I. INTRODUCTIONOrganizationII. TESLA OverviewA. Description of TELSA ProtocolB. Time SynchronizationC. Protocol Stages1) Sender Setup2) Bootstrapping a New Receiver3) Sending Authenticated Packets4) Receiver AuthenticationD. Concrete ExampleE. Robustness to DoS AttacksF. DoS Attack on the ReceiverIII. Improvements Against DoS AttacksA. Symmetric Improvements on TESLAB. Public Key Cryptography (PKC) to replace TESLA1) New emerging PKC2) Power Scavengers3) Crypto-Chips follows Moore’ LawC. Group Authentication Scheme as a supplement to TESLA1) Group authentication using group shared key2) TESLA authenticating the sender within the groupIV. Group Multicast Authentication ProtocolA. Shamir’s Secret Sharing1) Dealer Phase2) Reconstruction PhaseB. Protocol Setup1) GROUP KEY2) LINK KEYC. Secret Share ExchangeD. Message AuthenticationV. Experiments & ResultsA. Experimental Procedures1) GMA Protocol in NS2 Implementation2) Simulation Testinga) Topology Generationb) Test CreationB. Analysis of ResultsVI. ConclusionAbstract— In the wireless environment, the communicationmedium is often untrusted and insecure. We study a generalversion of the multicast authentication problem where theunderlying network, controlled by an adversary, may dropchosen packets, rearrange the order of the packets in anarbitrary way, and inject new packets into the transmittedstream. Multicast authentication protocols such as TESLAemploy the principle of delayed key disclosure. These methodsintroduce delay in authentication, force receiver side buffers,and consequently are susceptible to denial of service (DoS)attacks. Based on Shamir’s Secret Sharing Scheme and standardcryptographic primitives, we propose a new and efficient groupmulticast authentication (GMA) protocol that can be used toaugment the TELSA protocol for real time authentication. OurGMA protocol can authenticate a potentially large number ofrecipients. We prove the security of our scheme and analyze itsperformance in terms of the computational efficiencies at thesender and receiver and the communication overhead. We alsoshow that our scheme is robust to DoS attacks while providingconfidentiality and message integrity as well.Index Terms— broadcast authentication, DoS attack resistant,multicast authentication, secret sharing schemeI. INTRODUCTIONDenial-of-service (DoS) attacks that exhaust thesenders’ and receivers’ resources are a growing concern onthe Internet and other open communication systems. Due tothe nature of wireless communication in sensor networks,attackers can easily inject malicious data messages or alterthe content of legitimate messages during multi-hopforwarding. Sensor network applications, therefore, need torely on authentication mechanisms to ensure that data from avalid source was not altered in transit. Authentication isarguably the most important security primitive in sensornetwork communication. Source authentication ensures thatthe message originated from the claimed sender, and dataauthentication ensures that the data from that sender wasunchanged (thus also providing message integrity).Broadcast authentication is a challenging problem, yet it isof central importance as broadcast communications are usedin many applications. For example, routing tree construction,network query, software updates, time synchronization, andnetwork management all rely on broadcast. Without anefficient broadcast authentication algorithm, the sender andreceiver would have to resort to per-node unicast messages,which do not scale well for large networks. The practicality ofmany secure sensor network applications thus hinges on thepresence of an efficient algorithm for broadcastauthentication.Point-to-point authentication can be achieved fairly easilythrough a purely symmetric mechanism: the sender andreceiver share a secret key used to compute a cryptographicmessage authentication code (MAC) for each message. Whena message with a valid MAC is received, the receiver can beassured that the message originated from the sender.However, authentication of broadcast messages, especially inwireless sensor networks, is much harder than point-to-pointauthentication. In the broadcast communication environment,problems such as non-repudiation and key managementbecome a serious issue. A possible solution to this problem isto employ a public key-based protocol to authenticate senderand receiver. Unfortunately, asymmetric cryptographicmechanisms have high computation, communication, andstorage overhead, making their usage on resource-constraineddevices impractical for many applications.On the other side of the same equation, multicast sourceauthentication based on symmetric cryptography has attractedintense research efforts for the past few years. Canettipresented a solution to multicast source authentication basedon verifying each different MAC using unique keys for eachmessage [2]. Another popular symmetric key approach formulticast authentication uses delayed key disclosure. Delayedkey disclosure was first introduced by Cheung [3] to achieveefficient authentication for link state routing. Chained StreamAuthentication [4] and FLAMeS [5] used similar ideas formulticast source authentication. In this paper, we propose a symmetric-based authenticationmethod, which we call Group Multicast Authentication(GMA) protocol to improve upon the popular TESLAprotocol. The GMA protocol uses a group key that is derivedfrom Shamir’s Secret Sharing Scheme [29]. The premise ofusing a secret sharing scheme is to allow a trusted group toauthenticate broadcast messages. More precisely, only thoseparticipants within the network can generate the secret andauthenticate messages. In light of the known securityweakness of TESLA, our main objective is to design anddevelop the GMA protocol to help eliminate DoS attack,while maintaining the requirements of low communicationand computation overhead. OrganizationThis paper is organized into the six sections. In section 2section we describe the TESLA protocol and
View Full Document
Unlocking...