Image Processing Reference
In-Depth Information
devices, and the fact that some nodes might get compromised. These constraints opt out some
well-established alternatives: asymmetric cryptography [DH,RSA,ElG] is generally consid-
ered to be too expensive as it results in high computational cost and long ciphertexts and signatures
(sending and receiving are very expensive!). Especially, public key management based on certificates
exceeds the sensor nodes' energy budget, and key revocation is almost impossible to realize under
the restricted conditions in sensor networks. Even symmetric cryptography implementation turns
outtobenon-straightforwardduetoarchitecturallimitationsandenergyconstraints.Furthermore,
the key management for authenticating broadcast-like communications calls for new approaches, as
simple distribution of one symmetric group key among all receivers would not allow to cope with
compromised sensor nodes.
Perrig et al. therefore propose two main security protocols:
Sensor Network Encryption Protocol (SNEP) for realizing efficient end-to-end security
betweennodesandbasestations
Variantofthe Timed Efficient Stream Loss-tolerant Authentication Protocol (TESLA) ,
called μ TESLA , for authenticating broadcast communications that will be further dis-
cussed in Section .
The main goal in the development of SNEP was the efficient realization of end-to-end security ser-
vices for two-party communication. SNEP provides the security services “data confidentiality,” “data
origin authentication”, and “replay protection.” he considered communication patterns are “node to
base station” (e.g., sensor readings) and “base station to individual nodes” (e.g., specific requests).
Securing messages from a “base station to all nodes” (e.g., routing beacons, queries, reprogramming
of the entire network) is the task of the μTESLA protocol to be discussed in Section .. ..The main
design decisions in the development of SNEP were to avoid use of asymmetric cryptography, to con-
struct all cryptographic primitives out of a single block cipher, and to exploit common state to reduce
communication overhead where this is possible.
SNEP's basic trust model assumes that two communicating entities A and B share a common mas-
ter key X A , B . Initially, the base station shares a master key with all nodes and node-to-node master
keyscanbenegotiatedwiththehelpofthebasestation(seebelow).Fromsuchamasterkey,two
confidentiality keys CK A , B , CK B , A (one per direction), two integrity keys IK A , B , IK B , A ,andaran-
dom seed RK A , B are derived according to the following equations (for definition of function F see
below):
CK A , B
=
F X A , B
(
)
CK B , A
=
F X A , B
(
)
IK A , B
=
F X A , B
(
)
IK B , A
=
F X A , B
(
)
RK A , B
=
F X A , B
(
)
The principal cryptographic primitive of SNEP is the RC algorithm [BR]. Three parameters of
this algorithm can be configured: the word length w
[
bit
]
,thenumberofrounds r ,andthekeysize
b
, and the resulting instantiation of the algorithm is denoted as RC-w/r/b .WhatmakesRC
specifically suitable for implementation in sensor nodes is the fact that it can be programmed with a
few lines of code and that the main algorithm only makes use of three simple and efficient to execute
instructions: two's complement addition
[
byte
]
+
of words
(
mod w
)
,bit-wise XOR of words, and cyclic
rotation
. Figure . illustrates the encryption function. he corresponding decryption function
canbeeasilyobtainedbybasically“readingthecodeinreverse.”Priortoen-ordecryptionwithRC,
an array s
<<<
has to be filled by a key preparation routine that is a little bit more tricky, but also
uses only simple instructions.
[
,  r
+
]
Search WWH ::




Custom Search