Advanced
ZigBee Security Using Attribute-Based Proxy Re-encryption
ZigBee Security Using Attribute-Based Proxy Re-encryption
Journal of Information and Communication Convergence Engineering. 2012. Dec, 10(4): 343-348
Copyright ©2012, The Korean Institute of Information and Commucation Engineering
This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/li-censes/bync/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • Received : May 11, 2012
  • Accepted : June 29, 2012
  • Published : December 31, 2012
Download
PDF
e-PUB
PubReader
PPT
Export by style
Share
Article
Author
Metrics
Cited by
TagCloud
About the Authors
Hwajeong Seo
Howon Kim
howonkim@pusan.ac.kr

Abstract
ZigBee Network is enabling technology for home automation, surveillance and monitoring system. For better secure network environment, secure and robust security model is important. The paper proposes an application, attribute-based proxy reencryption on ZigBee networks. The method can distribute the authority to designated sensor nodes to decrypt re-encrypted ciphertext with associated attributes. However, a previous method is required to compute complex pairing operations. The high complexity is not suited to low resource device sensor networks, and it does not provide routing security either. To resolve these problems, we present a novel mechanism. The method can reduce overhead by imposing overhead to full function devices and ensure routing paths as well.
Keywords
I. INTRODUCTION
ZigBee is an enabling technology for various applications including home automation and surveillance systems. ZigBee has the advantages of high availability, low power consumption, and low cost, which is ideal for distributed sensor network environments.
However, security management in ZigBee networking is not at a suitable level for applications because the ZigBee standard security requires a huge capacity for storing master keys, network keys, and link keys between each entity. When the size of the network increases, the number of keys exponentially increases. It also does not offer the flexibility to select the destination nodes, for example.
In this paper, we apply attribute-based proxy re-encryption (ABPRE) [1] , which re-encrypts a ciphertext with attributes of the new recipients to delegate the capability of decryption and reduce the number of keys, providing a more practical method. To further reduce the computational complexity, we use a constant pairing operation based on ABPRE [2] .
In this work, we present a novel method for ZigBee security. Following are the main contributions of the paper. We present an efficient ZigBee security model and the proposed ABPRE provides a security model that distributes overhead. Finally we show a routing security model using ABPRE.
The paper consists of five sections. In Section II, we introduce related works including ZigBee and ABPRE. In the Section III, we propose the ABPRE model as a ZigBee standard. Section IV includes an evaluation report. Finally, we conclude the paper in Section V.
II. RELATED WORKS
- A. ZigBee, Sensor Network Standard
ZigBee is designed to be a low cost, power efficient device and provides effective communication within mesh networks. Therefore, it offers reliable and trustworthy network services to users.
ZigBee is based on the IEEE 802.15.4 specification and ZigBee standard. IEEE 802.15.4 defines the physical and medium access control layers of the protocol. The higher layers including the network, application support sub-layer, and ZigBee device objects are described by the ZigBee standard.
One of the most interesting features of ZigBee is the possibility of mesh networking. This extends the network range and provides higher network reliability by creation of new paths in case of network configuration changes. If an end device loses its transmission path to the coordinator, it searches for a new path to the coordinator. Therefore, the ZigBee network maintains an appropriate data transmission rate.
- B. Security Specification in ZigBee Networks
The ZigBee standard provides data confidentiality by encrypting packets with secret keys using Advanced Encryption Standard (AES) symmetric cryptography.
Three key types are used in ZigBee networks. A master key, which is a long-term security key between two devices, is used for delivery of network and link keys. The second key is a link key, which provides security on the specific link between the two devices. The third key type is a network key used when nodes transmit the information to a member of the network.
Even though ZigBee provides a strong method for protection of information from attackers with symmetric cryptography, ZigBee has restrictions that involve a large number of keys and network keys. In a full mesh network, each node shares each pair of keys with O (n 2 ) complexity.
- C. ABPRE with Constant Pairing Operations[2]
ABPRE with constant pairing operations is an enhanced version of [1] . To reduce the number of pairing operations, exponentiation is conducted instead of the operation. Therefore, the pairing operation is computed at once at the end.
- D. Satisfying an Access Structure
In this scheme we consider the access structure consisting of AND gates between positive and negative attributes. Denote the index set of all the attributes as τ. The access structure is represented as ˄(+ di , - di ) i∈τ , which are the positive attribute and the negative attribute, respectively. Any user receives a secret key associated with an attribute set S ⊆ τ from the authority. The users can decrypt the ciphertext, if the following conditions of the attribute are met:
  • If +diappears inAS, theni∈S;
  • If -diappears inAS, theni∉S;
- E. Main Construction
SETUP(1 k ): A bilinear group G of prime order p , with bilinear map e : G × G GT is generated. Next, it selects elements k , y , z, ti (1 ≤ i ≤ 3 n ) in ZP and two generators g,h of G at random. Let Y := e ( g,h ) y and ti := gti for each(1 ≤ i ≤ 3 n ). The public parameter pp includes
PPT Slide
Lager Image
The master key mk is ˂ k , y , z , { ti } 1≤i≤3n ˃.
KGEN ( S, mk ) Let S denote an index set of attributes. It chooses a random r 1 , ···, rn from the Zp and sets r = r 1 + r 2 + ··· + rn . It computes
PPT Slide
Lager Image
and for each i N ( N = {1,2,..., n })( Di , 1 = hri ) i∈N . This outputs a user’s secret key
PPT Slide
Lager Image
ENC ( m, AS ): Let AS denote an access structure. To encrypt a message m GT , it selects a random s Zp and computes
PPT Slide
Lager Image
Ĉ = gsz , and Č = hskz . For i N : if+ di appearsas
PPT Slide
Lager Image
appears as
PPT Slide
Lager Image
otherwise,
PPT Slide
Lager Image
It outputs
PPT Slide
Lager Image
RKGEN ( usk, AS' ) Let usk denote a valid secret key consistingof
PPT Slide
Lager Image
and let AS' denotean access structure. It selects a random d Zp and set
PPT Slide
Lager Image
For
PPT Slide
Lager Image
is the ciphertext of ϑ under the access structure AS' . It outputs
PPT Slide
Lager Image
REENC ( rk,C ) : Let rk denote a valid re-key consisting of
PPT Slide
Lager Image
and C denote a well-formed ciphertext
PPT Slide
Lager Image
This step checks whether S satisfies AS ; if not, output error; otherwise, for i N :
PPT Slide
Lager Image
Next, it computes = e ( C,DT )= e ( g,h ) (nd+r)(ksz). It then computes
PPT Slide
Lager Image
It outputs a re-encrypted ciphertext
PPT Slide
Lager Image
Note that Cre can be re-encrypted iteratively. Thus we would obtain
PPT Slide
Lager Image
where C'' is obtained from the REENC algorithm with the input of another rk' and C' . The size of the ciphertext and re-encryption times increase linearly.
DEC ( C, usk ): Let usk denote a valid secret key
PPT Slide
Lager Image
It checks whether S satisfies A S ; if not, it outputs error; otherwise, decrypt.
If C is an original well-formed ciphertext consisting of
PPT Slide
Lager Image
for i N :
PPT Slide
Lager Image
Next, it computes E = e ( C,DT ) = e ( g,h ) krsz . It outputs
PPT Slide
Lager Image
Otherwise, if C is a re-encrypted well-formed ciphertext consisting of
PPT Slide
Lager Image
then it decrypts C' using usk and obtains ϑ = gd .
Then it outputs
PPT Slide
Lager Image
Otherwise, if it is a multi-time re-encrypted wellformed ciphertext, and then decryption is similar to the above phases.
III. PROPOSED METHOD
The method is based on the [6] process, which proposes the first form of ZigBee security using ABPRE. In the process, firstly, the sender receives the access structure and public parameters from private key generator (PKG). When the sender needs to transmit the plaintext by executing the encryption process, the data is encrypted with the user's attributes and secret keys. If the recipient is located in the same sub-network or the sender has his attributes, the sender directly transmits the packet to the recipient and then the recipient decrypts the packet with his attributes and public parameters. When the recipient is located in the other network or has attributes which are not in the sender, the sender transmits the packet to the base node. The packet is reencrypted and then is transmitted to the node in the distance. The recipient decrypts the packet with his secret values. If the packet is encrypted several times, the decryption process is also conducted by an equal number of them. The method needs to pass the base node when the recipient is in the other network. Passing the base node, the packet is reencrypted, which ensures that the packet is transmitted using the right path. The detailed process is depicted in Fig. 1 .
In Fig. 2 , an example of the scenario is described. When the sender wants to send a message to recipient #1, it directly transmits the ciphertextto the destination after encryption. In the case of recipient #2, the sender transmits the packet to the base node. The base node then re-encrypts the packet using recipient #2's attributes. The re-encrypted data is transmitted to recipient #2 and then the data is decrypted with the attributes of recipient #2.
The detailed process of the algorithm is described in Table 2 .
IV.EVALUATION
- A. Performance Analysis
The attribute-based proxy re-encryption scheme has the capability of attribute encryption with specific attributes and re-encrypting the message for delegating the capability of decryption to selected users, which enables various features such as the simplicity of group key management and delegation of decryption capability. Comparing the number of keys with other schemes, ABPRE has O (n) complexity, but the current ZigBee system is O (n 2 ) because in symmetric cryptography all users should maintain the same secret key as the others. Therefore, traditional cryptography is not suitable for ZigBee security, but the proposed method is efficient in terms of distribution and management of keys. However, ABPRE does not offer a digital signature because it uses the attributes that are not representative of the user.
A detailed report is presented in Table 2 . For practical application, a proposal is required to reduce the computation cost because the scheme claims high overhead including pairing operations. Currently pairing operations over sensor networks take about 1 second ( Table 3 ). Therefore, it is not practical if many pairing operations are needed. In traditional ABPRE, the pairing operation is conducted by a number of attributes. Therefore, it is infeasible to enable the technology over a sensor network.
PPT Slide
Lager Image
Process of encryption and decryption. PKG: private key generator.
To solve this drawback, we use a constant pairing operation based on ABPRE [2] . In this method, we must compute two or three pairing operations by conducting decryption. The re-encryption is conducted by a full function node, a base node. Therefore, overhead is reduced in the leaf nodes. Table 4 illustrates the computational complexity of ABPRE. The leaf node needs to conduct the encryption process per each transmission. In the previous method, we had to conduct re-encryption whenever we needed to transmit data to users that were not included in first access structure of the ciphertext by the leaf node. However, in the case of the proposed method, the reencryption process imposes the overhead on the base node, a much more powerful device. Therefore, the computational costs on the leaf nodes are reduced.
Even though the method provides a small number of pairing operations, it is still not a practical method for ATmega128L and MSP430 devices. The pairing operation over sensor nodes should be improved to perform the proposed method.
Process of encryption and decryption over a sensor network
PPT Slide
Lager Image
Process of encryption and decryption over a sensor network
PPT Slide
Lager Image
Architecture of tree network.
- B. Security Consideration
The security strength of the proposed model is based on the user's secret key and attributes. First, if the sender's secret key is not revealed to others, the encryption and decryption process are secure, depending on the CTDH and ADBDH assumption. Secondly, the re-encryption process also demands the user's secret key to allow it to proceed. Even though malicious users might obtain the user's encrypted text, they cannot generate a re-encrypted text because the encryption key is not available for malicious users.
Performance evaluation of cryptography for ZigBee security[3-6]
PPT Slide
Lager Image
Performance evaluation of cryptography for ZigBee security [3-6]
Timing table for pairing operations over sensor platform[7]
PPT Slide
Lager Image
Timing table for pairing operations over sensor platform [7]
Computational complexity of ABPREABPRE: attribute-based proxy re-encryption.
PPT Slide
Lager Image
Computational complexity of ABPRE ABPRE: attribute-based proxy re-encryption.
V.CONCLUSIONS
In this paper, we propose the novel ABPRE based the ZigBee security model. The method solves the key management problem, provides an attribute-based encryption model, and ensures routing path security. It also has strong features in low cost computation by replacing exponentiation operations for pairing operations and provides a constant number of pairing operations. As a result, the proposed model can be a more practical security model in resource-constrained embedded systems than previous models. However, the method does not show reasonable performance. Future work in faster implementation of the model over various sensor nodes and locating a method for speeding up the model is needed because the current sensor nodes do not show high performance, as described in Table 3 .
APPENDIX
- Example: Multi-Hop Encryption Model
If sender ‘A’ wants to transmit data to ‘B’ and ‘C’, ‘A’ encrypts the data with attributes of base node ‘1’ and then sends it to ‘1’. Base node ‘1’ sends a ciphertext to ‘2’. First ‘2’ sends the received data to ‘3’ and ‘2’ re-encrypts the data with attributes of ‘B’ and then sends attributes. After receiving the data, ‘3’ also conducts the same procedure, which is computed in base node ‘2’.
PPT Slide
Lager Image
Multi-hop transmission. Assumption: base node has secret key of leaf nodes.
Acknowledgements
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MEST) (No.2010-0026621 ).
References
Liang X. , Cao Z. , Lin H. , Shao J. 2009 “Attribute based proxy reencryption with delegating capabilities” in Proceedings of the 4th International Symposium on Information, Computer, and Communications Security Sydney, Australia 276 - 286
Seo H. , Kim H. 2012 “Attribute-based proxy re-encryption with a constant number of pairing operations” Journal of Information and Communication Convergence Engineering 10 (1) 53 - 60
Nguyen S. T. , Rong C. 2007 “ZigBee security using identity-based cryptography” Autonomic and Trusted Computing, Lecture Notes in Computer Science 4610 3 - 12
Boneh D. , Franklin M. 2001 “Identity-based encryption from the Weil pairing” Advances in Cryptology - CRYPTO 2001, Lecture Notes in Computer Science 2139 213 - 229
Seo H. , Kim C. S. , Kim H. 2011 “ZigBee security for Home automation using attribute-based cryptography” in Proceedings of the IEEE International Conference on Consumer Electronics Las Vegas: NV 364 - 368
Seo H. , Kim H. 2011 “Zigbee security for visitors in home automation using attribute based proxy re-encryption” in Proceedings of the 15th IEEE International Symposium on Consumer Electronics Singapore 304 - 307
Oliveira L. B. , Aranha D. F. , Gouvea C. P. L. , Scott M. , Camara D. F. , Lopez J. , Dahab R. 2011 “TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks” Computer Communications 34 (3) 485 - 493