An Efficient Scheme for Authenticating Public Keys

in Sensor Networks

Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse)

Peng Ning (North Carolina State)

Wireless Sensor Networks

DeploySensors

Key Distribution in WSN

DeploySensors

Secure Channels

Existing Approaches Key Pre-distribution Schemes

Eschenauer and Gligor, CCS’02 Chan, Perrig, and Song, S&P’03 Du, Deng, Han, and Varshney, CCS’03 Du, Deng, Han, Chen, Varshney, INFOCOM’04 Liu and Ning, CCS’03

Assumption Public Keys are impractical for WSN We need to use Symmetric Keys

Three Years Later Has Public-Key Cryptography (PKC) became

practical yet? The answer might still be NO, but …

Recent Studies on using PKC on sensors PKC is feasible for WSN ECC signature verification takes 1.6s on

Crossbow motes (Gura et al.)

The Advantage of PKC Resilience versus Connectivity

SKC-based schemes have to make tradeoffs between resilience and connectivity

PKC-based Key Distribution 100% resilience 100% connectivity

Let’s Switch to PKC? Sorry, I forgot to mention one thing:

The gap between SKC and PKC is not going to change much unless a breakthrough in PKC occurs.

Computation costs RC5 is 200 times faster than ECC

Communication costs Signatures: ECC (320 bits), RSA (1024 bits),

SHA1 (160 bits)

New Focuses My observation:

We will be able to use PKC, but we will use SKC if that can save energy.

We are doing this in traditional networks Example: session keys

Research Problem Can we reduce the amount of PKC computations with the help of SKC?

Public Key Authentication Before a public key is used, it must to

authenticated In traditional networks: we use certificates.

Verifying certificates is a public key operation

Can we do it more efficiently in WSN? A simple way: each node carries the hash of

other nodes’ public keys Memory usage is too much (N-1 hash values)

Using Merkle Trees

Performance Memory Usage

1 + log(N) hash values (compared to N-1) 1: the root Log(N): the height of the Merkle tree

Computation Cost Log(N) hash operations

Communication Overhead If we use 160-bit SHA1 160 * log(N) bits When N=10,000, cost=2080 bits, worse than PKC We need to reduce the height

Trimming the Merkle Tree

A Smarter Trimming

A B

C

Deployment Knowledge How do we know that some nodes might

more likely be neighbors than others? Deployment knowledge model.

A Group-Based Deployment Scheme

A Group-Based Deployment Scheme

Modeling of The Group-Based Deployment Scheme

Deployment Points

Trimming Strategy

Deployment-based Trimming

Finding Optimal a,b,c, and d The optimization problem:

S: number of sensors in each deployment group mmax: maximum amount of memory

Minimize C = w0• a + w1• b + w2• c + w3• d

Subject to

Evaluation

Communication Overhead vs. Memory Usages

Communication Overhead vs. Network Size

Impact of Deployment Knowledge: σ

Impact of Modeling Accuracy

Energy consumption

Comparing Energy cost with RSA / ECC

Performance of authenticating public keys using various algorithms

Conclusion and Future Work Public Key Cryptography (PKC)

Will soon be available for sensor networks Usage of PKC should still be minimized We propose an efficient scheme to achieve public

key authentication. Future work

Optimize other PKC computations