Wireless sensor networks need broadcast for operations such as software updates, network queries, and command dissemination. Alongside ensuring authenticity of the source and data, keeping the broadcast data secret is vital in certain applications such as battlefield control, emergency response, and natural resource management. In this paper we propose and prototype a mechanism for ensuring confidentiality and authenticity of broadcast data in single-hop networks, and discuss possible extensions to multi-hop settings. Our scheme uses known lowcomplexity symmetric encryption techniques for confidentiality, while changing the encryption key on a per-packet basis in a verifiable but non-forgeable way to ensure authenticity. Message integrity, freshness, and semantic security are also provided, and the broadcast data can be dynamic and incrementally processed. We incorporate our security scheme into Deluge, the de facto network programming protocol in TinyOS, and quantify the cost in terms of broadcast data transfer time and node memory space on a TelosB mote based platform. I
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.