150 likes | 291 Views
A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks. Wensheng Zhang, Minh Tran, Sencun Zhu and Guohong Cao MobiHoc’07, Canada September 14, 2007. Key pairwise scheme requirements. Save scarce resources. Direct key establishment. High connectivity.
E N D
A Random Perturbation-Based Scheme for Pairwise KeyEstablishment in Sensor Networks Wensheng Zhang, Minh Tran, Sencun Zhu and Guohong Cao MobiHoc’07, Canada September 14, 2007
Key pairwise scheme requirements • Save scarce resources. • Direct key establishment. • High connectivity. • Resilience for a large number of nodes compromised. • Efficient to dynamic network (add nodes). Related Work
Contribution • New PKE scheme for WSN depends on Blundo scheme. • Adding random noise on key. • Increase the security resilience.(>>t compromised nodes in B. scheme )
A Polynomial-Based Key Predistribution Scheme Off-line phase: the authority randomly picks a t-degree symmetric, bivariate polynomial: For the node of id u, the preloaded share is Online phase: Any two nodes u and v, u compute the key shared with node v by evaluating f(u, y) at y = v. Also, Node v can compute f(v, u) in the similar way. Due to symmetric property f(u, v)=f(v,u).
Notations • q, l: q is a prime number (q > 2), and l is the minimal integer such that 2l > q. Thus, every element in field Fq can be represented by l bits. • S: a set of legitimate IDs . • r: a positive integer such that 2r < q. • Φ: a set of perturbation polynomials . • f(x, y): a symmetric polynomial. • gu(y) (u ∈ S): a t-degree univariate polynomial that is preloaded to node (with id u) before it is deployed.
Basic Idea of The RPB Scheme • Add noise to shared f (u,y) and f (v,y). • The noise not affect the shared f (x,y) totally. • Even if the attacker compromised t node, he cannot recover the coefficient of f (x,y). • See the following Fig.
Ku,v=Kv,u Ku,v=-Kv,u Ku,v=+Kv,u
RPB scheme • Initialization(offline) • The authority generate , where l-r bit can be use. • To increase the security: Pairwise K length= • Upload each node with:
Pairwise Key Generation • The pairwise key will generate from shared polynomial Step 1: Node u evaluates gu(y) at y = v, and represents the evaluation result in l binary bits. Step 2: It uses the most significant l − r bits of gu(y), denoted as Ku,v, as the key. Step 3: Node u sends h(Ku,v) to node v Extension: The pairwise key will generate from multi shared polynomials Step 1 reputed for m times where And the pairwise key shared with v is But node u will send hash value to v, which is
Pairwise Key Generation Con't • Pairwise key operation on v node. • Due to RPB su,i has 3 values -su,i, su,i, +su,i ,therefore Ku,v with m (su,i) need to 3m evaluations. • Example: • For each Ku,v= To find out Ku,v, node v computes H(Kv,u,i) for each i ∈{0, · · · , 8}, 9 Hashing
Constructing S and Φ • The algorithm generate perturbation polynomial Qi(y) and the set of IDs to WSN. • The algorithm stops when the Si,k<N (N is the dedicated WSN size). • Algorithm complexity for finding out a perturbation polynomial is O(2l) evaluations of t-degree polynomials. S1 S1,0 S3 0 . . . . . . . q-1 Sn Q’n(y) Q’3(y) S1,w-1 Q’1(y) S2,0 S2,1 Groups Si divided according to l-r bits in the ID, so w=2l-r Q’2(y) S2,w-1 S2
Security Analysis • Breaking • An adversary must compromise all the polynomials m in order to break down the system. • If Adv. compromises a node (i.e. get ) Unknown Unknown
Analysis Con’t Comment :But the evaluation to get pairwise key =38=6561 hashing (very hard if not possible in WSN )
Experiment Storage: RAM and ROM in MICA2 are 4KB and 128KB, the space requirements of about 0.33KB RAM and about 15KB ROM are affordable.