Optimal constructions for ID-based one-way-function key predistribution schemes realizing specified communication graphs

We study a method for key predistribution in a network of n users where pairwise keys are computed by hashing users’ IDs along with secret information that has been (pre)distributed to the network users by a trusted entity. A communication graph G can be specified to indicate which pairs of users should be able to compute keys. We determine necessary and sufficient conditions for schemes of this type to be secure. We also consider the problem of minimizing the storage requirements of such a scheme; we are interested in the total storage as well as the maximum storage required by any user. Minimizing the total storage is NP-hard, whereas minimizing the maximum storage required by a user can be computed in polynomial time

Efficient Key Distribution Schemes for Large Scale Mobile Computing Applications

In emerging networks consisting of large-scale deployments of mobile devices, efficient security mechanisms are required to facilitate cryptographic authentication. While computation and bandwidth overheads are expensive for mobile devices, the cost of storage resources continue to fall at a rapid rate. We propose a simple novel key predistribution scheme, \textit{key subset and symmetric certificates} (KSSC) which can take good advantage of inexpensive storage resources, and has many compelling advantages over other approaches for facilitating ad hoc establishment of pairwise secrets in mobile computing environments. We argue that a combination of KSSC with a variant of an elegant KDS proposed by Leighton and Micali is an appealing choice for securing large scale deployments of mobile devices

Using Primitive Pythagorean Triples and the Blom's Scheme in the 4-way Handshake Wireless Security Protocol

The current standards for wireless security are WPA and its revised version WPA2 (IEEE 802.11i). At the basis of both of these is the WEP protocol that has been broken and automated software can crack it in under a minute. In order to put wireless security on a strong theoretical footing, this thesis proposes a novel way of using Pythagorean triples along with Blom's scheme to perform raw key exchange and authentication by using a 2 stage process to do the 4-way handshake similar to the one described in IEEE 802.11i. Primitive Pythagorean Triples (PPT's) are infinite and they display randomness that makes them good candidates for cryptographic key. We analyze the cryptographic strength of random keys generated by Primitive Pythagorean Triples and determine whether or not they can be used for wireless authentication and as raw keys for encryption in wireless security.Computer Scienc

Lightweight cryptographic protocols for mobile devices

Title from PDF of title page viewed June 30, 2020Dissertation advisor: Lein HarnIncludes bibliographical references (pages 146-163)Thesis (Ph.D.)--School of Computing and Engineering. University of Missouri--Kansas City. 2020In recent years, a wide range of resource-constrained devices have been built and integrated into many networked systems. These devices collect and transfer data over the Internet in order for users to access the data or to control these devices remotely. However, the data also may contain sensitive information such as medical records or credit card numbers. This underscores the importance of protecting potentially sensitive data before it is transferred over the network. To provide security services such as data confidentiality and authentication, these devices must be provided with cryptographic keys to encrypt the data. Designing security schemes for resource-limited devices is a challenging task due to the inherit characteristics of these devices which are limited memory, processing power and battery life. In this dissertation, we propose lightweight polynomial-based cryptographic protocols in three environments that encompass resource-constrained devices which are Wireless Sensor Network (WSN), Fog Computing, and Blockchain Network. With polynomial-based schemes, we guarantee high network connectivity due to the existence of a shared pairwise key between every pair of nodes in the network. More importantly, the proposed schemes are lightweight which means they exhibit low memory, processing and communication overheads for resource-constrained devices compared with other schemes. The only problem with polynomial-based schemes is that they suffer from node-captured attacks. That is, when an attacker captured a specific number of nodes, the attacker could compromise the security of the whole network. In this dissertation, we propose, for the first time, polynomial-based schemes with probabilistic security in WSNs. That is, when the attacker captured a specific number of sensor nodes, there is a low probability the attacker could compromised the security of the whole network. We show how we can modify system’s parameters to lower such attacks.Introduction -- Overview of cryptographical key distribution schemes -- Related work -- Wireless Sensor Networks (WSNS) -- Fog computing -- Blockchain Networks -- Conclusion and future wor

Security Schemes for Wireless Sensor Networks with Mobile Sink

Mobile sinks are vital in many wireless sensor applications for efficient data collection, data querying, and localized sensor reprogramming. Mobile sinks prolong the lifetime of a sensor network. However, when sensor networks with mobile sinks are deployed in a hostile environment, security became a critical issue. They become exposed to varieties of malicious attacks. Thus, anti threats schemes and security services, such as mobile sink?s authentication and pairwise key establishment, are essential components for the secure operation of such networks. Due to the sensors, limited resources designing efficient security schemes with low communication overhead to secure communication links between sensors and MS (Mobile Sink) is not a trivial task. In addition to the sensors limited resources, sink mobility required frequent exchange of cryptography information between the sensors and MS each time the MS updates its location which imposes extra communication overhead on the sensors. In this dissertation, we consider a number of security schemes for WSN (wireless sensor network) with MS. The schemes offer high network?s resiliency and low communication overhead against nodes capture, MS replication and wormhole attacks. We propose two schemes based on the polynomial pool scheme for tolerating nodes capture: the probabilistic generation key pre-distribution scheme combined with polynomial pool scheme, and the Q-composite generation key scheme combined with polynomial pool scheme. The schemes ensure low communication overhead and high resiliency. For anti MS replication attack scheme, we propose the multiple polynomial pools scheme that provide much higher resiliency to MS replication attack as compared to the single polynomial pool approach. Furthermore, to improve the network resiliency against wormhole attack, two defensive mechanisms were developed according to the MS mobility type. In the first technique, MS uses controlled mobility. We investigate the problem of using a single authentication code by sensors network to verify the source of MS beacons, and then we develop a defensive approach that divide the sensor network into different authentication code?s grids. In the second technique, random mobility is used by MS. We explore the use of different communication channels available in the sensor hardware combined with polynomial pool scheme

Secure Protocols for Key Pre-distribution, Network Discovery, and Aggregation in Wireless Sensor Networks

The term sensor network is used to refer to a broad class of networks where several small devices, called sensors, are deployed in order to gather data and report back to one or more base stations. Traditionally, sensors are assumed to be small, low-cost, battery-powered, wireless, computationally constrained, and memory constrained devices equipped with some sort of specialized sensing equipment. In many settings, these sensors must be resilient to individual node failure and malicious attacks by an adversary, despite their constrained nature. This thesis is concerned with security during all phases of a sensor network's lifetime: pre-deployment, deployment, operation, and maintenance. This is accomplished by pre-loading nodes with symmetric keys according to a new family of combinatorial key pre-distribution schemes to facilitate secure communication between nodes using minimal storage overhead, and without requiring expensive public-key operations. This key pre-distribution technique is then utilized to construct a secure network discovery protocol, which allows a node to correctly learn the local network topology, even in the presence of active malicious nodes. Finally, a family of secure aggregation protocols are presented that allow for data to be efficiently collected from the entire network at a much lower cost than collecting readings individually, even if an active adversary is present. The key pre-distribution schemes are built from a family of combinatorial designs that allow for a concise mathematical analysis of their performance, but unlike previous approaches, do not suffer from strict constraints on the network size or number of keys per node. The network discovery protocol is focused on providing nodes with an accurate view of the complete topology so that multiple node-disjoint paths can be established to a destination, even if an adversary is present at the time of deployment. This property allows for the use of many existing multi-path protocols that rely on the existence of such node-disjoint paths. The aggregation protocols are the first designed for simple linear networks, but generalize naturally to other classes of networks. Proofs of security are provided for all protocols