Cryptography Reference
In-Depth Information
Security schemes that are based on IBC allow the easy addition of new nodes to
the network. There is no need to replace or add new keys to existing devices. New
sensor nodes only have to be programmed with the domain parameters and a private
key by the public key generator before deployment. The communication overhead in
establishing session keys is minimal in IBC schemes. This makes the IBC approach
much more suitable for low energy WSNs than traditional public key infrastructure
schemes. The elimination of digital certificates lowers the energy consumption and
makes the system more practical, especially in WSNs that are deployed in remote areas.
In the case of sensor networks, IBC offers better security than other methods that are
not based on PKC. The whole system also increases resistance against a node-capture
attack. Subverting one of the nodes does not reveal anything about the communication
between other pairs of nodes. It only allows decryption of the messages received from
other nodes. Network access control is also provided, as only the public key generator
issues identities and pre-loads sensors with valid private keys. An active attacker can
encrypt messages to given identities but cannot decrypt any message without a proper
private key. IBC has clear advantages over traditional public key systems but also has
some inherent problems. One of them is key revocation. In traditional PKC systems,
compromised keys are replaced with a new private/public key pair. In IBC systems,
key revocation requires that users have to change their identity information that cor-
responds to given private keys. This might be especially problematic in cases in which
identities are chosen as the nodes' unique physical addresses (e.g., transceiver serial
numbers). One solution to the problem might be to use network addresses (e.g., IPv6
addresses) to identify nodes in the network. An alternative solution would be to com-
bine the date with the identity information to generate new private keys, when neces-
sary. The problem of key revocation highlights the importance of proper management
of node identities in IBC systems.
Despite some minor problems, IBC has many advantages when compared with
other security schemes. Table 9.6 summarizes the main benefits that arise from using
IBC with secure WSN.
Implementation of IBC protocols is more complicated than traditional public key
cryptographic schemes (e.g., RSA). IBC protocol implementation is based on the effi-
cient implementation of modules, such as the following: finite field arithmetic, big
number and modular arithmetic, ECC arithmetic, and cryptographic pairing for
implementing pairing-based cryptographic libraries.
Finite field arithmetic : Elliptic curves used in cryptography are defined over finite fields.
Therefore, efficient arithmetic operations in the underlying field are crucial to the over-
all performance of the system. Much effort is devoted in expediting basic arithmetic
routines, as they are frequently used in higher level operations. However, with varying
sensor network platforms, platform-dependent hand-coded assembly routines are used
to increase the speed of basic arithmetic routing. Although this approach deviates from
the basic design principles stated in Section 9.3, it helps improve the efficiency of the
overall system. Hence, assembly routines that are platform dependent can be part of the
cross-layer design approach in WSN.
Search WWH ::




Custom Search