Documente Academic
Documente Profesional
Documente Cultură
I. I NTRODUCTION
Recent advancements in digital computing, wireless
communications and sensing technology have led to the
proliferation of wireless ad-hoc networks (WANs). A
wireless ad-hoc network (WAN) [1], [2] is a decentralized, distributed network formed by an autonomous collection of users that communicate over wireless medium
with a constrained bandwidth. A WAN is capable of self
configuration i.e. self-formation and self-repairing. The
network is ad-hoc in the sense that it does not rely on a
pre-existing infrastructure.
A WAN can be recognized as a concatenation of Data
Acquisition Network (DAN) and Data Dissemination
Network (DDN). The sensor nodes and the base station
i.e. the sensor network forms the data acquisition network. The wired and/or wireless network, backing the
sensor network forms the data dissemination network.
The main functionality of DAN is to acquire the information sensing physical attributes of surrounding environment. DDN is responsible for post-processing of the
acquired information [3]. Based on topology, dynamics
Data Authentication, Non-repudiation and Access Control. Here we discuss the challenges faced by WANs to
achieve cryptographic security.
Security mechanisms that are proven to be effective
in wired networks are not always applicable to WANs.
The combination of the following weaknesses in WANs
make them difficult to achieve security requirements [4]:
Ad-hoc infrastructure and no online administration.
Dynamic network topology.
The nodes in the network can be captured inducing
insider attacks.
Constrained resources in terms of computation and
communication capabilities.
Vulnerabilities of wireless networks are inherited by
WANs implicitly.
B. Comparison of SKC, PKC and IBC for security in
MANETs and WSNs
Cryptographic techniques can be classified into two
categories, namely, Symmetric Key based (SKC) and
Asymmetric/Public Key based (PKC). In symmetric key
schemes, if there exists a single key for the network
and an attacker compromises the key, then all encrypted
messages for that network will be exposed. In contrast,
if there is a key for every pair of users in the network,
then the number of keys for n users to communicate
securely is O(n2 ) [5]. This hinders scalability and thus
makes SKC unsuitable for WANs (specially WSNs).
When compared with the symmetric key based schemes,
asymmetric key based schemes can provide more functionalities, e.g., easier key distribution, availability of
non-repudiation, and also in PKC the compromise of a
private key of a user does not reveal messages encrypted
for other users. However, PKC schemes are generally
computationally expensive. Also, there is the requirement of a Certificate Authority (CA) to verify that a
particular public key belongs to a particular user in
the network. The issue of management of certificates
is complex and thus an obstacle that hinders PKCs
employment in WANs.
Identity-based cryptography (IBC) is a special form
of public key cryptography which eliminates the requirement of certificate authorities. In a PKC scheme, to send
an encrypted message, the sender requires a certificate
of the recipient as well as all the intermediate CAs. This
problem of obtaining authentic public certificates has
been replaced with the task of obtaining authenticating
public parameters in IBC. As there are fewer PKGs
compared to the end users, thus IBC has an advantage
over the PKC. Say, if there exists only a single PKG in
Symbols
Z
Zn
Fq
Zq
E/Fp
e : G1 G1 G2
P
dID
QID
s
Ppub
H(i)
Meanings
set of integers
set of integers mod n
finite field with q elements
the multiplicative group of integers modulo prime number q
elliptic curve over Fp
a bilinear map between two
cyclic groups G1 , G2
an arbitrary point in E/Fp
private key of ID
public key of ID
master secret key
system/master public key
a hash function
TABLE I
Notations used in this Report
C. Threshold Cryptography
The solution for the problem of sharing a secret among
a number of users was proposed by Shamir in [9] in
1979. Precisely, he generalized the problem as: There
is some secret data - D. We need to divide the data
D into n pieces - D1 , ..., Dn in such a way that D is
easily reconstructable from t or more shares. However
one should not be able to determine any knowledge about
the secret D even if he has the complete knowledge of
t 1 or fewer shares. He called such a scheme as (t, n)
threshold scheme.
To solve (t, n) threshold scheme, Shamir proposed the
solution based on polynomial interpolation. Here is the
reproduced solution for the problem proposed by Shamir
[9]: Given t points say (x1 , y1 )...(xt , yt ), with distinct
xi s, one can easily show that there is only one polynomial q(x) of degree t 1 such that q(xi ) = yi for all i.
To divide D into n shares, we pick a random t1 degree
polynomial q(x) = a0 + a1 x + + at xt1 . Here a0 = D,
and each share is the value of the polynomial at the n
points i.e. D1 = q(1), ..., D1 = q(i), ..., Dn = q(n).
(e.g. out-of-band communication) to distribute secret shares among the distributed PKG nodes. This
makes them unsuitable for secure routing protocols.
This results in an interdependency cycle problem
between distributed secure key agreement and secure routing [15], [16].
2) Proximity-caused Insecurity: In mobile WANs to
avoid the routing-security interdependency cycle
problem one can have a threshold number of authorized users that are physically close to each
other (i.e., within one-hop communication distance). However this leads to another problem called
the proximity-caused insecurity. It is possible for an
adversary to compromise these nodes for a short period of time [16]. Furthermore, for fully distributed
key generation schemes where all nodes have to
participate for the key generation, the proximitybased solution is not applicable.
3) Mobile Attacks: The key generation algorithms using threshold cryptography are subjected to mobile attacks [15]. The above scheme uses secret
refreshing mechanism to counter such attacks. They
assume that a mobile adversary cannot compromise
enough authentic nodes within share refresh period.
Zhao et al. discuss this issue and proposed solutions
in [17].
B. Offline Threshold PKG
Zhang et al. [18] proposed a distributed PKG (DPKG) scheme to distribute PKG of IBC to multiple
nodes. In this scheme, the master key of the IBC system
is distributed to D-PKGs in an offline manner. Then
a threshold number of D-PKGs can function as PKG.
As described in [4], in each D-PKG, the following
operations are performed:
1) Determine a (t1)-degree (1 t n) polynomial,
h(x) = s + a1 x + ... + at1 xt1 (mod q), where
ai are random coefficients and s is the master key
chosen previously.
2) Select n (t n N ) out of the total nodes N
(denoted by SH ). These nodes are chosen either
without distinction or by considering powerful or
more secure nodes. Call these nodes as D-PKGs
(distributed private key generators). Each node in
SH gets a share of s as sk = h(k).
3) Calculate a set of share commitments as SC =
{Pk = sk .P G1 |1 k n}.
SH and SC are included in the public parameters
and sent to all nodes. Similar to DMA scheme using
Lagrange interpolation, any combination of t-out-of-n
Xu, Mu and Sisilo gave the first ID-based online/offline signature scheme [26] (referred as XMS
scheme). In XMS scheme, whenever the signer wants
to produce a signature, he has to execute the offline
phase. This makes the offline phase one-time i.e. the
offline signature part can be used only once and cannot
be re-used. Assuming the offline phase is conducted
by the base station, whenever a sensor node needs to
sign a message, it has to go contact the base station
for the offline signature part. This makes XMS scheme
impractical in WSNs. Also the verification algorithm of
XMS scheme uses a pairing operation, which is a costly
computation for a resource constrained sensor node.
1) BLYS-IBOOS Scheme: Baek, Liu, Yang and
Zhou presented an online/offline identity-based signature scheme for the wireless sensor networks [22]. The
scheme provides multi-time usable offline storage, which
allows the signer to re-use the offline pre-computed
information. The scheme can be defined as follows:
Setup: Given the security parameter k , PKG does
the following Let G be a multiplicative group of prime order
q. Let H : {0, 1} Zq .
Selects a generator g G and computes master
public key as X = g x G.
Master secret key is x Zq and Public parameters params = hG, q, g, X, H1 , i.
Key Extraction: Given an identity ID , the PKG:
Chooses a random r Zq and computes R =
g r and
Computes s = r + H(R, ID)x mod q .
The user secret key is (R, s) and is sent to the
end user via a secure channel. Note that a correctly
generated secret key should satisfy:
g s = RX H(R,ID) .
[2] National Institute of Standards and Technology (NIST), Wireless Ad Hoc Sensor Networks, Published online at http://www.
antd.nist.gov/wahn ssn.shtml
[3] H.K. Patil and S.A. Szygenda, Security for Wireless Sensor
Networks Using Identity-Based Cryptography, Auerbach Publications, Boston, MA, USA, first edition, 2012
[4] Shushan Zhao, Akshai Aggarwal, Richard Frost, Xiaole Bai,
A Survey of Applications of Identity-Based Cryptography in
Mobile Ad-Hoc Networks, IEEE Communications Suerveys &
Tutorials, Vol. 14, No. 2, SECOND QUARTER, 2012
[5] Sanjit Chatterjee and Palash Sarkar, Identity-Based Encryption,
Springer, New York, 2011
[6] Adi Shamir. Identity-based cryptosystems and signature
schemes. In G. R. Blakley and David Chaum, editors, CRYPTO,
volume 196 of Lecture Notes in Computer Science, pages 4753. Springer, 1984.
[7] Antoine Joux, A one round protocol for tripartite DiffieHellman, ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory, 2000.
[8] Dan Boneh and Matthew K. Franklin, Identity-based encryption
from the Weil pairing, SIAM J. Comput., 32(3):586-615, 2003.
Earlier version appeared in the proceedings of CRYPTO, 2001.
[9] Adi Shamir, How to share a secret, Communications of the
ACM, vol. 22, no. 11, 1979.
[10] L. Zhou and Z.J. Haas, Securing ad-hoc networks, IEEE Network, vol.13, no. 6, pp. 24-30, 1999
[11] Aniket Kate and Ian Goldberg, Distributed Private-Key Generators for Identity-Based Cryptography, Security and Cryptography for Networks, 436-453, 2010
[12] A. Khalili, J. Katz, and W. A. Arbaugh, Toward secure key
distribution in truly ad-hoc networks, SAINT Workshops, IEEE
Computer Society, 2003, pp. 342-346.
[13] H. Deng, A. Mukherjee, and D. P. Agrawal, Threshold and
identity-based key management and authentication for wireless
ad hoc networks, ITCC (1). IEEE Computer Society, 2004, pp.
107111.
[14] T. P. Pedersen, A Threshold Cryptosystem Without A Trusted
Party, EUROCRYPT, 1991.
[15] J. V. D. MERWE, D. DAWOUD, and S. McDONALD, A survey
on peer-to-peer key management for mobile ad hoc networks,
ACM Comput. Surv., vol. 39, no. 1, pp. 1-45, 2007.
[16] S. Xu and S. Capkun, Distributed and secure bootstrapping of
mobile ad hoc networks: Framework and constructions, ACM
Trans. Inf. Syst. Secur., vol. 12, no. 1, pp. 1-37, 2008.
[17] S. Zhao and A. Aggarwal, Against mobile attacks in ad-hoc
networks, Proc. IEEE International Conference on Information
Theory and Information Security, 2010.
[18] Y. Zhang, W. Liu, W. Lou, Y. Fang, and Y. Kwon, Acpki: anonymous and certificateless public-key infrastructure for
mobile ad hoc networks, Proc. International Conference on
Communications, IEEE Computer Society Press, 2005.
[19] Mihir Bellare, Chanathip Namprempre, and Gregory Neven,
Security Proofs for Identity-Based Identification and Signature
Schemes, Proceedings of Eurocrypt, Springer-Verlag, 2004.
[20] X. Cao, W.Kou, L.Dang and B.Zhao, IMBAS: , Identity-based
multi-user broadcast authentication in wireless sensor networks,
Computer Communication, (Elseveir) 31 2008,659-669.
[21] S. Even, O. Goldreich, and S. Micali. On-line/off-line digital
signatures. Proc. CRYPTO 89, volume 2442 of Lecture Notes
in Computer Science, pages 263277. Springer-Verlag, 1989.
[22] Joseph K. Liu, Joonsang Baek, Jianying Zho, and Yanjiang
Yang, Efficient Online/Offline Identity-Based Signature for
[23]
[24]
[25]
[26]
[27]
A PPENDIX
A. Applications of Wireless Ad-hoc Networks
WANs have diverse applications which range from
applications of static resource constrained networks
(WSNs) to relatively resourceful, highly dynamic and
mobile networks (MANETs). Some influential military
applications of WANs over the past few decades are:
Establishing instant communication infrastructure in
war zones and disaster-affected areas.
Detection and characterization of chemical, biological, radiological, nuclear and other explosive
materials.
Military surveillance like detecting and gaining information about enemy movements, explosions and
other phenomena of interest.
In recent times, WAN have found wide-scale applications in civilian as well as scientific domain. Some
prominent applications are:
Applications of WANs in civil and scientific areas
[3]:
Seismic and Volcanic activity monitoring.
Ocean water monitoring for tracking pollution.
Detecting and monitoring environmental
changes in plains, forests, deserts etc.
Surveillance for providing security in shopping
malls, parking garages, and other facilities.
Monitoring living conditions of wild animals
and plants.
Virtual classrooms to reach students in remote
areas.
B. Security aspects in WSNs and MANETs
The cryptographic security requirements for WANs
are:
Data Confidentiality: To protect the data from unauthorized disclosure. A common approach to achieve
confidentiality is by encrypting user data.
Data Integrity: To confirm that the data received
is not altered during communication. Usually, cryptographic primitives such as digital signatures and
hash values are used to provide data integrity.
Data Authentication: To prevent impersonation attacks. Authentication is the process of assuring that
the identity of the communicating entity is what it
claims to be.
Non-repudiation: Aims to achieve protection against
communicating entities that deny that they ever
participated in any sort of communication with the
victim. It can be achieved using signature schemes.
Access Control: To enforce access rights to all
resources in its system. It tries to prevent a unauthorized use of system and network.