Proposed Protocol. “Mobile Ad-Hoc Fault Diagnosis Agreement Protocol” (MAHFDA) The FDA protocol is used to detect/locate the faulty components in the network. The proposed MAHFDA is an evidence-based FDA protocol which is used to solve the FDA problem in the MANET. MAHFDA uses the evidence gathered from the BA protocol MAHAP. order to ensure that the fault diagnosis result from each fault-free node is the same, each fault-free The message-collection phase is used to collect ic-trees of all nodes. In There are three phases in the MAHFDA: message-collection phase, fault-diagnosis phase and re-configuration phase. node should collect the same evidence. Thus, MAHFDA collects ic-trees of all nodes by using
Proposed Protocol. The basic architecture of proposed DRM system is similar to Xxx et al. [10] system. Here, the content provider handles the content packing (encryption) work. Once the content encryption is over, it provides the content key with usage rules to the license server and protected content with content information to the distributor. License server authenticates the user, receives the payment, and generates the license. While, Distributor works as a service provider and facilitates the protected content distribution in the system. Parties involved in our DRM model are: – Private key generator (PKG) – Content provider (C) – Distributor (D) – License server (L) – DRM User (U ) Content provider keeps the original unprotected digital contents and provides these contents for business use after their encryption. If it has r contents, namely, M1, M2,..., Mr with their unique identity idM1 , idM2 ,..., idMr . Then, he gener- ates r symmetric keys K1, K2, K3,... , Kr and encrypts each content with an unique symmetric key and gets Esym(Mi|Ki), i = 1, 2, 3,..., r. Content provider provides content decryption keys (key seeds) with usage rules and permissions to the license server through a secure channel. Distributor achieves encrypted contents Esym(Mi Ki), for all i = 1, 2, 3,..., r with con- tent information from the Packager. Distributors keep protected contents over the media server and display content details over the website. To communicate securely in the system, entities achieve their secret partial keys with the help of packager and generates their public and private keys. In this process system usages five algorithms: Setup, Partial private key extract, Set secret value, Set private key and Set public key. Description of key generation process is as follows: Setup: Private key generator (PKG) chooses an arbitrary generator P ∈ G1, selects a master key mk ∈ Zq∗ and sets PK = mkP . It chooses hash functions H1 : {0, 1}∗ → G1∗ , H2 : {0, 1}k × {0, 1}∗ × {0, 1}∗ → {0, 1}n, and H : {0, 1}∗ × {0, 1}∗ × G1 × G1 × G2 → {0, 1}k. Then, PKG publishes system parameters X0, X0, x(., .), x, X, XX, X0, X0,X and Keep master key mk secret. Partial Private key extraction: License server (L) and user U submit their public identities IDL and IDU to the PKG. Then, PKG verifies the proof of identities. If verification succeeds, then generates the partial private keys in the following way: – Compute QL = H1(IDL) andQU = H1(IDU ) G∗1 . – By using its master key mk, PKG generates the par...
Proposed Protocol. To overcome the above-mentioned weaknesses, in this section, we propose a secure and efficient mutual au- thentication and key agreement protocol with smart cards for wireless communications, which consists of parameter-generation phase, registration phase, authenti- cation phase, key agreement phase, and password-change phase.
4.1 Parameter-generation Phase
Proposed Protocol. Step 1: Preparing user contribution and signa- ture Each user Ui with identity IDi chooses its con- tribution (xi) randomly. Let Ci be the current value of counter for user Xx. The values of (IDi||ID0||xi||Ci) are then encrypted with U0’s public key. Here || denotes the concatenation op- eration. ei = {IDi||ID0||xi||Ci}pu0 Ui also takes a signature sigi of (IDi||ID0||xi||Ci) using it’s private signature key. sigi = τ pri (IDi||ID0||xi||Ci) Each user then sends ei, sigi to the U0. Ui → U0 : ei, sigi All these operations can be performed offline. The advantage of using counter over timestamp is that the operations involving the counter can be per- formed offline. • Step 2: Receipt of user message and verification at U0 The U0 receives all the messages and decrypts them. It then verifies all the signatures of the cor- responding users. It also checks the validity of the counter Ci and accepts if the signatures are valid. • Step 3: Computation of secret by U0 The pair of identity and random value (IDi, xi) re- ceived from each user is taken as it’s contribution to construct the key. U0 also selects a random number x0 ∈ G p as its contribution. The secret is constructed by interpolating all the contributions into a polynomial. The n + 1 values of (IDi, xi) are taken as (n + 1) input points to the interpola- tion algorithm. As, all the identities of the users are distinct, a distinct polynomial will be obtained from the fresh input. Let the coefficients of the resulting polynomial be a0, a1, . . . , an. Thus the polynomial is as follows: A(x) = a0 + a1x + a2x2 + . . . + anxn The secret value is constructed as K = (a0||a1|| . . . ||an). • Step 4:Computation of reply message from U0 For each user Ui, U0 computes a one way hash H (IDi, ID0, xi,Ci) over the identity IDi, ID0, counter Ci and contribution xi. Then the secret value K is bitwise XORed with this hash value to
Proposed Protocol. Consistent with the pilot projects that have been deployed in Canada, we propose the following protocol: Type of ash tree configurations:
Proposed Protocol. In this subsection, we describe the steps involved in detail.
i. A chooses a random number ra and generates R = g ra (mod p) then encrypts RA with H (PA ) . After calculating the values sends it to server along with IDs of participating entities. A → S XXX , IDB , H (PA )[RA ]
ii. After receiving the values sent by A, server S decrypts the packet to get RA by previously distributed one way hash of password of A. server randomly chooses rs1 and rs2 and computes ephemeral key with A as follows K = (R )rs1(mod p) = (gra )rs1 mod p g rs1 (mod p) and grs2 (mod p) and encrypts with H (PA ) and H (PB ) respectively. Using these quantities server establishes ephemeral keys with A and B respectively and server authentication is done. S sends the values to A
iii. A decrypts this packet with H (PA ) to get g rs1 (mod p) and establishes ephemeral key with S as KAS = (grs1)ra mod p .A calculates one way function FA (PA , KAS ) using which server authenticates A, since only A knows PA it can compute this function. As this is a commutative one way hash function [14], server need not know host password to evaluate this function. Using one way hash of host password server can calculate predicate function and authenticate host. A sends the following values to B FA (PA , KAS ), H (P )(grs2 mod p)
iv. After receiving the values B decrypts it with H (PB ) to get (grs2 mod p) .B chooses randomly rb and generates RB = g rb (mod p) .Then computes ephemeral key for authenticating server as KBS = (grs2 )rb mod p . B calculates one way function FB (PB , KBS ) , using which server authenticates B. Password of B and ephemeral session key KBS are seeds for this function. Since only B knows PB it can compute this function and sends the values to S.
B → S FA (PA , KAS ), FB (PB , KBS ), H (PB )[RB ]
v. server decrypts it with H (PB ) to get RB and computes ephemeral key K = (grb )rs2 mod p . For authentication of A and B server evaluates one way functions FA (...), FB (...) . server need not know host passwords to evaluate these functions. Using one way hash of host password it can evaluate this function as it is a commutative one way hash function. If it results into true then it confirms that host is genuine. It defines a predicate as T (H (P), F (P, K ), K ) . This evaluates to true if and only if the genuine password P was used to create both H (P) and F (P, K ) . K can be KAS , KBS for A and B respectively. S encrypts RB and RA with KAS , KBS respectively and computes one way hash f...
Proposed Protocol. In the distributed group key agreement protocol, each group member is equal, which means that before the group key is negotiated, each group member usually needs to consume many communication and computing resources to perform mutual authentication with all other group members. In order to reduce these costs, in our protocol, we arrange all GNs into a list according to their identities. According to the list, before the group key is negotiated, each GN only needs to send an authentication request to its right neighbor once and be authenticated by its right neighbor. In other words, each GN will receive an authentication request from its left neighbor and authenticate its left neighbor. Since each GN only needs to complete authentication once, this can greatly reduce the computation and communication costs caused by authentication between group members. In addition, when any GN needs to join or leave the group, only the left neighbor of the GN needs to update the parameters, which can also reduce the computation and communication overhead. Our protocol has seven parts: the initialization phase, the registration phase, the mutual authentication phase, the group key generation phase, the GN join phase, the GN leave phase, and the internal attacker detection process. When the system runs for the first time, the initialization phase is performed by the System Administrator (SA). Each GN performs the registration phase before entering the network. When the group key needs to be negotiated, all GNs perform the mutual authentication phase and the group key generation phase. When a GN wants to join a group, it needs to perform the GN join phase. When a GN in the group wants to leave, the GN leave phase is performed. If the group key fails to be generated multiple times, the KDC will execute the internal attacker detection process to find the malicious GN and expel it from the group. Suppose there are GNi(1 ≤ i ≤ n) that need to generate the group key, and their identities are IDi(1 ≤ i ≤ n), where n is the number of GN. Since there may be multiple groups, we named each group GIDu, where u is the number of groups. Each group has a list L that stores the identity IDi of all GNs in the group and is managed by the KDC. All IDi in L are sorted in descending order, and L is a circular list, which means that the largest IDi and the smallest IDi are linked. Table 1 shows the description of the symbols. The details of the above seven parts are as follows.
Table 1. Symbols...
Proposed Protocol. This section present a hierarchal multiple-key agreement protocol featuring non-cooperativeness, freshness and more security in WSN. This protocol 𝑄𝐶𝑀𝑖𝑗 . 𝑆3 saves this data {(𝑄𝑆. 𝑆1, 𝑄𝐶𝐻𝑖 . 𝑆2, 𝑄𝐶𝑀𝑖𝑗 𝑆3, 𝑆4), 𝑄𝑆, 𝑄𝐶𝐻𝑖 , 𝑄𝐶𝑀𝑖𝑗 } to its memory. Sink (ES·S1, S2, S3) CH1 (ES·S1, ECH1·S2, S3) CH2 ... CHj CM11 CM12 CM1k ... CM21 CM22 ... CM2k CMi1 CMi2 CMjk ... ...
Proposed Protocol. Based on the need for key generation at reduced energy consumption with low computing and communication costs, we have proposed a protocol that satisfies the NIST framework for cryptographic key management. where each αi is randomly chosen and belongs to the set. Sequences of random values are generated by both the transmitter and the receiver nodes and are exchanged. If the generated random values are matched, corresponding bits from MSK are extracted and concatenated to form SRK. The key that is shared between the transmitter and receiver nodes if random can further be used for secured transmission of data. The SRK is encrypted using the random key generated by PUF and its randomness is tested using NIST tests for randomness. The transmitter can be either SNs or CHs and the receiver can be either CHs or BSs. SRK is generated once from MSK. This process helps in minimizing energy consumption during key generation. SRK remains the shared secret since it gets generated implicitly. Since our proposed protocol is designed for WSN which needs low energy consumption, SRK can itself be used as the key for encrypting the data transmitted and decrypting the data received. Transmitted packets are encrypted and decrypted with SRK using the bitXOR operation. MSK is encrypted with PK using bitXOR and sent to the receiver node. It gets decrypted with the PK of the transmitter node at the receiver using bitXOR operation. PK is piggybacked in the WSN frame packet. The receiver takes the PK from the WSN frame packet and decrypts it. CH generates MSK using GR and transmits it to the SN, after which both SNs and CH generate SRK. Generated SRK is encrypted using PUF and stored in both SN and CH. MSK gets regenerated when the CH changes. • Assumptions
1. CHs are powerful enough to generate MSKs, generate RSs, and receive RSs from all nodes.
2. Each node is equipped with a PUF. The energy (E) is calculated using, MSK gets generated using (GR(p,n,r)), where p,n,r are computed from WSN parameters as follows: • p is the number of ones in the PK. 𝐸 = 𝑉 ∗ 𝐼 ∗ 𝑇
(3) where, • V denotes voltage. • I denote current. In our experiment, we have taken V as 3 volts and I as 19.7mA to calculate the energy consumed in joules. The flow of operations in our proposed protocol for WSN is illustrated in Figure 1. In this protocol, GR is used for the formation of MSK and the generation of SRK by taking the parameters of SNs as input. The processes involved in the confidential data transmission...
Proposed Protocol. The proposed protocol chooses a k-bit prime p and determine following public parameters: {Fp, E/Fp, G, P}. where E/Fp: Elliptic curve over Fp. G: Cyclic additive points group formed by points on E/Fp. P: Generator of G. The protocol describes operation to generate common Session key among n members (it is not important whether n is equal to 3k or not) called Initialization operation along with others group operations like Join, Leave, Merge, etc. for dynamic group.
4.1 Initialization
1) In first round all members are arranged in subgroups having set of three members in each. (If n is not the multiple of 3 then remaining one or two members supposed to forward in next round and they does nothing in current round. The same condition is in every round) Member in every set form their own common EC points by using ECC based Three Parties Diffie Xxxxxxx key exchange as discussed in section 3.3. At the end of first round every subgroup has its own secret key (a point in EC group) in the form of (axi.ayi.azi.P) for i=1... Where axi, ayi & azi are private keys of first ,second and third member of i’th subgroup. One member from every subgroup comes forward as the group controller (GC) for the next round. In this way we treat every subgroup as a new node controlled by their GC.
2) In second round There are total nodes (along with the remaining node coming from previous round) form the subgroups having set of three participants of each and calculates their secrete subgroup key as in previous. This time GCs uses x- co-ordinate of their own subgroup keys as the private key. GC1 calculate (x1.P) and unicast to GC2. GC2 calculates (x2.P) and (x2. x1.P) and broadcast {(x1.P) ,( x2.P),( x2.x1.P)} to the all members of third subgroup. The members of third subgroup now can calculate common key as (x3. x2.x1.P) and keep it secret .GC3 additionally calculates {(x3.x1.P), (x3.x2.P)} and broadcast to the all members of its sibling groups. All sibling subgroup members calculates common key by multiplying their own private value. Note that GC1, GC2 and GC3 are group controllers and x1, x2 and x3 are their x co-ordinates of common points of first, second and third subgroups respectively.
3) Repeats the above process in subsequent rounds .In every round no. of nodes becomes (1/3) of the previous round. After rounds we have a single group which includes all the members, each sharing the group secret key.
4) If in last round the no of participants remains only two then instead of three ...
