A distributed key establishment scheme for wireless mesh networks using identity-based cryptography

In this paper, we propose a secure and efficient key establishment scheme designed with respect to the unique requirements of Wireless Mesh Networks. Our security model is based on Identity-based key establishment scheme without the utilization of a trusted authority for private key operations. Rather, this task is performed by a collaboration of users; a threshold number of users come together in a coalition so that they generate the private key. We performed simulative performance evaluation in order to show the effect of both the network size and the threshold value. Results show a tradeoff between resiliency and efficiency: increasing the threshold value or the number of mesh nodes also increases the resiliency but negatively effects the efficiency. For threshold values smaller than 8 and for number of mesh nodes in between 40 and 100, at least 90% of the mesh nodes can compute their private keys within at most 70 seconds. On the other hand, at threshold value 8, an increase in the number of mesh nodes from 40 to 100 results in 25% increase in the rate of successful private key generations

A key establishment scheme for wireless mesh networks using identity-based cryptography and threshold secret sharing

Wireless Mesh Networks (WMNs) are an emerging research area that provide low-cost and high-speed network services for the end users. Key establishment, on the other hand, is the most important and critical security concern for WMNs as all the other types of wireless networks. However, the conventional solutions for key establishment do not fit in the unique constraints and requirements of WMNs. In this thesis, we propose two efficient and secure key establishment protocols elaborated at the sake of WMNs. Our security model is based on Identity-based Cryptography (IBC) and Threshold Secret Sharing (ThSS). By the utilization of IBC, we eliminate the necessity of certificates used in infrastructure based schemes along with meeting the security requirements. With the utilization of ThSS, we provide a more resilient network working in a self-organizing way to provide the key establishment service, without the assumption of a trusted authority. In the schemes we propose, master private key of the network is distributed among the mesh nodes. The user private key generation service is handled with collaboration of k mesh nodes, where k is the threshold value. A high threshold value increases the resiliency of the network against attacks; however, this negatively affects the system performance. We performed simulative performance evaluation in order to show the effect of both the number of mesh nodes in the network and the threshold value k on the performance. For the threshold values smaller than 8, at least 90% of the mesh nodes compute their private keys within at most 70 seconds. When we increase the number of mesh nodes in the network from 40 to 100, the rate of successful private key generations increase from 75% to 100% at the threshold value 8 where the latency of the key establishment is around 80 seconds. Considering the same increase in the number of mesh nodes, network performs up to 42% better at worst case, for the threshold values larger than 8, and the latency becomes at most 90 seconds on the average

Secure key agreement using pure biometrics

In this paper, we propose a novel secure key agreement protocol that uses biometrics with unordered set of features. Our protocol enables the user and the server to agree on a symmetric key, which is generated by utilizing only the feature points of the user's biometrics. It means that our protocol does not generate the key randomly or it does not use any random data in the key itself. As a proof of concept, we instantiate our protocol model using fingerprints. In our protocol, we employ a threshold-based quantization mechanism, in order to group the minutiae in a predefined neighborhood. In this way, we increase the chance of user-server agreement on the same set of minutiae. Our protocol works in rounds. In each round, depending on the calculated similarity score on the common set of minutiae, the acceptance/rejection decision is made. Besides, we employ multi-criteria security analyses for our proposed protocol. These security analyses show that the generated keys possess acceptable randomness according to Shannon's entropy. In addition, the keys, which are generated after each protocol run, are indistinguishable from each other, as measured by the Hamming distance metric. Our protocol is also robust against brute-force, replay and impersonation attacks, proven by high attack complexity and low equal error rates

On the use of ordered biometric features for secure key agreement

In this work, we propose a novel secure key agreement protocol, Secure Key Agreement using Pure Ordered Biometrics (SKA-POB), in which the cryptographic keys are generated using an ordered set of biometrics, without any other helper data. The proposed approach is realized using iris biometrics. Our protocol makes use of hash functions, and we propose a window-based comparison strategy and a window reset method. This way, performance is maximized without sacrificing security. SKA-POB protocol works in round manner, allowing to successfully terminate with key establishment as early as possible so that the complexity is reduced for both client and server sides. Additionally, we employ multi-criteria analyses for our proposed SKA-POB protocol and we provide verification results in terms of performance analysis together with randomness, distinctiveness and attack complexity through security analysis. Results show that highly random and secure keys can be generated with almost no error and with very low complexity

SU-PhysioDB: a physiological signals database for body area network security

This paper presents a new physiological signals database, SU-PhysioDB, that contains simultaneous measurements of electrocardiogram (ECG), blood pressure (BP) and body temperature (BT) signals. SU-PhysioDB can be used to evaluate the performance of the security mechanisms designed for the communication among the biosensors within Body Area Networks (BANs). We present a detailed description of our SU-PhysioDB database along with providing a performance comparison of two specific physiological parameter generation techniques using a public database and our SU-PhysioDB database. Results show that our SU-PhysioDB database is a pros-pering option to be used while evaluating the performance of a bio-cryptographic security infrastructure designed for BANs

Secure intra-network communication for body area networks

Advances in lightweight, small-size and low-power sensors led to the development of wearable biosensors, thus, to the accurate monitoring of human periphery. On top of this, pervasive computing has been improved and technologies have been matured enough to build the plug-and-play Body Area Networks (BANs). In a BAN, the main functionality of a node is to effectively and efficiently collect data from vital body parts, share it with the neighbors and make decisions accordingly. Because of the fact that the captured phenomenon is highly sensitive against privacy breaches in addition to being transmitted using the wireless communication medium, BANs require a security infrastructure. However, due to the extreme energy scarcity, bandwidth and storage constraints of the nodes, conventional solutions are inapplicable for BANs. In this dissertation, we propose a novel security infrastructure that is designed specifically for the intra-BAN communication. In this regard, we propose a novel key agreement protocol, SKA-PS (Secure Key Agreement using Physiological Signals), which is based on the set reconciliation paradigm. Our protocol generates symmetric shared keys using the physiological parameters derived from the physiological signals of the users, such as electrocardiogram and blood pressure. We also identify 4 different appropriate physiological parameters that can be used as cryptographic keys and propose the techniques of generating them. In the security infrastructure that we have developed for the intra-BAN communication, (i) secure node-to-host association is satisfied, (ii) performance enhancing characteristics of bio-cryptography is brought in the foreground, (iii) adopted physiological parameters are random and distinctive enough, based on the Shannon’s entropy and Hamming Distance evaluations, which respectively, reveals the bit frequencies and measures the bit differences, along with possessing low error rates, (iv) key agreement protocol works dynamically, possessing remarkably high true match and exceedingly low false match rates, and (v) key agreement protocol resists against brute-force, replay and impersonation attacks, together with possessing low communication, computational and storage costs

A survey on the development of security mechanisms for body area networks

Advances in lightweight, small-sized and low-power sensors led to the development of wearable biosensors, and thus, to the accurate monitoring of human periphery. On top of this, pervasive computing has been improved and technologies have been matured enough to build plug-and-play body area networks (BANs). In a BAN, the main functionality of a node is to effectively and efficiently collect data from vital body parts, share it with the neighbors and make decisions accordingly. Because of the fact that the captured phenomenon is highly sensitive to privacy breaches in addition to being transmitted using the wireless communication medium, BANs require a security infrastructure. However, due to the extreme energy scarcity, bandwidth and storage constraints of the nodes, conventional solutions are inapplicable. In this survey, we present an overview of BANs and provide a detailed investigation into the developed security infrastructures. We examined the literature and combined the corresponding proposals under two major classes: (i) pure-cryptographic security mechanisms and (ii) bio-cryptographic security mechanisms. Pure-cryptographic methods include constructions based on the well-known symmetric or asymmetric cryptography primitives and they are suitable for securing the communication between any two network entities. On the other hand, bio-cryptographic methods benefit from the network's context-awareness and to the best of our knowledge, they have been utilized only for the communication among the biosensors