Secure sensor network communication protocols need to provide three basic properties: data secrecy, authentication, and replay protection. Secure sensor network link layer protocols such as Tiny-Sec [13] and ZigBee [28] enjoy significant attention in the community. However, TinySec achieves low energy consumption by reducing the level of security provided. In contrast, ZigBee enjoys high security, but suffers from high energy consumption. MiniSec is a secure network layer that obtains the best of both worlds: low energy consumption and high security. MiniSec has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication. The latter does not require per-sender state for replay protection and thus scales to large networks. We present a publicly available implementation of MiniSec for the Telos platform, and experimental results demonstrate our low energy utilization.

Advances in wireless communication and electronics have enabled the development of low-cost, lowpower, multifunctional sensor nodes. These tiny sensor nodes, consisting of sensing, data processing, and communication components, make it possible to deploy Wireless Sensor Networks (WSNs), which represent a significant improvement over traditional wired sensor networks. WSNs can greatly simplify system design and operation, as the environment being monitored does not require the communication or energy infrastructure associated with wired networks [1]. WSNs are expected to be solutions to many applications, such as detecting and tracking the passage of troops and tanks on a battlefield, monitoring environmental pollutants, measuring traffic flows on roads, and tracking the location of personnel in a building. Many sensor networks have mission-critical tasks and thus require that security be considered [2, 3]. Improper use of information or using forged information may cause unwanted information leakage and provide inaccurate results. While some aspects of WSNs are similar to traditional wireless ad hoc networks, important distinctions exist which greatly affect how security is achieved. The differences

As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design. However, due to inherent resource and computing constraints, security in sensor networks poses different challenges than traditional network/computer security. There is currently enormous research potential in the field of wireless sensor network security. Thus, familiarity with the current research in this field will benefit researchers greatly. With this in mind, we survey the major topics in wireless sensor network security, and present the obstacles and the requirements in the sensor security, classify many of the current attacks, and finally list their corresponding defensive measures. 2

Existing protocols for secure key establishment all rely on an unspecified mechanism for initially deploying secrets to sensor nodes. However, no commercially viable and secure mechanism exists for initial setup. Without a guarantee of secure key deployment, the traffic over a sensor network cannot be presumed secure. To address this problem, we present a user-friendly protocol for the secure deployment of cryptographic keys in sensor networks. We propose a collection of five techniques to prevent an attacker from eavesdropping on key deployment. To demonstrate feasibility for real-world use, we implement our protocol on Telos motes and conduct a user study.

Abstract. Wireless sensor networks and Radio Frequency Identifiers are becoming mainstream applications of ubiquitous computing. They are slowly being integrated into our infrastructure and therefore must incorporate a certain level of security. However, both applications are severely resource constrained. Energy scavenger powered sensor nodes and current RFID tags provide only 20 µW to 50 µW of power to the digital component of their circuits. This makes complex cryptography a luxury. In this paper we present a novel ultra-low power SHA-1 design and an energy efficient ultra-low power AES design. Both consume less than 30 µW of power and can therefore be used to provide the basic security services of encryption and authentication. Furthermore, we analyze their energy consumption based on the TinySec protocol and come to the somewhat surprising result, that SHA-1 based authentication and encryption is more energy efficient than using AES for payload sizes of 17 bytes or larger. 1

Abstract—Energy is a central concern in the deployment of wireless sensor networks. In this paper, we investigate the energy cost of cryptographic protocols, both from a communication and a computation point of view, based on practical measurements on the MICAz and TelosB sensors. We focus on the cost of two key agreement protocols: Kerberos and the Elliptic Curve Diffie-Hellman key exchange with authentication provided by the Elliptic Curve Digital Signature Algorithm (ECDH-ECDSA). We find that, in our context, Kerberos is around one order of magnitude less costly than the ECDH-ECDSA key exchange and confirm that it should be preferred in situations where a trusted third party is available. We also observe that the power dedicated to communications can become a central concern when the nodes need to stay in listen mode, e.g. between the protocol rounds, even when reduced using a Low Power Listening (LPL) protocol. Therefore, listening should be considered when assessing the cost of cryptographic protocols on sensor nodes. I.

Abstract—Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.

Abstract — So far, design and deployment of microelectronic, implantable devices has largely had a strongly ”ad-hoc ” character. The majority of existing devices has been custom-tailored to the specific application in mind, in an effort to abide by strict design constraints on safety as well as power and size. However, an enabling technology and the fact that implants are gradually becoming mainstream market products calls for a more structured design approach. Towards that end, in this paper we present ImpBench, a novel benchmark suite meant for designing and evaluating new digital processors for microelectronic implants. In an application field as wide as the various pathoses of the human body, we have conceptualized this suite based on common-sense and market-driven indicators, and we have established its usefulness and uniqueness based on extensive experimental measurement. The suite consists of eight carefully selected programs, chosen on the basis of popularity among contemporary and emerging implant applications. MiBench being the closest to our application field, that is embedded systems, has been used for a detailed comparative study. Since implants are required to perform control-, processing- or I/O-intensive tasks, various benchmark characteristics have been studied, namely: performance (IPC), cache and branch-prediction behavior, instruction distribution and power consumption. Results display significant variation from existing benchmarks to justify the need for and usefulness of ImpBench. Index Terms — implant, benchmark suite, profiling, kernel,

Software implementations of modern block ciphers often require large lookup tables along with code size increasing optimizations like loop unrolling to reach peak performance on general-purpose processors. Therefore, block ciphers are difficult to implement efficiently on embedded devices like smart cards or sensor nodes where run-time memory and program ROM are scarce resources. In this paper we analyze and compare the performance, energy consumption, runtime memory requirements, and code size of the five block ciphers RC6, Rijndael, Serpent, Twofish, and XTEA on the StrongARM SA-1100 processor. Most previous evaluations of block ciphers considered performance as the sole metric of interest and did not care about memory requirements or code size. In contrast to previous work, our study of the performance and energy characteristics of block ciphers has been conducted with “lightweight” implementations which restrict the size of lookup tables to 1 kB and also impose constraints on the code size. We found that Rijndael and RC6 can be well optimized for high performance and energy efficiency, while at the same time meeting the demand for low memory (RAM and ROM) footprint. In addition, we discuss the impact of key expansion and modes of operation on the overall performance and energy consumption of each block cipher. Our simulation results show that RC6 is the most energy-efficient block cipher under memory constraints and thus the best choice for resource-restricted devices.

Hop-by-hop data aggregation is a very important technique used to reduce the communication overhead and energy expenditure of sensor nodes during the process of data collection in a Wireless Sensor Network (WSN). However, the unattended nature of WSNs calls for data aggregation techniques to be secure. Indeed, sensor nodes can be compromised to mislead the base station by injecting bogus data into the network during both forwarding and aggregation of data. Moreover, data aggregation might increase the risk of confidentiality violations: If sensors close to the base station are corrupted, an adversary could easily access to the results of the “in network ” computation performed by the WSN. Further, nodes can also fail due to random and non-malicious causes (e.g. battery exhaustion), hence availability should be considered as well. In this paper we tackle the above issues that affect data aggregation techniques by proposing a mechanism that: i) provides both confidentiality and integrity of the aggregated data so that for