key predistribution approach in wireless sensor networks using lu matrix
DESCRIPTION
Key Predistribution Approach in Wireless Sensor Networks Using LU Matrix. Author: Hangyang Dai and Hongbing Xu Source: IEEE Sensor Journal, vol. 10, no. 8, pp.1399-1409 , Aug. 2010. (Impact Factor = 1.581) Presenter: Yung-Chih Lu Date: 2010/08/04. Outline. Introduction - PowerPoint PPT PresentationTRANSCRIPT
1
Key Predistribution Approach in Wireless Sensor Networks Using LU Matrix
Author: Hangyang Dai and Hongbing Xu Source: IEEE Sensor Journal, vol. 10, no. 8, pp.1399-1409 , Aug. 2010. (Impact Factor = 1.581)Presenter: Yung-Chih LuDate: 2010/08/04
2
Outline
Introduction Proposed Scheme Performance & Security Evaluation Conclusion
3
Introduction(1/4)
Wireless Sensor Network
Base station
location finding system
mobilizer
transceiver Unit
sensing unit processing unit
sensordigital/analogconverter
microprocessor
storage device
power unit
Powergeneration
Sensor Architecture
4
Introduction(2/4) LU Matrix
Lower Triangular Matrix Upper Triangular Matrix
5
Introduction(3/4)
The type of key agreement protocolTrusted-server:
The trusted server shares a key with every node and transmits session keys to the nodes on quest.
Public-key:
Perform a public-key infrastructure.
Key predistribution:
Keys are distributed to all sensor nodes prior to deployment.
6
Introduction(4/4)
Constraints Limited energy consumption Low transmission range Limited Memory overhead
Requirements High network connectivity Robust resilience against node capture Low memory overhead
7
Eschenauer-Gligor Scheme(1/5) Key pre-distribution phase
L. Eschenauer and V. Gligor. “A Key-Management Schemefor Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov. 2002.
P :key pool size , k = key ring size
Pr[ two key rings share at least a key]= 1 - Pr[ two nodes do not share any key]= 1 - (C(P, k) / C(P, k)) × (C(k, 0) × C(P-k, k) / C(P, k))
=
Stirling’s approximation
:
=
Example1:
P=1000 , k=100
Pr =
≒ 1 - 3.8972×e-83/ 2.6517×e-78
≒ 1
Example2:
P=1000 , k=10
Pr =
≒ 1 - 2.2559×e-9 / 2.4955×e-9
≒ 1 - 0.9039 = 0.0961
8
Eschenauer-Gligor Scheme(2/5)
9
Eschenauer-Gligor Scheme(3/5) Key pre-distribution phase
Key poolKeys
Key identities
Key poolKeys
Key identities
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)Key ring
(k keys)Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
H-sensor
Key identity = key mod 232
H-Sensor : L-Sensors ID 、 L-Sensors key identifiers and Kci
L-Sensor : k keys 、 key identifiers and Kci
Kci = EKx(ci) Kx = K1 ,…, K⊕ ⊕ k
ci = H-Sensor ID
:L-Sensor
L-Sensor : Low-end sensorH-Sensor : High-end sensor
10
Eschenauer-Gligor Scheme(4/5) Shared-key discovery
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)Key ring
(k keys)Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
H-sensor
:L-Sensor
Step1:Each L-sensor Broadcasts a list of key identities.
Step2:L-sensor runs a challenge-response protocol if L-sensor find the common key.
Eki(α)
Eki(α)
α = Dki[Eki(α)]
11
Eschenauer-Gligor Scheme(5/5) Path-key establishment
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
Key ring(k keys)Key ring
(k keys)Key ring(k keys)
Key ring(k keys)
Key ring(k keys)
H-sensor
:L-Sensor
Ekc(kp)
Ekc(kp)
Ekp(α)
α = Dkp[Ekp(α)]
12
Pairwise Key Predistribution Scheme(1/5) Galois Field
q elements (q is a prime number) Field is closed under additive and multiplicative operator The sign is GF(q) s is a primitive numberExample:GF(7)3 mod 7 = 33^2 mod 7=23^3 mod 7 =63^4 mod 7 =43^5 mod 7 =53^6 mod 7 = 1The order of 3 is 63 is a primitive number
W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili. “A pairwise key predistribution scheme for wireless sensor networks.” ACM Trans. Inf. Syst. Secur., vol. 8, no. 2, pp. 228–258, 2005.
(1) linear independent
(2) Node k only store the seed sk
k=1,2,…,N
13
Pairwise Key Predistribution Scheme(2/5) Blom’s scheme
D : a symmetric matrix of size(λ+1)×(λ+1)G : a matrix of size (λ+1)×N
1X + 1Y = 0 …(1)3X + 2Y = 0 …(2)2X + 4Y = 0 …(3)(2) – 2.(1)X = 0 …(4)substitute (4) into (1)X = Y = 0
[ ]1 6 26 3 52 5 2 [ ]1 1
3 22 4 [ ]2 0
4 40 6
= mod 7.
[ ]2 4 00 4 6 [ ]1 1
3 22 4 [ ]0 3
3 4= mod 7.
[ ]2 4 00 4 6[ ]2 0
4 40 6
T=
Example: N=2 , λ=2 , GF(7)
D . G =
A=(D . G)T =
A . G =
K12 = K21 = 3﹛λ-secure property guarantees that no coalition of up to λ nodes (not including i and j) have any information about Kij or Kji.
14
Pairwise Key Predistribution Scheme(3/5)Key pre-distribution phase
Step1:Generating a G matrix
Step2:Generating ω D matricesD1,…,Dω
Step3:Caculating Ai = (Di . G)T
i = 1,…, ωStep4:Selecting τ spaces per node2≦τ<ωExample: ω=3 , τ=2 ,each L-sensor store (λ+1)×τ elements
A1(1)
A3(1)
A1 A2 A3
H-sensor
A2(2)
A3(2)
Seed sk
k=1,…,NSeed: s1
Seed: s2
L1-Sensor
L 2 -Sensor …
…
Step3:
Step4Step4:
15
Pairwise Key Predistribution Scheme(4/5) Key agreement
phase
H-sensor
Step1:Each L-sensor Broadcasts a messagemessage = L-sensor’s id + the indices of the spaces + seed
Step2:Two L-sensors can establish a common secret key if they both hold a common key space.
A2(2)
A3(2)Seed: s2Seed: s1
A1(1)
A3(1)
message
16
Pairwise Key Predistribution Scheme(5/5) Pactual[ two nodes share at least a space]
= 1 – Pactual[two nodes do not share any space]
17
Proposed Scheme(1/6) Blundo Polynomial-based protocol
Setup server randomly generates a symmetric bivariate t-degree polynomial
Example: f(x,y) = 4x2y2 + x3y1 + x1y3
It’s a symmetric bivariate 3-degree polynomial
[ ]0 0 10 4 01 0 0
over a finite field Fq
18
Proposed Scheme(2/6) Blundo Polynomial-based protocol
Lu-Sensor
Lv-Sensor
Step1: computes 1: Lu-Sensor ID 2: Lv-Sensor ID
f(1,y) = 4y2 + y1 +y3
f(2,y) = 16y2 + 8y1 + 2y3
Step2:The Setup server loads the sensor node with coefficients
Step3:Each sensor node broadcasts its own ID
Step4:Receiver use ID to compute a shared secret keyKuv = f(u,v) = f(v,u) = Kvu
K12 = f(1,2) = 26 = f(2,1) = K21
1 4 1 y1 y2 y3
8 16
2 y1 y2 y3
H-sensor
19
Proposed Scheme(3/6) Polynomial predistribution phase
Polynomialpool
(Bivariate t-degree
Polynomial + Unique ID)
Polynomialpool
(Bivariate t-degree
Polynomial + Unique ID)
Assuming that u11=1, u22=2, u33=3
20
Proposed Scheme(4/6) Polynomial predistribution phase
Randomly distribute one row of L and one column of U to each sensor node
r1 : 1st row , c1 : 1st columnr2 : 2nd row , c2 : 2nd column
21
Proposed Scheme(5/6) Shared key establishment phase
MAC: message-authentication codeCLR: is a confirmation
To Match or Not To Match?
SB: node B’s ID
22
Proposed Scheme(6/6)
Step1:Generating a PolynomialPool (ω Polynomials) P1,…,Pω
Step2:Selecting τ polynomials per node2≦τ<ωExample: ω=3 , τ=2 ,each L-sensor store (t+1)×τelements
P1(r1)
P1(c1)
P3(r1)
P3(c1)
P1 P2 P3
H-sensor
P2(r2)
P2(c2)
P3(r2)
P3(c2)
L1-Sensor
L 2 -Sensor
…
Step2:
Step1:
23
Performance & Security Evaluation(1/4)
24
Performance & Security Evaluation(2/4) network connectivity
25
Performance & Security Evaluation(3/4) resilience against node capture
k=400
26
Performance & Security Evaluation(4/4) memory overhead
Compare with Blundo scheme
27
Conclusion
High network connectivity memory space saving certain threshold node to node authentication