Abstract
Symmetric cryptography has been mostly used in security schemes in sensor networks due to the concern that public key cryptography (PKC) is too expensive for sensor devices. While these schemes are efficient in processing time, they generally require complicated key management, which may introduce high memory and communication overhead. On the contrary, PKC-based schemes have simple and clean key management, but cost more computational time. The recent progress in PKC implementation, specially elliptic curve cryptography (ECC), on sensors motivates us to design a PKC-based security scheme and compare its performance with the symmetric-key counterparts. This paper proposes a practical PKC-based access control for sensor networks, which consists of pairwise key establishment, local access control, and remote access control. We have implemented both cryptographic primitives on commercial off-the-shelf sensor devices. Building the user access control as a case study, we show that PKC-based protocol is more advantageous than those built on symmetric cryptography in terms of the memory usage, message complexity, and security resilience. Meanwhile, our work also provides insights in integrating and designing PKC-based security protocols for sensor networks.
Similar content being viewed by others
Notes
Based on our experimental result of forwarding a 60 byte payload in MICAz motes.
References
Bollobs, B. (1985). Random graphs. NY :Acadamic Press Inc.
Boneh, D., & Franlin, M. (2001). Identity-based encryption from the weil pairing. In CRYPTO, pp. 213–229. Berlin: Springer.
Carman, D., Matt, B., Kruus, P., Balenson, D., & Branstad, D. (2000). Key management in ditributed sensor networks. In DARPA Sensor IT Workshop.
Chan, H., & Perrig, A. (2005). PIKE: Peer intermediaries for key establishment in sensor networks. Miami, FL: INFOCOM.
Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In IEEE symposium on security and privacy, pp. 197–213, Berkeley, California, May.
Du, W., & Deng, J. (2003). A pairwise key pre-distribution scheme for wireless sensor networks. In ACM CCS.
Eschenauer, L., & Gligor, V. D. (2002). A key-management scheme for distributed sensor networks. In ACM CCS, November.
Fox, A., & Gribble, S. D. (1996). Security on the move: Indirect authentication using Kerberos. In Mobicom, New York, November.
Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. C. (2004). Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In CHES, Cambridge, MA, August.
Crossbow Technology INC. Wireless sensor networks. http://www.xbow.com/.
Karlof, C. , Sastry, N., & Wagner, D. (2004). TinySec: A link layer security architecture for wireless sensor networks. In SENSYS, Baltimore, MD, November.
Liu, A., & Ning, P. (2005) http://discovery.csc.ncsu.edu/software/TinyECC/.
Liu, D., & Ning, P. (2003). Establishing pairwise keys in distributed sensor networks. In ACM CCS, Washington, DC, October.
Malan, D. J., Welsh, M., & Smith, M. D. (2004) A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. In The first IEEE international conference on sensor and Ad Hoc communications and networks. Santa Clara, CA, October.
Mathur, G., Desnoyers, P., Ganesan, D., & Shenoy, P. (2006). Ultra-low power data storage for sensor networks. In IPSN ’06, New York, NY, USA.
Neuman, B. C., & Ts’o, T. (1994). Kerberos: An authentication service for computer networks. IEEE Communications, 32(9), 33–38.
NIST. (2001). Key management guideline. In Workshop Document (DRAFT), October
Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, D. (2002). SPINS: Security protocols for sensor networks. NY: ACM/Kluwer Wireless Networks Journal (WINET).
Di Pietro, R., Mancini, L. V., & Mei, A. (2006). Efficient and resilient key discovery based on pseudo-random key pre-deployment. Wireless Networks 12(6).
Di Pietro, R., Mancini, L. V., Mei, A., Panconesi, A., & Radhakrishnan, J. (2008) Redoubtable sensor networks. ACM Transaction on Information and Systems Security, 11(3), March.
Ren, Kui , & Lou, Wenjing (2005). Privacy enhanced access control in pervasive computing environments. In Proceedings of BroadNet05, October.
Shamir, A. (1979) How to share a secret. Communications of the ACM 22(11), 612–613
Shantz, S. C. (2001). From Euclid’s GCD to montgomery multiplication to the great divide. In Technical report, Sun Microsystems Laboratories TR-2001-95, June.
TinyOS. TinyOS 1.1.15. http://www.tinyos.net, 2006.
Traynor, P., Kumar, R., Saad, H. B., Cao, G., & Porta, T. L. (2006). LIGER: Implementing efficient hybrid security mechanisms for heterogeneous sensor networks. In MOBISYS, Uppsala, Sweden, June.
Wang, H., & Li, Q. (2006). Distributed user access control in sensor networks. In IEEE international conference on distributed computing in sensor systems(DCOSS), pp. 305–320, San Francisco, CA, June.
Wang, H., & Li, Q. (2010). Achieving robust message authentication in sensor networks: A public-key based approach. ACM Journal of Wireless Networks (WINET), 16(4), 999–1009.
Wang, H., Sheng, B., & Li, Q. (2006). Elliptic curve cryptography based access control in sensor networks. International Journal on Sensor Networks, 1(2).
Wang, H., Sheng, B., Tan, C.C., & Li, Q. (2007). WM-ECC: An elliptic curve cryptography suite on sensor motes. Technical Report WM-CS-2007-11, College of William and Mary, Computer Science, Williamsburg, VA.
Ye, F., Luo, H., Lu, S., & Zhang, L. (2004). Statistical en-route filtering of injected false data in sensor networks. In INFOCOM.
Zeinalipour-Yazti, D., Lin, S., & Kalogeraki, V. (2005). Dimitrios Gunopulos, Walid A. Najjar. MicroHash: An efficient index structure for flash-based sensor devices. In FAST.
Zhang, W., Song, H., Zhu, S., & Cao, G. (2005). Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks. In MOBIHOC, Chicago, IL, May.
Zhang, Y., Liu, W., Lou, W., & Fang, Y. (2006). Location-based compromise-tolerant security mechanisms for wireless sensor networks. IEEE Journal on Selected Areas in Communications, 24(2), 247–260.
Zhang, Y., Liu, W., Lou, W., & Fang, Y. (2005). Securing sensor networks with location-based keys. In WCNC, New Orleans, Louisiana, March.
Zhu, S., Setia, S., & Jajodia, S. (2003). LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In ACM CCS, Washington D.C., October.
Zhu, S., Setia, S., Jajodia, S., & Ning, P. (2004). An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In IEEE symposium on security and privacy, Oakland, CA, May.
Acknowledgments
The authors would like to thank all the reviewers for their insightful comments and kind guidances to improve the paper. This project was supported in part by US National Science Foundation grants CNS-0721443, CNS-0831904, and CAREER Award CNS-0747108.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, H., Sheng, B., Tan, C.C. et al. Public-key based access control in sensornet. Wireless Netw 17, 1217–1234 (2011). https://doi.org/10.1007/s11276-011-0343-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-011-0343-x