Scalable and efficient key management for heterogeneous sensor networks

As typical wireless sensor networks (WSNs) have resource limitations, predistribution of secret keys is possibly the most practical approach for secure network communications. In this paper, we propose a key management scheme based on random key predistribution for heterogeneous wireless sensor networks (HSNs). As large-scale homogeneous networks suffer from high costs of communication, computation, and storage requirements, the HSNs are preferred because they provide better performance and security solutions for scalable applications in dynamic environments. We consider hierarchical HSN consisting of a small number high-end sensors and a large number of low-end sensors. To address storage overhead problem in the constraint sensor nodes, we incorporate a key generation process, where instead of generating a large pool of random keys, a key pool is represented by a small number of generation keys. For a given generation key and a publicly known seed value, a keyed-hash function generates a key chain; these key chains collectively make a key pool. As dynamic network topology is native to WSNs, the proposed scheme allows dynamic addition and removal of nodes. This paper also reports the implementation and the performance of the proposed scheme on Crossbow’s MicaZ motes running TinyOS. The results indicate that the proposed scheme can be applied efficiently in resource-constrained sensor networks. We evaluate the computation and storage costs of two keyed-hash algorithms for key chain generation, HMAC-SHA1 and HMAC-MD5.

Enabling end-to-end secure communication between wireless sensor networks and the Internet

In the paradigms of the Internet of Things (IoT) as well as the evolving Web of Things (WoT) and the emerging Wisdom Web of Things (W2T), not only can the data collected by the sensor nodes (i.e., the things) in the wireless sensor networks (WSNs) be transmitted to and processed at Internet nodes and subsequently transformed into information, knowledge, wisdom and eventually into services to serve humans, but human users can also access, control and manage the sensor nodes in the WSNs through nodes in the Internet. Since data are the basis for enabling applications and services in W2T, it becomes imperative that enabling technologies for end-to-end security be developed to secure data communication between Internet user nodes and sensor server nodes to protect the exchange of data. However, traditional security protocols developed for the Internet rely mostly on symmetric authentication and key management based on public key algorithms, thus are deemed to be unsuitable for WSNs due to resource constraints in the sensor nodes. Specifically, acting as the server nodes in this scenario, sensor nodes cannot take on the heavy duty like regular servers in the Internet. Meanwhile, current security mechanisms developed for WSNs have mainly focused on the establishment of keys between neighboring nodes at the link layer and thus are not considered to be effective for end-to-end security in the W2T scenario. In this paper, we propose an end-to-end secure communication scheme for W2T in WSNs in which we follow an asymmetric approach for authentication and key management using signcryption and symmetric key encryption. In our proposed scheme, a great part of the work for authentication and access control is shifted to a gateway between a WSN and the Internet to reduce the burden and energy consumption in the sensor nodes. In addition, our scheme can ensure the privacy of user identities and key negotiation materials, and denial of service (DoS) attacks targeted at the sensor nodes can be effectively blocked at the gateway. We will also conduct quantitative analysis and an experiment to show that our proposed scheme can enhance the effectiveness of end-to-end security while reducing the cost of sensor nodes in terms of computation, communication and storage overhead as well as the latency of handshaking compared to similar schemes that are based on Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.     

Energy-aware node placement,topology control and MAC scheduling for wireless sensor networks

In the WSNs, the nodes closer to the sink node have heavier traffic load for packet forwarding because they do not only collect data within their sensing range but also relay data for nodes further away. The unbalanced power consumption among sensor nodes may cause network partition. This paper proposes efficient node placement, topology control, and MAC scheduling protocols to prolong the sensor network lifetime, balance the power consumption of sensor nodes, and avoid collision. Firstly, a virtual tree topology is constructed based on Grid-based WSNs. Then two node-placement techniques, namely Distance-based and Density-based deployment schemes, are proposed to balance the power consumption of sensor nodes. Finally, a collision-free MAC scheduling protocol is proposed to prevent the packet transmissions from collision. In addition, extension of the proposed protocols are made from a Grid-based WSN to a randomly deployed WSN, enabling the developed energy-balanced schemes to be generally applied to randomly deployed WSNs. Simulation results reveal that the developed protocols can efficiently balance each sensor node’s power consumption and prolong the network lifetime in both Grid-based and randomly deployed WSNs.     

A New Protocol for the Detection of Node Replication Attacks in Mobile Wireless Sensor Networks

Wireless sensor networks (WSNs) are often deployed in harsh environments.Thus adversaries can capture some nodes,replicate them and deploy those replicas back into the strategic positions in the network to launch a variety of attacks.These are referred to as node replication attacks.Some methods of defending against node replication attacks have been proposed,yet they are not very suitable for the mobile wireless sensor networks.In this paper,we propose a new protocol to detect the replicas in mobile WSNs.In this protocol,polynomial-based pair-wise key pre-distribution scheme and Counting Bloom Filters are used to guarantee that the replicas can never lie about their real identifiers and collect the number of pair-wise keys established by each sensor node.Replicas are detected by looking at whether the number of pair-wise keys established by them exceeds the threshold.We also derive accurate closed form expression for the expected number of pair-wise keys established by each node,under commonly used random waypoint model.Analyses and simulations verify that the protocol accurately detects the replicas in the mobile WSNs and supports their removal.     

Secure and reliable clustering in wireless sensor networks: A critical survey

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols in WSNs with special emphasis on security and reliability issues. First, we define a taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.     

Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks

Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.     

基于演化博弈的无线传感器网络节能分簇路由算法

考虑到无线传感器网络中节点在冲突环境下决策时具有有限理性,近年来学者引入博弈论解决传感网分簇路由中自私节点的簇头选举问题。以往经典博弈分簇路由算法要求知道所有参与者行动的完全信息,并假设节点完全理性,这对于资源有限的传感器节点不切实际。本文提出了一种基于演化博弈论的无线传感器网络节能分簇路由算法(EECEG),通过演化博弈复制动态方程证明存在演化稳定策略(ESS)。算法将所有节点模拟为自私的博弈参与者,参与者可决策宣称自己成为簇头候选者(D)或不成为候选者(ND)。所有参与者根据自身剩余能量、邻居节点个数等因素自私决策,通过观察和模仿对手进行演化,直到收益均衡。实验结果表明,EECEG协议可有效延长网络生命周期,均衡节点间能耗,同时使数据传输更高效。     

Communication efficient shuffle for mental poker protocols

Mental poker protocols are considered to be computationally and communicationally consuming. A secure and fast mental poker protocol was proposed by Wang and Wei (2009) [26]. The cost of communication (total length of message) can be considered as feasible, but is still relatively expensive for networks with lower bandwidths. A shuffle requires 64 MB of data transmission for a typical setting (9 players, 52 cards, 1024 bit keys, and security parameter L = 100). The most communicationally consuming part of Wang and Wei’s protocol is the shuffle verification protocol SV.In this paper, we propose a new method to verify the integrity of the shuffle, namely, NewSV which can be used as a drop-in replacement for SV. NewSV is slower than SV. The benefit of using NewSV is that the communication cost can be greatly reduced. Using the same settings, if NewSV is used instead of SV, then 70% of the communication cost can be saved. A shuffle requires only 20 MB of data transmission for L = 100. The computational overhead is 7-2% for security parameter L = 30-100.This technique can be applied to a similar mental poker protocol proposed by Castella-Roca (2004) [7]. The Castella-Roca’s shuffle requires 154 MB of data transmission for L = 100. By using NewSV, 87% of the communication cost can be reduced so that only 20 MB of data transmission is required. The computational overhead is also 7-2% for L = 30-100.     

C-DTB-CHR: centralized density- and threshold-based cluster head replacement protocols for wireless sensor networks

Advances introduced to electronics and electromagnetics leverage the production of low-cost and small wireless sensors. Wireless sensor networks (WSNs) consist of large amount of sensors equipped with radio frequency capabilities. In WSNs, data routing algorithms can be classified based on the network architecture into flat, direct, and hierarchal algorithms. In hierarchal (clustering) protocols, network is divided into sub-networks in which a node acts as a cluster head, while the rest behave as member nodes. It is worth mentioning that the sensor nodes have limited processing, storage, bandwidth, and energy capabilities. Hence, providing energy-efficient clustering protocol is a substantial research subject for many researchers. Among proposed cluster-based protocols, low-energy adaptive clustering hierarchy (LEACH) and threshold LEACH (T-LEACH), as well as modified threshold-based cluster head replacement (MT-CHR) protocols are of a great interest as of being energy optimized. In this article, we propose two protocols to cluster a WSN through taking advantage of the shortcomings of these protocols (i.e., LEACH, T-LEACH, and MT-CHR), namely centralized density- and threshold-based cluster head replacement (C-DTB-CHR) and C-DTB-CHR with adaptive data distribution (C-DTB-CHR-ADD) protocols that mainly aim at optimizing energy through minimizing the number of re-clustering operations, precluding cluster heads nodes premature death, deactivating some nodes located at dense areas from cluster’s participation, as well as reducing long-distance communications. In particular, in C-DTB-CHR protocol, some nodes belong to dense clusters are put in the sleeping mode based on a certain node active probability, thereby reducing the communications with the cluster heads and consequently prolonging the network lifetime. Moreover, the base station is concerned about setting up the required clusters and accordingly informing sensor nodes along with their corresponding active probability. C-DTB-CHR-ADD protocol provides more energy optimization through adaptive data distribution where direct and multi-hoping communications are possible. Interestingly, our simulation results show impressive improvements over what are closely related in the literature in relation to network lifetime, utilization, and network performance degradation period.     

一种分层式无线传感器网络密钥分配管理方案

当传感器节点部署在开放的、无人照看、无物理保护的环境下,安全问题变得非常重要,即它们极易受到不同类型的恶意攻击.论文针对分层组织的无线传感器网络提出了一种安全的密钥管理方案,这种方案在一个簇中高效地分配密钥并更新预先部署的密钥以减轻对节点的有害攻击.     

一种WSNs中的强实体认证协议

无线传感器网络(WSNs)由于其部署环境的开放性、资源的有限性等特点,比传统网络更易受到安全方面的威胁,其安全问题变得极为重要。针对WSNs中的认证机制的效率和安全问题,提出了一种有效的强实体认证协议。通过采用秘密共享方案,通过多个节点对用户进行认证,能够有效地防止非法用户加入网络。通过实验分析和对比表明:协议既能满足网络对安全的需求,又能最大程度地节约传感器节点的能量。     

Intelligent antenna selection decision in IEEE 802.15.4 wireless sensor networks: An experimental analysis

The goal of this paper is to study the feasibility of making intelligent antenna selection decision in IEEE 802.15.4 Wireless Sensor Networks (WSNs). This study provides us the basis to design and implement software defined intelligent antenna switching capability to wireless sensor nodes based on Received Signal Strength Indicator (RSSI) link quality metric. First, we discuss the results of our newly designed radio module (Inverted-F Antenna) for 2.4 GHz bandwidth (WSNs). Second, we propose an intelligent antenna selection strategy to exploit antenna diversity. Third, we propose the prototype of our diversity antenna for the TelosB mote and the intelligent switch design. Finally, we compare the performance of the built-in TelosB antenna with our proposed external antenna in both laboratory and realistic environments. Experimental results confirm the gain of 6–10 dB of the proposed radio module over the built-in radio module of the TelosB motes.     

基于矩阵的无线传感器网络密钥预分配

为了提高邻居节点建立共享密钥的概率, 减少无线传感器网络资源的消耗, 从而进一步提高无线传感器网络中的连通性, 提出了一种基于矩阵的无线传感器网络的随机密钥部署方案。该方案在无线传感器的目标划分区域中采用3×3矩阵的方式进行密钥预分配, 使邻居节点共享直接密钥的个数为q, 提高了节点间共享密钥的阈值, 减少了节点存储冗余密钥的数量。数据分析和仿真结果表明, 该方案不但在存储密钥数量和安全性方面有较好的性能, 而且连通率为100%。     

面向异构WSNs的基于能量感知的簇路由算法

有效地使用传感节点的能量,进而延长网络寿命成为设计无线传感网路由协议的一项挑战性的工作.为了延长网络,现存的多数簇路由是面向同构网络.为此,提出分布式能量感知的异构WSNs非均匀分簇路由DEAC(Distributed Energy Aware unequal Clustering)算法.DEAC算法是以EADUC(Energy Aware Distributed Unequal Clustering)为基础,并进行优化.与EADUC不同,DEAC算法从簇头竞选机制、簇间多跳通信中的下一跳转发节点的选择策略以及自适应的节点通信半径的设置三方面进行优化.在簇头竞选机制中,采用退避算法,利用节点的剩余能量以及邻居节点的平均能量设置延时时间;在选择下一跳转发节点时,建立节点的关于能量的度量函数,选择具有最大剩余能量的节点作为下一跳;而在设置节点通信半径时,考虑了距离、剩余能量以及邻居节点数信息.仿真结果表明,与EADUC协议相比,提出的DEAC算法能够有效地延缓第1个节点失效的时间,减少了能耗,扩延网络寿命.     

Improving the computational efficiency of modular operations for embedded systems

Security protocols such as IPSec, SSL and VPNs used in many communication systems employ various cryptographic algorithms in order to protect the data from malicious attacks. Thanks to public-key cryptography, a public channel which is exposed to security risks can be used for secure communication in such protocols without needing to agree on a shared key at the beginning of the communication. Public-key cryptosystems such as RSA, Rabin and ElGamal cryptosystems are used for various security services such as key exchange and key distribution between communicating nodes and many authentication protocols. Such public-key cryptosystems usually depend on modular arithmetic operations including modular multiplication and exponentiation. These mathematical operations are computationally intensive and fundamental arithmetic operations which are intensively used in many fields including cryptography, number theory, finite field arithmetic, and so on. This paper is devoted to the analysis of modular arithmetic operations and the improvement of the computation of modular multiplication and exponentiation from hardware design perspective based on FPGA. Two of the well-known algorithms namely Montgomery modular multiplication and Karatsuba algorithms are exploited together within our high-speed pipelined hardware architecture. Our proposed design presents an efficient solution for a range of applications where area and performance are both important. The proposed coprocessor offers scalability which means that it supports different security levels with a cost of performance. We also build a system-on-chip design using Xilinx’s latest Zynq-7000 family extensible processing platform to show how our proposed design improve the processing time of modular arithmetic operations for embedded systems.     

Reliable and energy-efficient data collection in sparse sensor networks with mobile elements

Sparse wireless sensor networks (WSNs) are emerging as an effective solution for a wide range of applications, especially for environmental monitoring. In many scenarios, a moderate number of sparsely deployed nodes can be sufficient to get the required information about the sensed phenomenon. To this end, special mobile elements, i.e. mobile data collectors (MDCs), can be used to get data sampled by sensor nodes. In this paper we present an analytical evaluation of the data collection performance in sparse WSNs with MDCs. Our main contribution is the definition of a flexible model which can derive the total energy consumption for each message correctly transferred by sensors to the MDC. The obtained energy expenditure for data transfer also accounts for the overhead due to the MDC detection when sensor nodes operate with a low duty cycle. The results show that a low duty cycle is convenient and allows a significant amount of correctly received messages, especially when the MDC moves with a low speed. When the MDC moves fast, depending on its mobility pattern, a low duty cycle may not always be the most energy efficient option.     

无线传感器网络分簇路由节能研究

在大规模传感和环境监测中,节约能源延长传感器节点生命已成为无线传感器网络最重要的研究课题之一。提供合理的能源消耗和改善无线网络生命周期的传感器网络系统,必须设计一种新的有效的节能方案和节能路由体系。方案采用一种聚类算法减少无线传感器网络的能量消耗,创建一种cluster-tree分簇路由结构的传感器网络。该方案主要目标是做一个理想的分簇分配,减少传感器节点之间的数据传输距离,降低传感器节点能源消耗,延长寿命。实验结果表明,该方案有效地降低了能源消耗从而延长无线传感器网络生命。     

Spatial–temporal compression and recovery in a wireless sensor network in an underground tunnel environment

In an exciting new application, wireless sensor networks (WSNs) are increasingly being deployed to monitor the structure health of underground subway tunnels, promising many advantages over traditional monitoring methods. As a result, ensuring efficient data communication, transmission, and storage have become a huge challenge for these systems as they try to cope with ever increasing quantities of data collected by ever growing numbers of sensor nodes. A key approach of managing big data in WSNs is through data compression. Reducing the volume of data traveling between sensor nodes can reduce the high energy cost of data transmission, as well as save space for storage of big data. In this paper, we propose an algorithm for the compression of spatial–temporal data from one data type of sensor node in a WSN deployed in an underground tunnel. The proposed algorithm works efficiently because it considers temporal as well as spatial features of sensor data. A recovery process is required for recovering the data with a close approximation to the original data form nodes. We validate the proposed recovery technique through computational experiments carried out using the data acquired from a real WSN.     

Existence of dumb nodes in stationary wireless sensor networks

Wireless sensor networks (WSNs), which are typically autonomous and unattended, require energy-efficient and fault-tolerant protocols to maximize the network lifetime and operations. In this work, we consider a previously unexplored aspect of the sensing nodes – dumb behavior. A sensor node is termed as “dumb”, when it can sense its surroundings, but cannot communicate with its neighbors due to shrinkage in communication range attributed to adverse environmental effects and can behave normally in the presence of favorable environment. As a result of this temporary behavior, a node may get isolated from the network when adverse environmental effects are present, but re-connects with the network with the resumption of favorable environmental conditions. We consider the effects of dumb nodes on the, otherwise, energy-efficient stationary WSNs having complete network coverage achieved using sufficient number of activated sensor nodes. While the presence of redundancy in the deployment of nodes, or the number of active nodes can guarantee communication opportunities, such deployment is not necessarily energy-efficient and cost-effective. The dumb behavior of nodes results in wastage of power, thereby reducing the lifetime of a network. Such effects can be detrimental to the performance of WSN applications. The simulation results exhibit that the network performance degrades in the presence of dumb nodes in stationary WSNs.