Cryptographic key distribuition in sensor networks

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Redes de Sensores Sem Fio (RSSFs) são compostas em sua maioria por pequenos nós sensores dotados de recursos extremamente limitados. Estes, por sua vez, se comunicam com o mundo externo através de nós poderosos chamados de sorvedouros ou estações rádio base. RSSFs são empregadas com o objetivo de monitorar regiões, oferecendo dados sobre a área monitorada para o resto do sistema. Tais redes podem ser utilizadas para diferentes aplicações, tais como operações de resgate em áreas de conflito/desastre, espionagem industrial e detecção de exploração ilegal de recursos naturais. Em RSSFs existem aplicações críticas nas quais propriedades de segurança são de vital importância. Segurança, por sua vez, é comumente alavancada através de esquemas de distribuição de chaves. A maioria dos padrões de distribuição de chaves presentes na literatura, todavia, não são apropriados para RSSFs: métodos baseados em esquemas de chave pública convencionais, devido aos seus requisitos de processamento e banda; chaves de grupo, em função das suas vulnerabilidades de segurança; e chaves par-a-par (pairwise), por causa da baixa escalabilidade. Um outro dado é que há uma vasta gama de arquiteturas propostas para RSSFs e que uma mesma técnica de distribuição de chaves pode ser a melhor para uma, mas não para outra, visto que diferentes arquiteturas de rede exibem padrões de comunicação distintos. Em outras palavras, não existe uma panacéia, e mecanismos de distribuição de chaves para RSSFs devem, portanto, levar em consideração as idiossincrasias das arquiteturas para as quais são projetadas. Tudo isso torna extremamente difícil e desafiadora a tarefa de dotar RSSFs de segurança. O objetivo deste trabalho foi propor soluções de distribuição de chaves que, concomitantemente, (i) fossem compatíveis com os recursos dos sensores e (ii) considerassem as particularidades das arquiteturas para as quais são propostas. Como será mostrado ao longo desta tese, iniciamos nosso trabalho com soluções personalizadas para certas arquiteturas de RSSFs e evoluímos para soluções flexíveis em que a segurança é alavancada de forma não interativa - o que é ideal para este tipo de rede. Até onde sabemos, nosso trabalho é pioneiro em soluções de segurança para RSSFs hierárquicas e em distribuição de chaves de forma autenticada e não interativa, usando Criptografia Baseada em Identidade, neste tipo de rede.Abstract: Wireless sensor networks (WSNs) are ad hoc networks comprised mainly of small sensor nodes with limited resources and one or more base stations, which are much more powerful laptop-class nodes that connect the sensor nodes to the rest of the world. WSNs are used for monitoring purposes, providing information about the area being monitored to the rest of the system. Application areas range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. There are also critical WSN applications in which security properties are of paramount importance. Security, in turn, is frequently bootstrapped through key distribution schemes. Most of the key distribution techniques, however, are ill-suited to WSNs: public key based distribution, because of its processing and bandwidth requirements; global keying, because of its security vulnerabilities; complete pairwise keying, because of its memory requirements. It is worth noting, however, that a large number of WSN architectures have been proposed and a key distribution solution that is well suited to one architecture is likely not to be the best for another, as different network architectures exhibit different communication patterns. In other words, there is no panacea and the design of a key distribution scheme must therefore be driven by the peculiarities of the WSN architecture in question. This all makes extremely hard and challenging the objective of securing WSNs. In this work, we aimed at proposing key distribution schemes that are both (i) lightweight and (ii) able to fulfill architecture-specific needs. As it will be shown throughout this thesis, we began our work with customized solutions for certain types of WSNs and then, subsequently, turned our attention to more flexible solutions, where security is bootstrapped in a non-interactive way through the use of Identity-Based Cryptography.DoutoradoTeoria da ComputaçãoDoutor em Ciência da Computaçã

Tinypbc: Pairings For Authenticated Identity-based Non-interactive Key Distribution In Sensor Networks

Key distribution in Wireless Sensor Networks (WSNs) is challenging. Symmetric cryptosystems can perform it efficiently, but they often do not provide a perfect trade-off between resilience and storage. Further, even though conventional public key and elliptic curve cryptosystem are computationally feasible on sensor nodes, protocols based on them are not. They require exchange and storage of large keys and certificates, which is expensive. Using Pairing-based Cryptography (PBC) protocols, conversely, parties can agree on keys without any interaction. In this work, we (i) show how security in WSNs can be bootstrapped using an authenticated identitybased non-interactive protocol and (ii) present TinyPBC, to our knowledge, the most efficient implementation of PBC primitives for an 8-bit processor. TinyPBC is able to compute pairings in about 5.5s on an ATmegal28L clocked at 7.3828-MHz (the MICA2 and MICAZ node microcontroller).173180Estrin, D., Govindan, R., Heidemann, J.S., Kumar, S., Next century challenges: Scalable coordination in sensor networks (1999) MobiCom'99, pp. 263-270Sakai, R., Ohgishi, K., Kasahara, M., Cryptosystems based on pairing (2000) Symposium on Cryptography and Information Security (SCIS'00), pp. 26-28. , JanJoux, A., The weil and tate pairings as building blocks for public key cryptosystems (2002) ANTS-V: The 5th Int'l Symposium on Algorithmic Number Theory, pp. 20-32Menezes, A., Okamoto, T., Vanstone, S., Reducing elliptic curve logarithms to logarithms in a finite field (1993) IEEE Trans. on Information Theory, 39 (5), pp. 1639-1646Boneh, D., Franklin, M., Identity-based encryption from the weil pairing (2003) SIAM J. Comput, 32 (3), pp. 586-615. , also appeared in CRYPTO '01Shamir, A., Identity-based cryptosystems and signature schemes (1984) CRYPTO'84, pp. 47-53. , Springer-VerlagC. Karlof and D. Wagner, Secure routing in wireless sensor networks: Attacks and countermeasures, Elsevier's AdHoc Networks Journal, Sp. Issue on Sensor Network Applications and Protocols, 1, no. 2-3, pp. 293-315, 2003, also in 1st IEEE Int'l Workshop on Sensor Networks Protocols and ApplicationsKarlof, C., Sastry, N., Wagner, D., Tinysec: A link layer security architecture for wireless sensor networks (2004) 2nd ACM SensSys, pp. 162-175. , NovHill, J.L., Culler, D.E., Mica: A wireless platform for deeply embedded networks (2002) IEEE Micro, 22 (6), pp. 12-24Scott, M., (2003) MIRACL-A Multiprecision Integer and Rational Arithmetic C/C++ Library, , http://indigo.ie/mscott, Shamus Software Ltd, Dublin, Ireland, available atSchneier, B., (1996) Applied Cryptography, , 2nd ed. WileyCarman, D.W., Kruus, P.S., Matt, B.J., Constraints and approaches for distributed sensor network security (2000), NAI Labs, Network Associates, Inc, Tech. Rep. 00-010Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D., SPINS: Security protocols for sensor networks (2002) Wireless Networks, 8 (5), pp. 521-534. , also in MobiCom'OlEschenauer, L., Gligor, V.D., A key management scheme for distributed sensor networks (2002) 9th ACM conf. on Computer and communications security (CCS'02), pp. 41-47Zhu, S., Setia, S., Jajodia, S., LEAP: Efficient security mechanisms for large-scale distributed sensor networks (2003) 10th ACM conference on Computer and communication security (CCS'03), pp. 62-72. , ACM PressPietro, R.D., Mancini, L.V., Mei, A., Random keyassignment for secure wireless sensor networks (2003) 1st ACM workshop on Sec. of ad hoc and sensor net. (SASN'03)Chan, H., Perrig, A., Song, D., Random key predistribution schemes for sensor networks (2003) IEEE Symposium on Security and Privacy (S&P'O3), pp. 197-213. , mayKannan, R., Ray, L., Durresi, A., Security-performance tradeoffs of inheritance based key predistribution for wireless sensor networks (2004) 1st European Workshop on Security in Wireless and Ad-Hoc Sensor Networks (ESAS'04)Hwang, J., Kim, Y., Revisiting random key pre-distribution schemes for wireless sensor networks (2004) 2nd ACM workshop on Security of ad hoc and sensor networks, pp. 43-52Çamtepe, S.A., Yener, B., Combinatorial design of key distribution mechanisms for wireless sensor networks (2004) 9th European Symposium on Research Computer Security (ESOR1CSV4), pp. 293-308Du, W., Deng, J., Han, Y.S., Varshney, P.K., Katz, J., Khalili, A., A pairwise key pre-distribution scheme for wireless sensor networks (2005) ACM Trans. on Info. and System Security, 8 (2), pp. 228-258. , also in ACM CCS'03Liu, D., Ning, P., Li, R., Establishing pairwise keys in distributed sensor networks (2005) ACM Trans. on Info. and System Security, 8 (1), pp. 41-77. , also in ACM CCS'03Oliveira, L.B., Wong, H.C., Dahab, R., Loureiro, A.A.F., On the design of secure protocols for hierarchical sensor networks (2007) International Journal of Security and Networks (IJSN), 2 (3-4), pp. 216-227Oliveira, L.B., Ferreira, A., Vilaça, M.A., Wong, H.C., Bern, M., Dahab, R., Loureiro, A.A.F., SecLEACH-on the security of clustered sensor networks (2007) Signal Process, 87 (12), pp. 2882-2895Watro, R.J., Kong, D., fen Cuti, S., Gardiner, C., Lynn, C., Kruus, P., TinyPK: Securing sensor networks with public key technology (2004) 2nd ACM Workshop on Security of ad hoc and Sensor Networks (SASN'04), pp. 59-64Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C., Comparing elliptic curve cryptography and rsa on 8-bit cpus (2004) Workshop on Cryptographic Hardware and Embedded, Systems (CHES'04), pp. 119-132Malan, D.J., Welsh, M., Smith, M.D., A public-key infrastructure for key distribution in tinyos based on elliptic curve cryptography (2004) 1st IEEE International Conference on Sensor and Ad, Hoc Communications and Networks (SECON'04)Du, W., Wang, R., Ning, P., An efficient scheme for authenticating public keys in sensor networks (2005) 6th ACM MobiHoc '05, pp. 58-67. , New YorkPaterson, K.G., Cryptography from pairings (2005) ser. London Mathematical Society Lecture Notes, 1, pp. 215-251. , Advances in Elliptic Curve Cryptography, F. Blake, G. Seroussi, and N. Smart, Eds. Cambridge Univ. Press, 317, ch. X, ppCocks, C., An identity based encryption scheme based on quadratic residues (2001) 8th IMA Int'l Conference on Cryptography and Coding, pp. 360-363. , Springer-VerlagA. Joux, A one round protocol for tripartite diffie-hellman. J. Cryptology, 17, no. 4, pp. 263-276, 2004, also in ANTS'00Galbraith, S.D., Pairings (2005) ser. London Mathematical Society Lecture Notes, 1, pp. 183-213. , Advances in Elliptic Curve Cryptography, F. Blake, G. Seroussi, and N. Smart, Eds. Cambridge Univ. Press, 317, ch. IX, ppGalbraith, S., Paterson, K., Smart, N., Pairings for cryptographers (2006), Cryptology ePrint Archive, Report 2006/165Ganesan, P., Venugopalan, R., Peddabachagari, P., Dean, A., Mueller, F., Sichitiu, M., Analyzing and modeling encryption overhead for sensor network nodes (2003) ACM Int'l, conf on Wireless sensor networks and applications, pp. 151-159Barreto, P.S.L.M., Galbraith, S., hEigeartaigh, C.O., Scott, M., Efficient pairing computation on supersingular abelian varieties (2006) Designs Codes And CryptographyDuursma, M., Lee, H.-S., Tate pairing implementation for hyperelliptic curves y2 = xp-x + d (2003) 9th ASIACRYPT'03, pp. 111-123. , SpringerScott, M., Optimal irreducible polynomials for GF(2m) arithmetic (2007), Cryptology ePrint Archive, Report 2007/192López, J., Dahab, R., High-speed software multiplication in GF(2m) (2000) lecture Notes in Computer Science, pp. 203-212. , Progress in Cryptology, INDOCRYPT'00Karatsuba, A., Ofman, Y., Multiplication of multidigit numbers on automata (1963) Soviet Physics-Doklad (Engl. transi), 7 (7), pp. 595-596Szczechowiak, P., Oliveira, L.B., Scott, M., Collier, M., Dahab, R., NanoECC: Testing the limits of elliptic curve cryptography in sensor networks (2008) European conference on Wireless Sensor Networks (EWSN'08), pp. 305-320Bartolini, S., Branovic, I., Giorgi, R., Martinelli, E., Effects of instruction-set extensions on an embedded processor: A case study on elliptic curve cryptography over GF(2m) (2007) IEEE Transactions on Computers, , to appearhttp://discovery.csc.ncsu.edu/software/TinyECC, A. Liu, P. Kampanakis, and P. Ning, Tinyecc: Elliptic curve cryptography for sensor networks ver. 0.3, 2005Blundo, C., Santis, A.D., Herzberg, A., Kutten, S., Vaccaro, U., Yung, M., Perfectly-secure key distribution for dynamic conferences (1992) CRYPTO '92, pp. 471-486Blom, R., An optimal class of symmetric key generation systems (1984) EUROCRYPT 84, pp. 335-338Zhang, Y., Liu, W., Lou, W., Fang, Y., Securing sensor networks with location-based keys (2005) IEEE Wireless Communications and Networking Conference (WCNC'05)Doyle, B., Bell, S., Smeaton, A.F., McCusker, K., O'Connor, N., Security considerations and key negotiation techniques for power constrained sensor networks (2006) The Computer Journal, 49 (4), pp. 443-453Oliveira, L.B., Dahab, R., Lopez, J., Daguano, F., Loureiro, A.A.F., Identity-based encryption for sensor networks (2007) 5th IEEE Int'l Conference on Pervasive Computing and Communications Workshops (PERCOMW '07), pp. 290-294Oliveira, L.B., Aranha, D., Morais, E., Daguano, F., López, J., Dahab, R., TinyTate: Computing the tate pairing in resource-constrained nodes (2007) 6th IEEE International Symposium on Network Computing and Applications, pp. 318-323. , Jul

Nanoecc: Testing The Limits Of Elliptic Curve Cryptography In Sensor Networks

By using Elliptic Curve Cryptography (ECC), it has been recently shown that Public-Key Cryptography (PKC) is indeed feasible on resource-constrained nodes. This feasibility, however, does not necessarily mean attractiveness, as the obtained results are still not satisfactory enough. In this paper, we present results on implementing ECC, as well as the related emerging field of Pairing-Based Cryptography (PBC), on two of the most popular sensor nodes. By doing that, we show that PKC is not only viable, but in fact attractive for WSNs. As far as we know pairing computations presented in this paper are the most efficient results on the MICA2 (8-bit/7.3828-MHz ATmega128L) and Tmote Sky (16-bit/8.192-MHz MSP-430) nodes. © 2008 Springer-Verlag Berlin Heidelberg.4913 LNCS305320Estrin, D., Govindan, R., Heidemann, J.S., Kumar, S., Next century challenges: Scalable coordination in sensor networks (1999) MobiCom 1999. Mobile Computing and Networking, pp. 263-270. , Seattle, WA USA, ppAkyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E., Wireless Sensor Networks: A survey (2002) Computer Networks, 38 (4), pp. 393-422Karlof, C., Wagner, D., Secure routing in Wireless Sensor Networks: Attacks and countermeasures. Elsevier's AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols 293-315 (2003) (Also apeared in 1st IEEE International Workshop on Sensor Network Protocols and Applications)Wood, A.D., Stankovic, J.A., Denial of service in sensor networks (2002) IEEE Computer, 35 (10), pp. 54-62Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D.: SPINS: Security protocols for sensor networks. Wireless Networks 8(5), 521-534 (2002) (Also appeared in MobiCom 2001)Karlof, C., Sastry, N., Wagner, D., Tinysec: A link layer security architecture for Wireless Sensor Networks (2004) 2nd ACM SensSys, pp. 162-175Watro, R.J., Kong, D., fen Cuti, S., Gardiner, C., Lynn, C., Kruus, P., Tinypk: Securing sensor networks with public key technology (2004) SASN 2004. 2nd ACM Workshop on Security of ad hoc and Sensor Networks, pp. 59-64. , Washington, DC, ppGura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, 3156, pp. 119-132. Springer, Heidelberg (2004)Malan, D.J., Welsh, M., Smith, M.D., A Public-Key Infrastructure for key distribution in TinyOS based on Elliptic Curve Cryptography (2004) SECON 2004. 1st IEEE Intl' Conf. on Sensor and Ad Hoc Communications and NetworksOliveira, L.B., Aranha, D., Morais, E., Daguano, F., López, J., Dahab, R., Tiny-Tate: Computing the TinyTate in resource-constrained nodes (2007) 6th IEEE International Symposium on Network Computing and Applications, , Cambridge,MAMiller, V., Uses of elliptic curves in cryptography, advances in cryptology (1986) LNCS, 218, pp. 417-426. , Williams, H.C, ed, CRYPTO 1985, Springer, HeidelbergKoblitz, N., Elliptic curve cryptosystems (1987) Mathematics of computation, 48, pp. 203-209Scott, M.: MIRACL - A Multiprecision Integer and Rational Arithmetic C/C++ Library. Shamus Software Ltd, Dublin, Ireland (2003), http://www.shamus.ieZhou, L., Haas, Z.J., Securing Ad Hoc Networks (1999) IEEE Network, 13 (6), pp. 24-30Hubaux, J.P., Buttyán, L., Capkun, S., The quest for security in mobile ad hoc networks (2001) 2nd ACM international symposium on Mobile ad hoc networking & computing, pp. 146-155. , ACM Press, New YorkEschenauer, L., Gligor, V.D., A key management scheme for distributed sensor networks (2002) CCS 2002. 9th ACM conf. on Computer and communications security, pp. 41-47Zhu, S., Setia, S., Jajodia, S., LEAP: Efficient security mechanisms for large-scale distributed sensor networks (2003) CCS 2003. 10th ACM conference on Computer and communication security, pp. 62-72. , ACM Press, New YorkPietro, R.D., Mancini, L.V., Mei, A., Random key-assignment for secure Wireless Sensor Networks (2003) SASN 2003. 1st ACM workshop on Security of ad hoc and sensor networks, pp. 62-71Kannan, R., Ray, L., Durresi, A.: Security-performance tradeoffs of inheritance based key predistribution for Wireless Sensor Networks. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, 3313, Springer, Heidelberg (2005)Çamtepe, S.A., Yener, B.: Combinatorial design of key distribution mechanisms for Wireless Sensor Networks. In: Samarati, P., Ryan, P.Y A, Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, 3193, pp. 293-308. Springer, Heidelberg (2004)Liu, D., Ning, P., Li, R.: Establishing pairwise keys in distributed sensor networks. ACM Transactions on Information and System Security (TISSEC) 8(1), 41-77 (2005)(Also appeared in ACM CCS 2003)Du, W., Deng, J., Han, Y.S., Varshney, P.K., Katz, J., Khalili, A.: A pairwise key pre-distribution scheme for Wireless Sensor Networks. ACM Transactions on Information and System Security 8(2), 228-258 (2005) (Also appeared in ACM CCS 2003)Oliveira, L.B., Wong, H.C., Dahab, R., Loureiro, A.A.F., On the design of secure protocols for hierarchical sensor networks (2007) International Journal of Networks and Security (IJSN) 2(3/4), pp. 216-227. , Special Issue on Cryptography in NetworksOliveira, L.B., Ferreira, A., cca, M.A.V., Wong, H.C., Bern, M., Dahab, R., Loureiro, A.A.F., Secleach-on the security of clustered sensor networks (2007) Signal Process, 87 (12), pp. 2882-2895Hwang, J., Kim, Y., Revisiting random key pre-distribution schemes for Wireless Sensor networks (2004) 2nd ACM workshop on Security of ad hoc and sensor networks, pp. 43-52. , ACM Press, New Yorkhttp://discovery.csc.ncsu.edu/software/TinyECC, Liu, A, Kampanakis, P, Ning, P, Tinyecc: Elliptic Curve Cryptography for sensor networks ver. 0.3, 2007Guajardo, J., Bluemel, R., Krieger, U., Paar, C.: Efficient implementation of Elliptic Curve Cryptosystems on the TI MSP430x33x family of microcontrollers. In: Kim, K.-c. (ed.) PKC 2001. LNCS, 1992, Springer, Heidelberg (2001)Wang, H., Sheng, B., Li, Q., Elliptic Curve Cryptography based access control in sensor networks. International Journal of Security and Networks (IJSN) (2006) Special Issue on Security Issues on Sensor Networks 1(3/4), pp. 127-137Polastre, J., Szewczyk, R., Culler, D., Telos: Enabling ultra-low power wireless research (2005) IPSN 2005. 4th international symposium on Information processing in sensor networks, p. 48. , IEEE Press, Piscataway, NJ, USAZhang, Y., Liu, W., Lou, W., Fang, Y., Securing sensor networks with location-based keys (2005) WCNC 2005. IEEE Wireless Communications and Networking ConferenceOliveira, L.B., Dahab, R.: Pairing-based cryptography for sensor networks. In: 5th IEEE International Symposium on Network Computing and Applications, Cambridge, MA (fast abstract) (2006)Doyle, B., Bell, S., Smeaton, A.F., McCusker, K., O'Connor, N., Security considerations and key negotiation techniques for power constrained sensor networks (2006) The Computer Journal, 49 (4), pp. 443-453McCusker, K., O'Connor, N., Diamond, D., Low-energy finite field arithmetic primitives for implementing security in Wireless Sensor Networks (2006) 2006 Intl. Conf. on Communications, Circuits and systems. Computer, Optical and BroadbandCommunicationsComputational Intelligence, 3, pp. 1537-1541Bellare, M., Namprempre, C., Neven, G., Unrestricted aggregate signatures. Cryptology ePrint Archive (2006), http://eprint.iacr.org, Report 2006/285Oliveira, L.B., Dahab, R., Lopez, J., Daguano, F., Loureiro, A.A.F., Identity-based encryption for sensor networks (2007) PERCOMW 2007. 5th IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 290-294Segars, S., ARM7TDMI power consumption (1997) IEEE Micro, 17 (4), pp. 12-19López, J., Dahab, R., An overview of Elliptic Curve Cryptography (2000), Technical Report IC-00-10, Institute of Computing, UNIAMPMenezes, A., Okamoto, T., Vanstone, S., Reducing elliptic curve logarithms to logarithms in a finite field (1993) IEEE Transactions on Information Theory, 39 (5), pp. 1639-1646Sakai, R., Ohgishi, K., Kasahara, M., CryptoSystems based on pairing (2000) SCIS 2000. Symposium on Cryptography and Information Security, pp. 26-28Joux, A.: A one round protocol for tripartite diffie-hellman. J. Cryptology 17(4), 263-276 (2004) (Proceedings of ANTS-IV, 2000)Galbraith, S., Pairings, Advances in Elliptic Curve Cryptography (2005) London Mathematical Society Lecture Notes, pp. 183-213. , Blake, I, Seroussi, C, Smart, N, eds, Cambridge University Press, Cambridge(2006) ATmegal28(L) datasheet, , http://www.atmel.comTl, M.S.P., (2002) 430F1611, Datasheet, , http://www.ti.com41 Daggett Dr (2003) San Jose, CA 95134: MPR/MIB Mote Hardware Users Manual - Document 7430-0021-05, , Crossbow Technology, Inc(2006) Tmote Sky datasheet, , http://www.moteiv.comLevis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Culler, D., TinyOS: An operating system for Wireless Sensor Networks (2004) Ambient Intelligence, , Weber, W, Rabaey, J, Aarts, E, eds, Springer, New YorkGay, D., Levis, P., von Behren, J.R., Welsh, M., Brewer, E.A., Culler, D.E., The nesC language: A holistic approach to networked embedded systems (2003) ACM Conf. on Programming Language Design and Implementation, pp. 1-11Scott, M., Szczechowiak, P., Optimizing multiprecision multiplication for Public Key Cryptography. Cryptology ePrint Archive (2007), Report 2007/299Hankerson, D., Menezes, A., Vanstone, S., (2004) Guide to Elliptic Curve Cryptography, , Springer. HeidelbergScott. M.: Optimal irreducible polynomials for GF(2m) arithmetic. Cryptology ePrint Archive, Report 2007/192 (2007)Scott, M., (2006) Implementing cryptographic pairingsBarreto, P.S.L.M., Galbraith, S., hEigeartaigh, C.O., Scott, M., Efficient pairing computation on supersingular abelian varieties (2006) Designs Codes And Cryptography, , Boston/Norwell USAScott, M.: Computing the Tate Pairing. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, 3376, pp. 293-304. Springer, Heidelberg (2005)Hess, F., Smart, N., Vercauteren, F., The Eta Pairing revisited (2006) IEEE Transactions on Information Theory, 52 (10), pp. 4595-4602Arazi, O., Qi, H., Load-balanced key establishment methodologies in Wireless Sensor Networks. International Journal of Security and Networks (IJSN) (2006) Special Issue on Security Issues on Sensor Networks 1(3/4), pp. 158-166Blaß, E.O., Zitterbart, M., Towards Acceptable Public-Key Encryption in Sensor Networks (2005) The 2nd Int'l Workshop on Ubiquitous Computing, ACM SIGMI

Tinytate: Computing The Tate Pairing In Resource-constrained Sensor Nodes

After a few years of intense research, Wireless Sensor Networks (WSNs) still demand new secure and cryptographic schemes. On the other hand, the advent of cryptography from pairings has enabled a wide range of novel cryptosy stems. In this work we present TinyTate, the first known implementation of pairings for sensor nodes based on the 8-bit/7.3828-MHz ATmega128L microcontroller (e.g., MICA2 and MICAz motes). We then conclude that cryptography from pairings is indeed viable in resource-constrained nodes. © 2007 IEEE.318323Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E., A survey on sensor networks (2002) IEEE Communications Magazine, 40 (8), pp. 102-114. , AugustBarreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M., Efficient algorithms for pairing-based cryptosystems (2002) the 22nd Annual Int'l Cryptology Conference on Advances in Cryptology CRYPTO '02, pp. 354-368D. W. Carman, P. S. Kruus, and B. J. Matt. Constraints and approaches for distributed sensor network security. Technical report, NAI Labs, The Security Research Division, Network Associates, Inc., 2000Çamtepe, S.A., Yener, B., Combinatorial design of key distribution mechanisms for wireless sensor networks (2004) Lecture Notes in Computer Science, pp. 293-308. , 9th European Symposium on Research Computer Security ESORICS'04, Sophia Antipolis, France, SeptemberChan, H., Perrig, A., Song, D., Random key predistribution schemes for sensor networks (2003) IEEE Symposium on Security and Privacy (S&P'03), pp. 197-213. , mayDorofeev, A., Dygin, D., Matyukhin, D., Nabble forums - number theory http://www.nabble.com/Discrete-logarithm-in-GF, p, 135-digits-t2870677. htmlDoyle, B., Bell, S., Smeaton, A.F., McCusker, K., O'Connor, N., Security considerations and key negotiation techniques for power constrained sensor networks (2006) The Computer Journal (Oxford University Press), 49 (4), pp. 443-453Du, W., Deng, J., Han, Y.S., Chen, S., Varshney, P., A key management scheme for wireless sensor networks using deployment knowledge (2004) Conference of the IEEE Communications Society (INFOCOM'04)Du, W., Deng, J., Han, Y.S., Varshney, P.K., Katz, J., Khalili, A., A pairwise key pre-distribution scheme for wireless sensor networks (2005) ACM Transactions on Information and System Security, 8 (2). , 228-58, Also in CCS'03Eschenauer, L., Gligor, V.D., A key management scheme for distributed sensor networks (2002) 9th ACM conf. on Computer and communications security (CCS'02), pp. 41-47Estrin, D., Govindan, R., Heidemann, J.S., Kumar, S., Next century challenges: Scalable coordination in sensor networks (1999) Mobile Computing and Networking (MobiCom'99), pp. 263-270. , Seattle, WA USAGalbraith, S., Pairings, Advances in Elliptic Curve Cryptography (2005) London Mathematical Society Lecture Notes, pp. 183-213. , I. Blake, G. Seroussi, and N. Smart, editors, chapter IX, Cambridge University PressGanesan, P., Venugopalan, R., Peddabachagari, P., Dean, A., Mueller, F., Sichitiu, M., Analyzing and modeling encryption overhead for sensor network nodes (2003) 2nd ACM international conference on Wireless sensor networks and applications, pp. 151-159. , ACM PressGura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C., Comparing elliptic curve cryptography and rsa on 8-bit cpus (2004) Workshop on Cryptographic Hardware and Embedded Systems (CHES'04), pp. 119-132Hess, F., Smart, N., Vercauteren, F., The eta pairing revisited (2006) IEEE Transactions on Information Theory, 52 (10), pp. 4595-4602. , OctoberHill, J.L., Culler, D.E., Mica: A wireless platform for deeply embedded networks (2002) IEEE Micro, 22 (6), pp. 12-24Huang, D., Mehta, M., Medhi, D., Harn, L., Locationaware key management scheme for wireless sensor networks (2004) 2nd ACM workshop on Security of ad hoc and sensor networks (SASN'04), pp. 29-12. , ACM PressHubaux, J.-P., Buttyán, L., Capkun, S., The quest for security in mobile ad hoc networks (2001) 2nd ACM international symposium on Mobile ad hoc networking & computing, pp. 146-155. , ACM PressHwang, J., Kim, Y., Revisiting random key predistribution schemes for wireless sensor networks (2004) 2nd ACM workshop on Security of ad hoc and sensor networks, pp. 43-52. , ACM PressA. Joux. A one round protocol for tripartite diffie-hellman. J. Cryptology, 17(4):263-276, 2004. Proceedings of ANTS-IV, 2000Kannan, R., Ray, L., Durresi, A., Security-performance tradeoffs of inheritance based key predistribution for wireless sensor networks (2004) 1st European Workshop on Security in Wireless and Ad-Hoc Sensor Networks (ESAS ' 04), , Heidelberg, Germany, AugustKarlof, C., Sastry, N., Wagner, D., Tinysec: A link layer security architecture for wireless sensor networks (2004) 2nd ACM SensSys, pp. 162-175. , NovC. Karlof and D. Wagner. Secure routing in wireless sensor networks: Attacks and countermeasures. Elsevier's AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols, 1(2-3):293-315, 2003. Also apeared in 1st IEEE International Workshop on Sensor Network Protocols and ApplicationsKleinjung, T., Discrete logarithms in gf (p) ¿, 160. , http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0702&L=nmbrthry&T =0&P=194, digitsKoblitz, N., Elliptic curve cryptosystems (1987) Mathematics of computation, 48, pp. 203-209Lercier, R., Home page: Computations - discrete log-arithms, , http://medicis.polytechnique.fr/~lercier/?lng=enLevis, P., Madden, S., Polastre, J., Szewczyk, R., Whitehouse, K., Woo, A., Gay, D., Culler, D., TinyOS: An operating system for wireless sensor networks (2004) Ambient Intelligence, , W. Weber, J. Rabaey, and E. Aarts, editors, Springer-Verlag, New York, NYLiu, A., Kampanakis, P., Ning, P., (2006)Liu, D., Ning, P., Location-based pairwise key establishments for static sensor networks (2003) 1st ACM workshop on Security of ad hoc and sensor networks (SASN'03), pp. 72-82. , ACM PressLiu, D., Ning, P., Li, R., Establishing pairwise keys in distributed sensor networks (2005) ACM Transactions on Information and System Security (TISSEC), 8 (1). , 41-77, Also in CCS'03Liu, D., Ning, P., Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks (2003) 10th Annual Network and Distributed Systems Security Symposium (NDSS'03), pp. 263-276Malan, D.J., Welsh, M., Smith, M.D., A public-key infrastructure for key distribution in tinyos based on elliptic curve cryptography (2004) 1st IEEE International Conference on Sensor and Ad Hoc Communications and Networks (SECON'04), , Santa Clara, California, OctoberK. McCusker, N. O'Connor, and D. Diamond. Low-energy finite field arithmetic primitives for implementing security in wireless sensor networks. In 2006 International Conference on Communications, Circuits And Systems, III -Computer, Optical and BroadbandCommunicationsComputational Intelligence, pages 1537-1541, June 2006Menezes, A., Okamoto, T., Vanstone, S., Reducing elliptic curve logarithms to logarithms in a finite field (1993) IEEE Transactions on Information Theory, 39 (5), pp. 1639-1646V. Miller. Short program for functions on curves, 1986. unpublished manuscriptMiller, V., Uses of elliptic curves in cryptography, advances in cryptology (1986) Lecture Notes in Computer Science, 218, pp. 417-426. , Crypto '85, Springer-VerlagOliveira, L.B., Dahab, R., Pairing-based cryptography for sensor networks (2006) 5th IEEE International Symposium on Network Computing and Applications, , Cambridge,MA,USA, July, fast abstractOliveira, L.B., Dahab, R., Lopez, J., Daguano, F., Loureiro, A.A.F., Identity-base encryption for sensor networks (2007) 3rd IEEE PerCom Workshop on Pervasive Wireless Networking (PerSeNS'07). In proceedings of IEEE PerCom 2007, , White Plains, NY, MarchOliveira, L.B., Wong, H.C., Bern, M., Dahab, R., Loureiro, A.A.F., SecLEACH - a random key distribution solution for securing clustered sensor networks (2006) 5th IEEE International Symposium on Network Computing and Applications, pp. 145-154. , Cambridge.MA, JulyL. B. Oliveira, H. C. Wong, R. Dahab, and A. A. F. Loureiro. On the design of secure protocols for hierarchical sensor networks. International Journal of Networks and Security, 2(3/4):216-227, 2007. Special Issue on Cryptography in NetworksPerrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D., SPINS: Security protocols for sensor networks (2002) Wireless Networks, 8 (5), pp. 521-534. , Also inMobiCom'01, SeptPietro, R.D., Mancini, L.V., Mei, A., Random key-assignment for secure wireless sensor networks (2003) 1st ACM workshop on Security of ad hoc and sensor networks (SASN'03), pp. 62-71Sakai, R., Ohgishi, K., Kasahara, M., Cryptosystems based on pairing (2000) Symposium on Cryptography and Information Security (SCIS2000), pp. 26-28. , JanSchirokauer, O., The number field sieve for integers of low weight. Cryptology ePrint Archive (2006), http://eprint.iacr.org, Report 2006/107Scott, M., Computing the tate pairing (2005) Lecture Notes in Computer Science, 3376, pp. 293-304. , Topics in Cryptology, CT-RSA, of, SpringerWatro, R.J., Kong, D., fen Cuti, S., Gardiner, C., Lynn, C., Kruus, P., Tinypk: Securing sensor networks with public key technology (2004) 2nd ACM Workshop on Security of ad hoc and Sensor Networks (SASN'04), pp. 59-64Wood, A.D., Stankovic, J.A., Denial of service in sensor networks (2002) IEEE Computer, 35 (10), pp. 54-62. , OctZhang, Y., Liu, W., Lou, W., Fang, Y., Securing sensor networks with location-based keys (2005) IEEE Wireless Communications and Networking Conference (WCNC'05)Zhou, L., Haas, Z.J., Securing ad hoc networks (1999) IEEE Network, 13 (6), pp. 24-30Zhu, S., Setia, S., Jajodia, S., LEAP: Efficient security mechanisms for large-scale distributed sensor networks (2003) 10th ACM conference on Computer and communication security (CCS'03), pp. 62-72. , ACM PressZhu, S., Xu, S., Setia, S., Jajodia, S., Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach (2003) 11th IEEE Inter'l Conference on Network Protocols (ICNP'03), pp. 326-335. , Atlanta, No