Cryptography Reference
In-Depth Information
consumption in generating
On
. Hence, the nodes only need to carry out a small num-
ber of energy-efficient computations. The final broadcast message includes
m
M
,
T
s
,
ID
i
, and signature
On
.
Online Signature Verification
: When a sensor node receives a broadcast message, its
first task is to check the time stamp to avoid any kind of a replay attack. Upon veri-
fying the freshness of the time stamp, it runs the
Online Signature Verification
algo-
rithm. This algorithm takes
m
M
,
ID
i
,
On
, and
PP
, and returns valid (1) or invalid
(0). If required, the node could rebroadcast the message with its signature and a new
time stamp.
5.3.3 BNN-IBS Scheme
Bellare et al. (2004) proposed the first ECC-based IBS scheme called BNN-IBS, with
provable security. The implementation is as follows:
Preliminaries
: Let
E
be an elliptic curve defined over a prime finite field
F
q
and denoted
as
E
/
F
q
. Let
E
(
F
q
) denote the group of points formed by
E
/
F
q
, which includes the point
at infinity
. Hence,
E
(
F
q
) = {(
x
,
y
):
x
,
y
F
q
; (
x
,
y
)
E
/
F
q
)}
⋃
{
}.
Setup
: Given the security parameter
x
Î
, the following steps are carried out by the
p
PKG.
*
*
2
:{0,1}
H
.
• Specify
E
/
F
q
the elliptic curve
E
, where
P
E
(
F
q
) is a point of order
p
and
G
is a
group generated by
P
. Let the system public key
P
0
=
xP
PP
.
• The public parameters include
´
and
• Let
H
:{0,1}
G
Z
1
1
p
p
PP
=
EFPpPHH
/,
,
,
,
,
.
q
012
Key Extraction
: Given an end-user's identity (ordinary node's identity)
ID
, the PKG
(sink node) validates the identity and generates the private key based on the Schnorr
signature scheme (Schnorr 1991):
• Choose at random
r
Z
p
and compute
R
=
rP
.
• Use system secret key
x
to compute
s
=
r
+
cx
, where
c
=
H
1
(
ID
||
R
).
The pair (
R
,
s
) is sent to the end user via a secure channel.
Signature Generation
: The signer generates the signature
as follows:
• Choose at random
y
Z
p
and compute
Y
=
yP
.
• Compute
z
=
y
+
hs
, where
h
=
H
2
(
ID
,
m
,
R
,
Y
).
RY z
,, .
Then, the sender's signature on message
m
is the tuple
Hence,
m
and the
tuple are sent to the receiver.
Search WWH ::
Custom Search