Upload
saskia
View
27
Download
0
Embed Size (px)
DESCRIPTION
Pair-wise path key establishment in wireless sensor networks. Authors: Jang-Ping Sheu and Jui-Che Cheng Sources: Computer Communications, 2007, article in press. Reporter: Chun-Ta Li ( 李俊達 ). Outline. Motivation Pair-wise path key establishment protocol Comments. 2. 2. Motivation. - PowerPoint PPT Presentation
Citation preview
1
Pair-wise path key establishment in wireless sensor networks
Authors: Jang-Ping Sheu and Jui-Che ChengSources: Computer Communications, 2007, article in press.Reporter: Chun-Ta Li (李俊達 )
222
Outline Motivation Pair-wise path key establishment protocol Comments
3
Motivation Pair-wise key establishment using multiple
node-disjoint paths Weakness of single communication path
A node is compromised along the path Byzantine attack (alter, inject, spoof, or sniff packets) stop forwarding attack
S DI1 ImI2 …
intermediate nodes
KS,D
Compromised
4
Motivation (cont.) An example of multi-path key establishment with the
(3, 4) secret sharing scheme
Malicious node detection and identification procedure
5
Pair-wise path key establishment protocol Group-based key pre-distribution
. g = a*b hexagonal grids
. G(x,y): a group of sensors
. N = G(x,y)
∪(x,y)=(1,1)
(a,b)
Assume that each group has 100 sensor nodes, a=10, and b=5, the G(2,3) has sensor nodes with IDs from 701 to 800.
. c = N/g
. G(x,y) includes sensors with IDs from c((x-1)b+y-1)+1 to c((x-1)b+y)
6
Pair-wise path key establishment protocol (cont.) Establish a pair-wise key with neighbors
A B
ID, Group ID
ID, Group ID
1
2
3
assistance neighbors
EKA1(KAB1
)
EKA2(KAB2
)
EKA3(KAB3
)
EK1B(KAB1
)
EK2B(KAB2
)
EK3B(KAB3
)
KAB = KAB1K∪ AB2
K∪ AB3
7
Pair-wise path key establishment protocol (cont.) End-to-end path key establishment (SD)
S D
A B C
E F G
H I J
RREQ RREQ
h0 = x and hm=H(hm-1)
hm hm
hm hm
hm
hm
hm
hm
8
Pair-wise path key establishment protocol (cont.) End-to-end path key establishment (DS)
S D
A B C
E F G
H I J
RREP RREP
. The node IDs of the entire path are included in the RREP
. Each intermediate node will record the next one-hop and next two-hop neighboring nodes in its routing table
. Each intermediate node will check to see if it has a pair-wise key with its next two-hop node
9
Pair-wise path key establishment protocol (cont.) Malicious node detection and identification procedure
KSD1 KSD1
S D
A B C
E F G
H I J
KSD1
KSD2
KSD3
KSD2 KSD2
KSD3 KSD3
KSD1
KSD2
KSD3
KSD = KSD1K∪ SD2
K∪ SD3
S DA B C
KSA{KSD1, hm-1, MAChm-1{KSD1}}
KSB{KSD1, hm-1, MAChm-1{KSD1}}
KAB{KSD1, hm-1, MAChm-1{KSD1}}
KSB{KSD1, hm-1, MAChm-1{KSD1}}
KAC{KSD1, hm-1, MAChm-1{KSD1}}
KBC{KSD1, hm-1, MAChm-1{KSD1}}
KAC{KSD1, hm-1, MAChm-1{KSD1}}
KBD{KSD1, hm-1, MAChm-1{KSD1}}
KCD{KSD1, hm-1, MAChm-1{KSD1}}
KBD{KSD1, hm-1, MAChm-1{KSD1}}
10
Pair-wise path key establishment protocol (cont.) Key disclosure request (ReqKey)
odd path
even path KEB{ReqKey}
KEC{ReqKey}
odd path
even pathKSB{hm-2}
KSA{hm-2}
11
Comments Compromised node attacks
conspiracy attacks The pair-wise path key can be derived if there are t intermediate
nodes in t different routes without perfect forward secrecy
Impersonation attacks Lack of mutual authentication between source and
destination node Lack of anonymity between source and destination
node
12
Comments (cont.)
1
2
4
3
Back-end system
sensor
sink node
Store credential ci = h(Ki||IDi||Ti||Li), IDi, Ti, and Li in sensor node
1. Sensor Sink node: (IDi,Ti,Li,M1)M1= cir1P
2. Sink node Sensor: (M2,M3)M2= r2P , M3=h(IDs||r1P||M2||sk=r1r2P)
3. Sensor Sink node: (M4)M4= h(IDi||IDs||sk=r1r2P)
G, P: a subgroup of elliptic curve group E(Fp) and its generator point P whose order is a large prime number q over E(Fp)
Deployment phase
13
Comments (cont.) Credential update
1
2
4
3
Back-end system
sensor
sink node
1. Sink node Sensor: (ci’,Ki’,Ti’,Li’)
New credential ci’ = h(Ki’||IDi||Ti’||Li’)
sk
14
Comments (cont.) Intra-group communication
Ssink node
A B
1. Sensor A Sink node: (IDA,IDB,M1)
M1= EskA[rxP]
2. Sink node Sensor A: (M2,M3)
M2= EskA[ryP] , M3=EK[IDS||IDA||IDB||rxP||TicketAB||TK||TL]
K= rxryP , TicketAB=EskB[IDA||IDB||TK||TL]
4. Sensor A Sensor B: (IDA,IDB,TicketAB,raP,MAC(TK;raP))
3. Sensor A Sink node: (MAC(K;ryP))
5. Sensor B Sensor A: (ETK[rbP], MAC(SKAB;rbP))
6. Sensor A Sensor B: (MAC(SKAB;raP))
SKAB= rarbP
15
Comments (cont.) Inter-group communication
S1sink node
A
B
S2
1. Sensor A Sink node: (IDA,IDB,M1=EskA[rxP])
2. Sink node Sensor A: (M2,M3)
M2= EskA[ryP] , M3=EK[IDS1||IDA||IDB||rxP||TicketAB||TK||TL]
K= rxryP , TicketAB=EPSK[IDA||IDB||TK||TL]
3. Sensor A Sink node: (MAC(K;ryP))
4. Sensor A Sensor B: (IDA,IDB,TicketAB,raP,MAC(TK;raP))
5. Sensor B Sink node: (IDB,TicketAB,M4=EskB[rx’P])
6. Sink node Sensor B: (M5,M6)
M5= EskB[ry’P] , M6=EK’[IDS1||IDS2||IDA||IDB||rx’P||TK||TL]
7. Sensor B Sink node: (MAC(K’;ry’P))
8. Sensor B Sensor A: (ETK[rbP], MAC(SKAB;rbP))
9. Sensor A Sensor B: (MAC(SKAB;raP))