Stealthy Compromise of Wireless Sensor Nodes with Power Analysis Attacks

  • Giacomo de Meulenaer
  • François-Xavier Standaert
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 45)


Node capture is considered as one of the most critical issues in the security of wireless sensor networks. A popular approach to thwart the problem relies on the detection of events that arise during the attack such as the removal of a node for instance. However, certain attacks, such as side-channel attacks, might be furtive and defeat this type of defense. This work clarifies this question by performing a case study of power analysis attacks on AES and ECC implementations on two common types of nodes: the MICAz and the TelosB. From our experiments, the attacks can be carried out in a stealthy manner. As a result, stealthy node compromises should be considered when securing wireless sensor networks. Also, the moderate complexity of our attacks underlines the importance of low-cost side-channel countermeasures for sensor nodes.


Wireless Sensor Networks Node Compromise Power Analysis Attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Perrig, A., Stankovic, J., Wagner, D.: Security in wireless sensor networks. ACM Commun 47(6), 53–57 (2004)CrossRefGoogle Scholar
  2. 2.
    Krauß, C., Schneider, M., Eckert, C.: On handling insider attacks in wireless sensor networks. Inf. Secur. Tech. Rep. 13(3), 165–172 (2008)CrossRefGoogle Scholar
  3. 3.
    Khalil, I., Bagchi, S., Nina-Rotaru, C.: DICAS: Detection, Diagnosis and Isolation of Control Attacks in Sensor Networks. In: 1st Int. Conf. on Security and Privacy for Emerging Areas in Communications Networks, SECURECOMM (2005)Google Scholar
  4. 4.
    Conti, M., Pietro, R.D., Mancini, L.V., Mei, A.: Emergent properties: detection of the node-capture attack in mobile wireless sensor networks. In: WiSec 2008: 1st conference on Wireless network security, pp. 214–219. ACM, New York (2008)Google Scholar
  5. 5.
    Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: Swatt: Software-based attestation for embedded devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2004)Google Scholar
  6. 6.
    Krauß, C., Stumpf, F., Eckert, C.M.: Detecting node compromise in hybrid WSN using attestation techniques. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 203–217. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Gebotys, C.H., Ho, S., Tiu, C.C.: EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Hutter, M., Mangard, S., Feldhofer, M.: Power and EM attacks on passive 13.56 MHz RFID devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–333. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  11. 11.
    Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2003)zbMATHGoogle Scholar
  12. 12.
    CrossBow. Wireless Sensor Networks Module Portfolio,
  13. 13.
    Hartung, C., Balasalle, J., Han, R.: Node compromise in WSN: The need for secure systems. Technical Report CU-CS-990-05, Colorado University (2005)Google Scholar
  14. 14.
    Becher, E., Benenson, Z., Dornseif, M.: Tampering with motes: Real-world physical attacks on wireless sensor networks. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 104–118. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Goodspeed, T.: Extracting keys from second generation zigbee chips. Work in progress, Black Hat USA (2009),
  16. 16.
    Gu, Q., Noorani, R.: Towards self-propagate mal-packets in sensor networks. In: WiSec 2008: Proceedings of the first ACM conference on Wireless network security, pp. 172–182. ACM, New York (2008)Google Scholar
  17. 17.
    Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: CCS 2008: Proceedings of the 15th ACM conference on Computer and communications security, pp. 15–26. ACM, New York (2008)CrossRefGoogle Scholar
  18. 18.
    Okeya, K., Iwata, T.: Side channel attacks on message authentication codes. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 205–217. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Pongaliur, K., Abraham, Z., Liu, A.X., Xiao, L., Kempel, L.: Securing sensor nodes against side channel attacks. In: HASE: Proceedings of the 11th IEEE High Assurance Systems Engineering Symposium, pp. 353–361 (2008)Google Scholar
  20. 20.
    Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. Comparison Side-Channel Distinguishers:an Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)zbMATHGoogle Scholar
  22. 22.
    PicoTechnology. Portable High Perf. PC Oscilloscope (January 2010),
  23. 23.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    de Meulenaer, G., Gosset, F., Standaert, F.-X., Pereira, O.: On the energy cost of communication and cryptography in wireless sensor networks. In: WIMOB 2008: Proceedings of the 2008 IEEE International Conference on Wireless & Mobile Computing, Networking & Communication, Washington, DC, USA, pp. 580–585. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  25. 25.
    Medwed, M., Oswald, E.: Template attacks on ECDSA. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 14–27. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Liu, A., Ning, P.: TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In: IPSN, pp. 245–256 (April 2008)Google Scholar
  27. 27.
    SUN. Sun SPOT (Sun Small Programmable Object Technology) (September 2009),
  28. 28.
    Lederer, C., Mader, R., Koschuch, M., Großschdl, J., Szekely, A., Tillich, S.: Energy-Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks. LNCS, vol. 5746, pp. 112–127. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Parno, B., Perrig, A., Gligor, V.: Distributed detection of node replication attacks in sensor networks. In: SP 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 49–63 (2005)Google Scholar
  30. 30.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Giacomo de Meulenaer
    • 1
  • François-Xavier Standaert
    • 1
  1. 1.UCL Crypto GroupLouvain-la-NeuveBelgium

Personalised recommendations