Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

A Multi-service Group Key Management Scheme for Stateless Receivers in Wireless Mesh Networks

Wireless mesh networks facilitate the development of the many group oriented applications by extending the coverage area of the group communication. Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. In this study, we propose a topology-matching decentralized multi-service group key management scheme for wireless mesh networks. It allows service providers to update and deliver their group keys to valid members in a distributed manner using the identity-based encryption scheme. The analysis result indicates that the proposed scheme has advantages with regard to the rekeying cost and storage overhead for a member and a mesh point in multi-sender group communication environments. The stateless property is also achieved such that a stateless member, who could not be constantly online, can easily decrypt the rekeying messages without recording the past history of transmission.     

LNT: A logical neighbor tree secure group communication scheme for wireless sensor networks

Secure group communication is a paradigm that primarily designates one-to-many communication security. The proposed works relevant to secure group communication have predominantly considered the whole network as being a single group managed by a central powerful node capable of supporting heavy communication, computation and storage cost. However, a typical Wireless Sensor Network (WSN) may contain several groups, and each one is maintained by a sensor node (the group controller) with constrained resources. Moreover, the previously proposed schemes require a multicast routing support to deliver the rekeying messages. Nevertheless, multicast routing can incur heavy storage and communication overheads in the case of a wireless sensor network. Due to these two major limitations, we have reckoned it necessary to propose a new secure group communication with a lightweight rekeying process. Our proposal overcomes the two limitations mentioned above, and can be applied to a homogeneous WSN with resource-constrained nodes with no need for a multicast routing support. Actually, the analysis and simulation results have clearly demonstrated that our scheme outperforms the previous well-known solutions.     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks

Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC??s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes?? energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first. In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing. Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks

In this article two novel group-wise key distribution schemes with time-limited node revocation are introduced for secure group communications in wireless sensor networks. The proposed key distribution schemes are based on two different hash chain structures, dual directional hash chain and hash binary tree. Their salient security properties include self-healing rekeying message distribution, which features a periodic one-way rekeying function with efficient tolerance for lost rekeying messages; and time-limited dynamic node attachment and detachment. Security evaluation shows that the proposed key distribution schemes generally satisfy the requirement of group communications in WSNs with lightweight communication and computation overhead, and are robust under poor communication channel quality.     

Predistribution and local collaboration-based group rekeying for wireless sensor networks

When a sensor network is deployed in a hostile environment, an adversary may launch such attacks as eavesdropping the communications and compromising sensor nodes. Using the compromised nodes, he may inject false sensing reports or modify the reports sent by other nodes. To defend against these attacks, researchers have proposed symmetric group key-based schemes. In these schemes, however, if a large number of nodes are compromised, many (sub)group keys will be revealed. This greatly endangers the filtering schemes, making them very ineffective or even useless. To address this problem, we propose a family of predistribution and local collaboration-based group rekeying (PCGR) schemes, which update the compromised group keys to prevent the compromised nodes from understanding the communications between noncompromised nodes or injecting false data. These schemes are designed based on a simple while controversial idea – preload future group keys into sensor nodes before their deployment. To protect the preloaded keys from being disclosed by compromised nodes, we propose a novel technique that requires neighboring nodes to collaborate to derive the future group keys. To the best of our knowledge, our schemes are the first set of distributed group rekeying schemes for sensor networks without involving online key servers. Extensive analysis and simulations are conducted to evaluate the proposed schemes, and the results show that the proposed schemes can achieve a good level of security, outperform several previous group rekeying schemes, and significantly improve the effectiveness of false data filtering.     

适用于传感器网络的分级群组密钥管理

 由于无线传感器网络中经常出现节点加入或离开网络的情况,所以需要建立一种安全高效的群组密钥管理系统来保证无线传感器网络中群组通信的安全性.提出了一种基于密钥树和中国剩余定理的分级群组密钥管理方案.有sensor节点加入,先向新成员发送二级群组密钥,可参与一些不太敏感的数据的传送;待新成员获得GCKS的信任之后,则向其发送群组密钥,从而可参与有关机密信息的会话.节点离开时,通过利用完全子集方法将剩余成员进行分割,提出的方案可以利用中国剩余定理对群组密钥进行安全的更新.证明方案满足正确性、群组密钥保密性、前向保密性和后向保密性等安全性质.性能分析表明,此方案适合应用于无线传感器网络环境.     

An Enhanced Hierarchical Key Management Scheme for MANETs

Security is one of the major issues in Mobile Ad-hoc Networks (MANETs). Their natural characteristics make them vulnerable to numerous severe attacks. In this paper, we present an enhanced hierarchical key management scheme for secure group communications in MANETs. The proposed approach primarily aims at improving security and complexity, especially complexity in the level of ordinary members for joining or leaving processes to achieve the most possible dynamic characteristic of MANETs without neglecting network security. The proposal scheme is designed with the potential of developing an efficient model interested in keying applied on hierarchical structure to increase the security and make no need to apply rekeying of all group members in different sub-levels as made by hierarchical key management scheme (HKMS). Also, it reduces complexity of processing load, memory usage and improves resources. In the proposed model, each communication between two nodes have a unique key to make it more secure with encrypting messages by different keys for more than one time and support node flexibility. Experiments are carried out on the proposed scheme to show the effect of complexity on each node in different grades and results are compared with traditional HKMS.     

A data transmission protocol for reliable and energy-efficient data transmission in a wireless sensor-actuator network

In a wireless sensor-actuator network, sensor nodes gather information on the physical world and can deliver messages with sensed values to only nearby nodes due to weak radio. Thus, messages sent by nodes might be lost due to not only collision but also noise. Messages are forwarded by sensor nodes to an actuator node. In the redundant data transmission (RT) protocol, a sensor node sends a message with not only its sensed value but also sensed values received from other sensor nodes. Even if a message with a sensed value v is lost, an actuator node can receive the value v from a message sent by another sensor node. In addition, we have to reduce the energy consumption of a sensor node. A sensor node mainly consumes the energy to send and receive messages. Even if an event occurs, only some number of sensor nodes sensing the event send the sensed values to reduce the total energy consumption. We discuss an energy-efficient data transmission protocol. We evaluate the RT protocol compared with the CSMA protocol in terms of how much sensing data a node can receive in presence of messages loss. We evaluate the RT protocol in terms of how many number of sensed values an actuator node can receive in presence of message loss. We show that about 72% of sensed values can be delivered to an actuator node even if 95% of messages are lost due to noise and collision.     

A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks

In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis.     

A Two-Layer Key Establishment Scheme for Wireless Sensor Networks

In a large scale sensor network, it is infeasible to assign a unique Transport Layer Key (TLK) for each pair of nodes to provide the end-to-end security due to the huge memory cost per node. Thus, conventional key establishment schemes follow a key predistribution approach to establish a Link Layer Key (LLK) infrastructure between neighboring nodes and rely on multihop paths to provide the end-to-end security. Their drawbacks include vulnerability to the node compromise attack, large memory cost, and energy inefficiency in the key establishment between neighboring nodes. In this paper, we propose a novel key establishment scheme, called LAKE, for sensor networks. LAKE uses a t-degree trivariate symmetric polynomial to facilitate the establishment of both TLKs and LLKs between sensor nodes in a two-dimensional space, where each node can calculate direct TLKs and LLKs with some logically neighboring nodes and rely on those nodes to negotiate indirect TLKs and LLKs with other nodes. Any two end nodes can negotiate a TLK on demand directly or with the help of only one intermediate node, which can be determined in advance. As for the LLK establishment, LAKE is more secure under the node compromise attack with much less memory cost than conventional solutions. Due to the location-based deployment, LAKE is also energy efficient in that each node has direct LLKs with most neighbors without spending too much energy on the establishment of indirect LLKs with neighbors through multihop routing.     

Energy efficient secured routing protocol for MANETs

The design of routing protocol with energy efficiency and security is a challenging task. To overcome this challenge, we propose energy-efficient secured routing protocol. The objective of our work is to provide a secured routing protocol, which is energy efficient. To provide security for both link and message without relying on the third party, we provide security to the protocol by choosing a secure link for routing using Secure Optimized Link State Routing Protocol. Each node chooses multipoint relay nodes amongst the set of one-hop neighbors, so as to reach all two-hop neighbors. The access control entity authorizes nodes announcing the node identification to the network. In addition, the access control entity signs a public key Ki, a private key ki, and the certificate Ci required by an authorized node to obtain the group key. Each node maintains a route table with power status as one of its entry. After selecting the link, on requirement of a new route, we check nodes’ power status in its routing table and then accordingly arise a route. Then, we perform group key distribution using the generated keys using a small number of messages which helps reducing energy consumption. The group key can be altered periodically to avoid nonauthorized nodes and to avoid the use of the same group key in more than some amount of data. Then, we provide communication privacy for both message sender and message recipient using Secure Source Anonymous Message Authentication Scheme. Thereby, the message sender or the sending node generates a source anonymous message authentication for message for releasing each message based on the MES scheme. Hence, our approach will provide message content authenticity without relying on any trusted third parties.     

Topology Management Ensuring Reliability in Delay Sensitive Sensor Networks with Arbitrary Node Failures

The lifetime of a sensor network is influenced by the efficient utilization of the resource constrained sensor nodes. The tree-based data gathering offers good quality of service (QoS) for the running applications. However, data gathering at the sink reduces the network lifetime due to a fast failure of highly loaded nodes. Loss of connectivity and sensing coverage affect the performance of the applications that demand critical QoS. In this paper, a data gathering tree management scheme has been proposed to deal with arbitrary node failures in delay-sensitive sensor networks. A load-balanced distributed BFS tree construction procedure has been introduced for an efficient data gathering. Based on the initial tree construction, a tree maintenance scheme and an application message handler have been designed to ensure the reliable delivery of the application messages. The correctness of the proposed scheme has been verified both theoretically and with the help of simulation. The proposed scheme offers low overhead, enhanced network lifetime and good QoS in terms of delay and reliability of the application messages.     

A cost‐effective attack matrix based key management scheme with dominance key set for wireless sensor network security

To guarantee the proper functionality of wireless sensor network even in the presence of the potential threats, a well‐designed key management scheme is very important. The assumptions about attackers critically influence the performance of security mechanisms. This paper investigates the problem of node capture from adversarial view point in which the adversary intelligently exploits the different vulnerabilities of the network to establish a cost‐effective attack matrix. To counteract such attacks, the defender or the network designer constructs similar attack matrix. The defender will identify a set of critical nodes and use the key compromise relationship to assign a key dominance rank to each node of the network. The key dominance rank quantifies the possibility of attack on a particular node. It is used to determine the hash chain length. It is also used to improve the security of path key establishment as well as rekeying of the proposed scheme. The performance of the proposed scheme is analyzed with other existing schemes, and it is shown that it outperforms with increased resilience against node capture, reduced number of hash computations, reduced key compromise probability of proxy nodes, and reduced number of revoked links during rekeying process.     

Node localization using mobile robots in delay-tolerant sensor networks

We present a novel scheme for node localization in a delay-tolerant sensor network (DTN). In a DTN, sensor devices are often organized in network clusters that may be mutually disconnected. Some mobile robots may be used to collect data from the network clusters. The key idea in our scheme is to use this robot to perform location estimation for the sensor nodes it passes based on the signal strength of the radio messages received from them. Thus, we eliminate the processing constraints of static sensor nodes and the need for static reference beacons. Our mathematical contribution is the use of a robust extended Kalman filter (REKF)-based state estimator to solve the localization. Compared to the standard extended Kalman filter, REKF is computationally efficient and also more robust. Finally, we have implemented our localization scheme on a hybrid sensor network test bed and show that it can achieve node localization accuracy within 1 m in a large indoor setting.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

Energy efficient geographical key management scheme for authentication in mobile wireless sensor networks

In wireless sensor networks, a sensor node communicates with a small set of neighbour sensor nodes and with the base station through a group leader or a cluster head. However, in some occasions, a sensor node required to move in the sensor networks. The node has to change its own position with the requirement of applications. Considering this phenomena, in this paper, we propose to design an angular function and private key management system authenticated by group leader for the transmission of a node. In the proposed scheme, the group is divided into sectors. The motion of the node is related with the angles to the group leader, which is the basis of our proposal. The nodes movement and activity should be tracked. The proposed scheme attains high connectivity and security with the help of the directional transreceiver. The lifetime of a node is increased, and it enables a node to move through the network and to transmit data to its neighbors.