TY - GEN
T1 - Practical broadcast authentication in sensor networks
AU - Liu, Donggang
AU - Ning, Peng
AU - Zhu, Sencun
AU - Jajodia, Sushil
PY - 2005/12/1
Y1 - 2005/12/1
N2 - Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. μTESLA and multi-level μTESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders. Though multi-level μTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes, or require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using μTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders. The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical, and can achieve better performance than the previous approaches.
AB - Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. μTESLA and multi-level μTESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders. Though multi-level μTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes, or require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using μTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders. The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical, and can achieve better performance than the previous approaches.
UR - http://www.scopus.com/inward/record.url?scp=33749513007&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749513007&partnerID=8YFLogxK
U2 - 10.1109/MOBIQUITOUS.2005.49
DO - 10.1109/MOBIQUITOUS.2005.49
M3 - Conference contribution
AN - SCOPUS:33749513007
SN - 0769523757
SN - 9780769523750
T3 - MobiQuitous 2005: Second Annual International Conference on Mobile and Ubiquitous Systems -Networking and Services
SP - 118
EP - 129
BT - MobiQuitous 2005
T2 - MobiQuitous 2005: Second Annual International Conference on Mobile and Ubiquitous Systems -Networking and Services
Y2 - 17 July 2005 through 21 July 2005
ER -