Embed Size (px)
Citation preview
KAIST
A lightweight secure protocol A lightweight secure protocol for wireless sensor networksfor wireless sensor networks
윤주범
2007.12. 4
ELSEVIER
Mar. 2006
ContentsContents
Introduction
Security goals
Assumption
LCG-based security protocols
Performance analysis
Conclusions and future work
22A lightweight secure protocol for wireless sensor networks
Introduction (1/2)
Linear Congruential Generator (LCG)
One of the oldest and best-known pseudorandom number generator algorithms
Easy to understand, easily implemented and fast
Asymmetric cryptography
Not suitable in wireless sensor networks
Require expensive computations and long messages
Symmetric cryptography can be used in WSN
RC5, MD5, SHA1, …
The performance depends on the encryption primitives.
33A lightweight secure protocol for wireless sensor networks
Introduction (2/2)
In this paper
We propose a more lightweight block cipher that is suitable for WSN
Propose a lightweight block cipher based on LCG
Our proposed block cipher is more lightweight than RC5
Related work
All sequences generated by the LCG are predictable (by Knuth).
To use LCGs is dangerous, unless the sequence can be isolated from another generator. (Ritter[9])
44A lightweight secure protocol for wireless sensor networks
Security goals
Confidentiality
Achieved through encryption
Integrity
Detect tampering
Authenticity
Come from the intended sender
55A lightweight secure protocol for wireless sensor networks
Assumption
Existence of a key management scheme
Network-wide shared key among the nodesCompromise of any single node
Locally shared by a node and its neighborsOnly decrypt the messages from nodes in its own group
Setting up pairwise keys on the flyHow to set up pairwise keys on the fly is a non-trivial task
Assumption
There exists a key management subsystemThe assumption is reasonable
Based on the key pre-distribution protocol, each sensor node could share a secret key with other nodes
66A lightweight secure protocol for wireless sensor networks
LCG-based security protocols (1/4)
Why selecting LCG
Simplest, most efficient, well-studied PRNG
To protect the random sequencesEnough amount of sequences is not known to the attacker
Linear congruential generators
Generate random numbers for keys
Xn+1 = a Xn + b mod m, n = 0, 1, 2, …, (1)
Parameters of LCGX0, a, b, m
77A lightweight secure protocol for wireless sensor networks
LCG-based security protocols (2/4)
Predictability of LCGs
How many numbers are needed to infer the entire sequence?
Implement Plumstead’s inference algorithm[7] against LCG
Plumstead’s algorithm
88A lightweight secure protocol for wireless sensor networks
LCG-based security protocols (3/4)
Analysis of Plumstead’s algorithm
O(log2 m) in worst case
Empirical results of Plumstead’s algorithm
Prevent the adversary from retrieving five or more
99A lightweight secure protocol for wireless sensor networks
LCG-based security protocols (4/4)
Key selectionGoal
Hide all random numbers
Chosen-plaintext attack cannot be conducted
a, b, m – open
X0 – only shared secret
Our system relies on the LCG’s statistical randomness
For efficiency263 < a < 264 and 2127 < m < 2128
1010A lightweight secure protocol for wireless sensor networks
Basic hop by hop message Basic hop by hop message transmission (1/3)transmission (1/3)
Our secure data transmission schemeSecure data aggregation - example
1111A lightweight secure protocol for wireless sensor networks
Basic hop by hop message Basic hop by hop message transmission (2/3)transmission (2/3)
Message encryptionGoal of encryption
Prevent recovering all the random numbers
16 bytes in size
P + X1 mod 256
Permutation
DecryptionX1 -> C1,C2 -> p1,p2
1212A lightweight secure protocol for wireless sensor networks
Basic hop by hop message Basic hop by hop message transmission(3/3)transmission(3/3)
Security analysisConfidentiality
Not feasible to exhaustively search
Use a half of each byte in Bi collision difficult to recover Bi
Authenticity and IntegrityCipher Block Chaining - MAC
4-byte MAC (brute forcing take about 20 months in 19.2 kbs channel)
1313A lightweight secure protocol for wireless sensor networks
Performance analysis (1/2)Performance analysis (1/2)
Number of basic operations
aXn + b mod m (263 < a < 264 and 2127 < m < 2128)
Result
1414A lightweight secure protocol for wireless sensor networks
Ideal case
Don’t consider random number generation
8-bit Atmega
Performance analysis (2/2)Performance analysis (2/2)
1515A lightweight secure protocol for wireless sensor networks
ConclusionsConclusions
Lightweight block cipher
SecurityRandom noise
Random permutation
Secure protocol for WSNs
More efficient than RC5
Future workImplement our mechanisms on MICA2 sensor nodes
Integrate our protocol with other existing WSN applications
1616A lightweight secure protocol for wireless sensor networks
