#### DMCA

## Identity-based encryption for sensor networks (2007)

Venue: | In 5th IEEE Int’l Conference on Pervasive Computing and Communications Workshops (PERCOMW ’07 |

Citations: | 18 - 3 self |

### Citations

1746 | Identity-based Encryption from the Weil pairing
- Franklin
- 2001
(Show Context)
Citation Context ...o store, exchange, and verify them. These operations, in turn, incur high overheads of storage, communication, and computation and, as a result, are inadequate for WSNs [6]. Identity-Based Encryption =-=[1, 3]-=- (IBE) is an exception where a known information that uniquely identifies users (e.g. IP or email address) can be used as a public key and thus PKI is unnecessary. Although the notion of IBE dates fro... |

1128 |
Identity-based Cryptosystems and Signature Schemes
- Shamir
- 1984
(Show Context)
Citation Context ... users (e.g. IP or email addresses) can be used to both exchange keys and encrypt data, and thus PKI is unnecessary. Although the notion of Identity-Based Encryption dates from Shamir’s original work =-=[21]-=-, it only has become truly practical with the advent on Pairing-Based Cryptography (PBC) [19, 14]. In this work, we argue that IBE is the ideal encryption scheme for WSNs. In fact, because WSNs meet t... |

1116 | Next century challenges: scalable coordination in sensor networks
- Estrin, Govindan, et al.
- 1999
(Show Context)
Citation Context ...s, key management, sensor networks 1 Introduction Wireless sensor networks (WSNs) are ad hoc networks comprised mainly of small sensor nodes with limited resources and one or more base stations (BSs) =-=[8, 28]-=-. They are used for monitoring purposes, providing information about the area being monitored to the rest of the system. Aside from the well known vulnerabilities due to wireless communication, WSNs l... |

1093 | SPINS: Security Protocols for Sensor Networks
- Perrig, Szewczyk, et al.
- 2002
(Show Context)
Citation Context ...onio A. F. Loureiro UFMG, Brazil loureiro@dcc.ufmg.br Julio López UNICAMP, Brazil jlopez@ic.unicamp.br Until recently, security solutions for WSNs relied on symmetric encryption algorithms (e.g., RC5 =-=[18]-=-) to provide properties such as authentication and confidentiality since, due to their resource constraints, nodes cannot afford to use conventional algorithms of Public Key Cryptography (PKC), e.g. R... |

1062 | Securing ad hoc networks,”
- Zhou, Haas
- 1999
(Show Context)
Citation Context ...protected through symmetric primitives. Therefore, the costs of computing pairings indeed will not impact nodes’ normal functioning. 5 Related Work WSNs are a subclass of MANETs, and much work (e.g., =-=[26]-=-) has been proposed for securing MANETs in general. These studies are not applicable to WSNs because they assume laptop- or palmtop-level resources, which are orders of magnitude larger than those ava... |

1010 |
Elliptic curve cryptosystems
- Koblitz
- 1987
(Show Context)
Citation Context ... a shared key to communicate securely. Motivated by that, the research community has been investigating more efficient techniques for the deployment of PKC. By using Elliptic Curve Cryptography (ECC) =-=[24, 16]-=-, for example, it has been shown (e.g., [10, 20]) that PKC is indeed feasible in WSNs since ECC consumes considerably less resources than conventional PKC, for a given security level. However, in orde... |

827 | Secure routing in wireless sensor networks: Attacks and countermeasures
- Karlof, Wagner
- 2003
(Show Context)
Citation Context ...side from the well known vulnerabilities due to wireless communication, WSNs lack physical protection and are usually deployed in open, unattended environments, which makes them vulnerable to attacks =-=[15, 34]-=-. It is thus crucial to devise security solutions to these networks. Until recently, proposals for securing WSNs relied on symmetric cryptosystems (e.g., RC5 [26] and SkipJack [14]) to provide propert... |

543 | Establishing pair-wise keys in distributed sensor networks”,
- Liu, Ning, et al.
- 2005
(Show Context)
Citation Context ...e WSNs has grown significantly. Due to space constraints, we provide a sample of studies based on cryptographic methods, and then focus on those targeted to PKC. A considerable number of works (e.g., =-=[7, 26, 36, 19, 27]-=-) have focused on efficient key management of symmetric cryptosystems. Perrig et al. [26] proposed SPINS, a suite of efficient symmetric key based security building blocks. Eschenauer et al. [7] looke... |

520 | TinySec: A Link Layer Security Architecture for Wireless Sensor Networks
- Karlof, Sastry, et al.
- 2004
(Show Context)
Citation Context ...able to attacks [15, 34]. It is thus crucial to devise security solutions to these networks. Until recently, proposals for securing WSNs relied on symmetric cryptosystems (e.g., RC5 [26] and SkipJack =-=[14]-=-) to provide properties such as authentication and confidentiality since, due to their resource constraints, nodes cannot afford to run [2] conventional Public Key Cryptography (PKC), e.g. RSA/DSA. Al... |

480 | Denial of service in sensor networks.
- Wood, Stankovic
- 2002
(Show Context)
Citation Context ... Application areas range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. Like any wireless ad hoc network, WSNs are vulnerable to attacks =-=[10, 24]-=-. Besides the well-known vulnerabilities due to wireless communication and ad hocness, WSNs face additional problems. For instance, sensor nodes are small, cheap devices that are unlikely to be made t... |

469 | Leap: efficient security mechanisms for large-scale distributed sensor networks,
- Zhu, Setia, et al.
- 2003
(Show Context)
Citation Context ...may comprise thousands of nodes. Finally, symmetric cryptosystems do not provide nonrepudiation. To address some of theses drawbacks, a number of key predistribution schemes have been proposed (e.g., =-=[5, 12, 27]-=-). Although effective in trying to achieve a good tradeoff between resource consumption and resiliency, these proposals eventually incur some degree of overhead. LEAP [27], perhaps the most efficient ... |

420 |
Mica: a wireless platform for deeply embedded networks,”
- Hill, Culler
- 2002
(Show Context)
Citation Context ...tation of IBE in resource-constrained nodes and present some results. Specifically, we evaluate pairings, the most significant operation of IBE, over the MICAz – the new generation of MICA mote nodes =-=[12]-=-. The rest of this work is organized as follows. In Section 2, we introduce PBC concepts. In Section 3, we first discuss the synergy between IBE and WSNs and then describe how IBE can be used in the c... |

376 |
Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field.
- Menezes, Okamoto, et al.
- 1993
(Show Context)
Citation Context ... as a public key and thus PKI is unnecessary. Although the notion of IBE dates from Shamir’s original work [32], it only has become truly practical with the advent on Pairing-Based Cryptography (PBC) =-=[29, 13, 22]-=-. In this work, we argue that IBE is the ideal cryptographic scheme for WSNs. In fact, because WSNs meet the strong needs of an IBE scheme, we go further and argue that they are an ideal scenario for ... |

333 |
A one round protocol for tripartite Diffie-Hellman
- Joux
- 2000
(Show Context)
Citation Context ... as a public key and thus PKI is unnecessary. Although the notion of IBE dates from Shamir’s original work [32], it only has become truly practical with the advent on Pairing-Based Cryptography (PBC) =-=[29, 13, 22]-=-. In this work, we argue that IBE is the ideal cryptographic scheme for WSNs. In fact, because WSNs meet the strong needs of an IBE scheme, we go further and argue that they are an ideal scenario for ... |

284 | An Identity Based Encryption Scheme Based on Quadratic
- Cocks
- 2001
(Show Context)
Citation Context ...o store, exchange, and verify them. These operations, in turn, incur high overheads of storage, communication, and computation and, as a result, are inadequate for WSNs [6]. Identity-Based Encryption =-=[1, 3]-=- (IBE) is an exception where a known information that uniquely identifies users (e.g. IP or email address) can be used as a public key and thus PKI is unnecessary. Although the notion of IBE dates fro... |

269 | A public-key infrastructure for key distribution in tiny os based on elliptic curve cryptography”,
- Malan, Welsh, et al.
- 2004
(Show Context)
Citation Context ... by that, the research community has been investigating more efficient techniques for the deployment of PKC. By using Elliptic Curve Cryptography (ECC) [24, 16], for example, it has been shown (e.g., =-=[10, 20]-=-) that PKC is indeed feasible in WSNs since ECC consumes considerably less resources than conventional PKC, for a given security level. However, in order to use effectively ECC in WSNs, it is first ne... |

235 |
Cryptosysytems based on pairing
- Sakai, Ohgishi, et al.
- 2000
(Show Context)
Citation Context ...hus PKI is unnecessary. Although the notion of Identity-Based Encryption dates from Shamir’s original work [21], it only has become truly practical with the advent on Pairing-Based Cryptography (PBC) =-=[19, 14]-=-. In this work, we argue that IBE is the ideal encryption scheme for WSNs. In fact, because WSNs meet the strong needs of an IBE scheme, we go further and argue that they are the ideal scenario for us... |

225 |
Constraints and approaches for distributed sensor network security.
- Carman, Kruus, et al.
- 2000
(Show Context)
Citation Context ...ied on symmetric cryptosystems (e.g., RC5 [26] and SkipJack [14]) to provide properties such as authentication and confidentiality since, due to their resource constraints, nodes cannot afford to run =-=[2]-=- conventional Public Key Cryptography (PKC), e.g. RSA/DSA. Although more efficient than PKC, symmetric cryptosystems face the key distribution problem, i.e., they must decide on a shared key to commun... |

200 |
A key management scheme for distributed sensor networks,
- Eschenauer, Gligor
- 2002
(Show Context)
Citation Context ...e WSNs has grown significantly. Due to space constraints, we provide a sample of studies based on cryptographic methods, and then focus on those targeted to PKC. A considerable number of works (e.g., =-=[7, 26, 36, 19, 27]-=-) have focused on efficient key management of symmetric cryptosystems. Perrig et al. [26] proposed SPINS, a suite of efficient symmetric key based security building blocks. Eschenauer et al. [7] looke... |

189 | S.C.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs
- Gura, Patel, et al.
(Show Context)
Citation Context ... by that, the research community has been investigating more efficient techniques for the deployment of PKC. By using Elliptic Curve Cryptography (ECC) [24, 16], for example, it has been shown (e.g., =-=[10, 20]-=-) that PKC is indeed feasible in WSNs since ECC consumes considerably less resources than conventional PKC, for a given security level. However, in order to use effectively ECC in WSNs, it is first ne... |

151 | Tinypk: securing sensor networks with public key technology,
- Watro, Kong, et al.
- 2004
(Show Context)
Citation Context ...rable to these attacks. Of those offering cryptographic solutions, a considerable number (e.g., [5, 27, 12, 16, 17]) have focused on efficient key management of symmetric cryptosystems. Others (e.g., =-=[23, 8, 13]-=-) have been investigating more efficient techniques of PKC. By using ECC, for example, it has been shown (e.g., [8, 13]) that resource-constrained nodes are indeed able to compute public key operation... |

116 | The eta pairing revisited. - Heß, Smart, et al. - 2006 |

56 | On the selection of pairing-friendly groups,”
- Barreto, Lynn, et al.
- 2004
(Show Context)
Citation Context ...l work that, if precomputation is not allowed, to represent curve points as projective coordinates (x, y, z) rather than in affine coordinates (x, y) is faster [20]. On the other hand, Barreto et al. =-=[1]-=- have shown that affine coordinates are the most efficient coordinate system in some cases where precomputation of intermediate results is possible. This indicates that the coordinate system to be use... |

49 | An efficient scheme for authenticating public keys in sensor networks
- Du, Wang, et al.
- 2005
(Show Context)
Citation Context ...rtificates and requires users to store, exchange, and verify them. These operations, in turn, incur high overheads of storage, communication, and computation and, as a result, are inadequate for WSNs =-=[6]-=-. Identity-Based Encryption [1, 3] (IBE) is an exception where a known information that uniquely identifies users (e.g. IP or email address) can be used as a public key and thus PKI is unnecessary. Al... |

41 |
Computing the Tate pairing.
- Scott
- 2005
(Show Context)
Citation Context ...o the latters. We argue that until now there is no concrete evidence for that and thus it seems that supersingular curves are more adequate to WSNs since they have been shown empirically to be faster =-=[20]-=-. Parameters q and r. The choice of the parameters q and r is a key factor in the efficiency of pairing computation, as curve operations are performed using arithmetic of the underlying field. In prim... |

31 | Short programs for functions on curves
- Miller
- 1986
(Show Context)
Citation Context ...ation of the Tate pairing for resource constrained nodes. Our implementation is based on Barreto et al.’s work, takes into consideration the discussion in Section 4.1, and uses the Miller’s algorithm =-=[23]-=- for pairing computation. We use the following parameters: (i) the Tate Pairing on elliptic curves defined over fields with a large prime characteristic; (ii) the embedding degree k = 2, q is a 256-bi... |

30 | SecLEACH – a random key distribution solution for securing clustered sensor networks
- Oliveira, Wong, et al.
- 2006
(Show Context)
Citation Context ...agner [10] focused on routing layer attacks, and showed how some of the existing WSN protocols are vulnerable to these attacks. Of those offering cryptographic solutions, a considerable number (e.g., =-=[5, 27, 12, 16, 17]-=-) have focused on efficient key management of symmetric cryptosystems. Others (e.g., [23, 8, 13]) have been investigating more efficient techniques of PKC. By using ECC, for example, it has been shown... |

29 | Securing sensor networks with location-based keys
- Zhang, Liu, et al.
- 2005
(Show Context)
Citation Context ...WSNs was still an open problem, as these type of networksscannot afford a conventional PKI and the proposed alternatives (e.g. [4]) are not applicable to all contexts. Motivated by that, Zhang et al. =-=[25]-=- and Doyle et al. [3] have used IBE for key distribution. In spite of this, none of the works show the feasibility of computing IBE primitives in resource constrained nodes. The former has assumed tha... |

18 |
Use of Elliptic Curves in Cryptography, Advances in Cryptology -Crypto '85 proceedings,
- Miller
- 1986
(Show Context)
Citation Context ... a shared key to communicate securely. Motivated by that, the research community has been investigating more efficient techniques for the deployment of PKC. By using Elliptic Curve Cryptography (ECC) =-=[24, 16]-=-, for example, it has been shown (e.g., [10, 20]) that PKC is indeed feasible in WSNs since ECC consumes considerably less resources than conventional PKC, for a given security level. However, in orde... |

10 | On the design of secure protocols for hierarchical sensor networks,"
- Oliveira, Wong, et al.
- 2007
(Show Context)
Citation Context ...agner [10] focused on routing layer attacks, and showed how some of the existing WSN protocols are vulnerable to these attacks. Of those offering cryptographic solutions, a considerable number (e.g., =-=[5, 27, 12, 16, 17]-=-) have focused on efficient key management of symmetric cryptosystems. Others (e.g., [23, 8, 13]) have been investigating more efficient techniques of PKC. By using ECC, for example, it has been shown... |

9 | Security considerations and key negotiation techniques for power constrained sensor networks
- Doyle, Bell, et al.
- 2006
(Show Context)
Citation Context ...ol based on the ECDLP. The above works have shown that nodes are able to compute PKC operations, but public key authentication has not been their focus of research. Motivated by that, proposals (e.g. =-=[6, 35, 35, 25, 5, 21]-=-) have been made to address this issue. Du et al. [6] proposed a scheme based in Merkle trees which is able 1 Note that in this particular case there is a twist with same equation of the original curv... |

3 |
Low-energy finite field arithmetic primitives for implementing security in wireless sensor networks
- McCusker, O’Connor, et al.
- 2006
(Show Context)
Citation Context ...ol based on the ECDLP. The above works have shown that nodes are able to compute PKC operations, but public key authentication has not been their focus of research. Motivated by that, proposals (e.g. =-=[6, 35, 35, 25, 5, 21]-=-) have been made to address this issue. Du et al. [6] proposed a scheme based in Merkle trees which is able 1 Note that in this particular case there is a twist with same equation of the original curv... |

1 |
Dmitry Matyukhin. Nabble forums – number theory. http://www.nabble.com/Discrete-logarithm-in-GF(p) -----135-digits-t2870677.html
- Dorofeev, Dygin
(Show Context)
Citation Context ...ct each node individually, but the network operation as a whole. Until now, the larger parameters sizes for which the ECDLP and the DLP in prime fields are known to be solved are 2 109 [17] and 2 448 =-=[4]-=-, respectively. Therefore, it seems that ℓ ≥ 2 128 and q k ≥ 2 512 are able to meet the current security requirements of WSNs. Point coordinates. The two most common coordinate systems are the project... |

1 |
Home page: Computations - discrete logarithms. http://medicis. polytechnique.fr/ ∼ lercier/?lng=en
- Lercier
(Show Context)
Citation Context ...is not to protect each node individually, but the network operation as a whole. Until now, the larger parameters sizes for which the ECDLP and the DLP in prime fields are known to be solved are 2 109 =-=[17]-=- and 2 448 [4], respectively. Therefore, it seems that ℓ ≥ 2 128 and q k ≥ 2 512 are able to meet the current security requirements of WSNs. Point coordinates. The two most common coordinate systems a... |

1 |
chapter IX, pages 183–213. Advances in Elliptic Curve Cryptography
- Pairings
- 2005
(Show Context)
Citation Context ...ping ê : E(F q k)[r] × E(F q k)/[r]E(F q k) → F ∗ q k/(F∗ q k)r . Bilinear Diffie-Hellman Problem. Most of the new applications of PBC rely on the hardness of the following problem for their security =-=[7]-=-: given P , Q, aP , and bP such that e(P, Q) �= 1, compute e(abP, Q). This problem is known as the Bilinear Diffie-Hellman Problem. The hardness of the Bilinear Diffie-Hellman Problem depends on the h... |