Public Key Based Cryptoschemes for Data Concealment in Wireless

Sensor Networks

Einar Mykletun, Joao Girao, Dirk WesthoffIEEE ICC 2006 , 1-4244-0355-3/06

Citation: 73Presenter: 林顥桐Date: 2012/12/17

Outline

• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion

Introduction

• Data aggregation is untrusted between sensors and the sink

• Public-key based solutions provide a higher level of system security

• But not popular– Too costly for computationally weak devices– A faster depletion of the sensor’s energy

Introduction

• Contrast a set of candidate solutions and give recommendations for the selection of the preferred scheme

A Desirable Homomorphic Cryptoscheme

• Aggregation– Additively Homomorphic Encrytion which have the

property that Enc(m1) Enc(m1) = Enc(m1+ m2)⊕• Security– Can be proved on math– The compromise of sensor node should not assist in

revealing aggregated data– Key management should be simple– Chiphertext Expansion should be moderate– Probabilistic Encryption

A Desirable Homomorphic Cryptoscheme

• WSN Lifetime– Efficient Computations– Sending ciphertexts should not require the

transmission of large amounts of additional data– Electing aggregator nodes should not need to take

into account security parameters• The use of elliptic curve cryptoschemes

Outline

• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion

Public-Key Cryptoscheme Candidates

• Okamoto-Uchiyama(OU)– Based on the ablity of computing discrete logarithms– additive homomorphic: Enc(m1+m2) = Enc(m1) X Enc(m2)– Probabilistic encryption, and relating the computational complexity of

the encryption function to the size of the plaintext

L(x) = (x - 1)/p

p and q are random k-bit primes, n is approximately 1024 bits, k could be 341

Public-Key Cryptoscheme Candidates

• Benaloh– A probabilistic cryptoscheme whose encryption

cost is dependent on the size of the plaintextp, q are large primes

Public-Key Cryptoscheme Candidates

• Elliptic curve ElGamal encryption Scheme(EC-EG)– This is equivalent to the original ElGamal scheme, but

transformed to an additive group

E is an elliptic curve, p is a prime with 163bits, G is a generator

Public-Key Cryptoscheme Candidates

• Elliptic curve ElGamal encryption Scheme(EC-EG)– EC-EG is additively homomorphic and chipertexts are

combined through addition, i.e. map(m1 + m2) = map(m1) + map(m2)

– This mapping needs to be deterministic such that the same plaintext always maps to the same point

Outline

• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion

Applications

• Data Aggregation– The usage of additive encryption for calculating

the average and for movement detection• Long-term data storage– Data is kept in the nodes for later retrieval– The nodes have restricted storage capacity, it is

important to reduce the amount of values that are actually stored

Recommendation

• OU– Bigger ciphertext size

• EC-EG– Expensive mapping function during decryption, to

costly to revert

Conclusion

• The addition of ciphertexts– minimize bandwidth overhead– reduce the sensors’ energy consumption

• EC-EG, Benaloh, OU are better