1 / 44

Outline

Pairwise Key Establishment for Large-Scale Sensor Networks : from Identifier-based to Location-based. Source: Infoscale '06. Proceedings of the First International Conference on Scalable Information Systems Authors: Chanjun Yang, Jianming Zhou, Wensheng Zhang, Johnny Wong

nzavala
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pairwise Key Establishment for Large-Scale Sensor Networks:from Identifier-based to Location-based Source: Infoscale '06. Proceedings of the First International Conference on Scalable Information Systems Authors: Chanjun Yang, Jianming Zhou, Wensheng Zhang, Johnny Wong Speaker: Ching-Yao Wang (Tien-Ruey Hsiang) Institute: CSIE NTUST

  2. Outline • Motivations • Problem Definitions • States of the Art • Related Work • Group-to-Group Scheme • Analysis and Simulation • Conclusion

  3. Motivations • Security is important in some scenarios • Limitations of sensor networks • Low-power • Limited resource • energy、memory 、 computational speed and bandwidth • Existing schemes for large-scale are unsuitable

  4. Problem Definitions • Reduce the overhead in large-scale sensor networks, such as communication traffic • grouping • Selection a head of a group • Need to provide security communication between two node • pairwise key • Combine with the aforementioned problems called Group-to-Group(G2G) pairwise key establishment

  5. States of the Art • In 1993 • C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M.YungPerfectly-Secure Key Distribution for Dynamic Conferences • In 2003 • D. Liu and P. NingEstablishing Pairwise Keys in Distributed Sensor Networks • In 2005 • M. Pirretti, S. Zhu, V. Narayanan, P. McDaniel, M. Kandemir, and R.BrooksThe Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense

  6. Existing Schemes • Pairwise key establishment based on a key server • Pairwise Key Establishment without Knowing ids • Pairwise Key Establishment with the Knowledge of ids • Location-aware Pairwise Key Establishment • Group Key Management

  7. Pairwise key establishment based on a key server • The scheme uses the online base station to establish a pairwise key between two nodes • Difference: • G2G only needs a offline bootstrap server to initialize and deploy nodes. After that, the bootstrap server will not be used

  8. Pairwise Key Establishment without Knowing ids • The scheme enables two parties to set up a pairwise key only when they are within each other’s communication range • Difference: • G2G allows two node to establish a pairwise key provided they know each other’s rough location (the cell it belongs to) regardless of their distance

  9. Pairwise Key Establishment with the Knowledge of ids • The scheme is exclusively known to a pair of nodes with overwhelming probability, based on the combination of probabilistic key sharing and threshold secret sharing • Difference: • G2G doesn’t require communication partners know each other’s id

  10. Location-aware Pairwise Key Establishment • Location information is used to help sensor nodes establish pairwise key • Difference: • G2G only knows the rough location

  11. Group Key Management • The scheme is based on information predistribution and local collaboration. • It assumes that all nodes are innocent within a short time period after deployment • Difference: • G2G is for pairwise key establishment and it doesn’t have the assumption

  12. System Model • N static nodes • R × C cells • Cell is labeled by <r,c> where and • Node ID: • Group ID:

  13. Example

  14. Blundo’s Polynomial-based Key Predistribution Scheme • The bootstrap server picks a t-degree symmetric bivariate polynomial • The server assigns a unique id u to each node and preloads the following share to u:

  15. Blundo’s Polynomial-based Key Predistribution Scheme • Two nodes u and v: • node u computes the share key with node v : • node v computes the share key with node u : • Because f(x , y) is symmetric • u and v can compute the same key for communication

  16. Basic Idea of The G2G Pairwise Key Establishment • Combine secret predistribution and local collaboration • Based on a three-variable polynomialand where z is a version number

  17. Basic Idea of The G2G Pairwise Key Establishment • Every certain time interval, nodes in the same group collaborate again to elect a new head, and the new group head computes a new polynomial for generating G2G pairwise keys.

  18. G2G Scheme • Three steps: • System initialization • Generating polynomial for key establishment • G2G pairwise key generation

  19. G2G Scheme- System Initialization • The server randomly generates a 3-variable polynomial: • The server assigns to each node a unique id • For each node u, the server computes and preloads to it a share of f(u,y,z) • In this step, version number z =0

  20. G2G Scheme- Generating Polynomial for Key Establishment • Setp1.Node localization and grouping • After a node is deployed, it may use some localization mechanism to find out its location. • A node will know which group it belongs to. • Ex. node location (10,120) and cell length is 50 the group it belongs to is • The group id is • Using the group id to fix the polynomial

  21. G2G Scheme- Generating Polynomial for Key Establishment • Setp2.Group head election • Random vote cluster head selection • Round robin cluster head selection • Head-based cluster head selection

  22. G2G Scheme- Generating Polynomial for Key Establishment • Setp3.Collecting shares to cell head • After the head is determined, each node sends its share f (u,g,V) to its group head • Conceal the location of a group head • Using broadcast to send node’s share

  23. G2G Scheme- Generating Polynomial for Key Establishment • Setp4.Computing the share for key establishment • After the group head has collected t+1 shares from trusted group members, the head constructs a t-degree polynomial: • The constructed polynomial f(g,y,V) can be used for computing a pairwise key shared with any other group.

  24. G2G Scheme- G2G Pairwise Key Generation

  25. G2G Scheme-Example • Given t=1 and s=1 • Server randomly generates a 3-variable polynomial:

  26. G2G Scheme-Example (Cont.) • Server assigns to each node a unique id: • Server preload node’s share :

  27. G2G Scheme-Example (Cont.) • Generating Polynomial for Key Establishment Step:

  28. G2G Scheme-Example (Cont.) • Round 1: Assume the head of is and the head of is The head constructs a t-degree polynomial:

  29. G2G Scheme-Example (Cont.) • ex. sends message to There are 6 sub-steps:

  30. G2G Scheme-Example (Cont.) • Round 2: Assume the head of is and the head of is

  31. G2G Scheme-Example (Cont.) • ex. sends message to There are 6 sub-steps:

  32. Analysis • Security analysis • Phase 1. Before localization • Phase 2. Polynomial shares are not constructed • Phase 3. Polynomial shares are constructed • Selection of group size • Basic model • Cell Expansion Model

  33. Analysis- Security Analysis • In phase 1, polynomial f (x,y,z) is compromised as long as t+1 or more nodes are compromised • In phase 2, compared to phase 1, the keying material stored in each node is reduced significantly, which increases the security level of our scheme.

  34. Analysis- Security Analysis • In phase 3, each group has elected a head and the head has constructed share f (x,g,0) • If the head is captured, the attacker only has the current key. Because the group members will elect a new head after a period of time. • Furthermore, the attacker doesn’t know the location of the head. It is very hard for the attacker to compromise only heads.

  35. Analysis- Selection of Group Size • Basic model • Assume that a node fails following a Poisson process • the failure rate is • the probability that a node fails before time t is • the compromising rate is • the probability that a node is compromised before time t is

  36. Analysis- Selection of Group Size • Basic model • Assume that a node fails following a Poisson process • the probability that a node is not compromised or failed before t is

  37. Analysis- Selection of Group Size • Basic model

  38. Analysis- Selection of Group Size • Cell Expansion Model • In basic model, we assume every node join in exactly one group. • The extension • Every node can be in multiple groups and grids will overlap after expansion • Each group area will expand when its number of secure member nodes are less than t+1

  39. Analysis- Selection of Group Size • Each edge of cell can be extended r unit size

  40. Simulation • Relationship between group size and communication cost

  41. Simulation • Comparison of basic vs. expansion model

  42. Simulation • Relationship between expansion distance and communication cost

  43. Simulation • Relationship between polynomial degree and expansion distance

  44. Conclusion • By choosing the parameters appropriately, a desired security level can be achieved without incurring high overhead • Group size • Polynomial degree • Sensor nodes without requiring the communicating partners know each other’ id. Sensor nodes only know the receiver’s location (group id).

More Related