2011 First International Conference on Informatics and Computational Intelligence

Wireless Network Security Using Elliptic Curve Cryptography

Hero Modares Amirhossein Moravejosharieh Rosli Salleh

Department of Computer system
and technology
University of Malaya
Kuala Lumpur, Malaysia
hero.modares@gmail.com
Department of Computer system Department of Computer system
and technology and technology
University of Malaya University of Malaya
Kuala Lumpur, Malaysia Kuala Lumpur, Malaysia
Amirhosein.moravej@gmail.com rosli_salleh@um.edu.my

Abstract— As wireless sensor networks continue to grow, so
does the need for effective security mechanisms. Sensor
networks may interact with sensitive data and/or operate in
hostile unattended environments; it needs to be secured. It is
an important challenge to find out suitable cryptography for
wireless sensor networks (WSN) due to limitations of energy,
computation capability and storage resources. Hybrid, El-
Gamal, RSA and Elliptic Curve Cryptography (ECC) are
public key cryptography algorithms. We present a comparison
of two public-key algorithms, RSA and ECC. We found ECC
to have a significant advantage over RSA as it reduces
computation time and also the amount of data transmitted and
stored.
Keywords- Wireless Security; Elliptic Curve Cryptography;
key management
I. INTRODUCTION
Wireless sensor networks comprise of small nodes that
communicate through wireless links. They are used to carry
a wide variety of applications; many of them have in any
case some security requirements. Public keys and private
keys are two ways in cryptographic algorithm to implement
authentication and encryption. Using public keys, the key
value of every node is public hence it is known by all other
nodes. When a node requests to communicate privately with
other node, the source node will use public key to encrypt
data of the target node and only the target node can properly
decrypt the data using private key. In this case, two
communicating nodes are not using the same keys during the
session which is called asymmetric key encryption. But if
two communicating nodes want use private keys, nodes have
reprogrammed and reconfigured [1]. These kinds of
operations are very sensible to potential attacks. A number of
solutions that discussed this issue have been proposed so far
[2]. In next section we will survey the WSN architecture in
WSNs. Section 4 and 5 deal with security requirements and
Key management issues in WSNs, respectively. Section 7
and 8 will present Elliptic Curve Cryptography and Energy
Analysis. Section 10 concludes the paper and proposes some
future work [3].
II. WSN ARCHITECTURE
In a typical WSN we see following network components:
 Field devices: Field devices are established in the
process and must be able of routing packets.
 Access points or Gateway: Access points or
Gateway enables communication between Host and
field devices.
 Network manager: A Network Manager is liable for
configuration of the network, management of the
routing tables, monitoring, scheduling
communication between devices and reporting the
health of the network.
 Security manager: The Security Manager is liable for
the generation, management and storage of keys [4].
Field Device
Security Manager
Field Device
Field Device

to agree at the beginning on a key before starting Gateway

communicate securely. This way of encryption is called

symmetric key encryption because both communicating Network Manager

nodes for encrypting and decrypting data use the same keys.
In wired data networks trusted server is used to help nodes to
establish trust relationships, but there is no trusted authority
in WSN because sensor nodes have limited CPU power,
memory and energy, that are why cryptographic algorithms
must be selected warily. Enabling security in WSNs is very
scenario reliant in all its approaches. There are different
requirements, for instance, requirements appear in the
control domain and operation. Sensor nodes must be
Figure 1. WSN Architecture.
III. SECURITY REQUIREMENTS
In order to secure of WSNs, there are security objectives
that provide security services, such as Confidentiality which
confidential information should never be revealed, and the
authenticity and integrity of information should always be
assured [3].

978-0-7695-4618-6/11 $26.00 © 2011 IEEE 348

DOI 10.1109/ICI.2011.63
A. Data Confidentiality
Data is kept privately in an electronic communication. It
is typically provided by encryption. It contains both
protections of the transmitted data between two ends.
Similarly it secures the traffic flow analysis [5].
B. Authentication
Receiver determines its source to confirm the sender’s
identity by using something that you have or you know.
Normally, it is done by using the sender public key. It is the
same integrity provided by digital signature [5].
C. Data Integrity
Data is not changed in an unauthorized manner. It is
typically provided by digital signature and encryption as well
[5].
D. Data Freshness
Insurance of the freshness of each message is needed
even if confidentiality and data integrity are assured. Data
freshness mentions that the data is fresh, and it guarantees
that no old messages have been replayed. This requirement is
mainly significant while there are share key strategies in the
network design. In general shared keys need to be changed
time by time. On the other hand, it takes time for new shared
keys to be scattered to the whole network. In this case, it is
easy for the guilty to use a replay attack and to disturb the
normal work of the sensor. To resolve this problem and
make sure data is freshness another time-related counter, can
be added into the packet [6].
E. Availability
In sensor networks there are many possibility of injury
that could result in defeat of availability such as denial of
service attacks and sensor node capturing. But all these
approaches make weak availability of sensor network for the
below reasons [6]:
 Additional computation consumes additional energy.
If no more energy exists, the data will no longer be
available.
 Additional communication also consumes more
energy. What’s more, as communication increases so
too does the chance of incurring a communication
conflict.
 A single point failure will be introduced if using the
central point scheme. This greatly threatens the
availability of the network. The requirement of
security not only affects the operation of the
network, but also is highly important in maintaining
the availability of the whole network [6].
F. Time Synchronization
Most sensor network applications depend on some
structure of time synchronization. An individual sensor’s
radio in order to preserve power it may be turned off for
periods of time. Also, sensors may want to compute the end-
to-end delay of a packet as it moves between two pairwise
sensors. A more collaborative sensor network possibly will
require group synchronization for tracking applications, etc.
349
authors in [7] propose a set of secure synchronization
protocols for sender-receiver (pairwise), multihop sender-
receiver (to be used when the pair of nodes are not within
single-hop range), and group synchronization [6].
IV. KEY MANAGEMENT
Key management issues are not unique to wireless sensor
networks. In fact, key establishment and management
matters have been considered in depth outside of the wireless
networking area. However most of the traditional techniques
in wireless sensor networks are unsuitable because of low
power in fact that typical key exchange techniques use
asymmetric cryptography, as well called public key
cryptography. Usually, Diffie-Hellman which is one of
public-key protocols is used to key establishment. In the
public-key protocols, data is encrypted with the public key
and decrypted only with the private key so it is necessary to
maintain both public and private keys. However in
symmetric protocols data encrypt and decrypt with a single
shared key which is known only between the two
communicating hosts but it has key exchange problem. In
this case, the key exchange problem comes from the fact that
two communicating hosts before they start securely
communication must know the shared key. Thus the problem
is that how to make sure the shared key is truly shared
among two hosts who wish to communicate and there are no
other hosts who may wish to eavesdrop. How to distribute a
shared key securely to communicating hosts is a significant
problem since pre-distributing the keys is not always
possible [6].
Asymmetric cryptography problem in a wireless sensor
network is that it is typically excessively computationally
demanding for the individual nodes in a sensor network. This
is correct in the common case, nevertheless [8, 9, 10, 11]
show that it is possible with the right choice of algorithms.
V. KEY ESTABLISHMENT
In sensor networks key establishment protocols are used
to setup shared secrets between neighboring either through
key agreement or key transport. In key transport protocol
one entity creates or otherwise gets a secret key then
transfers it securely to the other entity. But in key agreement
to get shared secret key all entities contribute a random input
so the key depend on the input of all entities and no entity
can predetermine the key which it is advantage of key
agreement. Trusted-server scheme, self-enforcing scheme,
and key pre-distribution scheme are three types of key
agreement schemes. The trusted-server scheme is not
suitable for WSNs because it uses a trusted server to do key
agreement between nodes and usually there is no trusted
infrastructure in sensor networks. The self-enforcing scheme
is a key agreement using public key certificates which it is
asymmetric cryptography [12, 13, 14]. Key pre-distribution
is the third type of key agreement scheme, in this type key
information is distributed between all sensor nodes prior to
deployment. Keys can be decided a priori if we know which
nodes stay in the same neighborhood before deployment [3].
 VI. ELLIPTIC CURVE CRYPTOGRAPHY
A fundamental building block for digital communication
is the Public-key cryptography systems. Public-Key
cryptography (PKC) systems can be used to provide secure
communications over insecure channels without exchanging
a secret key. Implementing Public-Key cryptography
systems is a challenge for most application platforms when
several factors have to be considered in selecting the
implementation platform. The most popular public-key
cryptography systems nowadays are RSA and Elliptic Curve
Cryptography (ECC).
Elliptic curve cryptography (ECC) was proposed in 1985
by Neal Koblitz and Victor Miller. Elliptic curve
cryptographic schemes can provide the same functionality as
RSA schemes which are public-key mechanisms. The
security is based on the difficultly of a different problem,
which is called the Elliptic Curve Discrete Logarithm
Problem (ECDLP).In order to solve the ECDLP, the best
algorithms have fully exponential time. In contrast, the
integer factorization problem has to be solved with
subexponential-time algorithms [15]. It makes Elliptic Curve
Cryptography offers similar security. It is offered by other
traditional public key cryptography schemes used nowadays,
with smaller key sizes and memory requirements (As shown
in Table.1) [16]. For example, it is generally accepted that a
1024-bit RSA key provides the same level of security as a
160-bit elliptic curve key. The advantages can be achieved
from smaller key sizes including storage, speed and efficient
use of power and bandwidth. The use of shorter keys means
lower space requirements for key storage and quicker
arithmetic operations. These advantages are essential when
public-key cryptography is applied in constrained devices,
such as in mobile devices or RFID. In brief, ECC based
algorithms can be easily included into existing protocols to
get the same backward compatibility and security with
smaller resources. Therefore, more low-end controlled
devices can use such protocols to be considered unsuitable
for such systems.
TABLE I. KEY SIZES.
Symmetric-key ECC RSA Comment
64 bit 128 bit 700 bit Short period security
80 bit 160 bit 1024 bit Medium period security
128 bit 256 bit 2048 bit Long period security
A group structure used to implement the cryptographic
schemes is provided by using Elliptic curves and is
determined over a finite field. The elements of the group are
the points on the elliptic curve. They act as the identity
element of the group. On the other hand the group operation
can be executed by arithmetic operations based on finite
field. It is discussed in detail in the next section [15].
There are many ways to calculate the points over the
prime field elliptic curve. A direct method is by applying the
next equation [17].
y2=x3+ax+b where 4a3+27b2≠0 
350
Different elliptic curve is produced by changing the
values of ‘a’ and ‘b’. In elliptic curve cryptography,
calculating the public-key can be done by multiplying the
private key with the generator point ‘G’ in the curve. The
generator point ‘G’ is the point on the curve. The private key
is the random number in the interval [1, n-1],‘n’ is the
curve’s order [17].
The strength of ECC security comes from the difficulty
of Elliptic Curve Discrete Logarithm Problem. If ‘P’ and ‘Q’
are points on the curve, then kP=Q where ‘k’ is a scalar.
Thus, point multiplication is the basic operation in ECC. For
example, the multiplication of a scalar ‘k’ with any point ‘P’
on the curve in order to obtain another point ‘Q’ on the curve
[5].
VII. ENERGY ANALYSIS
According A.S.Wander, etc in Energy Analysis of
Public-Key Cryptography for Wireless Sensor Networks
paper they compares the energy consumed by RSA and ECC
for energy cost of key exchanges not including
authentication and certificate verification also for generating
and verifying signatures.
Sign operation and RSA verify both are required for
authentication but where the cost of an RSA verifies is small;
sign operation is more expensive. As shown in the table.2
transitioning energy cost of signing from RSA-1024 to RSA-
2048 increases, although ECDSA-224 signing is less
expensive than ECDSA-160 signing. The RSA-based key
exchange protocol trusts in entity A to encrypt a randomly
generated secret key using entity B's public key, and entity
B’s private key used to decrypting. However, both entities
perform a single ECDH operation to get the secret key in
ECC protocol [18].
TABLE II. COMPARISON.
Algorithm Signature Key Exchange
- Sign Verify Client Server
RSA-1024 304 11.9 15.4 304
3
ECDSA-160 22.82 45.09 22.3 22.3
RSA-2048 2302.7 53.7 57.2 2302.7
ECDSA-224 61.54 121.983 60.4 60.4
Preceding sections illustrated security, ECC and some
related work about wireless communication that are based on
elliptic curve cryptographic techniques. Presently, RSA
algorithm demands a key length be not less than 1024 bits
for long term security and we know that ECC with only a
160 bits modulus offers an the same level of security as RSA
with 1024-bit modulus. Thus, using ECC in wireless
communication system is extremely recommended. This
work will provide a secure protocol for wireless
communication based on ECC techniques. The key
distribution and storage problems, which are typical in
secret-key settings it is solved by the public-key
cryptography conception. The proposed protocol will
provide the most important security services such as
authentication of service and user and no repudiation.
VIII. CONCLUSION
Elliptic curve cryptography can be a substitute for RSA
in efficacious applications because of its efficiency in
software as well as in hardware realizations. ECC offers an
enhanced security with shorter bit sizes than in RSA. Shorter
key length is useful to save bandwidth, power, and it
improves the performance. The recent sensor devices have
restricted computational power. In order to realize 80 bit of
security in ECC, it requirements 160bit parameters size, and
offers the same security level presented by 1024 bit RSA.
Unlike the past, combination in ECC catches the attention of
experts because it can be used to build cryptographic
schemes that cannot be built in any other way.
REFERENCES
[1] Fuchs, G., Truchat, S., & Dressler, F. (2006). Distributed
Software Management Distributed Software Management. in 1st
IEEE/ACM International Conference on Communication
System Software and . New Dehli,India: IEEE COMSWARE
2006.
[2] Zhang, W., & Cao, G. (March 2005). Group Rekeying for
Filtering False Data in Sensor Networks: A Predistribution and
Local Collaboration-Based Approach. 24th IEEE Annual Joint
Conference of the IEEE Computer and Communications
Societies (IEEE INFOCOM 2005) (pp. 503–514). IEEE .
[3] Amin, F., Jahangir, A., & Rasifard, H. (2008). Analysis of
Public-Key Cryptography for Wireless Sensor Networks
Security. World Academy of Science, Engineering and
Technology.
[4] Kalita, H. K., & Kar, A. (2009). WIRELESS SENSOR
NETWORK SECURITY ANALYSIS. International Journal of
Next-Generation Networks (IJNGN), (pp. Vol.1, No.1).
[5] Modares, H. (2009). A Scalar Multiplication in Elliptic Curve
Cryptography with Binary Polynomial Operations in Galois
Field. Kuala Lampur: Thesis submitted to The Faculty of
Computer Science and Information Technology University
Malaya.
351
[6] Walters, J. P., Liang, Z., Shi, W., & Chaudhary, V. (2006).
Wireless Sensor Network Security: A Survey. 2006 Auerbach
Publications, CRC Press: Auerbach Publications, CRC Press.
[7] Ganeriwal, S., Capkun, S., Han, C.-C., & Srivastava, M. (2005).
Secure time synchronization service for sensor networks.
Proceedings of the 4th ACM workshop on Wireless security
(pp. 97–106). New York, NY, USA: ACM Press.
[8] Gaubatz, G., Kaps, J., & Sunar, B. (2004). Public key
cryptography in sensor networks - revisited. In 1st European
Workshop on Security in Ad-Hoc and In 1st European
Workshop on Security in Ad-Hoc and. ESAS.
[9] Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S.
(August 2004). Comparing elliptic curve cryptography and rsa
on 8-bit cpus. In In 2004 workshop on Cryptographic In In 2004
workshop on Cryptographic.
[10] Malan, D., Welsh, M., & Welsh, M. (2004). A public-key
infrastructure for key distribution in tinyos based on elliptic
curve cryptography. In First Annual IEEE Communications
Society Conference on Sensor and Ad Hoc Communications
and Networks. and Networks.
[11] Watro, R., Kong, D., Cuti, S., Gardiner, C., Lynn, C., & Kruus,
P. (2004). Tinypk: securing sensor networks with public key
technology. In Proceedings of the 2nd ACM workshop on
Security of Ad hoc and Sensor Networks . New York, NY,
USA: ACM Press.
[12] Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. ( July
2001). SPINS:Security Protocols for Sensor Networks. in
Proceedings of the 7th Annual ACM/IEEE International
Conference on Mobile Computing and Networking (MobiCom)
(pp. 189–199). Rome, Italy: ACM/IEEE .
[13] Diffie, W., & Hellman, M. (November 1976). New directions in
cryptography. IEEE Transactions on Information Theory, vol.
22, (pp. 644–654).
[14] Rivest, R., Shamir, A., & Adleman, L. (1978). A method for
obtaining digital signatures and public-key cryptosystems.
Communications of the ACM vol. 21,no. 2, (pp. 120–126).
[15] Hankerson, D., Hernandez, J., & Menezes, A. (2000). Software
Implementation of Elliptic Curve Cryptography Over Binary
Fields. Proceedings of the Workshop on Cryptographic
Hardware and Embedded Systems (pp. 1-24). Springer-Verlag.
[16] Kumar, S. (2006). Elliptic Curve Cryptography for Constrained
Devices. Ruhr-University Bochum.
[17] Tata, E. (2007). Elliptic Curve Cryptography, An
Implementation Guide. In Anoop MS. India: Anoop, MS.
[18] Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C.
Energy Analysis of Public-Key Cryptography for Wireless
Sensor Networks. University of California.