An Intrusion and Random-Number-Leakage Resilient Scheme in Mobile Unattended WSNs

In INFOCOM 2010, Pietro, Oligeri, Soriente, and Tsudik (POST) proposed an intrusion-resilient system with forward and backward secrecy in mobile Unattended Wireless Sensor Networks (UWSNs), where sensors move according to some mobility model (random jump model and random waypoint model). In the POST scheme, each sensor encrypts its ephemeral key $K$ as a plaintext by using the sink's public key, and sends this cipher text and the encrypted sensed data by $K$. Although the POST scheme recommends the hybrid encryption, it does not follow the conventional hybrid encryption usage, i.e., the POST scheme is not necessarily secure. More concretely, $K$ must be regarded as a plaintext of the underlying public key system, and therefore the POST scheme requires at least one more encryption procedure (i.e, encryptions for both $K$ and the data) compared with the conventional hybrid encryption procedure. In this paper, we scrutinize the original POST intrusion-resilient system. We set deployed information as a seed used for generating a random number (which is applied for public key encryption). This procedure follows the conventional hybrid encryption usage, and random-number-leakage problem does not occur. In conclusion, we improve the POST scheme from the viewpoint of both security and efficiency without spoiling significant benefit points of the original one.