Multiphase deployment models for fast self healing in wireless sensor networks

The majority of studies on security in resource limited wireless sensor networks (WSN) focus on finding an efficient balance among energy consumption, computational speed and memory usage. Besides these resources, time is a relatively immature aspect that can be considered in system design and performance evaluations. In a recent study(Castelluccia and Spognardi, 2007), the time dimension is used to lower the ratio of compromised links, thus, improving resiliency in key distribution in WSNs. This is achieved by making the old and possibly compromised keys useful only for a limited amount of time. In this way, the effect of compromised keys diminish in time, so the WSN selfheals. In this study we further manipulate the time dimension and propose a deployment model that speeds up the resilience improvement process with a tradeoff between connectivity and resiliency. In our method, self healing speeds up by introducing nodes that belong to future generations in the time scale. In this way, the duration that the adversary can make use of compromised keys become smaller

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

A key distribution scheme tailored for mobile sensor networks

Wireless Sensor Networks, (WSN), are composed of battery-powered and resource-limited small devices called sensor nodes. WSNs are used for sensing and collecting data in the deployment area to be relayed to a Base Station (BS). In order to secure WSNs, first of all key distribution problems must be addressed. Key distribution problem is extensively studied for static WSNs, but has not been studied widely for mobile WSNs (MWSN). In this thesis, we proposed key distribution mechanisms for MWSNs. We propose a scheme in which both sensor nodes and the BS are mobile. In our scheme, the BS works as a key distribution center as well. It continuously moves in the environment and distributes pairwise keys to neighboring sensor nodes. In this way, the network gets securely connected. We conduct simulations to analyze the performance of our proposed scheme. The results show that our scheme achieves a local connectivity value of 0.73 for half-mobile network scenario and 0.54 for fully-mobile network scenario. These values can be further improved by using multiple BSs or increasing the speed of the BS. Moreover, our scheme provides perfect resiliency; an adversary cannot compromise any additional links using the captured nodes. We also incorporate two well-known key distribution mechanisms used for static networks into our scheme and provide a better connectivity in the early stages of the sensor network. The improvement in local connectivity, however, comes at the expense of reduced resiliency at the beginning. Nevertheless, the resiliency improves and connectivity converges to our original scheme's values in time

Hash Chains Sensornet: A Key Predistribution Scheme for Distributed Sensor Networks Using Nets and Hash Chains

Key management is an essential functionality for a security protocol; particularly for implementations to low cost devices of a distributed sensor networks (DSN)–a prototype of Internet of Things (IoT). Constraints in resources of the constituent devices of a low cost IoT (sensors of DSN) restricts implementations of computationally heavy public key cryptosystems. This led to adaptation of the novel key predistribution technique in symmetric key platform to efficiently tackle the problem of key management for these resource starved networks. Initial proposals use random graphs, later key predistribution schemes (KPS) exploit combinatorial approaches to assure essential design properties. Combinatorial designs like a (v, b, r, k)– configuration which forms a µ–CID are effective schemes to design KPS. A net in a vector space is a set of cosets of certain kind of subspaces called partial spread. A µ(v, b, r, k)–CID can be formed from a net. In this paper, we propose a key predistribution scheme for DSN, named as Sensornet, using a net. We observe that any deterministic KPS suffer from “smart attack” and hence devise a generic method to eliminate it. Resilience of a KPS can be improved by clever Hash Chains technique introduced by Bechkit et al. We improve our Sensornet to achieve Hash Chains Sensornet (HC(Sensornet)) by the applications of these two generic methods. Effectiveness of Sensornet and HC(Sensornet) in term of crucial metrics in comparison to other prominent schemes has been theoretically established

Energy-efficient task-scheduling and networking protocols for secure wireless networks

The performance of wireless networks is dependent on a number of factors including the available energy, energy-efficiency, data processing delay, transmission delay, routing decisions, security overhead, etc. Traditionally, due to limited resources, nodes were tasked with only collecting measurements and sending them to a base station or central unit for processing. With increased capabilities of microprocessors the data processing is pushed more toward network and its more capable nodes. This thesis focuses to virtualize the processing resources of the entire network and dynamically distribute processing steps along the routing path while optimizing performance. Additionally, a new multi-key encryption (MKE) scheme is proposed to optimize efficiency while enhancing security. The main benefit of the MKE scheme is the improved resilience of the advanced encryption standard (AES) against correlation power analysis (CPA) attack by breaking the correlation between power consumption and the used secret key. The MKE security scheme is analyzed with network implementation and studied for its effects on network parameters such as network connectivity, resilience against node capture and energy efficiency of the scheme. Moreover, a new analysis methodology is proposed to quantify a resilience of a network against node capture such that the strength of the underlying security mechanisms is taken into account. Furthermore, the tradeoff between security and network performance is addressed by the proposed task-scheduling scheme. Also, the proposed methodology does not make assumption of homogenous [sic] network that is often used in literature to simplify analysis and scheme design. In contrast, the proposed formulation is generic, thus allowing heterogeneous nodes to be used while guaranteeing network performance. Consequently, the proposed scheme creates a wireless computing cloud where the processing tasks are dynamically assigned to the nodes using the Dynamic Programming (DP) methodology. The processing and transmission decisions are analytically derived from network models in order to optimize the utilization of network resources including: available energy, processing capacity, security overhead, bandwidth etc. As a result, the online optimization of network resources is achieved --Abstract, page iv

Hierarchical Grid-Based Pairwise Key Pre-distribution in Wireless Sensor Networks

The security of wireless sensor networks is an active topic of research where both symmetric and asymmetric key cryptography issues have been studied. Due to their computational feasibility on typical sensor nodes, symmetric key algorithms that use the same key to encrypt and decrypt messages have been intensively studied and perfectly deployed in such environment. Because of the wireless sensor's limited infrastructure, the bottleneck challenge for deploying these algorithms is the key distribution. For the same reason of resources restriction, key distribution mechanisms which are used in traditional wireless networks are not efficient for sensor networks. To overcome the key distribution problem, several key pre-distribution algorithms and techniques that assign keys or keying material for the networks nodes in an offline phase have been introduced recently. In this paper, we introduce a supplemental distribution technique based on the communication pattern and deployment knowledge modeling. Our technique is based on the hierarchical grid deployment. For granting a proportional security level with number of dependent sensors, we use different polynomials in different orders with different weights. In seek of our proposed work's value, we provide a detailed analysis on the used resources, resulting security, resiliency, and connectivity compared with other related works.Comment: 13 pages, 9 figures, 2 tables, to appear in the International Journal of Networks and Securit

The effect of time dimension and network dynamics on key distribution in wireless sensor networks

The majority of studies on security in resource limited wireless sensor networks (WSN) focus on finding an efficient balance among energy consumption, computational speed and memory usage. Besides these resources, time, network dynamics (e.g. routing), and implementation and integration issues of the security solutions are relatively immature aspects that can be considered in system design and performance evaluations. In the first part of this thesis, we develop and analyze different implementation options of a Random Key Predistribution scheme in a real network simulation environment. Implementation options include Proactive Key Establishment and Reactive Key Establishment. In Proactive Key Establishment, pairwise keys are established at the beginning, prior to start of application. In Reactive Key Establishment, keys are established only whenever needed by the application during its execution. In literature the latter is known to preserve energy since it reduces useless key establishments; however, it also introduces delay in application traffic. We implement the reactive key establishment in such a way that key establishment traffic and energy consumption are reduced. As a result our reactive key establishment implementation has similar throughput performance with proactive scenarios despite the longer lifetime of reactive scenario. We also simulate an attack scenario and measure different metrics including a novel one. This new metric, the packet compromise ratio, reflects the harm caused by the adversary in a more realistic way. In our simulations, we show that packet compromise ratios are very high as compared to link compromise ratios for a long period. However, when the majority of nodes die, link compromise ratios exceed packet compromise ratios. This is an indication to the fact that link compromise ratios seem high even though there is no high amount of traffic in network to be compromised by adversary. Due to the results showing that classical key distribution schemes in WSNs have actually low resiliency, in the second part of this thesis, we propose new deployment models that improve resiliency. In a recent study by Castelluccia and Spognardi, the time dimension is used to lower the ratio of compromised links, thus, improving resiliency in key distribution in WSNs. This is achieved by making the old and possibly compromised keys useful only for a limited amount of time. In this way, the effect of compromised keys diminishes in time, so the WSN selfheals. We further manipulate the time dimension and propose a deployment model that speeds up the resiliency improvement process with a tradeo between connectivity and resiliency. In our method, self healing speeds up by introducing nodes that belong to future generations in the time scale. In this way, the duration that the adversary can make use of compromised keys becomes smaller