A Full Connectable and High Scalable Key Pre-distribution Scheme Based on Combinatorial Designs for Resource-Constrained Devices in IoT Network

Considering the internet of things (IoT), end nodes such as wireless sensor network, RFID and embedded systems are used in many applications. These end nodes are known as resource-constrained devices in the IoT network. These devices have limitations such as computing and communication power, memory capacity and power. Key pre-distribution schemes (KPSs) have been introduced as a lightweight solution to key distribution in these devices. Key pre-distribution is a special type of key agreement that aims to select keys called session keys in order to establish secure communication between devices. One of these design types is the using of combinatorial designs in key pre-distribution, which is a deterministic scheme in key pre-distribution and has been considered in recent years. In this paper, by introducing a key pre-distribution scheme of this type, we stated that the model introduced in the two benchmarks of KPSs comparability had full connectivity and scalability among the designs introduced in recent years. Also, in recent years, among the combinatorial design-based key pre-distribution schemes, in order to increase resiliency as another criterion for comparing KPSs, attempts were made to include changes in combinatorial designs or they combine them with random key pre-distribution schemes and hybrid schemes were introduced that would significantly reduce the design connectivity. In this paper, using theoretical analysis and maintaining full connectivity, we showed that the strength of the proposed design was better than the similar designs while maintaining higher scalability.

     

一种基于二次型的无线传感器网络密钥管理方案

针对现有的基于多项式的密钥预分配管理方案受限于节点间密钥共享率和网络连通率等问题,文中提出了一种基于二次型的无线传感器密钥管理方案.该方案突破现有二元t次对称多项式建立共享密钥的思路,引入多元非对称二次型多项式,利用二次型特征值与特征向量之间的关系,分析证明二次型正交对角化的特性,生成密钥信息,节点则通过交换密钥信息实现身份认证,生成与邻居节点之间独立唯一的会话密钥.性能分析表明,与现有的密钥管理方案相比,方案在抗俘获性、连通性、可扩展性、通信开销和存储开销上有较大的改进.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

Modeling Pairwise Key Establishment for Random Key Predistribution in Large-Scale Sensor Networks

Sensor networks are composed of a large number of low power sensor devices. For secure communication among sensors, secret keys are required to be established between them. Considering the storage limitations and the lack of post-deployment configuration information of sensors, random key predistribution schemes have been proposed. Due to limited number of keys, sensors can only share keys with a subset of the neighboring sensors. Sensors then use these neighbors to establish pairwise keys with the remaining neighbors. In order to study the communication overhead incurred due to pairwise key establishment, we derive probability models to design and analyze pairwise key establishment schemes for large-scale sensor networks. Our model applies the binomial distribution and a modified binomial distribution and analyzes the key path length in a hop-by-hop fashion. We also validate our models through a systematic validation procedure. We then show the robustness of our results and illustrate how our models can be used for addressing sensor network design problems.     

SBK: A Self-Configuring Framework for Bootstrapping Keys in Sensor Networks

Key pre-distribution has been claimed to be the only viable approach for establishing shared keys between neighboring sensors after deployment for a typical sensor network. However, none of the proposed key pre-distribution schemes simultaneously achieves good performance in terms of scalability in network size, key-sharing probability between neighboring sensors, memory overhead for keying information storage, and resilience against node capture attacks. In this paper, we propose SBK, an in-situ self-configuring framework to bootstrap keys in large-scale sensor networks. SBK is fundamentally different compared to all key pre-distribution schemes. It requires no keying information pre-deployment. In SBK, sensors differentiate their roles as either service nodes or worker nodes after deployment. Service sensors construct key spaces, and distribute keying information in order for worker sensors to bootstrap pairwise keys. An improved scheme, iSBK, is also proposed to speed up the bootstrapping procedure. We conduct both theoretical analysis and simulation study to evaluate the performances of SBK and iSBK. To the best of our knowledge, SBK and iSBK are the only key establishment protocols that simultaneously achieve good performance in scalability, key-sharing probability, storage overhead, and resilience against node capture attacks.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

An effective key management scheme for heterogeneous sensor networks

Security is critical for sensor networks used in military, homeland security and other hostile environments. Previous research on sensor network security mainly considers homogeneous sensor networks. Research has shown that homogeneous ad hoc networks have poor performance and scalability. Furthermore, many security schemes designed for homogeneous sensor networks suffer from high communication overhead, computation overhead, and/or high storage requirement. Recently deployed sensor network systems are increasingly following heterogeneous designs. Key management is an essential cryptographic primitive to provide other security operations. In this paper, we present an effective key management scheme that takes advantage of the powerful high-end sensors in heterogeneous sensor networks. The performance evaluation and security analysis show that the key management scheme provides better security with low complexity and significant reduction on storage requirement, compared with existing key management schemes.     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

Tree-based key predistribution for wireless sensor networks

The establishment of secure links between neighboring nodes is one of the most challenging problems in wireless sensor networks. In this article, we present an efficient key predistribution scheme for sensor networks such that pairwise keys are defined by iterated hash computations based on a tree structure. Our scheme can be regarded as an improvement of HARPS, Ramkumar and Memon (IEEE J Sel Area Commun 23(3):611–621, 2005),or a generalization of Leighton and Micali’s scheme (Lect Notes Comput Sci 773:456–479, 1994). We rigorously analyze our scheme focusing on the resiliency of the network and hash computational complexity for each node and compare the performance with existing schemes. Specifically, we show that our scheme provides stronger resiliency and requires less hash computational complexity than HARPS.     

Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks

Secure communications in wireless sensor networks operating under adversarial conditions require providing pairwise (symmetric) keys to sensor nodes. In large scale deployment scenarios, there is no priory knowledge of post deployment network configuration since nodes may be randomly scattered over a hostile territory. Thus, shared keys must be distributed before deployment to provide each node a key-chain. For large sensor networks it is infeasible to store a unique key for all other nodes in the key-chain of a sensor node. Consequently, for secure communication either two nodes have a key in common in their key-chains and they have a wireless link between them, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path have a key in common. Length of the key-path is the key factor for efficiency of the design. This paper presents novel deterministic and hybrid approaches based on Combinatorial Design for deciding how many and which keys to assign to each key-chain before the sensor network deployment. In particular, Balanced Incomplete Block Designs (BIBD) and Generalized Quadrangles (GQ) are mapped to obtain efficient key distribution schemes. Performance and security properties of the proposed schemes are studied both analytically and computationally. Comparison to related work shows that the combinatorial approach produces better connectivity with smaller key-chain sizes     

LoWaNA: low overhead watermark based node authentication in WSN

Nodes in a wireless sensor network (WSN) are generally deployed in unattended environments making them susceptible to attacks. Therefore, the need of defending such attacks is of utmost importance. The challenge in providing security in this network is that the securing mechanism must be lightweight to make it implementable for such resource-constrained nodes. A robust security solution for such networks must facilitate authentication of sensor nodes. So far, only data authentication has drawn much attention from the research community. In this paper, a digital watermark based low-overhead solution (LoWaNA) is proposed for node authentication. The proposed watermarking technique consists of three modules viz. watermark generation, embedding and detection. The robustness of the algorithm is measured in terms of cracking probability and cracking time. This robustness analysis helps us to set the design guideline regarding size of watermark. Performance of the scheme is analyzed in terms of storage, computation and communication overhead. The analytical results are compared with two of the existing schemes and that show significant reduction of all such overheads. Thus it proves the suitability of the proposed scheme for resource-constrained networks like WSN. Finally the entire scheme is simulated in Cooja, the Contiki network simulator to make it readily implementable in real life mote e.g. MICAz.

     

HTMS: Fuzzy Based Hierarchical Trust Management Scheme in WSN

The state of the art trust management techniques especially designed for wireless sensor network, are not well suited due to less battery power and less memory of sensor nodes. In this work, we propose a fuzzy based hierarchical trust management scheme which includes direct trust calculation on real time past experience and credit based calculation and indirect trust calculation on peer recommendation. In this scheme cluster head and base station maintains constructive knowledge table based on fuzzy logic which reduces memory and communication overhead. As a whole the scheme reduces the communication overhead, computational time and memory utilization because it deals with decision rather than data compare to other existing schemes.

     

Hexagonal Clustered Trust Based Distributed Group Key Agreement Scheme in Mobile Ad Hoc Networks

Secure and efficient group communication among mobile nodes is one of the significant aspects in mobile ad hoc networks (MANETs). The group key management (GKM) is a well established cryptographic technique to authorise and to maintain group key in a multicast communication, through secured channels. In a secure group communication, a one-time session key is required to be shared between the participants by using distributed group key agreement (GKA) schemes. Due to the resource constraints of ad hoc networks, the security protocols should be communication efficient with less overhead as possible. The GKM solutions from various researches lacks in considering the mobility features of ad hoc networks. In this paper, we propose a hexagonal clustered one round distributed group key agreement scheme with trust (HT-DGKA) in a public key infrastructure based MANET environment. The proposed HT-DGKA scheme guarantees an access control with key authentication and secrecy. The performance of HT-DGKA is evaluated by simulation analysis in terms of key agreement time and overhead for different number of nodes. Simulation results reveal that the proposed scheme guarantees better performance to secure mobile ad hoc network. It is demonstrated that the proposed scheme possesses a maximum of 2250 ms of key agreement time for the higher node velocity of 25 m/s and lower key agreement overhead. Also, the HT-DGKA scheme outperforms the existing schemes in terms of successful message rate, packet delivery ratio, level of security, computation complexity, number of round, number of exponentiations and number of message sent and received that contribute to the network performance.

     

New key pre-distribution scheme using symplectic geometry over finite fields for wireless sensor networks

To achieve secure communication in wireless sensor networks (WSNs), where sensor nodes with limited computation capability are randomly scattered over a hostile territory, various key pre-distribution schemes (KPSs) have been proposed. In this paper, a new KPS is proposed based on symplectic geometry over finite fields. A fixed dimensional subspace in a symplectic space represents a node, all 1-dimensional subspaces represent keys and every pair of nodes has shared keys. But this naive mapping does not guarantee a good network resiliency. Therefore, it is proposed an enhanced KPS where two nodes have to compute a pairwise key, only if they share at least q common keys. This approach enhances the resilience against nodes capture attacks. Compared with the existence of solution, the results show that new approach enhances the network scalability considerably, and achieves good connectivity and good overall performance.     

一种基于ID的传感器网络密钥管理方案

对偶密钥的建立是无线传感器网络的安全基础,它使得节点之间能够进行安全通信。但是由于节点资源的限制,传统的密钥管理方法在传感器网络中并不适用。在分析了现有密钥预分配协议的前提下,该文提出一种新的基于ID的密钥预分配协议。此协议用计算和比较散列值的方式替代广播方式协商密钥,减少了传感器节点大量的通信消耗。然后,分析了所提出方案的安全性、通信量和计算量,并和已有协议进行了比较。结果表明本文的方法不仅能保证安全性,而且节约了大量通信资源。     

An Efficient Grid-Based Pairwise Key Predistribution Scheme for Wireless Sensor Networks

Research on wireless sensor networks (WSNs) has been receiving a lot of attention recently. Because of the constraints on the cost of hardware, there are a lot of restrictions regarding memory, computational ability, and energy consumption, hampering WSN research. So far, many key establishment schemes have been proposed for WSNs. For the proposed schemes, random key predistribution is a practical solution. With this, each sensor shares a common key with its neighbors via predistributed keys. However, it may happen that two sensor nodes do not share a common key. In this paper, an efficient grid-based pairwise key predistribution scheme for WSNs is proposed. In the proposed scheme, multiple polynomials for each row, each column, and each diagonal in the grid are constructed. Then, each sensor node in each row, column, and diagonal in the grid establishes a pairwise key with the other node using the predistributed symmetric polynomial. Simulation results demonstrate the effectiveness of the proposed scheme in increasing the probability of establishing pairwise keys and reducing communication overhead.     

一种新的基于辛空间的密钥预分配方案

密钥预分配是无线传感器网络中最具挑战的安全问题之一。 该文基于有限域上辛空间中子空间之间的正交关系构造了一个新的组合设计,并基于该设计构造了一个密钥预分配方案。令V 是有限域上8维辛空间中的一个(4,2)型子空间,V 中每一个(1,0)型子空间看作密钥预分配方案中的一个节点,所有的(2,1)型子空间看作该方案的一个密钥池。将整个目标区域划分为若干个大小相同的小区,每个小区有普通节点和簇头两种类型的传感器节点。小区内的普通节点采用基于辛空间的密钥预分配方案分发密钥,不同小区内节点所用密钥池互不相同,因此不同小区内的节点需通过簇头建立间接通信,不同小区内簇头采用完全密钥预分配方式分发密钥。与其他方案相比,该方案的最大优势是网络中节点的抗捕获能力较强,且随着网络规模的不断扩大,网络的连通概率逐渐趋于1。     

Centralized Key Management Scheme in Wireless Sensor Networks

Today, key management is widely recognized as an important aspect of security in wireless sensor networks. In these networks, sensor nodes can be either mobile or static. Therefore, supporting the mobility of the nodes can be regarded as a purpose of key management schemes. In our previous work, we presented a key management scheme that was more efficient with respect to security and connectivity compared to the other ones. In that scheme, it is assumed that the nodes are static. In this paper we are going to present a scheme that supports the mobility of the nodes and makes the initial scheme more flexible. The basic criterion for the evaluation of the scheme is the communication overhead. First, the nodes establish a secure link with the cluster heads and then establish a secure link among themselves with the help of the cluster heads. We have analyzed this scheme with regards to the communication overhead and we will compare it with the other schemes.     

Location-based compromise-tolerant security mechanisms for wireless sensor networks

Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.     

A dynamic TDMA based scheme for securing query processing in WSN

Nodes in a wireless sensor network (WSN) are generally deployed in unattended environments making the nodes susceptible to attacks. Therefore, the need of defending such attacks becomes a big challenge. We propose a scheme to build a security mechanism in a query-processing paradigm within WSN. The scheme is capable of protecting replay attack while preserving essential properties of security such as authentication, data integrity and data freshness. The solution is made lightweight using symmetric key cryptography with very short-length key. Further, the key used in our scheme is neither pre-deployed nor is transmitted directly. The key information is established among nodes through an efficient use of one variant of dynamic TDMA mechanism which ensures security of key. Another variant of dynamic TDMA is used to make the scheme bandwidth saving, an essential quality of WSN. Performance of the scheme is analyzed in terms of storage, computation and communication overhead. Finally the analytical results are compared with two of the existing schemes including the previous version of the present scheme that show significant reduction of all such overheads thereby proving the suitability of the proposed scheme for a resource-constrained network like WSN.