An Efficient Scheme for Authenticating Public Keys
in Sensor Networks
Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse)
Peng Ning (North Carolina State)
Wireless Sensor Networks
DeploySensors
Key Distribution in WSN
DeploySensors
Secure Channels
Existing Approaches Key Pre-distribution Schemes
Eschenauer and Gligor, CCS’02 Chan, Perrig, and Song, S&P’03 Du, Deng, Han, and Varshney, CCS’03 Du, Deng, Han, Chen, Varshney, INFOCOM’04 Liu and Ning, CCS’03
Assumption Public Keys are impractical for WSN We need to use Symmetric Keys
Three Years Later Has Public-Key Cryptography (PKC) became
practical yet? The answer might still be NO, but …
Recent Studies on using PKC on sensors PKC is feasible for WSN ECC signature verification takes 1.6s on
Crossbow motes (Gura et al.)
The Advantage of PKC Resilience versus Connectivity
SKC-based schemes have to make tradeoffs between resilience and connectivity
PKC-based Key Distribution 100% resilience 100% connectivity
Let’s Switch to PKC? Sorry, I forgot to mention one thing:
The gap between SKC and PKC is not going to change much unless a breakthrough in PKC occurs.
Computation costs RC5 is 200 times faster than ECC
Communication costs Signatures: ECC (320 bits), RSA (1024 bits),
SHA1 (160 bits)
New Focuses My observation:
We will be able to use PKC, but we will use SKC if that can save energy.
We are doing this in traditional networks Example: session keys
Research Problem Can we reduce the amount of PKC computations with the help of SKC?
Public Key Authentication Before a public key is used, it must to
authenticated In traditional networks: we use certificates.
Verifying certificates is a public key operation
Can we do it more efficiently in WSN? A simple way: each node carries the hash of
other nodes’ public keys Memory usage is too much (N-1 hash values)
Using Merkle Trees
Performance Memory Usage
1 + log(N) hash values (compared to N-1) 1: the root Log(N): the height of the Merkle tree
Computation Cost Log(N) hash operations
Communication Overhead If we use 160-bit SHA1 160 * log(N) bits When N=10,000, cost=2080 bits, worse than PKC We need to reduce the height
Trimming the Merkle Tree
A Smarter Trimming
A B
C
Deployment Knowledge How do we know that some nodes might
more likely be neighbors than others? Deployment knowledge model.
A Group-Based Deployment Scheme
A Group-Based Deployment Scheme
Modeling of The Group-Based Deployment Scheme
Deployment Points
Trimming Strategy
Deployment-based Trimming
Finding Optimal a,b,c, and d The optimization problem:
S: number of sensors in each deployment group mmax: maximum amount of memory
Minimize C = w0• a + w1• b + w2• c + w3• d
Subject to
Evaluation
Communication Overhead vs. Memory Usages
Communication Overhead vs. Network Size
Impact of Deployment Knowledge: σ
Impact of Modeling Accuracy
Energy consumption
Comparing Energy cost with RSA / ECC
Performance of authenticating public keys using various algorithms
Conclusion and Future Work Public Key Cryptography (PKC)
Will soon be available for sensor networks Usage of PKC should still be minimized We propose an efficient scheme to achieve public
key authentication. Future work
Optimize other PKC computations