Practical and secure localization and key distribution for wireless sensor networks

In many applications of wireless sensor networks, sensor nodes are manually deployed in hostile environments where an attacker can disrupt the localization service and tamper with legitimate in-network communication. In this article, we introduce Secure Walking GPS, a practical and cost effective secure localization and key distribution solution for real, manual deployments of WSNs. Using the location information provided by the GPS and inertial guidance modules on a special master node, Secure Walking GPS achieves accurate node localization and location-based key distribution at the same time. We evaluate our localization solution in real deployments of MicaZ. Our experiments show that 100% of the deployed nodes localize (i.e., have a location position) and that the average localization errors are within 1–2 m, due mainly to the limitations of the existing commercial GPS devices. Our further analysis and simulation results indicate that the Secure Walking GPS scheme makes a deployed WSN resistant to the Dolev-Yao, the wormhole, and the GPS-denial attacks, the scheme is practical for large-scale deployments with resource-constrained sensor nodes and has good localization and key distribution performance.     

LiteST：一种无线传感器网络轻量级安全时间同步协议

提出了一个简单的时间同步广播报文完整性认证方法.在此基础上,结合单向链(而非复杂得多的μTESLA)提供的发送节点身份认证功能和冗余机制提供的防止内部节点攻击功能,设计了一个轻量级的安全时间同步协议LiteST(lightweight secure time).理论分析和仿真实验结果表明,LiteST能够防御外部攻击并能容忍内部攻击节点发送错误信息,达到了目前虽好的安全时间同步协议TinySeRSync类似的安全性.32个Mica2节点组成的原型系统实验结果表明LiteST协议取得了与没有安全机制的FrSP协议几乎相同的时间同步精度.LiteST协议与安全相关的计算开销大约只有TinySeRSync的五分之一:通信开销为其1/(2m+2),其中m为网络节点的平均邻居数;其存储开销在实际的场景下也显著降低.     

无线传感器网络中基于EBS的高效安全的群组密钥管理方案

为了保证无线传感器网络(WSN)群组通信的安全性,设计了一种基于EBS的群组密钥管理方案.提出方案首先通过合并链状簇和星型簇简化无线传感器网络的拓扑结构,然后通过增加网络被捕获时所需入侵节点的数量来防止攻击者通过少量共谋节点得到所有管理密钥,之后利用图染色算法对分配密钥组合的节点进行排序,并依据海明距离和EBS方法对网络中的传感器节点进行管理密钥分配.在此基础上给出了对传感器节点的加入和离开事件进行处理的方法.在有效性和性能分析阶段,首先通过2个实验分别对提出方案中共谋攻击的可能性和入侵节点数量对网络抵抗共谋攻击能力的影响进行分析,实验结果表明提出方案增强了WSN抵抗共谋攻击的能力;然后对提出方案和SHELL在加入事件和离开事件时的系统代价进行比较,结果表明提出方案所需的密钥更新消息数量和传感器节点存储量均小于SHELL方案.     

Multiregional secure localization using compressive sensing in wireless sensor networks

Security and accuracy are two issues in the localization of wireless sensor networks (WSNs) that are difficult to balance in hostile indoor environments. Massive numbers of malicious positioning requests may cause the functional failure of an entire WSN. To eliminate the misjudgments caused by malicious nodes, we propose a compressive‐sensing–based multiregional secure localization (CSMR_SL) algorithm to reduce the impact of malicious users on secure positioning by considering the resource‐constrained nature of WSNs. In CSMR_SL, a multiregion offline mechanism is introduced to identify malicious nodes and a preprocessing procedure is adopted to weight and balance the contributions of anchor nodes. Simulation results show that CSMR_SL may significantly improve robustness against attacks and reduce the influence of indoor environments while maintaining sufficient accuracy levels.     

Privacy preservation in wireless sensor networks: A state-of-the-art survey

Much of the existing work on wireless sensor networks (WSNs) has focused on addressing the power and computational resource constraints of WSNs by the design of specific routing, MAC, and cross-layer protocols. Recently, there have been heightened privacy concerns over the data collected by and transmitted through WSNs. The wireless transmission required by a WSN, and the self-organizing nature of its architecture, makes privacy protection for WSNs an especially challenging problem. This paper provides a state-of-the-art survey of privacy-preserving techniques for WSNs. In particular, we review two main categories of privacy-preserving techniques for protecting two types of private information, data-oriented and context-oriented privacy, respectively. We also discuss a number of important open challenges for future research. Our hope is that this paper sheds some light on a fruitful direction of future research for privacy preservation in WSNs.     

Elliptic key cryptography with Beta Gamma functions for secure routing in wireless sensor networks

Wireless Networks - The security of data communicated through wireless networks is a challenging issue due to the presence of malicious and unauthenticated users whose intention is either to...     

两层传感器网络中安全分类协议研究

提出了一种安全分类协议SSC,该协议在保护待分类数据和分类规则隐私的情况下使存储节点进行正确分类,并且sink节点可以对分类结果进行抽样认证,防止妥协存储节点伪造分类结果。提出了一种不经意比较(oblivious comparison)技术MHash,该技术首先将分类需要的大小比较转换成等值比较,并进一步采用模运算和散列技术实现隐私保护下的数据分类。提出了一种"十"字邻居技术,分别将传感器以及传感器采集的数据组织成链,并采用倒置布鲁姆过滤器技术同步传感器节点之间的数据,sink利用该技术可以抽样检查存储节点分类统计结果的正确性,分析和实验结果验证了所提方案的有效性。     

An efficient heterogeneous key management approach for secure multicast communications in ad hoc networks

In a mobile wireless ad hoc network, mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. Instead, the mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range. As the use of wireless networks increases, security in this domain becomes a very real concern. One fundamental aspect of providing confidentiality and authentication is key distribution. While public-key encryption has provided these properties historically, ad hoc networks are resource constrained and benefit from symmetric key encryption. In this paper, we propose a new key management mechanism to support secure group multicast communications in ad hoc networks. The scheme proposes a dynamic construction of hierarchical clusters based on a novel density function adapted to frequent topology changes. The presented mechanism ensures a fast and efficient key management with respect to the sequential 1 to n multicast service.     

A state-of-the-art survey on wireless rechargeable sensor networks: perspectives and challenges

Wireless Networks - Wireless rechargeable sensor network (WRSN) is an emerging technology that has risen intending to enhance network lifetime of the conventional wireless sensor networks (WSNs)....     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

Location dependent key management in sensor networks without using deployment knowledge

In this paper we propose an approach for key management in sensor networks which takes the location of sensor nodes into consideration while deciding the keys to be deployed on each node. As a result, this approach not only reduces the number of keys that have to be stored on each sensor node but also provides for the containment of node compromise. Thus compromise of a node in a location affects the communications only around that location. This approach which we call as location dependent key management does not require any knowledge about the deployment of sensor nodes. The proposed scheme starts off with loading a single key on each sensor node prior to deployment. The actual keys are then derived from this single key once the sensor nodes are deployed. The proposed scheme allows for additions of sensor nodes to the network at any point in time. We study the proposed scheme using both analysis and simulations and point out the advantages.     

An efficient statistical approach for time synchronization in wireless sensor networks

In this paper, we propose a powerful method of estimating the model parameters for time synchronization in wireless sensor networks (WSNs). Joint estimation of clock offset and clock skew has been proposed in the literature using the standard regression framework. Here, we claim that simple regression poorly estimates the parameters because of the inherent correlation among successive time readings between two sensors. We propose an alternative autoregressive model and use generalized least squares for estimating the relative offset and skew parameters. A computationally efficient Bayesian approach is also proposed for the parameter estimation considering correlated readings between two sensors. The effectiveness of the proposed approach compared with the earlier approach has been investigated through extensive simulation studies. Copyright © 2015 John Wiley & Sons, Ltd.     

Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key

Wireless sensor networks (WSN) consist of hundreds of miniature sensor nodes to sense various events in the surrounding environment and report back to the base station. Sensor networks are at the base of internet of things (IoT) and smart computing applications where a function is performed as a result of sensed event or information. However, in resource‐limited WSN authenticating a remote user is a vital security concern. Recently, researchers put forth various authentication protocols to address different security issues. Gope et al presented a protocol claiming resistance against known attacks. A thorough analysis of their protocol shows that it is vulnerable to user traceability, stolen verifier, and denial of service (DoS) attacks. In this article, an enhanced symmetric key‐based authentication protocol for IoT‐based WSN has been presented. The proposed protocol has the ability to counter user traceability, stolen verifier, and DoS attacks. Furthermore, the proposed protocol has been simulated and verified using Proverif and BAN logic. The proposed protocol has the same communication cost as the baseline protocol; however, in computation cost, it has 52.63% efficiency as compared with the baseline protocol.     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

eeTMFO/GA: a secure and energy efficient cluster head selection in wireless sensor networks

Telecommunication Systems - Proliferation of technologies in wireless sensor networks is grabbing huge attention across scientific community due to its vast coverage in real life applications. It...     

H-SPREAD: a hybrid multipath scheme for secure and reliable data collection in wireless sensor networks

Communication security and reliability are two important issues in any network. A typical communication task in a wireless sensor network is for every sensor node to sense its local environment, and upon request, send data of interest back to a base station (BS). In this paper, a hybrid multipath scheme (H-SPREAD) to improve both the security and reliability of this task in a potentially hostile and unreliable wireless sensor network is proposed. The new scheme is based on a distributed N-to-1 multipath discovery protocol, which is able to find multiple node-disjoint paths from every sensor node to the BS simultaneously in one route discovery process. Then, a hybrid multipath data collection scheme is proposed. On the one hand, end-to-end multipath data dispersion, combined with secret sharing, enhances the security of the end-to-end data delivery in the sense that the compromise of a small number of paths will not result in the compromise of a data message in the face of adversarial nodes. On the other hand, in the face of unreliable wireless links and/or sensor nodes, alternate path routing available at each sensor node improves the reliability of each packet transmission significantly. The extensive simulation results show that the hybrid multipath scheme is very efficient in improving both the security and reliability of the data collection service seamlessly.     

Reactive and adaptive monitoring to secure aggregation in wireless sensor networks

Data aggregation is considered as one of the fundamental distributed data processing procedures for saving the energy and minimizing the medium access layer contention in wireless sensor networks. However, sensor networks are likely to be deployed in an untrusted environment, which make them vulnerable against several attacks. A compromised node may forge arbitrary aggregation value and mislead the base station into trusting a false reading. Secure in-network aggregation can detect such manipulation. But, as long as such subversive activity is, reliable aggregation result can not be obtained. In contrast, the collection of individual sensor node values is robust and solves the problem of availability, but in an inefficient way. Our work seeks to bridge this gap in secure data collection. We propose a framework that enhances availability with efficiency close to that of in-network aggregation avoiding over-reliance on sensors. To achieve this, we design a scheme that is built on one core concept: no trust is supposed in any sensor. Therefore, we design a two hierarchical levels of monitoring to ensure the integrity and the accuracy of aggregate result, only when necessary, i.e. only when malicious activities are detected. Relying on this new type of monitoring mechanism, the framework has the ability to recover from aggregator failure without neglecting energy efficiency, providing thus much higher availability than other security protocols.     

SAKE: Software attestation for key establishment in sensor networks

This paper presents a protocol called Software Attestation for Key Establishment (SAKE), for establishing a shared key between any two neighboring nodes of a sensor network. SAKE guarantees the secrecy and authenticity of the key that is established, without requiring any prior authentic or secret cryptographic information in either node. In other words, the attacker can read and modify the entire memory contents of both nodes before SAKE executes. Further, to the best of our knowledge, SAKE is the only protocol that can perform key re-establishment after sensor nodes are compromised, because the presence of the attacker’s code in the memory of either protocol participant does not compromise the security of SAKE. Also, the attacker can perform any active or passive attack using an arbitrary number of malicious, colluding nodes. SAKE does not require any hardware modification to the sensor nodes, human mediation, or secure side channels. However, we do assume the setting of a computationally-limited attacker that does not introduce its own computationally-powerful nodes into the sensor network.SAKE is based on Indisputable Code Execution (ICE), a primitive we introduce in previous work to dynamically establish a trusted execution environment on a remote, untrusted sensor node.     

Construction of a secure and efficient content key distribution framework for DRM systems

Recent advances in networks and digital technology have provided many user-friendly environments such as telemedicine, e-banking, e-content, and e-commerce. It has revolutionized the multimedia industry and made it accessible anytime and anywhere. However, its limitation also appeared in digital content piracy, which is more prevalent nowadays. Digital rights management (DRM) systems were developed to control the illegal spreading of digital content. Protocols are being developed to enable effective and secure communication in DRM systems. As security and efficiency are essential parameters, the approach should be two birds with one stone; i.e., the protocol should achieve efficiency and security together. Our investigation identified that secure mechanisms either have increased computation/communication overhead or fail to meet specified security criteria when discussing efficient content key delivery mechanisms. So, an efficient protocol design with the right security attributes is required. We have worked on designing a content delivery mechanism keeping in mind the desirable attribute of security and without decreasing overhead. The suggested solution targets “two birds with one stone.” We proved the security of the scheme in the random oracle model. We verify the security against active attacks using the formal simulation tool AVISPA. Detailed analysis is performed for the evaluation of computational and communication overhead. The comparative study is also presented to understand the gains in efficiency and security.