Toward Securing Links and Large-Scale Networks of Resource-Limited Devices A Thesis Presented to The Academic Faculty by Farshid Delgosha In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Electrical and Computer Engineering • I N S T A I T I U G T R E O • E O G F • • E T H E T C • H F P R O G R ESS S ER V I C E N O A N D O • L L O A G E Y S • • 1 8 8 5 Georgia Institute of Technology December 2007 Copyright c Farshid Delgosha 2007 Toward Securing Links and Large-Scale Networks of Resource-Limited Devices Approved by: Professor Faramarz Fekri Professor Chuanyi Ji Advisor, Committee Chair School of Electrical and Computer School of Electrical and Computer Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Professor Alexandra O. Boldyreva Professor Steven W. McLaughlin Department of Computer Science School of Electrical and Computer Georgia Institute of Technology Engineering Georgia Institute of Technology Date Approved: 27 July 2007 Professor Raghupathy Sivakumar School of Electrical and Computer Engineering Georgia Institute of Technology To the memory of my mother and to my father and my brother whom I love with all my heart. ACKNOWLEDGEMENTS I would like to express my appreciation to my advisor, Prof. Faramarz Fekri, whose knowl- edge, wisdom, experience, and caring paved the way for success in my academic career. His support will always be remembered. The support and love that I have received from my family have been enormous. I would like to highly appreciate my father Mohammad and my brother Payam for being so kind. I also take the opportunity to thank my colleagues and friends, specially Dr. Babak Firoozbakhsh, Dr. Majid Fozunbal, Dr. Pejman Monajemi, Ms. Gail Palmer, and Mr. Er- man Ayday, whose support and caring have always enlightened my way during the years at Georgia Tech. I am very grateful for their friendships. Finally, I wish to highly thank Ms. Shirley McKelheer for her continuous love, support, and encouragements that have kept my heart warm for so many years. She will always remain in my memory and my heart. - vii - TABLE OF CONTENTS Dedication v Acknowledgements vii List of Tables xv List of Figures xvi List of Algorithms xviii List of Abbreviations xix Summary xxi 1 Introduction and Background Review 1 1.1 Notation .................................... 13 1.1.1 SetNotation .............................. 14 1.1.2 MatrixNotation ............................ 16 1.1.3 AsymptoticNotation . 18 1.1.4 GeneralNotation ........................... 18 1.2 LinearAlgebraBackground . 19 1.2.1 Involution ............................... 19 1.2.2 SesquilinearForm . 21 1.2.3 UnitaryMatrix............................. 23 1.2.4 ParaunitaryMatrix . 25 - viii - Part I Bivariate PU Filter Banks over Fields of Characteristic Two 2 Finite-Field Wavelet Transform 27 2.1 Quick Introduction to Wavelet Transform . ..... 27 2.2 UnitaryMatrices................................ 31 2.3 UnivariatePUMatrices . 31 3 Factorization of Bivariate PU Matrices 35 3.1 RelatedWork.................................. 36 1 3.2 Self-Orthogonal Polynomial Vectors over F[x± ] .............. 39 1 3.3 Bivariate Building Blocks PU over F[x± ].................. 40 3.3.1 BivariateDegree-OnePUBuildingBlock . 41 3.3.2 Bivariate Degree-2τ PUBuildingBlock . 42 1 3.4 First-Level Factorization over F[x± ]..................... 44 3.5 Second-LevelFactorization . 48 3.5.1 Degree-OneBuildingBlock . 49 3.5.2 Degree-2τ BuildingBlock....................... 49 3.6 Applications .................................. 53 3.6.1 Factorization of Bivariate PU Matrices over C ........... 53 3.6.2 Error-ControlCoding . 54 3.7 Summary.................................... 55 Part II Multivariate Cryptography 4 Introduction 58 4.1 Historical Background and Motivation . ..... 58 -ix- 4.2 RSA....................................... 61 4.3 EllipticCurveCryptography . 62 4.4 MultivariateCryptography . 63 5 Wavelet Self-Synchronizing Stream-Cipher 66 5.1 BackgroundReview .............................. 67 5.1.1 Classification of Stream Ciphers . 67 5.2 Wavelet Self-Synchronizing Stream Cipher (WSSC) . ...... 78 5.2.1 ModifiedWaveletTransform . 79 5.2.2 BasicRoundoftheWSSC . 81 5.2.3 Multiple Rounds of the WSSC . 84 5.2.4 KeySetup ............................... 85 5.3 CryptanalysisoftheWSSC . 87 5.3.1 InterpolationAttack. 88 5.3.2 AlgebraicAttacks . 90 5.3.3 DeltaAttack .............................. 92 5.3.4 Time-Memory Tradeoff Attack . 96 5.3.5 Divide-and-ConquerAttack. 97 5.3.6 Correlation and Distinguishing Attacks . .... 98 5.4 PerformanceEvaluation . 100 5.5 Summary.................................... 101 6 Paraunitary Public-Key Cryptography 102 6.1 BackgroundReview .............................. 102 6.1.1 Signature Based on Birational Permutations . .... 103 6.1.2 Tame Transformation Methods . 104 6.1.3 Tractable Rational Map Cryptosystem . 104 6.1.4 C∗ AlgorithmanditsVariants . 105 6.2 Paraunitary Asymmetric Cryptosystem (PAC) . ..... 111 -x- 6.2.1 BijectiveMappings . 115 6.2.2 Polynomial Vector ϕ .......................... 117 6.2.3 SetupAlgorithms ........................... 118 6.3 ProbabilisticPAC ............................... 120 6.4 On the Computational Security of the PAC . ... 121 6.5 APracticalInstanceofthePAC . 126 6.5.1 Constructing the Polynomial Vector Ψ . 126 6.5.2 ComplexityofthePAC . 130 6.6 Cryptanalysis of the Instance of the PAC . .... 131 6.6.1 Gr¨obnerBasis ............................. 132 6.6.2 Univariate-Polynomial Representation of the Public Polynomials . 133 6.6.3 XLandFXLAlgorithms . 134 6.6.4 An Attack for Small r ......................... 135 6.7 Paraunitary Digital Signature Scheme (PDSS) . ...... 136 6.7.1 Polynomial Vector ϕ .......................... 139 6.7.2 SetupAlgorithm............................ 140 6.7.3 APracticalInstanceofthePDSS . 140 6.8 Summary.................................... 142 Part III Security of Wireless Sensor Networks 7 Key Pre-Distribution 145 7.1 BackgroundReview .............................. 145 7.2 RelatedWork.................................. 147 7.2.1 q-CompositeScheme. 149 7.2.2 Blom’sScheme............................. 150 7.2.3 Duetal.’sThresholdScheme. 152 -xi- 7.2.4 Liu’sPolynomial-BasedSchemes . 153 7.2.5 Location-AwareKPSs. 158 7.3 Multivariate Key Pre-Distribution Scheme . ..... 159 7.3.1 Setup .................................. 161 7.3.2 Link-KeyEstablishment. 162 7.4 EvaluationoftheMKPS ........................... 165 7.4.1 NetworkConnectivity . 165 7.4.2 Resilience Against Node Capture . 168 7.4.3 DimensionOptimization . 172 7.4.4 CommunicationRange . 177 7.4.5 StorageMemory ............................ 178 7.5 Location-AwareMKPS ............................ 180 7.5.1 Setup .................................. 182 7.5.2 Link-KeyEstablishment. 184 7.6 EvaluationoftheLA-MKPS . 184 7.6.1 Resiliency Against the Node Capture . 185 7.6.2 StorageMemory ............................ 186 7.7 Summary.................................... 188 8 Data Authenticity and Availability 189 8.1 Introduction .................................. 189 8.1.1 RelatedWork ............................. 191 8.2 Review of Some Cryptographic Primitives . ..... 193 8.2.1 SecretSharingAlgorithm . 193 8.2.2 Pseudo-randomFunction . 194 8.2.3 HashTree ............................... 194 8.3 Location-Aware Network-Coding Security . .... 196 8.3.1 GeneralAssumptions . 198 - xii - 8.3.2 Setup .................................. 199 8.3.3 SecureInitialization . 200 8.3.4 ReportGeneration. 201 8.3.5 Report Authentication and Filtering . ... 203 8.3.6 ReportForwarding. 205 8.3.7 SinkVerification . .. .. .. .. .. .. .. 206 8.4 SecurityEvaluationoftheLNCS . 207 8.4.1 DataConfidentiality. 207 8.4.2 DataAuthenticity . 207 8.4.3 DataAvailability. 208 8.5 Performance Evaluation of the LNCS . 210 8.5.1 ComputationOverhead . 210 8.5.2 CommunicationOverhead. 211 8.5.3 Retransmission............................. 211 8.6 ComparisonwithLEDS . 213 8.7 Summary.................................... 214 Part IV Postliminary Material 9 Conclusion of the Thesis 217 Appendices 221 A ProofsofChapter3inPartI ......................... 221 B Efficient Generation of Multivariate PU Matrices . ..... 229 C ToyExamplesofthePACandPDSS . 236 D DetailsandProofsofMKPS ......................... 242 Bibliography 245 - xiii - Vita 264 - xiv - LIST OF TABLES 1.1 Frequently-usedsetnotations.. ..... 14 1.2 Sets constructed from an arbitrary set . ................... 15 A 1.3 Matrixnotations................................. 17 5.1 Coefficients of G(n, ℓ). .............................. 80 5.2 Design parameters for every round of WSSC. ..... 86 5.3 Complexity comparison between the WSSC and AES in the one-bit CFB mode.100 6.1 Complexities of constructing the components of PAC. ......... 130 6.2 Complexity comparison in the number of binary multiplications. 131 6.3 Complexities of constructing the components of PDSS. .......... 142 6.4 Complexity comparison in the number of binary multiplications. 142 B.1 PUbuildingblocksandtheirparameters . ...... 229 C.1 Coefficients of the polynomial Ψ1(x)inPAC.................. 238 C.2 Coefficients of the polynomial Ψ1(x,x′)inPDSS ............... 240 -xv- LIST OF FIGURES 2.1 Two-bandfilterbank. .............................. 29 2.2 Polyphase representation of two-band filter bank. ......... 30 3.1 Block diagram of the bivariate degree-one PU building block. ........ 42 3.2 Block diagram of the bivariate degree-2τ PUbuildingblock. 43 3.3 Filter bank structure of the half-rate encoder of the TDFBC.