Recent secure code-update protocols for sensor networks have been based on asymmetric-cryptographic primitives such as digital signatures. Our approach, Castor, explores the feasibility of securing an existing code-update protocol, Deluge, using symmetric-cryptographic mechanisms that are more suited to the resource constraints of sensor nodes. Castor involves a synergistic combination of a one-way hash-chain, a one-way key-chain, and a sequence of message authentication codes (MACs) with delayed key-disclosure to enable sensor nodes to verify the update's authenticity. We guarantee that no correct node will ever install or forward a compromised part of an update, while addressing the performance issues related to delayed key-disclosure.
展开▼