Key predistribution schemes (KPSs) have played an important role in security of wireless sensor networks (WSNs). Due to comprehensive and simple structures, various types of combinatorial designs are used to construct KPSs. In general, compared to random KPSs, combinatorial KPSs have higher local connectivity but lower resilience against a node capture attack. In this paper, we apply two methods based on hash chains on KPSs based on transversal designs (TDs) to improve the resilience and the expressions for the metrics of the resulting schemes are derived.

A hash chain H for a one-way hash function h(·) is a sequence of hash values < v0, v1, ..., vn >, where vn is a secret value, vi is generated by vi = h(vi+1) for i = n-1, n-2, ..., 0 and v0 is a public value. A hash chain traversal algorithm T computes and outputs the hash chain H, returning vi in time period (called round) i for 1 ≤ i ≤ n. At the outset, T stores carefully chosen κ hash values (including vn) of H in κ memory storages (called pebbles). In round i, T performs two kinds of computations; online computation to output vi with hash values stored in pebbles and then preparatory computation to rearrange pebbles for future rounds. Usually, the online computation consists of either one or zero hash function evaluation, while the preparatory computation occupies most of the computational cost. The design goal of previous hash chain traversal algorithms was to minimize the worst case computational cost per round with minimal pebbles. On the contrary, we study a different optimization problem of minimizing the average case computational cost. Our proposed traversal algorithm reduces the average case computational cost by 20-30% and the online computational cost by 23-33% for parameters of practical interest. For example, if the proposed algorithm is implemented on battery-powered devices, the battery lifetime can be increased by 20-30%.

A hash chain H for a hash function hash(·) is a sequence of hash values ⟨ xn, xn-1,..., x0 ⟩, where x0 is a secret value, xi is generated by xi = hash(xi-1) for 1 ≤ i ≤ n, and xn is a public value. Hash values of H are disclosed gradually from xn-1 to x0. The correctness of a disclosed hash value xi can be verified by checking the equation xn =? hashn-i(xi). To speed up the verification, Fischlin introduced a check-bit scheme at CT-RSA 2004. The basic idea of the check-bit scheme is to output some extra information cb, called a check-bit vector, in addition to the public value xn, which allows each verifier to perform only a fraction of the original work according to his or her own security level. We revisit the Fischlin's check-bit scheme and show that the length of the check-bit vector cb can be reduced nearly by half. The reduced length of cb is close to the theoretic lower bound.

A hash chain H for a one-way hash function h() is a sequence of hash values < v0, v1, ..., vn >, where v0 is a public value, vn a secret value, and vi = h(vi+1). A hash chain traversal T computes and outputs the hash chain H, returning vi in time period (called round) i for 1 ≤ i ≤ n. While previous hash chain traversal algorithms were designed to output all hash values vi (1 ≤ i ≤ n) in order, there are applications where every m-th hash value (i.e., vm, v2m, v3m, ...) is required to be output. We introduce a hash chain traversal algorithm that selectively outputs every m-th hash value efficiently. The main technique is a transformation from a hash chain traversal algorithm outputting every hash value into that outputting every m-th hash value. Compared with the direct use of previous hash chain traversal algorithms, our proposed method requires less memory storages and computational costs.

In this letter, we show that some stream authentication schemes using hash chaining are highly vulnerable to denial of service (DoS) attacks. An adversary can disrupt all receivers of group by making use of modifying a few packets in those schemes.

The PayWord Scheme, invented by Rivest and Shamir, is an efficient micropayment scheme utilizing a hash function. We point out that the scheme has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer's credit which the bank has guaranteed by issuing a certificate. Generally, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer's purchases; and Position 2: the bank does not redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank. We propose a micropayment scheme (countermeasure) that overcomes these problems.

An efficient anonymous cash system based on the hash chain is presented. The new system is debit-based and vendor-independent. It also provides tracing mechanisms to reinforce controls on illegal use. The efficiency of the system results from its capacity to pay variable amounts with no additional cost. A client always makes a single blind signature, independent of the length of the chain. During payment, the client makes a single challenge-and-response or one signature, independent of the amount paid.