Defense against collusion scheme based on elliptic curve cryptography for wireless sensor networks

Wireless Sensor Networks (WSNs) are being deployed for a wide variety of applications and the security problems of them have received considerable attention. Considering the limitations of power, com-putation capability and storage resources, this paper proposed an efficient defense against collusion scheme based on elliptic curve cryptography for wireless sensor networks in order to solve the problems that sensor node-key leaking and adversaries make compromised nodes as their collusions to launch new attack. In the proposed scheme, the group-key distribution strategy is employed to compute the private key of each sensor node, and the encryption and decryption algorithms are constructed based on Elliptic Curve Cryptography (ECC). The command center (node) only needs to broadcast a controlling header with three group elements, and the authorized sensor node can correctly recover the session key and use it to decrypt the broadcasting message. Analysis and proof of the proposed scheme’s efficiency and security show that the proposed scheme can resist the k-collusion attack efficiently.     

基于ECC和ID签名的WSN广播快速认证方案

广播认证是无线传感器网络(WSN)的一种基本安全服务,针对现有认证方案的计算量大、认证速度慢等问题,提出一种基于椭圆曲线加密(ECC)和身份(ID)签名的WSN广播快速认证方案.对现有EIBAS签名认证方案进行改进,通过节点间的合作,共享中间计算结果来减少邻居节点的计算量,以此提高认证速度,减少能量消耗.同时,提出一种安全机制,通过对多个邻居共享数据的对比来抵御恶意节点的攻击.实验结果表明,该方案相对于传统的椭圆曲线加密算法能够提高约42％的签名认证速度,降低约36％的能耗,大大延长网络生命周期.     

A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks

Data aggregation is an efficient method to reduce the energy consumption in wireless sensor networks (WSNs). However, data aggregation schemes pose challenges in ensuring data privacy in WSN because traditional encryption schemes cannot support data aggregation. Homomorphic encryption schemes are promising techniques to provide end to end data privacy in WSN. Data reliability is another main issue in WSN due to the errors introduced by communication channels. In this paper, a symmetric additive homomorphic encryption scheme based on Rao‐Nam scheme is proposed to provide data confidentiality during aggregation in WSN. This scheme also possess the capability to correct errors present in the aggregated data. The required security levels can be achieved in the proposed scheme through channel decoding problem by embedding security in encoding matrix and error vector. The error vectors are carefully designed so that the randomness properties are preserved while homomorphically combining the data from different sensor nodes. Extensive cryptanalysis shows that the proposed scheme is secure against all attacks reported against private‐key encryption schemes based on error correcting codes. The performance of the encryption scheme is compared with the related schemes, and the results show that the proposed encryption scheme outperforms the existing schemes.     

On the design of secure user authenticated key management scheme for multigateway‐based wireless sensor networks using ECC

In wireless sensor networks (WSNs), there are many critical applications (for example, healthcare, vehicle tracking, and battlefield), where the online streaming data generated from different sensor nodes need to be analyzed with respect to quick control decisions. However, as the data generated by these sensor nodes usually flow through open channel, so there are higher chances of various types of attacks either on the nodes or on to the data captured by these nodes. In this paper, we aim to design a new elliptic curve cryptography–based user authenticated key agreement protocol in a hierarchical WSN so that a legal user can only access the streaming data from generated from different sensor nodes. The proposed scheme is based upon 3‐factor authentication, as it applies smart card, password, and personal biometrics of a user (for ticket generation). The proposed scheme maintains low computation cost for resource‐constrained sensor nodes, as it uses efficient 1‐way cryptographic hash function and bitwise exclusive‐OR operations for secure key establishment between different sensor nodes. The security analysis using the broadly accepted Burrows‐Abadi‐Needham logic, formal security verification using the popular simulation tool (automated validation of Internet security protocols and applications), and informal security show that the proposed scheme is resilient against several well‐known attacks needed for a user authentication scheme in WSNs. The comparison of security and functionality requirements, communication and computation costs of the proposed scheme, and other related existing user authentication schemes shows the superior performance of the proposed scheme.     

An Efficient Grid-Based Pairwise Key Predistribution Scheme for Wireless Sensor Networks

Research on wireless sensor networks (WSNs) has been receiving a lot of attention recently. Because of the constraints on the cost of hardware, there are a lot of restrictions regarding memory, computational ability, and energy consumption, hampering WSN research. So far, many key establishment schemes have been proposed for WSNs. For the proposed schemes, random key predistribution is a practical solution. With this, each sensor shares a common key with its neighbors via predistributed keys. However, it may happen that two sensor nodes do not share a common key. In this paper, an efficient grid-based pairwise key predistribution scheme for WSNs is proposed. In the proposed scheme, multiple polynomials for each row, each column, and each diagonal in the grid are constructed. Then, each sensor node in each row, column, and diagonal in the grid establishes a pairwise key with the other node using the predistributed symmetric polynomial. Simulation results demonstrate the effectiveness of the proposed scheme in increasing the probability of establishing pairwise keys and reducing communication overhead.     

Identity-based key agreement and encryption for wireless sensor networks

1 Introduction WSN has received considerable attention during last decade [1?4] (see, for example, the proceedings of the ACM and IEEE Workshops on WSN). It has wide variety of applications, including military sensing and tracking, environment and securit…     

无线传感器网络的轻量级安全体系研究

结合无线传感器网络现有的安全方案存在密钥管理和安全认证效率低等问题的特点,提出了无线传感器网络的轻量级安全体系和安全算法。采用门限秘密共享机制的思想解决了无线传感器网络组网中遭遇恶意节点的问题;采用轻量化ECC算法改造传统ECC算法,优化基于ECC的CPK体制的思想,在无需第三方认证中心CA的参与下,可减少认证过程中的计算开销和通信开销,密钥管理适应无线传感器网络的资源受限和传输能耗相当于计算能耗千倍等特点,安全性依赖于椭圆离散对数的指数级分解计算复杂度;并采用双向认证的方式改造,保证普通节点与簇头节点间的通信安全,抵御中间人攻击。     

无线传感器网络节点复制攻击和女巫攻击防御机制研究

在无线传感器网络(WSNs)中,节点复制攻击和女巫攻击可扰乱数据融合和阈值选举等网络操作.发起这两种攻击需先通过邻居发现认证过程.考虑到在WSNs中发起邻居认证是不频繁的,提出了一种基于单向密钥链的ID认证防御机制(OKCIDA),降低攻击者在任何时间段发起这两种攻击的可能性.然后基于椭圆曲线离散对数问题,构造对称参数,并组合OKCIDA和利用节点邻居关系,提出了一种无需位置的邻居认证协议(LFNA),以阻止复制节点和女巫节点成功加入网络.最后给出了安全性证明和分析,并在安全和开销方面将LFNA与已有典型防御方案进行了比较,结果表明该方案具有一定的优势.     

MUQAMI+: a scalable and locally distributed key management scheme for clustered sensor networks

Wireless sensor networks (WSN) are susceptible to node capture and many network levels attacks. In order to provide protection against such threats, WSNs require lightweight and scalable key management schemes because the nodes are resource-constrained and high in number. Also, the effect of node compromise should be minimized and node capture should not hamper the normal working of a network. In this paper, we present an exclusion basis system-based key management scheme called MUQAMI+ for large-scale clustered sensor networks. We have distributed the responsibility of key management to multiple nodes within clusters, avoiding single points of failure and getting rid of costly inter-cluster communication. Our scheme is scalable and highly efficient in terms of re-keying and compromised node revocation.     

A provably secure biometrics and ECC‐based authentication and key agreement scheme for WSNs

Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security.     

Tree‐based channel assignment schemes for multi‐channel wireless sensor networks

Many sensor node platforms used for establishing wireless sensor networks (WSNs) can support multiple radio channels for wireless communication. Therefore, rather than using a single radio channel for whole network, multiple channels can be utilized in a sensor network simultaneously to decrease overall network interference, which may help increase the aggregate network throughput and decrease packet collisions and delays. This method, however, requires appropriate schemes to be used for assigning channels to nodes for multi‐channel communication in the network. Because data generated by sensor nodes are usually delivered to the sink node using routing trees, a tree‐based channel assignment scheme is a natural approach for assigning channels in a WSN. We present two fast tree‐based channel assignment schemes (called bottom up channel assignment and neighbor count‐based channel assignment) for multi‐channel WSNs. We also propose a new interference metric that is used by our algorithms in making decisions. We validated and evaluated our proposed schemes via extensive simulation experiments. Our simulation results show that our algorithms can decrease interference in a network, thereby increasing performance, and that our algorithms are good alternatives for static channel assignment in WSNs. Copyright © 2015 John Wiley & Sons, Ltd.     

LNT: A logical neighbor tree secure group communication scheme for wireless sensor networks

Secure group communication is a paradigm that primarily designates one-to-many communication security. The proposed works relevant to secure group communication have predominantly considered the whole network as being a single group managed by a central powerful node capable of supporting heavy communication, computation and storage cost. However, a typical Wireless Sensor Network (WSN) may contain several groups, and each one is maintained by a sensor node (the group controller) with constrained resources. Moreover, the previously proposed schemes require a multicast routing support to deliver the rekeying messages. Nevertheless, multicast routing can incur heavy storage and communication overheads in the case of a wireless sensor network. Due to these two major limitations, we have reckoned it necessary to propose a new secure group communication with a lightweight rekeying process. Our proposal overcomes the two limitations mentioned above, and can be applied to a homogeneous WSN with resource-constrained nodes with no need for a multicast routing support. Actually, the analysis and simulation results have clearly demonstrated that our scheme outperforms the previous well-known solutions.     

A Strong Authentication Scheme with User Privacy for Wireless Sensor Networks

Wireless sensor networks (WSNs) are used for many real‐time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security‐performance‐balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end‐party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real‐world WSNs applications.     

Secure and Energy-Efficient Traffic-Aware Key Management Scheme for Wireless Sensor Network

In Wireless Sensor Network (WSN), a sensor node may communicate with a small set of neighbor sensor nodes. Existing key management schemes, did not consider this communication between these nodes. They establish shared keys for all pairs of neighbor sensor nodes. When the number of sensor nodes in WSN is augmented, large number of keys is to be loaded in each sensor node, which in turn causes supplementary energy consumption. If any two close sensor nodes are seldom in the active-state the assignment of shared keys may be gratuitous, since they may be hardly exploited.In this paper, based on this information, secure and Energy-Efficient Traffic Aware key Management (EETKM) is developed for WSN. This determines shared keys for active sensors which takes part in the direct communication. In order to broadcast keys without retransmission or acknowledgements, the proposed scheme gives an efficient Re-keying mechanism. The proposed scheme attains high connectivity which is shown through numerical results. The proposed scheme is applied for various routing protocols and the simulation results shows the stronger resilience, low energy consumption and increased delivery ratio.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

高效的无证书多接收者匿名签密方案

针对已有的基于身份的多接收者签密方案存在的密钥托管问题,研究了无证书多接收者签密安全模型,进而基于椭圆曲线密码体制,提出一个无证书多接收者签密方案,并在随机预言机模型下证明方案的安全性建立在计算Diffie-Hellman问题及椭圆曲线离散对数问题的困难性之上。该方案无需证书管理中心,在签密阶段和解签密阶段均不含双线性对运算,且可确保发送者和接收者的身份信息不被泄露,可以方便地应用于网络广播签密服务。     

Novel Trusted Hierarchy Construction for RFID Sensor–Based MANETs Using ECCs

In resource‐constrained, low‐cost, radio‐frequency identification (RFID) sensor–based mobile ad hoc networks (MANETs), ensuring security without performance degradation is a major challenge. This paper introduces a novel combination of steps in lightweight protocol integration to provide a secure network for RFID sensor–based MANETs using error‐correcting codes (ECCs). The proposed scheme chooses a quasi‐cyclic ECC. Key pairs are generated using the ECC for establishing a secure message communication. Probability analysis shows that code‐based identification; key generation; and authentication and trust management schemes protect the network from Sybil, eclipse, and de‐synchronization attacks. A lightweight model for the proposed sequence of steps is designed and analyzed using an Alloy analyzer. Results show that selection processes with ten nodes and five subgroup controllers identify attacks in only a few milliseconds. Margrave policy analysis shows that there is no conflict among the roles of network members.     

A design for secure and survivable wireless sensor networks

In this article, we present a study of the design of secure and survivable wireless sensor networks (WSN) that has yet to be addressed in the literature. Our goal is to develop a framework that provides the security and survivability features that are crucial to applications in a WSN, because WSNs are vulnerable to physical and network-based security attacks, accidents, and failures. To achieve such a goal, we first examine the security and survivability requirements. We then propose a security and survivability architecture in a WSN with heterogeneous sensor nodes. To understand the interactions between survivability and security, we also design and analyze a key management scheme. The results of the experiment show that a good design can improve both security and survivability of a WSN; however, in some situations, there is a trade off between security and survivability.     

GSHMAC: Green and Secure Hybrid Medium Access Control for Wireless Sensor Network

The cost efficiency of wireless platforms and their easy deployment enable the applicability of it in widespread application domains. Wireless sensor networks (WSNs) are not excluded from it. Their application domains vary from industrial monitoring to military applications. A WSN is a resource-constrained network and energy of the WSN node is a valuable resource. Like every other network, WSNs are also vulnerable to security attacks. A security attack can results in networks consuming more resources, leading to earlier depletion of node energy. A significant part of the resource consumption in a WSN is controlled by the medium access control (MAC) mechanism. This paper focuses on WSN MAC mechanisms and countermeasures for attacks targeting the MAC layer in a WSN. Denial of sleep attacks are the most relevant for WSN MAC as these types of attacks have shattered effects, which bring down the sensor lifetime from years to days. This paper proposes a secure hybrid MAC mechanism, Green and Secure Hybrid Medium Access Control (GSHMAC) to overcome the devastating effect of WSN MAC attacks. The proposed mechanism provides features such as collision threshold-based MAC mode control and countermeasures on WSN MAC using internal MAC mechanisms. GSHMAC shows improved energy-efficiency, delay, and throughput in the presence of attacks, as compared with state-of-art secure MAC mechanisms.     

Inclusive Elliptical Curve Cryptography (IECC) for Wireless Sensor Network Efficient Operations

Wireless sensor networks are the most vulnerable to all the wireless devices due to the massive damage caused by disrupting these networks. A good number of attacks have been launched in the wireless networks which are prevalent in the antagonist world. However, the most difficult of all the attacks is the identification and prevention of the replication of nodes. The time it takes to identify and isolate a cloned/replicated node is usually greater than any other attack detection techniques due to the similar id and features replicated by the attacker. Elliptical curve cryptography is well known for providing security in wireless networks. This paper explores a property of the ECC that is designed into a full pledged IECC protocol for keeping away replicated nodes from attacking the WSNs and MWSNs. In terms of application, the focus is to secure an industrial area using the IECC mechanism for efficient remote monitoring. Simulation analysis shows that the IECC performs well in static WSN and MWSNs over the existing baseline protocols.