Broadcast authentication is a fundamental security primitive in wireless sensor networks (WSNs), which is a critical sensing component of IoT. Although symmetric-key-based TESLA protocol has been proposed, some concerns about the difficulty of predicting the network lifecycle in advance and the security problems caused by an overlong long hash chain still remain. This paper presents a scalable broadcast authentication scheme named DH-TESLA, which is an extension and improvement of TESLA and Multilevel TESLA, to achieve several vital properties, such as infinite lifecycle of hash chains, security authentication, scalability, and strong tolerance of message loss. The proposal consists of the -threshold-based self-reinitializable hash chain scheme (SRHC-TD) and the -left-counting-Bloom-filter-based authentication scheme (AdlCBF). In comparison to other broadcast authentication protocols, our proposal achieves more security properties such as fresh node’s participation and DoS resistance. Furthermore, the reinitializable hash chain constructed in SRHC-TD is proved to be secure and has less computation and communication overhead compared with typical solutions, and efficient storage is realized based on AdlCBF, which can also defend against DoS attacks.

中文翻译：

---

基于可自初始化哈希链的无线传感器网络广播认证协议的改进

广播身份验证是无线传感器网络（WSN）中的基本安全原语，而无线传感器网络是IoT的重要传感组件。尽管已经提出了基于对称密钥的TESLA协议，但是仍然存在一些关于提前预测网络生命周期的困难以及由漫长的哈希链引起的安全问题的担忧。本文提出了一种名为DH- TESLA的可扩展广播认证方案，该方案是TESLA和Multilevel TESLA的扩展和改进，以实现多种重要属性，例如哈希链的无限生命周期，安全认证，可扩展性和强大的消息丢失容忍度。该提案包括-基于阈值的自重新初始化哈希链方案（SRHC-TD）和-基于左计数布鲁姆过滤器的身份验证方案（AdlCBF）。与其他广播身份验证协议相比，我们的建议实现了更多的安全属性，例如新鲜节点的参与和DoS抵抗。此外，与典型的解决方案相比，在SRHC-TD中构建的可重新初始化的哈希链被证明是安全的，并且具有较少的计算和通信开销，并且基于AdlCBF实现了有效的存储，还可以防御DoS攻击。