Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Efficient threshold self-healing key distribution with sponsorization for infrastructureless wireless networks

Self-healing key distribution schemes are particularly useful when there is no network infrastructure or such infrastructure has been destroyed. A self-healing mechanism can allow group users to recover lost session keys and is therefore quite suitable for establishing group keys over an unreliable network, especially for infrastructureless wireless networks, where broadcast messages loss may occur frequently. An efficient threshold self-healing key distribution scheme with favorable properties is proposed in this paper. The distance between two broadcasts used to recover the lost one is alterable according to network conditions. This alterable property can be used to shorten the length of the broadcast messages. The second property is that any more than threshold-value users can sponsor a new user to join the group for the subsequent sessions without any interaction with the group manager. Furthermore, the storage overhead of the self-healing key distribution at each group user is a polynomial over a finite field, which will not increase with the number of sessions. In addition, if a smaller group of users up to a threshold-value were revoked, the personal keys for non-revoked users can be reused

An efficient self-healing key distribution scheme

Self-healing key distribution schemes enable a group user to recover session keys from two broadcast messages he received before and after those sessions, even if the broadcast messages for the middle sessions are lost due to network failure. These schemes are quite suitable in supporting secure communication over unreliable networks such as sensor networks and ad hoc networks. An efficient self-healing key distribution scheme is proposed in this paper. The scheme bases on the concept of access polynomial and self-healing key distribution model constructed by Hong et al. The new scheme reduces communication and computation overheads greatly yet still keeps the constant storageoverhead

A self-healing key distribution scheme based on vector space secret sharing and one way hash chains

An efficient self-healing key distribution scheme with revocation capability is proposed for secure group communication in wireless networks. The scheme bases on vector space secret sharing and one way hash function techniques. Vector space secret sharing helps to realize general monotone decreasing structures for the family of subsets of users that can be revoked instead of a threshold one. One way hash chains contribute to reduce communication overhead. Furthermore, the most prominent characteristic of our scheme is resisting collusion between the new joined users and the revoked users, which is fatal weakness of hash function based self-healing key distribution schemes

Cryptanalysis of an Improved One-Way Hash Chain Self-Healing Group Key Distribution Scheme

In 2014, Chen et al. proposed a one-way hash self-healing group key distribution scheme for resource-constrained wireless networks in Journal of Sensors (14(14):24358-24380, DOI: 10.3390/ s141224358). They asserted that their scheme 2 has the constant storage overhead, low communication overhead, and is secure, i.e., achieves mt-revocation capability, mt-wise forward secrecy, any-wise backward secrecy and has mt-wise collusion attack resistance capability. Unfortunately, an attack method against Chen et al.\u27s scheme 2 is found in this paper, which contributes to some security flaws. More precisely, a revoked user can recover other legitimate users\u27 personal secrets, which directly breaks the forward security, mt-revocation capability and mt-wise collusion attack resistance capability. Thus, Chen et al.\u27s scheme 2 is insecure

On the Security of a Self-healing Group Key Distribution Scheme

Recently, in Journal of Security and Communication Networks (5(12):1363-1374, DOI: 10.1002/sec.429), Wang et al. proposed a group key distribution scheme with self-healing property for wireless networks in which resource is constrained. They claimed that their key distribution scheme satisfies forward security, backward security and can resist collusion attack. Unfortunately, we found some security flaws in their scheme. In this paper, we present a method to attack this scheme. The attack illustrates that this scheme does not satisfy forward security, which also directly breaks the collusion resistance capability

Pairing Based Mutual Healing in Wireless Sensor Networks

In Wireless Sensor Networks(WSNs), a group of users communicating on an unreliable wireless channel can use a group secret. For each session, group manager broadcasts a message containing some keying material, from which only the group members authorized in that session can extract the session key. If a member misses a broadcast message for key, it uses self healing to recover missing session key using most recent broadcast message. However, only self healing does not help if node needs to get most recent session key and have missed the corresponding broadcast. Through mutual healing, a node can request recent broadcast information from a neighboring node and then recover the required key using self-healing. In this paper, we propose a bi-linear pairing based self-healing scheme that reduces communication, storage and computation overhead in comparison to existing bi-linear pairing based self-healing schemes. Then, we discuss the mutual healing scheme that provides mutual authentication and key confirmation without disclosing the node locations to the adversary. The analysis with respect to active adversary shows a significant performance improvement for resource constrained sensor nodes along with the security features such as forward and backward secrecy, resilience against node collusion, node revocation and resistance to impersonation

Computationally Secure Hierarchical Self-Healing Key Distribution for Heterogeneous Wireless Sensor Networks

ASTA

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

Lightweight wireless network authentication scheme for constrained oracle sensors

x, 212 leaves : ill. (some col.) ; 29 cmIncludes abstract and appendices.Includes bibliographical references (leaves 136-147).With the significant increase in the dependence of contextual data from constrained IoT, the blockchain has been proposed as a possible solution to address growing concerns from organizations. To address this, the Lightweight Blockchain Authentication for Constrained Sensors (LBACS) scheme was proposed and evaluated using quantitative and qualitative methods. LBACS was designed with constrained Wireless Sensor Networks (WSN) in mind and independent of a blockchain implementation. It asserts the authentication and provenance of constrained IoT on the blockchain utilizing a multi-signature approach facilitated by symmetric and asymmetric methods and sufficient considerations for key and certificate registry management. The metrics, threat assessment and comparison to existing WSN authentication schemes conducted asserted the pragmatic use of LBACS to provide authentication, blockchain provenance, integrity, auditable, revocation, weak backward and forward secrecy and universal forgeability. The research has several implications for the ubiquitous use of IoT and growing interest in the blockchain