Improved elliptic curve cryptography-based broadcast authentication in wireless sensor networks

Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations and higher tolerance to node capture attack. With PKC’s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message immediately. While this prevents forged traffic from wasting the sensor nodes’ energy, performing PKC operations in the limited resource nodes can result in undesirably long delay. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time at the expense of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first.;In this work, we address this problem at two different stages of the authentication process. The first proposed solution adds extra verification procedures to eliminate unnecessary handling of fake packets. The second proposed solution addresses the digital signature scheme by extending an existing digital signature scheme to support a set signatures with different strengths.;First, we present two broadcast pre-authentication schemes, called the key pool and the key chain scheme, to solve this dilemma. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV) while the other limits broadcast forwarding to a spanning tree.;Next, we present a digital signature scheme, called Multi-Resolution Elliptic Curve Signature (MRECS) that allows the signer to create signatures of different sizes from the same key set. Comparing to an implementation using a set of different keys, MRECS requires less storage overhead and has longer key lifetime with the cost of higher but acceptable communication overhead. MRECS can reduce up to one third of the full-size signatures computational overhead. We also present several improvements to enhance MRECSs security using a second key set. The added security can be adjusted on-the-fly by the signer.