Cryptography Reference
In-Depth Information
is combined with the message recovery technique proposed in Naccache and Stern
(2000) and Nyberg and Rueppel (1993). Therefore, to broadcast a message M , the sink
uses the following algorithm to generate the signature:
Signature :
Step 1 : Prepare the broadcast message
ID
sink ,,
tt M
and break it into two parts, M 1 and
M £ bytes and M 2 is inclusive of ID sink and tt .
Step 2 : Choose at random y Z p and compute Y = yP .
M 2 , where
10
1
Step 3 : Encode-and-hash Y into an integer i to H 1 .
Step 4 : Add proper redundancy to M 1 according to certain standards, such as the IEEE
Standard-P1363a : Standard Specifications for Public-Key Cryptography, and the
resulting value is f 1 .
Step 5 : Compute f 2 = H 1 ( M 2 ).
Step 6 : Then compute c = i + f 1 + f 2 mod p , such that c ≠ 0. Otherwise start from Step 1.
Step 7 : Compute d = y - cx mod p , and output ( c , d ) as the signature.
Step 8 : Then the sink broadcasts
Mcd
2 ,,
.
Verification :
Mcd a sensor node checks if tt in M 2 is fresh to avoid any kind
of replay attack. The following steps are taken for verifying the signature:
Upon receiving,
2 ,,
,
Ï- or
Ï-
Step 1 : Discard the message if
c
[1,
1]
d
[1,
1].
Step 2 : Compute Q = dP + cP 0 .
Step 3 : Discard the message if Q = .
Step 4 : Encode-and-hash Q into an integer i .
=--
Step 5 : Compute f 2 = H 1 ( M 2 ), and compute
f
c
i
f
2 mod
p
.
1
Step 6 : Discard the message if the redundancy of f 1 is incorrect.
=
Step 7 : Otherwise, accept the signature and reconstruct
ID
,,
tt M
M
M
.
sin
k
1
2
5.3.4.3 User Revocation
User revocation is achieved by simply broadcasting the identity of the revoked users
by the sink node. If the identity already exists in the revocation list, the broadcast
message is ignored. To overcome a physical node capture attack, IMBAS recommends
a password-based protection approach to safeguard the private keys. The node first
Search WWH ::




Custom Search