Analysis of key predistribution schemes in wireless sensor networks

Combinatorial designs are used for designing key predistribution schemes that are applied to wireless sensor networks in communications. This helps in building a secure channel. Private-key cryptography helps to determine a common key between a pair of nodes in sensor networks. Wireless sensor networks using key predistribution schemes have many useful applications in military and civil operations. When designs are efficiently implemented on sensor networks, blocks with unique keys will be the result. One such implementation is a transversal design which follows the principle of simple key establishment. Analysis of designs and modeling the key schemes are the subjects of this project

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

A key distribution scheme tailored for mobile sensor networks

Wireless Sensor Networks, (WSN), are composed of battery-powered and resource-limited small devices called sensor nodes. WSNs are used for sensing and collecting data in the deployment area to be relayed to a Base Station (BS). In order to secure WSNs, first of all key distribution problems must be addressed. Key distribution problem is extensively studied for static WSNs, but has not been studied widely for mobile WSNs (MWSN). In this thesis, we proposed key distribution mechanisms for MWSNs. We propose a scheme in which both sensor nodes and the BS are mobile. In our scheme, the BS works as a key distribution center as well. It continuously moves in the environment and distributes pairwise keys to neighboring sensor nodes. In this way, the network gets securely connected. We conduct simulations to analyze the performance of our proposed scheme. The results show that our scheme achieves a local connectivity value of 0.73 for half-mobile network scenario and 0.54 for fully-mobile network scenario. These values can be further improved by using multiple BSs or increasing the speed of the BS. Moreover, our scheme provides perfect resiliency; an adversary cannot compromise any additional links using the captured nodes. We also incorporate two well-known key distribution mechanisms used for static networks into our scheme and provide a better connectivity in the early stages of the sensor network. The improvement in local connectivity, however, comes at the expense of reduced resiliency at the beginning. Nevertheless, the resiliency improves and connectivity converges to our original scheme's values in time

A Survey of Cryptography and Key Management Schemes for Wireless Sensor Networks

Wireless sensor networks (WSNs) are made up of a large number of tiny sensors, which can sense, analyze, and communicate information about the outside world. These networks play a significant role in a broad range of fields, from crucial military surveillance applications to monitoring building security. Key management in WSNs is a critical task. While the security and integrity of messages communicated through these networks and the authenticity of the nodes are dependent on the robustness of the key management schemes, designing an efficient key generation, distribution, and revocation scheme is quite challenging. While resource-constrained sensor nodes should not be exposed to computationally demanding asymmetric key algorithms, the use of symmetric key-based systems leaves the entire network vulnerable to several attacks. This chapter provides a comprehensive survey of several well-known cryptographic mechanisms and key management schemes for WSNs

PFARS: Enhancing Throughput and Lifetime of Heterogeneous WSNs through Power-aware Fusion, Aggregation and Routing Scheme

Heterogeneous wireless sensor networks (WSNs) consist of resource-starving nodes that face a challenging task of handling various issues such as data redundancy, data fusion, congestion control, and energy efficiency. In these networks, data fusion algorithms process the raw data generated by a sensor node in an energy-efficient manner to reduce redundancy, improve accuracy, and enhance the network lifetime. In literature , these issues are addressed individually and most of the proposed solutions are either application-specific or too complex that make their implementation unrealis-tic, specifically, in a resource-constrained environment. In this paper, we propose a novel node level data fusion algorithm for heterogeneous WSNs to detect noisy data and replace them with highly refined data. To minimize the amount of transmitted data, a hybrid data aggregation algorithm is proposed that performs in-network processing while preserving the reliability of gathered data. This combination of data fusion and data aggregation algorithms effectively handle the aforementioned issues by ensuring an efficient utilization of the available resources. Apart from fusion and aggregation, a biased traffic distribution algorithm is introduced that considerably increases the overall lifetime of heterogeneous WSNs. The proposed algorithm performs the tedious task of traffic distribution according to the network's statistics, i.e., the residual energy of neighboring nodes and their importance from a network's con-nectivity perspective. All our proposed algorithms were tested on a real-time dataset obtained through our deployed heterogeneous WSN in an orange orchard, and also on publicly available benchmark datasets. Experimental results verify that our proposed algorithms outperform the existing approaches in term of various performance metrics such as throughput, lifetime, data accuracy, computational time and delay

Efficient Authentication, Node Clone Detection, and Secure Data Aggregation for Sensor Networks

Sensor networks are innovative wireless networks consisting of a large number of low-cost, resource-constrained sensor nodes that collect, process, and transmit data in a distributed and collaborative way. There are numerous applications for wireless sensor networks, and security is vital for many of them. However, sensor nodes suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose formidable security challenges and call for innovative approaches. In this thesis, we present our research results on three important aspects of securing sensor networks: lightweight entity authentication, distributed node clone detection, and secure data aggregation. As the technical core of our lightweight authentication proposals, a special type of circulant matrix named circulant-P2 matrix is introduced. We prove the linear independence of matrix vectors, present efficient algorithms on matrix operations, and explore other important properties. By combining circulant-P2 matrix with the learning parity with noise problem, we develop two one-way authentication protocols: the innovative LCMQ protocol, which is provably secure against all probabilistic polynomial-time attacks and provides remarkable performance on almost all metrics except one mild requirement for the verifier's computational capacity, and the HB$^C$ protocol, which utilizes the conventional HB-like authentication structure to preserve the bit-operation only computation requirement for both participants and consumes less key storage than previous HB-like protocols without sacrificing other performance. Moreover, two enhancement mechanisms are provided to protect the HB-like protocols from known attacks and to improve performance. For both protocols, practical parameters for different security levels are recommended. In addition, we build a framework to extend enhanced HB-like protocols to mutual authentication in a communication-efficient fashion. Node clone attack, that is, the attempt by adversaries to add one or more nodes to the network by cloning captured nodes, imposes a severe threat to wireless sensor networks. To cope with it, we propose two distributed detection protocols with difference tradeoffs on network conditions and performance. The first one is based on distributed hash table, by which a fully decentralized, key-based caching and checking system is constructed to deterministically catch cloned nodes in general sensor networks. The protocol performance of efficient storage consumption and high security level is theoretically deducted through a probability model, and the resulting equations, with necessary adjustments for real application, are supported by the simulations. The other is the randomly directed exploration protocol, which presents notable communication performance and minimal storage consumption by an elegant probabilistic directed forwarding technique along with random initial direction and border determination. The extensive experimental results uphold the protocol design and show its efficiency on communication overhead and satisfactory detection probability. Data aggregation is an inherent requirement for many sensor network applications, but designing secure mechanisms for data aggregation is very challenging because the aggregation nature that requires intermediate nodes to process and change messages, and the security objective to prevent malicious manipulation, conflict with each other to a great extent. To fulfill different challenges of secure data aggregation, we present two types of approaches. The first is to provide cryptographic integrity mechanisms for general data aggregation. Based on recent developments of homomorphic primitives, we propose three integrity schemes: a concrete homomorphic MAC construction, homomorphic hash plus aggregate MAC, and homomorphic hash with identity-based aggregate signature, which provide different tradeoffs on security assumption, communication payload, and computation cost. The other is a substantial data aggregation scheme that is suitable for a specific and popular class of aggregation applications, embedded with built-in security techniques that effectively defeat outside and inside attacks. Its foundation is a new data structure---secure Bloom filter, which combines HMAC with Bloom filter. The secure Bloom filter is naturally compatible with aggregation and has reliable security properties. We systematically analyze the scheme's performance and run extensive simulations on different network scenarios for evaluation. The simulation results demonstrate that the scheme presents good performance on security, communication cost, and balance

Smart Wireless Sensor Networks

The recent development of communication and sensor technology results in the growth of a new attractive and challenging area - wireless sensor networks (WSNs). A wireless sensor network which consists of a large number of sensor nodes is deployed in environmental fields to serve various applications. Facilitated with the ability of wireless communication and intelligent computation, these nodes become smart sensors which do not only perceive ambient physical parameters but also be able to process information, cooperate with each other and self-organize into the network. These new features assist the sensor nodes as well as the network to operate more efficiently in terms of both data acquisition and energy consumption. Special purposes of the applications require design and operation of WSNs different from conventional networks such as the internet. The network design must take into account of the objectives of specific applications. The nature of deployed environment must be considered. The limited of sensor nodes� resources such as memory, computational ability, communication bandwidth and energy source are the challenges in network design. A smart wireless sensor network must be able to deal with these constraints as well as to guarantee the connectivity, coverage, reliability and security of network's operation for a maximized lifetime. This book discusses various aspects of designing such smart wireless sensor networks. Main topics includes: design methodologies, network protocols and algorithms, quality of service management, coverage optimization, time synchronization and security techniques for sensor networks

Cross-layer key establishment protocols for wireless devices

There are some problems in existing key establishment protocols. To alleviate these problems, in our thesis, we designed a few cross-layer key establishment protocols by cooperatively using the characteristics of higher layers and physical layer. Additionally, the security and performance analyses show that our protocols perform better than others.<br /

Cryptographic key distribuition in sensor networks

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Redes de Sensores Sem Fio (RSSFs) são compostas em sua maioria por pequenos nós sensores dotados de recursos extremamente limitados. Estes, por sua vez, se comunicam com o mundo externo através de nós poderosos chamados de sorvedouros ou estações rádio base. RSSFs são empregadas com o objetivo de monitorar regiões, oferecendo dados sobre a área monitorada para o resto do sistema. Tais redes podem ser utilizadas para diferentes aplicações, tais como operações de resgate em áreas de conflito/desastre, espionagem industrial e detecção de exploração ilegal de recursos naturais. Em RSSFs existem aplicações críticas nas quais propriedades de segurança são de vital importância. Segurança, por sua vez, é comumente alavancada através de esquemas de distribuição de chaves. A maioria dos padrões de distribuição de chaves presentes na literatura, todavia, não são apropriados para RSSFs: métodos baseados em esquemas de chave pública convencionais, devido aos seus requisitos de processamento e banda; chaves de grupo, em função das suas vulnerabilidades de segurança; e chaves par-a-par (pairwise), por causa da baixa escalabilidade. Um outro dado é que há uma vasta gama de arquiteturas propostas para RSSFs e que uma mesma técnica de distribuição de chaves pode ser a melhor para uma, mas não para outra, visto que diferentes arquiteturas de rede exibem padrões de comunicação distintos. Em outras palavras, não existe uma panacéia, e mecanismos de distribuição de chaves para RSSFs devem, portanto, levar em consideração as idiossincrasias das arquiteturas para as quais são projetadas. Tudo isso torna extremamente difícil e desafiadora a tarefa de dotar RSSFs de segurança. O objetivo deste trabalho foi propor soluções de distribuição de chaves que, concomitantemente, (i) fossem compatíveis com os recursos dos sensores e (ii) considerassem as particularidades das arquiteturas para as quais são propostas. Como será mostrado ao longo desta tese, iniciamos nosso trabalho com soluções personalizadas para certas arquiteturas de RSSFs e evoluímos para soluções flexíveis em que a segurança é alavancada de forma não interativa - o que é ideal para este tipo de rede. Até onde sabemos, nosso trabalho é pioneiro em soluções de segurança para RSSFs hierárquicas e em distribuição de chaves de forma autenticada e não interativa, usando Criptografia Baseada em Identidade, neste tipo de rede.Abstract: Wireless sensor networks (WSNs) are ad hoc networks comprised mainly of small sensor nodes with limited resources and one or more base stations, which are much more powerful laptop-class nodes that connect the sensor nodes to the rest of the world. WSNs are used for monitoring purposes, providing information about the area being monitored to the rest of the system. Application areas range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. There are also critical WSN applications in which security properties are of paramount importance. Security, in turn, is frequently bootstrapped through key distribution schemes. Most of the key distribution techniques, however, are ill-suited to WSNs: public key based distribution, because of its processing and bandwidth requirements; global keying, because of its security vulnerabilities; complete pairwise keying, because of its memory requirements. It is worth noting, however, that a large number of WSN architectures have been proposed and a key distribution solution that is well suited to one architecture is likely not to be the best for another, as different network architectures exhibit different communication patterns. In other words, there is no panacea and the design of a key distribution scheme must therefore be driven by the peculiarities of the WSN architecture in question. This all makes extremely hard and challenging the objective of securing WSNs. In this work, we aimed at proposing key distribution schemes that are both (i) lightweight and (ii) able to fulfill architecture-specific needs. As it will be shown throughout this thesis, we began our work with customized solutions for certain types of WSNs and then, subsequently, turned our attention to more flexible solutions, where security is bootstrapped in a non-interactive way through the use of Identity-Based Cryptography.DoutoradoTeoria da ComputaçãoDoutor em Ciência da Computaçã