Fast response PKC-based broadcast authentication in wireless sensor networks

Abstract

Due to simpler protocol operations, e.g. no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches, public key-based (PKC) approaches have gained popularity in wireless sensor network (WSN) broadcast authentication. With PKC's security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes' energy, performing PKC operations in the computing-power-limited sensor node can result in undesirably long message propagation time. At the other extreme, the sensor node can forward the messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first. In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results confirm that our protocols' broadcast delay is only 50% slower than the forwarding-first scheme and ten times faster than the authentication-first scheme for a 3,000-node WSN. The key pool scheme also contains forged message propagation to the minimum even when the majority of nodes have been captured by the attacker.