Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Trade-Off between Collusion Resistance and User Life Cycle in Self-Healing Key Distributions with t-Revocation

We solve the problem of resisting the collusion attack in the one-way hash chain based self-healing key distributions introduced by Dutta et al., coupling it with the prearranged life cycle based approach of Tian et al. that uses the same self-healing mechanism introduced in Dutta et al. Highly efficient schemes are developed compared to the existing works with the trade-off in pre-arranged life cycles on users by the group manager and a slight increase in the storage overhead. For scalability of business it is often necessary to design more innovation and flexible business strategies in certain business models that allow contractual subscription or rental, such as subscription of mobile connection or TV channel for a pre-defined period. The subscribers are not allowed to revoke before their contract periods (life cycles) are over. Our schemes fit into such business environment. The proposed schemes are proven to be computationally secure and resist collusion between new joined users and revoked users together with forward and backward secrecy. The security proof is in an appropriate security model. Moreover, our schemes do not forbid revoked users from rejoining in later sessions unlike the existing self- healing key distribution schemes

Cryptanalysis of an Improved One-Way Hash Chain Self-Healing Group Key Distribution Scheme

In 2014, Chen et al. proposed a one-way hash self-healing group key distribution scheme for resource-constrained wireless networks in Journal of Sensors (14(14):24358-24380, DOI: 10.3390/ s141224358). They asserted that their scheme 2 has the constant storage overhead, low communication overhead, and is secure, i.e., achieves mt-revocation capability, mt-wise forward secrecy, any-wise backward secrecy and has mt-wise collusion attack resistance capability. Unfortunately, an attack method against Chen et al.\u27s scheme 2 is found in this paper, which contributes to some security flaws. More precisely, a revoked user can recover other legitimate users\u27 personal secrets, which directly breaks the forward security, mt-revocation capability and mt-wise collusion attack resistance capability. Thus, Chen et al.\u27s scheme 2 is insecure

On the Security of a Self-healing Group Key Distribution Scheme

Recently, in Journal of Security and Communication Networks (5(12):1363-1374, DOI: 10.1002/sec.429), Wang et al. proposed a group key distribution scheme with self-healing property for wireless networks in which resource is constrained. They claimed that their key distribution scheme satisfies forward security, backward security and can resist collusion attack. Unfortunately, we found some security flaws in their scheme. In this paper, we present a method to attack this scheme. The attack illustrates that this scheme does not satisfy forward security, which also directly breaks the collusion resistance capability

Pairing Based Mutual Healing in Wireless Sensor Networks

In Wireless Sensor Networks(WSNs), a group of users communicating on an unreliable wireless channel can use a group secret. For each session, group manager broadcasts a message containing some keying material, from which only the group members authorized in that session can extract the session key. If a member misses a broadcast message for key, it uses self healing to recover missing session key using most recent broadcast message. However, only self healing does not help if node needs to get most recent session key and have missed the corresponding broadcast. Through mutual healing, a node can request recent broadcast information from a neighboring node and then recover the required key using self-healing. In this paper, we propose a bi-linear pairing based self-healing scheme that reduces communication, storage and computation overhead in comparison to existing bi-linear pairing based self-healing schemes. Then, we discuss the mutual healing scheme that provides mutual authentication and key confirmation without disclosing the node locations to the adversary. The analysis with respect to active adversary shows a significant performance improvement for resource constrained sensor nodes along with the security features such as forward and backward secrecy, resilience against node collusion, node revocation and resistance to impersonation

A key management scheme for heterogeneous sensor networks using keyed-hash chain

We present a suite of key management scheme for heterogeneous sensor networks. In view of different types of communications, a single key can not satisfy various communication requirements. It is necessary to study the establishment and renewal of different types of keys in heterogeneous sensornetworks. In this paper, we propose a new key management scheme which can support five types of communications. Our basic scheme is based on a keyed-hash chain approach. A new cluster mechanism is used to improve the probability of key sharing between sensors and their cluster heads. Different from existing schemes where a node capture attack might lead to the disclosure of several key chains, our method can avoid this drawback through not storing network-wide generating keys inlow-cost sensors. Only pairwise keys involving the compromised node should be deleted in our scheme. It is motivated by the observation that all the information stored on a sensor may be disclosed once the sensor gets compromised. Through the analysis of both security and performance, we show the scheme meets the security requirements

A Survey of Cryptography and Key Management Schemes for Wireless Sensor Networks

Wireless sensor networks (WSNs) are made up of a large number of tiny sensors, which can sense, analyze, and communicate information about the outside world. These networks play a significant role in a broad range of fields, from crucial military surveillance applications to monitoring building security. Key management in WSNs is a critical task. While the security and integrity of messages communicated through these networks and the authenticity of the nodes are dependent on the robustness of the key management schemes, designing an efficient key generation, distribution, and revocation scheme is quite challenging. While resource-constrained sensor nodes should not be exposed to computationally demanding asymmetric key algorithms, the use of symmetric key-based systems leaves the entire network vulnerable to several attacks. This chapter provides a comprehensive survey of several well-known cryptographic mechanisms and key management schemes for WSNs

Security Mechanisms in Unattended Wireless Sensor Networks

Wireless Sensor Networks (WSNs) consisting of a large number of sensor nodes are being deployed in potentially hostile environments for applications such as forest fire detection, battlefield surveillance, habitat monitoring, traffic management, etc. One common assumption in traditional WSNs is that a trusted third party, i.e., a sink, is assumed to be always available to collect sensed data in a real time or near real time fashion. Although many WSNs operate in such an on-site mode, there are WSN applications that do not fit into the real time data collection mode. For example, data collection in Unattended WSNs (UWSNs) relies on the periodical appearance of a mobile sink. As most existing security solutions developed for traditional WSNs rely on the presence of a trusted third party, it makes them not applicable to UWSNs directly. This motivates the research on security mechanisms for UWSNs. This dissertation contributes to security mechanisms in UWSNs from three important aspects, as, confidentiality and reliability, trust management, and capture resistance. The first aspect addresses data confidentiality and data reliability in UWSNs. We propose a data distribution scheme to provide forward secrecy, probabilistic backward secrecy and data reliability. Moreover, we demonstrate that backward secrecy of the historical data can be achieved through homomorphic encryption and key evolution. Furthermore, we propose a constrained optimization algorithm to further improve the above two data distribution schemes. The second study introduces trust management in UWSNs. We propose a set of efficient and robust trust management schemes for the case of UWSNs. The Advanced Scheme utilizes distributed trust data storage to provide trust data reliability and takes the advantages of both Geographic Hash Table (GHT) and Greedy Perimeter Stateless Routing (GPSR) to find storage nodes and to route trust data to them. In this way, it significantly reduces storage cost caused by distributed trust data storage and provides resilience to node compromise and node invalidation. The third study investigates how to detect a captured node and to resist node capture attack in UWSNs. We propose a node capture resistance and key refreshing scheme for UWSNs based on the Chinese remainder theorem. The scheme is able to provide forward secrecy, backward secrecy and collusion resistance for diminishing the effects of capture attacks