150 likes | 241 Views
Pair-wise path key establishment in wireless sensor networks. Authors: Jang-Ping Sheu and Jui-Che Cheng Sources: Computer Communications, 2007, article in press. Reporter: Chun-Ta Li ( 李俊達 ). Outline. Motivation Pair-wise path key establishment protocol Comments. 2. 2. Motivation.
E N D
Pair-wise path key establishment in wireless sensor networks Authors:Jang-Ping Sheu and Jui-Che Cheng Sources: Computer Communications, 2007, article in press. Reporter: Chun-Ta Li (李俊達)
Outline • Motivation • Pair-wise path key establishment protocol • Comments 2 2
Motivation • Pair-wise key establishment using multiple node-disjoint paths • Weakness of single communication path • A node is compromised along the path • Byzantine attack (alter, inject, spoof, or sniff packets) • stop forwarding attack Compromised KS,D … I2 I1 S D Im intermediate nodes
Motivation (cont.) • An example of multi-path key establishment with the (3, 4) secret sharing scheme • Malicious node detection and identification procedure
(a,b) ∪ .N = G(x,y) (x,y)=(1,1) Pair-wise path key establishment protocol • Group-based key pre-distribution .g = a*b hexagonal grids .G(x,y): a group of sensors .c = N/g .G(x,y) includes sensors with IDs from c((x-1)b+y-1)+1 to c((x-1)b+y) Assume that each group has 100 sensor nodes, a=10, and b=5, the G(2,3) has sensor nodes with IDs from 701 to 800.
Pair-wise path key establishment protocol (cont.) • Establish a pair-wise key with neighbors ID, Group ID A B ID, Group ID KAB = KAB1∪KAB2 ∪ KAB3 1 EKA1(KAB1) EK1B(KAB1) 2 EKA2(KAB2) EK2B(KAB2) 3 EKA3(KAB3) EK3B(KAB3) assistance neighbors
Pair-wise path key establishment protocol (cont.) • End-to-end path key establishment (SD) hm hm A B C hm hm RREQ RREQ E F G D S hm hm h0 = x and hm=H(hm-1) H I J hm hm
Pair-wise path key establishment protocol (cont.) • End-to-end path key establishment (DS) A B C RREP RREP E F G D S H I J .The node IDs of the entire path are included in the RREP .Each intermediate node will record the next one-hop and next two-hop neighboring nodes in its routing table .Each intermediate node will check to see if it has a pair-wise key with its next two-hop node
Pair-wise path key establishment protocol (cont.) • Malicious node detection and identification procedure KSD = KSD1∪KSD2 ∪ KSD3 KSD1 KSD1 A B C KSD1 KSD1 KSD2 KSD2 KSD2 KSD2 E F G D S KSD3 KSD3 KSD3 KSD3 H I J KBC{KSD1, hm-1,MAChm-1{KSD1}} KSA{KSD1, hm-1, MAChm-1{KSD1}} KAC{KSD1, hm-1,MAChm-1{KSD1}} KSB{KSD1, hm-1,MAChm-1{KSD1}} KBD{KSD1, hm-1,MAChm-1{KSD1}} D A B C S KAB{KSD1, hm-1,MAChm-1{KSD1}} KCD{KSD1, hm-1,MAChm-1{KSD1}} KSB{KSD1, hm-1,MAChm-1{KSD1}} KBD{KSD1, hm-1,MAChm-1{KSD1}} KAC{KSD1, hm-1,MAChm-1{KSD1}}
Pair-wise path key establishment protocol (cont.) • Key disclosure request (ReqKey) odd path KEC{ReqKey} even path KEB{ReqKey} odd path KSA{hm-2} even path KSB{hm-2}
Comments • Compromised node attacks • conspiracy attacks • The pair-wise path key can be derived if there are t intermediate nodes in t different routes • without perfect forward secrecy • Impersonation attacks • Lack of mutual authentication between source and destination node • Lack of anonymity between source and destination node
Comments (cont.) G, P: a subgroup of elliptic curve group E(Fp) and its generator point P whose order is a large prime number q over E(Fp) • Deployment phase sink node 2 sensor Store credential ci = h(Ki||IDi||Ti||Li), IDi, Ti, and Li in sensor node 3 1 4 1. SensorSink node: (IDi,Ti,Li,M1) M1= cir1P 2. Sink nodeSensor: (M2,M3) M2= r2P , M3=h(IDs||r1P||M2||sk=r1r2P) Back-end system 3. SensorSink node: (M4) M4= h(IDi||IDs||sk=r1r2P)
Comments (cont.) • Credential update sink node 2 sensor 3 1 4 1. Sink nodeSensor: (ci’,Ki’,Ti’,Li’) sk New credential ci’ = h(Ki’||IDi||Ti’||Li’) Back-end system
Comments (cont.) • Intra-group communication 1. Sensor ASink node: (IDA,IDB,M1) M1= EskA[rxP] sink node 2. Sink nodeSensor A: (M2,M3) S M2= EskA[ryP] , M3=EK[IDS||IDA||IDB||rxP||TicketAB||TK||TL] A B K= rxryP , TicketAB=EskB[IDA||IDB||TK||TL] 3. Sensor ASink node: (MAC(K;ryP)) 4. Sensor ASensor B: (IDA,IDB,TicketAB,raP,MAC(TK;raP)) 5. Sensor BSensor A: (ETK[rbP], MAC(SKAB;rbP)) SKAB= rarbP 6. Sensor ASensor B: (MAC(SKAB;raP))
Comments (cont.) • Inter-group communication 1. Sensor ASink node: (IDA,IDB,M1=EskA[rxP]) 2. Sink nodeSensor A: (M2,M3) sink node M2= EskA[ryP] , M3=EK[IDS1||IDA||IDB||rxP||TicketAB||TK||TL] S1 K= rxryP , TicketAB=EPSK[IDA||IDB||TK||TL] A 3. Sensor ASink node: (MAC(K;ryP)) 4. Sensor ASensor B: (IDA,IDB,TicketAB,raP,MAC(TK;raP)) 5. Sensor BSink node: (IDB,TicketAB,M4=EskB[rx’P]) 6. Sink nodeSensor B: (M5,M6) S2 M5= EskB[ry’P] , M6=EK’[IDS1||IDS2||IDA||IDB||rx’P||TK||TL] 7. Sensor BSink node: (MAC(K’;ry’P)) B 8. Sensor BSensor A: (ETK[rbP], MAC(SKAB;rbP)) 9. Sensor ASensor B: (MAC(SKAB;raP))