Cryptography Reference
In-Depth Information
¢ =
-
1
¢ =
-
1
chooses a password PW , and then computes
RHPWR
1 (
)
and
s
HPWs
1 (
)
.
R ¢¢ is stored in the user's physical device instead of ( R , s ). If the node wants to use
the private key pair, it should first key in PW. ( R , s ) will be recovered from the stored
(,)
(,)
R ¢¢ only when the correct PW is provided. Hence, retrieving ( R , S ) from (,)
R ¢¢ is
equivalent to solving the Elliptic Curve Discrete Log Problem (Chapter 3).
5.3.4.4 Security Analysis for IMBAS
If an adversary A can forge a valid v BNN-IBS tuple
Rhz for message m and iden-
,,
tity ID , then A can easily compute Y as shown below:
Y PhRHIDRP
=- +
(
(
||
)
)
(5.3)
1
0
¢= along with m and ID . Upon
receiving the signature ´ along with m and ID , he computes h = H 2 ( ID , m , R , Y ) and
c  = H 1 ( ID || R ) and verifies if
σ
Then, A outputs the forged signature
RY z
,,
?
zP
=+ + 0
Y
h R
(
cP
)
(5.4)
Substituting for Y from Eq. (5.3)
?
(5.5)
zP
=- + + +
0
zP
h R
(
cP
)
h R
(
cP
)
0
Let t be the time taken to forge a valid v BNN-IBS tuple
Rhz . Then, the time taken
,,
Rhz for a message m and identity ID with certain probability is t + 3 t m +2 t a ,
where t m is the time taken to compute the point multiplication and t a is the time taken
to compute the point addition. Hence, the conclusion is that v BNN-IBS is existential
unforgeable if BNN-IBS is existential unforgeable. In addition, IMBAS uses Schnorr's
signature with partial message recovery, which has been proven secure (Nyberg and
Rueppel 1993; Naccache and Stern 2000). As a result, A is unable to forge packets or
modify broadcasted messages.
DoS attacks on WSN are catastrophic because they lead to resource exhaus-
tion. IMBAS prevents DoS attacks by dropping packets whose signature fail to verify.
In addition, this scheme enforces a limit on the number of verifications. Consequently,
if the number of checks exceed the threshold limit, the verifying node can inform the
sink node about the adversary for further investigation and revocation of the malicious
node A . Concerning scalability, IMBAS can easily incorporate new nodes by preload-
ing them with system parameters.
Although IMBAS proposes an authentication scheme for WSN, it does not address
authenticated session key establishment between the user and the sensor node. The
next section describes a pairing-free ID-based one-pass authenticated key establish-
ment between a user and a node.
to forge
,,
Search WWH ::




Custom Search