Cryptographic security of wireless sensor networks

This project concerned the applications of cryptography in the area of the wireless sensor networks (WSNs). WSNs are a new technology that can be used in building monitoring, burglar alarms, military applications, border control, etc. WSNs consist of a large number of intelligent nodes which are low-cost, low-power and small. Because of these properties a special care must be taken in the design of the protocols for such networks. Namely, one has to constrain the number of processor cycles and the number of radio-transmitted bits (since this costs energy), and one often cannot assume that the nodes do not leak any information about its state (in other words: they are not leakage-resilient). Because of these limitations many standard cryptographic protocols cannot be used in WSNs. This is especially true about the protocols based on the public-key cryptography (which is often too energy consuming). For example, the classical (public-key-based) methods for the key distribution cannot be used in WSNs.

In this project we were particularly interested in the active security of sensor networks, i.e. security in a model where the adversary not only eavesdrops, but also actively disturbs the communication. The work performed by us is as follows. First, we gave a formal analysis of the active security of the existing key-distribution schemes for the sensor networks, and we provided a comparison between them. We concluded that the best scheme in this context is the one based on the method of Blom (1984). Second, we proposed a new method for secure aggregation in the sensor networks, which has increased resiliency against the active attacks. Third, we proposed a new, formal model, for increasing leakage-resiliency of cryptographic protocols, and implemented some basic cryptographic primitives (secret-sharing, stream cipher) in this model. This method is based on so-called Bounded-Retrieval Model, where the adversary is allowed to retrieve any information about the internal state of the machine, as long as the total length of the retrieved data is bounded