Cryptography Reference
In-Depth Information
proposed to address authenticated broadcast/multicast uses identity-based authentica-
tion. Using this scheme, two schemes are proposed, namely, Identity-Based Signature
(IBS) and Identity-Based Online/Offline Signature (IBOOS). IBOOS is the ID-based
version of Online/Offline Signature (OOS). For IBS, the public key is a unique identity
associated to an entity, and the corresponding private key is generated by the private
key generator (PKG) (Chapter 4). The receiver simply verifies the ID-based digital
signature using the sender's identity. The need for a public-key certificate is totally
eliminated in this scheme. The Online/Offline Signature schemes divide the message
signing process into two phases, namely, Offline phase and Online phase. The Offline
phase comes into action before the message to be signed becomes available and results
in a partial signature. This phase is responsible for most of the precomputations. As
soon as the message to be signed becomes available, the Online phase becomes active.
In this phase, the partial signature generated in the Offline phase is used to generate
the final signature. The idea behind using two phases instead of one is that the Offline
phase could be performed by a resource abundant device (sink node) while the Online
phase could be executed by the sensor nodes.
5.2 Related Work
5.2.1 SPINS
SPINS is a set of security protocols optimized for sensor networks and is built upon
two secure building blocks, namely, Secure Network Encryption Protocol (SNEP) and
TESLA (Perrig et al. 2001). SNEP supports authentication, integrity, freshness, and
data confidentiality, whereas TESLA only supports broadcast data authentication and
this operation is performed by the sink node. It uses a hierarchical architecture with a
forest-like network formed around one or more sink nodes. Concerning key distribu-
tion, a unique master key is shared between the nodes and the base station. This master
key is preloaded in each node before deployment. SNEP facilitates the establishment of
the session key via the sink node or the base station. Two-party authentication and data
integrity are achieved using MAC, which enforces message ordering and weak freshness.
Concerning encryption, SNEP aims to achieve semantic security by sharing a counter
between the sender and receiver for the block cipher in a counter mode. TESLA uses
a one-way key chain mechanism whereby the sink node randomly chooses a key and
generates the remaining values by successively applying a one-way hash function.
5.2.1.1 SNEP
In SNEP, all cryptographic operations such as encryption, decryption, pseudo random
generation, and hash operations use the RC5 function. Furthermore, SNEP derives
independent keys for encryption and MAC operations. To provide semantic security, a
counter C A is used like an Initialization Vector (IV). The counter value is sufficiently
long enough such that it is never repeated during a node's lifetime. However, in a
Search WWH ::




Custom Search