A new family of authentication protocols
ACM SIGOPS Operating Systems Review
System architecture directions for networked sensors
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
SPINS: security protocols for sensor networks
Proceedings of the 7th annual international conference on Mobile computing and networking
PSFQ: a reliable transport protocol for wireless sensor networks
WSNA '02 Proceedings of the 1st ACM international workshop on Wireless sensor networks and applications
A key-management scheme for distributed sensor networks
Proceedings of the 9th ACM conference on Computer and communications security
Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts
UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
Random Key Predistribution Schemes for Sensor Networks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A pairwise key pre-distribution scheme for wireless sensor networks
Proceedings of the 10th ACM conference on Computer and communications security
Establishing pairwise keys in distributed sensor networks
Proceedings of the 10th ACM conference on Computer and communications security
LEAP: efficient security mechanisms for large-scale distributed sensor networks
Proceedings of the 10th ACM conference on Computer and communications security
Key Infection: Smart Trust for Smart Dust
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
TinySec: a link layer security architecture for wireless sensor networks
SenSys '04 Proceedings of the 2nd international conference on Embedded networked sensor systems
Shake them up!: a movement-based pairing protocol for CPU-constrained devices
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Integrity (I) Codes: Message Integrity Protection and Authentication Over Insecure Channels
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Telos: enabling ultra-low power wireless research
IPSN '05 Proceedings of the 4th international symposium on Information processing in sensor networks
SCUBA: Secure Code Update By Attestation in sensor networks
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes
Proceedings of the 5th international conference on Embedded networked sensor systems
Improving sensor network immunity under worm attacks: a software diversity approach
Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing
A software primitive for externally-verifiable untampered execution and its applications to securing computing systems
Key management systems for sensor networks in the context of the Internet of Things
Computers and Electrical Engineering
Hi-index | 0.00 |
This paper presents a protocol called Software Attestation for Key Establishment (SAKE), for establishing a shared key between any two neighboring nodes of a sensor network. SAKE guarantees the secrecy and authenticity of the key that is established, without requiring any prior authentic or secret cryptographic information in either node. In other words, the attacker can read and modify the entire memory contents of both nodes before SAKE executes. Further, to the best of our knowledge, SAKE is the only protocol that can perform key re-establishment after sensor nodes are compromised, because the presence of the attacker's code in the memory of either protocol participant does not compromise the security of SAKE. Also, the attacker can perform any active or passive attack using an arbitrary number of malicious, colluding nodes. SAKE does not require any hardware modification to the sensor nodes, human mediation, or secure side channels. However, we do assume the setting of a computationally-limited attacker that does not introduce its own computationally-powerful nodes into the sensor network. SAKE is based on Indisputable Code Execution (ICE), a primitive we introduce in previous work to dynamically establish a trusted execution environment on a remote, untrusted sensor node.