201O International Conference On Computer Design And Appliations (ICCDA 2010


A Node Authentication Protocol based on ECC in WSN

School of computer science and technology China University of Mining and Technology, CUMT Xuzhou 221116, China cschangqing@163.com

Yong-ping ZHANG,

Lin-lin Qin

School of computer science and technology China University of Mining and Technology, CUMT Xuzhou 221116, China ypzhang@cumt.edu.cn

Abstract-This paper improves an authentication protocol
based on The Elliptic curve Cryptography, and applies it to WSNs. primary the This scheme contains system initialization, node registration and authentication phase. It continues to use the scheme's of high efficient multiplication Besides, operation scheme method, and the sensor node store the other ID's hash value as premise the authentication. this increases an authentication phase between sensor nodes using The XKAS Key Agreement Scheme. Conclusion shows that the improved agreement has lower consumption for wireless sensor network.

Table 1 [7] shows the key length of three cryptography under the same security property, as follows:

106 132 160 210

Key length of RSAIDSA
512 768 1024 2048

Key length ratio of RSAIECC 5: I
6: I 7: I 10: I





Wireless sensor network; XKAS



About authentication on WSN, this article improved an authentication protocol based on elliptic curve, using high­ efficiency operation method [8], less node storage and computation, which is applicable to wireless sensor network. II.

With the development of the low-power consumption wireless communication technology, micro-sensor technology and integrated circuits technology, wireless sensor network (WSN) has been growing strong. And it has been widely used in military, agriculture, environmental monitoring, health care, building monitoring, space exploration and other special fields. As the core and important basic link of the security mechanism, authentication has always been a hot area of security research on wsn. Because of the sensor node's limited energy, communication and storage resources, the authentication protocol in the traditional network must be improved to apply to WSN. Using symmetric encryption to authenticate needs to carry large amount of pre-distribution key, and the node will consume too large memory space. So, using this authentication method in the large-scale WSN will make the network expandability very bad. Public Key Cryptography (PKC) has the unique authentication reliability and can prevent the Man-In-The-Middle Attack [1] effectively. Many scholars studied on the public key arithmetic in WSN. Such as TinyPK [2] entity authentication protocol which based on low-level RSA [3] proposed by R.Watro, and strong user authentication protocol [4] proposed by Z.Benenson et al. Compared with RSA and other public-key cryptosystem, elliptic curve cryptography (ECC) has many special advantages such as lower requirements of the bits length of key, higher intensity, less parameters, which is especially for space constrained and bandwidth constrained situation [5]. So, ECC is more compatible to be used in the WSNs which have limited resources [6].

Wireless Sensor Network

The traditional computer network is generally to meet the various needs, but WSN is usually for the data-centric information-gathering work for a specific demand [9]. Sensor network usually contains sensor node, the sink node and the base station (BS). A large number of sensor nodes are deployed in or near the surveyed area randomly, and constitute the network by self-organization. Sensor node detects data and transmits it to the other node hop-by-hop. The transmission may be proceded through one or more nodes, and arrive at the sink node after multi-hop, then reach BS finally. Users deploy and manage sensor node, publish testing task and collect test data through BS. The WSN architecture in this article is shown in Fig.l. BS is the base station, sensor nodes can communicate with BS directly.

o �
Figure I,



o d




Sensor j---p-",,--"'- node

Wireless sensor network architecture



2010 IEEE


Volume 2

the order n and a point Q. Node A NodeB Step 1: kA' PB Compute SA=kAPB Step 2: kB' PA Compute SB=kBPA Step 3: SA. Ps} Where Fq the prime field of the elliptic curve. other nodes store the hash value. it decreases the node storage content. Node a verify saRaPa=Ps H(IDaJ. then sends KAB to B. then computes SB=kBAPA and sends it to node A. Domain F can be the field of rational number. y) and the point at infinity which satisfy equation /=x3+ax+b. a6 EF and LJ ¥o. SB compute KAB=kASASB KAB � Step 4: SB. Authentication protocol between two sensor nodes Step 1: Node A selects a random number kA and gets B's public key PB from BS. System private key stored by the system itself. then registration is successful. If it has. B. Instead of storing node ID. A computes KAB=kASASB using its private key SA. nodes register for their identity at BS. the sensor node must be authenticate with its neighboring nodes and BS mutually [10]. n is the order of G and be a prime number. a4. which stored by the sensor node itself. Description of ECDLP: given a finite field Fq and a elliptic curve E defined on Fq. the complex number and finite field. Fq ={O. Sensor node can authenticate and communicate with each other. a3. but in reverse. At this phase. THE AUTHENTICATION SCHEME BASED ON function which can map any string to domain Fw s EFq is the system private key which selected by itself Ps=sG is the system public key. If not. and the elliptic curve E is constituted by point (x. then compares KAB with KBA to accomplish the authentication. y. and broadcast H(IDaJ and Ps. This article studied the elliptic curve defined on prime fields Fq. and we know the base point P. a2. then refuse authentication. The process of the agreement is shown as follows. BS distributes keys for each node. BS compute H(IDaJ and Ra=sH(IDaJ. and compute Pa=s/G as its public key. 1. then computes SA=kAPB and sends it to node B. so the attacker can't forge. where x. B computes KBA=kBSBSA using its private key SB. Its base parameters can be defined as follows: Params= { Fq . Any node whose ID is in the prestore ID table is legal node. this system (BS) generated a safety elliptic curve. compute k=/ogpQ is very hard. and can broadcast messages. Step 2: Node B selects a random number kB' and gets A's public key PA from BS. q-1}. ECC is a kind of cryptography obtained by the elliptic curve finite group on finite field insteading of the finite group on over the cryptography based on the discrete logarithm problem. BS can communicate with a sensor node through the secure channel.v'=x3+a]X2+a�+a6 (1) Where aI. and can communicate with BS also. Node a select a random number Sa EFq as its private key. If number (x. Choosing a set of properly elliptic curve parameters. Now we assume that they have determined their public and private keys. After BS broadcasted the hash value of a node ID. If the equation is right. KAB Compute KBA =kBsBSA KAB= KBAo The End ECC This article improved the authentication system designed in [8].2. Elliptic Curve Cryptography(ECC) Elliptic curve E defined on the domain F can be defined by the following Weierstrass equation (1): E: /+aIxy+a. V2-607 Volume 2 . n. where (JE(F). When we choose a number k. F is a domain. It is built on the Abelian group which composed by the points of the elliptic curve on finite field Fq• The security of ECC is based on the difficulty of solving the elliptic curve cryptography disperse logarithm problem (ECDLP) [11]. E is the elliptic curve. Authentication steps were shown in Fig. After system initialization. node B is first to see if it has node the ID hash value of A. 1) System Initialization Using the elliptic curve method to generate mentioned in [8]. then it can be called the point of the elliptic curve E defined on domain F. When node A requests for B's certification. Where both Ra and Ps have the signature of BS. and nodes do mutual authentication and communication. b EFq. then transmit IDa and Pa to BS. it based on XKAS Key Agreement Scheme for the WSNs. ECDLP will be a difficulty problem for current calculation level. The other nodes store H(IDaJ and Ps. and H is a one-way mapping Figure 2.2010 International Conference On Computer Design And Appliations (ICCDA 2010) Assume that BS is safe. III. 3) Authentication Node A and B must be authenticate mutually before communication. SA. G is the base point of the elliptic curve. G. and this provides the security access mechanism for all the nodes to access the self-organizing. E. then transmit Ra to sensor node a through the secure channel. Step 3: After got SB from B. LJ is the discriminant of E. when Q and P are known. Step 4: After got SA from A. its public key and other parameters published. then begin to authenticate.2. 2) Registration Each sensor node has a unique identity ID of the network. it is easy to compute Q=kP (kp is called ECC point multiplication). H. After deployed in the work area. and each sensor node has its own unique identity. a. y) can satisfy the above equation. s.

Therefore. sensor node only stores the other node' s ID hash value which decreases the consumption of the node memory space. he can't get its private key.2006:140-144. So. (1) Node's private key is stored by itself.Jianzhong Li. this article increased a node authentication stage on the basis of the improving of [8]. New York. Stages System Initialization Registration Authentication Total times � NodeB Security This scheme accomplished the authentication between nodes based on the security of XKAS Key Agreement Scheme. this scheme can resist active attack. ECC multiplication is the primary operation mode. [5] [6] V2-608 Volume 2 . Chinese Journal of Sensors and Actuators. so it can resist replay attack. no. From the whole program. Nils Gedicke. 5(1): 1-8. even if SA and SB are falsified in communication process. This article analysis the agreement from the aspects of security and efficiency. Wireless Sensor Network[M]. So. 135-142. it can't be revealed even BS is under attack. 135-142. the attacker can not attack by the above way. the attacker can get kA and kB by cracking the private key or intercepting SA and SB for attacking. the node can reselect a random number for private key and register in system. REFERENCES [ I] Yi Jiang. Thus. H Shacham Fast Variants Laboratories'Cryptobytes. Workshop on Real-World Wireless Sensor Networks (REALWSN) . B. CONCLUSION Based on the principle of XKAS Key Agreement Scheme. And the private key is a random number selected by node itself. there will always make the lower efficiency of the program. NODE MULTIPLICATION TIMES Node A 0 I 2 3 0 I 2 3 IV. vol 20. This scheme is consisted of system initialization stage. (5) In authentication phase. TinyPK:secuting sensor networks with public key technology. (3) Now that the attacker cannot get node's private key. of RSA[C]. Ossi Raivio. Zinaida Benenson.6. D Boneh. RSA [2] [3] [4] Efficiency In this authentication system. Considering the limited sensor node traffic. 2007. Nodes store the ID hash value instead of the node ID to reduce the consumption of the node storage. When we asking for stronger security. ANALYSIS OF THE PROTOCOL Security and efficiency is a pair of contradiction. which makes the scheme simpler.Yu Chen. TABLE II. In this scheme. And this scheme adopted the efficient ECC multiplication operation method and small number of communication and operation. This scheme is simple in design. V. storage and communication costs are lower. node registration stage and node authentication stage.2010 International Conference On Computer Design And Appliations (ICCDA 2010) Verification process is shown as follows: KBA=kBSBSA=kBSB(kAPB)=kBkASBPB=kAkBG KAB=kASASB=kASA(kBPAJ=kAkBSAPA=kAkBG In this protocol. Compare with the primary scheme. (4) The node needs to check the other's ID hash value before authentication. even if the attacker got node's public key. And nodes store the ID hash value which can conceal the node's real identity. But the above problems are all based on the difficulty of solving ECDLP. Realizing Robust User Authentication in Sensor Networks [C]. A. so its efficiency directly determines the performance of the system. The Study of Elliptic Curve Cryptography System[M]. this scheme avoids additional communication overhead. man-in-the-middle attacks and replay attacks. so any attacker cannot decrypt it. when the private key is untrusted. 2005. 2005. this scheme can resist passive attack. And without additional digital signature. and provides the condition for the expansibility of the network. (2) In authentication process. and at the time when we looking for high efficiency. this scheme uses the random number to accomplish authentication. active attacks. 2002. so that the public and private keys are easy to update and more secure. Cluster-Based Strategies for Public Key Authentication in Wireless Sensor Networks[J]. Based on the difficulty of solving ECDLP. this scheme can resist man-in-the-middle attack. the 3 times node multiplication in this scheme is more reasonable. ECC multiplication times in various stages are shown in Table 2. Tsinghua University Press. the security always cannot be guaranteed. Youan Xiao. ECC multiplication operation consumes the most amounts. Haoshan Shi. The authentication stage based on XKAS key agreement scheme can resist passive attacks. Limin Sun. Proceedings of the 2nd ACM Workshop on Secutity of Ad hoc and Sensor Networks[C]. the attacker cannot disguise himself as one side to accomplish authentication with the other side. Because the node's ID is the unique one which cannot be forged. Based on the low consumption of node storage and communication traffic and the high efficiency ECC multiplication algorithm. 2005. which makes the calculation. In the improved system initialization and node registration stage. the tedious calculation for public and private key was omitted. Huazhong University of Science and Technology press. the node traffic is 3 times in the communication process designed in this scheme. it's very important and necessary to seek a balance between the two in an agreement. it can effectively enhance the performance of the system to use the fast algorithm for ECC multiplication and less multiplication number. (6) Hash function is a kind of one-way irreversible function. WATRO R.et al. this protocol leave out the tedious calculation for public and private keys.

Huaping Xiang. et al.Hui Li. CHEN Tie-ming. and Trustworthy Computing.Xiaoyuan Li. [9] Jie Yang. IEEE International Conference[C ]. Ubiquitous. no. [ I I] Darrel Hankerson. Design and Implementation of Identity Authentication System Based on ECC[J]. A dynamic user authentication scheme for wireless sensornetworks. no.Alfred Menezes. Publishing House of Electronics Industry. Scott Vanstone. Sensor Networks. 2005:147. 2006. [8] [10] WONG. Control & Automation. 2006: 244-251.4.Zhongbao Wan. The Study and Application of Elliptic Curve Cryptography Library on Wireless Sensor Network. 2006. Electronics Technology.2010 International Conference On Computer Design And Appliations (ICCDA 2010) [7] WANG Wei-hong. I-3. 2008 II th IEEE International Conference on Communication Technology Proceedings[C]. Wireless Sensor Networks Based on the WAPI Authentication[J]. LIN Yu-bing. Guide to Elliptic Curve Cryptography[M]. 2007. V2-609 Volume 2 . vol 23.