Multipath Key Establishment for Wireless Sensor Networks Using Just-Enough Redundancy Transmission

In random key predistribution techniques for wireless sensor networks, a relatively small number of keys are randomly chosen from a large key pool and are loaded on the sensors prior to deployment. After deployment, each sensor tries finding a common key shared by itself and each of its neighbors to establish a link key to protect the wireless communication between themselves. One intrinsic disadvantage of such techniques is that some neighboring sensors do not share any common key. In order to establish a link key among these neighbors, a multihop secure path may be used to deliver the secret. Unfortunately, the possibility of sensors being compromised on the path may render such an establishment process insecure. In this work, we propose and analyze the Just-Enough Redundancy Transmission (JERT) scheme that uses the powerful Maximum-Distance Separable (MDS) codes to address the problem. In the JERT scheme, the secret link key is encoded in (n, k) MDS code and transmitted through multiple multihop paths. To reduce the total information that needs to be transmitted, the redundant symbols of the MDS codes are transmitted only if the destination fails to decode the secret. The JERT scheme is demonstrated to be efficient and resilient against node capture. One salient feature of the JERT scheme is its flexibility of trading transmission for lower information disclosure

Dynamic resiliency analysis of key predistribution in wireless sensor networks

Wireless sensor networks have been analyzed for more than a decade from operational and security points of view. Several key predistribution schemes have been proposed in the literature. Although valuable and state-of-the-art proposals have been made, their corresponding security analyses have not been performed by considering the dynamic nature of networking behavior and the time dimension. The sole metric used for resiliency analysis of key predistribution schemes is "fraction of links compromised" which is roughly defined as the ratio of secure communication links that the adversary can compromise over all secure links. However, this metric does not consider the dynamic nature of the network; it just analyzes a snapshot of the network without considering the time dimension. For example, possible dead nodes may cause change of routes and some captured links become useless for the attacker as time goes by. Moreover, an attacker cannot perform sensor node capturing at once, but performs over time. That is why a methodology for dynamic security analysis is needed in order to analyze the change of resiliency in time a more realistic way. In this paper, we propose such a dynamic approach to measure the resiliency of key predistribution schemes in sensor networks. We take the time dimension into account with a new performance metric, "captured message fraction". This metric is defined as the percentage of the messages generated within the network to be forwarded to the base station (sink) that are captured and read by the attacker. Our results show that for the cases where the static fraction of links compromised metric indicates approximately 40% of the links are compromised, our proposed captured message fraction metric shows 80% of the messages are captured by the attacker. This clearly proves the limitations of the static resiliency analysis in the literature

LEDS - An innovative corridor of data security in WSN

Recently, WSNs have drawn a lot of attention due to their broad applications in both military and civilian domains. Data security is essential to the success of WSN applications, exclusively for those mission-critical applications working in unattended and even hostile environments which may be exposed to several attacks. This inspired the research on Data security for WSNs. Attacks due to node compromise include Denial of service (DoS) attacks such as selective forwarding attacks and report disruption attacks. Nearby many techniques have been proposed in the literature for data security. Hop-hop security works well when assuming a uniform wireless communication pattern and this security designs provides only hop-hop security. Node to sink communication is the dominant communication pattern in WSNs and hop-hop security design is not sufficient as it is exposed to several attacks due to node compromise. Location aware end-end data security (LEDS) provides end-end security. DOI: 10.17762/ijritcc2321-8169.15025

Key Management Building Blocks for Wireless Sensor Networks

Cryptography is the means to ensure data confidentiality, integrity and authentication in wireless sensor networks (WSNs). To use cryptography effectively however, the cryptographic keys need to be managed properly. First of all, the necessary keys need to be distributed to the nodes before the nodes are deployed in the field, in such a way that any two or more nodes that need to communicate securely can establish a session key. Then, the session keys need to be refreshed from time to time to prevent birthday attacks. Finally, in case any of the nodes is found to be compromised, the key ring of the compromised node needs to be revoked and some or all of the compromised keys might need to be replaced. These processes, together with the policies and techniques needed to support them, are called key management. The facts that WSNs (1) are generally not tamper-resistant; (2) operate unattended; (3) communicate in an open medium; (4) have no fixed infrastructure and pre-configured topology; (5) have severe hardware and resource constraints, present unique challenges to key management. In this article, we explore techniques for meeting these challenges. What distinguishes our approach from a routine literature survey is that, instead of comparing various known schemes, we set out to identify the basic cryptographic principles, or building blocks that will allow practitioners to set up their own key management framework using these building blocks

[[alternative]]The Study of Key Management System for Wireless Sensor Network

計畫編號：NSC94-2213-E032-015研究期間：200508~200607研究經費：534,000[[abstract]]隨著無線傳輸技術之發展與微機電技術的進步，無線感測網路的技術 越來越成熟，應用範圍也越來越廣泛，其中包括軍事、環境科學、醫療健 康、空間探索、家庭照護和商業應用等領域。無線感測網路是由隨機散佈 的感測器節點以自我組態的方式建構而成，透過節點中的感測器量測所需 的資訊，並將此蒐集到的數據以無線電波傳輸的方式送到資料彙集中心或 基地台(base station)，再進行後續的處理與運用。一般來說，為防止攻擊者 破壞整個無線感測網路功能運作，無線感測網路至少需包含下列幾個安全 功能：可用性、鑑別性、私密性與完整性。在目前資訊安全技術中，可以 提供這些功能的技術都必須有一安全的密鑰予以協助，方能達到目的，甚 至此密鑰之安全與否將直接影響整個系統安全及功能的達成。密鑰管理是 確保密鑰安全的關鍵的技術，其最主要的目的就是要確保密鑰的安全，包 括密鑰的產生、傳送、驗證、使用、更換、儲存、備份、使用期限與作廢 等，每個程序都要確保密鑰的私密、正確及安全。然而，由於在無線感測 網路中無實體網路連結基礎架構、節點間間歇性連接、與節點電力、計算 能力與記憶空間均受限等因素，使得研究發展實用的無線感測網路密鑰管理技術相當困難，也由於這些限制條件，使得傳統有線網路的密鑰管理技 術在無線感測網路中均無法有效運作。 本計畫擬研究發展一適用於無線感測網路的計算成本低、記憶空間小 和通訊頻寬需求少的密鑰管理技術，而低計算成本和低通訊頻寬需求除提 昇效率外亦減少電力的消耗以延長感測節點壽命。此系統必須確保會談密 鑰的安全強度，即使感測節點有變動(新增、移動或停止運作)情形時，仍必 須確保系統的Forward Secrecy 和Backward Secrecy。藉此希望能增進無線 感測網路的安全機能。[[sponsorship]]行政院國家科學委員

Different Security Mechanisms for Wireless Sensor Networks

In today’s world security becomes one of the important constraints in every research field. As increasing use of Wireless Sensor Networks (WSN) in various crucial applications security of wireless networks is becoming more important day by day. Today almost each and every important area makes use of wireless sensor networks. As Wireless Sensor Network is infrastructure-less network; data moves openly from one node to another thus it can be captured easily by attackers. To avoid data from being stolen security mechanism has to be applied. Many protocols are available for providing security on wireless network. We perform a detailed study of different security mechanisms used in sensor network against some criteria such as nature of algorithm, working, its benefits and some of the disadvantages of mechanism and also compare them