LOGO A Public Key Cryptographic Method for Denial of Service Mitigation in Wireless Sensor Networks O. Arazi, H. Qi, D. Rose IEEE SECON 2007 proceedings 20082065 Myunghan Yoo August 2, 2008
LOGO
A Public Key Cryptographic Method for Denial of Service Mitigation in
Wireless Sensor Networks
O. Arazi, H. Qi, D. RoseIEEE SECON 2007 proceedings
20082065Myunghan YooAugust 2, 2008
Public Key Cryptography
Use private and public keys Given public key, easy to compute -> anyone can lock Only those who has private key compute its inverse
-> only those who has it can unlock, vice versa.
P DE() D()
Key
Attacker
P
KeKd
C P
C=E(P, Ke) P=D(C, Kd )
Insecure channel
Key
For Privacy
- Encrypt M with Bob’s public key : C = eK(Bp,M)
- Decrypt C with Bob’s private key : D = dK(Bs,C)
* Anybody can generate C, but only Bob can recover C to M.
Usage of PKC (I)
ek( , ) M
BP
dk( , ) C
M
BS
Public directory
Alice : Ap
Bob : Bp
Chaum : Cp
. .
Usage of PKC (II)
dk( , ) M
As
ek( , ) C M
Ap
Alice : Ap
Bob : Bp
Chaum : Cp
. .
Public directory
- Encrypt M with Alice’s private key : C = dK(As,M)
- Decrypt C with Alice’s public key : D = eK(Ap,C)
* Only Alice can generate C, but anybody can verify C.
For authentication (Digital Signature)
Motivation & Objective
Public Key Cryptography (PKC)
Denial-of-Service Attack in PKC With repeated & meaningless requests to
normal nodes to establish a session key, the adversary causes attacked normal nodes to waste energy resources
Pros Cons
Resilience High computational overhead
Scalability Weak against DoS attacks
Decentralized key management
Objective & Key Idea
Objective Mitigating Denial-of-Service (DoS) attacks
Key Idea Loading heavy computational burden
on the instigator
Overview of Proposed Scheme
Stage A:Alice proving her validity to Bob
A relatively energy draining procedure on Alice’s part
Stage B:Bob proving her validity to AliceA relatively low energy draining
procedure on Bob’s part
If successful
If successful: both users hold an ephemeral shared secret key
The Instigator Proving Its Validity
Alice Bob
nA
IDA
CRA
(CRA)e mod nCA = H(nA, IDA) If so, generates a message, m, such that: t= me mod nA
ttdA mod nA = m
x: LSB of message m
compares
nA: Alice’s public key, IDA: Alice’s public key ID, CRA: Alice’s certificate signed by CA with its private key,e, nCA : CA’s public key
CRA = [H(nA, IDA)]dca mod nCA
H(nA, IDA) = nA IDA⊕
512 bits or 1024 bits
Message m
x: Significant bits to identify the instigator
y and z: Factors of an ephemeral key
z212bits
y200bits
x100bits
Example of message m where the length of m is 512 bits.
Overview of Proposed Scheme
Stage A:Alice proving her validity to Bob
A relatively energy draining procedure on Alice’s part
Stage B:Bob proving her validity to AliceA relatively low energy draining
procedure on Bob’s part
If successful
If successful: both users hold an ephemeral shared secret key
The Approached Node Proving Its Valid-ity
Key Transport
Elliptic Curve Digital Signature Algorithm (ECDSA)
Self-Certified DH Fixed Key-Generation
Key Transport
Alice Bob
Stage A
If successful
nB, CRB, IDB, SB
Validation of the values: (CRB)e mod nCA = H(nB, IDB),
(SB)e mod nB = y
If successful
KAB-final = z
Stage B:
SB = ydB mod nB
ECDSA
Alice Bob
Stage A
If successful
(C, L)
Calculates h = L-1,
q1 = y · h mod ordG, q2 = C · h mod ordG,
P = q1 · G + q2 · V, and C’ is scalar of P
If C’ = C
KAB-final = z
Stage B:
V = u · GC is scalar of VL = u-1(y + dB · C) mod ordG
Self-Certified DH Fixed Key-Generation
Stage A
If successful
Self-Certified DH Fixed Key-GenerationKAB-temp = KAB (generated by Alice) = nA x [H(IDB, nB) x nB + nCA] = KBA (generated by Bob) = nB x [H(IDA, NA) x nA + nCA]Stage B:
KAB-final = H(KAB-temp, m’)
nB, CRB, IDB
Alice Bob
Implementation Results
Time (msec) Energy (J) Total
Alice Bob Alice Bob Time Energy
Stage A 230 1.02 105.8 0.469 231.02 106.27
Stage B
Key Transport 2.04 230 0.938 105.8 232.04 106.738
ECDSA 100 50 46.32 23.16 150 69.48
Fixed Key 50 50 23.16 23.16 100 46.32
Time (m-sec)
Energy (mJ)
Total consumption Both stages Both stages
Key Transport 463.06 213.01
ECDSA 381.02 175.75
Fixed Key 331.02 152.6Using 1024-Bit RSA and 160-bit ECC on the Intel MOTE
2 Platform from 312 MHz core clock
Discussion
Unclear environment of implementation communication distance between Alice and
Bob
Yet, unsuitable PKC in the WSN
Incoherent logic Applying to only a suspicious node is needed
DoS attack with incomplete stage A
DoS attack with incomplete stage A
Alice Bob
nA
IDA
CRA
(CRA)e mod nCA = H(nA, IDA) If so, generates a message, m, such that: t= me mod nA
ttdA mod nA = m
x: LSB of message m
compares
nA: Alice’s public key, IDA: Alice’s public key ID, CRA: Alice’s certificate signed by CA with its private key,e, nCA : CA’s public key
CRA = [H(nA, IDA)]dca mod nCA
H(nA, IDA) = nA IDA⊕
512 bits or 1024 bits
Completed part
Incompleted part