Subscribe
Issue No.08 - August (2010 vol.59)
pp: 1120-1133
Taekyoung Kwon , Sejong University, Seoul
Jin Hong , Seoul National University, Seoul
ABSTRACT
Authenticated broadcast, enabling a base station to send commands and requests to low-powered sensor nodes in an authentic manner, is one of the core challenges for securing wireless sensor networks. \muTESLA and its multilevel variants based on delayed exposure of one-way chains are well known valuable broadcast authentication schemes, but concerns still remain for their practical application. To use these schemes on resource-limited sensor nodes, a 64-bit key chain is desirable for efficiency, but care must be taken. We will first show, by both theoretical analysis and rigorous experiments on real sensor nodes, that if \muTESLA is implemented in a raw form with 64-bit key chains, some of the future keys can be discovered through time-memory-data-tradeoff techniques. We will then present an extendable broadcast authentication scheme called X-TESLA, as a new member of the TESLA family, to remedy the fact that previous schemes do not consider problems arising from sleep modes, network failures, idle sessions, as well as the time-memory-data tradeoff risk, and to reduce their high cost of countering DoS attacks. In X-TESLA, two levels of chains that have distinct intervals and cross-authenticate each other are used. This allows the short key chains to continue indefinitely and makes new interesting strategies and management methods possible, significantly reducing unnecessary computation and buffer occupation, and leads to efficient solutions to the raised problems.
INDEX TERMS
 [1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, "A Survey on Sensor Networks," IEEE Comm. Magazine, vol. 40, no. 8, pp. 102-114, Aug. 2002. [2] G. Avoine, P. Junod, and P. Oechslin, "Time-Memory Trade Offs: False Alarm Detection Using Checkpoints," Proc. Indocrypt '05, pp. 183-196, 2005. [3] S. Babbage, "Improved Exhaustive Search Attacks on Stream Ciphers," Proc. European Convention on Security and Detection, pp. 161-166, 1995. [4] A. Biryukov and A. Shamir, "Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers," Proc. Asiacrypt '00, pp. 1-13, 2000. [5] B. Calhoun, D. Daly, N. Verma, D. Finchelstein, D. Wentzloff, A. Wang, S. Cho, and A. Chandrakasan, "Design Considerations for Ultra-Low Energy Wireless Microsensor Nodes," IEEE Trans. Computers, vol. 54, no. 6, pp. 727-740, June 2005. [6] Crossbow Technology, Inc., http:/www.xbow.com, 2009. [7] A. Durresi, V. Paruchuri, S. Iyengar, and R. Kannan, "Optimized Broadcast Protocol for Sensor Networks," IEEE Trans. Computers, vol. 54, no. 8, pp. 1013-1024, Aug. 2005. [8] P. Flajolet and A.M. Odlyzko, "Random Mapping Statistics," Proc. Eurocrypt '89, pp. 329-354, 1990. [9] S. Ganeriwal, S. Capkun, C. Han, and M. Srivastava, "Secure Time Synchronization Service for Sensor Networks," Proc. ACM Workshop Wireless Security (WiSe), pp. 97-106, 2005. [10] J.Dj. Golić, "Cryptanalysis of Alleged A5 Stream Cipher," Proc. Eurocrypt '97, pp. 239-255, 1997. [11] M. Hellman, "A Cryptanalytic Time-Memory Trade Off," IEEE Trans. Information Theory, vol. 26, no. 4, pp. 401-406, July 1980. [12] J. Hong and P. Sarkar, "New Applications of Time Memory Data Tradeoffs," Proc. Asiacrypt '05, pp. 353-372, 2005. [13] Y. Hu, M. Jakobson, and A. Perrig, "Efficient Constructions for One-Way Hash Chains," Proc. Int'l Conf. Applied Cryptography and Network Security (ACNS '05), pp. 423-441, 2003. [14] Intel IMote2 Overview, http://www.intel.com/research/ downloads imote_overview.pdf, 2005 (Commercialized by Crossbow, Inc., http:/www.xbow.com/). [15] K. Kar, A. Krishnamurthy, and N. Jaggi, "Dynamic Node Activation in Networks of Rechargeable Sensors," IEEE/ACM Trans. Networking, vol. 14, no. 1, pp. 15-25, Feb. 2006. [16] M. Karaata and M. Gouda, "A Stabilizing Deactivation/Reactivation Protocol," IEEE Trans. Computers, vol. 56, no. 7, pp. 881-888, July 2007. [17] Q. Li and D. Rus, "Global Clock Synchronization in Sensor Networks," IEEE Trans. Computers, vol. 55, no. 2, pp. 214-226, Feb. 2006. [18] D. Liu, P. Ning, "Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks," Proc. ISOC Network and Distributed System Security Symp. (NDSS), pp. 263-276, Feb. 2003. [19] D. Liu and P. Ning, "Multi-Level $\mu$ TESLA: Broadcast Authentication for Distributed Sensor Networks," ACM Trans. Embedded Computing Systems, vol. 3, no. 4, pp. 800-836, Nov. 2004. [20] M. Luk, A. Perrig, and B. Willock, "Seven Cardinal Properties of Sensor Network Broadcast Authentication," Proc. ACM Workshop Security of Ad Hoc and Sensor Networks (SASN), Oct. 2006. [21] M. Luk, G. Mezzour, A. Perrig, and V. Gligor, "MiniSec: A Secure Sensor Network Communication Architecture," Proc. ACM/IEEE Conf. Information Processing in Sensor Networks (IPSN), Apr. 2007. [22] D.J. Malan, M. Welsh, and M.D. Smith, "A Public-key Infrastructure for Key Distribution in TinyOS Based on Elliptic Curve Cryptography," Proc. IEEE Int'l Conf. Sensor and Ad Hoc Comm. and Network, Oct. 2004. [23] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1997. [24] P. Oechslin, "Making a Faster Cryptanalytic Time-Memory Trade Off," Proc. Crypto '03, pp. 617-630, 2003. [25] J. Park and S. Sahni, "Maximum Lifetime Broadcasting in Wireless Networks," IEEE Trans. Computers, vol. 54, no. 9, pp. 1081-1090, Sept. 2005. [26] A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient Authentication and Signing of Multicast Streams over Lossy Channels," Proc. IEEE Security and Privacy Symp., Mar. 2000. [27] A. Perrig, R. Canetti, D. Song, and D. Tygar, "Efficient and Secure Source Authentication for Multicast," Proc. ISOC Network and Distributed System Security Symp. (NDSS), Feb. 2001. [28] A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J.D. Tygar, "SPINS: Security Protocols for Sensor Networks," Proc. ACM/IEEE Int'l Conf. Mobile Computing and Networking, pp. 189-199, July 2001. [29] A. Perrig, J. Stankovic, and D. Wagner, "Security in Wireless Sensor Networks," Comm. ACM, vol. 47, no. 6, pp. 53-57, June 2004. [30] J. Polastre, R. Szewczyk, and D. Culler, "Telos: Enabling Ultra-Low Power Wireless Research," Proc. Int'l Conf. Information Processing in Sensor Networks, 2005. [31] R. Rivest, "The RC5 Encryption Algorithm," Proc. Int'l Conf. Fast Software Encryption (FSE '94), pp. 86-96, 1995. [32] P. Rogaway, M. Bellare, and J. Black, "OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption," ACM Trans. Information and System Security, vol. 6, pp. 365-403, Aug. 2003. [33] K. Sun, P. Ning, C. Wang, A. Liu, and Y. Zhou, "TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks," Proc. ACM Conf. Computer and Comm. Security (CCS), 2006. [34] W. Ye, J. Heidemann, and D. Estrin, "Medium Access Control with Coordinated Adaptive Sleeping for Wireless Sensor Networks," IEEE/ACM Trans. Networking, vol. 12, no. 3, pp. 493-506, June 2004. [35] S. Zhu, S. Setia, and S. Jajodia, "LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks." Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 62-72, 2003. [36] ZigBee Specification Ver. 1.0, http:/www.zigbee.org, 2005.