We present the first known implementation of elliptic curve cryptography over F2 p for sensor networks based on the 8-bit, 7.3828-MHz MICA2 mote. Through instrumentation of UC Berkeley's TinySec module, we argue that, although secret-key cryptography has been tractable in this domain for some time, there has remained a need for an efficient, secure mechanism for distribution of secret keys among nodes. Although public-key infrastructure has been thought impractical, we argue, through analysis of our own implementation for TinyOS of multiplication of points on elliptic curves, that public-key infrastructure is, in fact, viable for TinySec keys' distribution, even on the MICA2. We demonstrate that public keys can be generated within 34 seconds, and that shared secrets can be distributed among nodes in a sensor network within the same, using just over 1 kilobyte of SRAM and 34 kilobytes of ROM.

Wireless networks of miniaturized, low-power sensor/actuator devices are poised to become widely used in commercial and military environments. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of public-key-(PK)-based protocols that allow authentication and key agreement between a sensor network and a third party as well as between two sensor networks. Our work is novel in that PK technology was commonly believed to be too inefficient for use on low-power devices. As part of our solution, we exploit the efficiency of public operations in the RSA cryptosystem and design protocols that place the computationally expensive operations on the parties external to the sensor network, when possible. Our protocols have been implemented on UC Berkeley MICA2 motes using the TinyOS development environment.

According to popular perception, public-key cryptography is beyond the capabilities of highly constrained, “mote”-like, embedded devices. We show that elliptic curve cryptography not only makes public-key cryptography feasible on these devices, it allows one to create a complete secure web server stack that runs efficiently within very tight resource constraints. Our smallfootprint HTTPS stack, nick-named Sizzle, has been implemented on multiple generations of the Berkeley/Crossbow motes where it runs in less than 4KB of RAM, completes a full SSL handshake in 1 second (session reuse takes 0.5 seconds) and transfers 1 KB of application data over SSL in 0.4 seconds. Sizzle is the world’s smallest secure web server and can be embedded inside home appliances, personal medical devices, etc., allowing them to be monitored and controlled remotely via a web browser without sacrificing end-to-end security.

Public Key Cryptography (PKC) has been the enabling technology underlying many security services and protocols in traditional networks such as the Internet. In the context of wireless sensor networks, elliptic curve cryptography (ECC), one of the most efficient types of PKC, is being investigated to provide PKC support in sensor network applications so that the existing PKC-based solutions can be exploited. This paper presents the design, implementation, and evaluation of TinyECC, a configurable library for ECC operations in wireless sensor networks. The primary objective of TinyECC is to provide a ready-to-use, publicly available software package for ECC-based PKC operations that can be flexibly configured and integrated into sensor network applications. TinyECC provides a number of optimization switches, which can turn specific optimizations on or off based on developers ’ needs. Different combinations of the optimizations have different execution time and resource consumptions, giving developers great flexibility in integrating TinyECC into sensor network applications. This paper also reports the experimental evaluation of TinyECC on several common sensor platforms, including MICAz, Tmote Sky, and Imote2. The evaluation results show the impacts of individual optimizations on the execution time and resource consumptions, and give the most computationally efficient and the most storage efficient configuration of TinyECC.

A number of multi-hop, wireless, network programming systems have emerged for sensor network retasking but none of these systems support a cryptographically-strong, publickey-based system for source authentication and integrity verification. The traditional technique for authenticating a program binary, namely a digital signature of the program hash, is poorly suited to resource-contrained sensor nodes. Our solution to the secure programming problem leverages authenticated streams, is consistent with the limited resources of a typical sensor node, and can be used to secure existing network programming systems. Under our scheme, a program binary consists of several code and data segments that are mapped to a series of messages for transmission over the network. An advertisement, consisting of the program name, version number, and a hash of the very first message, is digitally signed and transmitted first. The advertisement authenticates the first message, which in turn contains a hash of the second message. Similarly, the second message contains a hash of the third message, and so on, binding each message to the one logically preceding it in the series through the hash chain. We augmented the Deluge network programming system with our protocol and evaluated the resulting system performance.

will sooner or later be widely used in wireless sensor networks. Recently, it has been shown that the performance of some publickey algorithms, such as Elliptic Curve Cryptography (ECC), is already close to being practical on sensor nodes. However, the energy consumption of PKC is still expensive, especially compared to symmetric-key algorithms. To maximize the lifetime of batteries, we should minimize the use of PKC whenever possible in sensor networks. This paper investigates how to replace one of the important PKC operations–the public key authentication–with symmetric key operations that are much more efficient. Public key authentication is to verify the authenticity of another party’s public key to make sure that the public key is really owned by the person it is claimed to belong to. In PKC, this operation involves an expensive signature verification on a certificate. We propose an efficient alternative that uses one-way hash function only. Our scheme uses all sensor’s public keys to construct a forest of Merkle trees of different heights. By optimally selecting the height of each tree, we can minimize the computation and communication costs. The performance of our scheme is evaluated in the paper.

Abstract. We report our implementation of the RSA and ECC publickey cryptosystem on Berkeley Motes. We detail the implementation of 1024-bit RSA and 160-bit ECC cryptosystems on MICA mote sensors. We have achieved the performance of 0.79s for RSA public key operation and 21.5s for private operation, and 1.3s for ECC signature generation and 2.8s for verification. For comparison, we also show our new ECC implementation on TelosB motes with a signature time 1.60s and a verification time 3.30s. For the detailed description of the implementation, we refer to our technical report[13]. 1

Existing network reprogramming protocols target the efficient, reliable, multi-hop dissemination of application updates in sensor networks, but assume correct or fail-stop behavior from participating sensors. Compromised nodes can subvert such protocols to result in the propagation and remote installation of malicious code. Sluice aims for the progressive, resource-sensitive verification of updates in sensor networks to ensure that malicious updates are not disseminated or installed, while trusted updates continue to be efficiently disseminated. Our verification mechanism provides authenticity and integrity through a hash-chain construction that amortizes the cost of a single digital signature over an entire update. We integrate Sluice with an existing network reprogramming protocol and empirically evaluate its effectiveness both in a real sensor testbed and through simulation. 1

Pairwise key establishment is a fundamental security service for sensor networks. However, establishing pairwise keys in sensor networks is a challenging problem, particularly due to the resource constraints on sensor nodes and the threat of node compromises. This paper proposes to use both pre-deployment and post-deployment knowledge to improve pairwise key pre-distribution in static sensor networks. By exploiting the pre-deployment knowledge, this paper first develops two key pre-distribution schemes, a closest pairwise keys scheme and a closest polynomials scheme. The analysis shows that these schemes can achieve better performance if the expected location information is available and that the smaller the deployment error is, the better performance they can achieve. The paper then investigates how to use post-deployment knowledge to improve pairwise key pre-distribution in static sensor networks. The idea is to load an excessive amount of pre-distributed keys on sensor nodes, prioritize these keys based on sensors ’ actual locations discovered after deployment, and discard low priority keys to thwart node compromise attacks. This approach is then used to improve the random subset assignment scheme proposed recently to demonstrate its practicality and effectiveness. The analysis indicates that the post-deployment knowledge can also greatly improve the performance and security of key pre-distribution. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General—Security and protection;

As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design. However, due to inherent resource and computing constraints, security in sensor networks poses different challenges than traditional network/computer security. There is currently enormous research potential in the field of wireless sensor network security. Thus, familiarity with the current research in this field will benefit researchers greatly. With this in mind, we survey the major topics in wireless sensor network security, and present the obstacles and the requirements in the sensor security, classify many of the current attacks, and finally list their corresponding defensive measures. 2