End-to-End Authentication in Under-Water Sensor Networks Evaldo Souza UFMG, Brazil evaldoms@dcc.ufmg.br Hao Chi Wong Intel Corporation hao-chi@intel.com ´ Italo Cunha UFMG, Brazil cunha@dcc.ufmg.br A. A. F. Loureiro UFMG, Brazil loureiro@dcc.ufmg.br L. F. M. Vieira UFMG, Brazil lfvieira@dcc.ufmg.br Leonardo B. Oliveira UFMG, Brazil leob@dcc.ufmg.br Abstract—Under-Water Wireless Sensor Networks (UWSNs) are a particular class of Wireless Sensor Networks (WSNs) in which sensors are located, as the name suggests, underwater. Applications of UWSNs range from oceanographic data collection to disaster prevention. UWSNs are vulnerable to attacks and because of their idiosyncrasies, security solutions for ground WSNs might not be applicable underwater. As a result, there is a need for mechanisms exclusively tailored to underwater environments. In this work we address the problem of authenti- cation in UWSNs. We evaluate energy costs for different digital signature schemes for end-to-end authentication and discuss the tradeoffs involved in a number of scenarios. Our results show that schemes that perform well in ground WSN do not necessarily do well in UWSNs; and shed light on characteristics of a digital signature scheme that make them particularly suited to underwater networks. Index Terms—Aggregate Signatures, Authentication, Digital Signature Schemes, Security, Under-Water Sensor Networks. I. I NTRODUCTION Wireless Sensor Networks (WSNs) are ad-hoc networks comprised mainly of tiny sensor nodes with limited resources and one or more base stations (BSs), which connect the sensor nodes to the rest of the world [1]. Their applications range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. Under-Water Wireless Sensor Networks (UWSNs) [2], in turn, are a particular class of WSNs in which sensors are deployed underwater. They allow a large range of applications, ranging from oceanographic data collection and offshore ex- ploration to disaster prevention and assisted navigation. They differ from ground WSNs in a myriad of aspects. For instance, UWSNs are more prone to failures, their nodes’ battery have less chances of being replaced, and they communicate through acoustic signals rather then through electromagnetic waves. WSNs are vulnerable to attacks [3], and so are UWSNs [4]. UWSNs require security solutions since they may, for ex- ample, be used to monitor mineral and oil exploration and in turn carry sensitive information about a nation’s natural resources. A number of security solutions have been proposed for ground WSNs [5], [6], but they are mostly not applicable to UWSNs [4]. As a result, there is a need for security mechanisms tailored exclusively to UWSNs. (In fact, UWSNs require not only tailored security mechanisms, but also other tailored components, such as protocol stack and hardware [2].) Authentication plays a very important role in the context of security. An authentication mechanism may enables parties to discern between bogus and legitimate data, as well as allows parties to know with certainty who originated a given message. In WSNs and UWSNs, specifically, authentication also enables access control and mitigates Denial of Service (DoS) attacks [3]. As with confidentiality, authentication can be achieved through the use of symmetric or asymmetric cryptosystems. Asymmetric cryptosystems— or Public-Key Cryptosystems (PKCs)—however, usually provide more security properties and flexibility to users [7]. For instance, in the context of authentication, digital signatures provide an easy way for parties that have not previously interacted with one another to authenticate each other. One example is when UWSN nodes need to send authenticated data to transient ships passing through. Signatures are specially useful when entities switch communicating partners often. Digital signatures are also the only primitive that provides nonrepudiation, i.e., it prevents one node from denying previous commitments or actions [7]. Contribution. In this work we evaluate the power effi- ciency of three different digital signature schemes in UWSNs. We compare the Elliptic Curve Digital Signature Algorithm (ECDSA), the Zhang-Safavi-Naini-Susilo [8] (ZSS), and the Boneh-Lynn-Shacham [9] (BLS) schemes in UWSNs. Our main contributions are: 1) we evaluate some of the most popular digital signature schemes in terms of power consumption for various UWSN scenarios, highlighting their tradeoffs and point- ing out the most adequate for each scenario; aggregate signatures, in particular, have not been evaluated for any WSN (including ground networks) before; 2) we contrast a ground WSN scenario against an UWSN scenario, and show how a given signature scheme per- forms differently in each case; 3) we draw and discuss conclusions on what makes a digital signature scheme attractive for UWSNs (in terms of power efficiency). Note that digital signature schemes have already been evaluated in ground WSNs [6]. However, as we shall see (Section IV), their conclusions are not applicable to UWSNs. Organization. The remainder of this work is organized as follows. In Section II, we discuss related work. In Section III, we discuss our evaluation methodology. In Section IV, we present results. Finally, in Section V we draw conclusions.