An Authentication Framework for Wireless Sensor Networks using Identity-Based
Email: {R.Yasmin, E.Ritter, G.Wang}@cs.bham.ac.uk
Abstract—In Wireless Sensor Networks (WSNs), authentica-
only from the legitimate entities and to distinguish between
tion is a crucial security requirement to avoid attacks against
valid and fake or modified communication.
secure communication, and to mitigate DoS attacks exploiting
In this paper, we address the problem of authentication
the limited resources of sensor nodes. Resource constraints
in WSNs, particularly authenticated broadcast/multicast by
of sensor nodes are hurdles in applying strong public keycryptographic based mechanisms in WSNs. To address the
sensor nodes and outside user authentication. The problem
problem of authentication in WSNs, we propose an efficient
of authenticated broadcast/multicast by sensor nodes is not
and secure framework for authenticated broadcast/multicast
addressed by the existing authentication schemes for WSNs.
by sensor nodes as well as for outside user authentication,
Symmetric schemes like µTESLA [21] and its variations
which utilizes identity based cryptography and online/offline
[11], [17], [18] proposed for base station broadcast authen-
signature schemes. The primary goals of this framework areto enable all sensor nodes in the network, firstly, to broadcast
tication use Message Authentication Code (MAC) and are
and/or multicast an authenticated message quickly; secondly, to
efficient in terms of processing and energy consumption.
verify the broadcast/multicast message sender and the message
However, they suffer from the following issues:
contents; and finally, to verify the legitimacy of an outside
user. The proposed framework is also evaluated using the mostefficient and secure identity-based signature schemes.
• Very slow for large scale sensor networks.
• DoS attack against storage due to late authentication.
• Not scalable in terms of number of senders.
• Multiple senders cannot broadcast simultaneously.
Low cost and immunity from cabling have become strong
• If a sensor node wants to broadcast a message, it
motivations for many applications of Wireless Sensor Net-
unicasts the message to the base station, which then
works (WSNs) like environmental monitoring, disaster han-
broadcasts that message on behalf of that node.
dling, traffic control and various military applications [1],
An extension of µTESLA [7], [15] attempts to enable sensor
[8]. In these applications, sensor devices sense or monitor
nodes to broadcast messages to nearby sensor nodes only,
physical and environmental changes like temperature, pres-
however, it inherits the weaknesses of µTESLA. Asymmet-
sure, etc. and communicate this data to other nodes over a
ric schemes, for example digital signatures, overcome the
wireless network. Authentication of this data as well as of
problems of symmetric schemes but require public keys and
the data source is critical, as the data may ultimately be used
certificates on the receiver side to verify signed messages.
to assist in some significant situations. In some applications,
Moreover, it is more time and power consuming for sensor
there are also outside users of the sensor network who are
nodes to sign a message than to compute a MAC. Digital
interested in the data collected by the sensor nodes. User
signature based authentication schemes discussed in [6],
authentication is equally important as data collected by the
[23], [24] allow broadcast by powerful senders only and
sensor nodes may be confidential, or in some situations only
therefore, are not suitable for resource constrained motes.
the subscribed users are allowed to access it.
In outside user authentication, the number of outside users
However, the radio links are insecure, facilitating an ad-
of sensor nodes data is also restricted due to the fact that
versary in intercepting, injecting or modifying communica-
sensor nodes need some user specific information to verify a
tion. Resource limitations of sensor nodes make it difficult to
user request. For example, RRUASN [4] requires the public
apply strong traditional cryptographic mechanisms to secure
key and certificate of a user on the receiver side, which
the communication. Moreover, WSNs are often deployed in
are sent with every user request (increasing transmission
a hostile environment where they are physically accessible
overhead). DP2AC [32] uses a token to authenticate a user
by an adversary who can discover cryptographic material
and stores every used token to control re-usability.
e.g., keys, stored on the sensor nodes. In this scenario, it is
To handle the above mentioned issues, we propose an
challenging to enable sensor nodes to accept communication
authentication framework for WSNs, using Identity-based
Cryptography and Online/Offline Signature (OOS) schemes,
they replace the existing ones to achieve better results.
comprised of two authentication schemes; one for quick
Security and performance of the proposed framework are
authenticated broadcast/multicast by sensor nodes and an-
also evaluated and compared with some existing signature
other for outside user authentication. The first scheme
based authentication schemes for WSNs. This paper makes
allows every sensor node in the network to broadcast or
multicast authenticated messages very quickly without the
• Points out the need of quick authenticated broadcast
involvement of the base station. All potential receivers can
and/or multicast by all sensor nodes in the network and
verify a message sent by any sender node in the network.
proposes a secure and efficient solution to this problem
It also allows sensor nodes on the path from the sender
without the involvement of the base station. To the best
node to the receivers to verify a valid message and drop
of our knowledge, this is the first attempt to highlight
false injected data. The second scheme enables all sensor
nodes in the network to verify the legitimacy of any outside
• Proposes the use of online/offline signature schemes for
user without storing user specific information. It allows a
sensor broadcast. To the best of our knowledge, this
maximum possible number of legitimate users to access
is the first application of online/offline signatures in
data from sensor nodes in a secure way. This scheme first
authenticates a user and then establishes a session key for
• Provides a secure and efficient identity-based authenti-
secure exchange of user queries and sensor nodes data.
cation framework which can also utilize new IBS and
IBOOS schemes to achieve improved performance.
line/Offline Signature (IBOOS) scheme (an ID-based version
Organization: Section 2 discusses motivations, section 3
of OOS) for the first scheme and Identity-based Signature
introduces the cryptographic primitives, section 4 presents
(IBS) scheme for the second scheme. IBS schemes [26]
our proposed framework, section 5 evaluates its security &
allow a user to use his identity information such as name,
performance and section 6 concludes the paper.
email address etc., which is unique to him, as his public keywhile the corresponding private key is generated by a private
key generator (PKG). It eliminates the need of a certificate
Authentication in WSNs can be divided into three cate-
signed by a certification authority to extract the public key
gories, namely base station to sensor nodes, sensor nodes
for the verification of a signed message. A message signed
to other sensor nodes, and outside users to sensor nodes.
with a user’s private key can be verified using his ID.
The problem of authenticated broadcast by the base sta-
Online/Offline Signature (OOS) schemes [12] divide the
tion has been widely addressed [6], [11], [17], [18], [21].
process of message signing into two phases, the Offline
We focus on the other two categories, i.e., authenticated
phase and the Online phase. The Offline phase is performed
broadcast/multicast by the sensor nodes and outside user
before the message to be signed becomes available. This
phase performs the most computations of signature gener-
A. Authenticated Broadcast/Multicast by Sensor Nodes
ation and results in a partial signature. Once the messageis known, the Online phase starts. This phase retrieves the
There are many critical situations where a sensor node
partial signature calculated during the Offline phase and
requires to send a quick message. For example:
performs some minor quick computations to obtain the final
• In a forest fire alarm application [27], sensor nodes
signature. The Online phase is assumed to be very fast,
deployed in a forest should immediately inform author-
consisting of small computations while the Offline phase can
ities about the event and the exact location of the event
be performed by other resourceful device. OOS enables a
before the fire spreads uncontrollably.
resource constrained sensor node to sign a message quickly,
• In a traffic application [5], whenever a sensor node
once it has some critical event to report. IBOOS is the
senses an accident (or a traffic jam) on the road it sends
ID-based version of OOS, where a message signed with a
an immediate message in all directions to alert other
signer’s private key is verified using signer’s ID.
The primary objective of this framework is to design
• Consider the military application scenario discussed in
an authentication mechanism which solves the above men-
[27], where a troop of soldiers needs to move through
tioned authentication problems efficiently in terms of power
a battlefield. Sensor nodes deployed there detect the
consumption, processing time and storage overhead. The
presence of the enemy and broadcast this information
primary advantage of this research work is that it does not
immediately throughout the network. Soldiers, passing
restrict the solution to the existing IBS and IBOOS schemes,
near these sensor nodes, use this information to strate-
rather it provides a general authentication framework which
gically position themselves in the battlefield.
can be reused with new IBS and IBOOS schemes. Once new
All these scenarios require a message to be sent as quickly
IBS and IBOOS schemes are available, which are more se-
as possible. Due to wireless media, transmission and recep-
cure and efficient than the existing IBS and IBOOS schemes,
tion of a message consume considerable time. Moreover,
in most cases a message propagates through several hops
this approach has a few drawbacks. Firstly, it makes the
to reach the desired destinations. Therefore, the signature
base station a single point of failure. Secondly, it causes
generation and the verification times should be as small as
sensor nodes near the base station to deplete their energy
possible. A delayed message may have undesirable effects.
quickly as for every user request, they relay packets be-
For example, it may help a fire spreading uncontrollably and
tween base station and queried sensor nodes. Furthermore,
a traffic jam becoming worse. A delayed message about the
it causes a severe DoS attack where an adversary sends fake
presence of an enemy in the battlefield may cause the deaths
request messages causing sensor nodes to relay them towards
of soldiers while moving through the battlefield. In all the
the base station for verification, increasing network traffic
above situations, message authentication is equally important
and depleting their energy. User authentication schemes
otherwise a malicious entity may exploit its absence. For
discussed in [10], [16], [29], [30] all suffer from these
example, an adversary may send fake messages to block
problems. To avoid this kind of DoS attack, a user should
traffic towards a specific region or to turn traffic towards a
be locally authenticated by the sensor nodes without the
specific direction. In battlefield, sensor nodes added by the
involvement of a third entity, i.e., a distributed approach.
enemy can disseminate wrong information about enemy’s
This approach reduces traffic congestion and transmission
overhead within the network. However, it puts the burden
Moreover, in all the above mentioned scenarios, sensor
of authentication on sensor nodes. As sensor nodes are
nodes on the path from the sender node to the receiver(s)
resource constrained devices as compared to the base station,
relay the messages towards destination. Wireless communi-
a lightweight user authentication mechanism is needed for
cation allowing an adversary to inject false messages during
sensor nodes to verify authenticity of the users.
multi hop forwarding [19] causes sensor nodes to relayfalse data and deplete their energy. Hence, sensor nodes
on the path should be able to authenticate and filter out
false messages as early as possible to save relaying energy
Definition 1. An ID-based signature (IBS) scheme consists
[33], [34]. Therefore, they are also potential receivers of
these messages, arising the need of authenticated multicast
1) System Setup (SS): Given a security parameter 1k,
by sensor nodes. In battlefield application, all sensor nodes
in the network are potential receivers of critical information,
arising the need of authenticated broadcast by sensor nodes.
2) Key Extraction (KE): Given a user’s identity ID
To summarize, all these scenarios require a secure mech-
anism which, on one hand, enables all sensor nodes in the
network to send an immediate authenticated message to
3) Signature Generation (Sign): Given a message m and
report a critical situation, and on the other hand, enables
every receiver to verify this message. For simplicity, both
broadcast and multicast are referred as broadcast in the rest
4) Signature Verification (Ver): Given a message m,
user’s identity IDi, a signature σ and system parame-
ters SP, returns 1 if the signature is valid or 0 if not.
Sensor nodes data may be confidential and in some
Namely, 0/1 ← Ver(m, IDi, σ , SP).
situations only the subscribed users, who have paid, are
B. ID-based Online/Offline Signature (IBOOS)
allowed to obtain this data. A user authentication mechanismaims to prevent unauthorized users to access data from
Definition 2. An ID-based online/offline signature (IBOOS)
sensor nodes. Usually, a mechanism to provide an outside
scheme consists of five algorithms as follows:
user access to sensor nodes data requires three tasks:
1) System Setup (SS): Same as in Definition 1.
1) User Authentication allows only legitimate users of
2) Key Extraction (KE): Same as in Definition 1.
3) Offline Signing (OffSign): Given a signing key DIDi
2) Access Control allows a user to access only the data
and system parameters SP, outputs an offline signature
S, i.e., S ← O f f Sign(DID , SP).
3) Session Key Establishment enables secure exchange of
4) Online Signing (OnSign): Given a message m and an
user queries and confidential data between users and
offline signature S, outputs an online signature σ , i.e.,
In centralized user authentication, all users are authenti-
5) Signature Verification (Ver): Given a message m,
cated through the base station. This mechanism is easy to
user’s identity IDi, signature σ and system parameters
deploy because the base station is a powerful device which
SP, returns 1 if the signature is valid and 0 if not.
can perform complex cryptographic operations. However,
Namely, 0/1 ← Ver(m, IDi, σ , SP).
IV. THE PROPOSED AUTHENTICATION FRAMEWORK
Authentication: On receiving a broadcast message, re-
ceiver first checks the time stamp T S to avoid the verification
In this section, we present the proposed authentica-
of a replayed message. If it is a fresh one, the receiver further
tion framework which is composed of two authentication
proceeds with signature verification; otherwise it discards
schemes. The first two phases of both schemes i.e., the
the message. The receiver verifies the signature σ using
System Initialization and the Key Generation are performed
once, before the deployment of the WSN.
If the verification succeeds, the receiver accepts the mes-
A. Authenticated Broadcast by Sensor Nodes
sage; otherwise it discards it. If necessary, it rebroadcasts
For authenticated broadcast, a message is signed using
the message to sensor nodes belonging to the next hop.
IBOOS. Some IBOOS schemes [25] allow reuse of a partial
Sender Revocation: To revoke a compromised sensor
signature computed in the offline phase to sign more than
node i, the base station broadcasts its identity IDi to all
one message, which decreases energy consumption. More-
other sensor nodes in the network, who store IDi. If in the
over, OOS allows the offline phase to be performed on some
future a sensor node receives a message containing IDi, it
other resourceful device. Hence, it is possible for the base
simply rejects the message without going through authen-
station to perform the complex computations of the offline
tication process. An adversary is assumed to compromise
phase and distribute the partial signature to the sensor nodes.
only a few sensor nodes in the network. If the adversary
The sensor nodes then only perform small, energy efficient
compromises majority of the sensor nodes, it will break
down all the security mechanisms. Therefore, storing the IDs
System Initialization: In our scheme, the base station
of few compromised nodes would incur a reasonable storage
plays the role of PKG, a trustworthy entity, and initializes
overhead for sensor nodes. Moreover, the base station can
the system in this phase. Let SKBS be the secret key of the
periodically update system parameters and secret keys of all
base station. The base station computes the corresponding
legitimate sensor nodes excluding malicious nodes. How-
public key PKBS and sets up the public system parameters
ever, this update might be costly. Another possible solution
SP which include PKBS. The master secret key SKBS is only
is to manually detach these compromised sensor nodes from
kept by the base station while SP is made public.
Key Generation: In this phase, the base station computes
the secret keys of all sensor nodes corresponding to their
IDs using the master secret key SKBS. For a sensor node
In order to access data from sensor nodes, a user first
i with identity IDi, the corresponding secret key is DID
registers himself to the base station and obtains his private
key and other system parameters. After that, whenever he
private keys and system parameters are stored on sensor
wants to access data, he sends a signed request to the
nodes before deployment. Hence, every sensor node i stores
sensor nodes in his range who verify his signed request
locally using his ID. If the verification succeeds, the sensor
Message Broadcast and Authentication: In this phase,
nodes and the user both compute a session key for further
the sensor nodes broadcast authenticated messages which
communication. This session key establishment enables the
are verified using their IDs. The signature generation of a
user to send encrypted queries to the sensor nodes and get
broadcast message is divided into two phases:
Offline phase: The offline phase is performed by the base
System Initialization and Key Generation phases are the
station, before the message to broadcast becomes available.
same as described in the first scheme.
The offline signature algorithm runs in this phase on the base
User Registration: This phase is performed whenever a
station, and performs the most signature computations to
new user is added to the system. In this phase, a user U
calculate the partial signature S as S ← O f f Sign(DID , SP).
U registers with the system. The base station
The resulting partial signature S is stored on sensor node i.
Online phase: Whenever a sensor node i senses an event
The user gets his private key and other system parameters
which requires quick reporting, the online phase starts. In
from the base station through a secure channel. Hence, every
this phase, the sensor node i retrieves the partial signature
S calculated during the offline phase. The online signature
User Authentication: In order to query sensor nodes,
algorithm runs in this phase on sensor node i, and performs
a user U sends his signed request to the sensor nodes in
very minor and fast computations to obtain the final signa-
his range. Let N be the number of sensor nodes in his
ture σ over message m as σ ← OnSign(m, T S, IDi, S), where
range. U ’s request contains his request message RM, current
T S is the current time stamp. The final broadcast message
time stamp T S, identity IDU , and the signature σ calculated
then contains the message m, time stamp T S, identity of the
on these parameters using his secret key i.e., U → N:
sensor node IDi and the signature σ i.e., {m, T S, IDi, σ }.
{RM, T S, IDU , σ }, where σ = Sign((RM, T S, IDU ), DID ).
On receiving a user request, each sensor node first checks
time will not impose an unreasonable storage overhead on
the time stamp T S to filter out a replayed request message.
sensor nodes. To efficiently handle storage, user’s access
If it is a fresh one, sensor node verifies the signature
period can be kept short so that sensor nodes do not store
using U ’s ID and other system parameters stored on it as
malicious users’ IDs for a long time. After that time period
0/1 ← Ver(RM, T S, IDU , σ , SP). If the verification succeeds,
only the private keys of the legitimate users are updated for
it proceeds with session key establishment else it stops
next time period. The duration of this period depends on
further computation and communication.
how frequently the event of the malicious users occur.
Session Key Establishment: To provide secure trans-
Although some figures would help to improve the read-
mission of data from sensor nodes to user, a session key
ability of framework, space limitation does not allow it.
needs to be established. For this purpose, any secure key
C. Instantiation of the Proposed Framework
exchange protocol could be used here. However, an identitybased one-pass key establishment protocol is an attractive
There are many IBS and IBOOS schemes available, for
choice for resource constrained sensor nodes. It reduces the
example, based on ECC and RSA signatures. Verifying RSA
number of messages exchanged during key establishment
signature is efficient for sensor nodes [14] since we can
phase i.e., only one party computes and sends its ephemeral
set small verification exponents. This fact can be utilized in
key to the other party, for example, identity based one-pass
user authentication scheme, where sensor nodes only verify
key establishment protocol presented in [13]. That single
a signed user request. However, RSA based signatures are
message can be combined with user request message (in
large, resulting in a considerably increased message size.
user authentication phase) which is signed by the user. It
ECC based signatures are equally useful for signing and
further reduces the communication. It also avoids the man-
verification of messages and have short signature sizes.
in-the-middle attack. The only message exchanged between
Therefore, for WSN, ECC based signatures are considered
the user U and the sensor node A for key establishment will
more efficient than RSA signatures. To instantiate the pro-
be signed by U and verified by A, which makes it difficult
posed authentication framework, we have selected the most
for an intruder to send fake ephemeral key to the sensor
secure and efficient ECC based signature schemes from the
available IBS and IBOOS schemes. Keeping in mind the
To establish a session key, U randomly computes its
security and efficiency requirements, an IBS scheme given
ephemeral key R. U then sends R, together with his signa-
in [6] is selected for user authentication scheme while two
ture, to A in authentication phase. If U ’s signature is valid
different IBOOS schemes given in [25] and [31] are selected
and user authentication succeeds, both A and U compute
to evaluate sensor broadcast scheme.
session key SK using the key derivation function χ as
ID-based Signature (IBS) Schemes: ID-based signature
schemes are suitable for the proposed user authentication
A||IDU ||T S||TAU ), where T S is the time stamp
scheme. IBS scheme in [6] presents an ID-based signature
computed by both parties using R and their secret keys as
which is actually an improvement over BNN-IBS [2] to
described in [13]. At this point, the session key SK is ready
reduce the signature size. Security of this signature scheme
depends on Elliptic Curve Discrete Logarithm Problem.
User Revocation: User revocation can be divided into
ID-based Online/Offline Signature (IBOOS) Schemes:
two cases; firstly, to revoke a user whose access time period
ID-based online/offline signature schemes are suitable for
has been expired, and secondly, to revoke a malicious user.
the proposed sensor broadcast authentication scheme. An
These two cases can be treated differently. To handle the first
IBOOS scheme in [25] presents a method to convert any
case, at the time when base station calculates the secret key
underlying signature scheme into an online/offline signa-
for a user U , the expiry time ET of the user can be used as
ture scheme. The Offline signature in this scheme can
a parameter to calculate the secret key. After his access time
be securely reused to sign more than one message. This
period expires, his secret key will automatically expire. If
signature scheme is proved to be existentially unforgeable.
he now sends a signed request, it will not pass verification.
Its security depends on Discrete Logarithm Problem. Un-
In the second case, the base station issues an authenticated
like [25], an IBOOS scheme presented in [31] provides
revocation list containing malicious user’s ID. Sensor nodes
a direct online/offline signature scheme, which does not
store it until the malicious user’s expiry time is passed.
require another underlying signature scheme. This signature
Thus, if next time that user attempts to access data from
scheme is existentially unforgeable under adaptive chosen
sensor nodes, the sensor nodes reject his request without
going through authentication process. After his access time
expiration, his secret key will expire and he will not beable to successfully authenticate himself to the system. In
WSN, the case of the malicious users is not very common.
This section analyses the security achieved by the pro-
Therefore, storing IDs of malicious users until their expiry
Authentication: Authentication is achieved as only the
outside users for verification, it provides storage efficiency.
legitimate broadcast senders and the outside users with valid
Computation Efficiency: In sensor broadcast, by per-
forming the offline phase on base station, the sensor nodes
Verification: Every sensor node can verify a broadcast
are only left with the online phase computation which is
message by any sender and authenticity of any outside user.
very efficient in terms of time and energy consumption.
Integrity: Provides message integrity as any changes
Communication Efficiency: ID-based schemes do not
made in the contents of the messages during transmission
require a broadcast sender or an outside user to send public
are detected through signature verification.
keys/certificates with all messages, thus reducing communi-
Freshness: Replayed data can be distinguished through
timestamp, providing freshness of data.
Multiple Senders: ID-based signatures handle public
Session Key: After successful user authentication, session
keys/certificates issue. Therefore, the proposed framework
key establishes a secure communication between the user
allows multiple broadcast senders and outside users.
Scalability: New sensor nodes and outside users can be
Now we consider some usual security threats and show
added to the WSN easily at any time. Preloaded with ID,
how our proposed framework counters them:
secret key and public parameters, new sensor nodes can
1) Active attack: The proposed framework employs se-
broadcast messages as well as verify messages by any other
cure digital signature schemes providing strong au-
broadcast sender. New users simply need to register them-
thentication and message integrity, and making it
selves to the base station and get their secret information
impossible for an intruder to sign or modify a valid
message sent by another legitimate sender. Time stamp
prevents replay of a broadcast message or a previoussuccessful authentication message by a valid user.
This section gives a rough-and-ready estimation of apply-
2) DoS attack: The proposed sensor broadcast scheme
ing our proposed authentication schemes on sensor nodes
provides authentication without any delay. Hence, it
and comparison with other existing digital signature based
prevents DoS attack faced in µTESLA. In user authen-
authentication schemes for WSN. We assume the capabilities
tication scheme, a user is locally authenticated by the
of standard MICA2 mote [9], a popular choice among
sensor nodes, and not by the base station, which avoids
research community. Figures in Table 1 and Table 2 are
the DoS attack caused by fake intruder’s requests.
computed considering only the expensive operations of
3) Node Compromise Attack: In symmetric key schemes,
pairing, point multiplication, exponentiation and ECDSA
where a single key or a subset of keys are used by
& RSA signature costs, based on the actual experimental
more than one sensor node to calculate a MAC for
results of these operations for MICA2 given in [14], [22] and
a message, a compromise of a single node enables
[28]. A point multiplication operation on MICA2 takes 0.81s
an intruder to impersonate all sensor nodes sharing
[14]. For MICA2, active power consumption is 30mW [22].
that MAC key(s). In our scheme, an intruder can only
Therefore, computation of one point multiplication operation
impersonate the compromised node. Furthermore, with
consumes 0.81*30 = 24.3mWs. According to [28], comput-
revocation process he will not be able to successfully
ing a pairing operation on MICA2 takes 2.66s and consumes
broadcast further messages in the network.
62.73mWs. Signing and verifying an ECDSA takes 0.89s
4) False Data Injection Attack: The proposed sensor
and 1.77s and consumes 26.96mWs and 53.42mWs, respec-
broadcast scheme enables all sensor nodes on the
tively [22]. One RSA signature verification with 1024 bit
message path, during multi-hop forwarding, to verify
key size takes 0.47s and consumes 14.05mWs [22].
and filter out false injected data earlier.
For broadcast authentication schemes, we only consider
computation cost and message size. Transmission cost is pro-
portional to the message size. Assuming number of sensor
This section evaluates the performance of the proposed
nodes N = 65,000, message m = 20 bytes, timestamp T S =
2 bytes and ID = 2 bytes, Table 1 gives a comparison with
Broadcast by Sensor Nodes: Unlike µTESLA, in our
existing signature based schemes. Existing authentication
proposed sensor broadcast scheme, a sensor node can broad-
schemes assume broadcast senders as powerful devices,
cast a message itself without the involvement of base station.
however for comparison purposes, we estimate the cost
Quick Broadcast: An online/offline signature scheme
of applying these schemes to ordinary sensor nodes. CAS
performs the most time consuming offline phase of message
in [24] propose ECDSA to sign a message.
generation beforehand. It enables sensor nodes to sign and
CAS requires signer’s public key and certificate to be sent
broadcast a message quickly once the message is known.
with every message, increasing message size. The receiver
Storage Efficiency: As sensor nodes do not store IDs
verifies two ECDSA signatures for every message; one to
and corresponding public keys of all broadcast senders and
verify certificate and other to verify message. DAS requires
COMPARISON OF PROPOSED BROADCAST AUTHENTICATION SCHEME WITH EXISTING BROADCAST AUTHENTICATION SCHEMES.
Existing Broadcast Authentication Schemes
τ * and ρ * show the computational cost and the signature size of underlying signature scheme respectively and ε * shows negligible cost
all sensor nodes to store public keys of all senders. For N
COMPARISON OF PROPOSED USER AUTHENTICATION SCHEME WITH
= 65,000, public key size = 22 bytes, every sensor node
EXISTING USER AUTHENTICATION SCHEMES.
is required to store 1441KB which is beyond the storage
capabilities of sensor nodes. Signature generation in IDS
[23] comprises one pairing and one point multiplication
Existing Distributed User Authentication Schemes
while in IMBAS [6] three point multiplications as expensive
Proposed Distributed User Authentication Scheme
The proposed broadcast authentication scheme using first
IBOOS [25] allows the secure reuse of offline signature,computed on base station. The only cost a sensor node bearsin message signing is the cost of the online phase which
and verification of token reusability. An issue with this
is two scalar exponentiations in group G. Computing one
scheme is the communication overhead per user request and
scalar exponentiation (of the form Bt ) in G requires roughly
storage overhead. Every used token is stored on more than
t squaring and t/2 multiplications in G (Chap 14, Algorithm
one sensor nodes in the network. Assuming a token size =
14.79, [20]), where t is the bit length of exponent. For
10 bytes and number of used token T =10,000, the overall
simplicity, we assume computing one squaring is equivalent
storage overhead will be 100,000 bytes which is considerable
to one multiplication (squaring can be almost twice as fast as
for resource constrained sensor nodes. Verification cost
multiplying distinct elements [20]). For t = 160, one expo-
involves energy and time costs to verify RSA signature plus
nentiation requires 240 multiplications. One multiplication
transmission energy (T E) and transmission time (T T ) costs
on MICA2 takes 0.39ms [14] and consumes 0.0117mW [22].
of sending a token to a set of sensor nodes for reusability
Therefore, one exponentiation takes 0.09s and consumes
checking. The proposed outside user authentication scheme
2.81mW. These results further can be improved by applying
based on IBS [6] involves one signature verification consist-
fixed-base exponentiation and fixed-exponent exponentiation
ing of three point multiplications by the sensor nodes during
algorithms, and finding the exact cost of squaring on MICA2
the authentication phase. Table 2 shows that the proposed
motes. For 160 bits ECC, the message size is 64 bytes plus
user authentication scheme consumes less energy and time
ρ (ρ is size of underlying signature). Using second IBOOS
as compared to RRUASN and eliminates the storage and
[31] requires two point multiplications in offline phase, while
communication overhead of DP2AC. It also provides session
only integer addition and multiplication operations (which
are very efficient for sensor nodes in terms of time andenergy consumption) in the online phase. Therefore, the time
D. Impact of Applying PKC on Sensor Nodes
and energy cost of the online phase is almost negligible. For
Application of PKC operations on sensor nodes does not
160-bit ECC, the signature size is 60 bytes. Table 1 shows
affect node’s life time drastically, if the number of public key
that the proposed sensor broadcast scheme using IBOOS
operations is smaller or spread over time [22]. Broadcast of
schemes consume less energy and time in broadcasting a
a message by a sensor node is not a very frequent event in
message as compared to applying existing authentication
considered applications. For example, in case of a fire alarm
application, a message is sent by the sensor node only when
In user authentication schemes, two existing schemes
a fire is set up anywhere. Signing a message occasionally,
provide distributed user authentication, RRUASN [3] and
only in critical situations, is not very expensive for sensor
DP2AC [32]. In RRUASN, authentication by sensor nodes
nodes. With 2AA batteries in ordinary MICA sensor motes,
involves verification of two ECDSA signatures as expensive
the available energy is 6750,000mWs [22]. If only 2% of this
operations. DP2AC involves one RSA signature verification
energy i.e., 135,000mWs, is available for signing broadcast
messages, a sensor mote can sign 24,021 messages applying
[8] C. Chong and S. Kumar, “Sensor networks: evolution, opportuni-
first IBOOS scheme and 2,778 messages applying second
ties, and challenges,” Proceedings of the IEEE, vol. 91, no. 8, pp. 1247–1256, Aug. 2003.
IBOOS scheme during the life time of the batteries. This
[9] Crossbow, “MICA2.” [Online]. Available: www.xbow.com
number of broadcast messages is big enough for the above
[10] M. Das, “Two-factor user authentication in wireless sensor net-
works,” Wireless Communications, IEEE Transactions on, vol. 8,
mentioned applications. With the same available energy,
a sensor node can sign 1,550 messages in IDS scheme
[11] J. Drissi and Q. Gu, “Localized broadcast authentication in large
and 1,852 messages in IMBAS scheme which shows that
sensor networks,” in Proc. ICNS ’06.
[12] S. Even, O. Goldreich, and S. Micali, “On-Line/Off-Line digital
our proposed sensor broadcast authentication scheme gives
signatures,” in Proc. Advances in Cryptology CRYPTO ’89, ser.
better results than applying existing broadcast authentication
Springer Berlin, 1990, pp. 263–275.
[13] M. C. Gorantla, C. Boyd, and J. M. Gonz´alez Nieto, “ID-based one-
pass authenticated key establishment,” in Proc. sixth Australasianconference on Information Security, AISC ’08, pp. 39–46.
[14] N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz, “Com-
paring Elliptic Curve Cryptography and RSA on 8-bit CPUs,” in
The main contribution of this research work is an au-
thentication framework which provides two features; quick
[15] J. W. Kim, Y. H. Kim, H. Lee, and D. H. Lee, “A practical inter-
sensor broadcast authentication scheme,” in HCI (5), ser. LNCS,
authenticated broadcast by sensor nodes and user authentica-
Springer Berlin / Heidelberg, 2007, pp. 399–405.
tion. Existing broadcast authentication schemes in WSNs do
[16] T. Lee, “Simple dynamic user authentication protocols for wireless
sensor networks,” in Proc. SENSORCOMM ’08, pp. 657–660.
not handle the problem of authenticated broadcast by sen-
[17] D. Liu and P. Ning, “Multilevel µTESLA: Broadcast authentication
sor nodes. The proposed ID-based Online/Offline Signature
for distributed sensor networks,” ACM Trans. Embed. Comput. Syst., vol. 3, no. 4, pp. 800–836, 2004.
(IBOOS) based broadcast authentication scheme is an attrac-
[18] D. Liu, P. Ning, S. Zhu, and S. Jajodia, “Practical broadcast
tive solution to this problem. An ID-based Signature (IBS)
authentication in sensor networks,” in Proc. MobiQuitous ’05:
based distributed user authentication scheme is proposed to
IEEE Computer Society, pp. 118–132.
[19] M. Luk, A. Perrig, and B. Whillock, “Seven cardinal properties
authenticate outside users. Session keys secure the further
of sensor network broadcast authentication,” in Proc. SASN ’06.
communication between the users and the sensor nodes. The
[20] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook
main advantage of this framework is its re-usability, that is,
it can also be reused with new IBS and IBOOS schemes for
[21] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler,
“SPINS: security protocols for sensor networks,” Wireless Net-
security and performance improvements. In the future, we
works, vol. 8, no. 5, pp. 521–534, 2002.
intend to focus on user access control to provide a complete
[22] K. Piotrowski, P. Langendoerfer, and S. Peter, “How public key
ID-based authentication framework which would enable the
cryptography influences wireless sensor node lifetime,” in Proc. SASN ’06.
sensor nodes, on one hand, to broadcast a message to quickly
[23] K. Ren, W. Lou, K. Zeng, and P. Moran, “On broadcast authentica-
respond to some critical situations and, on the other hand,
tion in wireless sensor networks,” Wireless Communications, IEEETransactions on, vol. 6, no. 11, pp. 4136–4144, Nov. 2007.
to control user access according to his access privileges. We
[24] K. Ren, W. Lou, and Y. Zhang, “Multi-user broadcast authentica-
are on the way to implement the proposed framework on
tion in wireless sensor networks,” in IEEE SECON ’07, pp. 223–232.
real sensor nodes to get actual results.
[25] Q. Ren, Y. Mu, and W. Susilo, “Mitigating phishing with ID-based
online/offline authentication,” in Proc. Australasian conference on
Information Security, AISC ’08, pp. 59–64.
[26] A. Shamir, “Identity-based cryptosystems and signature schemes,”
This work has been partially supported by the EPSRC
in Proc. CRYPTO ’84 on Advances in cryptology, ser. LNCS. NY,
project Verifying Interoperability Requirements in Pervasive
USA: Springer-Verlag, 1985, pp. 47–53.
[27] I. Stojmenovi, Ed., Handbook of Sensor Networks - Algorithms
WileyBlackwell, November 2005. [Online].
[28] P. Szczechowiak, A. Kargl, M. Scott, and M. Collier, “On the appli-
cation of pairing based cryptography to wireless sensor networks,”
[1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci,
“Wireless sensor networks: a survey,” Computer Networks, vol. 38,
[29] H. Tseng, R. Jan, and W. Yang, “An improved dynamic user
authentication scheme for wireless sensor networks,” in Proc.
[2] M. Bellare, C. Namprempre, and G. Neven, “Security proofs for
identity-based identification and signature schemes,” in Proc. EU-
[30] K. H. M. Wong, Y. Zheng, J. Cao, and S. Wang, “A dynamic
Springer-Verlag, 2004, pp. 268–286.
user authentication scheme for wireless sensor networks,” in Proc.
[3] Z. Benenson, “Realizing robust user authentication in sensor net-
IEEE Computer Society, 2006, pp. 244–251.
works,” in Proc. REALWSN ’05, 2005.
[31] S. Xu, Y. Mu, and W. Susilo, “Efficient authentication scheme for
[4] Z. Benenson, F. Gartner, and D. Kesdogan, “User authentication in
routing in mobile ad hoc networks,” in Proc. EUC ’05 Workshops,
sensor networks (Extended Abstract),” in Proc. Informatik 2004,
[32] R. Zhang, Y. Zhang, and K. Ren, “DP2AC: Distributed privacy-
[5] J. Bohli, A. Hessler, O. Ugus, and D. Westhoff, “A secure and
preserving access control in sensor networks,” in Proc. IEEE
resilient WSN roadside architecture for intelligent transport sys-
[33] W. Zhang, N. Subramanian, and G. Wang, “Lightweight and
[6] X. Cao, W. Kou, L. Dang, and B. Zhao, “IMBAS: Identity-based
compromise-resilient message authentication in sensor networks,”
multi-user broadcast authentication in wireless sensor networks,”
Computer Communications, vol. 31, no. 4, pp. 659 – 667, 2008.
[34] S. Zhu, S. Setia, S. Jajodia, and P. Ning, “Interleaved hop-by-
[7] W. Chen and Y. Chen, “A bootstrapping scheme for inter-sensor
hop authentication against false data injection attacks in sensor
authentication within sensor networks,” Communications Letters,
networks,” ACM Trans. Sensor Networks, vol. 3, no. 3, p. 14, 2007.
IEEE, vol. 9, no. 10, pp. 945–947, Oct. 2005.
The Rise of Antibiotic-Resistant Infections by Ricki Lewis, Ph.D. When penicillin became widely available during the second world war, it was a medical miracle, rapidly vanquishing the biggest wartime killer--infected wounds. Discovered initially by a French medical student, Ernest Duchesne, in 1896, and then rediscovered by Scottish physician Alexander Fleming in 1928, the product of the
La Gazette des Ascopiens arrive pour votre plus grand plaisir. Effectivement , ce lien entre les adhérents devient incontournable. Il donne la possibilité à ceux qui sont éloignés de garder le contact avec l'association et ses adhérents. Nous essayerons de vous donner les informations concernant les problèmes de santé , ou tout autre sujet qui vous touche, ce journal est le votre. Un