Skip to main content

Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks


Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC’s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes’ energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first.

In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing.

Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10


  1. 1.

    Basagni S, Herrin K, Bruschi D, Rosti E (2001) Secure pebblenets. In: MobiHoc. ACM, pp 156–163

  2. 2.

    Bloom B (1970) Space/time trade-offs in hash coding with allowable errors. Commun ACM 13(7):422–426

    MATH  Article  Google Scholar 

  3. 3.

    Chuchaisri P (2010) Simulator source code. https://com/Alpha-Sim

  4. 4.

    Crossbow Technology (2010) MICA2 mote datasheet.

  5. 5.

    Dong Q, Liu D, Ning P (2008) Pre-authentication filters: providing dos resistance for signature-based broadcast authentication in sensor networks. In: WiSec ’08: proceedings of the first ACM conference on wireless network security. ACM, New York, NY, USA, pp 2–12. doi:10.1145/1352533.1352536

  6. 6.

    Fan X, Gong G (2010) Accelerating signature-based broadcast authentication for wireless sensor networks. In: Zheng J, Simplot-Ryl D, Leung VCM (eds) ADHOCNETS. Lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, vol 49. Springer, pp 328–343

  7. 7.

    Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and rsa on 8-bit cpus. Cryptographic Hardware and Embedded Systems—CHES 2004, pp 119–132

  8. 8.

    Han P, Zhu Y, Hu Y (2007) Design of multi-signature scheme in wireless networks. In: ACIS-ICIS. IEEE Computer Society, pp 247–251

  9. 9.

    Jüttner A, Magi Á (2005) Tree based broadcast in ad hoc networks. MONET 10(5):753–762. doi:10.1007/s11036-005-3368-5

    Google Scholar 

  10. 10.

    Kang I, Poovendran R (2005) Maximizing network lifetime of broadcasting over wireless stationary ad hoc networks. MONET 10(6):879–896. doi:10.1007/s11036-005-4445-5

    Google Scholar 

  11. 11.

    Karlof C, Sastry N, Wagner D (2004) TinySec: a link layer security architecture for wireless sensor networks. In: Stankovic JA, Arora A, Govindan R (eds) SenSys 2004. ACM, pp 162–175

  12. 12.

    Li Q, Trappe W (2006) Reducing delay and enhancing dos resistance in multicast authentication through multigrade security. IEEE J Intell Fuzzy Syst 1(2):190–204. doi:10.1109/TIFS.2006.873599

    Google Scholar 

  13. 13.

    Liu D, Ning P (2003) Multi-level μTESLA: a broadcast authentication system for distributed sensor networks. Tech. Rep. TR-2003-08, Department of Computer Science, North Carolina State University, 1 Mar 2003

  14. 14.

    Luk M, Perrig A, Whillock B (2006) Seven cardinal properties of sensor network broadcast authentication. In: SASN ’06. ACM, New York, NY, USA, pp 147–156. doi:10.1145/1180345.1180364

  15. 15.

    Manna Research Group (2010) Mannasim framework.

  16. 16.

    Mykletun E, Girao J, Westhoff D (2006) Public key based cryptoschemes for data concealment in wireless sensor networks. In: ICC2006, vol 5, pp 2288–2295

  17. 17.

    Ning P, Liu A, Du W (2008) Mitigating DoS attacks against broadcast authentication in wireless sensor networks. ACM Trans Sensor Netw 4(1):1:1–1:35. doi:10.1145/1325651.1325652

    Google Scholar 

  18. 18.

    Pecho P, Nagy J, Hanacek P, Drahansky M (2009) Secure collection tree protocol for tamper-resistant wireless sensors. Communications in Computer and Information Science 58:217–224. doi:10.1007/978-3-642-10847-1_27

    Article  Google Scholar 

  19. 19.

    Perrig A, Canetti R, Song D, Tygar JD (2001) Efficient and secure source authentication for multicast. In: In Network and Distributed System Security Symposium, NDSS ’01, pp 35–46

  20. 20.

    Perrig A, Stankovic J, Wagner D (2004) Security in wireless sensor networks. Commun ACM 47(6):53–57

    Article  Google Scholar 

  21. 21.

    Perrig A, Szewczyk R, Wen V, Culler D, Tygar JD (2001) SPINS: security protocols for sensor networks. In: MobiCom ’01: proceedings of the 7th annual international conference on mobile computing and networking. ACM, New York, NY, USA, pp 189–199. doi:10.1145/381677.381696

  22. 22.

    Postel J (1981) Transmission Control Protocol. RFC 793 (Standard). Updated by RFCs 1122, 3168

  23. 23.

    Ren K, Yu S, Lou W, Zhang Y (2009) Multi-user broadcast authentication in wireless sensor networks. IEEE Trans Veh Technol PP(99):1. doi:10.1109/TVT.2009.2019663

  24. 24.

    Ronghua Wang WD, Liu X (2009) ShortPK: a short-term public key scheme for broadcast authentication in sensor networks. ACM Trans Sensor Netw 6(1):29. doi:10.1145/1653760.1653769

    Google Scholar 

  25. 25.

    Sheu JP, Hsu CS, Chang YJ (2006) Efficient broadcasting protocols for regular wireless sensor networks. Wirel Commun Mob Comput 6:35–48. doi:10.1002/wcm.241

    Article  Google Scholar 

  26. 26.

    Wang R, Du W, Ning P (2007) Containing denial-of-service attacks in broadcast authentication in sensor networks. In: MobiHoc ’07: proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing. ACM, New York, NY, USA, pp 71–79. doi:10.1145/1288107.1288118

  27. 27.

    Wood AD, Stankovic JA (2002) Denial of service in sensor networks. Comput 35(10):54–62. doi:10.1109/MC.2002.1039518

    Article  Google Scholar 

  28. 28.

    Ye F, Luo H, Lu S, Zhang L (2004) Statistical en-route filtering of injected false data in sensor networks. In: Proc. INFOCOM 2004, vol 4, pp 2446–2457

Download references


The authors would like to thank Prapaporn Rattanatamrong and David Wolinsky for their helpful feedback. We would also like to thank Kittipat Kampa for his comments on our statistical analysis model.

Author information



Corresponding author

Correspondence to Panoat Chuchaisri.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Chuchaisri, P., Newman, R. Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks. Mobile Netw Appl 17, 508–525 (2012).

Download citation


  • wireless sensor network
  • broadcast authentication
  • bloom filter
  • public key cryptography