130 likes | 215 Views
A secure and scalable rekeying mechanism for hierarchical wireless sensor networks. Authors: Song Guo, A-Ni Shen, and Minyi Guo Source: IEICE Transactions on Information and Systems, Vol.E93D, No.3, p.p.421-429, 2010. Presenter: Yung-Chih Lu ( 呂勇志 ) Date: 2010/12/02. Outline. Introduction
E N D
A secure and scalable rekeying mechanism for hierarchical wireless sensor networks Authors: Song Guo, A-Ni Shen, and Minyi Guo Source: IEICE Transactions on Information and Systems, Vol.E93D, No.3, p.p.421-429, 2010. Presenter: Yung-Chih Lu (呂勇志) Date: 2010/12/02
Outline • Introduction • Related Work • Basic Predistribution and Local Collaboration-Based Group Rekeying Scheme (B-PCGR) • Proposed Scheme • Security Analysis • Performance Evaluation • Conclusion • Comment
Introduction (1/2) • Goal • Rekeying • Against attack • Eavesdropping attack • Node capture attack • Forward secrecy • Backward secrecy • Saving resource • Computation cost • Communication cost • Storage Overhead
Introduction (2/2) • Wireless Sensor Networks Three-tier hierarchical WSNs Pure flat WSNs Cluster Head: High-End Sensor AP: Access Point Sensor Node: Low-End Sensor
Basic Predistribution and Local Collaboration-Based Group Rekeying Scheme (1/3) W. Zhang and G. Cao, IEEE INFOCOM, 2005. • Key pre-distribution phase • Sensor Node • Ex: g(x)=3x2+5x1+2 , x=0,1,2,… g(x) g(x) Base Station g(x) distribution :Sensor node g(x) g(x): a t-degree g-polynomial
Basic Predistribution and Local Collaboration-Based Group Rekeying Scheme (2/3) • Setup phase Step1: Generates Step2: Calculates Step3: Sends esi(x,Sj) to Sj Step4: Removes g(x) and esi(x,y) Ex: g(x) =3x2+5x1+2 , t=2 Step1: e(x,y) = x2y1+4y1+5 , t=2, u=1 Step2: e(x,1) = x2+9 g’(x) = 4x2+5x+11 Step3: e(x,2)=2x2+13 e(x,3)=3x2+17 Step4 g(x) g’(x) SI Step3 S2 Step3 S3 Secure Channel e(x,y): a bivariate (t,u)-degree e-polynomial si: theId of sensor node i S1: 1 S2: 2 S3: 3
Basic Predistribution and Local Collaboration-Based Group Rekeying Scheme (3/3) • Rekeying Phase • Sensor node • g’(x), x=0,1,2,… • esj(x,Si), j ≠i g’(x) SI e(x,2)=2x2+13 Step2 S2 Step1:e(0,2)=2x2+13 =13 e(0,3)=3x2+17 =17 Step2: S2sends (2,13) to S1 S3 sends (3,17) to S1 Step3: Toreconstruct the polynomial e(0,y)=5+4y Step4: computes g(0)=g’(0)-e(0,1) =11-9 =2 Step2 S3 e(x,3)=3x2+17 Secure Channel
Proposed Scheme (1/2) • Key pre-distribution phase • Cluster Head • Id • KBS,CHa • KCHa,Si • Sensor node • Id • KBS,Si • KCHa,Si K: a pair-wise key BS: Base Station
Proposed Scheme (2/2) • Group key establishment and rekeying CHa Si 1. Generates a Group key GKka 2. E(Rki, KCHa,Si) Generates a Rki E(gka(x), GKk-1a) GKka= gka(Rki) Ωa:a set of all compromised nodes detected in cluster-a k: k-th
Security Analysis Verification-Based Group Rekeying (VGR) nc:The average number of sensor nodes in a cluster ω: The number of compromised nodes in a cluster t,u: The degree of a polynomial Lkey: The number of bits of a key Lid: The number of bits of an id
Performance Evaluation nc:The average number of sensor nodes in a cluster ω: The number of compromised nodes in a cluster t,u: The degree of a polynomial Lkey: The number of bits of a key Lid: The number of bits of an id
Conclusion • Robustness to the node capture attack • Reactive rekeying capability to malicious nodes • Low communication and storage overhead
Comment • the degree of a polynomial ≧the number of sensor nodes in a cluster • Compare ECC with polynomial • IDS is a heavy burden for the cluster head. IDS: Intrusion Detection System ECC: Elliptic Curve Cryptography