Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC’s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes’ energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first.
In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing.
Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Basagni S, Herrin K, Bruschi D, Rosti E (2001) Secure pebblenets. In: MobiHoc. ACM, pp 156–163
Bloom B (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426
Chuchaisri P (2010) Simulator source code. https://com/Alpha-Sim
Crossbow Technology (2010) MICA2 mote datasheet. http://22.214.171.124/Products/Wireless_Sensor_Networks.htm
Dong Q, Liu D, Ning P (2008) Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks. In: WiSec ’08: proceedings of the first ACM conference on wireless network security. ACM, New York, NY, USA, pp 2–12. doi:10.1145/1352533.1352536
Fan X, Gong G (2010) Accelerating signature-based broadcast authentication for wireless sensor networks. In: Zheng J, Simplot-Ryl D, Leung VCM (eds) ADHOCNETS. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, vol 49. Springer, pp 328–343
Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and rsa on 8-bit cpus. Cryptographic Hardware and Embedded Systems—CHES 2004, pp 119–132
Han P, Zhu Y, Hu Y (2007) Design of multi-signature scheme in wireless networks. In: ACIS-ICIS. IEEE Computer Society, pp 247–251
Jüttner A, Magi Á (2005) Tree based broadcast in ad hoc networks. MONET 10(5):753–762. doi:10.1007/s11036-005-3368-5
Kang I, Poovendran R (2005) Maximizing network lifetime of broadcasting over wireless stationary ad hoc networks. MONET 10(6):879–896. doi:10.1007/s11036-005-4445-5
Karlof C, Sastry N, Wagner D (2004) TinySec: a link layer security architecture for wireless sensor networks. In: Stankovic JA, Arora A, Govindan R (eds) SenSys 2004. ACM, pp 162–175
Li Q, Trappe W (2006) Reducing delay and enhancing dos resistance in multicast authentication through multigrade security. IEEE J Intell Fuzzy Syst 1(2):190–204. doi:10.1109/TIFS.2006.873599
Liu D, Ning P (2003) Multi-level μTESLA: a broadcast authentication system for distributed sensor networks. Tech. Rep. TR-2003-08, Department of Computer Science, North Carolina State University, 1 Mar 2003
Luk M, Perrig A, Whillock B (2006) Seven cardinal properties of sensor network broadcast authentication. In: SASN ’06. ACM, New York, NY, USA, pp 147–156. doi:10.1145/1180345.1180364
Manna Research Group (2010) Mannasim framework. http://www.mannasim.dcc.ufmg.br/index.htm
Mykletun E, Girao J, Westhoff D (2006) Public key based cryptoschemes for data concealment in wireless sensor networks. In: ICC2006, vol 5, pp 2288–2295
Ning P, Liu A, Du W (2008) Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Trans Sensor Netw 4(1):1:1–1:35. doi:10.1145/1325651.1325652
Pecho P, Nagy J, Hanacek P, Drahansky M (2009) Secure collection tree protocol for tamper-resistant wireless sensors. Communications in Computer and Information Science 58:217–224. doi:10.1007/978-3-642-10847-1_27
Perrig A, Canetti R, Song D, Tygar JD (2001) Efficient and secure source authentication for multicast. In: In Network and Distributed System Security Symposium, NDSS ’01, pp 35–46
Perrig A, Stankovic J, Wagner D (2004) Security in wireless sensor networks. Commun ACM 47(6):53–57
Perrig A, Szewczyk R, Wen V, Culler D, Tygar JD (2001) SPINS: security protocols for sensor networks. In: MobiCom ’01: proceedings of the 7th annual international conference on mobile computing and networking. ACM, New York, NY, USA, pp 189–199. doi:10.1145/381677.381696
Postel J (1981) Transmission Control Protocol. RFC 793 (Standard). http://www.ietf.org/rfc/rfc793.txt. Updated by RFCs 1122, 3168
Ren K, Yu S, Lou W, Zhang Y (2009) Multi-user broadcast authentication in wireless sensor networks. IEEE Trans Veh Technol PP(99):1. doi:10.1109/TVT.2009.2019663
Ronghua Wang WD, Liu X (2009) ShortPK: a short-term public key scheme for broadcast authentication in sensor networks. ACM Trans Sensor Netw 6(1):29. doi:10.1145/1653760.1653769
Sheu JP, Hsu CS, Chang YJ (2006) Efficient broadcasting protocols for regular wireless sensor networks. Wirel Commun Mob Comput 6:35–48. doi:10.1002/wcm.241
Wang R, Du W, Ning P (2007) Containing denial-of-service attacks in broadcast authentication in sensor networks. In: MobiHoc ’07: proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing. ACM, New York, NY, USA, pp 71–79. doi:10.1145/1288107.1288118
Wood AD, Stankovic JA (2002) Denial of service in sensor networks. Comput 35(10):54–62. doi:10.1109/MC.2002.1039518
Ye F, Luo H, Lu S, Zhang L (2004) Statistical en-route filtering of injected false data in sensor networks. In: Proc. INFOCOM 2004, vol 4, pp 2446–2457
The authors would like to thank Prapaporn Rattanatamrong and David Wolinsky for their helpful feedback. We would also like to thank Kittipat Kampa for his comments on our statistical analysis model.
About this article
Cite this article
Chuchaisri, P., Newman, R. Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks. Mobile Netw Appl 17, 508–525 (2012). https://doi.org/10.1007/s11036-011-0349-8
- wireless sensor network
- broadcast authentication
- bloom filter
- public key cryptography