Toward Mitigating Denial of Service Attacks in PowerConstrained Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Toward Mitigating Denial of Service Attacks in PowerConstrained Sensor Networks

Description:

The CA's signature on the association between nA and IDA. The Denial ... Each node is given by the CA (Certifying authority) a set of public and private keys: ... – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 20
Provided by: dritamar
Learn more at: https://www.csm.ornl.gov
Category:

less

Transcript and Presenter's Notes

Title: Toward Mitigating Denial of Service Attacks in PowerConstrained Sensor Networks


1
Toward Mitigating Denial of Service Attacks
inPower-Constrained Sensor Networks
Ortal Arazi, Hairong Qi College of
Engineering Dept. of Electrical Computer
Engineering The University of Tennessee Cyberspac
e Sciences Information Intelligence Research
Group (CSIIR) Oak Ridge National Laboratory, Oak
Ridge
2
Instigating Communication
Bob
Alice
Lets talk
Insecure channel
Alice and Bob legitimate users They would like
to start communicating
key? talk?
3
Denial of Service Mitigation
Trudy
Bob
Insecure channel
Trudy wants to 1) Drain Bobs energy
2) Impede him from talking to
other legitimate users How can we
prevent that?
4
Denial of Service Mitigation Procedure
Alice
Bob
Part A
Alice proving to Bob her validity
A relatively energy draining procedure on Trudys
side
If Proved
Part B
Bob proving to Alice his validity
A relatively non energy draining procedure on
Bobs
side
If the authentication is
successful, as a result
Alice and Bob will also
have a shared key
5
The Denial of Service Mitigation Part A
(nA, e)? Alices public key (nA, dA)?
Alices private key CRA ? Alices
certificate IDA ? Alices identification
CR- A certificate The CAs signature on the
association between nA and IDA
6
The Denial of Service Mitigation Part A (cont)
7
Timing and energy considerations (Part A)
160 mJ 250 msec (for a 512 bit key) All other
energy and time consumptions (from the other
procedures) are negligible
8
Calculating the keys
( nA,e)? Alices public key (nA,dA)?
Alices private key
Pi- Pseudo random prime number
Eulers Totient Function returns the
number of Integers less than nA
9
Checking the Certificate
nCA and dCA are calculated using the exact
procedure indicated above
10
The Denial of Service Mitigation Procedure
11
The Denial of Service Mitigation Part B
I am Bob!
??
  • How can Bob prove his validity?
  • Several solutions
  • Using the self-certified fixed key method
  • Using RSA
  • Using ECDSA

12
The Denial of Service Mitigation Part B
(1) Using the self-certified fixed key method
t
When calculating the self-certified fixed key,
Bob is authenticated! Both have the message m
Bob sent in part A
Y LSB of m
xAH(IDB , UB) UB R ,
xBH(IDA , UA) UA R
The final ephemeral key f( fixed key, m/without
the Y LSB sent on the open channel)
13
Self certified DH key generation Fixed key
Each node is given by the CA (Certifying
authority) a set of public and private keys (Uv,
Xv)
Node i
Node j
IDj , Uj



IDi , Ui
Node i calculates xiH(IDj , Uj), Uj R

xjH(IDi , Ui), Ui R Node j calculates
IDv identification of node v
- scalar Uv node vs public
key, generated by the CA - a point on
the curve Xv node vs private key, generated
by the CA - scalar
14
Self certified DH key generation Fixed key
mathematical assertions As given by the
CA Ui hi G
Uj hj G xi H(IDi, Ui),
hi d mod org G xj H(IDj,
Uj), hj d mod org G
Node i calculates xiH(IDj , Uj), Uj R
xiH(IDj , Uj), hj G dG xiH(IDj ,
Uj), hj d G xi xj G
Node j calculates xjH(IDi, Ui), Ui R
xiH(IDi, Ui), hi G dG xiH(IDi ,
Ui), hi d G xj xi G
R the CAs public key dG
- a point on the
curve d the CAs private key
- scalar G
a generating group-point, used by all relevant
nodes - a point on the curve hv a random
160 bit number generated by the CA -
scalar
15
The Denial of Service Mitigation Part B
(2) Using RSA
CRB IDB nB SB
  • Bob calculates
  • Bob send Alice
  • Alice calculates

If so, the final ephemeral key Z
16
The Denial of Service Mitigation Part B
(3) Using ECDSA
  • Bob
  • Generates a random number u. Calculate
    . C- the scalar representation
    of point V.
  • Calculates
    .
    The signature is the pair (C,L)
  • Sends Alice (C,L)
  • Alice
  • Computes
  • Obtains the curve point
    C- the scalar
    representation of point P
  • If CC, then the signature is valid, it is Bob!

If so, the final ephemeral key Z
17
The Denial of Service Mitigation, Part
B Comparing the three methods
The time is measured in ECC point by scalar
multiplications Approximately 40 msec
18
Conclusions
  • PKC implementation in WSN is feasible
  • ECC shows promise as crypto technology
  • DoS is a primary threat
  • Introduced a hybrid RSA/ECC framework for
    mitigating DoS attacks
  • Using the fixed key approach or the ECDSA
    approach proved to be highly beneficial

19
  • Thank You
  • Questions ?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Toward Mitigating Denial of Service Attacks in PowerConstrained Sensor Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!