Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks

In this article two novel group-wise key distribution schemes with time-limited node revocation are introduced for secure group communications in wireless sensor networks. The proposed key distribution schemes are based on two different hash chain structures, dual directional hash chain and hash binary tree. Their salient security properties include self-healing rekeying message distribution, which features a periodic one-way rekeying function with efficient tolerance for lost rekeying messages; and time-limited dynamic node attachment and detachment. Security evaluation shows that the proposed key distribution schemes generally satisfy the requirement of group communications in WSNs with lightweight communication and computation overhead, and are robust under poor communication channel quality.     

A multicast key management scheme based on characteristic values of members

A new collusion attack on Pour-like schemes is proposed in this paper. Then, we present a collusion-free centralized multicast key management scheme based on characteristic values of members. The re-keying method that other group members calculate new keys when a member is joining or leaving is also designed. It achieves forward secrecy and backward secrecy. Compared with typical existing centralized schemes, the storage of Group Key Controller (GKC) in our scheme halves the storage overhead of others, and communication overhead of GKC is 2 in case of joining re-keying. Especially, the leaving re-keying overhead is log₂ n, and the overall performance is excellent.     

基于离散对数问题的两层分散式组密钥管理方案

该文基于多个解密密钥映射到同一加密密钥的公钥加密算法提出一个组密钥更新协议,结合LKH算法为特定源多播模型设计一个两层分散式组密钥管理方案。证明它具有后向保密性、高概率的前向保密性和抗串谋性。通过上层私钥的长寿性和密钥转换的方法来缓解子组管理者的性能瓶颈及共享组密钥方法中普遍存在的1影响n问题。分析表明,采用混合密码体制的新方案在一定程度上兼备了两类不同组密钥管理方法的优势。     

An authenticated group key distribution protocol based on the generalized Chinese remainder theorem

The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.     

An overlay approach to data security in ad-hoc networks

While it has been argued that application-layer overlay protocols can enhance services in mobile ad-hoc networks, hardly any empirical data is available on the throughput and delay performance achievable in this fashion. This paper presents performance measurements of an application-layer overlay approach that ensures integrity and confidentiality of application data in an ad-hoc environment. A key management and encryption scheme, called neighborhood key method, is presented where each node shares secrets only with authenticated neighbors in the ad-hoc network, thus avoiding global re-keying operations. All proposed solutions have been implemented and empirically evaluated in an existing software system for application-layer overlay networking. Results from indoor and outdoor measurement experiments with mobile handheld devices provide insight into the performance and overhead of overlay networking and application-layer security services in ad-hoc networks.     

MUQAMI+: a scalable and locally distributed key management scheme for clustered sensor networks

Wireless sensor networks (WSN) are susceptible to node capture and many network levels attacks. In order to provide protection against such threats, WSNs require lightweight and scalable key management schemes because the nodes are resource-constrained and high in number. Also, the effect of node compromise should be minimized and node capture should not hamper the normal working of a network. In this paper, we present an exclusion basis system-based key management scheme called MUQAMI+ for large-scale clustered sensor networks. We have distributed the responsibility of key management to multiple nodes within clusters, avoiding single points of failure and getting rid of costly inter-cluster communication. Our scheme is scalable and highly efficient in terms of re-keying and compromised node revocation.     

Analysis of a robust and energy efficient transmission scheduling protocol in single‐hop ad hoc networks

A fully connected one‐hop ad hoc network constitutes a basic unit for managing self‐organizing networks such as IEEE 802.11 and 802.15.3 networks. Since energy efficiency is a critical issue in ad hoc networks, we develop an energy‐saving framework that includes scheduling for node‐to‐node direct communication. The scheduling is performed by a coordinator that is selected by some simple rule. We enhance IEEE 802.11 protocol by using our proposed framework, and analyze its energy efficiency in transmitting and receiving data. Through mathematical analysis, we confirm that our enhanced protocol significantly saves energy compared to the IEEE 802.11 protocol. We also investigate the robustness of our algorithm by covering the cases of uncooperative users, system malfunctioning, and channel errors. The numerical results confirm that our protocol works well under these hostile environments and maintains its advantage over the conventional scheme. Copyright © 2009 John Wiley & Sons, Ltd.     

Analysis and determination of cooperative MAC strategies from throughput perspectives

In recent years, cooperative communication has been developed as a new communication strategy that incorporates a relay node to assist direct point-to-point transmission. By exploiting cooperative diversity, different types of techniques have been proposed to improve transmission reliability from the physical layer perspective. However, owing to the longer transmission time resulting from the cooperative schemes, there is no guarantee to enhance network throughput in view of the medium access control (MAC) performance. In this paper, system throughput of combined direct/cooperative communication is evaluated by exploiting the proposed analytical model based on the IEEE 802.11 MAC protocol. The feasibility of adopting either cooperative or direct communication is also studied in the analytical model. In terms of network throughput, whether to adopt cooperative schemes depends on the tradeoff between cooperative transmission delay and channel quality of direct communication. Moreover, two cooperative MAC protocols are proposed to determine the circumstances to activate cooperative communication according to the channel quality. The full-channel quality indicator based cooperative (FCC) MAC protocol is introduced to choose both the transmission scheme and the relay node according to the full channel quality information. However, the overhead caused by the FCC scheme can degrade the throughput performance as the number of available relays is significantly increased. Therefore, the bitwise competition based cooperative (BCC) MAC protocol is utilized to efficiently determine a feasible relay node for data transmission. Simulations are performed to validate the effectiveness of proposed analytical models and cooperative MAC protocols. It is observed that the proposed BCC scheme can outperform both the FCC protocol and conventional direct transmission with enhanced system throughput.     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

Deterministic K‐means secure coverage clustering with periodic authentication for wireless sensor networks

Innovative and emerging developments in sensor networks are proven to be the backbone for real‐time applications such as satellite communications, military and border area surveillance systems, health care systems, traffic monitoring systems, seismic and underwater monitoring systems, and agriculture and habitat environment systems. Coverage and clustering techniques enable the sensor network to operate in group‐based and region‐based communication and thus save the node energy. Energy‐efficient protocols save the node energy and increase the network life cycle in a resource‐constrained sensor network. Cluster head (CH) node manages and controls the operations such as network topology, coverage area, and routing paths (multi‐paths and fault‐tolerant paths) of the network. In this paper, we present deterministic K‐means secure coverage clustering (K‐SCC) with periodic authentication. The proposed protocol uses coverage clustering technique with periodic authentication between the CH node and sensor nodes to establish the secure channel in the network. Maximum cover of K nodes is maintained in the secure coverage cluster to achieve authenticated communication between the sensor nodes in the network. The proposed K‐SCC protocol is compared with the existing protocols such as deterministic‐SCC and random‐SCC protocols. Simulation results indicate that the proposed K‐SCC protocol achieves an average of 84% coverage ratio (cluster/sensor node ratio) as compared with 62% coverage ratio in the existing SCC protocols. Simulations also indicate that the proposed K‐SCC protocol consumes 20% less energy as compared with the existing SCC protocol. Copyright © 2015 John Wiley & Sons, Ltd.     

Multi‐path routing scheme for non‐interactive multicast communications

This paper proposes a multicast routing algorithm that makes use of multiple node‐disjoint distribution trees for its routing from the source to the multicast group members. The specialty of this scheme is that the different packets of a message between a source and destinations are routed through node‐disjoint paths to provide reliable and secure multicast communication. In this proposed routing scheme the computation of the node‐disjoint path for packet routing is done either at a centralized route moderator or in a distributed fashion at all destinations in order to avoid single point failure. An effective provision is made to enable new members to join the existing multicast trees and to prune leaving members. The performance parameters of the proposed reliable and secure multi‐path routing scheme are studied under various network conditions using GloMoSim. Copyright © 2006 John Wiley & Sons, Ltd.     

An ID-based broadcast encryption scheme for key distribution

A broadcast encryption scheme enables a center to distribute keys and/or broadcast a message in a secure way over an insecure channel to an arbitrary subset of privileged recipients. In this paper, an ID-based broadcast encryption scheme is proposed, by which a center can distribute keys over a network, so that each member of a privileged subset of users can compute a specified key. Then a conventional private-key cryptosystem, such as DES, can be used to encrypt the subsequent broadcast with the distributed key. Because a key distribution can be done in an encrypted broadcast without any key pre-distribution, re-keying protocols for group membership operations can be simplified, a center can use the ID-based broadcast encryption scheme again to distribute a new and random session key. The ID-based broadcast encryption scheme from bilinear pairings is based on a variant of the Boneh-Franklin identity based encryption scheme.     

A Cluster-Based Random Key Revocation Protocol for Wireless Sensor Networks

In recent years,several random key pre-distribution schemes have been proposed to bootstrap keys for encryption,but the problem of key and node revocation has received relatively little attention.In this paper,based on a random key pre-distribution scheme using clustering,we present a novel random key revoca-tion protocol,which is suitable for large scale networks greatly and removes compromised information efficiently.The revocation protocol can guarantee network security by using less memory consumption and communication load,and combined by centralized and distributed revoca-tion,having virtues of timeliness and veracity for revoca-tion at the same time.     

A Distributed Query Protocol in Wireless Sensor Networks

In wireless sensor networks, query execution over a specific geographical region is an essential function for collecting sensed data. However, sensor nodes deployed in sensor networks have limited battery power. Hence, the minimum number of connected sensor nodes that covers the queried region in a sensor network must be determined. This paper proposes an efficient distributed protocol to find a subset of connected sensor nodes to cover the queried region. Each node determines whether to be a sensing node to sense the queried region according to its priority. The proposed protocol can efficiently construct a subset of connected sensing nodes and respond the query request to the sink node. In addition, the proposed protocol is extended to solve the k-coverage request. Simulation results show that our protocol is more efficient and has a lower communication overhead than the existing protocol.     

A trust enhanced secure clustering framework for wireless ad hoc networks

Secure clustering in Wireless Ad Hoc Networks is a very important issue. Traditional cryptographic solution is useless against threats from internal compromised nodes. In light of this, we propose a novel distributed secure trust aware clustering protocol that provides secure solution for data delivery. A trust model is proposed that computes the trust of a node using self and recommendation evidences of its one-hop neighbors. Therefore, it is lightweight in terms of computational and communication requirements, yet powerful in terms of flexibility in managing trust. In addition, the proposed clustering protocol organizes the network into one-hop disjoint clusters and elects the most qualified, trustworthy node as a Clusterhead. This election is done by an authenticated voting scheme using parallel multiple signatures. Analysis of the protocol shows that it is more efficient and secure compared to similar existing schemes. Simulation results show that proposed protocol outperforms the popular ECS, CBRP and CBTRP in terms of throughput and packet delivery ratio with a reasonable communication overhead and latency in presence of malicious nodes.     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

A peer-to-peer zone-based two-level link state routing for mobilead hoc networks

A new global positioning system (GPS)-based routing protocol for ad hoc networks, called zone-based hierarchical link state (ZHLS) routing protocol, is proposed. In this protocol, the network is divided into nonoverlapping zones. Each node only knows the node connectivity within its zone and the zone connectivity of the whole network. The link state routing is performed on two levels: focal node and global zone levels. Unlike other hierarchical protocols, there is no cluster head in this protocol. The zone level topological information is distributed to all nodes. This “peer-to-peer” manner mitigates traffic bottleneck, avoids single point of failure, and simplifies mobility management. Since only zone ID and node ID of a destination are needed for routing, the route from a source to a destination is adaptable to changing topology. The zone ID of the destination is found by sending one location request to every zone. Simulation results show that our location search scheme generates less overhead than the schemes based on flooding. The results also confirm that the communication overhead for creating and maintaining the topology in the proposed protocol is smaller than that in the flat LSR protocol. This new routing protocol provides a flexible, efficient, and effective approach to accommodate the changing topology in a wireless network environment     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

Selection of timed token protocol parameters to guarantee messagedeadlines

Networks that use the timed token protocol (such as the 100 Mbit/s FDDI network) are well suited for real-time applications because they guarantee, to each node, an average bandwidth and a bounded access time to the communication network. This guarantee is necessary but not sufficient for the timely delivery of deadline-constrained messages; protocol parameters must be carefully selected to ensure that these messages meet their deadlines. This paper addresses the issue of selecting the protocol parameters TTRT (target token rotation time) and the synchronous capacities assigned to each node. The objective is to guarantee that each synchronous message is transmitted before its deadline. An upper bound is derived on the worst case achievable utilization (WCAU) of any parameter selection scheme. The WCAU of a scheme is defined as the maximum utilization U such that the scheme guarantees all synchronous messages as long as their utilization is less than U. An algorithm for selecting the above parameters is proposed, The algorithm is shown to have a WCAU that is very close to the upper bound     

Providing secrecy in key management protocols for large wireless sensors networks

This paper defines a new protocol KeEs for the key establishment that meets the security requirements of the threat model proposed. The KeEs protocol assures forward and backward secrecy of the session key, so that if any set of the session keys is compromised, even including the current session key, these compromised keys do not undermine neither the security of future session keys, nor the security of past session keys. We illustrate the protocol in two different scenarios, one in which a Base Station acts as a synchronizer for re-keying the sensors, and a second scenario based on a completely distributed approach where the sensors rely only on themselves to achieve synchronization in the re-keying process. For both scenarios the KeEs protocol requires minimal overhead in terms of computations and transmissions. Finally, in KeES none of the resources needed by a generic sensor is bounded to the size of the WSN.