Identity based cryptography for sensor networks

Elliptic Curve Cryptography uses smaller parameters than other Public Key Cryptogra- phy techniques (e.g. RSA) making the cryptosystem more suitable for sensor networks. However, the problem of public key authentication is not solved by using Elliptic Curve Cryptography and the system still requires a practical public key infrastructure. One of possible solutions to this problem is to apply security schemes that are used in identity based cryptography.

As mentioned earlier, Identity-Based Cryptography is a public key technique that is based on identities of users. With Identity-Based Cryptography the wireless sensor node’s identity can be used as the public key and hence there is no need for a certificate to bind a wireless sensor node’s identity to its public key. Such a system provides practical public key encryption without the use of a complex public key infrastructure. In many ways an identity based scheme is a perfect solution for sensor networks. There is no need to maintain a public key directory, as the public keys can be derived from node’s identities that are widely known in the network. Identity-Based Cryptography provides scalable security mechanism in which the number of keys is kept to a minimum. Nodes generate a public key for a given node only when they want to communicate with it for the first time. After agreeing upon a shared session key, nodes can use cheap symmetric key mechanisms (like TinySec) to encrypt the messages and to communicate in a secure manner.

Identity-Based Cryptography allows every node to send secure messages to all other nodes from the beginning of the network operation. No prior interaction between the nodes is needed. Exchange of the information does not require any service or assistance from a third party. However, identity-based systems assume the existence of a trusted key generation center, which issues private keys corresponding to user’s identities. This authority can use its master key to decrypt user’s messages. It can also impersonate any- one in the network. This feature introduces the key escrow problem, where the security of the whole system depends on the public key generator security. In many cases, a single unconditionally trusted entity in the network simply does not exist.

Fortunately, in sensor networks the original network deployer can be considered as a trusted entity that can act as the public key generator. It can generate a unique secret key based on each node’s identity and pre-load this information to node’s memory before the deployment phase. At this stage a secure channel clearly exists which allows careful configuration of the network. The application of identity based cryptography to wireless sensor networks is presented in Figure2.7.

Security schemes that are based on Identity-Based Cryptography allow easy addition of new nodes to the network. There is no need to replace or add new keys to existing de- vices. New sensor nodes only have to be programmed with the domain parameters and a private key by the public key generator before deployment. The communication over-

Figure 2.7:Application of IBC in WSNs

head in establishing session keys is minimal in Identity-Based Cryptography schemes. This makes the Identity-Based Cryptography approach much more suitable for low en- ergy WSNs than traditional public key infrastructure schemes. The elimination of digital certificates lowers the energy consumption and makes the system more practical, espe- cially in WSNs that are deployed in remote areas. In the case of sensor networks, Identity- Based Cryptography offers better security than other methods that are not based on Pub- lic Key Cryptography. The whole system also increases the resistance against the node capture attack. Subverting one of the nodes does not reveal anything about the commu- nication between other pairs of nodes. It allows only to decrypt the messages received from other nodes. Network access control is also provided as only the public key genera- tor issues identities and pre-loads sensors with valid private keys. An active attacker can encrypt messages to given identities but cannot decrypt any message without a proper private key.

Identity-Based Cryptography has clear advantages over traditional public key sys- tems, but also has some inherent problems. One of them is key revocation. In tradi- tional Public Key Cryptography systems, compromised keys are replaced with a new pri- vate/public key pair. In Identity-Based Cryptography systems, key revocation requires that users have to change their identity information that corresponds to given private keys. This might be especially problematic in cases where identities are chosen as nodes unique physical addresses (e.g. transceivers serial numbers). One solution to the problem

might be to use network addresses (e.g. IPv6 addresses) to identify nodes in the network. An alternative solution would be to combine date with the identity information to gen- erate new private keys when necessary. The problem of key revocation highlights the importance of proper management of nodes identities in Identity-Based Cryptography systems.

Despite some minor problems Identity-Based Cryptography has many advantages when compared with other security schemes. Table 2.3 summarizes the main benefits that arise from using Identity-Based Cryptography to secure wireless sensor networks.

Table 2.3:Identity based cryptography vs other security schemes for WSNs.

Symmetric key Random key PKC IBC

cryptography pre-distribution

Computational Low Low High High

complexity

Communication Low High High Low

overhead

Key distribution Problematic Simple Complex Simple

Number of keys O(n2_{) O(n) O(n) n}

Key directory At each node At each node At each node No or key center

Digital No No Yes No

certificates

Forward No No No Yes

encryption

Non-repudiation No No Yes Yes

Identity based cryptography seems to fit perfectly as a solution for the key distribu- tion problem in WSNs. It provides advanced and flexible primitives that can be used to create novel key agreement schemes which can establish symmetric keys without any communication between the nodes. There is no need for random key pre-distribution, pair-wise key sharing or complicated one-way key chain schemes. The application of identity based cryptography in sensor networks is a promising new approach to WSN security that can provide practical Public Key Cryptography solutions in this challeng- ing environment.

On the other hand the computational complexity of Identity-Based Cryptography is significant and it is unclear if such systems are even viable on constrained sensor de- vices. It is also uncertain if Identity-Based Cryptography can provide a sufficient level of security. There is a clear correlation between the level of security achieved and the

processing power required. It is important to demonstrate that efficient Identity-Based Cryptography implementations are indeed possible with security parameters set beyond the current cryptanalysis records. However, before implementation details can be dis- cussed, there is a need to identify all the building blocks that are necessary to implement a complete Identity-Based Cryptography scheme in sensor networks.