Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

An efficient approach of secure group association management in densely deployed heterogeneous distributed sensor network

A heterogeneous distributed sensor network (HDSN) is a type of distributed sensor network where sensors with different deployment groups and different functional types participate at the same time. In other words, the sensors are divided into different deployment groups according to different types of data transmissions, but they cooperate with each other within and out of their respective groups. However, in traditional heterogeneous sensor networks, the classification is based on transmission range, energy level, computation ability, and sensing range. Taking this model into account, we propose a secure group association authentication mechanism using one-way accumulator which ensures that: before collaborating for a particular task, any pair of nodes in the same deployment group can verify the legitimacy of group association of each other. Secure addition and deletion of sensors are also supported in this approach. In addition, a policy-based sensor addition procedure is also suggested. For secure handling of disconnected nodes of a group, we use an efficient pairwise key derivation scheme to resist any adversary’s attempt. Along with proposing our mechanism, we also discuss the characteristics of HDSN, its scopes, applicability, future, and challenges. The efficiency of our security management approach is also demonstrated with performance evaluation and analysis

Certificate less Effective Key Management Protocol For Secure Communications

To improve the current certificate less-effective key management (CL-EKM) convention for secure correspondence in element WSNs with Energy Efficient System. This numerical model will be used to evaluate the correct worth for the Thold and Tback off parameters in view of the speed and the coveted trade off between the vitality utilization and the security level. As a vital piece of mechanical application (IA), the wireless sensor network (WSN) has been a dynamic exploration territory in the course of recent years. Because of the constrained energy and correspondence capacity of sensor nodes, it appears to be particularly essential to outline a directing convention for WSNs so that detecting information can be transmitted to the recipient effectively. A energy-balanced routing technique taking into account forward-mindful element is proposed in this paper with effective key management procedures in it. In this framework, the next-hop node is chosen by attention to connection weight and forward energy density. Besides, an unconstrained remaking mechanism for nearby topology is outlined furthermore. In the tests comes about demonstrate that our framework adjusts the energy utilization, drags out the capacity lifetime and ensures high QoS of WSN

Cryptographic key distribuition in sensor networks

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Redes de Sensores Sem Fio (RSSFs) são compostas em sua maioria por pequenos nós sensores dotados de recursos extremamente limitados. Estes, por sua vez, se comunicam com o mundo externo através de nós poderosos chamados de sorvedouros ou estações rádio base. RSSFs são empregadas com o objetivo de monitorar regiões, oferecendo dados sobre a área monitorada para o resto do sistema. Tais redes podem ser utilizadas para diferentes aplicações, tais como operações de resgate em áreas de conflito/desastre, espionagem industrial e detecção de exploração ilegal de recursos naturais. Em RSSFs existem aplicações críticas nas quais propriedades de segurança são de vital importância. Segurança, por sua vez, é comumente alavancada através de esquemas de distribuição de chaves. A maioria dos padrões de distribuição de chaves presentes na literatura, todavia, não são apropriados para RSSFs: métodos baseados em esquemas de chave pública convencionais, devido aos seus requisitos de processamento e banda; chaves de grupo, em função das suas vulnerabilidades de segurança; e chaves par-a-par (pairwise), por causa da baixa escalabilidade. Um outro dado é que há uma vasta gama de arquiteturas propostas para RSSFs e que uma mesma técnica de distribuição de chaves pode ser a melhor para uma, mas não para outra, visto que diferentes arquiteturas de rede exibem padrões de comunicação distintos. Em outras palavras, não existe uma panacéia, e mecanismos de distribuição de chaves para RSSFs devem, portanto, levar em consideração as idiossincrasias das arquiteturas para as quais são projetadas. Tudo isso torna extremamente difícil e desafiadora a tarefa de dotar RSSFs de segurança. O objetivo deste trabalho foi propor soluções de distribuição de chaves que, concomitantemente, (i) fossem compatíveis com os recursos dos sensores e (ii) considerassem as particularidades das arquiteturas para as quais são propostas. Como será mostrado ao longo desta tese, iniciamos nosso trabalho com soluções personalizadas para certas arquiteturas de RSSFs e evoluímos para soluções flexíveis em que a segurança é alavancada de forma não interativa - o que é ideal para este tipo de rede. Até onde sabemos, nosso trabalho é pioneiro em soluções de segurança para RSSFs hierárquicas e em distribuição de chaves de forma autenticada e não interativa, usando Criptografia Baseada em Identidade, neste tipo de rede.Abstract: Wireless sensor networks (WSNs) are ad hoc networks comprised mainly of small sensor nodes with limited resources and one or more base stations, which are much more powerful laptop-class nodes that connect the sensor nodes to the rest of the world. WSNs are used for monitoring purposes, providing information about the area being monitored to the rest of the system. Application areas range from battlefield reconnaissance and emergency rescue operations to surveillance and environmental protection. There are also critical WSN applications in which security properties are of paramount importance. Security, in turn, is frequently bootstrapped through key distribution schemes. Most of the key distribution techniques, however, are ill-suited to WSNs: public key based distribution, because of its processing and bandwidth requirements; global keying, because of its security vulnerabilities; complete pairwise keying, because of its memory requirements. It is worth noting, however, that a large number of WSN architectures have been proposed and a key distribution solution that is well suited to one architecture is likely not to be the best for another, as different network architectures exhibit different communication patterns. In other words, there is no panacea and the design of a key distribution scheme must therefore be driven by the peculiarities of the WSN architecture in question. This all makes extremely hard and challenging the objective of securing WSNs. In this work, we aimed at proposing key distribution schemes that are both (i) lightweight and (ii) able to fulfill architecture-specific needs. As it will be shown throughout this thesis, we began our work with customized solutions for certain types of WSNs and then, subsequently, turned our attention to more flexible solutions, where security is bootstrapped in a non-interactive way through the use of Identity-Based Cryptography.DoutoradoTeoria da ComputaçãoDoutor em Ciência da Computaçã

An Efficient Multi-PKG Online/Offline Identity-Based Encryption Scheme for Wireless Sensor Network

In this paper, we divide large-scale resource-constrained WSN nodes into several domains, split cryptographic operations into heavy operations and the fast lightweight operations, and present an efficient multi-PKG online/offline identity-based encryption scheme for multi-domain WSN. Most heavy computations such as pairing or exponentiation are done in the offline phase for pre-computation without the receiver's identity or the knowledge of the plaintext. Most fast lightweight operations are done in the online phase, together with the plaintext and the receiver's identity. The online encryption is extremely efficient and easy to be implemented on sensor node. We prove the security of our new scheme in the random oracle model. Compared with the existing schemes, our new scheme is more secure and efficient, which is suitable for multi-domain WSN

Application of Transversal Design and Secure Path Key Establishment for Key Pre-Distribution in WSN

Wireless sensor network is composed of a number of sensor devices which can communicate with each other through radio wave. The sensor devices are limited with computation ability, communication ability, and memory capacity and battery power. This makes the implementation of any task in Wireless Sensor Network is very challenging. Amid various requirements, secure communication in Wireless sensor Network is a major requirement. Suppose two or more sensor nodes want to communicate with each other securely, they need such an environment which can fulfill all the security requirements amid the constraints mentioned earlier. Therefore, secure communication in this network is not an easy task. Two or more nodes can communicate using any cryptography scheme which can be applicable to this network. Nodes under communication process have to use one or more key for encryption and decryption. Single key for the entire network can serve for encryption and decryption of shared information. However compromising of that key may reveal the whole communication in the network. Therefore, although a single key for an entire network provides a certain range of security to the communication of the network, the resiliency of the network is very low which is not at all acceptable for secure communication. Keeping shared keys for every other node in the network is another option. However, increment of number of nodes in the network increases the key ring size of each node. Although it provides maximum resiliency, however, it suffers from non scalability due to memory constraints of sensor node. Another scheme is public key cryptography, which requires public key and private key for secure communication. It provides good resiliency to the network. However, it consumes much computation which is a limitation for its application in wireless sensor network. Key pre-distribution is an optimum scheme which loads a finite number of keys to each node taking from a set of predefined keys before deployment of the network. Pair of node which wants to communicate with each other searches for existence of any common key between them and if find start communication using that common key. If no such common key found, they establish a path for exchange of temporarily generated key and start communication using that key. Several key pre-distribution schemes have been proposed for distributing keys for secure communication. Pre-key distribution with merging of blocks is one of the major key pre-distribution schemes. We have studied that merging of nodes randomly incurred an amount of communication cost due to its randomness. We propose a scheme which will merge different blocks in a deterministic way yields a pattern of block ids in a node. Our aim is to decrease the communication task during key establishment. For our case, the communication cost during common key establishment is only O(1) which is constant, whereas in case of random merging it is O(z), where z is the merging factor. Therefore, scheme proposed by us mostly suitable for this type of network. Again in case of those communications which require temporary key, the communication is not secure due to the fact that if any intermediate nodes in the path between actual communicators become compromise, then the newly generated communication is revealed to the attacker. We have proposed two schemes which provide security to such temporarily generated key. One of them is Identity based public key cryptography for path key establishment which exchange the newly generated temporary key using Identity based public key encryption process using ηT pairing as bilinear tool. Although Public key encryption along with pairing needs only once for a particular session, however, due to public key encryption, it may not be appropriate for Wireless Sensor Networks. Therefore, we have revised our scheme and proposed another scheme Identity based symmetric key cryptography for path key establishment. This scheme consumes less computation cost due to symmetric approach for encryption of temporarily generated key. Therefore, this scheme is more appropriate for application in wireless Sensor Networks. Thus for the purpose of our thesis work, we have proposed a scheme which optimize the Key-pre Distribution strategy by using Deterministic technique of merging blocks to form node and hence facilitates less communication cost for pair-wise common key establishment. Again, for securing temporary key during Path Key Establishment, we have proposed two schemes which provide full security to the temporary key

HIMMO - A lightweight collusion-resistant key predistribution scheme

In this paper we introduce HIMMO as a truly practical and lightweight collusion-resistant key predistribution scheme. The scheme is reminiscent ofBlundo et al\u27s elegant key predistribution scheme, in which the master key is a symmetric bivariate polynomial over a finite field, and a unique common key is defined for every pair of nodes as the evaluation of the polynomial at the finite field elements associated with the nodes. Unlike Blundo et al\u27s scheme, however, which completely breaks down once the number of colluding nodes exceeds the degree of the polynomial, the new scheme is designed to tolerateany number of colluding nodes. Key establishment in HIMMO amounts to the evaluation of a single low-degree univariate polynomial involving reasonably sized numbers, thus exhibiting excellent performance even for constrained devices such as 8-bit CPUs, as we demonstrate. On top of this, the scheme is very versatile, as it not only supports implicit authentication of the nodes like any key predistribution scheme, but also supports identity-based key predistribution in a natural and efficient way. The latter property derives from the fact that HIMMO supports long node identifiers at a reasonable cost, allowing outputs of a collision-resistant hash function to be used as node identifiers. Moreover, HIMMO allows for a transparent way to split the master key between multiple parties. The new scheme is superior to any of the existing alternatives due to the intricate way it combines the use of multiple symmetric bivariate polynomials evaluated over ``different\u27\u27 finite rings. We have extensively analyzed the security of HIMMO against two attacks. For these attacks, we have identified the Hiding Information (HI) problem and the Mixing Modular Operations (MMO) problem as the underlying problems. These problems are closely related to some well-defined lattice problems, and therefore the best attacks on HIMMO are dependent on lattice-basis reduction. Based on these connections, we propose concrete values for all relevant parameters, for which we conjecture that the scheme is secure

Secure pairing-free two-party certificateless authenticated key agreement protocol with minimal computational complexity

Key agreement protocols play a vital role in maintaining security in many critical applications due to the importance of the secret key. Bilinear pairing was commonly used in designing secure protocols for the last several years; however, high computational complexity of this operation has been the main obstacle towards its practicality. Therefore, implementation of Elliptic-curve based operations, instead of bilinear pairings, has become popular recently, and pairing-free key agreement protocols have been explored in many studies. A considerable amount of literatures has been published on pairing-free key agreement protocols in the context of Public Key Cryptography (PKC). Simpler key management and non-existence of key escrow problem make certificateless PKC more appealing in practice. However, achieving certificateless pairing-free two-party authenticated key agreement protocols (CL-AKA) that provide high level of security with low computational complexity, remains a challenge in the research area. This research presents a secure and lightweight pairingfree CL-AKA protocol named CL2AKA (CertificateLess 2-party Authenticated Key Agreement). The properties of CL2AKA protocol is that, it is computationally lightweight while communication overhead remains the same as existing protocols of related works. The results indicate that CL2AKA protocol is 21% computationally less complex than the most efficient pairing-free CL-AKA protocol (KKC-13) and 53% less in comparison with the pairing-free CL-AKA protocol with highest level of security guarantee (SWZ-13). Security of CL2AKA protocol is evaluated based on provable security evaluation method under the strong eCK model. It is also proven that the CL2AKA supports all of the security requirements which are necessary for authenticated key agreement protocols. Besides the CL2AKA as the main finding of this research work, there are six pairing-free CL-AKA protocols presented as CL2AKA basic version protocols, which were the outcomes of several attempts in designing the CL2AKA