Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks

Efficient Public Key Efficient Public Key Infrastructure Infrastructure

Implementation in Implementation in Wireless Sensor NetworksWireless Sensor Networks

Wireless Communication and Sensor Computing, 2010. ICWCSC 2010.

International Conference on

報告者：林昌宏

OutlineOutline Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

IntroductionIntroductionSecurity is an important issue when

designing network or protocol, but taking into account the specificity of WSN, it haven’t given the necessary attention to security.

The problem of security is regarding the limitation of sensors the deployed environment

small memoryweak processorlimited battery power of sensor nodes

Introduction(cont.)Introduction(cont.)The proposed schemes in literature

aren’t secure. using some simplified techniques, like

symmetric encryption, to ensure all security services.

The author proposes an implementation of a combination of symmetric and asymmetric encryption.

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

Security In Wireless Sensor Security In Wireless Sensor NetworksNetworks

A. Security services Confidentiality Integrity Authentication

B. Public key cryptography

ConfidentialityConfidentialityEnsuring that the exchanged data is kept

secret from any unauthorized entities over the network.

Considering the consumption of devices resources, symmetric encryption is more efficient.

It must also protect information from long term eavesdropping by using periodic key update.

IntegrityIntegrityThe message should be un-altered

during its transmission from a source to destination by any intermediate sensor or malicious node. MAC(Message Authentication Code) Digital signatures

AuthenticationAuthenticationThe process of identification that a

receiving entity is sure that the message comes from a legitimate source.

using Public Key Infrastructure.

In WSN, however, it is usually done by pre-distributing some bootstrapping information used after to authenticate sensors by the base station.

Public key cryptographyPublic key cryptographyIt uses two keys, public key and private

key, to do encryption and decryption. Public key ： publicly known by each entity. Private key ： kept secret by it holder.

However, PKI is omitted from the use in WSN, because of its great consumption of energy and bandwidth which are very crucial in sensor network.

Public key Public key cryptography(cont.)cryptography(cont.)

Elliptic Curve Cryptography (ECC), is the most one of new cryptographic algorithms. Having more energy efficient for sensors. Giving the same threshold of security as the

conventional algorithms with much smaller key sizes to save more memory.

This paper presents a lightweight public key infrastructure for WSN called micro PKI.

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

State Of The ArtState Of The Art

A. Symmetric encryption based schemes

Shared key Pre-distributed keys

B. Public key based schemes Simplified Kerberos protocol

Shared keyShared keyThis solution is the simplest way for

securing WSN.It uses a single shared key to encrypt

traffic over the network, and this key may be periodically updated to ensure more security against eavesdropping.

But it is vulnerable against capture attack which can compromise the shared key and then the whole network.

Pre-distributed keysPre-distributed keysAn off-line dealer distributes a set of

symmetric keys to sensors before their deployment.

a. A random key pre-distribution scheme for WSN in which sensor obtains a subset of symmetric keys from a large key pool.

b.After deployment, each sensor tries to find a shared key with each of its neighbors to secure the links with them.

c.Managing how to obtain the session key between sensors and the base station.

Simplified Kerberos Simplified Kerberos protocolprotocol

Setup a session key between each communicating pair of sensors by contacting a trusted third party (the base station).

There is a long term key shared between each node and the base station, and the base station generates the secret key for each pair of sensors.

Simplified Kerberos Simplified Kerberos protocol(cont.)protocol(cont.)

Disadvantage：it is vulnerable against capture attacks to

exposed sensor.the handshaking is not energy saving.it may consume lot of network resources if

the base station is far from the pair of nodes.

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

Encryption AlgorithmsEncryption Algorithms

A. Elliptic Curve Cryptography

B. Message Authentication Codes

Elliptic Curve Elliptic Curve CryptographyCryptography

The ECC algorithm can be classified as the one of the most efficient asymmetric algorithms regarding its energy cost and its encryption speed.

Algorithm Sign MIPS Years to Attack

RSA-1024 304 1012

ECC-160 22.82

RSA-2048 2302.7 1024

ECC-224 61.54

Energy cost of digital signature (mJ)

Message Authentication Message Authentication CodesCodes

MACs is the common solution to ensure integrity and authentication of messages in conventional networks.

A MAC can be viewed as hash function applied on data packets, and is encrypted by the session key.

A receiver sharing the same session key can verifies the integrity of the message by computing MAC value and comparing it with the received one.

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

Micro PKI For WSNMicro PKI For WSNMicro PKI is a lightweight implementation

of PKI for WSN since it only implements a subset of a conventional PKI services.

A.Network ArchitectureB.Micro PKI System BootstrappingC.Base Station To Sensor Nodes HandshakeD.Sensor To Sensor HandshakeE.Micro PKI FunctioningF.Micro PKI Key Update G.Joining The Network

Network ArchitectureNetwork ArchitectureThe base station have more computational

and energy power compared to sensors.The base station has a pair of keys(private

and public key).Each sensor is capable to use symmetric

and asymmetric encryption.Each sensor has the capacity to save at

least the public key of the base station and a session key used for data encryption.

Each sensor node gets the public key of the base station before deployment from an off-line dealer.

Micro PKI System Micro PKI System BootstrappingBootstrapping

Before the deployment of the WSN, an off-line dealer distributes the public key of the base station to each sensors in the network.

This public key is used after in the handshake between the base station and sensors to encrypt the symmetric session key.

Base Station To Sensor Base Station To Sensor Nodes HandshakeNodes Handshake

1. Sensor generates a random session key, encrypts it with the public key of the base station, and then sends the message embedded the encrypted key to the base station.

2. The base station decrypts this message using its private key and saves the session key in a global table which has all session keys corresponding to each sensor in the network.

3. The base station encrypts an OK message using the established session key, and sends to sensor to ensure that the session key setup is successful.

Base Station To Sensor Nodes Base Station To Sensor Nodes Handshake(cont.)Handshake(cont.)

Micro PKI handshake ensures a great level of security, since it uses both symmetric and asymmetric encryption to secure the session key.

After the establishment of the session key, the sensor and the base station begin to use it for data encryption until the next key update.

Sensor To Sensor Sensor To Sensor HandshakeHandshake

After the establishment of the base station to sensor nodes, sensors can establish a secure tunnel between them for any purpose.

1.One of the two sensors sends a request which contains the identifier of the corresponding sensors to the base station.

2.The base station generates a random key for this propose, and saves the pairs of sensors’ identifier and corresponding session key in the global table.

Sensor To Sensor Sensor To Sensor Handshake(cont.)Handshake(cont.)

3. The base station encrypts the requested session key by using the corresponding key between the base station and the sensor.

4. When receiving the new session key by sensors, they begin to use it to secure the data transmission between themselves.

Micro PKI FunctioningMicro PKI FunctioningIn order to guaranty the integrity and the

authenticity of the exchanged between each communicating parties, a MAC encrypted by session key is embedded to the packet.

By verifying the joined MAC, if the verification fails, this means that there may have an attacker which has altered this packet.

Using a mechanism like multi-path routing to avoid this attacker, otherwise the base station use any mechanism to detect and exclude this attacker from the network, if it exists.

Micro PKI Key UpdateMicro PKI Key UpdateA key update tries to prevent long term

attack aiming to extract the encrypting keys by analyzing the encrypted traffic over the network for long time.

In a WSN, an automatic key update must be defined, since a network can be deployed for many days or months.

The key update is initiated by the sensor node by launching new handshake, and the period time is relative to the key length and the complexity of the used algorithm.

Joining The NetworkJoining The NetworkIf a new node wants to join the

network, the administrator must load the public key of the base station into this node.

After getting the public key, the new sensor can automatically launch a handshake and join the network.

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

AnalysisAnalysis

A. Security services Scalability Confidentiality Authentication Integrity

B. Energy cost analysis of micro PKI

Security servicesSecurity services Scalability

Micro PKI manages the increasing number of sensor nodes by new handshake and a new entry is created in the global table of the base station to manage connection.

Confidentiality

The use of symmetric encryption to encrypt the exchange data between the base station and sensors, and using periodic key update to prevent long term attacks.

Security services(cont.)Security services(cont.) Authentication

By pre-installing the public key of base station in each deployed sensor, the authenticity of the base station can be authenticated by sensors.

IntegrityComputing and joining MAC to each packet between the base station and any sensor over the network as well as between sensors.

Energy cost analysis of micro Energy cost analysis of micro PKIPKI

Operations Energy cost of sensor (mJ)

Sensorto

Base station handshake

Encrypt session key 22.82

Send a packet 3.78

Receive a packet 1.83

Decrypt OK message 0.039

Total 28.46

Sensor to Sensor

handshake

Send request message and Receive session key

message

3.66

Decrypt message 0.039

Total 3.70

Total energy cost of micro PKI 32.16

Energy cost of the simplified Kerberos 39.6 ~ 47.6

Energy cost of the simplified SSL 93.9

Introduction Security In Wireless Sensor

Networks State Of The Art Encryption Algorithms Micro PKI For WSN Analysis Conclusion

ConclusionConclusionMicro PKI implement a combination of

symmetric and asymmetric encryption which tries to solve the problem of security in WSN.

By the use of public key cryptography as a tool, it ensures the authenticity of the base station.

Micro PKI is composed of two phasesSensor to base station handshakeSensor to sensor handshake

Conclusion(cont.)Conclusion(cont.)Ensuring the confidentiality and

integrity of the exchanged data using the MAC joined to each packet.

For more security, a periodic key update is defined for the session key

Micro PKI is energy efficient and gives a considerable threshold of security.