An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina State)

Wireless Sensor Networks Deploy Sensors

Key Distribution in WSN Deploy Sensors Secure Channels

Existing Approaches Key Pre-distribution Schemes Eschenauer and Gligor, CCS’02 Chan, Perrig, and Song, S&P’03 Du, Deng, Han, and Varshney, CCS’03 Du, Deng, Han, Chen, Varshney, INFOCOM’04 Liu and Ning, CCS’03 Assumption Public Keys are impractical for WSN We need to use Symmetric Keys

Three Years Later Has Public-Key Cryptography (PKC) became practical yet? The answer might still be NO, but … Recent Studies on using PKC on sensors PKC is feasible for WSN ECC signature verification takes 1.6s on Crossbow motes (Gura et al.)

The Advantage of PKC Resilience versus Connectivity SKC-based schemes have to make tradeoffs between resilience and connectivity PKC-based Key Distribution 100% resilience 100% connectivity

Let’s Switch to PKC? Sorry, I forgot to mention one thing: The gap between SKC and PKC is not going to change much unless a breakthrough in PKC occurs. Computation costs RC5 is 200 times faster than ECC Communication costs Signatures: ECC (320 bits), RSA (1024 bits), SHA1 (160 bits)

New Focuses My observation: We will be able to use PKC, but we will use SKC if that can save energy. We are doing this in traditional networks Example: session keys Research Problem Can we reduce the amount of PKC computations with the help of SKC?

Public Key Authentication Before a public key is used, it must to authenticated In traditional networks: we use certificates. Verifying certificates is a public key operation Can we do it more efficiently in WSN? A simple way: each node carries the hash of other nodes’ public keys Memory usage is too much (N-1 hash values)

Using Merkle Trees

Performance Memory Usage 1 + log(N) hash values (compared to N-1) 1: the root Log(N): the height of the Merkle tree Computation Cost Log(N) hash operations Communication Overhead If we use 160-bit SHA1 160 * log(N) bits When N=10,000, cost=2080 bits, worse than PKC We need to reduce the height

Trimming the Merkle Tree

A Smarter Trimming AB C

Deployment Knowledge How do we know that some nodes might more likely be neighbors than others? Deployment knowledge model.

A Group-Based Deployment Scheme

Modeling of The Group-Based Deployment Scheme Deployment Points

Trimming Strategy

Deployment-based Trimming

Finding Optimal a,b,c, and d The optimization problem: S: number of sensors in each deployment group m max : maximum amount of memory Minimize C = w 0 a + w 1 b + w 2 c + w 3 d  Subject to

Evaluation

Communication Overhead vs. Memory Usages

Communication Overhead vs. Network Size

Impact of Deployment Knowledge: σ

Impact of Modeling Accuracy

Energy consumption

Comparing Energy cost with RSA / ECC Performance of authenticating public keys using various algorithms

Conclusion and Future Work Public Key Cryptography (PKC) Will soon be available for sensor networks Usage of PKC should still be minimized We propose an efficient scheme to achieve public key authentication. Future work Optimize other PKC computations