Cryptography Reference
In-Depth Information
• Encrypts
E
with
SK
i
using a secure symmetric encryption algorithm, i.e.,
()
and sends
E
¢
to
U
.
¢=
E c
E
SK
i
E
¢
he performs the following steps:
• After
U
receives
,
i. Decrypts
E
¢
using his computed key
SK
u
to obtain
E
, i.e.
ED c E
¢
=
()
SK
u
?
=
(
SK
u
ID
u
ID
i
)
ii. Checks whether
E
Successful verification implies that both parties have computed the shared session key.
As the user does not expect to receive a message from the sensor node to compute the
key, he does not need to send a key-confirmation message to the sensor node.
5.3.5.4.1 Authentication, Key Establishment, and Query Privacy
To retrieve data from the sensor network, each end user authenticates himself to a
nearby node. He then establishes a session key and sends the query to it. The sensor
node, after successful user authentication and session key establishment, processes the
received user query, encrypts the query results, and sends them back to the user. For
privacy reasons, the user query needs to be encrypted in some situations because users
may not be willing to disclose their areas of interests (Carbunar et al. 2007). Due to
the one-pass key establishment, query privacy can also be provided by the proposed
protocol, as follows: The user computes his shared session key, encrypts his query using
computed session key, and sends his signed ephemeral public key to the sensor node,
together with his encrypted query, in a single message.
The sensor node first authenticates the user by verifying the signature. If the signa-
ture verification fails, the protocol terminates here. Otherwise, the sensor node com-
putes the same shared session key, decrypts the user query, processes it, and sends the
encrypted query results back to the user. Thus, only a single message is exchanged for
authentication, key establishment, and encrypted query transmission achieving trans-
mission efficiency.
5.3.5.4.2 ID-Based Signature Scheme
To sign the ephemeral public key, any secure IBS scheme with the same ID-based
parameters can be used (see Section 5.3.1). In addition, a variant of BNN-IBS—
v
BNN-IBS (see Section 5.3.3.1)—can be used to provide broadcast authentication.
5.3.5.4.3 Distributing the Public Information ID
i
and R
i
One possible question might be how a user can obtain
ID
i
and
R
i
, the public informa-
tion of a sensor node
I
. As the user is equipped with a resourceful device, it can store
the
ID
i
and
R
i
pairs of the sensor nodes in the user's range. In 160-bit ECC settings, the
size of the
ID
i
and
R
i
pair is about 25 bytes. For approximately 5000 sensor nodes in the
user's range, the total storage required is about 125 KB. This is an acceptable storage
Search WWH ::
Custom Search