In wireless communication networks involving sensors, a common paradigm is that of an access point and one or more sensor nodes, which act as clients of the access point. In some situations, the access point may be referred to as a server or base station, but here, the term access point will be used exclusively, even though the specific wireless sensor network technology may designate servers, base stations and/or access points.
In cryptography, a Message Authentication Code (MAC) refers to information that can authenticate a message, and possibly its source. Some MACs provide indications of whether a message has been changed since leaving its source.
A replay attack on an encrypted communication between an access point and a sensor node works by recording one or more communications from the sensor node to the access point and then replaying some or all the recorded communications to deceive the access point into believing the replayed communication is from the sensor node.
One prior art approach to thwarting replay attacks is for the sensor node to present a nonce (sometimes referred to as a number used once) to the access point to assert their authenticity. Alternatively, the access point may present a challenge to the sensor nodes that must be remembered for use in generating the nonce for subsequent communications to the access point. In most of these approaches, the nonce must be sent with the encrypted message from the sensor node. Frequently, the nonce may be 128 bits or more in length.
In most of these approaches, each of the sensor nodes maintains an independent counter that is incremented with each encrypted message the sensor node sends. The nonce, combined with the sensor node counter value and the encryption key are presented to an encryption mechanism and/or procedure to generate a encryption stream at the sensor node. The plaintext stream is additively altered by the encryption stream to create the cipher text that becomes the data payload of the message(s) sent by the sensor node. The additive alteration frequently is a form of the exclusive or operator.
The exclusive or operator (xor) has the property the A xor A=0. At the access point, the access point receives the encrypted data payload and the nonce from the sensor node. The access point maintains a mirror of the sensor node's counter, and when it has determined the sensor node that originated the message, it uses that mirrored counter, the nonce and the encryption key as inputs to a second encryption mechanism and/or procedure that generates a duplicate encryption stream which is additively applied to the cipher text of the received message's data payload to generate the original plain text from the sensor node.