440 likes | 443 Views
Pairwise Key Establishment for Large-Scale Sensor Networks : from Identifier-based to Location-based. Source: Infoscale '06. Proceedings of the First International Conference on Scalable Information Systems Authors: Chanjun Yang, Jianming Zhou, Wensheng Zhang, Johnny Wong
E N D
Pairwise Key Establishment for Large-Scale Sensor Networks:from Identifier-based to Location-based Source: Infoscale '06. Proceedings of the First International Conference on Scalable Information Systems Authors: Chanjun Yang, Jianming Zhou, Wensheng Zhang, Johnny Wong Speaker: Ching-Yao Wang (Tien-Ruey Hsiang) Institute: CSIE NTUST
Outline • Motivations • Problem Definitions • States of the Art • Related Work • Group-to-Group Scheme • Analysis and Simulation • Conclusion
Motivations • Security is important in some scenarios • Limitations of sensor networks • Low-power • Limited resource • energy、memory 、 computational speed and bandwidth • Existing schemes for large-scale are unsuitable
Problem Definitions • Reduce the overhead in large-scale sensor networks, such as communication traffic • grouping • Selection a head of a group • Need to provide security communication between two node • pairwise key • Combine with the aforementioned problems called Group-to-Group(G2G) pairwise key establishment
States of the Art • In 1993 • C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M.YungPerfectly-Secure Key Distribution for Dynamic Conferences • In 2003 • D. Liu and P. NingEstablishing Pairwise Keys in Distributed Sensor Networks • In 2005 • M. Pirretti, S. Zhu, V. Narayanan, P. McDaniel, M. Kandemir, and R.BrooksThe Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense
Existing Schemes • Pairwise key establishment based on a key server • Pairwise Key Establishment without Knowing ids • Pairwise Key Establishment with the Knowledge of ids • Location-aware Pairwise Key Establishment • Group Key Management
Pairwise key establishment based on a key server • The scheme uses the online base station to establish a pairwise key between two nodes • Difference: • G2G only needs a offline bootstrap server to initialize and deploy nodes. After that, the bootstrap server will not be used
Pairwise Key Establishment without Knowing ids • The scheme enables two parties to set up a pairwise key only when they are within each other’s communication range • Difference: • G2G allows two node to establish a pairwise key provided they know each other’s rough location (the cell it belongs to) regardless of their distance
Pairwise Key Establishment with the Knowledge of ids • The scheme is exclusively known to a pair of nodes with overwhelming probability, based on the combination of probabilistic key sharing and threshold secret sharing • Difference: • G2G doesn’t require communication partners know each other’s id
Location-aware Pairwise Key Establishment • Location information is used to help sensor nodes establish pairwise key • Difference: • G2G only knows the rough location
Group Key Management • The scheme is based on information predistribution and local collaboration. • It assumes that all nodes are innocent within a short time period after deployment • Difference: • G2G is for pairwise key establishment and it doesn’t have the assumption
System Model • N static nodes • R × C cells • Cell is labeled by <r,c> where and • Node ID: • Group ID:
Blundo’s Polynomial-based Key Predistribution Scheme • The bootstrap server picks a t-degree symmetric bivariate polynomial • The server assigns a unique id u to each node and preloads the following share to u:
Blundo’s Polynomial-based Key Predistribution Scheme • Two nodes u and v: • node u computes the share key with node v : • node v computes the share key with node u : • Because f(x , y) is symmetric • u and v can compute the same key for communication
Basic Idea of The G2G Pairwise Key Establishment • Combine secret predistribution and local collaboration • Based on a three-variable polynomialand where z is a version number
Basic Idea of The G2G Pairwise Key Establishment • Every certain time interval, nodes in the same group collaborate again to elect a new head, and the new group head computes a new polynomial for generating G2G pairwise keys.
G2G Scheme • Three steps: • System initialization • Generating polynomial for key establishment • G2G pairwise key generation
G2G Scheme- System Initialization • The server randomly generates a 3-variable polynomial: • The server assigns to each node a unique id • For each node u, the server computes and preloads to it a share of f(u,y,z) • In this step, version number z =0
G2G Scheme- Generating Polynomial for Key Establishment • Setp1.Node localization and grouping • After a node is deployed, it may use some localization mechanism to find out its location. • A node will know which group it belongs to. • Ex. node location (10,120) and cell length is 50 the group it belongs to is • The group id is • Using the group id to fix the polynomial
G2G Scheme- Generating Polynomial for Key Establishment • Setp2.Group head election • Random vote cluster head selection • Round robin cluster head selection • Head-based cluster head selection
G2G Scheme- Generating Polynomial for Key Establishment • Setp3.Collecting shares to cell head • After the head is determined, each node sends its share f (u,g,V) to its group head • Conceal the location of a group head • Using broadcast to send node’s share
G2G Scheme- Generating Polynomial for Key Establishment • Setp4.Computing the share for key establishment • After the group head has collected t+1 shares from trusted group members, the head constructs a t-degree polynomial: • The constructed polynomial f(g,y,V) can be used for computing a pairwise key shared with any other group.
G2G Scheme-Example • Given t=1 and s=1 • Server randomly generates a 3-variable polynomial:
G2G Scheme-Example (Cont.) • Server assigns to each node a unique id: • Server preload node’s share :
G2G Scheme-Example (Cont.) • Generating Polynomial for Key Establishment Step:
G2G Scheme-Example (Cont.) • Round 1: Assume the head of is and the head of is The head constructs a t-degree polynomial:
G2G Scheme-Example (Cont.) • ex. sends message to There are 6 sub-steps:
G2G Scheme-Example (Cont.) • Round 2: Assume the head of is and the head of is
G2G Scheme-Example (Cont.) • ex. sends message to There are 6 sub-steps:
Analysis • Security analysis • Phase 1. Before localization • Phase 2. Polynomial shares are not constructed • Phase 3. Polynomial shares are constructed • Selection of group size • Basic model • Cell Expansion Model
Analysis- Security Analysis • In phase 1, polynomial f (x,y,z) is compromised as long as t+1 or more nodes are compromised • In phase 2, compared to phase 1, the keying material stored in each node is reduced significantly, which increases the security level of our scheme.
Analysis- Security Analysis • In phase 3, each group has elected a head and the head has constructed share f (x,g,0) • If the head is captured, the attacker only has the current key. Because the group members will elect a new head after a period of time. • Furthermore, the attacker doesn’t know the location of the head. It is very hard for the attacker to compromise only heads.
Analysis- Selection of Group Size • Basic model • Assume that a node fails following a Poisson process • the failure rate is • the probability that a node fails before time t is • the compromising rate is • the probability that a node is compromised before time t is
Analysis- Selection of Group Size • Basic model • Assume that a node fails following a Poisson process • the probability that a node is not compromised or failed before t is
Analysis- Selection of Group Size • Basic model
Analysis- Selection of Group Size • Cell Expansion Model • In basic model, we assume every node join in exactly one group. • The extension • Every node can be in multiple groups and grids will overlap after expansion • Each group area will expand when its number of secure member nodes are less than t+1
Analysis- Selection of Group Size • Each edge of cell can be extended r unit size
Simulation • Relationship between group size and communication cost
Simulation • Comparison of basic vs. expansion model
Simulation • Relationship between expansion distance and communication cost
Simulation • Relationship between polynomial degree and expansion distance
Conclusion • By choosing the parameters appropriately, a desired security level can be achieved without incurring high overhead • Group size • Polynomial degree • Sensor nodes without requiring the communicating partners know each other’ id. Sensor nodes only know the receiver’s location (group id).