Mobile Sensor-Network Authentication
Authentication is a critical security requirement for sensor network nodes and can provide a high quality of assurance in a hostile deployment scenario. High-risk data-gathering environments involving sources like a base station or a command and control center require a high level of confidence that sensor data originate from authorized sensors. In the first generation of sensor network nodes [Mica], resource limitations such as processing power, battery lifetime, and memory make solving this problem a challenge. Current solutions like uTesla and SNEP [Spins] rely on time-synchronization and periodic broadcast based on delayed-release of shared secrets from a one-way hash chain for data-origin authentication.

In our MSA project, we revisit some of the original design assumptions underlying current solutions and investigate the feasibility of using limited public-key encryption to validate identity and exchange symmetric session keys as an alternative to SNEP scheme for addressing the sensor authentication problem. We test our assumptions on the third-generation Mica motes that have significantly higher processing power and on-chip memory. Other researchers have suggested that sensor nodes present public key certificates to base stations for sensor-identity authentication. The base performs a signature validation to authenticate the sensor node. However, the sensor node itself does not perform any public key operation and validates the identity of the base station using a shared secret.

In Year 1, we showed the feasibility of using public key operations for mutual authentication with non-repudiation on our test-bed. We contend that a PKI (Public Key Infrastructure) can overcome both the synchrony and periodicity assumptions required by SNEP, as well as provide non-repudiation which cannot be obtained when shared secrets are used. We implemented the Digital Signature Standard (DSS) on the motes so that they could perform signatures generation and verification using the Digital Signature Algorithm (DSA). Preliminary timing tests show that we can sign a 512-bit block in about 20 seconds and verify a signature in about 45 seconds. This suggests that PKI operations can be used sparingly on the sensor nodes themselves during set up for strong authentication.

During authentication itself, the base station and the sensor can exchange symmetric session keys that can be used for data confidentiality in subsequent messages. These keys can be pre-computed on the sensor to reduce computational overheads. In Year 2 we want to focus on developing authentication protocols that take advantage of limited public key operations and shift the burden of expensive computation to the base-stations. In addition, we plan to incorporate attribute-based certification [Linn] into our authentication protocols. This is motivated by our observation that in many situations, we are more interested in ascertaining that a sensor is sending the right type of data rather than actually authenticating its identity.

We propose a two-tier architecture to separate control messages from the data messages in our architecture. A special class of nodes called "guardians" is responsible for generating and updating sensor nodes with these attribute certificates exchanged on the control plane. Sensors nodes include these time-limited certificates that are issued by these guardians, along with their data, in order to attest that they are authorized to generate the required type of data. The guardians form a secure overlay network to monitor and enforce the integrity of a node by listening to their broadcast messages and changing or revoking their certificates when they are compromised. These certificates are validated by the base stations and do not require the sensor to perform a PKI operation. We hope to demonstrate that the use of attribute certificates can couple authorization and authentication into one step. PKI operations are only used to mutually authenticate the sensor node and its guardian at set up. This allows us to use a significantly smaller number of public keys and public key operations and provide a better alternative to existing cryptographic authentication solutions for sensor networks.
 
Project Leads
Roy Campbell, UIUC CS Department

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.