Abstract
Efficient broadcast authentication in wireless sensor networks has been a long-lasting hard problem, mainly due to the resource constraint on sensor nodes. Though extensive research has been done in past years, there seems to exist no satisfactory solution to date. In this paper we propose a practical approach to the problem using short-lived digital signatures, in which a base station makes use of a short RSA modulus of limited lifetime, say, RSA-512 with 20-min lifetime, for authenticated broadcast with Rabin signatures giving message recovery. For this, we present an efficient and robust protocol using a one-way key chain to periodically distribute short RSA moduli to all sensor nodes in an authentic and loss-tolerant way. We also provide conservative lifetime estimation for short RSA moduli based on the state-of-the art factoring experiments and apply a number of possible optimizations in algorithms and parameters. The proposed scheme overcomes most drawbacks of existing schemes such as μTESLA and one-time signatures and turns out to be very efficient and practical. It can also be extended to provide secure failover of base stations and authentication delegation to mobile users.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aoki, K., Franke, J., Kleinjung, T., Lenstra, A.K., Osvik, D.A.: A kilobit special number field sieve factorization. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 1–12. Springer, Heidelberg (2007)
Bellare, M., Rogaway, P.: The exact security of digital signatures - how to sign with RSA and rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of block-cipher-based hash function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)
Chang, S.M., Shieh, S., Lin, W.W., Hieh, C.M.: An efficient broadcast authentication scheme in wireless sensor networks. In: ASIACCS 2006 (March 2006)
Chen, J.-M., et al.: Improved factoring of RSA modulus. In: the 25th Workshop on Combinatorial Mathematics and Computation Theory (2008)
Coron, J.S.: Optimal security proofs for PSS and other signature shcemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)
Deng, J., Han, R., Mishra, S.: Enhancing base station security in wireless sensor networks, Technical Report CU-CS-951-03, University of Colorado (2003)
Geiselmann, W., Steinwandt, R.: Special-purpose hardware in cryptanalysis: The case of 1,024-Bit RSA. IEEE Security & Privacy Magazine 5(1), 63–66 (2007)
Geiselmann, W., Shamir, A., Steinwandt, R., Tromer, E.: Scalable hardware for sparse systems of linear equations with applications to integer factorization. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 131–146. Springer, Heidelberg (2005)
Gura, N., Patel, A., Wander, A.: Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)
Huang, Y., He, W., Nahrstedt, K., Lee, W.C.: DoS-resistant broadcast authentication protocol with low end-to-end delay, In. In: IEEE INFOCOM 2008, pp. 1–6 (2008)
Hui, J.W., Culler, D.E.: Extending IP to low-power, wireless personal area networks. IEEE Internet Computing, 37–45 (July/August 2008)
Hyun, S., Ning, P., Liu, A., Du, W.: Seluge: Secure and dos-resistant code dissemination in wireless sensor networks. In: IPSN 2008 (April 2008)
Joye, M.: RSA moduli with a predetermined portion: Techniques and applications. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 116–130. Springer, Heidelberg (2008)
Krontiris, I., Dimitriou, T.: A practical authentication scheme for in-network programming in wireless sensor networks. In: REALWSN 2006 (2006)
Lenstra, A.K.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)
Lenstra, A.K., Lenstra Jr., H.W.: The development of the number field sieve. LNM, vol. 1554. Springer, Heidelberg (1993)
Liu, D., Ning, P.: Multi-level μTESLA: Broadcast authentication for distributed sensor networks. ACM Trans. Embedded Computing Systems 3(4), 800–836 (2004)
Liu, D., Ning, P.: TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In: IPSN 2008, pp. 245–256 (2008)
Liu, D., Ning, P., Zhu, S., Jajodia, S.: Practical broadcast authentication in sensor networks. In: MobiQuitous 2005 (July 2005)
Naor, D., Shenhav, A., Wool, A.: One-time signatures revisited: Practical fast signatures using fractal merkle tree traversal. In: IEEE 24th Convention of Electrical and Electronics Engineers in Israel (November 2006)
Ning, P., Liu, A., Du, W.: Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Transactions on Sensor Networks (2007)
Passing, M., Dressler, F.: Experimental performance evaluation of cryptographic algorithms on sensor nodes. In: IEEE MASS 2006, pp.882–887 (2006)
Perrig, A., Canetti, R., Song, D., Tygar, D.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symp. on Security & Privacy (2000)
Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, D.: SPINS: Security protocols for sensor networks. In: MobiCom 2001 (July 2001)
Piotrowsi, K., Langendoerfer, P., Peter, S.: How public key cryptography influences wireless sensor node lifetime. In: ACM SASN 2006 (October 2006)
Poettering, B.: AVRAES: The AES block cipher on AVR controllers, http://point-at-infinity.org/avraes/
Rinne, S., Eisenbarth, T., Paar, C.: Performance analysis of contemporary light-weight block ciphers on 8-bit microcontrollers. In: SPEED 2007, Amsterdam, The Netherlands (June 2007)
Sastry, N., Wagner, D.: Security considerations for IEEE 802.15.4 networks. In: WiSE 2004 (October 2004)
Seys, S., Preneel, B.: Power consumption evaluation of efficient digital signature schemes for low power devices. In: IEEE WiMob 2005, pp. 79–86. IEEE, Los Alamitos (2005)
Shamir, A., Tromer, E.: Factoring large numbers with the TWIRL device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)
Scott, M., Szczechowiak, P.: Optimizing multiprecision multiplication for public key cryptography. In: IACR ePrint, Report 2007/192 (2007)
Szczechowiak, P., et al.: NanoECC: Testing the limits of elliptic curve cryptography in sensor networks. In: Verdone, R. (ed.) EWSN 2008. LNCS, vol. 4913, pp. 305–320. Springer, Heidelberg (2008)
Uhsadel, L., Poschmann, A., Paar, C.: Enabling full-size public-key algorithms on 8-bit sensor nodes. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 73–86. Springer, Heidelberg (2007)
Wang, R., Du, W., Ning, P.: Containing denial-of-service attacks in broadcast authentication in sesnor networks. In: MobiHoc 2007, pp.71–79 (2007)
Wang, H., Li, Q.: Efficient implementation of public key cryptosystems on mote sensors. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 519–528. Springer, Heidelberg (2006)
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST SP 800-38B (May 2005)
IEEE Std. 802.15.4-2003, http://standards.ieee.org/getieee802/download/
IEEE Std. 802.15.4-2006, http://standards.ieee.org/getieee802/download/
IEEE P1363a-2004, Stanard specification ofr public key cryptography: Additional techniques
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lim, C.H. (2009). Practical Broadcast Authentication Using Short-Lived Signatures in WSNs. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-10838-9_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10837-2
Online ISBN: 978-3-642-10838-9
eBook Packages: Computer ScienceComputer Science (R0)