1 / 18

ITIS 6010/8010 Wireless Network Security

ITIS 6010/8010 Wireless Network Security. Dr. Weichao Wang. Pairwise key establishment with guarantee Problems of basic key pre-distribution and Chan’s improvement The key establishment is not guaranteed Tolerance to sensor compromise Polynomial based key pre-distribution

daisy
Download Presentation

ITIS 6010/8010 Wireless Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang

  2. Pairwise key establishment with guarantee • Problems of basic key pre-distribution and Chan’s improvement • The key establishment is not guaranteed • Tolerance to sensor compromise • Polynomial based key pre-distribution • Random subset assignment approach • Grid based key distribution

  3. Polynomial based key distribution • A bivariate t-degree polynomial f(x, y) is generated • It has the property of f(x, y) = f(y, x) • For every sensor i, we can replace x with i and generate a new poly f(i, y) • When sensor i meets sensor j, node i can calculate f(i, j), node j can calculate f(j, i); • The two keys are the same

  4. Overhead • Every sensor needs to store a t-degree poly • Evaluation of the polynomial • Robustness • Need at least t+1 nodes to figure out a poly • Problem • Want to further reduce overhead • Improvement • Using a group of polynomials

  5. Polynomial pool based key pre-distribution • We generate a pool of bivariate polynomials • When we have only one poly, it returns to the previous method • When all poly are 0-degree, it returns to the basic approach • Each sensor gets a subset of polys • Direct key establishment • Path key establishment

  6. Random subset assignment – approach 1 • Every sensor gets a random set of polys • Analysis of key sharing • Directly b/w two sensors • Through one hop neighbors • Similar to the basic approach • Then what is the advantage of using poly to replace a key • ?

  7. Grid based key pre-distribution • Guaranteed key establishment • Improved resilience to sensor compromise • “Zero” interaction to figure out the key – except the node identity

  8. We have n sensors, n < m * m • Every sensor can be mapped to a unique point in the m*m matrix • Generate 2m polynomial, one for each row and one for each column • For a sensor at position (i, j), the corresponding row and column polys will be given to the node

  9. Any two sensors in the same row or column will share a poly – they can derive the key • If the two sensors are not in the same row or column • Locate the node that can establish keys with both nodes

  10. Advantages • Storage overhead: every node only stores two polys • A sensor can directly figure out can it establish a key to the other sensor

  11. Key pre-distribution based on Blom’s scheme • Improve resilience to sensor compromise • Authentication between sensor pair

  12. Blom’s key pre-distribution • Generate a (λ+1) * N matrix G, N is the size of the network, λ is the threshold of tolerance. The matrix is public • Generate a (λ+1) * (λ+1) symmetric matrix D and keep it as secret • A = (D * G)^T, A is a N * (λ+1) matrix • Since D is symmetric, we have A*G = (A*G)^T, so A*G is a symmetric matrix

  13. If we let K = A*G, then Kij = Kji • See example of the calculation • Every node i will have ith row of A and ith column of G • When node i and j meet, they exchange the columns of G and calculate Kij and Kji

  14. Blom’s scheme guarantees that any two sensors can find a key. But we do not need such dense keys • If we generate multiple Blom’s matrices, each can be viewed as a key space

  15. Approach • Generate one matrix G • Generate w matrix D1, D2, ---, Dw, we can calculate A1=(D1 * G)^T, A2=(D2 * G)^T, ---, Aw=(Dw * G)^T. • Every node will select t key spaces and get corresponding information from the matrices. • If two sensors have the same key space, they can generate a key.

  16. Analysis of key space sharing • Similar to the basic mechanisms • What is the probability that a key space is compromised? • Need at least (λ+1) sensors holding this key space • When x nodes are broken, the probability that j of them know the key space is:

  17. When the key space is not compromised, pairwise keys can be used to authenticate

More Related