Smartening the Environment using Wireless Sensor Networks in a Developing Country

20-23 August, 2013, IEEE GreenCom, Beijing, China

Smartening the Environment using Wireless Sensor Networks in a Developing Country

Presented ByAl-Sakib Khan PathanDepartment of Computer ScienceInternational Islamic University Malaysia

On the Key Revocation Schemes in Wireless Sensor Networks

Dieynaba Mall1, Karim Konaté1, and Al-Sakib Khan Pathan2

1Université Cheikh Anta Diop de Dakar (UCAD), Dakar, Senegal 2International Islamic University Malaysia (IIUM), Kuala Lumpur, Malaysia


Outline of This Presentation

• Background and Objective• Key Revocation Schemes• Comparative Analysis• Outcome• Future Directions of Research

2


Background

• Among all security issues, key management is the most attractive mechanism to ensure security of applications and network services in wireless sensor networks.

• Key management includes two important aspects: – Key distribution, which constitutes the task of distributing

secret keys to nodes in the network.– Key revocation, which refers to the task of securely withdrawing

the key information related to any compromised network node.

• Exhaustion of node may not translate to key revocation.

3


Background: Other Revocations?

“Revocation” in Wireless Sensor Network could be:• Link or path revocation.• Group membership revocation.• Group ID revocation.• Role revocation.• Node revocation.• or other.

Our focus is on:• Key revocation. WHY?

4


Why Emphasis on Key Revocation?

• Generally a WSN is designed for deployment in open, often an unmonitored environment, thus exposing nodes to physical attacks.

• Any key management solution in WSNs must then be provided with the ability to revoke the cryptographic keys of captured nodes.

• Otherwise, the entire network’s operation could be compromised by adversaries.

• This issue has not been addressed much, dedicated works are too few, and/or often it comes as a small part of some works without getting proper attention.

5


Key Revocation Schemes

• Mainly two types: – Centralized– Distributed

• Centralized Revocation Schemes: A single designated authority is responsible for conducting revocation decisions.

• Distributed or Decentralized Revocation Schemes: No centralized authority. The revocation decisions are made instead by the neighbors of a compromised node.

6


Centralized Revocation Schemes

EG Scheme [1]: (First Centralized Scheme)• A mobile controller node with large communication range

(for example the BS) performs the revocation process.• Before conducting revocation, this controller generates a

signature key , encrypts it using a pairwise key ( which is preloaded in each node) and unicasts it to each uncompromised sensor node.

• In this way, to revoke a compromised node, it will broadcast a message signed by containing all the key identifiers possessed by a compromised node. After receiving and verifying this message, the corresponding key is removed from the nodes’ key rings.

7

eK

eK


EG Scheme …

8

BS

Compromised node


Centralized Revocation Schemes …

KeyRev Scheme [2]: (Key Updating Strategy)• KeyRev uses key updating techniques to obsolesce the

keys owned by the compromised nodes and removes them from the network.

• Their scheme does not depend on a specific key distribution scheme but to describe their proposal, the authors assume that the basic random key distribution scheme [1] is used.

9


Centralized Revocation Schemes …

DLS Scheme [3]: (Managing Session and Interval)• To reinforce the security of the KeyRev scheme [2], [3]

uses the idea of dynamic sessions to reduce the lifetime of compromised nodes in the network.

• Manages the interval time of session keys with two aspects: the revocation time and the active time.

• After generation and distribution of a session key in the revocation time, the authors turn into managing the active time which is longer than the revocation time. They partition it into session level to get possibility to adjust it dynamically and thwart any next attack.

10


Distributed Revocation Schemes

CPS Scheme [4]: (Voting Mechanism)• Assumption: Keys are random-pairwisely distributed in

the network. Therefore, each node shares a unique pairwise key with m other distinct participants randomly selected in order to facilitate node-to-node authentication.

• Each of these m participants is assigned a random voting key.

• To perform a vote against a target node, a participant has to propagate its message across the network to all voting members. At least t participants’ verified votes mark the target node as “revoked”.

11


Distributed Revocation Schemes …

CGPM Scheme [5]: (Improved Voting Mechanism)• Improvement on CPS Scheme [4].• In addition to voting, new ideas such as revocation

sessions, performing voting and revocation decision only by processing hop-limited local broadcast and propagating a single short message to the entire network to finalize the revocation outcome.

• Furthermore, they introduce the first distributed revocation protocol that provides rigorous proofs of desired properties namely: completeness, soundness, bounded time revocation completion, unitary revocation and revocation attack resistance.

12



CYLL Scheme [6]: (Improved CGPM Scheme)• To further improve the CGPM scheme [5] in terms of

– lower storage space requirement,– reduced communication overhead and– lower computational cost, [6] presents a new distributed revocation scheme based on Blom’s

t-secure property.

• Each node in every voting session is required to store t elements of one row in a vote matrix and t elements of one column in the public matrix.

13



CCL Scheme [7]: (OWHC, Certificate, PKC based)• Based on the features of the one-way hash chain, the

certificate revocation list and the public-key cryptography.

• When a node detects that another network has been compromised, it first broadcasts to all its neighbors a compromised revocation vote (CRV)

• When the number of received revocation votes against the target node exceeds the threshold defined, the neighbor node revokes the key shared with the compromised node in its key ring and cuts off its link with the target node.

14


Security Analysis

Centralized Schemes

• Single point of failure, BS is the only controller• Impersonation of BS• DoS attack against broadcast based mechanisms• Update based mechanisms need to find optimal interval

15


Security Analysis (Contd.)

Distributed Schemes• Adversaries as active participants• Selective revocation of non-compromised node• Collusion attack• Replay attack due to lack of the concept of session

maintenance• Requires node to node authentication – often complex • Sybil attack – multiple identities of the same attacker

16


More about Distributed Schemes

• Five distinctive properties should be ensured for proper operation and efficiency:– Completeness– Soundness– Bounded time revocation completion– Unitary revocation– Revocation attack resistance

17


Table II – Comparison and Evaluation of Centralized Schemes

18


Table III - Comparison and Evaluation of Distributed Schemes

19


References

[1] L. Eschenauer and V. D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks,” in: Proceedings of ACM Conference On Computer and Communication Security, pp. 41-47, 2002.

[2] Y. Wang, B. Ramamurthy, and X. Zou, “KeyRev: An Efficient Key Revocation Scheme for Wireless Sensor Networks,” in: Proceedings of International Conference on In Communications, pp. 1260-1265, 2007.

[3] C.H. Park, Y.Y. Zhang, I.T. Kim, and M.S. Park, “DLS: Dynamic Level Session Key Revocation Protocol for Wireless Sensor Networks,” in Information Science and Applications (ICISA), 2010 International Conference on, pages 1-8, 2010.

[4] H. Chan, A. Perrig and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” in: Proceedings of IEEE Symposium on Security and Privacy, pp. 197-213, 2003.

[5] H. Chan, V.D. Gligor, A. Perrig and G. Muralidharan, “On the Distribution and Revocation of Cryptographic Keys in Sensor Networks,” IEEE Transactions on Dependable and Secure Computing 2(3) 233-247, 2005.

[6] C.-H. Chao, C.-F. Yang, P.-T. Lin, and J.-S. Li, “Novel Distributed Key Revocation Scheme for Wireless Sensor Networks,” J. Journal of Security and Networks, DOI: 10.1002/sec.707, January 2013.

[7] P.J. Chuang, S.H. Chang, C.S. Lin, “A Node Revocation Scheme Using Public-Key Cryptography in Wireless Sensor Networks,” J. Inf. Sci. Eng. 26 (5): 1859-1873, 2010

20


THANK YOU

21


Questions and Answers

Any query should be directed [email protected], [email protected]

???22

AL-SAKIB KHAN PATHANhttp://staff.iium.edu.my/sakib/

mailto:[email protected]

mailto:[email protected]

http://staff.iium.edu.my/sakib/



Smartening the Environment using Wireless Sensor Networks in a Developing Country

Documents

Transcript of Smartening the Environment using Wireless Sensor Networks in a Developing Country