Sage Journals: Discover world-class research

Abstract

This paper presents a secure and practical verifiable multi-secret sharing scheme with application on multimedia sensor networks. By utilizing the merits of biometric cryptography, the proposed scheme can reliably conceal private information and overcome the shortcoming of the traditional cryptography. Security analysis shows that the proposed scheme provides secure, robust, and trustworthy verification of dealer and participants over insecure wireless multimedia sensor networks.

1. Introduction

Wireless multimedia sensor networks (WMSNs) have started to receive a lot of attention very recently due to their potential to be deployed flexibly in various applications with lower costs [1, 2]. As WMSNs are widely deployed in remote and hostile environments to transmit sensitive information by broadcast, sensor nodes are prone to node compromise attacks and security issues such as data confidentiality and integrity are extremely important. Hence, security becomes a very serious concern in WMSNs protocols. But unfortunately sensor nodes have limited power, computation, storage, and communication capabilities; they impose several constraints on the algorithm and protocol that can be effectively deployed for such systems. In this scenario, most of the traditional security mechanisms are useless. Thus, the research of new efficient security techniques is needed [3–5].

In order to keep the secret efficiently and safely, in 1979, Shamir [6] and Blakley [7] first developed the concepts of the secret sharing (SS) scheme, respectively. In such a scheme, the dealer splits the secret into shares among participants, and sends the share to the corresponding participant. As a result, any t out of the n participants can cooperate to resume the secret, but any less than t out of the n participants cannot get any useful information about the secret by any way. A threshold secret sharing scheme has many practical applications, such as opening a bank vault, launching a nuclear, or authenticating an electronic funds transfer. Later, several multisecret sharing schemes were proposed [8–12]. In a multisecret sharing scheme, there are multiple secrets to be shared during one secret sharing process. In 2004, Yang et al. (YCH) [13] proposed a novel multisecret sharing (MSS) scheme, which is based on a two-variable one-way function. Besides efficient computation for practice, the scheme has the following merits: (1) several secrets can be shared during one secret sharing process; (2) the dealer need not redistributes a fresh shadow after the secrets have been reconstructed. But YCH scheme does not have the property of verification. That is to say, neither dealer nor participants cheating can be detected. As for dealer cheating, the dishonest dealer can prevent any certain participant from obtaining the true secret by distributing a fake shadow to him/her [14]; and the participants cheating, a malicious participant may provide a fake shadow to other participants, which makes the malicious participant the only one who gets to reconstruct the true secret [15]. In a secret sharing involving multiple dealers, the property of verifiability is more desirable since these dealers are mutually distrusted.

In 2005, Shao and Cao (SC) [16] proposed a verifiable multisecret sharing (VMSS) based on YCH and the intractability of the discrete logarithm. However, the speed of SC scheme is not competitive [17]. In 2007, Zhao et al. (ZZZ) [18] proposed another practical VMSS based on YCH. ZZZ scheme perform the verification phase by utilizing RSA cryptosystem and a Diffie-Helman key agreement method. Though ZZZ scheme significantly reduced the computation costs of the whole system, it is required that the dealer reconstructs a RSA cryptosystem once the secrets have been reconstructed. Later on, Dehkordi and Mashhadi (DM) [17] proposed an efficient VMSS scheme to improve the performance of SC scheme. Compared to ZZZ scheme, DM scheme just constructs one RSA cryptosystem in the whole system and the dealer verification is not required. But any participant has to compute $t - 1$ modular exponential computing to verify others' secret shadow. It is still very time-consuming. In addition, it is difficult to protect private keys from attackers in the password-based verification system [19].

To overcome the drawback and pitfall of only-password-based verification of YCH scheme, in this paper, we present an efficient and practical VMSS by using biometric data, for example, palmprint, with application on wireless multimedia sensor networks. In the verification phase of the proposed scheme, the time consuming modular exponentiation computations, for example, Diffie-Hellman or RSA, are eliminated. This scheme allows participants and dealer to cooperate in choosing secret shadows. It can effectively perform dealer and participants' verification. Moreover, the computation cost, security, and efficiency of the presented scheme are embarking for the real application in the practical environment.

Rest of the paper is organized as follows: Section 2 briefly reviews YCH scheme. Section 3 presents the efficient and practical palmprint-based VMSS scheme with application on wireless multimedia sensor networks. Section 4 performs performance analysis of the proposed scheme. Conclusions are given in Section 5.

2. Review of YCH Schemes

Function $f (r, x)$ denotes any two-variable one-way Hash function and $(P_{1}, P_{2}, \dots, P_{k})$ denotes k secrets to be shared among n participants. Before the secret sharing, the dealer randomly chooses n secret shadows $s_{1}, s_{2}, \dots, s_{n}$ and distributes them to every participant over a secret channel. Then the dealer performs the following steps.

(2.1) If $k \leq t$ . (a)

Chooses a big prime Q and constructs $(t - 1)$ th degree polynomial $h (x) \mod Q$ :

\begin{array}{l} h (x) = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} + a_{1} x^{k} \\ + a_{2} x^{k + 1} + \dots + a_{t - k} x^{t - 1} \mod Q, \end{array}

(1)

where $0 < P_{1}$ , $P_{2}, \dots, P_{k}$ , $a_{1}, a_{2}, \dots, a_{t - k} < Q$ .

(b)

Compute $y_{i} = h (f (r, s_{i})) \mod Q$ for $i = 1,2, \dots, n$ .

(c)

Publish $(r, y_{1}, y_{2}, \dots, y_{n})$ .

(2.2) If $k > t$ . (a)

Choose a big prime Q and construct $(k - 1)$ th degree polynomial $h (x) \mod Q$ :

\begin{matrix} h (x) = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} \mod Q, \end{matrix}

(2)

where $0 < P_{1}$ , $P_{2}, \dots, P_{k} < Q$ .

(b)

Compute $y_{i} = h (f (r, s_{i})) \mod Q$ for $i = 1,2, \dots, n$ .

(c)

Compute $h (i) \mod Q$ for $i = 1,2, \dots, k - t$ .

(d)

Publish $(r, y_{1}, y_{2}, \dots, y_{n}, h (1), h (2), \dots, h (k - t))$ .

If at least t participants pool their pseudo shadows $f (r, s_{i})$ (for $i = 1,2, \dots, t$ ), then the polynomial $h (x) \mod Q$ can be uniquely determined as follows.

(1) If $k \leq t$

\begin{array}{l} h (x) = \sum_{i = 1}^{t} y_{i} \prod_{j = 1, j \neq i}^{t} \frac{x - f (r, s_{j})}{f (r, s_{i}) - f (r, s_{j})} \mod Q \\ = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} + a_{1} x^{k} \\ + a_{2} x^{k + 1} + \dots + a_{t - k} x^{t - 1} \mod Q . \end{array}

(3)

(2) If $k > t$

\begin{array}{l} h (x) = \sum_{i = 1}^{t} y_{i} \prod_{j = 1, j \neq i}^{t} \frac{x - f (r, s_{j})}{f (r, s_{i}) - f (r, s_{j})} \\ \times \prod_{l = 1, l \neq f (r, s_{i})}^{k - t} \frac{x - l}{f (r, s_{i}) - l} \\ + \sum_{i = 1}^{k - t} h (i) \prod_{j = 1, j \neq i}^{k - t} \frac{x - j}{i - j} \\ \times \prod_{l = 1, l \neq f (r, s_{i})}^{t} \frac{x - f (r, s_{l})}{i - f (r, s_{l})} \mod Q \\ = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} \mod Q . \end{array}

(4)

Then the shared secrets $P_{1}, P_{2}, \dots, P_{k}$ are recovered.

3. The Proposed Palmprint-Based VMSS Scheme

In this section we will propose a new palmprint-based VMSS scheme with application on wireless multimedia sensor networks. The verification is based on matching of the palmprint template. The notations $(P_{1}, P_{2}, \dots, P_{k})$ and $f (r, x)$ in this scheme are the same as those of Section 2. Define D and $M = {M_{i}}_{i = 1}^{n}$ are dealer (Server) and set of participants respectively.

3.1. Architecture of Wireless Multimedia Sensor Networks

Figure 1 shows the developed architecture of the secure wireless multimedia sensor networks by utilizing the proposed biometric based VMSS. Each camera sensor node in the networks is battery-powered and has limited computation and wireless communication capabilities. The sink is a data collection and storage center equipped with sufficient computation and storage capabilities. Camera sensor nodes periodically send the captured images to the sink node. Then the sink nodes transport this information secretly with the data process server via carrier networks. The proposed scheme is mounting among the sink nodes.

Figure 1

System architecture of the multimedia sensor network with VMSS.

3.2. Initialization Phase

Figure 2 shows an overall flowchart of the initialization phase. For $i = 1,2, \dots, n$ participant $M_{i}$ first randomly chooses his private key $s_{i}^{'}$ and submits to the dealer D. $M_{i}$ also imprints his palmprint image at the camera sensor nodes, and then initialization system performs the following operations. (1)

Dealer D randomly chooses a corresponding secret shadow $s_{i}$ and computes $f (s_{i}^{'}, s_{i})$ .

(2)

Write $M_{i}$ , $B_{i}$ and $V_{i} = f (s_{i}^{'}, s_{i}) \oplus B_{i}$ into the memory of the corresponding sink node, where $B_{i}$ is the palmprint template of $M_{i}$ . For more details on calculate $V_{i} = f (s_{i}^{'}, s_{i}) \oplus B_{i}$ , the reader can refer to [20].

Figure 2

Overall flowchart of the initialization phase.

3.3. Construction Phase

The dealer D chooses a random number r and performs the following steps.

(1) If $k \leq t$ . (a)

Chooses a big prime Q and constructs $(t - 1)$ th degree polynomial $h (x) \mod Q$ :

\begin{array}{l} h (x) = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} + a_{1} x^{k} \\ + a_{2} x^{k + 1} + \dots + a_{t - k} x^{t - 1} \mod Q, \end{array}

(5)

where $0 < P_{1}$ , $P_{2}, \dots, P_{k}$ , $a_{1}, a_{2}, \dots, a_{t - k} < Q$ .

(b)

Compute $y_{i} = h (f (r, f (s_{i}^{'}, s_{i}))) \mod Q$ for $i = 1,2, \dots, n$ .

(c)

Publish $(r, y_{1}, y_{2}, \dots, y_{n})$ .

(2) If $k > t$ . (a)

Choose a big prime Q and construct $(k - 1)$ th degree polynomial $h (x) \mod Q$ :

\begin{matrix} h (x) = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} \mod Q, \end{matrix}

(6)

where $0 < P_{1}$ , $P_{2}, \dots, P_{k} < Q$ .

(b)

Compute $y_{i} = h (f (r, f (s_{i}^{'}, s_{i}))) \mod Q$ for $i = 1,2, \dots, n$ .

(c)

Compute $h (i) \mod Q$ for $i = 1,2, \dots, k - t$ .

(d)

Publish $(r, y_{1}, y_{2}, \dots, y_{n}, h (1), h (2), \dots, h (k - t))$ .

3.4. Verification Phase

By utilizing the published r and the secret shadow $s_{i}$ , each participant ${M_{i}}_{i = 1}^{n}$ can compute his secret share $f (r, f^{'} (s_{i}^{'}, s_{i}))$ . If participants ${M_{i}}_{i = 1}^{t}$ pool their shares $f (r, f^{'} (s_{i}^{'}, s_{i}))$ and identity $M_{i}$ , dealer D can perform the following verifications.

Computes $f (r, f (s_{i}^{'}, s_{i}))$ and compares $f (r, f (s_{i}^{'}, s_{i})) \overset{?}{=} f (r, f^{'} (s_{i}^{'}, s_{i}))$ . If they are equal, D believes that $M_{i}$ is honest.

Furthermore, $f (s_{i}^{'}, s_{i})$ is composed of the private key $s_{i}^{'}$ of $M_{i}$ and the secret shadow $s_{i}$ of D, therefore the dealer verification is unnecessary.

3.5. Recovery Phase

The security of a recovery phase is based on the palmprint cryptosystem. Suppose participants ${M_{i}}_{i = 1}^{t}$ want recovery the shared secret $(P_{1}, P_{2}, \dots, P_{k})$ , $M_{i}$ (for $i = 1,2, \dots, t$ ) imprints his palmprint to the camera sensor and the recovery system performs the following operations (the framework of this phase are shown in Figure 3). (1)

By utilizing the input palmprint image, generate $M_{i}$ 's palmprint template $B_{i}^{'}$ .

(2)

The sink node then performs matching process of $B_{i}^{'}$ with $B_{i}$ . If yes, compute $f (s_{i}^{'}, s_{i}) = V_{i} \oplus B_{i}$ and send $(f (r, f (s_{i}^{'}, s_{i})), M_{i})$ to the recovery system. If no, the recovery is aborted.

Figure 3

Framework of the recovery phase.

By utilizing the secret shadows $f (r, f (s_{i}^{'}, s_{i}))$ (for $i = 1,2, \dots, t$ ) and the corresponding published values, the polynomial $h (x) \mod Q$ can be uniquely determined as follows.

(1) If $k \leq t$

\begin{array}{l} h (x) = \sum_{i = 1}^{t} y_{i} \prod_{j = 1, j \neq i}^{t} \frac{x - f (r, s_{j})}{f (r, s_{i}) - f (r, s_{j})} \mod Q \\ = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} + a_{1} x^{k} \\ + a_{2} x^{k + 1} + \dots + a_{t - k} x^{t - 1} \mod Q . \end{array}

(7)

(2) If $k > t$

\begin{array}{l} h (x) = \sum_{i = 1}^{t} y_{i} \prod_{j = 1, j \neq i}^{t} \frac{x - f (r, s_{j})}{f (r, s_{i}) - f (r, s_{j})} \\ \times \prod_{l = 1, l \neq f (r, s_{i})}^{k - t} \frac{x - l}{f (r, s_{i}) - l} \\ + \sum_{i = 1}^{k - t} h (i) \prod_{j = 1, j \neq i}^{k - t} \frac{x - j}{i - j} \\ \times \prod_{l = 1, l \neq f (r, s_{i})}^{t} \frac{x - f (r, s_{l})}{i - f (r, s_{l})} \mod Q \\ = P_{1} + P_{2} x + \dots + P_{k} x^{k - 1} \mod Q . \end{array}

(8)

Then the shared secrets $P_{1}, P_{2}, \dots, P_{k}$ are recovered.

4. Performance Analysis

4.1. Security Analysis

The security of our proposed scheme is based on $(t, n)$ Shamir scheme and palmprint cryptography. In the rest of this section, some possible attacks will be raised and fought against to demonstrate the security of our scheme. (1)

If attacker Eve can use fewer points than t to reconstruct the polynomial $h (x) \mod Q$ , it is equal to Eve that has broken through the $(t, n)$ Shamir's scheme successfully. In this point, it is infeasible to recovery the secret shares of the proposed scheme by fewer points than t.

(2)

In this scheme, the dealer D cheating would be failed, because every secret shadow $f (s_{i}^{'}, s_{i})$ is composed of the private key $s_{i}^{'}$ of participant ${M_{i}}_{i = 1}^{n}$ and the secret shadow $s_{i}$ of D, either subtle differences of the secret will change $f (s_{i}^{'}, s_{i})$ significantly. This is based on the sensitivity to initial condition of Hash function $f (r, x)$ .

(3)

Suppose dishonest participant $M_{i}$ gives a fake share $f^{'} (r, f (s_{i}^{'}, s_{i}))$ to prevent the shared secrets recovery, it will be detected by dealer D in verification phase. Dealer D can compare $f (r, f (s_{i}^{'}, s_{i})) \overset{?}{=} f (r, f^{'} (s_{i}^{'}, s_{i}))$ to insure its correctness. The security is depending on the collision-free property of chaotic Hash function $f (r, x)$ .

(4)

Replay of the former round secret share $f (r, f (s_{i}^{'}, s_{i}))$ can be exposed, because r is random selected in each round and Hash function $f (r, x)$ is sensitivity to initial condition.

(5)

Any intruder cannot get $f (s_{i}^{'}, s_{i})$ because they cannot match the palmprint from the sensor nodes.

(6)

The same as $(5)$ , the intruder cannot compute the secret share $f (r, f (s_{i}^{'}, s_{i}))$ from the sink's data.

4.2. Computation Quality

Compared with the proposed YCH based VMSS schemes, such as DM scheme [17], ZZZ scheme [18] and SC scheme [16], the verification phase of our scheme is more efficient and suitable for using in the WMSNs. SC scheme requires some time consuming power products in the verification phase, so it is too complex to applicable on WMSNs. ZZZ scheme performs the verification phase by utilizing RSA cryptosystem and a Diffie-Helman key agreement method. It still requires $t + 1$ exponentiations to verify the validity of the secret shadows. And DM scheme just needs $t - 1$ modular exponential computing to verify others' secret shadow. The verification of our scheme is based on the collision-free one-way Hash function. Any participant requires only one chaotic Hash computation to verify his/her shadow's validity, and $t - 1$ Hash computations to verify other participants' shadows. Therefore, our scheme is more convenient for application on the WMSNs devices. Table 1 is for the comparison of these schemes.

Table 1

Computation quality of ZZZ, DM and our scheme.

By	For	ZZZ scheme	DM scheme	Our scheme
$M_{i}$	Initialization	$R_{i} = g^{s i} \mod N$	$s_{i}^{e} \mod N$	—
Dealer	Construction	Construct a RSA cryptosystem	One Hash function	One Hash function
$M_{i}$	Recovery	$I_{i} = R_{0}^{s i} \mod N$	One Hash function	One Hash function
$M_{i}$	Verification	${I_{j}^{f} \overset{?}{=} R_{j} \mod N}_{j = 1, j \neq i}^{t}$	t exponentiations	t Hash function

5. Conclusion

We have proposed a novel and complete biometric-based verifiable multisecret sharing scheme with application on WMSNs. This scheme can conceal the secret shadow by palmprint cryptography and provide perfect verification. Performance analyses demonstrate it can achieve more functionality and satisfies all criteria.

Footnotes

Acknowledgments

This work described here was supported by the Fundamental Research Funds for the Central Universities, Southwest University for Nationalities (nos. 11NZYQN27 and 11NZYTH06), and the National Natural Science Foundation of China (no. 61105061).

References

Khan

M. K.

Alghathbar

Cryptanalysis and security improvements of “two-factor user authentication in wireless sensor networks”

Sensors 2010 10 3 2450 2459

2-s2.0-77955495427

10.3390/s100302450

Guo

Zhang

Khan

M. K.

Alghathbar

Secure chaotic map based block cryptosystem with application to camera sensor networks

Sensors 2011 11 2 1607 1619

2-s2.0-79952087223

10.3390/s110201607

Niedermeier

de Meer

Dynamic key management in wireless sensor networks: a survey

Journal of Network and Computer Applications 2013 36 2 611 622

10.1016/j.jnca.2012.12.010

Shi

Zhang

Merabti

Kifayat

Resource-efficient authentic key establishment in heterogeneous wireless sensor networks

Journal of Parallel and Distributed Computing 2013 73 2 235 249

Qian

A novel key pre-distribution for wireless sensor networks

Physics Procedia 2012 25 2183 2189

Shamir

How to share a secret

Communications of the ACM 1979 22 11 612 613

2-s2.0-0018545449

10.1145/359168.359176

Blakley

Safeguarding cryptographic keys

Proceedings of the AFIPS National Computer Conference

1979

AFIPS Press

313 317

Chan

C.-W.

Chang

C.-C.

A scheme for threshold multi-secret sharing

Applied Mathematics and Computation 2005 166 1 1 14

2-s2.0-19044380939

10.1016/j.amc.2004.04.081

Chen

Y.-F.

Chan

Y.-K.

Huang

C.-C.

Tsai

M.-H.

Chu

Y.-P.

A multiple-level visual secret-sharing scheme without image size expansion

Information Sciences 2007 177 21 4696 4710

2-s2.0-34547810385

10.1016/j.ins.2007.05.011

10.

Chien

H.-Y.

Jan

J.-K.

Tseng

Y.-M.

A practical (t, n) multi-secret sharing scheme

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 2000 83 12 2762 2765

2-s2.0-0034504833

11.

Dawson

Multisecret-sharing scheme based on one-way function

Electronics Letters 1995 31 2 93 95

2-s2.0-0029197220

10.1049/el:19950073

12.

Liu

Xiao

Zhang

Linear multi-secret sharing schemes based on multi-party computation

Finite Fields and their Applications 2006 12 4 704 713

2-s2.0-33748802286

10.1016/j.ffa.2006.05.003

13.

Yang

C.-C.

Chang

T.-Y.

Hwang

M.-S.

A (t,n) multi-secret sharing scheme

Applied Mathematics and Computation 2004 151 2 483 490

2-s2.0-1542402281

10.1016/S0096-3003(03)00355-2

14.

Chor

Goldwasser

Micali

Awerbuch

Verifiable secret sharing and achieving simultaneity in the presence of faults

Proceedings of the 26th IEEE Symposium on the Foundations of Computer Science (FOCS ′85)

1985

251 260

15.

Tompa

Woll

How to share a secret with cheaters

Journal of Cryptology 1989 1 3 133 138

2-s2.0-0024141971

10.1007/BF02252871

16.

Shao

Cao

Z.-F.

A new efficient (t, n) verifiable multi-secret sharing (VMSS) based on YCH scheme

Applied Mathematics and Computation 2005 168 1 135 140

2-s2.0-25644460988

10.1016/j.amc.2004.08.023

17.

Dehkordi

M. H.

Mashhadi

An efficient threshold verifiable multi-secret sharing

Computer Standards and Interfaces 2008 30 3 187 190

2-s2.0-37649017555

10.1016/j.csi.2007.08.004

18.

Zhao

Zhang

Zhao

A practical verifiable multi-secret sharing scheme

Computer Standards and Interfaces 2007 29 1 138 141

2-s2.0-33751101633

10.1016/j.csi.2006.02.004

19.

Khan

M. K.

Zhang

Tian

Chaotic secure content-based hidden transmission of biometric templates

Chaos, Solitons and Fractals 2007 32 5 1749 1759

2-s2.0-33846419477

10.1016/j.chaos.2005.12.015

20.

Wang

Zhang

A cryptosystem based on palmprint feature

Proceedings of the 19th International Conference on Pattern Recognition (ICPR ′08)

December 2008

2-s2.0-77957961406

A Novel Verifiable Multisecret Sharing Scheme in Wireless Multimedia Sensor Networks

Abstract

1. Introduction

2. Review of YCH Schemes

3. The Proposed Palmprint-Based VMSS Scheme

3.1. Architecture of Wireless Multimedia Sensor Networks

3.2. Initialization Phase

3.3. Construction Phase

3.4. Verification Phase

3.5. Recovery Phase

4. Performance Analysis

4.1. Security Analysis

4.2. Computation Quality

5. Conclusion

Footnotes

Acknowledgments

References