Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks

1. Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks EinarMykletun, Joao Girao, Dirk Westhoff IEEE ICC 2006 , 1-4244-0355-3/06 Citation: 73 Presenter: 林顥桐 Date: 2012/12/17

2. Outline • Introduction • A Desirable HomomorphicCryptoscheme • Public-Key Cryptoscheme Candidates • Applications and Recommendation • Conclusion

3. Introduction • Data aggregation is untrusted between sensors and the sink • Public-key based solutions provide a higher level of system security • But not popular • Too costly for computationally weak devices • A faster depletion of the sensor’s energy

4. Introduction • Contrast a set of candidate solutions and give recommendations for the selection of the preferred scheme

5. A Desirable HomomorphicCryptoscheme • Aggregation • Additively HomomorphicEncrytion which have the property that Enc(m1) ⊕ Enc(m1) = Enc(m1+ m2) • Security • Can be proved on math • The compromise of sensor node should not assist in revealing aggregated data • Key management should be simple • Chiphertext Expansion should be moderate • Probabilistic Encryption

6. A Desirable HomomorphicCryptoscheme • WSN Lifetime • Efficient Computations • Sending ciphertexts should not require the transmission of large amounts of additional data • Electing aggregator nodes should not need to take into account security parameters • The use of elliptic curve cryptoschemes

7. Outline • Introduction • A Desirable HomomorphicCryptoscheme • Public-Key Cryptoscheme Candidates • Applications and Recommendation • Conclusion

8. Public-Key Cryptoscheme Candidates • Okamoto-Uchiyama(OU) • Based on the ablity of computing discrete logarithms • additive homomorphic: Enc(m1+m2) = Enc(m1) X Enc(m2) • Probabilistic encryption, and relating the computational complexity of the encryption function to the size of the plaintext p and q are random k-bit primes, n is approximately 1024 bits, k could be 341 L(x) = (x - 1)/p

9. Public-Key Cryptoscheme Candidates • Benaloh • A probabilistic cryptoscheme whose encryption cost is dependent on the size of the plaintext p, q are large primes

10. Public-Key Cryptoscheme Candidates • Elliptic curve ElGamal encryption Scheme(EC-EG) • This is equivalent to the original ElGamal scheme, but transformed to an additive group E is an elliptic curve, p is a prime with 163bits, G is a generator

11. Public-Key Cryptoscheme Candidates • Elliptic curve ElGamal encryption Scheme(EC-EG) • EC-EG is additively homomorphic and chipertexts are combined through addition, i.e. map(m1 + m2) = map(m1) + map(m2) • This mapping needs to be deterministic such that the same plaintext always maps to the same point

12. Outline • Introduction • A Desirable HomomorphicCryptoscheme • Public-Key Cryptoscheme Candidates • Applications and Recommendation • Conclusion

13. Applications • Data Aggregation • The usage of additive encryption for calculating the average and for movement detection • Long-term data storage • Data is kept in the nodes for later retrieval • The nodes have restricted storage capacity, it is important to reduce the amount of values that are actually stored

14. Recommendation • OU • Bigger ciphertext size • EC-EG • Expensive mapping function during decryption, to costly to revert

15. Conclusion • The addition of ciphertexts • minimize bandwidth overhead • reduce the sensors’ energy consumption • EC-EG, Benaloh, OU are better