Server Assisted Key Establishment for WSN: A MIKEY-Ticket Approach

MIKEY-Ticket specifies new modes for the Multimedia Internet KEYing (MIKEY) protocol. It answers situations where the network contains a trusted third party (one or many trusted key management servers). Two of MIKEY-Ticket modes correspond to Kerberos and Otway--Rees key distribution protocols. Meanwhile, the general MIKEY--Ticket mode is a new key distribution scheme relying on six messages which are exchanged between the node initiating the protocol (Initiator), the Key Management Server (KMS) and the responding node (Responder). This general mode suffers from a risk of a Denial of Service (DoS) inherited from the protocol design. In this work, we first propose a new MIKEY--Ticket mode that solves the risk of DoS during the key establishment between the Initiator and the Responder. The security of our solution is evaluated with ProVerif, a protocol verification tool. Then, in the second part of the paper, we describe the application of our protocol to sensors in a Wireless Sensor Network (WSN).

[1]  Sushil Jajodia,et al.  LEAP+: Efficient security mechanisms for large-scale distributed sensor networks , 2006, TOSN.

[2]  Hannes Tschofenig,et al.  The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method , 2007, RFC.

[3]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[4]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[5]  Jiyong Jang,et al.  A Time-Based Key Management Protocol for Wireless Sensor Networks , 2007, ISPEC.

[6]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[7]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[8]  Song Ju,et al.  A lightweight key establishment in wireless sensor network based on elliptic curve cryptography , 2012, 2012 IEEE International Conference on Intelligent Control, Automatic Detection and High-End Equipment.

[9]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[10]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[11]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[12]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[13]  Tian Tian,et al.  MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY) , 2011, RFC.

[14]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..