

19 System Initialization PKG initializes two cyclic groups, G 1 and G 2, of prime order q, a bilinear pairing ê : G 1  G 1 →G 2 and a hash function H: {0, 1} *  G 1 * PKG creates a private key set (S 1, S 2, S 3, S 4 ) for a WHMS PKG computes AD SV =H(ID SV ) and AD SV ·S 1 19 29

20 Physician Registration PH i SV SV Checks the validity of ID PH i Computes AD PH i =H(ID PH i ) AD PH i ·S 2 Issues a key pair (AD SV ·S 1, AD PH i ·S 2, S 3, S 4 ) (AD SV, AD PH i ) 20 29 Physician, PH i uHealth Server, SV ID PH i

21 Hierarchical Key Setup 21 29 SV PH 1 … SN 1,1,1 GW 1,1 Tier 1 Tier 2 Tier 3 PH i GW i,j SN i,j,k (AD SV ·S 1, S 2, S 3, S 4 ) (AD SV ·S 1, AD PH ·S 2, S 3, S 4 ) 1 i … …

22 Patient Registration PA i SV SV Checks the validity of ID PA i Computes AD GW i,j =H(ID GW i,j ), AD GW i,j ·S 3 AD SN i,j,k =H(ID SN i,j,k ), AD SN i,j,k ·S 4 Issues a key pair (AD SV ·S 1, AD PHi ·S 2, AD GW i,j ·S 3, S 4 ),(AD SV,AD PH i,AD GW i,j ) (AD SV ·S 1, AD PH i ·S 2, AD GW i, j ·S 3, AD SN i,j,k ·S 4 ),(AD SV,AD PH i,AD GW i,j,AD SN i,j,k ) 22 29 uHealth Server, SV Patient PA i GW i SN i1 SN i2 SN i3 SN i4 SN i5 SN i6 ID PA i

23 Hierarchical Key Setup 23 29 SV PH 1 … SN 1,1,1 GW 1,1 Tier 1 Tier 2 Tier 3 PH i GW i,j SN i,j,k (AD SV ·S 1, S 2, S 3, S 4 ) (AD SV ·S 1, AD PH ·S 2, S 3, S 4 ) 1 (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, S 4 ) 1 1,1 (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, AD SN ·S 4 ) 1 1,1 1,1,1 (AD SV ·S 1, AD PH ·S 2, S 3, S 4 ) i (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, S 4 ) i i,ji,j (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, AD SN ·S 4 ) i i,ji,ji,j,ki,j,k … …

24 Non-Interactive Key Agreement and Secure Communication 24 29 Patient PA j Physician, PH i uHealth Server, SV SN i,j,d (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, AD SN ·S 4 ) i i,ji,j i,j,di,j,d (AD SV, AD PH, AD GW, AD SN ) i i,ji,j i,j,di,j,d (AD SV ·S 1, AD PH ·S 2, S 3, S 4 ) i (AD SV, AD PH ) i Chooses r 1 Computes R 1 =r 1 ·AD SN i,j,d Computes SK 1 =ê(AD SV ·S 1, AD SV )· ê(AD PH i ·S 2, AD PH i )·ê(AD GW i,j ·S 3, AD PH i )· ê(AD SN i,j,d ·S 4, AD PH i ) r 1 Computes M 1 =E SK 1 (Data i ) Computes MAC 1 =H(SK 1 ||R 1 ||M 1 ) {R 1, M 1, AD SNi,j,d, MAC 1 } EHR

25 Non-Interactive Key Agreement and Secure Communication 25 29 Patient PA j Physician, PH i EHR SN i,j,d (AD SV ·S 1, AD PH ·S 2, AD GW ·S 3, AD SN ·S 4 ) i i,ji,j i,j,di,j,d (AD SV, AD PH, AD GW, AD SN ) i i,ji,j i,j,di,j,d (AD SV ·S 1, AD PH ·S 2, S 3, S 4 ) i (AD SV, AD PH ) i Chooses r 1 Computes R 1 =r 1 ·AD SNi,j,d Computes SK 1 =ê(AD SV ·S 1, AD SV )· ê(AD PHi ·S 2, AD PHi )·ê(AD GWi,j ·S 3, AD PHi )· ê(AD SNi,j,d ·S 4, AD PHi ) r1 Computes M 1 =E SK1 (Data i ) Computes MAC 1 =H(SK 1 ||R 1 ||M 1 ) {R 1, M 1, AD SNi,j,d, MAC 1 } Authenticated by SV Computes SK 1 ’=ê(AD SV ·S 1, AD SV )· ê(AD PH i ·S 2, AD PH i )·ê(AD PH i, AD GW i,j ) S 3 · ê(AD PH i, R 1 ) S 4 Verify MAC 1 ?=H(SK 1 ’||R 1 ’||M 1 ) Retrieve Data i =D SK 1’ (M 1 )

26 Session Key Equivalence SK 1 =ê(AD SV ·S 1, AD SV )·ê(AD PH i ·S 2, AD PH i )· ê(AD GW i,j ·S 3, AD PH i )·ê(AD SN i,j,d ·S 4, AD PH i ) r 1 =ê(AD SV ·S 1, AD SV )·ê(AD PH i ·S 2, AD PH i )· ê(AD GW i,j ·S 3, AD PH i )·ê(AD SN i,j,d, AD PH i ) r 1 ·S 4 = ê(AD SV ·S 1, AD SV )·ê(AD PH i ·S 2, AD PH i )· ê(AD GW i,j, AD PH i ) S 3 ·ê(AD SN i,j,d, AD PH i ) r 1 ·S 4 = ê(AD SV ·S 1, AD SV )·ê(AD PH i ·S 2, AD PH i )· ê(AD GW i,j, AD PH i ) S 3 ·ê(R 1, AD PH i ) S 4 = ê(AD SV ·S 1, AD SV )·ê(AD PH i ·S 2, AD PH i )· ê(AD PH i, AD GW i,j ) S 3 ·ê(AD PH i, R 1 ) S 4 =SK 1 ’ 26 29

27 Non-Interactive Key Agreement and Secure Communication 27 29 Internet Patient PA i Physician, PH i uHealth Server, SV EHR GW i SN i1 SN i2 SN i3 SN i4 SN i5 SN i6 Access point Tier 1Tier 2Tier 3 data generationdata transmissiondata storage and access SN i4 GW i PH i SV EHR

28 28 29 Conclusion Importance of Security and Privacy in Wireless Health Monitoring System Non-Interactive Hierarchical Key Agreement Protocol One round key establishment Hierarchical access control EHR security provision

29 Thank You !

Download ppt "Hyunsung Kim Dept. of Cyber Security, Kyungil University Korea Non-interactive Hierarchical Key Agreement Protocol over WHMS."

Similar presentations

By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Secure Handshake with Symptoms-matching: The Essential to the Success of mHealthcare Social Network University of Waterloo & University of Ontario Institute.

1 Secure Handshake with Symptoms-matching: The Essential to the Success of mHealthcare Social Network University of Waterloo & University of Ontario Institute.
Presenter : Stuart Stent Lecturer : Robert Dale Supervisor: Rajan Shankaran.

Presenter : Stuart Stent Lecturer : Robert Dale Supervisor: Rajan Shankaran.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.

Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google