Cryptography Reference
In-Depth Information
not enable an adversary to learn the user's private key s u from L due to the intractability
of the ECDL problem. In fact, the proposed protocol guarantees that the communica-
tion between an uncompromised sensor node and a user cannot be exposed, irrespec-
tive of the number of other nodes that are compromised.
Key confirmation . In the proposed protocol, the key confirmation message E 0 provides
the explicit key confirmation.
The sensor node computes E ´ and sends it to the user so that the user can be assured
that the sensor node has received the user's ephemeral public key and successfully com-
puted the session key. However, the user does not expect to receive any message from
the sensor node for key establishment because he can compute the same session key by
himself. Hence, the user does not need to send a key confirmation message back to the
sensor node.
Replay attack . In a replay attack, an adversary replays the previous successful user
request to either establish a session key with the sensor node or to waste sensor node
resources by the request verification. In the proposed protocol, because of the user's
signed message, the adversary will not be able to authenticate successfully and establish
a key. Furthermore, the time stamp T S provides freshness. The sensor node checks
the time stamp before the signature verification to avoid the verification of a replayed
request message. Depending on the transmission delay imposed by the communication
channel between the user and the sensor node, the sensor node sets a time threshold,
leaving a potential attacker little time to mount a replay attack.
5.3.6 TinyIBE Scheme
In this model, the IBE scheme is implemented on a hierarchical architecture discussed
in Section 1.3.1.2. Let H be the group of static sensor nodes that takes the role of a clus-
ter head and L be a group of static ordinary sensor nodes. The sink node is responsible
for issuing unique identities for each sensor node. As the H -sensors assume the role of
a cluster head, the model assumes that they have greater computational and storage
capacity when compared to L -sensor nodes and, hence, can store the entire L -sensor
node IDs belonging to their respective clusters. In addition, maintaining a group of
node IDs is much more efficient than storing their public key certificates.
Setup : Let E be an elliptic curve defined over a finite field F q and s Z q be
a master secret. Let P and Q E ( F q ) and have order r , where Q = sP . Let
*
{0,1} n
and
*
HF
H
1 :{0,1}
2 :
for some n . Let all the system parameters
q
q
w
gePP
PP
=
be preloaded in a sensor node, where = (, ).
EFQPgnHH
/,
,
,
, ,
,
q
12
Extract : Let the sink node issue unique identities ID i for each node in the network. Let
=
the identity of each H -sensor node be mapped to a hash value such that
aHID
1 (
),
i
H
i
æ ö ÷
1
ç
÷
= ç ç ÷
and let D be the corresponding private key such that
d
ç + è ø .
P
i
s
a
i
Search WWH ::




Custom Search