PRACTICAL DEPLOYMENT OF ONE-PASS KEY ESTABLISHMENT PROTOCOL ON WIRELESS SENSOR NETWORKS

Implementation and viability of Pairing-based cryptographic protocol for wireless sensor network is a challenging task to research community. Recently we have proposed an efficient One-pass Key Authentication protocol for wireless sensor network in random oracle model where we have presented pairing algorithm which is suited to implement for our protocol. The main difficulty of pairing based protocol is the incredible hardware and software constraint. In this paper, we suggest practical deployments of pairing on sensor nodes of the proposed protocol. These include the hardware architecture and various micro pairing implementation issues on wireless sensor networks. In this paper, we present the practical deployment of Micro-pairings on sensor nodes and hardware architecture of our proposed protocol.


Introduction
Pairing based cryptography is an promising area in modern cryptography which is firmly associated to Elliptic Curve Cryptography.It is a very challenging task to implement complex cryptographic operations like pairing on tiny and constrained devices.Pairing-based protocol is the emerging in Public Key Cryptography schemes but to perform the complex operations in a limited amount of time on sensor node is very important to research community.Computing the bilinear mapping Weil or Tate pairing on elliptic curve is very essential for cryptographic protocols.e(P, Q) denotes the Tate pairing, where P and Q are any two points on elliptic curve E(F q k ).We briefs various algorithms for Tate pairing on embedded devices.
Many authors [12], [14] have presented implementations issues of pairing based protocols for WSNs.However, they do not specify the real practical deployment of pairings on sensor nodes.Oliveira et al. in [12] described the software implementation of pairings by TinyTate used TinyECC as the underlying library and targeted the MICAz mote.To improve the implementations of various pairing algorithms for wide range of sensor platforms micro-pairing is adopted.This results in the diversity in pairings types and to achieve high level of security.The key design for embedded systems is the optimization of operations of pairing, arithmetic routines and domain parameters.

Pairing Types
The properties of pairing depends on the selected groups G 1 , G 2 and G T .Generally pairings is of three types depending three basic groups.

Security Parameters
The protocol works on two adjacent nodes i and j.We consider pairing type-I, II and III.Level of security in pairing-based protocol depend on degree k, size of the underline finite field F q and size of the group r.
The chosen security parameters k, r and q satisfy the following security requirements.
• Order of the group r should be very large.So that it is computationally infeasible to solve Elliptic Curve Discrete Logarithm Problem(ECDLP) in subgroup of order r of E(F q ) .
• k the embedding degree should be sufficiently large so that it is computationally infeasible to solve Discrete Logarithm Problem in F q k .
In our proposed protocol, We consider pairing type-I, II and III.Level of security in pairing-based protocol depend on the value of the embedding degree k, size of the underline finite field F q and size of the group r.
The chosen security parameters k, r and q satisfy the following security requirements.
• In order to make security strong using ECDLP, order of the group should be large enough.So solving ECDLP problem in an order r subgroup of F q k applying algorithm such as Pollard's ρ algorithm is computationally infeasible.
• The embedding degree k should be sufficiently large so that solving the DLP in F q k is computationally infeasible apply algorithm such as indexcalculus method.
In cryptanalysis, if we take order r = 160 bit prime, the number of steps need to solve ECDLP is 2 80 .Over the extension field, it need 2 80 steps for any DLP, if we select k • log 2 q ≡ 1024.This values for the three parameters r, k and q is equivalent to 80-bit level of security in Symmetric Key cryptosystem like AES or DES.The following table summarizes the comparison of key sizes in pairing-based cryptography.

Our Proposed One-Pass Key Establishment Protocol
The following table we summarize our proposed protocol [3].To generate the session key SK ij in node i, we need to compute the following pairing operation.
Similarly the following three pairing operations are required to compute the session key SK ij in node j.

Tate Pairing on MICAz Sensor Node
To implement Tate pairing on MICAz sensor node that embeds ATmega 128 8-bit CPU, the following parameters are to be considered.
• Finite Field: In TinyTate, pairing is evaluated over prime field F p .
• Selection of Curve: Consider super singular curve y 2 = x 2 + x over the prime field F p .
• Parameters for Pairing operation: The security parameters k, q and r to be chosen as k = 2, prime q = 256 bits and prime r = 128 bits.In order to simplify and easy to implement the arithmetic operations are to be performed on F k q , value of k = 2 allows the elimination of denominator.
• Projective co-ordinate system: Since inverse operation is very costly in point addition and doubling operation, we consider projective co-ordinate system.
Following table summarizes the evaluation on performance of TinyTate.
1. Setup : Given security parameters k, the KGC chooses groups G 1 and G 2 of prime order q.
A generator P of G, a bilinear map ê : G × G → G T and collision resistant hash function It chooses a master-key s ∈ F * q and computes P pub = sP .The KGC publishes the system public parameters params = <G, G T , ê, q, p, P pub , H 1 , H 2 , H 3 >.2. Extract : KGC takes the input the identities ID i and ID j of node i and j respectively and runs the algorithm and Computes the private keys as S i = s • Q i and S j = s • Q j of the node i and j respectively.
(Where Public key of node i and j are Q i and Q j respectively.3. Protocol: The protocol involves by considering two arbitrary nodes i and j Node i Node j Chooses randomly λ ∈ Z * q and computes U = λ and Verify ê(U, W ) ? = (S i , V ).Computes SK ji = ê(U + hQ i , S j ) Figure 1: Proposed One-Pass Protocol

Overviews on Micro-Pairings
For low processor devices, implementation of pairing on sensor node is too heavy weights in pairing based cryptography.However the articles [12] [14] have proposed cryptographic protocols using pairing based cryptography for secure communication in sensor networks.It is an challenge to implements such protocols in low cost and faster processing time.Hence we briefs about Micro-pairings which is an powerful and efficient implementation of different pairing types on

Symmetric
Size of It has been examined that particular pairings can be computed faster and efficiently on tiny and constrained devices such as Tmote Sky or WICA2.The objective of micro-pairing is to make high-speed implementations of various pairing algorithms for a wide range of sensor platforms.The prime design choices are to make the level of security high and faster in computation in low computational time.The following table shows 80-bit security level of implementation.It is important to find the optimal combination of domain parameters, pairing type and arithmetic routines which provides the efficient pairing performance on embedded device.The Efficient implementation of pairings algorithms and the arithmetics operation over prime field F p and binary filed F(2 m provides high performance of Micro-pairings.We have followed the implementation of pairing presented in MIRACIL [15] library.This specifies all the prime tools to perform arithmetic operations on elliptic curve.The memory allocation in micro-pairing can be used from stack.Therefore entire memory of RAM can be re-utilized for multiple areas after the completion of the pairing operation.MIRACL library can be embedded on 8, 16 and 32-bit architectures.

Pairing Algorithms
The most efficiently computable pairings are Weil and Tate pairing on elliptic curve.Efficiency of Tate pairing is more Weil pairing.We consider Type-1 pairing on super singular elliptic curve in our proposed protocol.Tate pairing is the bilinear mapping ê(P, Q), where P and Q are two arbitrary linearly independent points on an elliptic curve E(F k q ), evaluates as an element of extension field F q k .If P is of prime order r, then the pairing is evaluated as an order of r.We can apply algorithm-1 to compute the Tate pairing for implementation in more efficient way in term of memory space, bandwidth and processing speed [13].
We consider the following elements for implementation of pairing • As we have discussed Type-1 pairings is more suitable on super singular curves, these curves can be divided into three sub-classes curves over binary fields as q = 2 m with k = 4, curves over field of large prime characteristics 3 i.e q = 3 m with k = 6 and curves over field of large prime characteristics q = p, p > 3 with k = 2.The most suitable curve for implementation on 8-bit processor is curves over filed of prime characteristics is k = 4.
• The binary field F 2 271 can be chosen to achieve the security.
• Super singular curve is The number of points on the curves is 2 271 + 2 136 + 1 = 487805.r.Where r is a large prime.
The following table summarizes the cost of η T (P, Q) on y 2 + y = x

Operation in Prime Field
While computing e(P, Q), the most costly and the modular multiplication consumes more time as compare to modular addition and subtraction [9] [11].Since modular inverse operation is most expensive, we can use projective co-ordinate system [10].The improved hybrid method can be used for large integer multiplication and squaring.Stack is used for the memory for the variables that are used in the operations.
Algorithm 1: Computation of η T (P, Q) on y 2 + y = Algorithm 2: Computation of e(P, Q) with Tate Pairing Let the extension field is F p k .The Tate pairing computes as an element of this field.The function for the operation exponent, multiplication, addition and inversion in F is to be constructed.The overall cost of Tate pairing is summarized in table-5.For different embedded processor, table-4 summarizes the overall results for the evaluation of Tate pairing.
The Ate pairing is implemented on Atmega128 and MSP430 processor [16].The algorithm is given below.Performance of Ate pairing on Atmega128 and MSP430 are summerized in the following table.

Conclusion
In this article we have presented the pairing algorithms include Tate pairing and Ate pairing that compute e(P, Q) for our proposed one-pass key establishment protocol.The algorithms are most suited to implement on wireless sensor networks.Also we have described the hardware architecture and micro pairing implementation issues on wireless sensor networks.We shows the evaluation of micro-pairings where pairings of full-size security parameters are feasible on

Table 1 :
Performance evaluation of TinyTate on MICAz

Table 2 :
Comparison of key-size in bit a wide range of sensor platforms.Pairing based cryptographic protocol for embedded devices, micro-pairing has been designed to make practical for implementation.The software packages consists of sensor nodes MICA2/MICAz, Tmote Sky and Imote2.The evaluation of micro-pairings shows that, pairings having full-size security parameters are feasible on various hardware platforms.

Table 3 :
cost of η T (P, Q) on y 2 + y = x 3 + x MNT curve take k = 4 the algorithm to compute e(P, Q) with Tate pairing is given below 3+ x.For

Table 4 :
Timing in clock cycle for modular arithmetics in F p using 160-bit integer

Table 5 :
Computational Cost for MNT k = 4

Table 6 :
) Performance of Ate pairing on Atmega128 and MSP430 various hardware platforms.