SPINS: security protocols for sensor networks

As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, much research has focused on making sensor networks feasible and useful, and has not concentrated on security. We present a suite of security building blocks optimized for resource-constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and μTESLA SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide efficient broadcast authentication, which is an important mechanism for sensor networks. μTESLA is a new protocol which provides authenticated broadcast for severely resource-constrained environments. We implemented the above protocols, and show that they are practical even on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we demonstrate that the suite can be used for building higher level protocols.

[1]  Jon Crowcroft,et al.  Ticket based service access for the mobile user , 1997, MobiCom '97.

[2]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[3]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[4]  Charles E. Perkins,et al.  Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for mobile computers , 1994, SIGCOMM.

[5]  Dan Boneh,et al.  Generating RSA Keys on a Handheld Using an Untrusted Server , 2000, INDOCRYPT.

[6]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, CRYPTO.

[7]  Kevin Driscoll,et al.  Making Home Automation Communications Secure , 2001, Computer.

[8]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[9]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[10]  Kaoru Kurosawa,et al.  On Key Distribution and Authentication in Mobile Radio Networks , 1994, EUROCRYPT.

[11]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[12]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[13]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[14]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[15]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[16]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[17]  Colin Boyd,et al.  Key Establishment Protocols for Secure Mobile Communications: A Selective Survey , 1998, ACISP.

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[19]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[20]  J. Broach,et al.  The dynamic source routing protocol for mobile ad-hoc networks , 1998 .

[21]  Armando Fox,et al.  Security on the move: indirect authentication using Kerberos , 1996, MobiCom '96.

[22]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[23]  Peter Kruus,et al.  CONSTRAINTS AND APPROACHES FOR DISTRIBUTED SENSOR NETWORK SECURITY , 2000 .

[24]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Zygmunt J. Haas,et al.  The zone routing protocol (zrp) for ad hoc networks" intemet draft , 2002 .

[27]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[28]  Jerome H. Saltzer,et al.  Section E.2.1 Kerberos Authentication and Authorization System , 1988 .

[29]  Nitin H. Vaidya,et al.  Location-aided routing (LAR) in mobile ad hoc networks , 1998, MobiCom '98.

[30]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[31]  M. S. Corson,et al.  A highly adaptive distributed routing algorithm for mobile wireless networks , 1997, Proceedings of INFOCOM '97.

[32]  M. Beller,et al.  Fully-fledged two-way public key authentication and key agreement for low-cost terminals , 1993 .

[33]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[34]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[35]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[36]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[37]  Ben Y. Zhao,et al.  An architecture for a secure service discovery service , 1999, MobiCom.

[38]  Michael Ganley,et al.  Encryption algorithms , 1992 .

[39]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[40]  Gideon Yuval,et al.  Reinventing the Travois: Encryption/MAC in 30 ROM Bytes , 1997, FSE.

[41]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[42]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[43]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[44]  David L. Tennenhouse,et al.  Proactive computing , 2000, Commun. ACM.