S ns r N t Sensor Network Security rk S curit 3/2/2017 Sensor - - PowerPoint PPT Presentation

s ns r n t sensor network security rk s curit
SMART_READER_LITE
LIVE PREVIEW

S ns r N t Sensor Network Security rk S curit 3/2/2017 Sensor - - PowerPoint PPT Presentation

Jan 12, 2023 307 likes •446 views

3/2/2017 S ns r N t Sensor Network Security rk S curit 3/2/2017 Sensor Network Security (Simon S. Lam) 1 1 3/2/2017 R. Blom, An optimal class of symmetric key generation systems, R. Blom, An optimal class of symmetric key generation

slide-1
SLIDE 1

3/2/2017 1

S ns r N t rk S curit Sensor Network Security

3/2/2017 Sensor Network Security (Simon S. Lam) 1

slide-2
SLIDE 2

3/2/2017 2

  • R. Blom, “An optimal class of symmetric key generation systems,”
  • R. Blom, An optimal class of symmetric key generation systems,

Advances in Cryptology: Proceedings of EUROCRYPT 84, Lecture Notes in Computer Science, Springer-Verlag, 209:335–338, 1985.

Reference on application to sensor networks Wenliang Du, Jing Deng, Yunghsiang S. Han, and Pramod Varshney, ”A Pairwise Key Pre distribution Scheme for Wireless Sensor Networks ” Proceedings of the Key Pre-distribution Scheme for Wireless Sensor Networks, Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington DC, October 2003.

3/2/2017 Sensor Network Security (Simon S. Lam) 2

slide-3
SLIDE 3

3/2/2017 3

Motivation

 Ad hoc networks with no trusted infrastructure support Sensors have limited computation, storage, and energy resources

  • use symmetric key encryption
  • use symmetric key encryption

 Standard solutions to enable key agreement b t ti d i t i t y between computing devices are not appropriate

  • Public key algorithms
  • Trusted server

3/2/2017 Sensor Network Security (Simon S. Lam) 3

slide-4
SLIDE 4

3/2/2017 4

Pre-distribution of symmetric keys

Naïve solution – each node has the same master key master key

  • One node compromised => entire network

compromised mp m

 For a network of N nodes, each node is pre- installed with N-1 symmetric keys for all y y

  • ther nodes
  • Not scalable

3/2/2017 Sensor Network Security (Simon S. Lam) 4

slide-5
SLIDE 5

3/2/2017 5

Blom’s key pre-distribution scheme

λ-secure property When an adversary compromises less than or equal to λ nodes uncompromised nodes are equal to λ nodes, uncompromised nodes are perfectly secure. When an adversary compromises more than λ nodes, all pairwise keys of the entire network , p y are compromised

3/2/2017 Sensor Network Security (Simon S. Lam) 5

slide-6
SLIDE 6

3/2/2017 6

Pre-deployment phase

A trusted controller first constructs a (λ+1)xN matrix, G, over a finite field GF(q), where

N is the number of nodes

  • N is the number of nodes
  • G is public information
  • q is a prime number larger than 2n , where n is number of

bits in a key bits in a key

Then the controller

  • creates a random (λ+1)x(λ+1) symmetric matrix D over

GF( ) GF(q)

  • Matrix D is secret known only to the controller
  • The controller computes an Nx(λ+1) matrix

A= (D.G)T

where (D.G)T is the transpose of matrix D.G

3/2/2017 Sensor Network Security (Simon S. Lam) 6

slide-7
SLIDE 7

3/2/2017 7

Pre-deployment phase (2)

Because D is symmetric, we have A.G = (D.G)T.G = GT.DT.G = GT.D.G = GT.AT = (AG)T Thus, AG is a symmetric matrix to be denoted by K = AG , where Kij = Kji , for all 1≤ i, j ≤ N , which can be used as the pairwise key between p y nodes i and j

Comment: Since i and j share a private key encrypted

3/2/2017 Sensor Network Security (Simon S. Lam) 7

Comment: Since i and j share a private key, encrypted messages between them may be relayed by other nodes

slide-8
SLIDE 8

3/2/2017 8

Blom’s key pre-distribution

 The controller stores the kth row of matrix A in node k and the kth row of matrix A in node k, and the kth column of matrix G at node k  When nodes i and j need to communicate  When nodes i and j need to communicate confidentially,

  • they first exchange their columns of G (which is
  • they first exchange their columns of G (which is

public info) in plaintext

  • then i and j compute Kij and Kji , respectively,

i h d ’ i i f ( f A) d using each node’s private info (row of A) and received column of G

3/2/2017 Sensor Network Security (Simon S. Lam) 8

slide-9
SLIDE 9

3/2/2017 9

Blom’s scheme illustrated

private public Node i Node j

If any λ+1 columns of G are linearly independent, then the above scheme is λ-secure

3/2/2017 Sensor Network Security (Simon S. Lam) 9

slide-10
SLIDE 10

3/2/2017 10

An example of matrix G

Let each pairwise key be an element in the finite field GF(q), where q is the smallest prime f eld GF(q), where q s the smallest pr me number larger than 2n

  • for keys represented by n bits

Let s be a primitive element of GF(q) and q > N p q q

  • each nonzero element in GF(q) can be represented by

some power of s

i j f

i j

  • si ≠ sj for i ≠ j

3/2/2017 Sensor Network Security (Simon S. Lam) 10

slide-11
SLIDE 11

3/2/2017 11

An example of matrix G (cont.)

A Vandermonde matrix !  s, s2 …, sN are all distinct  any λ+1 columns of G are linearly independent  only the seed sk of the kth column is stored in node k

3/2/2017 Sensor Network Security (Simon S. Lam) 11

 only the seed s of the kth column is stored in node k

slide-12
SLIDE 12

3/2/2017 12

The End

3/2/2017 Sensor Network Security (Simon S. Lam) 12