The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks * Gergely ´ Acs, Levente Butty´ an, and Istv´ an Vajda Laboratory of Cryptography and Systems Security (CrySyS) Budapest University of Technology and Economics, Hungary {acs, buttyan, vajda}@crysys.hu Abstract In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model. 1 Introduction Most of the sensor network routing protocols proposed in the recent past are subject to various attacks [5]. In order to remedy this situation, some researchers have started to develop secured routing protocols for wireless sensor net- works (see e.g., [4, 10]), but provided only an informal se- curity analysis of their protocols. It is well-known, however, that informal reasoning about security is often not reliable enough, as it is quite easy to overlook subtle weaknesses in complex protocols. In this paper, we propose a mathematically rigorous, yet flexible, modeling framework which supports the reliable security analysis of sensor network routing protocols. This framework extends our prior works [1, 2]. In [2], we pro- posed a similar framework for ad hoc network routing pro- tocols, and in [1], we adopted that framework for sensor network routing protocols. However, the adversary model in [1] was quite limited and it assumed only an outsider ad- versary who cannot corrupt legitimate sensor nodes. One of the main contributions of this paper is that we extend the adversary model to insider adversaries who can corrupt some sensor nodes and use the compromised cryptographic material to mount stronger attacks. At the same time, we ∗ The work described in this paper is based on results of IST FP6 STREP UbiSec&Sens (http://www.ist-ubisecsens.org). The work presented in this paper has also been partially supported by the Hun- garian Scientific Research Fund and the HSN Lab. somewhat simplified the presentation of the framework in this paper, which makes it easier to understand and use it. In addition, another important contribution of this paper is that we also illustrate how our formal framework can be used in practice by proving the security of an existing sensor net- work routing protocol called INSENS [3]. It is important to note that INSENS was designed by other researchers, inde- pendently of our work. During this analysis, we identify a requirement of secure link-state routing protocols that is far more important than it appears at the first sight. The rest of the paper is organized as follows: In Sec- tion 2, we give an overview of the related work. In Sec- tion 3, we present our modeling framework, and in Sec- tion 4, we demonstrate the usage of the framework by prov- ing the security of INSENS. Finally, in Section 5, we con- clude the paper. 2 Related work Our work is mostly related to [1, 2]. In [2], the authors proposed a formal model based on the simulation paradigm to analyze the security of ad hoc network routing protocols. This simulation-based model was adopted to wireless sen- sor networks in [1]. The model, in [1], incorporates a new adversary model that is specific to sensor networks, and the authors also modelled the various security objectives in sen- sor networks in a general manner. However, they came up with neither security proofs nor proof techniques. More- over, their adversary model is limited in a way that she is as- sumed not to corrupt legitimate sensor nodes. In this work, we relax this simplifying assumption, and we introduce a more powerful adversary that can control legitimate sensor nodes during a protocol run. In addition, we also demon- strate how our formal technique can be applied to real pro- tocols. There are some routing protocols proposed for wireless sensor networks with security in mind [10, 4]. In [3, 4], the authors propose an intrusion tolerant routing protocol for wireless sensor networks. INSENS is a centralized link- state routing protocol, where the link-state information do 1-4244-1455-5/07/$25.00 c 2007 IEEE