Formally verified authenticated query dissemination in sensor networks
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
| Hi-index | 0.00 |
We present Castor, a secure code-update protocol for sensor networks that exploits symmetric cryptoystems. Through a synergistic combination of a one-way hash-chain, two one- way key-chains with the delayed disclosure of symmetric keys, and multiple message authentication codes (MACs), Castor enables untrusted sensor nodes to verify an update's authenticity and guarantees that no correct node will ever in- stall or forward a compromised part of a code-update im- age. We describe an implementation of Castor that hard- ens the TinyOS-based update protocol, Deluge, against node compromise. We experimentally compare Castor's compu- tational and communication costs with those of Deluge and with those of a contemporary secure update protocol, Sluice, that uses asymmetric cryptosystems (digital signatures) in- stead. Our results demonstrate that Castor incurs reasonable overheads as compared to Deluge, and lower resource usage as well as lower end-to-end update latency as compared to Sluice.