Castor: Secure Code Updates Using Symmetric Cryptosystems

We present Castor, a secure code-update protocol for sensor networks that exploits symmetric cryptoystems. Through a synergistic combination of a one-way hash-chain, two one-way key-chains with the delayed disclosure of symmetric keys, and multiple message authentication codes (MACs), Castor enables untrusted sensor nodes to verify an update's authenticity and guarantees that no correct node will ever install or forward a compromised part of a code-update image. We describe an implementation of Castor that hardens the TinyOS-based update protocol, Deluge, against node compromise. We experimentally compare Castor's computational and communication costs with those of Deluge and with those of a contemporary secure update protocol, Sluice, that uses asymmetric cryptosystems (digital signatures) instead. Our results demonstrate that Castor incurs reasonable overheads as compared to Deluge, and lower resource usage as well as lower end-to-end update latency as compared to Sluice.