A Lightweight Authentication Protocol for Secure Communications between Resource-Limited Devices and Wireless Sensor Networks

1. Introduction

The number of Resource-Limited Wireless Devices utilized in many areas of the IT industry is growing rapidly. This growth rate is expected to rise even higher when RFID transponders begin to replace Barcodes on a larger scale. Some of the applications of these devices pose a security threat which can be addressed using cryptographic techniques. Most of the currently used cryptographic solutions are predicated on the existence of ample processing power and memory. These demands cannot be met by the majority of ubiquitous computing devices, thus there is a need to apply lightweight cryptography primitives that meet security demands when considering devices with low resources.

A Risk Analysis of threats associated with the usage of Wireless Sensor Networks or RFID systems for the item-level stock control and temperature monitoring include the following:

• •

  Tag/Sensor cloning: A serious threat related to the counterfeiting of medicines with a high likely-hood of occurrence (Juels, 2005). Can be addressed with a strong encryption and authentication system;

• •

  Tag/Sensor tracing: A threat related to unauthorised Track & Trace of a Sensor/Tag movement throughout a given area, which has negative privacy implications. It can be addressed with a proper Authentication system that does not allow the disclosure of a Tag's/Sensor's unique ID;

• •

  Data Eavesdropping: Unauthorized retrieval of sensor/tag data. A strong encryption algorithm provides a counter-measure to this threat;

• •

  Denial of Service attack: Affects the operation of the entire network or a group of Tags/Sensors. The likely-hood of occurrence can be regarded as medium. Such an attack would require appropriate hardware and in-depth knowledge of the radio protocol used. A proper Authentication system provides counter-measures to this threat;

• •

  Rogue-Data Injection: An adversary can inject malicious data into the network causing improper configuration of the sensors for example. The probability of occurrence can be low as this kind of attack is not valuable to an adversary in most cases. A Mutual-Authentication system prevents accepting rogue data from unknown sources;

• •

  Cryptanalysis Attack: Secret key discovery through a cryptanalysis attack on the authentication and/or encryption system’s secret data. Such an attack compromises the whole security and leads to a full disclosure of all data. The likelihood of such an event is very low if the encryption key-space is large enough to prevent brute-force attacks (assumes unbreakable algorithm).

Typically, the application of security to wireless networks, such as the Wi-Fi Protected Access specification (Wi-Fi Alliance, 2003), requires complex mathematical computation and significant protocol data overhead. Since these requirements cannot be fulfilled by the types of Resource-Limited Devices used in Wireless Sensor Networks (WSN) and Radio Frequency-Identification (RFID) systems due to the constraints imposed by limited computational power, limited memory size and the requirement for low power consumption (Akyildiz et al. 2002), there is a need to provide a lightweight security mechanism that can be implemented within device specifications. The primary aspects of the security of data exchange are mutual authentication, confidentiality, integrity and availability (Menezes et al., 1997). Another important aspect of security especially in the context of Wireless Sensor Networks, is Data Freshness which ensures that the data received is fresh and the adversary cannot replay old messages. Weak data freshness ensures the order of messages, and strong data freshness allows additionally for the delay of the message estimation.