Authentication Using Virtual Certificate Authorities: A New Security Paradigm for Wireless Sensor Networks

Wireless sensor networks (WSN) are inherently difficult to secure: Limited memory resources rule out the predistribution of keys or certificates, while manual device (and key) configuration in the field is not feasible due to the dynamic and ad-hoc nature of WSNs. All this is complicated by the fact that WSN nodes are not tamper resistant and operate over an unsecure wireless medium. Public key infrastructures (PKI) can help to address this problem by providing initial trust between network nodes. While it has been already shown, that public key encryption methods (like Elliptic Curve Cryptography - ECC) can be implemented on sensor nodes with very limited resources, a fully-fleshed PKI infrastructure that enables many different devices from potentially many different manufactures to participate in many different separate distributed networks in a secure manner has not been introduced yet. This paper presents AVCA, “Authentication using Virtual Certificate Authorities”, which is such a PKI architecture. It is based on commonly used and well established PKI concepts and designed specifically for resource constrained devices on distributed ad-hoc networks. It provides a mechanism to overcome the difficulties in securing many distributed networks with non tamper-proof devices. AVCA has many benefits including that the basis for initial trust is not stored on any of the sensor devices and that these devices do not require significant memory. The architecture itself can be quite easily integrated into existing protocol stacks including those defined by IEEE 802.15.4 and ZigBee. AVCA also enhances many of the original design goals of these wireless sensor network protocols such as simplicity, interoperability and scalability. The authors believe that AVCA offers a practical solution to many of the security issues that exist with sensor networks to date.