Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Group Key Management in Wireless Ad-Hoc and Sensor Networks

A growing number of secure group applications in both civilian and military domains is being deployed in WAHNs. A Wireless Ad-hoc Network (WARN) is a collection of autonomous nodes or terminals that communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. A Mobile Ad-hoc Network (MANET) is a special type of WARN with mobile users. MANET nodes have limited communication, computational capabilities, and power. Wireless Sensor Networks (WSNs) are sensor networks with massive numbers of small, inexpensive devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor and control most aspects of our physical world. In a WAHNs and WSNs with un-trusted nodes, nodes may falsify information, collude to disclose system keys, or even passively refuse to collaborate. Moreover, mobile adversaries might invade more than one node and try to reveal all system secret keys. Due to these special characteristics, key management is essential in securing such networks. Current protocols for secure group communications used in fixed networks tend to be inappropriate. The main objective of this research is to propose, design and evaluate a suitable key management approach for secure group communications to support WAHNs and WSNs applications. Key management is usually divided into key analysis, key assignment, key generation and key distribution. In this thesis, we tried to introduce key management schemes to provide secure group communications in both WAHNs and WSNs. Starting with WAHNs, we developed a key management scheme. A novel architecture for secure group communications was proposed. Our proposed scheme handles key distribution through Combinatorial Key Distribution Scheme (CKDS). We followed with key generation using Threshold-based Key Generation in WAHNs (TKGS). For key assignment, we proposed Combinatorial Key Assignment Scheme (CKAS), which assigns closer key strings to co-located nodes. We claim that our architecture can readily be populated with components to support objectives such as fault tolerance, full-distribution and scalability to mitigate WAHNs constraints. In our architecture, group management is integrated with multicast at the application layer. For key management in WSNs, we started with DCK, a modified scheme suitable for WSNs. In summary, the DCK achieves the following: (1) cluster leader nodes carry the major part of the key management overhead; (2) DCK consumes less than 50% of the energy consumed by SHELL in key management; (3) localizing key refreshment and handling node capture enhances the security by minimizing the amount of information known by each node about other portions of the network; and (4) since DCK does not involve the use of other clusters to maintain local cluster data, it scales better from a storage point of view with the network size represented by the number of clusters. We went further and proposed the use of key polynomials with DCK to enhance the resilience of multiple node capturing. Comparing our schemes to static and dynamic key management, our scheme was found to enhance network resilience at a smaller polynomial degree t and accordingly with less storage per node

Cryptographic Protocols, Sensor Network Key Management, and RFID Authentication

This thesis includes my research on efficient cryptographic protocols, sensor network key management, and radio frequency identification (RFID) authentication protocols. Key exchange, identification, and public key encryption are among the fundamental protocols studied in cryptography. There are two important requirements for these protocols: efficiency and security. Efficiency is evaluated using the computational overhead to execute a protocol. In modern cryptography, one way to ensure the security of a protocol is by means of provable security. Provable security consists of a security model that specifies the capabilities and the goals of an adversary against the protocol, one or more cryptographic assumptions, and a reduction showing that breaking the protocol within the security model leads to breaking the assumptions. Often, efficiency and provable security are not easy to achieve simultaneously. The design of efficient protocols in a strict security model with a tight reduction is challenging. Security requirements raised by emerging applications bring up new research challenges in cryptography. One such application is pervasive communication and computation systems, including sensor networks and radio frequency identification (RFID) systems. Specifically, sensor network key management and RFID authentication protocols have drawn much attention in recent years. In the cryptographic protocol part, we study identification protocols, key exchange protocols, and ElGamal encryption and its variant. A formal security model for challenge-response identification protocols is proposed, and a simple identification protocol is proposed and proved secure in this model. Two authenticated key exchange (AKE) protocols are proposed and proved secure in the extended Canetti-Krawczyk (eCK) model. The proposed AKE protocols achieve tight security reduction and efficient computation. We also study the security of ElGamal encryption and its variant, Damgard’s ElGamal encryption (DEG). Key management is the cornerstone of the security of sensor networks. A commonly recommended key establishment mechanism is based on key predistribution schemes (KPS). Several KPSs have been proposed in the literature. A KPS installs pre-assigned keys to sensor nodes so that two nodes can communicate securely if they share a key. Multi-path key establishment (MPKE) is one component of KPS which enables two nodes without a shared key to establish a key via multiple node-disjoint paths in the network. In this thesis, methods to compute the k-connectivity property of several representative key predistribution schemes are developed. A security model for MPKE and efficient and secure MPKE schemes are proposed. Scalable, privacy-preserving, and efficient authentication protocols are essential for the success of RFID systems. Two such protocols are proposed in this thesis. One protocol uses finite field polynomial operations to solve the scalability challenge. Its security is based on the hardness of the polynomial reconstruction problem. The other protocol improves a randomized Rabin encryption based RFID authentication protocol. It reduces the hardware cost of an RFID tag by using a residue number system in the computation, and it provides provable security by using secure padding schemes

Out-of-band transfer with Android to configure pre-shared secrets into sensor nodes

Applications based on Wireless Sensor Networks are making their way into all kinds of industries. Today, they can do anything from off-loading hospitals by monitoring patients in their homes to regulating production lines in factories. More often than not, they perform some kind of surveillance and tracking. Thus, in most cases the information they carry is sensitive, rendering good encryption schemes suited for performance-constrained sensor nodes a valuable commodity. As traditional encryption is not well suited for performance constrained environments, there are many new "lightweight" encryption schemes emerging. However, many of the popular up and coming schemes make the assumption of already having a pre-shared secret available in the sensor node beforehand which can act as the base for their encryption key. The procedure of configuring this pre-shared secret into the sensor node is crucial and has the potential of breaking any scheme based on that assumption. Therefore, we have looked at different procedures of configuring this pre-shared secret into a sensor node securely, using nothing more than a smartphone to configure the sensor node. This would eventually eliminate the assumption of how the pre-shared secret got into the sensor node in the first place. We used an Arduino Uno R3 running an Atmega328p MCU as a simulation of a potential sensor node. Moreover, using a smartphone as the configuration device, we chose to base the communication on two types of OOB based side-channels; Namely, a visual-based using the flashlight and screen as well as audio-based, using the loudspeaker. We concluded that using a smartphone as configuration device has its difficulties, although, in this specific environment it is still a viable choice. The solution can decrease the previous knowledge required by the user performing the configuration while simultaneously upholding a high security level. The findings of this thesis highlight the fact that: technology has evolved to a point where the smartphones of today can outperform the specialized devices of yesterday. In other words, solutions previously requiring specialized hardware can today be achieved with much less "specialized" equipment. This is desirable because with less specialized equipment, it becomes easier to further develop and improve a system like this, increasing its viability.Have you ever wondered what would happen if somebody could access your refrigerator? Might seem silly, but how about your front door's lock? With the ever increasing connected society, you might have to think about these questions sooner rather than later. The establishment of our connected society is heavily dependent on sensor nodes. There is currently no rigid way of loading the necessary cryptographic keys into these sensor nodes. Now, to enable these sensor nodes to communicate securely, we have studied alternative ways of using your smartphone to transmit these keys to the sensor nodes. In this thesis, we have shown alternative ways of using a smartphone to transmit cryptographic keys into sensor nodes. These alternative ways were achieved by using components not otherwise thought to be used for communication. For instance, we built prototypes that used the flashlight; the screen and the loudspeaker to successfully transmit the keys. Doing this we were able to make the transmission easy to use while at the same time upholding a high level of security. Currently, the sensor nodes have many protocols available to use for secure communications. However, these protocols often lack information about how one should load the sensor nodes with the keys, to begin with. In essence, they provide you with the car but not the key to start it. This is a problem that needs a concrete solution. The result of this thesis can be used as a guideline for further development of this type of solution. Our prototypes indicate that this type of solution is not only viable but can be secure as well. Using nothing more than a smartphone and small additions to the sensor nodes hardware. Briefly, the prototypes are built using an Android-powered smartphone as "key-transmitting device" while the receiving "sensor node" is equipped with a microphone or a photo-transistor. The additions to the receiver enable detection of both light and sound waves sent from the smartphone. Then, using the smartphone, the user is able to transmit data by blinking with the flashlight or screen; or sending tones with the loudspeaker, which the receiver interprets

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Smart Wireless Sensor Networks

The recent development of communication and sensor technology results in the growth of a new attractive and challenging area - wireless sensor networks (WSNs). A wireless sensor network which consists of a large number of sensor nodes is deployed in environmental fields to serve various applications. Facilitated with the ability of wireless communication and intelligent computation, these nodes become smart sensors which do not only perceive ambient physical parameters but also be able to process information, cooperate with each other and self-organize into the network. These new features assist the sensor nodes as well as the network to operate more efficiently in terms of both data acquisition and energy consumption. Special purposes of the applications require design and operation of WSNs different from conventional networks such as the internet. The network design must take into account of the objectives of specific applications. The nature of deployed environment must be considered. The limited of sensor nodes� resources such as memory, computational ability, communication bandwidth and energy source are the challenges in network design. A smart wireless sensor network must be able to deal with these constraints as well as to guarantee the connectivity, coverage, reliability and security of network's operation for a maximized lifetime. This book discusses various aspects of designing such smart wireless sensor networks. Main topics includes: design methodologies, network protocols and algorithms, quality of service management, coverage optimization, time synchronization and security techniques for sensor networks

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

A Secure Behavior Modification Sensor System for Physical Activity Improvement

Today, advances in wireless sensor networks are making it possible to capture large amounts of information about a person and their interaction within their home environment. However, what is missing is how to ensure the security of the collected data and its use to alter human behavior for positive benefit. In this research, exploration was conducted involving the infrastructure and intelligence aspects of a wireless sensor network through a Behavior Modification Sensor System. First was to understand how a secure wireless sensor network could be established through the symmetric distribution of keys (the securing of the infrastructure), and it involves the mathematical analysis of a novel key pre-distribution scheme. Second explores via field testing the intelligence level of the system. This was meant to support the generation of persuasive messages built from the integration of a person\u27s physiological and living pattern data in persuading physical activity behavior change associated with daily walking steps. This system was used by an elderly female in a three-month study. Findings regarding the infrastructure or the novel key pre-distribution scheme in comparison to three popular key distribution methods indicates that it offers greater network resiliency to security threats (i.e., 1/2^32 times lower), better memory utilization (i.e., 53.9% less), but higher energy consumption (i.e., 2% higher) than its comparison group. Findings from the intelligence level of the research posit that using a person\u27s physiological and living pattern data may allow for more information rich and stronger persuasive messages. Findings indicate that the study participant was able to change and improve her average daily walking steps by 61% over a pre-treatment period. As the study participant increased her physical activity, changes in her living pattern were also observed (e.g., time spent watching television decreased while time spent engaged in walking increased by an average of 15 minutes per day). Reinforcement of these findings were noted between a pre and post-study survey that indicated the study participant moved from a contemplation stage of change where physical activity engagement was intended but not acted upon to an action stage of change where physical activity engagement dominated the new behavior

A Canonical Seed Assignment Model for Key Predistribution in Wireless Sensor Networks

A promising solution for trust establishment in wireless sensor networks is the assignment of cryptographic seeds (keys, secrets, etc.) to sensor nodes prior to network deployment, known as key predistribution. In this article, we propose a canonical seed assignment model for key predistribution characterizing seed assignment in terms of the probability distribution describing the number of nodes receiving each seed and the algorithm for seed assignment. In addition, we present a sampling framework for seed assignment algorithms in the canonical model. We propose a probabilistic k-connectivity model for randomly deployed secure networks using spatial statistics and geometric random graph theory.We analyze key predistribution schemes in the canonical model in terms of network connectivity and resilience to node capture. The analytical results can be used to determine the average or worst-case connectivity or resilience to node capture for a key predistribution scheme. Furthermore, we demonstrate the design of new key predistribution schemes and the inclusion of existing schemes in the canonical model. Finally, we present a general approach to analyze the addition of nodes to an existing secure network and derive results for a well-known scheme