Distributed Secret Key Management Based on ECC for Ad-hoc Network Yi-xuan WU, Hua-wei CHEN * and Lei WANG

Similar documents
Improvement ofmanik et al. s remote user authentication scheme

A new remote user authentication scheme for multi-server architecture

Related-Mode Attacks on CTR Encryption Mode

Security Enhanced Dynamic ID based Remote User Authentication Scheme for Multi-Server Environments

Private Information Retrieval (PIR)

New Remote Mutual Authentication Scheme using Smart Cards

Security Vulnerabilities of an Enhanced Remote User Authentication Scheme

An Improved User Authentication and Key Agreement Scheme Providing User Anonymity

Cluster Analysis of Electrical Behavior

Problem Definitions and Evaluation Criteria for Computational Expensive Optimization

Overview. Basic Setup [9] Motivation and Tasks. Modularization 2008/2/20 IMPROVED COVERAGE CONTROL USING ONLY LOCAL INFORMATION

Two-Factor User Authentication in Multi-Server Networks

An Optimal Algorithm for Prufer Codes *

Constructing Minimum Connected Dominating Set: Algorithmic approach

A Time-Bound Ticket-Based Mutual Authentication Scheme for Cloud Computing

A new attack on Jakobsson Hybrid Mix-Net

A Secure Dynamic Identity Based Authentication Protocol with Smart Cards for Multi-Server Architecture

A Distributed Private-Key Generator for Identity-Based Cryptography

Resource-Efficient Multi-Source Authentication Utilizing Split-Join One-Way Key Chain

Hermite Splines in Lie Groups as Products of Geodesics

Proper Choice of Data Used for the Estimation of Datum Transformation Parameters

ID-based Directed Threshold Multisignature Scheme from Bilinear Pairings

Content Based Image Retrieval Using 2-D Discrete Wavelet with Texture Feature with Different Classifiers

arxiv: v1 [cs.cr] 20 Jun 2013

HOMOMORPHIC ENCRYPTION SCHEMES: STEPS TO IMPROVE THE PROFICIENCY

Cracking of the Merkle Hellman Cryptosystem Using Genetic Algorithm

User Authentication Based On Behavioral Mouse Dynamics Biometrics

NUMERICAL SOLVING OPTIMAL CONTROL PROBLEMS BY THE METHOD OF VARIATIONS

Evaluation of an Enhanced Scheme for High-level Nested Network Mobility

Secure Distributed Cluster Formation in Wireless Sensor Networks

A Low-Overhead Routing Protocol for Ad Hoc Networks with selfish nodes

Parallelism for Nested Loops with Non-uniform and Flow Dependences

A NOTE ON FUZZY CLOSURE OF A FUZZY SET

A software agent enabled biometric security algorithm for secure file access in consumer storage devices

Load-Balanced Anycast Routing

Securing Quality-of-Service Route Discovery in On-Demand Routing for Ad Hoc Networks

Concurrent Apriori Data Mining Algorithms

Adaptive Energy and Location Aware Routing in Wireless Sensor Network

The Research of Ellipse Parameter Fitting Algorithm of Ultrasonic Imaging Logging in the Casing Hole

Base Station Location Protection in Wireless Sensor Networks: Attacks and Defense

RAP. Speed/RAP/CODA. Real-time Systems. Modeling the sensor networks. Real-time Systems. Modeling the sensor networks. Real-time systems:

A Binarization Algorithm specialized on Document Images and Photos

An enhanced dynamic-id-based remote user authentication protocol with smart card

A broadcast protocol with drivers anonymity for vehicle-to-vehicle communication networks

Load Balancing for Hex-Cell Interconnection Network

Enhanced Watermarking Technique for Color Images using Visual Cryptography

A Fast Visual Tracking Algorithm Based on Circle Pixels Matching

Compiler Design. Spring Register Allocation. Sample Exercises and Solutions. Prof. Pedro C. Diniz

Delay Variation Optimized Traffic Allocation Based on Network Calculus for Multi-path Routing in Wireless Mesh Networks

Type-2 Fuzzy Non-uniform Rational B-spline Model with Type-2 Fuzzy Data

A Five-Point Subdivision Scheme with Two Parameters and a Four-Point Shape-Preserving Scheme

DEAR: A DEVICE AND ENERGY AWARE ROUTING PROTOCOL FOR MOBILE AD HOC NETWORKS

The stream cipher MICKEY-128 (version 1) Algorithm specification issue 1.0

Ensuring Basic Security and Preventing Replay Attack in a Query Processing Application Domain in WSN

An efficient biometrics-based authentication scheme for telecare medicine information systems

A New Feature of Uniformity of Image Texture Directions Coinciding with the Human Eyes Perception 1

An Application of the Dulmage-Mendelsohn Decomposition to Sparse Null Space Bases of Full Row Rank Matrices

A Semi-Distributed Load Balancing Architecture and Algorithm for Heterogeneous Wireless Networks

Time-Assisted Authentication Protocol

A New Approach For the Ranking of Fuzzy Sets With Different Heights

Positive Semi-definite Programming Localization in Wireless Sensor Networks

Scheduling Remote Access to Scientific Instruments in Cyberinfrastructure for Education and Research

On the Security of a Digital Signature with Message Recovery Using Self-certified Public Key

Analysis of Collaborative Distributed Admission Control in x Networks

A Method for Detecting the Exposure of a Secret Key in Key-Insulated Scheme

AADL : about scheduling analysis

An Accurate Evaluation of Integrals in Convex and Non convex Polygonal Domain by Twelve Node Quadrilateral Finite Element Method

The Codesign Challenge

Machine Learning: Algorithms and Applications

Fault Detection in Rule-Based Software Systems

Dynamic Bandwidth Provisioning with Fairness and Revenue Considerations for Broadband Wireless Communication

Learning the Kernel Parameters in Kernel Minimum Distance Classifier

Complex Numbers. Now we also saw that if a and b were both positive then ab = a b. For a second let s forget that restriction and do the following.

Reliability Analysis of Aircraft Condition Monitoring Network Using an Enhanced BDD Algorithm

Design and Analysis of Authenticated Key Agreement Schemes for Future IoT Applications and Session Initiation Protocol

2x x l. Module 3: Element Properties Lecture 4: Lagrange and Serendipity Elements

Assignment # 2. Farrukh Jabeen Algorithms 510 Assignment #2 Due Date: June 15, 2009.

Quality Improvement Algorithm for Tetrahedral Mesh Based on Optimal Delaunay Triangulation

Classifier Selection Based on Data Complexity Measures *

For instance, ; the five basic number-sets are increasingly more n A B & B A A = B (1)

Cryptanalysis and Improvement of Mutual Authentication Protocol for EPC C1G2 passive RFID Tag

FAHP and Modified GRA Based Network Selection in Heterogeneous Wireless Networks

Analysis of Non-coherent Fault Trees Using Ternary Decision Diagrams

Research of Dynamic Access to Cloud Database Based on Improved Pheromone Algorithm

X- Chart Using ANOM Approach

Tsinghua University at TAC 2009: Summarizing Multi-documents by Information Distance

A Topology-aware Random Walk

Resource and Virtual Function Status Monitoring in Network Function Virtualization Environment

Security analysis and design of an efficient ECC-based two-factor password authentication scheme

HYMN: AN INTEREST-BASED MULTIMEDIA PROVIDING SYSTEM FOR HYBRID WIRELESS NETWORKS


Specifications in 2001

Weaknesses of a dynamic ID-based remote user authentication. He Debiao*, Chen Jianhua, Hu Jin

Analysis and Improvement of a Lightweight Anonymous Authentication Protocol for Mobile Pay-TV Systems (Full text)

Feature Reduction and Selection

arxiv: v1 [cs.cr] 28 May 2013

On Some Entertaining Applications of the Concept of Set in Computer Science Course

An Optimized Pseudorandom Generator using Packed Matrices

OPTIMAL CONFIGURATION FOR NODES IN MIXED CELLULAR AND MOBILE AD HOC NETWORK FOR INET

A MOVING MESH APPROACH FOR SIMULATION BUDGET ALLOCATION ON CONTINUOUS DOMAINS

Transcription:

2017 2nd Internatonal Conference on Computer, Network Securty and Communcaton Engneerng (CNSCE 2017) ISBN: 978-1-60595-439-4 Dstrbuted Secret Key Management Based on ECC for Ad-hoc Network Y-xuan WU, Hua-we CHEN * and Le WANG School of Aeronautcs and Astronautcs, Unversty of Electronc Scence and Technology of Chna, Chna *Correspondng author Keywords: Dstrbuted secret key, Ellptc curve cryptography, Combned RSA, Ad-hoc. Abstract. Ad-hoc network wthout centralzed nfrastructure makes ts securty problem trcky. In ths paper, we proposed a full dstrbuted secret key management scheme to handle t. The man contrbuton of ths paper s that we combned combned-rsa threshold scheme wth ellptc curve cryptography (ECC) to construct a full dstrbuted secret key management scheme. There are several advantages n our scheme comparng wth tradtonal dstrbuted secret key management key: Frst we transfer the secret share generaton process from ntator to nodes whch belong to ths network so that ECC generaton process and secret share generaton process can be performed n parallel. Second, the establshment of secure communcaton between nodes s straghtforward and effcent. Thrd the secret share generaton process for new node non-nteractve, furthermore secret share update process s also non-nteractve. At last we also analyzed the strength of securty of the scheme to show t can fulfll the securty requrements of ad-hoc. Introducton Ad-hoc network s defned as a set of autonomous devces connectng each other through the wreless lnk wthout centralzed nfrastructure. That s to say some of nodes n network play the role of routers to transmt packets to destnaton [1]. Consderng some of the characterstcs such as open envronment, shared wreless medum, lack of nfrastructure and etc. [2], provdng securty servce s harder for ad-hoc than network wth nfrastructure. At ths stage, the publc key cryptography s an deal soluton to solve the ad-hoc securty problem. The man content of publc cryptography for ad-hoc s a secure key management. Evaluatng the qualty of a key management scheme depends on whether t can provde some of the functons requred n a partcular envronment, such as the dstrbuton of keys, the reconstructon of keys, and the verfcaton of secret share. Pror to ths, many scholars have proposed the key management schemes. There are three general approaches n lterature contrbuton for solvng the key management problem. 1. Key management based on ID. 2. Key management based on nter-certfcate. 3. Key management based on publc key cryptography. But maorty of scheme can t fulfll the whole requrement of the ad-hoc network. Ad-hoc network exsts many vulnerabltes towards key management scheme, such as mddle attack [3], eavesdrop problem [3] and so on. In order to solve the problem of man-n-the-mddle attacks, Hölbl et al. comes up wth [4]. In ths paper, He used dentty-based authentcated scheme to handle t, But Nose proved Hölbl s scheme could not hold man-n-the-mddle attacks n [5]. As for eavesdrop problem, Harn et al. present a Threshold scheme n [6] whch mentoned the secret share should be transmtted secretly, but he ddn t show how to transmt. In addton to securty problem, there s another problem n ad-hoc. Most of key management scheme need an ntator to generate the essental system parameters. If there are lots of parameters that need to be generated, t takes a pretty long tme to ntalze the system. Gharb put forward [7] and ts ntalzaton phase needs to generate parameter for each node n the network. If there are n nodes n the network, ntator needs to generate 2n parameter n total. Besdes, ntator needs to transmt these parameters secretly. Ths process wll take some tme. Therefore, we propose a key management scheme to solve the weakness mentoned above. The man contrbuton of our paper s that we come up wth a novel fully dstrbuted secret key management scheme based on ECC. The detal contrbutons of our paper are as follow: 1) Explot 136

the node to generate secret share rather than ntator. 2) Construct a securty communcaton method between nodes. 3) Smplfy the on/leave process of node usng combned RSA scheme. 4) Analyze the securty of our scheme. The rest of the paper would be organzed as followng. Prelmnares wll be ntroduced n secton 2. We present our scheme n secton 3. Secton 4 shows the securty analyss of our scheme. We conclude our work n secton 5 Prelmnares In ths secton, we show the basc background used n our scheme, ncludng ECC[10], RSA, Combned RSA[11] Ellptc Curve Cryptography The equaton of the ellptc curve on a prme feld F p s Eq. (1), where 4a 3 +27b 2 0(mod p),a, b F p and p s a large prme number. We have a base pont B wth order q. Choose a prvate key x. Calculate publc key y, where y=x B. Gven y and B, x could not be calculated n polynomal-tme. RSA 2 3 y x + ax + b(mod p) (1) RSA s a publc key encrypton algorthm proposed by Rvest et al. In ther scheme, they choose two large prme number p, q, then compute n=p q. Let ø(n)=lcm(p-1,q-1) Select a nteger e from (1,ø(n)) as ts publc key. Calculate d as ts prvate key accordng to Eq. (2) usng Extended Eucldean algorthm. Gven e and n, d couldn't be calculated n polynomal-tme. ed 1(modφ ( n)) (2) Combned RSA Threshold Scheme Ths scheme was proposed by Zhang et al. Gven several RSA nstances, we can use RSA nsta- nces to construct a (t, n) threshold [12]. Let λ =lcm(p -1,q -1). [N] denotes the set {1, 2 N}. If ø={l 1,l 2 l u } [N], So λ ø =lcm{λ l1,λ l2 λ lu }. E s an nteger and s relatvely prme wth λ [N], Gven λ ø and e, We can calculate d ø accordng to Eq. (2) usng Extended Eucldean algorthm. 2k Encrypton Phase. Gven message m, Use Eq.(3) to encrypt m. where (0, M ),M denotes a large prme. e c = m mod n (3) [ N ] Decrypton Phase. Gven cphertext c, f and only f u can decrypt c as follow where ø and ø =k. 1)Calculate d ø accordng to Eq.(2) usng Extended Eucldean algorthm. 2)Calculate m usng Eq.(4) d φ m = c mod n (4) [ φ ] m Proposed Scheme Assumpton We assume there are n nodes n adhoc network and there s no trusty relatonshp between nodes before communcaton. There s also a sgnature collector n the network whose responsblty s to gather secret share from nodes and sgn the message but won t store the master secret key n ts memory. Besdes, t has a lst whch stores the nodes that are new to the network. All nodes are n an 137

open envronment and nodes can on/leave network freely. The number of neghbors n the node s greater than t. All nodes have the ablty to generate two large prme numbers and store thers product. There s a system ntator n the network whose responsblty s to generate necessary system parameters. After generatng the necessary system parameters, t leaves the network. We also assume there are always adversary nodes n the network. The adversary node can ntercept any nformaton n the network. In a certan perod, we allow there are t-1 compromsed nodes n our network under t>n/2 condton [13]. Table 1 presents some necessary annotatons. Intalzaton Phase p,q E(F p ) B (x,y) key(,) m c Table 1. Necessary annotatons. large prme number ellptc curve constructed on doman F base pont of ellptc curve ellptc curve prvate and publc key communcaton key between node, message cphertext In ths part, we wll ntroduce the ntalzaton phase whch contans four sub-phases. The detals of phases are ntroduced as follow. Intator. Intator generates a large prme number p and construct a ellptc curve E(F p ) whch satsfes 4a 3 +27b 2 0(mod p) where a, b F p over F p usng Eq.(1). Choose a base pont B wth order q where q s also a prme number and q #(E(F p )), then Intator generate prvate key x. Calculate the publc key y, where y = x B. Furthermore, ntator needs to generate a hash functon h of collson free, such as SHA-3[15].At last t chooses an nteger e and then t publshes y, e, B, q, h. Node Intalzaton. Whle the ntator generates system parameters, the node also generates ts secret share. Each node chooses p, q from (M, 2M) such that gcd(e, λ )=1, where M s a large prme number and λ =lcm- (p -1,q -1). Calculate n usng Eq. (5), and Then each node chooses a secret value a, where a Z q. Compute communcaton secret key and publc key usng Eq. (6) and Eq. (7), then publsh y, n. At the same tme each node collects y, and n, that comes from other nodes. n = p q (5) x = λ + a modq (6) y = x B (7) Threshold Construct. After nodes n the network fnshng generatng secret shares, Intator encrypts master secret key x usng Eq. (3). Hence, we can construct a (t, n) threshold scheme. One can decrypt c.e. master secret key x usng Eq. (4) f and only f he gets t or more dfferent secret shares. Node Communcaton. If node decdes to communcates wth node, It sends hs publc number n to node. So node knows whch node needs to communcate wth t, then node fnds the publc communcaton key of node and calculate communcaton key usng Eq. (8). Eq. (9) and Eq. (10) present how to send message securty. Fgure.1 presents the detal and encrypton and decrypton. key(, ) = h( y x ) = h( x Bx ) = h( x y ) key(, ) (8) = c = m + h x y ) (9) ( m = c h( x y ) = c h( y x ) = m + h( x y ) h( y x ) = m (10) 138

Fgure 1. Node communcaton phase Message Sgnature Phase For some specal message, network needs to sgn t to provde a method that anyone can verfy the correctness of ths message. Accordng to what we dscussed above, sgnature collector has to gather t or more dfferent secret shares to sgn a message. Hence, sgnature process wll have the followng steps: 1) Sgnature collector collects t dfferent shares (λ, n ) whch are not n the newly added nodes lst. 2) Frst, It computes d ø usng Extended Eucldean algorthm, then computes master secret key d usng Eq.(4). 3) It chooses an nteger k, where 0<k<q and compute R usng Eq. (11). 4) Let r =x R, where x R denotes the coordnates of the R s x-axs. 5) Gven a message m, calculate s usng Eq. (12). So the sgnature s (r, s). Through the above steps we completed the sgnature of the message. Message sgnature verfcaton also has the followng steps: 1) Calculate auxlary value w usng Eq. (13). 2) Calculate auxlary value u 1 usng Eq. (14). 3) Calculate auxlary value u 2 usng Eq. (15). 4) Compute P usng Eq. (16). 5) Check the equaton that f x p r (mod q). If x p and r s equal, then sgnature s vald, otherwse t s nvald [15]. After fnshng message sgnature phase, sgnature collector drops the master secret key d and recalculates the c usng Eq. (3), where [N] ncludes the former node and newly added node. Then Reset the newly added nodes lst. R = ky (11) 1 s ( h( m) + d r) k (modq) (12) -1 w s (modq) (13) u w h( m)(mod ) (14) u 1 q w r(mod ) (15) 2 q = u y u B (16) P 1 + 2 Node Jon/Leave Phase If A new node requests to on the network, then t needs to get p, e, B, q, n. These parameters are stored n each node n the network. Therefore, node on phase has the followng steps: 1) New node needs to generate ts own secret share by generatng three numbers p new, q new, a new satsfyng gcd(e, λ )=1, where p new and q new are large prme numbers and λ =lcm(p new -1,q new -1). Besdes, a new s an nteger. 139

2) New node calculates n new = p new q new, x new, y new usng Eq. (6) and Eq. (7), then publshes n new, y new. 3) At the same, sgnature collector adds n new to ts newly added nodes lst. Ths s the whole process of onng nodes to the network. For node that leaves the network, t ust needs to broadcast leavng request and n leave, then any node receves the n leave, t drops the n leave from ts node lst. Secret Share Update Phase In our scheme, secret share update process s easy to mplement.in a perod of tme, secret share s constant. After a perod of tme, secret share needs to be updated.so the update node needs to regenerate two large prme as node ntalzaton phase dscussed above. When the update process fnshed, t republshes ts n r, y r. Securty Analyss In ths secton, we wll analyze the securty of our proposed scheme. The securty of key mamagement scheme can be evaluated by securty of servces that the scheme provdes. Our scheme provdes maorty of servces ncludng key confdentalty, backward and forward secrecy, resstance aganst compromsng, full dstrbuted key, node authentcaton. Key confdentalty [16] means that n an open envronment adversary can not learn any key nformaton. In our scheme, the generaton of new node s secret share s non-nteractve whch means There s no secret key nformaton leak durng transmsson. Besdes, our scheme s bult on ECC based on dscrete logarthm problem and RSA based on a large number of decomposton. Both questons are hard problems.e. there s no algorthm that can fnd the prvate key n polynomal tme. As for backward and forward secrecy [16], they both focus on preventng adversary from dervng new key from old keys. In our scheme, nodes communcaton key s ndependent. Besdes, new node constructs hs communcaton key ndependently. Even f adversary knows one key or subset keys, adversary can t get the other key. So our scheme provdes backward and forward secrecy. Resstance aganst compromsng the nodes [16] s the capablty of the scheme to defend aganst or tolerate attacks. Our scheme dstrbutes the key among all nodes whch can solve sngle pont of falure problem. Our scheme s full securty unless adversary compromses t or more nodes. Because n (t, n)-threshold, If anyone wants to get the prvate key or secret, he has to collect t or more dfferent shares. Therefore, our scheme s resstance aganst compromsng nodes under the premse of t n/2 +1. If there s a trusted center, then adversary s able to corrupt t.so f trusted center s compromsed, then the whole network s compromsed. There s no trusted center n network n our scheme, because our scheme s fully dstrbuted. Ths scheme avods the problem we dscussed above. Another mportant servce s securty communcaton between nodes. In our scheme, each node publshes ts publc communcaton key and publc number n. If one node receves publc number n. t checks whether t s legal. If t s legal, t authentcates the sender, otherwse gnores t. Our scheme also prevents adversary from forgng the communcaton key. Therefore, our scheme can deal wth key authentcaton. Summary In ths paper, we proposed a fully dstrbuted secret key management scheme usng ECC and combned RSA threshold. Our scheme s desgned to be used n ad-hoc network. We ntroduce the basc background of our scheme then show our scheme n detal. At last we analyze the securty of our scheme. There are three man contrbutons n our scheme: 1) Utlze the node to generate the secret share rather than ntator. 2) Buld a securty communcaton method between nodes. 3) Smplfy the on/leave process of node usng combned RSA scheme. Next we wll focus on applyng ths scheme to computng equpment wth lmted resources. 140

References [1] Jyot N S. Comparatve Study of Adhoc Routng Protocol AODV, DSR and DSDV n Moble Adhoc NETwork[J]. Internatonal Journal of Appled Engneerng Research, 2011, 7(11): 2012. [2] Hoebeke J, Moerman I, Dhoedt B, et al. An overvew of moble ad hoc networks: Applcatons and challenges[j]. Journal-Communcatons Network, 2004, 3(3): 60-66. [3] Goyal P, Batra S, Sngh A. A lterature revew of securty attack n moble ad-hoc networks[j]. Internatonal Journal of Computer Applcatons, 2010, 9(12): 11-15. [4] Hölbl M, Welzer T. Two mproved two-party dentty-based authentcated key agreement protocols[j]. Computer Standards & Interfaces, 2009, 31(6): 1056-1060. [5] Nose P. Securty weaknesses of authentcated key agreement protocols[j]. Informaton Processng Letters, 2011, 111(14): 687-696. [6] Harn L, Wang F. Threshold Sgnature Scheme wthout Usng Polynomal Interpolaton[J]. IJ Network Securty, 2016, 18(4): 710-717. [7] Gharb M, Moradlou Z, Doostar M A, et al. Fully Dstrbuted ECC-based Key Management for Moble Ad Hoc Networks[J]. Computer Networks, 2017. [8] Rvest R L, Shamr A, Adleman L. A method for obtanng dgtal sgnatures and publc-key cryptosystems[j]. Communcatons of the ACM, 1978, 21(2): 120-126. [9] Dffe W, Hellman M. New drectons n cryptography[j]. IEEE transactons on Informaton Theory, 1976, 22(6): 644-654. [10] Kobltz N. Ellptc curve cryptosystems[j]. Mathematcs of computaton, 1987, 48(177): 203-209. [11] Zhang C, Luo Y, Xue G. A new constructon of threshold cryptosystems based on RSA[J]. Informaton Scences, 2016, 363: 140-153. [12] Shamr A. How to share a secret[j]. Communcatons of the ACM, 1979, 22(11): 612-613. [13] L L C, Lu R S. Securng cluster-based ad hoc networks wth dstrbuted authortes[j]. IEEE transactons on wreless communcatons, 2010, 9(10): 3072-3081. [14] Ste B. SHA-3 Standard: Permutaton-Based Hash and Extendable-Output Functons[J]. 2014. [15] Johnson D, Menezes A, Vanstone S. The ellptc curve dgtal sgnature algorthm (ECDSA)[J]. Internatonal Journal of Informaton Securty, 2001, 1(1): 36-63. [16] Merwe J V D, Dawoud D, McDonald S. A survey on peer-to-peer key management for moble ad hoc networks[j]. ACM computng surveys (CSUR), 2007, 39(1): 1. 141

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback