Secure Routing Protocols for Sensor Networks: Constructing with Signature Schemes for Multiple Signers

　Kenta Muranaka†, Naoto Yanai†, Shingo Okamura‡, Toru Fujiwara†† Osaka University, ‡ National Institute of Technology, Nara College

　

1

Background

• Security of routing protocols for wireless sensor networks becomes more important.– The attack of providing false routing information[KW03]

– A sink whole attack[KW03]• A countermeasure of these attacks is secure routing protocols– Routing protocols with digital signatures– It can guarantee the routing information by signing– European Telecommunications Standards Institute(ETSI) suggests to utilize digital signatures for IoT[Guillemin07]

– Routing protocols with digital signatures SAODV[ZA02], SDRP[GD14]

2

Flow of Secure Routing Protocol(1/3)

3

Node A adds a digital signature to a packet

Packet Digital signature

Routing InformationA→B →C

Node A Node CNode B

Flow of Secure Routing Protocol(2/3)

4

Node B adds a digital signature

Node A Node CNode B

Packet Digital signature

Routing InformationA→B →C

Digital signature

Flow of Secure Routing Protocol(3/3)

5

Node C checks the validity of these digital signatures

Node A Node CNode B

Routing InformationA→B →C

Packet Digital signature Digital signature

Valid

Problem of Secure Routing Protocol andOur Approach

The number of signatures needs to be the same as the number of nodes that packets passed

6

We adopt signature schemes for multiple signers[IN83] where signers can combine signatures into a single short signatureWe expect their calculation load and memory storage become smallHowever, there are few examples of implementation

Problem: Memory ballooning

Approach: Signature schemes for multiple signers

Contribution of This Work

• Propose secure routing protocols with signature schemes for multiple signers– We implement aggregate signature scheme and OMS(Ordered Multi-Signature) scheme

– We propose VHS(Verification-Hash-Sign) protocol and HS(Hash-Sign) protocol

• Estimate performances of our proposed protocols– Computational time for generating a signature per a node Aggregate signature scheme : about ms OMS scheme : about ms

– Verification time Aggregate signature scheme ： about ×(the number of nodes ） ms OMS scheme : about ms

7

Outline

• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary

8

Signature Schemes for Multiple Signers

The primitive can compress some signatures into a single signature .–save memory size

9

• There are several variation of the primitive.

Aggregate Signature Sequential Aggregate Signature Ordered Multi-Signatureetc.

• In this work, we implement as follows.Aggregate Signature[BGLS03] → Various useOrdered Multi-Signature(OMS) [YMO13] → More efficient

Features of These Schemes

10

Aggregate Signature• Each signer signs

“individual document”

• “Anyone” can combine these signatures

OMS• Each signer signs

“Common document”• Signatures are

combined “in order”

𝜎 𝐴 𝜎 𝐵 𝜎𝐶

𝜎 𝑋

𝜎 𝐴

𝜎 𝐵𝜎𝐶

𝜎 𝑋

Outline

• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary

11

Proposed Protocol

• Propose two secure routing protocols with signature schemes for multiple signers– VHS(Verification-Hash-Sign) protocol– HS(Hash-Sign) protocol

• These protocols consist of two steps– Preparation step– Routing step

12

Verification-Hash-Sign(VHS) Protocol• Each node verifies a signature and generates a new signature for a received packet

• Advantage : High security– detects a invalid signature immediately– dispenses with useless transmission

13

Preparation Step Routing Step

Hash-Sign(HS) Protocol• Each node generates a new signature without verification for a received packet

• Advantage : More efficient– faster than the transmission speed of VHS protocol– lower computational cost

14

Routing StepPreparation Step

Preparation Step15

•The first step in both protocols is preparation step •This step is preparation for generating a signature• Each node in advance installs parameters and generates own secret key and public key

Manager

𝑝𝑎𝑟𝑎

via key generation algorithm

via setup algorithm

𝑝𝑘𝐴 𝑝𝑎𝑟𝑎𝑝𝑘𝐵

𝑝𝑎𝑟𝑎

𝑝𝑘𝐶

Node A Node CNode B

Routing Step• VHS protocol needs public-key-list(PKL) for verifying a signature by each node

• In HS protocol, PKL is unnecessary if a destination node knows other public keys

16

Outline

• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary

17

Implementation

18

Signature Schemes Hash AlgorithmAggregate Signature[BGLS03] Map-to-point[BLS01]OMS(WH)[YMO13] SHA256 and Waters Hash[Waters05]OMS(MTP) Map-to-pointRSA Signature SHA256

EnvironmentOS Ubuntu 14.04 LTSCompiler gcc version 4.8.2Library pbc-0.5.14, gmp 5.1.3, openssl 1.01fThe Parameter of Elliptic Curve Param-a

Virtual environment 　 Virtual Box 　 version 4.3.12Processor Intel®Core™i5-4200 CPU @ 1.60GHz×2Memory size 2GB

Measurement Method• Points of measurement– Total Time for Routing Step （ VHS Protocol ） The sum total of computational time for Routing step of VHS protocol by each node

– Total Time for Routing Step （ HS Protocol ）The sum total of computational time for Routing step of HS protocol by each node

– Total Computational Time for Hash FunctionThe sum total of computational time for hash calculation by each node

– Verification TimeComputational time for verifying a signature by a final node

• Measure until 20 nodes– Packets can reach all nodes within 20 hops for Internet topology level[KOKO11]

19

Total Time for Routing Step

20

1 3 5 7 9 11 13 15 17 190

2

4

Aggregate SignaturePolynomial (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)

The Number of Nodes

The

Proc

essin

g Ti

me(

sec)

1 3 5 7 9 11 13 15 17 190

0.51

1.52

Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)

The Number of Nodes

The

Proc

essin

g Ti

me(

sec)

VHS protocol HS protocol

Fig 4 Fig 5

Each Part of Signature Schemes

21

1 3 5 7 9 11 13 15 17 190

0.10.20.30.4

Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))

The Number of Nodes

The

Proc

essin

g Ti

me(

sec)

1 3 5 7 9 11 13 15 17 190

0.2

0.4

Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)

The Number of Nodes

The

Proc

essin

g Ti

me(

sec)

Total Computational Time for Hash Functions Verification Time

Fig 6 Fig 7

Summary and Future Works• Propose secure routing protocols with signature schemes for multiple signers– We implement aggregate signature scheme and OMS(Ordered Multi-Signature) scheme

– We propose VHS(Verification-Hash-Sign) protocol and HS(Hash-Sign) protocol

• Estimate performances of our proposed protocols– Computational time for generating a signature per a node Aggregate signature : about ms OMS : about ms

– Verification time Aggregate signature ： about ×(the number of nodes ） ms OMS : about ms

• For future works, we implement these protocols in more realistic environment

22

23

Result

• Computational time for generating a signature per a node – Aggregate signature scheme : about ms– OMS scheme : about ms

• Verification time – Aggregate signature ： about ×(the number of nodes ） ms

– OMS(WH) : about ms– OMS(MTP) : about ms

24

Evaluation

• Computational time for generating aggregate signatures is faster– Computational time per a signer– Aggregate signature ： about sec– OMS ： about sec

•Verification time of OMS scheme is faster – Aggregate Signature ：about × （ the number of nodes ） sec

– OMS （ WH ）： about sec– OMS （ MTP ）： about sec

25

Preparation Step and Routing Step

Preparation Step•This step is preparation for generating signature•Each node in advance installs parameters for elliptic curve and generates secret key and public keyRouting Step•When each node receives the packet, it does this step and sends the packet to the next node

•In VHS protocol, it verifies a signature included a packet, generates new signature and adds to the packet

•In HS protocol, it generates new signature and adds to the packet without verifying

26

Evaluation

27

Total Time for Routing （ HS protocol ）•Aggregate signature ： In proportion to the number of the signers•OMS ： In proportion to the number of signers

Verification Time• Aggregate Signature ： In proportion to the number of the signers

• OMS ： ConstantTotal Time for Routing （ VHS protocol ）• Aggregate Signature ： In proportion to the squares 　　　　　　　　　　　　　　　　　　　　　　　 of the number of the signers

• OMS ： In proportion to the number of signers

Proposed Protocol with An Aggregate Signature Scheme

•Preparation Step 1. Setup 2. Key Generation

•Routing Step1. Aggregate Verification (Only VHS protocol)2. Hash Calculation3. Signing 4. Aggregation

• signer finally verifies the signature 　

28

Proposed Protocol with An OMS Scheme •Preparation Step 1. Setup 2. Key Generation

•Routing Step1. Verification (Only VHS protocol)2. Signature Calculation

•First signer calculates a hash value• signer finally verifies the signature

29

The Environment

30

OS Ubuntu 14.04 LTSCompiler gcc version 4.8.2Library pbc-0.5.14, gmp 5.1.3, openssl 1.01fThe Parameter of Elliptic Curve

Param-a

Virtual environment 　

Virtual Box 　 version 4.3.12

Processor Intel®Core™i5-4200 CPU @ 1.60GHz×2Memory size 2GB

Algorithms of An OMS Scheme

It has four algorithms•Setup ： generates parameter•Key Generation ： generates secret key and public key

•Signing ： generates signature•Verification ： verifies signature

31

The memory size

32

The memory size of signature schemes for multiple signers is constant

is the number of sensor nodes.• Signature schemes for multiple signers ：• General signature schemes (RSA etc) ：

We expect their calculation load and memory storage become small.

Algorithms of An Aggregate Signature Scheme

It has six algorithms. •Setup ： generates parameters•Key Generation ： generates secret key and public key

•Signing ： generates signature•Verification ： verifies signature•Aggregation ： aggregates signatures•Aggregate Verification ： verifies aggregated signature

33

Preparation Step

•This step is preparation for generating signature

•Each node in advance installs parameters for elliptic curve and generate secret key and public key

•**************************************•Algorithms of aggregate signature scheme –Setup–Key Generation

•Algorithms of OMS –Setup–Key Generation

34

Routing Step

In VHS protocol, each node verifies a signature included a packet, generates new signature and adds to the packetIn HS protocol, each node generates new signature and adds to the packet without verifying•Algorithms of aggregate signature scheme –Aggregate Verifying–Hash calculation–Signing

•Algorithms of OMS –Verification–Hash calculation–Signing

35

VHS Protocol•Each node which receive the packet verifies a signature and generates new signature

•Strength–detect a invalid signature immediately–dispense with useless transmission

•Weakness–need high calculation power

36

Preparation Step

Routing Step

HS Protocol•Each node generates new signature without verifying

•Strength–faster than the transmission speed of VHS protocol–lower computational cost

•Weakness–can not detect the node which generates invalid signature

37

Preparation Step

Routing Step

38

Aggregate Verification Signing Aggregatio

n

39

Key Generation Hash Calculation Signing

Key Generation Verification Hash Caluculation Signing

40

Key Generation Verification Hash

Caluculation Signing

Key Generation Hash Caluculation Signing

41

Key Generatio

n

Verification

Hash Caluculati

onSigning Next

Signer

Key Generation

Hash Caluculation Signing Next

Signer

42

𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶

Packet Digital signature

Routing InformationA→B →C

Node CNode BNode A

𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶

Packet Digital signature

Routing InformationA→B →C

Node CNode BNode A

PKL

Routing Step

• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet

• In HS protocol, each node generates a new signature and adds to the packet without verifying

43

𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶

Packet Digital signature

Routing InformationA→B →C

via signing algorithm with and

Node CNode BNode A

Routing Step

• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet

• In HS protocol, each node generates a new signature and adds to the packet without verifying

44

𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶

Packet Digital signature

Routing InformationA→B →C

verify the via verification algorithm

Node CNode BNode A

Routing Step

• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet

• In HS protocol, each node generates a new signature and adds to the packet without verifying

45

Routing InformationA→B →C

Digital signature Route Request packet

Node CNode BNode A