We have successfully demonstrated the feasibility of implementing a security subsystem for an extremely limited sensor network platform. We have identified and implemented useful security protocols for sensor networks: authenticated and confidential communication, and authenticated broadcast. To illustrate the utility of our security building blocks, we implemented an authenticated routing scheme and a secure node-to-node key agreement protocol.
Many elements of our design are universal and apply easily to other sensor networks. Since our primitives are solely based on fast symmetric cryptography, and use no asymmetric algorithms, our building blocks are applicable to a wide variety of device configurations. The computation costs of symmetric cryptography are low. Even on our limited platform the energy spent for security is negligible compared with the energy cost of sending or receiving messages. In the absence of other constraints, it should be possible to encrypt and authenticate all sensor readings.
The communication costs are also small. Since the data authentication, freshness, and confidentiality properties require transmitting a mere 8 bytes per unit, it is feasible to guarantee these properties on a per packet basis, even with small 30 byte packets. It is difficult to improve on this scheme, as transmitting a MAC is fundamental to guaranteeing data authentication.
Certain elements of the design were influenced by the available experimental platform. The choice of RC5 as our cryptographic primitive falls into this category; on a more powerful platform we could use any number of shared key algorithms with equal success. The extreme emphasis on code reuse is another property forced by our platform. A more powerful device would also allow for more basic modes of authentication. The main limitation of our platform was available memory. In particular, the buffering restrictions limited the effective bandwidth of authenticated broadcast.
Despite the shortcomings of our target platform, we were able to demonstrate a security subsystem for the prototype sensor network. With our techniques, we believe that security systems can become an integral part of practical sensor networks.