Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks Einar Mykletun, Joao...
-
Upload
brice-stark -
Category
Documents
-
view
216 -
download
1
Transcript of Public Key Based Cryptoschemes for Data Concealment in Wireless Sensor Networks Einar Mykletun, Joao...
Public Key Based Cryptoschemes for Data Concealment in Wireless
Sensor Networks
Einar Mykletun, Joao Girao, Dirk WesthoffIEEE ICC 2006 , 1-4244-0355-3/06
Citation: 73Presenter: 林顥桐Date: 2012/12/17
Outline
• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion
Introduction
• Data aggregation is untrusted between sensors and the sink
• Public-key based solutions provide a higher level of system security
• But not popular– Too costly for computationally weak devices– A faster depletion of the sensor’s energy
Introduction
• Contrast a set of candidate solutions and give recommendations for the selection of the preferred scheme
A Desirable Homomorphic Cryptoscheme
• Aggregation– Additively Homomorphic Encrytion which have the
property that Enc(m1) Enc(m1) = Enc(m1+ m2)⊕
• Security– Can be proved on math– The compromise of sensor node should not assist in
revealing aggregated data– Key management should be simple– Chiphertext Expansion should be moderate– Probabilistic Encryption
A Desirable Homomorphic Cryptoscheme
• WSN Lifetime– Efficient Computations– Sending ciphertexts should not require the
transmission of large amounts of additional data– Electing aggregator nodes should not need to take
into account security parameters• The use of elliptic curve cryptoschemes
Outline
• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion
Public-Key Cryptoscheme Candidates
• Okamoto-Uchiyama(OU)– Based on the ablity of computing discrete logarithms– additive homomorphic: Enc(m1+m2) = Enc(m1) X Enc(m2)– Probabilistic encryption, and relating the computational complexity of
the encryption function to the size of the plaintext
L(x) = (x - 1)/p
p and q are random k-bit primes, n is approximately 1024 bits, k could be 341
Public-Key Cryptoscheme Candidates
• Benaloh– A probabilistic cryptoscheme whose encryption
cost is dependent on the size of the plaintextp, q are large primes
Public-Key Cryptoscheme Candidates
• Elliptic curve ElGamal encryption Scheme(EC-EG)– This is equivalent to the original ElGamal scheme, but
transformed to an additive group
E is an elliptic curve, p is a prime with 163bits, G is a generator
Public-Key Cryptoscheme Candidates
• Elliptic curve ElGamal encryption Scheme(EC-EG)– EC-EG is additively homomorphic and chipertexts are
combined through addition, i.e. map(m1 + m2) = map(m1) + map(m2)
– This mapping needs to be deterministic such that the same plaintext always maps to the same point
Outline
• Introduction• A Desirable Homomorphic Cryptoscheme• Public-Key Cryptoscheme Candidates• Applications and Recommendation• Conclusion
Applications
• Data Aggregation– The usage of additive encryption for calculating
the average and for movement detection• Long-term data storage– Data is kept in the nodes for later retrieval– The nodes have restricted storage capacity, it is
important to reduce the amount of values that are actually stored
Recommendation
• OU– Bigger ciphertext size
• EC-EG– Expensive mapping function during decryption, to
costly to revert
Conclusion
• The addition of ciphertexts– minimize bandwidth overhead– reduce the sensors’ energy consumption
• EC-EG, Benaloh, OU are better