Mobile Networks and Applications

, Volume 17, Issue 4, pp 508–525 | Cite as

Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks

  • Panoat ChuchaisriEmail author
  • Richard Newman


Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC’s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes’ energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first.

In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing.

Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable.


wireless sensor network broadcast authentication bloom filter public key cryptography 



The authors would like to thank Prapaporn Rattanatamrong and David Wolinsky for their helpful feedback. We would also like to thank Kittipat Kampa for his comments on our statistical analysis model.


  1. 1.
    Basagni S, Herrin K, Bruschi D, Rosti E (2001) Secure pebblenets. In: MobiHoc. ACM, pp 156–163Google Scholar
  2. 2.
    Bloom B (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426zbMATHCrossRefGoogle Scholar
  3. 3.
    Chuchaisri P (2010) Simulator source code. https://com/Alpha-Sim
  4. 4.
    Crossbow Technology (2010) MICA2 mote datasheet.
  5. 5.
    Dong Q, Liu D, Ning P (2008) Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks. In: WiSec ’08: proceedings of the first ACM conference on wireless network security. ACM, New York, NY, USA, pp 2–12. doi: 10.1145/1352533.1352536
  6. 6.
    Fan X, Gong G (2010) Accelerating signature-based broadcast authentication for wireless sensor networks. In: Zheng J, Simplot-Ryl D, Leung VCM (eds) ADHOCNETS. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, vol 49. Springer, pp 328–343Google Scholar
  7. 7.
    Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and rsa on 8-bit cpus. Cryptographic Hardware and Embedded Systems—CHES 2004, pp 119–132Google Scholar
  8. 8.
    Han P, Zhu Y, Hu Y (2007) Design of multi-signature scheme in wireless networks. In: ACIS-ICIS. IEEE Computer Society, pp 247–251Google Scholar
  9. 9.
    Jüttner A, Magi Á (2005) Tree based broadcast in ad hoc networks. MONET 10(5):753–762. doi: 10.1007/s11036-005-3368-5 Google Scholar
  10. 10.
    Kang I, Poovendran R (2005) Maximizing network lifetime of broadcasting over wireless stationary ad hoc networks. MONET 10(6):879–896. doi: 10.1007/s11036-005-4445-5 Google Scholar
  11. 11.
    Karlof C, Sastry N, Wagner D (2004) TinySec: a link layer security architecture for wireless sensor networks. In: Stankovic JA, Arora A, Govindan R (eds) SenSys 2004. ACM, pp 162–175Google Scholar
  12. 12.
    Li Q, Trappe W (2006) Reducing delay and enhancing dos resistance in multicast authentication through multigrade security. IEEE J Intell Fuzzy Syst 1(2):190–204. doi: 10.1109/TIFS.2006.873599 Google Scholar
  13. 13.
    Liu D, Ning P (2003) Multi-level μTESLA: a broadcast authentication system for distributed sensor networks. Tech. Rep. TR-2003-08, Department of Computer Science, North Carolina State University, 1 Mar 2003Google Scholar
  14. 14.
    Luk M, Perrig A, Whillock B (2006) Seven cardinal properties of sensor network broadcast authentication. In: SASN ’06. ACM, New York, NY, USA, pp 147–156. doi: 10.1145/1180345.1180364
  15. 15.
    Manna Research Group (2010) Mannasim framework.
  16. 16.
    Mykletun E, Girao J, Westhoff D (2006) Public key based cryptoschemes for data concealment in wireless sensor networks. In: ICC2006, vol 5, pp 2288–2295Google Scholar
  17. 17.
    Ning P, Liu A, Du W (2008) Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Trans Sensor Netw 4(1):1:1–1:35. doi: 10.1145/1325651.1325652 Google Scholar
  18. 18.
    Pecho P, Nagy J, Hanacek P, Drahansky M (2009) Secure collection tree protocol for tamper-resistant wireless sensors. Communications in Computer and Information Science 58:217–224. doi: 10.1007/978-3-642-10847-1_27 CrossRefGoogle Scholar
  19. 19.
    Perrig A, Canetti R, Song D, Tygar JD (2001) Efficient and secure source authentication for multicast. In: In Network and Distributed System Security Symposium, NDSS ’01, pp 35–46Google Scholar
  20. 20.
    Perrig A, Stankovic J, Wagner D (2004) Security in wireless sensor networks. Commun ACM 47(6):53–57CrossRefGoogle Scholar
  21. 21.
    Perrig A, Szewczyk R, Wen V, Culler D, Tygar JD (2001) SPINS: security protocols for sensor networks. In: MobiCom ’01: proceedings of the 7th annual international conference on mobile computing and networking. ACM, New York, NY, USA, pp 189–199. doi: 10.1145/381677.381696
  22. 22.
    Postel J (1981) Transmission Control Protocol. RFC 793 (Standard). Updated by RFCs 1122, 3168
  23. 23.
    Ren K, Yu S, Lou W, Zhang Y (2009) Multi-user broadcast authentication in wireless sensor networks. IEEE Trans Veh Technol PP(99):1. doi: 10.1109/TVT.2009.2019663
  24. 24.
    Ronghua Wang WD, Liu X (2009) ShortPK: a short-term public key scheme for broadcast authentication in sensor networks. ACM Trans Sensor Netw 6(1):29. doi: 10.1145/1653760.1653769 Google Scholar
  25. 25.
    Sheu JP, Hsu CS, Chang YJ (2006) Efficient broadcasting protocols for regular wireless sensor networks. Wirel Commun Mob Comput 6:35–48. doi: 10.1002/wcm.241 CrossRefGoogle Scholar
  26. 26.
    Wang R, Du W, Ning P (2007) Containing denial-of-service attacks in broadcast authentication in sensor networks. In: MobiHoc ’07: proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing. ACM, New York, NY, USA, pp 71–79. doi: 10.1145/1288107.1288118
  27. 27.
    Wood AD, Stankovic JA (2002) Denial of service in sensor networks. Comput 35(10):54–62. doi: 10.1109/MC.2002.1039518 CrossRefGoogle Scholar
  28. 28.
    Ye F, Luo H, Lu S, Zhang L (2004) Statistical en-route filtering of injected false data in sensor networks. In: Proc. INFOCOM 2004, vol 4, pp 2446–2457Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.University of FloridaGainesvilleUSA

Personalised recommendations