A lightweight secure protocol for
wireless sensor networks
윤주범
2007.12. 4
ELSEVIER
Mar. 2006
KAIS
T
Contents
Introduction
Security goals
Assumption
LCG-based security protocols
Performance analysis
Conclusions and future work
A lightweight secure protocol for wireless sensor networks
2
Introduction (1/2)
Linear Congruential Generator (LCG)
One of the oldest and best-known pseudorandom number
generator algorithms
Easy to understand, easily implemented and fast
Asymmetric cryptography
Not suitable in wireless sensor networks
Require expensive computations and long messages
Symmetric cryptography can be used in WSN
RC5, MD5, SHA1, …
The performance depends on the encryption primitives.
A lightweight secure protocol for wireless sensor networks
3
Introduction (2/2)
In this paper
We propose a more lightweight block cipher that is suitable for
WSN
Propose a lightweight block cipher based on LCG
Our proposed block cipher is more lightweight than RC5
Related work
All sequences generated by the LCG are predictable (by Knuth).
To use LCGs is dangerous, unless the sequence can be isolated
from another generator. (Ritter[9])
A lightweight secure protocol for wireless sensor networks
4
Security goals
Confidentiality
Achieved through encryption
Integrity
Detect tampering
Authenticity
Come from the intended sender
A lightweight secure protocol for wireless sensor networks
5
Assumption
Existence of a key management scheme
Network-wide shared key among the nodes
Compromise of any single node
Locally shared by a node and its neighbors
Only decrypt the messages from nodes in its own group
Setting up pairwise keys on the fly
How to set up pairwise keys on the fly is a non-trivial task
Assumption
There exists a key management subsystem
The assumption is reasonable
Based on the key pre-distribution protocol, each sensor node could
share a secret key with other nodes
A lightweight secure protocol for wireless sensor networks
6
LCG-based security protocols (1/4)
Why selecting LCG
Simplest, most efficient, well-studied PRNG
To protect the random sequences
Enough amount of sequences is not known to the attacker
Linear congruential generators
Generate random numbers for keys
Xn+1 = a Xn + b mod m,
n = 0, 1, 2, …,
(1)
Parameters of LCG
X0, a, b, m
A lightweight secure protocol for wireless sensor networks
7
LCG-based security protocols (2/4)
Predictability of LCGs
How many numbers are needed to infer the entire sequence?
 Implement Plumstead’s inference algorithm[7] against LCG
Plumstead’s algorithm
A lightweight secure protocol for wireless sensor networks
8
LCG-based security protocols (3/4)
Analysis of Plumstead’s algorithm
O(log2 m) in worst case
Empirical results of Plumstead’s algorithm
 Prevent the adversary from retrieving five or more
A lightweight secure protocol for wireless sensor networks
9
LCG-based security protocols (4/4)
Key selection
Goal
Hide all random numbers
Chosen-plaintext attack cannot be conducted
a, b, m – open
X0 – only shared secret
Our system relies on the LCG’s statistical randomness
For efficiency
263 < a < 264 and 2127 < m < 2128
A lightweight secure protocol for wireless sensor networks
10
Basic hop by hop message transmission (1/3)
Our secure data transmission scheme
Secure data aggregation - example
A lightweight secure protocol for wireless sensor networks
11
Basic hop by hop message transmission (2/3)
Message encryption
Goal of encryption
Prevent recovering all the random numbers
16 bytes in size
P + X1 mod 256
Permutation
Decryption
X1 -> C1,C2 -> p1,p2
A lightweight secure protocol for wireless sensor networks
12
Basic hop by hop message transmission(3/3)
Security analysis
Confidentiality
Not feasible to exhaustively search
Use a half of each byte in Bi
 collision  difficult to recover Bi
Authenticity and Integrity
Cipher Block Chaining - MAC
4-byte MAC (brute forcing take about 20 months in 19.2 kbs channel)
A lightweight secure protocol for wireless sensor networks
13
Performance analysis (1/2)
Number of basic operations
aXn + b mod m

(263 < a < 264 and 2127 < m < 2128)
Result
Don’t consider random number generation
Ideal case
8-bit Atmega
A lightweight secure protocol for wireless sensor networks
14
Performance analysis (2/2)
A lightweight secure protocol for wireless sensor networks
15
Conclusions
Lightweight block cipher
Security
Random noise
Random permutation
Secure protocol for WSNs
More efficient than RC5
Future work
Implement our mechanisms on MICA2 sensor nodes
Integrate our protocol with other existing WSN applications
A lightweight secure protocol for wireless sensor networks
16