Date of Award


Document Type


Degree Name

Master of Science


Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD


This work presents a brute-force attack on an elliptic curve cryptosystem implemented on UC Berkley's TinyOS operating system for wireless sensor networks. The attack exploits the short period of the pseudorandom number generator (PRNG) used by the cryptosystem to generate private keys. The attack assumes a laptop is listening promiscuously to network traffic for key messages and requires only the sensor node?s public key and network address to discover the private key. Experimental results show that roughly 50% of the address space leads to a private key compromise in 25 minutes on average. Furthermore, approximately 32% of the address space leads to a compromise in 17 minutes on average, 11% in 6 minutes, and the remaining 7% in 2 minutes or less. Two alternatives to the PRNG are examined that mitigate the brute-force attack. The alternatives are implemented on the Mica2 mote and examined to determine CPU cycles for execution and memory requirements. The recommended PRNG requires 73 CPU cycles in the worst case and uses 66 bytes of memory. The period of the PRNG is uniform for all mote addresses and theoretically requires 6.6 years on average for a key compromise for the attack used in this thesis.

AFIT Designator


DTIC Accession Number