Download - Secure Routing Protocol
Secure Routing Protocols for Sensor Networks: Constructing with Signature Schemes for Multiple Signers
Kenta Muranaka†, Naoto Yanai†, Shingo Okamura‡, Toru Fujiwara†† Osaka University, ‡ National Institute of Technology, Nara College
1
Background
• Security of routing protocols for wireless sensor networks becomes more important.– The attack of providing false routing information[KW03]
– A sink whole attack[KW03]• A countermeasure of these attacks is secure routing protocols– Routing protocols with digital signatures– It can guarantee the routing information by signing– European Telecommunications Standards Institute(ETSI) suggests to utilize digital signatures for IoT[Guillemin07]
– Routing protocols with digital signatures SAODV[ZA02], SDRP[GD14]
2
Flow of Secure Routing Protocol(1/3)
3
Node A adds a digital signature to a packet
Packet Digital signature
Routing InformationA→B →C
Node A Node CNode B
Flow of Secure Routing Protocol(2/3)
4
Node B adds a digital signature
Node A Node CNode B
Packet Digital signature
Routing InformationA→B →C
Digital signature
Flow of Secure Routing Protocol(3/3)
5
Node C checks the validity of these digital signatures
Node A Node CNode B
Routing InformationA→B →C
Packet Digital signature Digital signature
Valid
Problem of Secure Routing Protocol andOur Approach
The number of signatures needs to be the same as the number of nodes that packets passed
6
We adopt signature schemes for multiple signers[IN83] where signers can combine signatures into a single short signatureWe expect their calculation load and memory storage become smallHowever, there are few examples of implementation
Problem: Memory ballooning
Approach: Signature schemes for multiple signers
Contribution of This Work
• Propose secure routing protocols with signature schemes for multiple signers– We implement aggregate signature scheme and OMS(Ordered Multi-Signature) scheme
– We propose VHS(Verification-Hash-Sign) protocol and HS(Hash-Sign) protocol
• Estimate performances of our proposed protocols– Computational time for generating a signature per a node Aggregate signature scheme : about ms OMS scheme : about ms
– Verification time Aggregate signature scheme : about ×(the number of nodes ) ms OMS scheme : about ms
7
Outline
• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary
8
Signature Schemes for Multiple Signers
The primitive can compress some signatures into a single signature .–save memory size
9
• There are several variation of the primitive.
Aggregate Signature Sequential Aggregate Signature Ordered Multi-Signatureetc.
• In this work, we implement as follows.Aggregate Signature[BGLS03] → Various useOrdered Multi-Signature(OMS) [YMO13] → More efficient
Features of These Schemes
10
Aggregate Signature• Each signer signs
“individual document”
• “Anyone” can combine these signatures
OMS• Each signer signs
“Common document”• Signatures are
combined “in order”
𝜎 𝐴 𝜎 𝐵 𝜎𝐶
𝜎 𝑋
𝜎 𝐴
𝜎 𝐵𝜎𝐶
𝜎 𝑋
Outline
• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary
11
Proposed Protocol
• Propose two secure routing protocols with signature schemes for multiple signers– VHS(Verification-Hash-Sign) protocol– HS(Hash-Sign) protocol
• These protocols consist of two steps– Preparation step– Routing step
12
Verification-Hash-Sign(VHS) Protocol• Each node verifies a signature and generates a new signature for a received packet
• Advantage : High security– detects a invalid signature immediately– dispenses with useless transmission
13
Preparation Step Routing Step
Hash-Sign(HS) Protocol• Each node generates a new signature without verification for a received packet
• Advantage : More efficient– faster than the transmission speed of VHS protocol– lower computational cost
14
Routing StepPreparation Step
Preparation Step15
•The first step in both protocols is preparation step •This step is preparation for generating a signature• Each node in advance installs parameters and generates own secret key and public key
Manager
𝑝𝑎𝑟𝑎
via key generation algorithm
via setup algorithm
𝑝𝑘𝐴 𝑝𝑎𝑟𝑎𝑝𝑘𝐵
𝑝𝑎𝑟𝑎
𝑝𝑘𝐶
Node A Node CNode B
Routing Step• VHS protocol needs public-key-list(PKL) for verifying a signature by each node
• In HS protocol, PKL is unnecessary if a destination node knows other public keys
16
Outline
• Signature Schemes for Multiple Signers• Proposed Protocols• Implementation and Evaluation• Summary
17
Implementation
18
Signature Schemes Hash AlgorithmAggregate Signature[BGLS03] Map-to-point[BLS01]OMS(WH)[YMO13] SHA256 and Waters Hash[Waters05]OMS(MTP) Map-to-pointRSA Signature SHA256
EnvironmentOS Ubuntu 14.04 LTSCompiler gcc version 4.8.2Library pbc-0.5.14, gmp 5.1.3, openssl 1.01fThe Parameter of Elliptic Curve Param-a
Virtual environment Virtual Box version 4.3.12Processor Intel®Core™i5-4200 CPU @ 1.60GHz×2Memory size 2GB
Measurement Method• Points of measurement– Total Time for Routing Step ( VHS Protocol ) The sum total of computational time for Routing step of VHS protocol by each node
– Total Time for Routing Step ( HS Protocol )The sum total of computational time for Routing step of HS protocol by each node
– Total Computational Time for Hash FunctionThe sum total of computational time for hash calculation by each node
– Verification TimeComputational time for verifying a signature by a final node
• Measure until 20 nodes– Packets can reach all nodes within 20 hops for Internet topology level[KOKO11]
19
Total Time for Routing Step
20
1 3 5 7 9 11 13 15 17 190
2
4
Aggregate SignaturePolynomial (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)
The Number of Nodes
The
Proc
essin
g Ti
me(
sec)
1 3 5 7 9 11 13 15 17 190
0.51
1.52
Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)
The Number of Nodes
The
Proc
essin
g Ti
me(
sec)
VHS protocol HS protocol
Fig 4 Fig 5
Each Part of Signature Schemes
21
1 3 5 7 9 11 13 15 17 190
0.10.20.30.4
Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))
The Number of Nodes
The
Proc
essin
g Ti
me(
sec)
1 3 5 7 9 11 13 15 17 190
0.2
0.4
Aggregate SignatureLinear (Aggregate Signature)OMS(WH)Linear (OMS(WH))OMS(MTP)Linear (OMS(MTP))RSALinear (RSA)
The Number of Nodes
The
Proc
essin
g Ti
me(
sec)
Total Computational Time for Hash Functions Verification Time
Fig 6 Fig 7
Summary and Future Works• Propose secure routing protocols with signature schemes for multiple signers– We implement aggregate signature scheme and OMS(Ordered Multi-Signature) scheme
– We propose VHS(Verification-Hash-Sign) protocol and HS(Hash-Sign) protocol
• Estimate performances of our proposed protocols– Computational time for generating a signature per a node Aggregate signature : about ms OMS : about ms
– Verification time Aggregate signature : about ×(the number of nodes ) ms OMS : about ms
• For future works, we implement these protocols in more realistic environment
22
23
Result
• Computational time for generating a signature per a node – Aggregate signature scheme : about ms– OMS scheme : about ms
• Verification time – Aggregate signature : about ×(the number of nodes ) ms
– OMS(WH) : about ms– OMS(MTP) : about ms
24
Evaluation
• Computational time for generating aggregate signatures is faster– Computational time per a signer– Aggregate signature : about sec– OMS : about sec
•Verification time of OMS scheme is faster – Aggregate Signature :about × ( the number of nodes ) sec
– OMS ( WH ): about sec– OMS ( MTP ): about sec
25
Preparation Step and Routing Step
Preparation Step•This step is preparation for generating signature•Each node in advance installs parameters for elliptic curve and generates secret key and public keyRouting Step•When each node receives the packet, it does this step and sends the packet to the next node
•In VHS protocol, it verifies a signature included a packet, generates new signature and adds to the packet
•In HS protocol, it generates new signature and adds to the packet without verifying
26
Evaluation
27
Total Time for Routing ( HS protocol )•Aggregate signature : In proportion to the number of the signers•OMS : In proportion to the number of signers
Verification Time• Aggregate Signature : In proportion to the number of the signers
• OMS : ConstantTotal Time for Routing ( VHS protocol )• Aggregate Signature : In proportion to the squares of the number of the signers
• OMS : In proportion to the number of signers
Proposed Protocol with An Aggregate Signature Scheme
•Preparation Step 1. Setup 2. Key Generation
•Routing Step1. Aggregate Verification (Only VHS protocol)2. Hash Calculation3. Signing 4. Aggregation
• signer finally verifies the signature
28
Proposed Protocol with An OMS Scheme •Preparation Step 1. Setup 2. Key Generation
•Routing Step1. Verification (Only VHS protocol)2. Signature Calculation
•First signer calculates a hash value• signer finally verifies the signature
29
The Environment
30
OS Ubuntu 14.04 LTSCompiler gcc version 4.8.2Library pbc-0.5.14, gmp 5.1.3, openssl 1.01fThe Parameter of Elliptic Curve
Param-a
Virtual environment
Virtual Box version 4.3.12
Processor Intel®Core™i5-4200 CPU @ 1.60GHz×2Memory size 2GB
Algorithms of An OMS Scheme
It has four algorithms•Setup : generates parameter•Key Generation : generates secret key and public key
•Signing : generates signature•Verification : verifies signature
31
The memory size
32
The memory size of signature schemes for multiple signers is constant
is the number of sensor nodes.• Signature schemes for multiple signers :• General signature schemes (RSA etc) :
We expect their calculation load and memory storage become small.
Algorithms of An Aggregate Signature Scheme
It has six algorithms. •Setup : generates parameters•Key Generation : generates secret key and public key
•Signing : generates signature•Verification : verifies signature•Aggregation : aggregates signatures•Aggregate Verification : verifies aggregated signature
33
Preparation Step
•This step is preparation for generating signature
•Each node in advance installs parameters for elliptic curve and generate secret key and public key
•**************************************•Algorithms of aggregate signature scheme –Setup–Key Generation
•Algorithms of OMS –Setup–Key Generation
34
Routing Step
In VHS protocol, each node verifies a signature included a packet, generates new signature and adds to the packetIn HS protocol, each node generates new signature and adds to the packet without verifying•Algorithms of aggregate signature scheme –Aggregate Verifying–Hash calculation–Signing
•Algorithms of OMS –Verification–Hash calculation–Signing
35
VHS Protocol•Each node which receive the packet verifies a signature and generates new signature
•Strength–detect a invalid signature immediately–dispense with useless transmission
•Weakness–need high calculation power
36
Preparation Step
Routing Step
HS Protocol•Each node generates new signature without verifying
•Strength–faster than the transmission speed of VHS protocol–lower computational cost
•Weakness–can not detect the node which generates invalid signature
37
Preparation Step
Routing Step
38
Aggregate Verification Signing Aggregatio
n
39
Key Generation Hash Calculation Signing
Key Generation Verification Hash Caluculation Signing
40
Key Generation Verification Hash
Caluculation Signing
Key Generation Hash Caluculation Signing
41
Key Generatio
n
Verification
Hash Caluculati
onSigning Next
Signer
Key Generation
Hash Caluculation Signing Next
Signer
42
𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶
Packet Digital signature
Routing InformationA→B →C
Node CNode BNode A
𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶
Packet Digital signature
Routing InformationA→B →C
Node CNode BNode A
PKL
Routing Step
• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet
• In HS protocol, each node generates a new signature and adds to the packet without verifying
43
𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶
Packet Digital signature
Routing InformationA→B →C
via signing algorithm with and
Node CNode BNode A
Routing Step
• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet
• In HS protocol, each node generates a new signature and adds to the packet without verifying
44
𝑝𝑘𝐴 𝑝𝑘𝐵𝑝𝑘𝐶
Packet Digital signature
Routing InformationA→B →C
verify the via verification algorithm
Node CNode BNode A
Routing Step
• In VHS protocol, each node verifies a signature included in a packet, generates a new signature and adds to the packet
• In HS protocol, each node generates a new signature and adds to the packet without verifying
45
Routing InformationA→B →C
Digital signature Route Request packet
Node CNode BNode A