Cryptography Reference
In-Depth Information
information even before they request keying. Compared with an online PKI, the
offline PKG has many advantages in wireless ad-hoc networks.
With a PKI, whenever a peer k joins a system, the PKI should verify the binding
of the public key of k and its identity and broadcast the authenticated public key to all
existing peers, or keep the public key in a central directory for queries from other peers.
No matter when another peer i wants to communicate with k , i has to obtain both the
identity and the public key of k , and i should have a way of verifying the public key.
Therefore, the complexity in obtaining, verifying, and managing public keys creates
considerable overhead in energy-constrained systems that rely on radio technologies to
exchange identities, keys, and data.
Peer Keying
When a peer k joins an IBC-powered wireless ad-hoc network, k proposes a systemwide
unique identity id k (or the PKG appends a timestamp or sequence number to peer
identity). The PKG obtains a corresponding point
=
QHid
1 ()
on the elliptic curve by
k
pk x = from the master key x . id k can be the
email address of k , concatenated with temporal or spatial properties (e.g., a@b.com@
date@site). Identity ownership should be easily verified, e.g., by short-range encounters,
when peers are passing by the PKG or by sending a request to confirm email to a@b.
com. pk k is conveyed back to k in a secure, out-of-band side channel (e.g., through the
ticketing process at a recreation park); the system parameters are periodically broad-
casted by the PKG (e.g., through public announcement). To fight against identity theft
or spoofing, the PKG should not extract private keys more than once for the same iden-
tity, even when claimed by the same entity; instead, by using timestamp or Universal
Unique ID, the entire identity space is always collision-free and forward-secure.
The security of the entire system relies on the master key x kept by the PKG, since
the private key of all peers in IBC-based wireless ad-hoc networks can be derived from
x . To reduce the risk of total exposure, even if the PKG is compromised, and to address
the concern of key escrow for peers with a new PKG, x can be distributed in a t -of- n
manner to a group of n PKGs by applying threshold-cryptography techniques.
With threshold cryptography, k thereby derives pk k alone by combining
hashing id k and extracts k 's private key
k
t
k
pk
obtained from any t PKG t . Unless there are more than t unknowingly compromised or
bogus PKGs, the secrecy of all peers and their private keys is still preserved.
For simplicity, we focus here on keying with a single PKG; our schemes can be
extended for t -of- n or hierarchical PKGs, as well.
6.4.1 ID-Based Bilinear Key-Predistribution Scheme for
Distributed Sensor Networks
6.4.1.1 Overview of Matsumoto-Imai's Key-Predistribution Scheme
This model proposes a linear key-predistribution scheme for key sharing among n nodes,
and subsequent sections discuss a similar model using symmetric bilinear mapping.
Search WWH ::




Custom Search