Cryptography Reference
In-Depth Information
security requirements and are useful in mitigating impersonation attacks. They are also
useful in preventing the ever-increasing DoS and DDoS attacks on limited resource
constraint environments such as WSN. Three scenarios exist in WSN that require
authenticated communication:
• Sink node to sensor nodes and vice versa
• Sensor node with other sensor nodes
• Outside user and sensor nodes
Most of the time, critical applications in WSN require a message to be sent as
promptly as possible. The intermediate nodes between the sender and receiver are
responsible for relaying the message to the receiver. If one of the nodes is compromised,
the malicious node can inject falsified packets into the network while routing messages.
Such an act could lead to falsified distribution of such messages and, in turn, deplete
the energy levels of other honest nodes. Hence, there is a need to filter messages as early
as possible by authenticating every message, consequently conserving relaying energy.
In most WSN applications, the sensor nodes are expected to aggregate, process,
store, and supply sensed data upon the end-user's query. For example, in a military
application, soldiers would require constant interaction with motion sensors that detect
any movement along the border. In such situations, a large number of mobile or static
end users could query the sensor nodes for sensed data. Usually, such interactions are
realized through broadcast/multicast operations. Therefore, in such situations, a broad-
cast authentication mechanism is required before the query is sent. Furthermore, access
control is also required, which would only allow the authorized user to access data to
which he is entitled. Broadcast authentication was first addressed by Timed Efficient
Stream Loss-tolerant Authentication ( TESLA) (Perrig et al. 2001). In this scheme,
users are assumed to be a few trustworthy sink nodes. This scheme uses one-way hash
functions and the hash pre-images are used as keys to the Message Authentication
Code (MAC) algorithm.
However, the messages are transmitted through a wireless medium, which con-
sumes a considerable amount of time. In addition, the hop-by-hop routing nature of
WSN further creates a delay in transmission. Hence, there is an increased need for
rapid generation and verification of signature schemes.
The existing symmetric schemes such as TESLA and its variants use Message
Authentication Code (MAC) to gain efficiency in terms of processing and energy con-
sumption. However, these symmetric schemes suffer from delayed authentication and
sluggish performance for large-scale networks, and they are susceptible to DoS attacks
due to late authentication. Furthermore, multiple senders cannot send authenticated
broadcast messages simultaneously. For example, if a single node is interested in broad-
casting a message, it would have to send a Unicast message to its respective sink node,
which would then broadcast the message to all the other nodes on its behalf. Because of
resource constrains, asymmetric schemes—for example, digital signatures that would
require public key certificates—were pronounced inefficient. Hence, to address this
problem, security researchers and cryptographers started exploring new avenues to
introduce authentication in public-key cryptography in WSN. One of the approaches
Search WWH ::




Custom Search