LOGO

Multi-user Broadcast Authentication in Wire-

less Sensor Networks

ICU 20082065Myunghan Yoo

Contents

IntroductionPreliminariesThe Proposed Scheme

CAS DAS BAS HAS

Performance AnalysisConclusionsDiscussion

2 / 27

Introduction

In Wireless Sensor Networks, broadcast/multicast from not only sink, but also a sensor node becomes crucial func-tion Authentication of them is highly important

Several symmetric key cryptography based μTESLA-like schemes have been proposed

3 / 27

Introduction

Weak points of μTESLA-like schemes All the receivers have to buffer all the mes-

sages within one time interval Wormhole attacks

• Caused by forged message, due to delay of the disclosed keys

Arbitrary flooding in current time interval• Nodes should buffer• Transmission is expensive• Denial-of-Service attacks

4 / 27

Introduction

Solutions

TIK protocol

• Require a heavy burden of memory

Public key cryptography based

• No longer impractical primitive

5 / 27

Preliminaries

The Bloom Filter

Hashing input value k times• If all bits are 1, true member• Otherwise, discard

False positive probability

Initial Configuration

Verification

6 / 27

Preliminaries

The Merkle hash tree

7 / 27

CAS

The Certificate-Based Authentication Scheme

Drawbacks Communication overhead

• Including Certification

Computation overhead• Two signature verification

M: Message, tt: time-stamp, SIG{}: signature, UID: user’s ID, SK: Secret key, PK: public key, CertUID: user’s certificate, ExpT: expiration time, and h():hashed value

8 / 27

DAS

The Direct Storage Based Authentication Scheme

Instead of certificate, list is used User’s ID & public key

Scalability problem

9 / 27

BAS

The Bloom Filter Based Authentication Scheme

System Preparation Sink construct

Bloom filter & counting Bloom filter

10 / 27

BAS

11 / 27

BAS

Message Signing and Authentication Based on ECDSA’s partial message recovery

12 / 27

BAS

Message Signing and Authentication Broadcast

Check authenticity by verifying public key Wpub’s membership with bloom filter• Hashing { UID || Wpub } specific times• If all hashed values on the bloom filter are 1, OK• Otherwise, discard received message

13 / 27

BAS

Message Signing and Authentication Verify signature

14 / 27

BAS

User RevocationUpdate counting bloom filter

Update bloom filter

Update bloom filter of every node

15 / 27

BAS

User Addition Generate more (ID, PK) pairs than need in

system preparation phase, assign a pair when new nodes join WSN

Add user, after revocation of old members• No increasing the probability of a false positive• Procedure is same as revocation’s one

16 / 27

BAS

The minimum probability of a false posi-tive regarding F

(The p

robabili

ty o

f Fa

lse P

osi

tive)

m/N (bits/User)

N

m

m: storage space bitsN: the number of users

Generate PK/SK pairs: computationally feasible

8.632

17 / 27

BAS

The number of users

Thus, we need to consider of trade-off between the maximum supported number of users and the proba-bility of a false positive given a fixed storage

18 / 27

HAS

The Hybrid Authentication Scheme (HAS) Supporting more users using the Merkle Hash tree &

Bloom filter Trading the message length for the storage space

System Preparation Calculate trade-off

• maximum number of user & false positive rate

Construct of Merkle hash tree• Each leaf is user’s public key• The sink prunes it into a small tree

Generate Bloom filter• Elements of group are small trees

19 / 27

HAS

Message Signing and Authentication Broadcast

Received node• Calculate the corresponding root node using AAIUID

• Verify the root node value using bloom filter• Verify the signature in the same way of BAS

Auxiliary Authentication Information of node ID

20 / 27

Performance Analysis

Communication Overhead

21 / 27

Performance Analysis

Computational Overhead Measure energy consumption of signature

verification on two processor

22 / 27

Performance Analysis

Security Strength BAS

• Instant authentication– Impossible to launch attack using authentication delay

• Suitable for military application with freq=6.36*10-20

• Protection from replay attack with time stamp

Jamming attacks emitting random bits• CAS is weak, since every message has certificate• HAS and BAS are robust

– Authentication using Bloom filter is cheap

23 / 27

Performance Analysis

Security Strength Jamming attacks using valid PK attached to

irregularly modified message• HAS and BAS

– After verifying signature, recognize that message is bed.

• Implement an alert report mechanism– When failing to authenticate messages in a row– Repot to the sink– The sink invest the network– Detection & Remedy are out of scope in this paper

24 / 27

Conclusions

Reveal the problems of SKC based multi user broadcast authentication schemes Authentication delay Vulnerabilities

Propose PKC based schemes using Bloom filter & Merkel hash tree Minimizing energy dissipation

Analyze performance & security

25 / 27

Discussion

Shortcoming Evaluate overhead of only proposed schemes We can’t know how much energy resource is

consumed compared to when μTESLA-like schemes are used.

26 / 27

Thank you

27 / 27