TELKOM
NIKA Indonesia
n
Journal of
Electrical En
gineering
Vol.12, No.4, April 201
4, pp. 3021 ~ 3
0
2
9
DOI: http://dx.doi.org/10.11591/telkomni
ka.v12i4.4775
3021
Re
cei
v
ed Se
ptem
ber 10, 2013; Revi
se
d No
vem
ber
20, 2013; Accepted Decem
ber 3, 201
3
The Improved Key Exch
ange Protocol Based on Public
Key Certificates
Cuijie Zhao*,
Guo
z
hen Wang
Information Sci
ence a
nd T
e
chnol
og
y, Pear
l River Co
lle
ge,
T
i
anjin F
i
na
nce
and Econ
omic
s Universit
y
ti
a
n
j
in
,1
32
12
087
5
37
*Corres
p
o
ndi
n
g
author, e-ma
i
l
: zhaoj
ie8
1
0
8
0
9
@1
26.com
A
b
st
r
a
ct
W
e
pro
pose
mutual
a
u
thentic
ation
a
nd s
e
ssi
on k
e
y
excha
n
ge
protoc
ols
b
a
sed
o
n
certifi
c
ates fo
r
the Internet of
T
h
ings. W
e
also
prop
ose
an i
m
pr
ov
e
d
versio
n for th
e conv
entio
na
l
certificate-b
a
s
ed
systems. Our protocol is effici
ent,
it requires
few
e
r messa
ge
s and on
ly one
session key. It gives use a n
e
w
meth
od to
de
al w
i
th such a
s
preve
n
ting t
a
mperi
ng
and
preve
n
ting
int
e
rferenc
e sec
u
rity prob
le
ms.
In
desi
gni
ng t
he s
e
curity pr
otoco
l
prop
ose
d
h
e
re
, the lo
w
co
mp
utation
a
l
pow
er
of the w
i
re
less
sens
ors n
ode
s
and th
e low
ba
ndw
idth of the
w
i
reless netw
o
rks are cons
i
d
e
r
ed. It is good
as low
comput
ation
a
l co
mple
xity
and ca
nn
ot be forged.
Ke
y
w
ords
: int
e
met of things
(IOT),
sensor, key exch
a
n
g
e
protoco
l
, certif
icate, authe
ntic
ation
Copy
right
©
2014 In
stitu
t
e o
f
Ad
van
ced
En
g
i
n
eerin
g and
Scien
ce. All
rig
h
t
s reser
ve
d
.
1. Introduc
tion
IOT is kno
w
n
as the thi
r
d
wave of the i
n
formatio
n in
dustry follo
wi
ng the comp
uter an
d
the Internet [
1
]. It brings m
any ben
efits for pe
ople
whi
l
e it also b
r
in
gs the i
n
crea
singly p
r
omin
ent
issue
s
of privacy.
From the i
n
fo
rmation
colle
ction, tran
smi
ssi
on
an
d ap
plicatio
n poin
t
of view, the IOT is
divided into t
h
ree
layers
structu
r
e [1], the botto
m l
a
yer is
perce
p
t
ual layer fo
r
data pe
rcepti
on,
the se
co
nd la
yer is the
net
work laye
r for data tran
smi
ssi
on, an
d th
e last laye
r is the appli
c
ati
on
layer. In
pe
rception l
a
yer
netwo
rk,
the
safety p
r
ote
c
tion a
b
ility is
poor b
e
cause of it
s te
chn
i
cal
cha
r
a
c
teri
stics, and the se
curity level is
rela
tively low
comp
ared to the co
re net
work [2].
2. Analy
s
is o
f
Sensor
Netw
o
r
k Secu
rity
Technolog
y
For ma
ny sen
s
or
net
wo
rks, secu
rity
is
ve
ry impo
rta
n
t.
Sensor
n
e
t
w
or
k sy
st
e
m
not
only need
s
t
o
face
the
harsh envi
r
on
ment, but
al
so
face
a
c
tive, intellige
n
t oppon
ent, so
the
sen
s
o
r
netwo
rks
need to
battle
with
posit
io
ning,
sabota
ge, su
bversi
on. On
other
occasions, se
curity requirements alth
ough not obvious, but still very important [3].
2.1. The Safe
t
y
Barrier of Sensor Net
w
ork
We
usually
said
sen
s
o
r
netwo
rk
refers to a
spe
c
ia
l
network,
Th
e con
s
tituted
pro
c
e
s
s
of the sen
s
or
network hav
e more
con
s
traints
and
li
mitations
tha
n
tra
d
itional
network.
Th
ese
con
s
trai
nts le
ad to the existing se
curity tech
nol
o
g
y ca
n not be appli
ed to sen
s
o
r
netwo
rks ea
si
ly.
2.1.1. Limited Reso
urce
s
All the security proto
c
ol
s and
se
curi
ty tech
n
i
que
s
nee
d to rely on
some
resou
r
ces, in
cludi
ng
data storage,
code
memory, ene
rgy
an
d
band
width. But
for wirele
ss
sensor, be
cau
s
e
of
its own
limitation, th
e operation
o
r
storage
resource
s are very
limited.
1) Memo
ry ca
pacity co
nstraints
The
sen
s
or
n
ode
s
are mini
ature devi
c
e, onl
y a small
amount of
m
e
mory u
s
ed t
o
store
the code.
So
based on thi
s
point, whe
n
we build safe and effective
mech
ani
sm we ne
ed
to
control
the l
ength of the se
cu
rity mech
anism
cod
e
a
c
cordi
ng to
store
cap
a
cit
y
.
For
example, a M
i
ca
se
nso
r
nod
e only
ha
s
12
8KB code
sto
r
age
capa
city, 4KB
data
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3021 – 3
029
3022
stora
ge capa
city. TinyOS
cod
e
acco
unt
s
for
ab
out
4
KB.
Therefo
r
e, all
the
se
curity code m
u
st
be
very small.
2) Energy re
striction
For wi
rele
ss
sen
s
o
r
, the ability restri
ct
ion
larg
ely re
flected on th
e energy co
nstrai
nt.
Generally the battery po
wered
sen
s
o
r
nod
es o
n
ce we
re
arran
ged in a
sen
s
or
network
that
woul
d be
difficult to b
e
repl
ace
d
be
ca
use of hi
g
h
op
e
r
ating
cost,
a
nd would
be
not ea
sily
cha
r
ge
up ag
ain
be
cause of hig
h
sen
s
o
r
co
st
s,
so
we
m
u
st
save the
battery ene
rgy, and prol
ong
the
lifetime of the se
nsor
node
s,
so
prolong
th
e lifetime
of sen
s
o
r
netwo
rk. Be
cau
s
e
of ene
rgy
rest
rictio
n, when
we i
n
crease e
n
cryption
functio
n
or
add
a
security protocol
we
sho
u
ld
also
con
s
id
er
wh
ether th
e en
ergy
co
nst
r
ai
nt is b
e
yond
wirele
ss
se
nso
r
ene
rgy
rang
e. When
we
increa
se th
e
se
curity
cap
a
c
ity for sen
s
or n
ode,
we
must
con
s
id
e
r
the influ
e
n
c
e that security
cap
a
city effect on the node
lifetime.
2.1.2. Unreliable Commu
nication
For the
wirel
e
ss
se
nso
r
net
wo
rk a
nothe
r importa
nt threat
is unreli
able
comm
uni
cati
on. Senso
r
n
e
twork
securi
ty relies
on
th
e define
d
security
proto
c
ol,
and the d
e
fin
ed
se
curity proto
c
ol reli
es o
n
the com
m
uni
cation.
1) Un
reli
able
transmissio
n
The pa
cket
routing
of se
n
s
or n
e
two
r
k
is a wi
rele
ss conn
ectio
n
routing, so it
is not
reliabl
e.
Cha
nnel erro
r
code an
d h
i
gh
co
nge
stio
n node
s p
a
cket
loss may damage
the packet. T
he
reliabl
e
wi
rele
ss
comm
unication cha
nnel
also
will damag
e
the
packet. The
h
i
gh
cha
nnel bit
error rate fo
rce
software
to
us
e som
e
netwo
rki
n
g
sou
r
ce
han
dle erro
r.
If
the
agre
e
me
nt
has
not app
ro
priate e
rro
r h
andlin
g
cap
a
c
it
y, it may
lose security groupin
g
key,
such
as the en
cryp
tion key [4].
2) Colli
sion
Even if the
cha
nnel i
s
re
liable,
com
m
unica
tion
ind
u
stry
still
may not be rel
i
able,
the
rea
s
on i
s
t
hat the
bro
a
d
ca
st chara
c
teri
stic
of sensor
n
e
two
r
k
[5]. If
the packet colli
si
ons
appe
ar
in th
e
transmissio
n way,
the p
a
cket tra
n
sm
issi
on will
fail
. In
the
high
density se
nsor
netwo
rk,
colli
sion i
s
one of
subje
c
t matter.
3) time delay
Multi hop ro
uting,
netwo
rk con
g
e
s
tion
,
and node
disp
osal
will cau
s
e la
rge
network
delay, thus to
achieve
synchroni
zatio
n
betwe
en the se
nsor
node
s
is very
difficult[6].
The
synchro
n
ization
proble
m
h
a
s great
influ
ence on th
e
sensor
safety,
se
curity
me
chani
sm de
pe
nds
on criti
c
al in
ci
dent rep
o
rtin
g and en
crypt
i
on key blo
c
k.
2.1.3. Senso
r
Net
w
o
r
k
Unattend
ed
Acco
rdi
ng to
the spe
c
ifi
c
functio
n
of
sen
s
or
net
work,
sensor node
s ma
y be in
the
unattend
e
d
state a lon
g
time.
The longe
r sen
s
or node u
natte
nded
time i
s
,
the gre
a
ter
th
e
se
curity attack po
ssi
bility [3]. For unatte
nded
sen
s
o
r
node
s exist followin
g
thre
e threat
s:
1) Expose to physi
cal attacks.
Senso
r
nod
e
s
may b
e
arra
nged
in th
e
attacker
op
en
a
nd b
ad
we
ath
e
r
enviro
n
me
nt.
The
possibility
of sensor nodes
in
such an environ
ment suffered
f
r
om physical
attacks is
m
u
ch
highe
r than typical
comp
uter.
2) Re
mote ad
ministration.
Senso
r
n
e
twork
remote
m
anag
ement v
i
rtually
can n
o
t
detect
ta
mperi
ng a
nd
physi
cal
maintena
nce.
The typical
example i
s
that t
he se
nsor no
de u
s
e
d
for re
mote
detection
ma
y
lose conta
c
ts with
friendly
forces.
3) The la
ck of central m
ana
gement poi
nt.
A sensor n
e
twork
sh
o
u
ld
be a
dist
ri
bute
d
network without
cent
ral
manag
eme
n
t point, whi
c
h
will improve
t
he se
nsor
ne
twork vitality.
however, if
th
e desi
gn
i
s
n
o
t
rea
s
on
able, can also lead
netwo
rk o
r
g
a
n
izatio
n to difficult, inefficie
n
t and fragile
state.
3. Ke
y
Management
In orde
r to reali
z
e
the p
r
otection of
p
e
rc
eptual inf
o
rmatio
n,
usu
a
lly
we ca
n use
key
manag
eme
n
t
techn
o
logy t
o
ensure
the
se
cu
rity
of the
system
.
The pe
rcep
tual layer
ke
y
manag
eme
n
t
system face
d
with two
p
r
oble
m
s: the
first
one is
how to
buil
d
and
a
dapt
the
IOT architect
u
re throug
h multiple
n
e
twork u
n
if
ied
key mana
gem
ent syst
em;
the second
o
ne
is
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
The Im
prove
d
Key Excha
nge Proto
c
ol
Based o
n
Pu
blic Key
Ce
rtificates
(Cuiji
e
Zhao)
3023
how to use
rea
s
on
ab
le method
to
improve relevant
key mana
g
e
ment
pe
rcep
tion
layer problem
, which
incl
ude
s a key
prod
uctio
n
proce
s
s, key
distrib
u
tion p
r
oce
s
s
an
d key
updatin
g pro
c
ess [3].
Usually
there
are two different ways
to
generate the
key
manag
e
m
ent system:
one is
the cent
ralize
d
mode, this
mode
u
s
uall
y
make
the
Internet as the center
to
manage,
a
nd
have
sp
ecifi
c
orga
nizatio
n
for
the p
e
rceptual
l
a
yer mana
gem
ent, often can
coordinate
t
h
e
internet key distributio
n ce
nter
to
mana
ge the ke
y. O
n
ce n
e
two
r
k
perceptio
n la
yer
acce
ss to
the
Internet, thro
ugh
the key
distributio
n
center
inte
ra
cts with th
e
gateway node,
finish
key
manag
eme
n
t for netwo
rk a
w
are nod
es;
The
oth
e
r
on
e is th
e
distri
buted m
ana
g
e
ment
app
ro
ach
to
the IOT perception lay
e
r. This
way
have
a
relatively high requi
rem
ent
to
sink
node
and
gateway, But the
key
mana
gem
e
n
t
has
gre
a
t cost
and o
v
erhea
d, because
of
e
nergy
con
s
um
ption of
the
edge n
ode
s
an
d the
hierarchi
c
al
algorith
m
.
Th
e followi
ng
is introd
uction
s to
the key tech
n
o
logy.
3.1. The Public Ke
y
Cr
y
p
t
o
s
y
stem
The con
c
ept
of public key crypto
syst
em is propo
sed by Diffie
and Hellm
a
n
[7] in
1976
,
A
l
so
kno
w
n a
s
a
s
y
mmet
r
i
c
c
r
y
p
t
o
sy
st
em.
Different from the orig
inal private-key
crypto
system
, public key crypto
system
base
d
on
u
n
idire
c
tion
al and irreversi
b
le mathem
a
t
ical
function, usi
n
g of asymme
tric en
cryptio
n
algorit
hm, the gre
a
test feature i
s
two
keys se
parating
the encryptio
n and d
e
cryp
tion. A public
key for e
n
cr
yption key, a p
r
ivate key for
decryption
ke
y,
both
side
s
o
f
comm
uni
ca
tion with
out
prio
r ex
chan
ge o
r
n
egoti
a
tion
sha
r
ed
key
ca
n
se
cure
comm
uni
cati
on security; On the oth
e
r
hand, a
nalysi
s
private key from
pu
blic key
and ciphe
r
text,
it is not
po
ssi
ble in th
e
cal
c
ulatio
n. In p
ublic
key syst
em,
ea
ch user
h
a
s
a key pair (Pku,
Sku),
whe
r
e
P
k
u
i
s
an
op
en para
m
eter, called
the
publi
c
ke
y
of the u
s
e
r
; a
nd Sku kept
secret by u
s
e
r
s
themselve
s
, calle
d the pri
v
ate key of the user.
In gene
ral, the private key
Sku is rand
o
m
ly
gene
rated, a
nd the publi
c
key Pku i
s
injective functio
n
che
c
k on Sku.
it is a one
-wa
y
function, so
all use
r
s
ca
n
'
t get any informatio
n fro
m
the Pku p
u
b
lic key
corre
s
p
ondin
g
to the
p
r
i
v
ate key
of Sku.
Thu
s
,
publi
c
key
cryptograph
y facilitates
key
manag
eme
n
t and di
stributi
on; also fa
cilitate comm
uni
cation e
n
cryp
tion and digit
a
l sign
ature.
3.2. The Public Ke
y
Cr
y
p
t
o
s
y
stem Based on Certificate
Public-key cryptosystem b
a
se
d on the certificate of p
ublic
key authentication is realized
by a di
gital certificate, i
s
t
he id
entity of a u
s
e
r
with
his
publi
c
ke
y together, fi
rst by a
n
a
u
th
ority
trusted
to ve
rify the ide
n
tity of the u
s
e
r
, t
hen
the i
dentity and
the
corre
s
p
o
n
d
ing
publi
c
key
certificate
of combi
n
ing digital
sign
ature, to demon
strate the va
lidity of the ce
rtificate [8]. The
widely u
s
ed i
s
Public Key Infrast
r
u
c
ture
(
PKI) key ce
rt
ificate mana
g
e
ment platform.
In the PKI system, the dist
ribution a
nd
use of
publi
c
key certificate to realize, contai
ns
the si
gnatu
r
e
publi
c
key
certificate, id
e
n
tity in
format
ion of ID u
s
ers an
d the
authority of t
h
e
certificate. Beca
use the
certificate
can'
t be forged,
certificat
es
can be pla
c
e
d
in a dire
ctory for
partici
pant
s to access, users
can al
so
directly to
the ce
rtificate
is sent to the other u
s
e
r
s.
Certificate Au
thority (CA)
p
l
ays a
n
imp
o
rtant role
in th
e pu
blic
key
system, CA i
s
respon
sibl
e f
o
r
the manag
e
m
ent of certi
f
icate of all use
r
s in
the
system incl
uding the pe
ople, all kind
s of
appli
c
ation a
nd ho
st.
The follo
wi
ng is
CA
features:
certificat
e, cert
ificate
upd
ate, and
certificate
revocation
an
d ce
rtificate v
e
rificatio
n
.
Th
e co
re
fu
nctio
n
of CA i
s
the
issuan
ce
an
d man
agem
e
n
t
of digital certi
f
icate, in parti
cula
r to:
(1)
receives t
he validated
end-user a
ppl
ication for di
g
i
tal certificate
s
;
(2)
T
o
d
e
term
ine
wh
ether t
o
a
c
c
ept the end user of
th
e
ap
plicat
ion of
digital ce
rti
f
icates
-
- ce
rtificate of
approval;
(3) Issu
ed, re
fused to issu
e digital ce
rtif
icate
s
issue
d
to appli
c
ant
s --ce
rtificate;
(4) T
he digital
certificate to receive, the
end user up
dat
e requ
est --certificate up
d
a
te;
(5) Q
u
e
r
y, receiving e
nd u
s
er di
gital ce
rtificate revocation;
(6) T
o
pro
d
u
c
e and pu
blish
certificate re
vocation li
st;
(7) Archivin
g of digital certi
f
icate;
(8) T
he k
e
y
file;
(9) Hi
sto
r
ical
data archivin
g.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3021 – 3
029
3024
4. Exchange
Securit
y
Pro
t
ocol Based
on Public Ke
y
Certificate
Diffie-Hellma
n
key
exch
an
ge p
r
oto
c
ol i
s
u
s
ed
to e
s
t
ablish a
sh
ared secret b
e
twee
n A
and B. It ma
kes
use of
the
expone
ntial functio
n
in a
Q orde
r
finite
field
GF (q)
calcul
ation
s
were
comp
ared wit
h
the cal
c
ulat
ed
log
in t
he
same a
r
e
a
of difficulty. If y=a
x
mod q, for any
1<x
<
q
-
1
whe
r
e
a
i
s
th
e GF (q
) a
fixed ba
sic el
e
m
ent, then
x=log
a
y mod q
is
to base a
discrete
lo
ga
rith
m
of y. we select a rand
om numbe
r x
A
from
the integers
1, 2... Q-1, x
A
are
confid
ential, and
se
nds
them
mo
d
A
x
A
yq
to
B. Als
o
,
c
h
oo
se a
r
a
nd
o
m
nu
mb
er
x
B
in
B, and
sen
d
s y
B
to A. A
and
B can
cal
c
ulate
mod
AB
xx
s
kq
as
their
key. A
need ca
lculate
d
ski
by
x
A
q
q
y
k
A
B
A
x
x
x
B
s
mod
mod
, B
can got
mo
d
B
x
sA
ky
q
in
a simila
r way
.
No
on
e kno
w
s that
x
A
or x
B
values ex
cept
A and B, so that other pe
o
p
le must
calculate ks from
y
A
and y
B
.
Assu
me that
B is
A's neig
hbor
nod
e,
Cert
A
and Cert
B
are
ce
rtificates, re
sp
ecti
vely
fo
r
node
A
and
node
B.
Assu
me the
exist
ence of
a tru
s
ted certificat
e
auth
o
rity (CA), in
a
wirel
e
ss
netwo
rk
cont
ract,
each
nod
e of the A
provide a
certificate, the
ce
rt
ificate
contain
s
no
de
A identity, the
expiration
da
te, the
certificate
aut
hority'
s
sig
nature a
nd ce
rt
ificate authority priv
ate
key SCA. The ce
rtificate
is
use
d
to verify t
he
informatio
n,
su
ch as
the pu
blic key in
the
certificate to prove
th
at
it
i
s
created
by
t
he spe
c
ial
organi
zation a
n
d
bel
ong
to
t
h
is organi
zati
on.
H
( )
i
s
a o
n
e
-
way
Ha
sh
fu
nction. Th
e
cut-o
ff
date
o
f
Certificate i
s
defin
ed by
the
Date,
p
B
as
the
node
of B publi
c
key,
IDx
is node X’s i
dent
ifier,
,,
B
BB
C
A
hI
D
P
D
a
t
e
S
mean
s to
sign
the
,,
B
BB
hI
D
P
D
a
t
e
using the
CA private key. Symbolic
interp
retation
as sho
w
n in
Table 1:
Table 1. Symbol De
scriptio
n
sy
m
bol
Meaning
CA
A trusted certification authorit
y
SCA
The private ke
y o
f
certificate authorit
y
Cert
x
The certificate of
Node X
IDx
the identit
y
of N
o
de
yx
The Public value of node X
XA
The secret value
for node A
Datex
The e
x
piration d
a
te of the certificate
H()
A single Hash function
PX
The public ke
y
N
ode X
The ce
rtificat
e of Node A a
nd B are sho
w
in (1
) and (2).
,,
,
,
,,
,
B
B
B
BE
B
B
BB
C
A
Cer
t
ID
P
y
Da
t
e
h
I
D
P
y
D
at
e
s
(
1
)
,,
,
,
,
AA
A
A
A
A
A
C
A
C
e
r
t
ID
y
D
a
t
e
h
ID
y
D
a
t
e
s
(2)
mo
d
A
x
A
yN
and
mo
d
B
x
B
yN
are
pu
blic value
no
de A and
no
de B
of the
Diffie-Hellma
n
key ex
cha
nge
metho
d
,
a
and
N
are
open to th
e publi
c
,
while
x
A
and
x
B
is the
Diffie-Helkma
n key
exchan
ge
metho
d
in
secret.
t
he
specifi
c
pro
c
e
s
s is
sh
own in
Figure 1, Th
e
encryption an
d authenti
c
ati
on pro
c
e
s
s is sho
w
n in Fig
u
re 2.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
The Im
prove
d
Key Excha
nge Proto
c
ol
Based o
n
Pu
blic Key
Ce
rtificates
(Cuiji
e
Zhao)
3025
Figure 1. The
Commu
nication Pro
c
e
ss b
e
twee
n No
de
A and Node
B
Figure 2. The
Encryption a
nd Authentica
t
ion Process
If node B will commu
nicate with nod
e A
A<-B: Ce
rt
B
Nod
e
A need
to calculate the followi
ng formul
a:
'
mo
d
m
o
d
A
BA
x
xx
sB
ky
N
N
(3)
If node A will comm
uni
cate
with node B.
:,
,
s
Bs
A
A
Bkp
f
k
C
e
r
t
(4)
Nod
e
B need
s to cal
c
ulate
the followin
g
formul
a.
'
mo
d
m
o
d
B
AB
x
xx
sA
ky
N
N
(5)
If the commu
nicatio
n
between no
de B and nod
e A.
A
B
B sign
[ks]p
B
and
enc
r
ypt C
e
rtificate f(ks,Cert
A
),B
calculate
'
mo
d
m
o
d
B
AB
x
xx
sA
ky
N
N
Cert
B
v
e
rify the d
a
ta,
No
d
e
A calcu
late
'
mo
d
m
o
d
A
BA
x
xx
sB
ky
N
N
A
B
6. Sent
A
,C
e
r
t
s
fk
to
B
and calculate
'
s
k
CA
1.Apply for certificate
2.
Get
ce
rtificate
Cert
B
3.Apply for certificate
4.
Get ce
rtificate Cert
A
5. Ve
rification
,
calculate
'
s
k
A
B
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3021 – 3
029
3026
It can be en
crypted usin
g the se
ssion
ke
y ks’ on the transmi
ssion of
a message.
In
the abov
e protocols,
gene
rating
a
n
d
u
s
ing
a t
w
o
se
ssion
key
ks a
nd
ks’.
The
intro
d
u
c
tion of
an
other
sessio
n
key fo
r
the pu
rpo
s
e of
ks’
is to
fo
rgery
preventio
n ce
rtificate wa
s
leaked
after
the. But
the gene
ration
o
f
this
proto
c
ol dra
w
ba
ck
is
that
each
key
in the pro
c
e
ss
of co
nsultatio
n
se
ssion
key
s
are
the
sam
e
. For
se
curity
rea
s
on
s, ea
ch key
agree
ment are
g
e
neratin
g the
same
key is
not safe. Th
is
is
si
milar
to
the dynamic
password, on
ly changi
ng the
se
ssion
key
to ensu
r
e
and
imp
r
ove the se
cu
rity of the
sy
st
em.
5. The Opti
mization of the
Security
Ke
y
Management
Pro
t
ocol Based
on Public
Ke
y
Certificate
Exchang
e p
r
oce
s
s
gen
era
t
ed session
key in
Diffie
-
Hellman keys a
r
e
the
same,
which
make
s
g
r
eat
risk exi
s
ts
in
the inte
ra
ction p
r
o
c
e
ss.
The m
a
in fa
ctors of thi
s
defect
is
the
t
w
o
open
valu
es of y
A
and
y
B
Diffie-Hell
man
key
excha
nge p
r
o
c
e
ss, be
ca
use
th
e
two publi
c
factor has
al
rea
d
y
bee
n
cert
ification cr
edi
ble CA sig
nat
ure, re
sultin
g in
the
l
a
te key
negotiatio
n
proce
s
s in whi
c
h two facto
r
s
can
not be ch
ange
d.
The different
between o
p
t
imization
sch
e
mes
a
nd th
e above
sch
e
me
is mainl
y
for
key
negotiatio
n
proce
s
s differe
nt leads to dif
f
erent sessio
n keys.
Assu
me that
B is
A's neighbo
r, Ce
rt
A
and Cert
B
re
spectively
for node B
and
n
ode A
of
the certifi
c
ate
,
the specifi
c
pro
c
e
ss i
s
sh
own in Fig
u
re
3:
Figure 3. The
Commu
nication Pro
c
e
ss b
e
twee
n No
de
A and node
B
The ce
rtificat
e of Node A a
nd B are sho
w
in (6
) and (7).
,,
,
,
,
AA
A
A
A
A
A
C
A
C
e
r
t
ID
y
D
a
t
e
h
ID
y
D
a
t
e
s
(
6
)
,p
,
,
,
,
p
,
,
B
B
B
BB
B
B
BB
C
A
Ce
rt
I
D
y
D
at
e
h
I
D
y
D
a
t
e
s
(
7
)
mo
d
A
x
A
yN
and
mo
d
B
x
B
yN
are
pu
blic value
no
de A and
no
de B
of the
Diffie-Hellma
n
key
exch
a
nge metho
d
, a and
N are
open
to
the
publi
c
, while
A
x
and
B
x
is the
Diffie-Helkna
n key exch
an
ge method in
se
cret.
If node B will commu
nicate with nod
e A.
A<
-B:
B
B
x
,
B
Ce
r
t
(8)
Nod
e
A need
to calculate the followi
ng formul
a:
'
mod
m
od
A
BB
B
A
x
sB
ky
N
N
(9)
Send [ks]p
B
、
AA
rx
and f(k
s
,Cert
A
) to
B,B calcu
late
N
N
y
k
B
A
B
A
A
x
A
s
mod
mod
'
Cert
B
and
B
B
x
v
e
ri
fy
th
e d
a
ta, Nod
e
A
calcu
late
'
mo
d
m
o
d
A
BB
B
A
x
sB
ky
N
N
A
B
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
The Im
prove
d
Key Excha
nge Proto
c
ol
Based o
n
Pu
blic Key
Ce
rtificates
(Cuiji
e
Zhao)
3027
If node A will comm
uni
cate
with node B.
A->
B
:
A
A
rx
,
)
,
(
,
]
[
A
s
B
s
Cert
k
f
p
k
(10)
Nod
e
B need
s to cal
c
ulate
the followin
g
formul
a:
N
N
y
k
B
A
B
A
A
x
A
s
mod
mod
'
(
1
1
)
If the commu
nicatio
n
between no
de B and nod
e A.
AB
It can be en
crypted usin
g the se
ssion
ke
y
'
s
k
on the transmissi
on of m
e
ssag
e.
The nod
e B gene
rate a
ra
ndom num
be
r
B
r
, calculated
value
of
BB
rx
, and
broa
dcast
B
B
rx
a
and ce
rtificate. Here
B
B
rx
a
broad
ca
st inste
ad
of
BB
rx
, mainly
for A
c
an save
the
comp
utation of
B
B
rx
a
. After receivin
g data
transmissio
n
by
node B,
node
A gen
erate
s
a
rand
om valu
e
A
r
, at the
sam
e
time, the
n
ode A ve
rify the reliability
of node
B through
nod
e B
certificate
B
Ce
rt
containe
d of
B
y
, If the
situation is
to
gen
erate th
e se
ssi
on
key. Next,
the
node
A gen
erate
s
a ra
ndom
sessio
n key
s
k
,
encrypted ciph
er text
and th
e
A
A
rx
and
A
,C
e
r
t
s
fk
transmit to node B. So far,
the node
B verifies the
nod
e A,
and cal
c
ul
ates
the se
ssi
on
key
'
s
k
.
Only whe
n
the
no
de A
and
no
de B
b
u
ilt this
sessi
on
key
'
s
k
, can
guarantee
the
se
curity o
f
encryption
i
n
formatio
n trans
fe
r betwe
en node A
a
nd node
B.
T
he Adversary
o
f
node B
in the optimize
d
schem
e
is un
a
b
le to obtain the
se
cret val
ue
A
x
in the node A,
at th
e
same time, e
a
ch
se
ssi
on key process g
enerates a dif
f
erent sessio
n keys.
In the opti
m
ization
sche
me
node A
certif
icate di
d not
en
cry
p
ted, be
cau
s
e the
se
cret info
rm
ation in
the
certificate do
e
s
not
contain
anode.
Th
at is to say,
if the
node in t
he
A secret
valu
e Ax not
leaked,
so n
o
ad
versa
r
y ca
n
forge
th
e nod
e
A illegal attack. Nod
e
A and
node B to
comm
uni
cate
with ea
ch
other
in
o
r
de
r to
cal
c
ulate the
same
sessi
on
key
mo
d
AA
x
S
kN
at the sam
e
time
tran
sfer
certifi
c
ate a
nd
key
excha
nge
p
a
rameters.
The
pass ba
ck a
nd forth t
he
encrypted id
entity
informa
t
ion is u
s
e
d
to
verify
the se
ssi
on
key
ha
s be
en tam
pere
d
with,
the
se
ssion
key
can b
e
u
s
ed to
en
crypt
the
messag
e, in orde
r
to gua
rante
e
the
tran
smissi
on se
curity
commu
n
i
cation ch
an
nel
messag
e
ca
n
be esta
blish
ed in a
no
de
A
and
node
B.
Our sche
me is mo
re
e
fficient
is mai
n
ly
reflecte
d in
the
key ne
goti
a
tion pro
c
e
ss with only
a se
ssi
on key
for
nod
e A,
need to have
the
operation
abil
i
ty is mainly embodi
ed
in th
e
calculation
of
the session
key,
and
The co
mputat
ional
com
p
le
xity depends
on
the n
u
mb
er of modul
ar
expon
entiation relate
d
to
the
r
A
.
Due
to th
e l
o
w
co
mputin
g po
we
r
of
wirel
e
ss sen
s
or n
ode
s
a
nd lo
w ban
d
w
idth
of
wirel
e
ss
network, fu
rthe
r o
p
timize th
e
manag
eme
n
t proto
c
ol
de
sign. The
ce
rtificate of
Nod
e
A
and B are
sh
ow in (1
2) a
n
d
(13
)
.
,,
,
,
,
AA
A
A
A
A
A
C
A
C
e
r
t
I
D
yD
a
t
e
h
I
D
yD
a
t
e
s
(
1
2
)
,,
,
,
,
B
BB
B
B
B
B
C
A
C
e
r
t
I
D
yD
a
t
e
h
I
D
yD
a
t
e
s
(
1
3
)
If node B will comm
uni
cate
with node A.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3021 – 3
029
3028
:,
AA
x
B
A
BC
e
r
t
Nod
e
A need
to calculate the followi
ng formul
a:
N
N
y
k
A
B
A
B
B
x
B
s
mod
mod
'
(
1
4
)
If node A will comm
uni
cate
with node B.
:,
,
,
,
AA
A
s
A
B
A
B
r
x
C
e
r
t
f
k
ID
ID
(
1
5
)
Nod
e
B need
s to cal
c
ulate
the followin
g
formul
a:
N
N
y
k
B
A
B
A
A
x
A
s
mod
mod
'
(
1
6
)
If the commu
nicatio
n
between no
de B and nod
e A.
:,
,
sA
B
A
B
f
k
ID
ID
(17)
The
comm
un
ication
proce
s
s bet
wee
n
node
s A
fter
further optimi
z
ation
is sh
own
in
Figure 4:
Figure 4. The
Commu
nication Pro
c
e
ss b
e
twee
n No
de
s after Fu
rthe
r Optimizatio
n
6. Conclusio
n
We p
r
opo
se
a
security proto
c
ol
ba
se
d
on ce
rtificate
than
the
use of sy
mmetri
c
cryptog
r
a
phy for key excha
nge protocol is more se
cu
re and mo
re e
ffective.
The
se
ssi
o
n
key Ks' g
enerated bef
ore
optimization
schem
e
of dra
w
back i
s
that each
key
negotiati
on pro
c
e
s
s is
the
same. For
se
curity
reason
s, each
key
agre
e
me
nt are gene
rating t
he
same
key is
not safe
. This
is
similar
to
the dynamic
password, on
ly changi
ng the
sessio
n
key
to ensu
r
e
and
imp
r
ove t
he security of
the
sy
st
em.
Different
opt
imization
sch
e
mes
in
the
above
sche
me
is m
a
inl
y
for
key ne
gotiation
process different will
produce different
session
key
.
The certificate will be
similar to what
we
u
s
ually
sa
id the
pa
ssword,
that i
s
to
say
if
the
certificate
wa
s le
ake
d
,
then th
e
adversa
ry
can
throug
h this similar to the p
a
ssword
cred
entia
ls to imitate the use
r
s
of illegal beh
avior.
In the
pro
p
o
s
ed p
r
oto
c
ol,
node A
and
node B
ex
ch
ange
ce
rtificates
a
nd oth
e
r Diffie-
Hellma
n
pa
ra
meters to ca
lculate
a co
mmon
sessio
n key
N
k
B
A
r
r
s
mod
. The encryptio
n
an
d
identity information
exchang
e to
authentic
ation
and verification of
a
shared
se
ssi
on
key
role.
Ks'
can b
e
u
s
ed
to encrypt the
se
ssi
on
key
is exch
ange
d throu
gh
wi
reless chan
ne
ls A
and E inform
ation. Our p
r
o
t
ocol adva
n
ta
ge
lie
s
in
the
amou
nt of in
formation
it requires l
e
ss
and
Send Cert
A
、
AA
rx
an
d
f(
ks,
[
I
D
A
,
I
D
B
]
) t
o
B
,
B
calculate
N
N
y
k
B
A
B
A
A
x
A
s
mod
mod
'
Cert
B
and
BB
x
v
e
ri
fy
th
e d
a
ta, Nod
e
A
calcu
late
'
mo
d
m
od
A
BB
B
A
x
sB
ky
N
N
A
B
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
The Im
prove
d
Key Excha
nge Proto
c
ol
Based o
n
Pu
blic Key
Ce
rtificates
(Cuiji
e
Zhao)
3029
only
need
a
session
key. Comp
utation
node
i
s
mai
n
l
y
reflecte
d in
the
cal
c
ul
ation of
the
se
ssion
key
by
r
A
r
B
co
mputing mo
d
e
scree
n
ope
ration co
rresp
ondin
g
to.
We propo
se
an
authe
ntication
se
ssi
o
n
key
for use in
a
variety of wirele
ss
sen
s
o
r
netwo
rk no
de to
n
o
de exch
ang
e
prot
o
c
ol. Co
mmuni
cation
betwe
en
two node
s
shoul
d
b
e
prote
c
ted
ea
ch othe
r n
e
igh
bor
nod
es
in
wirel
e
ss
se
nsor n
e
two
r
k,
which
mea
n
s that
the sessi
on
key exch
an
ge
between
them
sho
u
ld
not be
expose
d
to
other nei
ghb
o
r
node
s in
the
netwo
rk.
Whe
n
the nee
d
for
mutual
authenti
c
atio
n and
sessio
n key exch
ange
the
s
e t
w
o
asp
e
ct
s will
be
used
whe
n
node
to no
de com
m
uni
cation se
cu
rity
proto
c
ol. On
e
side
of
wh
ich
is
com
m
uni
ca
tion betwe
en
nod
es
a
nd the
wirele
ss
n
e
two
r
k, a
nd
o
n
the oth
e
r
hand reflecte
d in the com
m
unication b
e
twee
n different node
s.
The no
de
s
A
and B are in
different
net
works.
That i
s
to say,
A's neigh
bor
i
s
th
e sam
e
B,
neighbo
r
node
s in
B
is C,
A
and
B want to
mutual a
u
the
n
tication
and
shared
the
same
se
ssi
on key whe
n
you ne
ed to use the
Daffier-Hellm
an key excha
nge me
cha
n
i
s
m.
After initializa
t
ion, node
A
and no
de B were
certif
ied t
h
rou
gh
ea
ch
other'
s
certificate. At
the same ti
me,
the visiting
network
al
so ne
ed to node A
auth
enticatio
n,
A
and
Diffie-Hel
l
man
para
m
eter
p
a
s
sed to the n
ode,
its
role i
s
to provide
a
commu
nication
neig
hbo
r
n
ode E
and no
de
B safely throu
gh its neig
h
b
o
r nod
es in F
mode.
In
the node
t
o
a se
cu
rity
proto
c
ol no
de
, no se
cure i
n
formation tra
n
smi
ssi
on of
wirel
e
ss
sen
s
o
r
nod
es to
different netwo
rk, which
mea
n
s th
at no o
ne
can si
mulate
wirele
ss
se
nso
r
node.
In ad
dition, se
cret
commu
nication betwe
en two
diffe
rent no
de
s
can
also
be
guarantee
d.
Once in
each
set
up
a
se
cu
re
ch
ann
el
,
node a
nd the
netwo
rk
witho
u
t encryptio
n operation
can
be approp
ria
t
e to alleviate.
Referen
ces
[1]
Yang Geng, Xu Jian, Ch
e
n
W
e
i. Secur
i
t
y
f
eatures
a
nd ke
y te
c
h
n
o
lo
g
y
of
the
Inter
net of things.
J
our
na
l
of Nan
jin
g U
n
i
v
ersity of Post
s and T
e
lec
o
mmu
n
ic
ations (
N
atural Sc
ienc
e
Editio
n).
20
10;
30(0
4
): 20-
29.
[2]
W
ang
He, Ya
n
g
Hua, Gao F
ubi
ng. Secur
i
t
y
.
Sichuan
or
dn
ance Jo
urn
a
l
of Internet of things
. 2
011
;
(11): 90-9
1
.
[3]
Ak
y
i
ldiz IF
, S
u
W
,
Sankara
s
ubram
ansi
a
m
Y, Ca
yirci E
.
A Surve
y
o
n
Sens
or Net
w
o
r
ks.
IEEE
Co
mmun
icati
o
ns Maga
z
i
ne
. 2
002; 40(
8): 104
-112.
[4]
Hao W
e
n
jia
ng.
T
e
chnica
l
sec
u
rit
y
iss
ues
of.
Netw
ork infor
m
ati
on sec
u
rit
y
of Internet of things
. 201
0;
(01): 49-5
0
.
[5]
Dirk H. RF
ID Securit
y
an
d P
r
ivac
y
:
C
onc
ep
ts, Pr
otocols, and Arch
itectu
res. Berlin: Sp
ring
er. 200
8:
107-
137.
[6]
Juels
A. RFID Secur
i
t
y
and
Privac
y
:
A
Research Surv
ey.
Selecte
d
Ar
e
a
s i
n
c
o
mmun
i
c
ation,
20
06;
24(2): 38
1-3
9
4
.
[7]
F
u
Rong.
Net
w
ork
researc
h
an
d i
m
pleme
n
tatio
n
of
securit
y
an
d pr
ivac
y
protecti
o
n
platform shar
in
g, Beiji
ng Jia
o
t
ong U
n
ivers
i
t
y
.
2011.
[8]
Diffie W, H
e
llm
an M.
Ne
w
Dir
ection
in
Cr
ypt
ogra
p
h
y
.
IEEE
T
r
ansacti
on
o
n
Infor
m
ati
o
n
T
heory.
19
76
;
6(22): 64
4-6
5
4
.
[9]
Kohnfe
l
d
e
r LM
. T
o
w
a
rds
a P
r
actical P
u
b
lic-
k
e
y
Cr
yptos
y
st
em. MIT
B.S. T
hesis, MIT
Departme
n
t of
Electrical E
ngi
neer
ing. 1
978.
Evaluation Warning : The document was created with Spire.PDF for Python.