Cryptography Reference
In-Depth Information
5.3.5.2 Private Key Generation
In this phase, the Extract algorithm runs on the base station (before deployment) and
computes the private keys of all sensor nodes corresponding to their IDs . This algo-
rithm takes Prk and a sensor node's ID as input and generates a private key correspond-
ing to that ID, using the well-known Schnorr signature. For a sensor node I with
identity ID i , this algorithm performs the following steps:
*
r Î , compute R i = r i P and c i = H ( ID i , R i ).
• Compute private key as s i = c i s + r i .
• Output ( s i , R i ), where s i is secret while R i is public. Here, the private key s i is the
Schnorr signature on the ID of the node signed with the private key of the PKG.
IDs corresponding to private keys and system parameters are stored on sensor
nodes before deployment. Hence, every sensor node i stores { ID i , s i , R i } and sys-
tem parameters.
• For
i
q
5.3.5.3 User Registration
This phase is repeated every time a new user is registered with the system. In this phase,
the Extract algorithm runs on the base station and computes the private key for a user
U corresponding to his identity ID u in the same way as it is computed for sensor nodes
in the Private Key Generation phase. The base station, which runs this algorithm, sends
the private key to the user via a secure channel. Hence, every user U gets { ID u , s u , R u }
and system parameters.
5.3.5.4 One-Pass Authenticated Session Key Establishment
Whenever a user wants to access data from sensor nodes, he establishes a session key with
the sensor node in his range, after successfully authenticating himself to the sensor node.
Whether the user query is processed by a single sensor node or a set of sensor nodes is
related to the topic of query processing in wireless sensor networks and is not addressed
herein. We now describe an ID-based one-pass session key-establishment protocol
between a user U and a sensor node I . Figure 5.3 describes the steps of the Authenticated
One-Pass Session Key-Establishment Protocol with Key Confirmation protocol.
The user U chooses at random
*
q
t Î as ephemeral key and computes y = ts u and
L = yP . U signs the ephemeral public key L together with ID u , ID i and T S and sends
[ L , ID u , ID i , T S , Sig su ( L , ID u , ID i , T S )] to the sensor node I in his range. Here T S is the
current time stamp to avoid a replay attack and Sig su ( L , ID u , ID i , T S ) is a signature
signed by U using his private key s u . Computing y from L is the so-called Elliptic Curve
Discrete Logarithm (ECDL) problem, which is intractable.
The sensor node I first checks the time stamp T S to avoid the verification of a
replayed message. If this is a fresh message, I verifies the signature Sig su ( L , ID u , ID i ,
T S ). Successful signature verification implies that the message is actually sent by the
Search WWH ::




Custom Search