Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks

Broadcast authentication is a fundamental security service in distributed sensor networks. A scheme named $\mu$TESLA has been proposed for efficient broadcast authentication in such networks. However, $\mu$TESLA requires initial distribution of certain information based on unicast between the base station and each sensor node before the actual authentication of broadcast messages. Due to the limited bandwidth in wireless sensor networks, this initial unicast-based distribution severely limits the application of $\mu$TESLA in large sensor networks. This paper presents a novel technique to replace the unicast-based initialization with a broadcast-based one. As a result, $\mu$TESLA can be used in a sensor network with a large amount of sensors, as long as the message from the base station can reach these sensor nodes. This paper further explores several techniques that improve the performance, the robustness, as well as the security of the proposed method. The resulting protocol satisfies several nice properties, including low overhead, tolerance of message loss, scalability to large networks, and resistance to replay attacks as well as some known Denial of Service (DOS) attacks.

[1]  Adrian Perrig,et al.  The BiBa one-time signature and broadcast authentication protocol , 2001, CCS '01.

[2]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[4]  Charalampos Manifavas,et al.  A new family of authentication protocols , 1998, OPSR.

[5]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[6]  Bob Briscoe,et al.  FLAMeS: Fast, Loss-Tolerant Authentication of Multicast Streams , 2000 .

[7]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[8]  Dawn Song,et al.  TESLA: Multicast Source Authentication Transform , 2000 .

[9]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[10]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[11]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[12]  S. Cheung,et al.  An efficient message authentication scheme for link state routing , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[13]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[14]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[15]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[16]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[17]  Bruno Crispo,et al.  Individual single source authentication on the MBONE , 2000, 2000 IEEE International Conference on Multimedia and Expo. ICME2000. Proceedings. Latest Advances in the Fast Changing World of Multimedia (Cat. No.00TH8532).

[18]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.