Cryptanalysis of Pseudorandom Number Generators in Wireless Sensor Networks

Author

Kevin M. Finnigin

Date of Award

3-2006

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD

Abstract

This work presents a brute-force attack on an elliptic curve cryptosystem implemented on UC Berkley's TinyOS operating system for wireless sensor networks. The attack exploits the short period of the pseudorandom number generator (PRNG) used by the cryptosystem to generate private keys. The attack assumes a laptop is listening promiscuously to network traffic for key messages and requires only the sensor node?s public key and network address to discover the private key. Experimental results show that roughly 50% of the address space leads to a private key compromise in 25 minutes on average. Furthermore, approximately 32% of the address space leads to a compromise in 17 minutes on average, 11% in 6 minutes, and the remaining 7% in 2 minutes or less. Two alternatives to the PRNG are examined that mitigate the brute-force attack. The alternatives are implemented on the Mica2 mote and examined to determine CPU cycles for execution and memory requirements. The recommended PRNG requires 73 CPU cycles in the worst case and uses 66 bytes of memory. The period of the PRNG is uniform for all mote addresses and theoretically requires 6.6 years on average for a key compromise for the attack used in this thesis.

AFIT Designator

AFIT-GIA-ENG-06-05

DTIC Accession Number

ADA450023

Recommended Citation

Finnigin, Kevin M., "Cryptanalysis of Pseudorandom Number Generators in Wireless Sensor Networks" (2006). Theses and Dissertations. 3470.
https://scholar.afit.edu/etd/3470