ZigBee Network is enabling technology for home automation, surveillance and monitoring system. For better secure network environment, secure and robust security model is important. The paper proposes an application, attribute-based proxy reencryption on ZigBee networks. The method can distribute the authority to designated sensor nodes to decrypt re-encrypted ciphertext with associated attributes. However, a previous method is required to compute complex pairing operations. The high complexity is not suited to low resource device sensor networks, and it does not provide routing security either. To resolve these problems, we present a novel mechanism. The method can reduce overhead by imposing overhead to full function devices and ensure routing paths as well.
ZigBee is an enabling technology for various applications including home automation and surveillance systems. ZigBee has the advantages of high availability, low power consumption, and low cost, which is ideal for distributed sensor network environments.
However, security management in ZigBee networking is not at a suitable level for applications because the ZigBee standard security requires a huge capacity for storing master keys, network keys, and link keys between each entity. When the size of the network increases, the number of keys exponentially increases. It also does not offer the flexibility to select the destination nodes, for example.
In this paper, we apply attribute-based proxy re-encryption (ABPRE)
, which re-encrypts a ciphertext with attributes of the new recipients to delegate the capability of decryption and reduce the number of keys, providing a more practical method. To further reduce the computational complexity, we use a constant pairing operation based on ABPRE
In this work, we present a novel method for ZigBee security. Following are the main contributions of the paper. We present an efficient ZigBee security model and the proposed ABPRE provides a security model that distributes overhead. Finally we show a routing security model using ABPRE.
The paper consists of five sections. In Section II, we introduce related works including ZigBee and ABPRE. In the Section III, we propose the ABPRE model as a ZigBee standard. Section IV includes an evaluation report. Finally, we conclude the paper in Section V.
II. RELATED WORKS
- A. ZigBee, Sensor Network Standard
ZigBee is designed to be a low cost, power efficient device and provides effective communication within mesh networks. Therefore, it offers reliable and trustworthy network services to users.
ZigBee is based on the IEEE 802.15.4 specification and ZigBee standard. IEEE 802.15.4 defines the physical and medium access control layers of the protocol. The higher layers including the network, application support sub-layer, and ZigBee device objects are described by the ZigBee standard.
One of the most interesting features of ZigBee is the possibility of mesh networking. This extends the network range and provides higher network reliability by creation of new paths in case of network configuration changes. If an end device loses its transmission path to the coordinator, it searches for a new path to the coordinator. Therefore, the ZigBee network maintains an appropriate data transmission rate.
- B. Security Specification in ZigBee Networks
The ZigBee standard provides data confidentiality by encrypting packets with secret keys using Advanced Encryption Standard (AES) symmetric cryptography.
Three key types are used in ZigBee networks. A master key, which is a long-term security key between two devices, is used for delivery of network and link keys. The second key is a link key, which provides security on the specific link between the two devices. The third key type is a network key used when nodes transmit the information to a member of the network.
Even though ZigBee provides a strong method for protection of information from attackers with symmetric cryptography, ZigBee has restrictions that involve a large number of keys and network keys. In a full mesh network, each node shares each pair of keys with
- C. ABPRE with Constant Pairing Operations
ABPRE with constant pairing operations is an enhanced version of
. To reduce the number of pairing operations, exponentiation is conducted instead of the operation. Therefore, the pairing operation is computed at once at the end.
- D. Satisfying an Access Structure
In this scheme we consider the access structure consisting of AND gates between positive and negative attributes. Denote the index set of all the attributes as τ. The access structure is represented as ˄(+
, which are the positive attribute and the negative attribute, respectively. Any user receives a secret key associated with an attribute set S ⊆ τ from the authority. The users can decrypt the ciphertext, if the following conditions of the attribute are met:
If +diappears inAS, theni∈S;
If -diappears inAS, theni∉S;
- E. Main Construction
): A bilinear group
of prime order
, with bilinear map
is generated. Next, it selects elements
and two generators
at random. Let
for each(1 ≤
). The public parameter
The master key
denote an index set of attributes. It chooses a random
+ ··· +
. It computes
and for each
. This outputs a user’s secret key
denote an access structure. To encrypt a message
, it selects a random
denote a valid secret key consistingof
denotean access structure. It selects a random
is the ciphertext of ϑ under the access structure
. It outputs
) : Let
denote a valid re-key consisting of
denote a well-formed ciphertext
This step checks whether
; if not, output error; otherwise, for
Next, it computes =
It then computes
It outputs a re-encrypted ciphertext
can be re-encrypted iteratively. Thus we would obtain
is obtained from the REENC algorithm with the input of another
. The size of the ciphertext and re-encryption times increase linearly.
denote a valid secret key
It checks whether
; if not, it outputs error; otherwise, decrypt.
is an original well-formed ciphertext consisting of
Next, it computes
. It outputs
is a re-encrypted well-formed ciphertext consisting of
then it decrypts
and obtains ϑ =
Then it outputs
Otherwise, if it is a multi-time re-encrypted wellformed ciphertext, and then decryption is similar to the above phases.
III. PROPOSED METHOD
The method is based on the
process, which proposes the first form of ZigBee security using ABPRE. In the process, firstly, the sender receives the access structure and public parameters from private key generator (PKG). When the sender needs to transmit the plaintext by executing the encryption process, the data is encrypted with the user's attributes and secret keys. If the recipient is located in the same sub-network or the sender has his attributes, the sender directly transmits the packet to the recipient and then the recipient decrypts the packet with his attributes and public parameters. When the recipient is located in the other network or has attributes which are not in the sender, the sender transmits the packet to the base node. The packet is reencrypted and then is transmitted to the node in the distance. The recipient decrypts the packet with his secret values. If the packet is encrypted several times, the decryption process is also conducted by an equal number of them. The method needs to pass the base node when the recipient is in the other network. Passing the base node, the packet is reencrypted, which ensures that the packet is transmitted using the right path. The detailed process is depicted in
, an example of the scenario is described. When the sender wants to send a message to recipient #1, it directly transmits the ciphertextto the destination after encryption. In the case of recipient #2, the sender transmits the packet to the base node. The base node then re-encrypts the packet using recipient #2's attributes. The re-encrypted data is transmitted to recipient #2 and then the data is decrypted with the attributes of recipient #2.
The detailed process of the algorithm is described in
- A. Performance Analysis
The attribute-based proxy re-encryption scheme has the capability of attribute encryption with specific attributes and re-encrypting the message for delegating the capability of decryption to selected users, which enables various features such as the simplicity of group key management and delegation of decryption capability. Comparing the number of keys with other schemes, ABPRE has
(n) complexity, but the current ZigBee system is
) because in symmetric cryptography all users should maintain the same secret key as the others. Therefore, traditional cryptography is not suitable for ZigBee security, but the proposed method is efficient in terms of distribution and management of keys. However, ABPRE does not offer a digital signature because it uses the attributes that are not representative of the user.
A detailed report is presented in
. For practical application, a proposal is required to reduce the computation cost because the scheme claims high overhead including pairing operations. Currently pairing operations over sensor networks take about 1 second (
). Therefore, it is not practical if many pairing operations are needed. In traditional ABPRE, the pairing operation is conducted by a number of attributes. Therefore, it is infeasible to enable the technology over a sensor network.
Process of encryption and decryption. PKG: private key generator.
To solve this drawback, we use a constant pairing operation based on ABPRE
. In this method, we must compute two or three pairing operations by conducting decryption. The re-encryption is conducted by a full function node, a base node. Therefore, overhead is reduced in the leaf nodes.
illustrates the computational complexity of ABPRE. The leaf node needs to conduct the encryption process per each transmission. In the previous method, we had to conduct re-encryption whenever we needed to transmit data to users that were not included in first access structure of the ciphertext by the leaf node. However, in the case of the proposed method, the reencryption process imposes the overhead on the base node, a much more powerful device. Therefore, the computational costs on the leaf nodes are reduced.
Even though the method provides a small number of pairing operations, it is still not a practical method for ATmega128L and MSP430 devices. The pairing operation over sensor nodes should be improved to perform the proposed method.
Process of encryption and decryption over a sensor network
Process of encryption and decryption over a sensor network
Architecture of tree network.
- B. Security Consideration
The security strength of the proposed model is based on the user's secret key and attributes. First, if the sender's secret key is not revealed to others, the encryption and decryption process are secure, depending on the CTDH and ADBDH assumption. Secondly, the re-encryption process also demands the user's secret key to allow it to proceed. Even though malicious users might obtain the user's encrypted text, they cannot generate a re-encrypted text because the encryption key is not available for malicious users.
Performance evaluation of cryptography for ZigBee security[3-6]
Performance evaluation of cryptography for ZigBee security [3-6]
Timing table for pairing operations over sensor platform
Timing table for pairing operations over sensor platform 
Computational complexity of ABPREABPRE: attribute-based proxy re-encryption.
Computational complexity of ABPRE ABPRE: attribute-based proxy re-encryption.
In this paper, we propose the novel ABPRE based the ZigBee security model. The method solves the key management problem, provides an attribute-based encryption model, and ensures routing path security. It also has strong features in low cost computation by replacing exponentiation operations for pairing operations and provides a constant number of pairing operations. As a result, the proposed model can be a more practical security model in resource-constrained embedded systems than previous models. However, the method does not show reasonable performance. Future work in faster implementation of the model over various sensor nodes and locating a method for speeding up the model is needed because the current sensor nodes do not show high performance, as described in
- Example: Multi-Hop Encryption Model
If sender ‘A’ wants to transmit data to ‘B’ and ‘C’, ‘A’ encrypts the data with attributes of base node ‘1’ and then sends it to ‘1’. Base node ‘1’ sends a ciphertext to ‘2’. First ‘2’ sends the received data to ‘3’ and ‘2’ re-encrypts the data with attributes of ‘B’ and then sends attributes. After receiving the data, ‘3’ also conducts the same procedure, which is computed in base node ‘2’.
Multi-hop transmission. Assumption: base node has secret key of leaf nodes.
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MEST) (No.2010-0026621 ).
“Attribute based proxy reencryption with delegating capabilities”
in Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
“Attribute-based proxy re-encryption with a constant number of pairing operations”
Journal of Information and Communication Convergence Engineering
Nguyen S. T.
“ZigBee security using identity-based cryptography”
Autonomic and Trusted Computing, Lecture Notes in Computer Science
“Identity-based encryption from the Weil pairing”
Advances in Cryptology - CRYPTO 2001, Lecture Notes in Computer Science
Kim C. S.
“ZigBee security for Home automation using attribute-based cryptography”
in Proceedings of the IEEE International Conference on Consumer Electronics
Las Vegas: NV
“Zigbee security for visitors in home automation using attribute based proxy re-encryption”
in Proceedings of the 15th IEEE International Symposium on Consumer Electronics
Oliveira L. B.
Aranha D. F.
Gouvea C. P. L.
Camara D. F.
“TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks”