110 7. EFFICIENT AND SECURE CODE DISSEMINATION IN SENSOR CLOUDS
To enable distributed decryption and authentication of the contents, the cluster head in each
cluster creates virtual ids ranging from 1 to N and gives each sensor one of the virtual ids, where
N is the number of packets in a page. e sensors, instead of dealing with all the packets, only
store the packets which are multiples of their virtual id. us, a node with virtual id 1, decrypts
pkt1 in all the pages. Likewise, the node with virtual id 2, decrypts pkt2 in all the pages and
so on. When the number of nodes in the cluster is less than N , nodes can be given additional
virtual ids. Each node can decrypt and authenticate the packet in page i from the hash in the
packet in page i C 1 and finally packets in page 1 can be authenticated from the VHT. After all
of the packets have been received and authenticated, the nodes encrypt their decrypted packets
again and broadcast for other nodes to receive. e encryption is done in large blocks, reducing
the number of encryption and decryption operations a node must perform and thus conserving
energy on nodes.
Once the nodes receive all the packets from the code dissemination, they first verify that
the cluster members have not tampered with the code. is is done by hashing each page and
verifying the root of the HHT. Since nodes are only allowed to decrypt a part of each page, any
change in the code by a malicious node will always be identified. After the verification phase
is complete, the nodes use the index to extract the CFL, the Bloom filter, the new code, the
re-encryption key RK
i
, and the encryption key K
i
. e cluster head then broadcasts RK
i
and
CFL in clear.
When a node receives this broadcast packet, it checks if it has one or more of the requested
functions in the CFL by comparing the FIDs. If the node finds that it has some of the requested
functions, it verifies the validity of the CFL and RK
i
by creating an HMAC over h.CFL / and
h.RK
i
/ using the authentication key A
i
. is HMAC is compared with the HMAC received
in the pre-dissemination phase. If both of the HMACs match, CFL and the RK
i
are valid. e
requested functions are then re-encrypted with RK
i
and sent back to the requesting nodes. e
encryption key (K
i
) received by the cluster nodes in the code dissemination is used to decrypt
the received encrypted functions. e received functions are then verified using the Bloom Filter.
e functions are hashed and the resulting positions in the filter are checked against the already
existing entries in the Bloom Filter. If the hashes of a received function result in positions which
are unset in the Bloom Filter, the function is rejected, otherwise it is accepted. Once all functions
pass through the Bloom Filter, the nodes are ready to build the code image from its various
parts. To build the code image, the nodes use the CFL to plug the common functions into their
appropriate position in the code. e code image is stored and built in the flash memory. Once
the build is complete, the bootloader can boot the node up using this image. e entire process
is illustrated in Algorithm 7.12.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.