Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks

Similar documents
An Energy-Efficient Symmetric Cryptography Based Authentication Scheme for Wireless Sensor Networks

CONCEALED CLIENT DATA AGGREGATION FOR DATABASE-AS-SERVICE (DAS)

ESTABLISHMENT OF SECURE COMMUNICATION IN WIRELESS SENSOR NETWORKS

A Survey On Attacks, Challenges and Security Mechanisms In Wireless Sensor Network

Encrypted Data Deduplication in Cloud Storage

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014

Communication Layer, Attacks and Security Mechanisms of Wireless Sensor Network

A Secure Message Percolation Scheme for Wireless Sensor Network

Defenses against Wormhole Attack

Providing Transparent Security Services to Sensor Networks

A Distributed Cross-Layer Compromise Detection Mechanism for Wireless Sensor Networks

L13. Reviews. Rocky K. C. Chang, April 10, 2015

A Hash-based RFID Search Protocol for Mobile Reader

Amorphic Encryption. Egger Mielberg

Improving the Efficiency of the Network Attack Detection Using Global Inspector

Random Key Pre-distribution Schemes using Multi-Path in Wireless Sensor Networks

Introduction and Statement of the Problem

MHIP: Effective Key Management for Mobile Heterogeneous Sensor Networks

Int. J. Advanced Networking and Applications Volume: 04 Issue: 04 Pages: (2013) ISSN :

A Time-Based Key Management Protocol for Wireless Sensor Networks

CS408 Cryptography & Internet Security

Published by: PIONEER RESEARCH & DEVELOPMENT GROUP ( 1

Wireless Security Security problems in Wireless Networks

Wireless Network Security Spring 2011

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Lecture 7 - Applied Cryptography

Wireless Sensor Networks: Security Issues, Challenges and Solutions

ISA 562: Information Security, Theory and Practice. Lecture 1

Chord-based Key Establishment Schemes for Sensor Networks

LIGHTWEIGHT KEY MANAGEMENT SCHEME FOR HIERARCHICAL WIRELESS SENSOR NETWORKS

Dynamic Key Ring Update Mechanism for Mobile Wireless Sensor Networks

ABSTRACT I. INTRODUCTION. Anju Bala Research Scholar, Department of Computer Science and Applications M.D. University, Rohtak, Haryana, India

An Efficient Key Update Scheme for Wireless Sensor Networks

Security Issues in Wireless Sensor Networks An Overview

Improving Key Pre-Distribution with Deployment Knowledge in Static Sensor Networks

Efficient and Sustainable Self-healing Protocols for Unattended Wireless Sensor Networks

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

Enhancing the Security in WSN using Three Tier Security Architecture Chanchal G. Agrawal *

Lecture 8 Wireless Sensor Networks: Overview

Security Issues In Mobile Ad hoc Network Routing Protocols

Selective Forwarding Attacks Detection in WSNs

EPC Tag Authentication with Randomized Characteristics for Strong Privacy

Efficient password authenticated key agreement using bilinear pairings

Key establishment in sensor networks

Network Encryption 3 4/20/17

An Enhanced Scheme to Defend against False-Endorsement-Based DoS Attacks in WSNs

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

IMPROVED DEVELOPMENT OF ENERGY EFFICIENT ROUTING ALGORITHM FOR PRIVACY PRESERVATION OF SINK IN WSN

A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.

Wireless Network Security

Sowing Seeds Protocol based Key Distribution for Wireless Sensor Network

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

A Feedback-based Multipath Approach for Secure Data Collection in. Wireless Sensor Network.

Acknowledge Enabled Secure Algorithm for Dynamically Updating Programs Installed in Wireless Sensor Nodes

Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks

Use of Symmetric And Asymmetric Cryptography in False Report Filtering in Sensor Networks

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

One Communication Key Udate with Whitelist Attribute in SCADA System

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

An Optimal Symmetric Secret Distribution of Star Networks 1

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Key Management for Static Wireless Sensor Networks With Node Adding

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Wireless Network Security Spring 2014

Efficient Auditable Access Control Systems for Public Shared Cloud Storage

Sleep/Wake Aware Local Monitoring (SLAM)

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Pseudonym Based Security Architecture for Wireless Mesh Network

ISSN: ISO 9001:2008 Certified International Journal of Engineering Science and Innovative Technology (IJESIT) Volume 3, Issue 4, July 2014

Authentication in the Smart Grids

Security Analysis of Two Anonymous Authentication Protocols for Distributed Wireless Networks

CHAPTER 4 IMPACT OF ROUTING ATTACKS IN LOCATION BASED ROUTING PROTOCOL

Improved Resilience against False Data Injection Attacks using PCRE Filtering Scheme

A NOVEL APPROACH FOR DETECTING COMPROMISED NODES IN WIRELESS SENSOR NETWORKS

Goals of Modern Cryptography

Detection of Wormhole Attacks in Wireless Sensor Networks

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks

1-7 Attacks on Cryptosystems

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

Certificateless Public Key Cryptography

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

AN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION

Reliable Broadcast Message Authentication in Wireless Sensor Networks

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Security and Privacy in Unattended Sensor Networks (or How to Cope with a Mobile Adversary)

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

Security of Mobile Ad Hoc and Wireless Sensor Networks

Cognitive Sensor Techniques to Face Security Challenges in CWSN

Secure Multi-Hop Infrastructure Access

Implementation of Modified RC4 Algorithm for Wireless Sensor Networks on CC2431

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Chongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.

Analysis of Cluster-Based Energy-Dynamic Routing Protocols in WSN

BreezeACCESS VL Security

A Scheme for Key Management on Alternate Temporal Key Hash

Session key establishment protocols

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Transcription:

Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks Po-Yuan Teng, Shih-I Huang, and Adrian Perrig Abstract The purpose of Multi-Layer Encryption (MLE) is to have only one cipher text, but users with different keys (e.g., in different groups) will obtain different levels of data after they decrypt withtheir own key. This property is especially useful in surveillance applications, which requires an efficient mechanism for multi-level data access. In this paper, we first address specific requirements for Wireless Sensor Networks (WSNs), and then propose a MLE scheme which has good properties of forward/backward secrecy, without the necessity of time synchronization. In this scheme, users only need to store a constant number of keys regardless of defined secret layers, and higher-level users are able to decrypt more data than lower-level users. Key words: Security, Multi-Layer Encryption, Forward Secrecy, Wireless Sensor Networks, Multi-Level Access Control 1Introduction Some applications with multiple priority groups need different layers of sensed data (e.g., in a metropolitan surveillance application, the police can see all data, but citizen can only see a subset of the data), this requirement is the main reason to develop MLE. In our architecture, we expect a data server to store encrypted data from sensornodes, and thisdataserver willauthenticate userswhenever they request reading specific data. Po-Yuan Teng Industrial Technology Research Institute (ITRI), Taiwan. e-mail: pppk@itri.org.tw Shih-I Huang Industrial Technology Research Institute (ITRI), Taiwan. e-mail: si.huang@gmail.com Adrian Perrig Carnegie Mellon University (CMU). e-mail: adrian@ece.cmu.edu 705

706 Po-Yuan Teng, Shih-I Huang, and Adrian Perrig In the following section, we shortly describe our target environment, and supply a summary of notation used throughout this paper.we will precisely describe our multi-layer encryption schemes in Section 3 and discuss some possible attacks in Section 4, then make a conclusion in Section 5. 2 Background In this section, we briefly describe the fundamental network architecture applied in our scheme, and the notations we used throughout this paper. Sensor Network Environments Ingeneral, sensor nodes facesome limitations, including constrained computational power, limited battery life, limited storage space, and deployments innetworks [5]. Because of these sensor node limitations, one popular solution is to have a data server as a supplementary controller (also known as base station [4]). In this architecture, the data server stores sensed data from sensor nodes, broadcasts beacon signals periodically to maintain the routing topology, and schedules the duty cycle for each node. This periodically broadcasted beacon signals areutilizedtodevelop our MLE scheme. Notation For clarity, we list the symbols and notations used throughout this paper below: Table 1 Notation MK Master Key M i Plaintext of layered message i C i Cipher text of corresponding M i ID i The identity of sensor node i UID i The identity of user i UK i User key for user i K Gi Group Key (ex. K G1 for Group G 1 ) Enc(K,M) Encrypt message M using key K {M} K Encrypted message M by K H n (M) Hash n times of message M H(M 1,M 2 ) Hash of M 1 concatenates M 2 KB IDi,L n Base key for layer n of node ID i KE IDi,L n,t j Encryption key for layer n of node ID i, during time period T j T i The ith Time period TMK IDi Time Master Key for node ID i TK IDi,T j Time Key for node ID i,during time period T j 3 Multi-Layer Encryption Scheme Informally, forward secrecy ensures that the past messages are protected even if the current secret key is exposed [3], and backward secrecy means that the exposed secret key is no longer useful in the future.

Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks 707 As shown in Fig. 1, this scheme requires the data server to hold onemasterkey MK.ThedataserverrandomlygeneratesK G1 and computes K G2, K G3 by performing one-way hash function, and then gives these keys to G 1, G 2,andG 3 users respectively. The data server periodically broadcasts seedt i to sensor nodes, the value of seedt i could be a computational result of time period T i.forexample,asfig.1 shows, the date 2007-10-15 could be the 18th time period of our system, so the value of seedt i that the server broadcasts in this time period is seedt 18,where seedt 18 = AES(MK, 2007-10-15 ). Basically, seedt i are used to update encryption keys, since these seedt i values are broadcasted in plaintext, an attacker could record all the values and endanger the system. To avoid this problem, the server gives each sensor node an unique time master key (TMK IDi )throughfunctiontmk IDi = Enc(MK, ID i ). TMK IDi are used to generate time keys (TK IDi,T j ), and time keys are aimed to update encryption keys for each secret layer through hash function KE IDi,L n,t j = H(KB IDi,L n,h L n 1(TK IDi,T j )).Thereasontoperformone-wayhashontimekeysin each secret layer here is to prevent colluding attack. The server gives each sensor node a different key set, here we denote it as base key (KB IDi,L n ), where the subscript ID i denotes that this key belongs to node ID i and L n denotes the secret level of the key. Combining base keys and TK IDi,T j values can generate encryption keys (KE IDi,L n,t j ). This is known as key-insulated methods which are mainly used to provide forward/backward secrecy. Enc(MK, T i ) seedt i e.g., AES(MK, 2007-10-15 ) seedt 18 KBID1,L KEID1,L,Ti TMKID1 ID 1 C 1 C 2 K G1 G 1 K G2 = H(K G1 ) UK1 User 1 User 2 UK2 KBID2,L KEID2,L,Ti TMKID2 ID 2 MK Data Server C 3 G 2 User 3 UK3 = Enc(MK, UID3) TMKID3 = Enc(MK, ID3) ID 3 KB3,1 = Enc(KG1, ID3) KB3,2 = Enc(KG2, ID3) K G3 = H(K G2 ) G 3 KB3,3 = Enc(KG3, ID3) L 1 KE3,1,Ti = Enc(KB3,1, TK3,Ti) M 1 KE3,1,Ti C 1 L 2 L 3 KE3,2,Ti = Enc(KB3,2, H(TK3,Ti)) KE3,3,Ti = Enc(KB3,3, H 2 (TK3,Ti)) M 2 KE3,2,Ti C 2 TK3,Ti = H(TMK3, seedti) M 3 KE3,3,Ti C 3 Fig. 1 Our MLE scheme

708 Po-Yuan Teng, Shih-I Huang, and Adrian Perrig In this scheme we also give each user an user key (UK i )bythegeneratingfunction UK i = Enc(MK,UID i ).Theseuserkeyscanbeusedtoperformuserauthentication and encrypt time key (TK IDi,T i )beforesendingtousers. We use the example that user 1 requests data 2007-10-15 fromnodeid 3,the flow is as follows: 1. User 1 requests data from ID 3 in time period 2007-10-15 2. Server authenticates user 1 by UK 1 3. Server compute Enc(MK, 2007-10-15 )=seedt 18 4. Server computes Enc(MK,ID 3 )=TMK 3 5. Server computes H(TMK 3,seedT 18 )=TK 3,18 6. Server sends Enc(UK 1,TK 3,18 )={TK 3,18 } UK1 for user 1 7. User 1 decrypts {TK 3,18 } UK1 and obtains TK 3,18 8. User 1 owns K G1 and now she has TK 3,18 a. User 1 has K G1 and knows ID 3 (public information), so she can derive node s base key KB 3,1 by computing Enc(K G1,ID 3 )=KB 3,1 b. User 1 knows TK 3,18,soshecanderivenode sencryptionkeyke 3,1,18 by computing Enc(KB 3,1,TK 3,18 )=KE 3,1,18 c. Then user 1 has encryption key KE 3,1,18 and can decrypt C 1 to obtain M 1 d. Because user 1 has K G1,shecandeduceK G2 and K G3 by performing one-way hash function, then she can derive base key KB 3,2 and KB 3,3 by computing Enc(K G2,ID 3 )=KB 3,2 and Enc(K G3,ID 3 )=KB 3,3 e. User 1 can derive encryption key KE 3,2,18 and KE 3,3,18 to decrypt C 2 and C 3, where KE 3,2,18 = Enc(KB 3,2,H(TK 3,18 )) and KE 3,3,18 = Enc(KB 3,3,H 2 (TK 3,18 )) 9. User 3 in group G 2 only has K G2 and can deduce K G3.Ifuser3requeststimekey from the server, after authenticated herself using UK 3,theserverwillknowshe is in group G 2,andgivesherthevalueofH(TK 3,18 ) instead of TK 3,18.Thiscan prevent the colluding attack because even though user 3 can get K G1 from a left G 1 user, she still cannot obtain TK 3,18 value, so user 3 can at most obtain M 2 and M 3 4Discussion There are many known attacks in sensor networks, including Denial-of-Service, blackhole, wormhole, Sybil, traffic analysis, node replication, andsoon [1,2].Asa complementary solution, we concentrate on the security of our MLE scheme. There are some possible attacks to our proposed scheme and we evaluate the security here. Eavesdropping In our proposed scheme, the only plaintext data adversaries can get is seedt i value, but without the time master key TMK IDi,theseedT i value is useless because it is only a seed value for generating the timekeytk IDi,T j. Colluding Attack If a user in lower privileged level collude with a left user in higher privileged level (e.g., user 3 colludes with user 1), although she can get the

Multi-Layer Encryption for Multi-Level Access Control in Wireless Sensor Networks 709 group key of higher level, after authenticated, the data server will only give the time key of corresponding privileged level (i.e., H L n 1(TK IDi,T j ))toher.without time keys of higher level, the user cannot derive specific encryption keys to obtain the data. Compromised sensor nodes In our scheme, each sensor node is given a set of distinct keys, and these keys are only the computational results. Even if specific sensor node is compromised, the adversary will only know these computational results and cannot take any advantage to compromise the other nodes,sothe damage will be limited in the range of compromised nodes. 5Conclusion With the proliferation of sensor networks, the amount of privacy-sensitive data that is collected increases continuously. Based on the inherent properties of numerous applications, we observe a tension and tradeoff between privacy and the usefulness of information: very fine-grained data often contains privacy-sensitive information but is the most useful, whereas coarse-grained data protectsprivacybutisoftenless useful. In this paper, we observe that we can break this tradeoff by simultaneously providing access to varying granularities of information, based on the access right of the data consumer. In fact, our efficient cryptographic construction enables sensor nodes toencrypt different granularities of data under different cryptographic keys. We find that our approach is viable even on highly resource-constrained sensor nodes, enabling us to simultaneously achieve several points in the tradeoff space between fine granularity/resolution of data and privacy. Acknowledgements Special thanks to Lee-Chun Ko for inspecting the article and providing precious comments. References 1. Akyildiz LF, Su W, Sankarasubramaniam Y and Cayirci E (2002) A survey on sensor networks. In IEEE Communications Magazine, 40(8):102 114 2. Callaway EH (2004) Wireless Sensor Networks: Architectures and Protocols. CRC Press. 3. Itkis G (2006) Forward Security: Adaptive Cryptography - Time Evolution. Invited chapter for the Handbook of Information Security, John Wiley and Sons, Inc. 4. Perrig A, Szewczyk R, Wen V et al (2002) SPINS: Security Protocols for Sensor Networks. In Wireless Networks Journal (WINE), September 2002. 5. Walters JP, Liang Z, Shi W, and Chaudhary V (2006) Wireless sensor network security: A survey. In Security in Distributed, Grid, and Pervasive Computing, Chapter 17, Auerbach Publications, CRC Press.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback