A Review on the PKC-Based Security

waralligatorΚινητά – Ασύρματες Τεχνολογίες

21 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

89 εμφανίσεις

A Review on
t
he PKC
-
Based Security
Architecture for Wireless Sensor
Networks

Md.
Iftekhar

Salam

Cryptography and Network Security Lab

Dongseo

University,
Busan
, South Korea

2
nd

December 2010

1

Agenda


Problem Statement



Overview of PKC
-
Based Security Architecture



Security Loopholes in the PKC
-
Based Architecture



How to Improve the Architecture?



Conclusion

2

Problem Statement

3


Problems with WSN


Hostile environment


Communication medium


Resource limitation


Random topology




Fig. 1: A typical wireless sensor
network

(WSN)

PKC
-
Based Security Architecture


A security scheme for WSN with two separate but
interrelated parts


Key handshaking between sensor node and base station


Secure node to node communication



Properties of the generalized inverse matrix is used
for the key handshaking process



Base station is a trusted entity and can not be
compromised anyway


4

PKC
-
Based Security Architecture


5

Fig.
2:
Key handshaking between
sensor node and base station

Fig.
3:
Encryption and decryption of
message between two communicating
nodes in the network


Sensor node

computes the common
secret key by calculating
X
(
X
g
XY

) = XY



Base
station gets
the common key by
calculating
(
XYY
g
)Y = XY


Security Loopholes in the PKC
-
Based
Architecture



Same

shared

key

is

used

for

the

entire

lifetime

of

the

network

.

As

a

result,

secret

shared

key

of

the

sending

node

will

be

revealed

to

the

receiving

node

during

node

to

node

communication


S
elective node capture attack can severely threaten the
security of the entire network

6

Fig.
4: Key exchange for secure node to node communication


Security Loopholes in the PKC
-
Based
Architecture



Any arbitrary node can send a request to the
base station for the decryption key of any
particular node


Compromised node can request the shared key of
any arbitrary node



Receiving node needs to contact with the BS
for each successful communication


7

Enhanced Architecture

1.
Each node in the network will establish a secret key with the
BS

2.
Node will send the ids of neighbor nodes to the base station

3.
A CKG located at the BS will generate a random key for each
pair of neighboring nodes

1.
Pairwise

keys will then be send to the corresponding pair of nodes along
with the id of the node with which the
pairwise

key is shared

4.
The keys will be encrypted with the corresponding nodes secret
shared key

1.
Node will use these pair wise keys to communicate with the neighbor nodes

2.
S
ecret shared key between BS and node will be used for node to BS
communication


8

Enhanced Architecture


Let, N
1
, N
2
,…,
N
j

be the identity of the neighboring nodes of
node N
i
. Node N
i

will then send these identities of neighboring
nodes (N
1
,N
2
,…,
N
j
) to the base station (BS).



BS will generate
j

random
pairwise

keys for each neighboring
pair of node e.g. (N
i
,N
1
), (N
i
,N
2
),…,(
N
i
,N
j
)



The keys will be encrypted with the corresponding nodes secret
shared key and then send to the corresponding nodes



Each node in the network has a
pairwise

keys established with
its neighborhood nodes




9

Comparison

PKC Based Architecture

Enhanced
Architecture

Key

Usage

Single shared key is used for
the whole network

Pairwise

keys are used for node
to node communication

Resiliency

Susceptible to selective node
capture attack

Perfect

resiliency against node
capture attack

Communication
Overhead

Requires contacting with the BS
for each node to node
communication

Requires contacting with the BS
once to establish

a link key
between nodes

Memory
Requirement

Needs to store a single shared
key

Needs to store
j

number of
pairwse

keys where
j

is the
number of neighbouring nodes

10

Conclusion


PKC based security architecture for WSN is
reviewed


Susceptible to several attacks



An enhanced security architecture is
presented


Security is greatly improved in terms of resiliency


Evidently reduces the communication overhead


Requires additional memory compare to the original
scheme

11




Thank You

Q&A

12