Cryptanalysis of an elliptic curve cryptosystem for wireless sensor networks Online publication date: Wed, 11-Apr-2007
by Kevin M. Finnigin, Barry E. Mullins, Richard A. Raines, Henry B. Potoczny
International Journal of Security and Networks (IJSN), Vol. 2, No. 3/4, 2007
Abstract: We present a brute-force attack on an elliptic curve cryptosystem implemented on UC Berkley's TinyOS operating system for Wireless Sensor Networks (WSNs). The attack exploits the short period of the Pseudorandom Number Generator (PRNG) used by the cryptosystem to generate private keys. In order to define failure in the event a brute-force attack takes too long to execute, we create a metric that relates the duty cycle of the mote to the compromise rate and the period of the key generation algorithm. Experimental results show that roughly 50% of the mote's address space leads to a private key compromise in 25 min on average. Furthermore, approximately 32% of the mote address space leads to a compromise in 17 min on average, 11% in 6 min and the remaining 7% in 2 min or less. We examine two alternatives to the PRNG – our own design modified from a published algorithm and the new PRNG distributed with the beta release of TinyOS 2.0. Our design executes 12.47 times faster than the other alternative and requires 50 CPU cycles more than the original PRNG. In addition, our design is 6.3 times smaller than the other alternative and requires 106 additional bytes of memory. The period of our PRNG is uniform for all mote addresses and requires 6.6 years on average for a key compromise with the attack presented in this paper.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook