1 / 41

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks. Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International Conference on 報告者:林昌宏. Outline. Introduction Security In Wireless Sensor Networks State Of The Art Encryption Algorithms

eliana-middleton
Download Presentation

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International Conference on 報告者:林昌宏

  2. Outline • Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  3. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  4. Introduction • Security is an important issue when designing network or protocol, but taking into account the specificity of WSN, it haven’t given the necessary attention to security. • The problem of security is regarding • the limitation of sensors • the deployed environment • small memory • weak processor • limited battery power of sensor nodes

  5. Introduction(cont.) • The proposed schemes in literature aren’t secure.  using some simplified techniques, like symmetric encryption, to ensure all security services. • The author proposes an implementation of a combination of symmetric and asymmetric encryption.

  6. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  7. Security In Wireless Sensor Networks • Security services • Confidentiality • Integrity • Authentication • Public key cryptography

  8. Confidentiality • Ensuring that the exchanged data is kept secret from any unauthorized entities over the network. • Considering the consumption of devices resources, symmetric encryption is more efficient. • It must also protect information from long term eavesdropping by using periodic key update.

  9. Integrity • The message should be un-altered during its transmission from a source to destination by any intermediate sensor or malicious node. • MAC(Message Authentication Code) • Digital signatures

  10. Authentication • The process of identification that a receiving entity is sure that the message comes from a legitimate source. • using Public Key Infrastructure. • In WSN, however, it is usually done by pre-distributing some bootstrapping information used after to authenticate sensors by the base station.

  11. Public key cryptography • It uses two keys, public key and private key, to do encryption and decryption. • Public key:publicly known by each entity. • Private key:kept secret by it holder. • However, PKI is omitted from the use in WSN, because of its great consumption of energy and bandwidth which are very crucial in sensor network.

  12. Public key cryptography(cont.) • Elliptic Curve Cryptography (ECC), is the most one of new cryptographic algorithms. • Having more energy efficient for sensors. • Giving the same threshold of security as the conventional algorithms with much smaller key sizes to save more memory. • This paper presents a lightweight public key infrastructure for WSN called micro PKI.

  13. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  14. State Of The Art • Symmetric encryption based schemes • Shared key • Pre-distributed keys • Public key based schemes • Simplified Kerberos protocol

  15. Shared key • This solution is the simplest way for securing WSN. • It uses a single shared key to encrypt traffic over the network, and this key may be periodically updated to ensure more security against eavesdropping. • But it is vulnerable against capture attack which can compromise the shared key and then the whole network.

  16. Pre-distributed keys • An off-line dealer distributes a set of symmetric keys to sensors before their deployment. • A random key pre-distribution scheme for WSN in which sensor obtains a subset of symmetric keys from a large key pool. • After deployment, each sensor tries to find a shared key with each of its neighbors to secure the links with them. • Managing how to obtain the session key between sensors and the base station.

  17. Simplified Kerberos protocol • Setup a session key between each communicating pair of sensors by contacting a trusted third party (the base station). • There is a long term key shared between each node and the base station, and the base station generates the secret key for each pair of sensors.

  18. Simplified Kerberos protocol(cont.) • Disadvantage: • it is vulnerable against capture attacks to exposed sensor. • the handshaking is not energy saving. • it may consume lot of network resources if the base station is far from the pair of nodes.

  19. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  20. Encryption Algorithms • Elliptic Curve Cryptography • Message Authentication Codes

  21. Elliptic Curve Cryptography • The ECC algorithm can be classified as the one of the most efficient asymmetric algorithms regarding its energy cost and its encryption speed.

  22. Message Authentication Codes • MACs is the common solution to ensure integrity and authentication of messages in conventional networks. • A MAC can be viewed as hash function applied on data packets, and is encrypted by the session key. • A receiver sharing the same session key can verifies the integrity of the message by computing MAC value and comparing it with the received one.

  23. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  24. Micro PKI For WSN • Micro PKI is a lightweight implementation of PKI for WSN since it only implements a subset of a conventional PKI services. • Network Architecture • Micro PKI System Bootstrapping • Base Station To Sensor Nodes Handshake • Sensor To Sensor Handshake • Micro PKI Functioning • Micro PKI Key Update • Joining The Network

  25. Network Architecture • The base station have more computational and energy power compared to sensors. • The base station has a pair of keys(private and public key). • Each sensor is capable to use symmetric and asymmetric encryption. • Each sensor has the capacity to save at least the public key of the base station and a session key used for data encryption. • Each sensor node gets the public key of the base station before deployment from an off-line dealer.

  26. Micro PKI System Bootstrapping • Before the deployment of the WSN, an off-line dealer distributes the public key of the base station to each sensors in the network. • This public key is used after in the handshake between the base station and sensors to encrypt the symmetric session key.

  27. Base Station To Sensor Nodes Handshake • Sensor generates a random session key, encrypts it with the public key of the base station, and then sends the message embedded the encrypted key to the base station. • The base station decrypts this message using its private key and saves the session key in a global table which has all session keys corresponding to each sensor in the network. • The base station encrypts an OK message using the established session key, and sends to sensor to ensure that the session key setup is successful.

  28. Base Station To Sensor Nodes Handshake(cont.) • Micro PKI handshake ensures a great level of security, since it uses both symmetric and asymmetric encryption to secure the session key. • After the establishment of the session key, the sensor and the base station begin to use it for data encryption until the next key update.

  29. Sensor To Sensor Handshake • After the establishment of the base station to sensor nodes, sensors can establish a secure tunnel between them for any purpose. • One of the two sensors sends a request which contains the identifier of the corresponding sensors to the base station. • The base station generates a random key for this propose, and saves the pairs of sensors’ identifier and corresponding session key in the global table.

  30. Sensor To Sensor Handshake(cont.) • The base station encrypts the requested session key by using the corresponding key between the base station and the sensor. • When receiving the new session key by sensors, they begin to use it to secure the data transmission between themselves.

  31. Micro PKI Functioning • In order to guaranty the integrity and the authenticity of the exchanged between each communicating parties, a MAC encrypted by session key is embedded to the packet. • By verifying the joined MAC, if the verification fails, this means that there may have an attacker which has altered this packet. • Using a mechanism like multi-path routing to avoid this attacker, otherwise the base station use any mechanism to detect and exclude this attacker from the network, if it exists.

  32. Micro PKI Key Update • A key update tries to prevent long term attack aiming to extract the encrypting keys by analyzing the encrypted traffic over the network for long time. • In a WSN, an automatic key update must be defined, since a network can be deployed for many days or months. • The key update is initiated by the sensor node by launching new handshake, and the period time is relative to the key length and the complexity of the used algorithm.

  33. Joining The Network • If a new node wants to join the network, the administrator must load the public key of the base station into this node. • After getting the public key, the new sensor can automatically launch a handshake and join the network.

  34. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  35. Analysis • Security services • Scalability • Confidentiality • Authentication • Integrity • Energy cost analysis of micro PKI

  36. Security services • Scalability Micro PKI manages the increasing number of sensor nodes by new handshake and a new entry is created in the global table of the base station to manage connection. • Confidentiality The use of symmetric encryption to encrypt the exchange data between the base station and sensors, and using periodic key update to prevent long term attacks.

  37. Security services(cont.) • Authentication By pre-installing the public key of base station in each deployed sensor, the authenticity of the base station can be authenticated by sensors. • Integrity Computing and joining MAC to each packet between the base station and any sensor over the network as well as between sensors.

  38. Energy cost analysis of micro PKI

  39. Introduction • Security In Wireless Sensor Networks • State Of The Art • Encryption Algorithms • Micro PKI For WSN • Analysis • Conclusion

  40. Conclusion • Micro PKI implement a combination of symmetric and asymmetric encryption which tries to solve the problem of security in WSN. • By the use of public key cryptography as a tool, it ensures the authenticity of the base station. • Micro PKI is composed of two phases • Sensor to base station handshake • Sensor to sensor handshake

  41. Conclusion(cont.) • Ensuring the confidentiality and integrity of the exchanged data using the MAC joined to each packet. • For more security, a periodic key update is defined for the session key • Micro PKI is energy efficient and gives a considerable threshold of security.

More Related