Date post: | 17-Dec-2015 |
Category: |
Documents |
Upload: | marybeth-bryan |
View: | 214 times |
Download: | 1 times |
LOGO
Multi-user Broadcast Authentication in Wire-
less Sensor Networks
ICU 20082065Myunghan Yoo
Contents
IntroductionPreliminariesThe Proposed Scheme
CAS DAS BAS HAS
Performance AnalysisConclusionsDiscussion
2 / 27
Introduction
In Wireless Sensor Networks, broadcast/multicast from not only sink, but also a sensor node becomes crucial func-tion Authentication of them is highly important
Several symmetric key cryptography based μTESLA-like schemes have been proposed
3 / 27
Introduction
Weak points of μTESLA-like schemes All the receivers have to buffer all the mes-
sages within one time interval Wormhole attacks
• Caused by forged message, due to delay of the disclosed keys
Arbitrary flooding in current time interval• Nodes should buffer• Transmission is expensive• Denial-of-Service attacks
4 / 27
Introduction
Solutions
TIK protocol
• Require a heavy burden of memory
Public key cryptography based
• No longer impractical primitive
5 / 27
Preliminaries
The Bloom Filter
Hashing input value k times• If all bits are 1, true member• Otherwise, discard
False positive probability
Initial Configuration
Verification
6 / 27
Preliminaries
The Merkle hash tree
7 / 27
CAS
The Certificate-Based Authentication Scheme
Drawbacks Communication overhead
• Including Certification
Computation overhead• Two signature verification
M: Message, tt: time-stamp, SIG{}: signature, UID: user’s ID, SK: Secret key, PK: public key, CertUID: user’s certificate, ExpT: expiration time, and h():hashed value
8 / 27
DAS
The Direct Storage Based Authentication Scheme
Instead of certificate, list is used User’s ID & public key
Scalability problem
9 / 27
BAS
The Bloom Filter Based Authentication Scheme
System Preparation Sink construct
Bloom filter & counting Bloom filter
10 / 27
BAS
11 / 27
BAS
Message Signing and Authentication Based on ECDSA’s partial message recovery
12 / 27
BAS
Message Signing and Authentication Broadcast
Check authenticity by verifying public key Wpub’s membership with bloom filter• Hashing { UID || Wpub } specific times• If all hashed values on the bloom filter are 1, OK• Otherwise, discard received message
13 / 27
BAS
Message Signing and Authentication Verify signature
14 / 27
BAS
User RevocationUpdate counting bloom filter
Update bloom filter
Update bloom filter of every node
15 / 27
BAS
User Addition Generate more (ID, PK) pairs than need in
system preparation phase, assign a pair when new nodes join WSN
Add user, after revocation of old members• No increasing the probability of a false positive• Procedure is same as revocation’s one
16 / 27
BAS
The minimum probability of a false posi-tive regarding F
(The p
robabili
ty o
f Fa
lse P
osi
tive)
m/N (bits/User)
N
m
m: storage space bitsN: the number of users
Generate PK/SK pairs: computationally feasible
8.632
17 / 27
BAS
The number of users
Thus, we need to consider of trade-off between the maximum supported number of users and the proba-bility of a false positive given a fixed storage
18 / 27
HAS
The Hybrid Authentication Scheme (HAS) Supporting more users using the Merkle Hash tree &
Bloom filter Trading the message length for the storage space
System Preparation Calculate trade-off
• maximum number of user & false positive rate
Construct of Merkle hash tree• Each leaf is user’s public key• The sink prunes it into a small tree
Generate Bloom filter• Elements of group are small trees
19 / 27
HAS
Message Signing and Authentication Broadcast
Received node• Calculate the corresponding root node using AAIUID
• Verify the root node value using bloom filter• Verify the signature in the same way of BAS
Auxiliary Authentication Information of node ID
20 / 27
Performance Analysis
Communication Overhead
21 / 27
Performance Analysis
Computational Overhead Measure energy consumption of signature
verification on two processor
22 / 27
Performance Analysis
Security Strength BAS
• Instant authentication– Impossible to launch attack using authentication delay
• Suitable for military application with freq=6.36*10-20
• Protection from replay attack with time stamp
Jamming attacks emitting random bits• CAS is weak, since every message has certificate• HAS and BAS are robust
– Authentication using Bloom filter is cheap
23 / 27
Performance Analysis
Security Strength Jamming attacks using valid PK attached to
irregularly modified message• HAS and BAS
– After verifying signature, recognize that message is bed.
• Implement an alert report mechanism– When failing to authenticate messages in a row– Repot to the sink– The sink invest the network– Detection & Remedy are out of scope in this paper
24 / 27
Conclusions
Reveal the problems of SKC based multi user broadcast authentication schemes Authentication delay Vulnerabilities
Propose PKC based schemes using Bloom filter & Merkel hash tree Minimizing energy dissipation
Analyze performance & security
25 / 27
Discussion
Shortcoming Evaluate overhead of only proposed schemes We can’t know how much energy resource is
consumed compared to when μTESLA-like schemes are used.
26 / 27
Thank you
27 / 27