Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Similar documents
Elements of Applied Cryptography Public key encryption

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

Signature Schemes. CSG 252 Fall Riccardo Pucella

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

A Factoring and Discrete Logarithm based Cryptosystem

Lukasz Pater CMMS Administrator and Developer

Table of Contents. Bibliografische Informationen digitalisiert durch

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Secure and Efficient Data Transmission for Cluster-based Wireless Sensor Networks

Cryptographic mechanisms

The Mathematics of the RSA Public-Key Cryptosystem

Cryptography and Network Security Chapter 10

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

CIS 5371 Cryptography. 8. Encryption --

EXAM questions for the course TTM Information Security May Part 1

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Computer Security: Principles and Practice

Public-Key Cryptanalysis 1: Introduction and Factoring

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Overview of Public-Key Cryptography

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CRYPTOGRAPHY IN NETWORK SECURITY

CSCE 465 Computer & Network Security

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Advanced Cryptography

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

A SOFTWARE COMPARISON OF RSA AND ECC

Computer Science A Cryptography and Data Security. Claude Crépeau

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Secure Data Aggregation and Data Recovery in Wireless Sensor Networks

Shor s algorithm and secret sharing

Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves

Cryptography and Network Security: Summary

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

A SECURE DATA TRANSMISSION FOR CLUSTER- BASED WIRELESS SENSOR NETWORKS IS INTRODUCED

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

VoteID 2011 Internet Voting System with Cast as Intended Verification

New Efficient Searchable Encryption Schemes from Bilinear Pairings

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Elliptic Curve Cryptography

Lecture 25: Pairing-Based Cryptography

Implementation of Elliptic Curve Digital Signature Algorithm

An Approach to Shorten Digital Signature Length

An Overview of Integer Factoring Algorithms. The Problem

A Secure-Enhanced Data Aggregation Based on ECC in Wireless Sensor Networks

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Figure 1: Application scheme of public key mechanisms. (a) pure RSA approach; (b) pure EC approach; (c) RSA on the infrastructure

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

AWIRELESS sensor network (WSN) is a network system

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Kleptography: The unbearable lightness of being mistrustful

Identity-Based Encryption from the Weil Pairing

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CRYPTOGRAPHY AND NETWORK SECURITY

Efficient Unlinkable Secret Handshakes for Anonymous Communications

Notes on Network Security Prof. Hemant K. Soni

Data Grid Privacy and Secure Storage Service in Cloud Computing

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

An Introduction to Cryptography as Applied to the Smart Grid

Library (versus Language) Based Parallelism in Factoring: Experiments in MPI. Dr. Michael Alexander Dr. Sonja Sewera.

Capture Resilient ElGamal Signature Protocols

The New Approach of Quantum Cryptography in Network Security

An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method

Study of algorithms for factoring integers and computing discrete logarithms

Approaches for privacy-friendly Smart Metering: Architecture using homomorphic encryption and homomorphic MACs

Module: Applied Cryptography. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

IT Networks & Security CERT Luncheon Series: Cryptography

Security Solutions for Wireless Sensor Networks

Implementing Network Security Protocols

SFWR ENG 4C03 - Computer Networks & Computer Security

VALLIAMMAI ENGINEERING COLLEGE

Foundation University, Islamabad, Pakistan

Evaluation of Digital Signature Process

A blind digital signature scheme using elliptic curve digital signature algorithm

Introduction. Digital Signature

CRYPTOG NETWORK SECURITY

End-to-end Secure Data Aggregation in Wireless Sensor Networks

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network

Transcription:

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique PHC/ResCom June 25th 2010, Bayonne, France J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 1 / 28

Synopsis Introduction 1 Introduction 2 3 4 J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 2 / 28

Synopsis Introduction Secure Data Aggregation in WSN The Problem : Requirements, and Solutions 1 Introduction Secure Data Aggregation in WSN The Problem : Requirements, and Solutions 2 3 4 J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 3 / 28

Introduction Secure Data Aggregation in WSN The Problem : Requirements, and Solutions Wireless Sensor Networks (WSN) WSN are used to monitor regions, detect events, acquire information... Illustrating Example Sink Sensor nodes J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 4 / 28

Introduction Secure Data Aggregation in WSN The Problem : Requirements, and Solutions Wireless Sensor Networks (WSN) WSN are used to monitor regions, detect events, acquire information... An aggregation approach can be applied. Illustrating Example Aggregation Sink (base station) Aggregation Aggregators Aggregation Aggregators Collecting data Normal Sensors J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 4 / 28

Introduction Secure Data Aggregation in WSN The Problem : Requirements, and Solutions Wireless Sensor Networks (WSN) Usually the carried information contains confidential data. An end-to-end secure aggregation approach is then required. Possible solution : end-to-end encryption schemes that support operations over cipher-text. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 5 / 28

Secure data aggregation in WSN Secure Data Aggregation in WSN The Problem : Requirements, and Solutions Decryption & Aggregation Sink (base station) Aggregation over cypher text Aggregators Aggregation over cypher text Aggregators Collecting data & Encryption Normal Sensors J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 6 / 28

The Problem : requirements Secure Data Aggregation in WSN The Problem : Requirements, and Solutions The Problem : reasonable needs 1 Security and privacy are required during communications. 2 These security and privacy must be guaranteed (proven). 3 A wide range of aggregation functions should be offered. 4 The aggregation must not raise any security issues. 5 Computation and communication costs must be low. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 7 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

The Problem : our solution Secure Data Aggregation in WSN The Problem : Requirements, and Solutions A possible solution 1 Encryption security and privacy for communications. 2 Encryption over elliptic curves (ECC) low costs for computations and communications. 3 Homomorphic encryption over elliptic curves secure aggregation. 4 Fully homomorphic encryption over elliptic curves wide range of aggregation functions. 5 Fully homomorphic ECC with a proven security (and which has not been cryptanalyzed) a solution. Until now, the sole candidate is the cryptosystem of Boneh et al. [1]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 8 / 28

Synopsis Introduction Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) 1 Introduction 2 Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) 3 4 J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 9 / 28

Preliminaries (sink level) Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Offline operations For each aggregator, public and private keys are generated by the sink. Each aggregator node embeds its public key. Thus, sensor nodes and aggregators are deployed. Various clustering methods are possible : homogeneous, by using a distance, etc. Sensor nodes take their public key from their aggregator. Public keys can be updated online. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 10 / 28

Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Generating the private key (sink level) Generation stages Let τ > 0 be an integer called security parameter. Generate two τ-bits prime numbers : q 1 and q 2. Let n = q 1 q 2 and l denotes the smallest positive integer such that : p = l n 1 is prime, p = 2 (mod 3). Private key The private key is q 1. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 11 / 28

Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Generating the public key (sink level) Generation stages Let H be the group of points of the super-singular elliptic curve y 2 = x 3 + 1 defined over F p. H consists of p + 1 = n l points, and thus has a subgroup of order n, we call it G. Let g and u denote two generators of G and h = q 2 u. Public key The public key is the tuple : (n, G, g, h). J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 12 / 28

Key size Introduction Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Comparison of the key sizes For being secure until 2020, a cryptosystem [3] : must have p 2 161, for EC systems over F p, must satisfy p 2 1881 for classical asymmetric systems, such as RSA or ElGamal on F p. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 13 / 28

Encryption of a data (sensor level) Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) The encryption of a value The message space is the set M = {0, 1,..., T }, where T < q 2. To encrypt m M : 1 Pick an integer r into [0, n 1]. 2 Compute the cipher-text : C = m g + r h G. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 14 / 28

Size of the cryptograms Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) How to reduce the size of the cryptograms We suppose that messages are constituted by 40 bits. The cryptogram is an element (x, y) of E, so it has an average of 160 bits. y 2 = x 3 + 1, so the cryptogram (x, y) can be compressed to (x, y mod 2)). We obtain cryptograms with an average of 81 bits long. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 15 / 28

Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Additions over cipher-texts (aggregator level) The addition over cipher-texts let m 1 and m 2 be two messages and C 1, C 2 their cipher-texts. The sum C of C 1 and C 2, is equal to C 1 + C 2 + r h where : Decryption stage r is an integer randomly chosen in [0, n 1], h = q 2 u as presented in the previous section. The decryption of C is equal to m 1 + m 2. The addition operation can be done several times over cipher-texts. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 16 / 28

Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Multiplication of two cipher-texts (aggregator level) The multiplication of two cipher-texts Let : g, h be the points of G as defined previously, E denotes the well-known Weil pairing (Miller s algorithm), e(p, Q) = E(x P, Q) the modified Weil pairing, where x is a root of X 3 1 on F p 2. The multiplication C m of two encrypted messages C 1, C 2 is equal to e(c 1, C 2 ) + r h 1, where : h 1 = e(g, h), r is a random integer pick in [1, n]. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 17 / 28

Examples of use Introduction Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Examples of aggregation functions through cipher-texts Arithmetic and weighted mean. Variance. Multiplication weighting. etc. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 18 / 28

Decryption of cipher-texts Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Decryption stages (sink level) To decrypt C : Compute log q1 g q 1 C, to obtain m. (q 1 is the private key, log the discrete logarithm). Decryption complexity Decryption takes expected time T using Pollard s lambda method. This can be speed-up by precomputing a table of powers of q 1 g. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 19 / 28

Offline (sink level) Encryption (sensor nodes level) Secure Aggregation (aggregator level) Decryption (sink level) Decryption of an encrypted product (sink level) Decryption stage The cipher-text of a product does not live on the same space than other cipher-texts. So the sink can determine whether a product has been achieved, or not. The decryption of C m is equal to the discrete logarithm of q 1 C m to the base q 1 g 1 : where g 1 = e(g, g). m 1 m 2 = log q1 g 1 (q 1 C m.) J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 20 / 28

Synopsis Introduction Experimental Protocol Experimental Results 1 Introduction 2 3 Experimental Protocol Experimental Results 4 J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 21 / 28

Experimental configuration Experimental Protocol Experimental Results Experimental protocol The SAGE library has been used for elliptic curve. The cryptosystem has been computed with Python 2.6. The sensor network has been implemented with Python : A first layer of 500 sensors, a second one of 50 aggregators. Sensors are randomly associated with aggregators. Each sensor has a battery of 100 units, each aggregator of 1000 units. Energy consumption is supposed to be proportional to time computation. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 22 / 28

Experimental Protocol Experimental Results Energy consumption of sensors to encrypt data Encryption in our approach Security level Size of the key E = λt (battery units) 1 85 0.05% 2 125 0.07% 3 167 0.10% Encryption in RSA based approach Security level Size of the key E = λt (battery units) 1 945 0.53 % 2 1416 1.63 % 3 1891 3.63 % J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 23 / 28

Experimental Protocol Experimental Results Energy consumption at the aggregation stage Aggregation in our approach Security level Size p of the key E = λt (battery units) 1 85 0.04 % 2 125 0.07 % 3 167 0.10 % Aggregation in RSA based approach Security level Size of the key E = λt (battery units) 1 945 8.09 % 2 1416 24.74 % 3 1891 56.27 % J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 24 / 28

Experimental Protocol Experimental Results Comparison of energy consumption 100 80 Agregator's energy evolution EC 46 EC 85 RSA 472 RSA 945 60 Energy 40 20 0 0 10 20 30 40 50 Time J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 25 / 28

Synopsis Introduction and future work Bibliography 1 Introduction 2 3 4 and future work Bibliography J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 26 / 28

and future work and future work Bibliography High level of security (cipher-texts are never decrypted). Public key encryption. Various aggregation capabilities. Low computation coast. Future work Authentication through cipher-texts. Compression (aggregation). More simulation results. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 27 / 28

Bibliography Introduction and future work Bibliography References 1 D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-dnf formulas on ciphertexts. Theory of Cryptography, LNCS, pages 325-341, 2005. 2 J. Domingo-Ferrer. A provably secure additive and multiplicative privacy homomorphism. 6th ISC conference, pages 471-483, 2003. 3 A.K. Lenstra and E.R. Verheul. Selecting cryptographic key sizes. Jour. of the International Association for Cryptologic Research, 14(4) :255-293, 2001. J. M. BAHI, C. GUYEUX, and A. MAKHOUL Secure Aggregation in WSN 28 / 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information