A Tree-Based μTESLA Broadcast Authentication for Sensor Networks

Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. μTESLA and multi-level μTESLA have been proposed to provide such service for sensor networks. However, none of these techniques are scalable in terms of the number of senders. Though multi-level μTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes, or require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using μTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders. The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that our techniques are efficient and practical, and can achieve better performance than the previous approaches.