Securing sensor data storage and query based on k‐out‐of‐ n coding

With in‐network sensor data storage and query, sensed data are stored locally and further accessed by users on demand. Thus, without proper protection for sensor data and user queries, compromise of sensor nodes may reveal sensitive information about the sensed environment as well as users’ query patterns. Furthermore, the adversary can alter some stored data and prevent users from recovering information correctly. In this paper, we propose and analyze the use of maximum‐distance separable codes to address the problem. First, initial data is encoded in (n, k) maximum‐distance separable code and spread from a single data source to a set of storage nodes for higher survivability. Second, a blind signature‐based privacy scheme is explored to preserve user query, such that authorized user's identity and privacy interests are concealed from others. Finally, an efficient data retrieval scheme is carried out such that the redundancy symbols in the remaining nodes are accessed only if the user fails to decode the data, which reduces the communication and computation cost. Analysis and evaluation verify the efficiency of the proposed scheme. Copyright © 2011 John Wiley & Sons, Ltd.     

Efficient identity-based security schemes for ad hoc network routing protocols

Wireless ad hoc networks consist of nodes with no central administration and rely on the participating nodes to share network responsibilities. Such networks are more vulnerable to security attacks than conventional wireless networks. We propose two efficient security schemes for these networks that use pairwise symmetric keys computed non-interactively by the nodes which reduces communication overhead. We allow nodes to generate their broadcast keys for different groups and propose a collision-free method for computing such keys. We use identity-based keys that do not require certificates which simplifies key management. Our key escrow free scheme also uses identity-based keys but eliminates inherent key escrow in identity-based keys. Our system requires a minimum number of keys to be generated by the third party as compared to conventional pairwise schemes. We also propose an authenticated broadcast scheme based on symmetric keys and a corresponding signature scheme.     

Group key management scheme for large-scale sensor networks

Wireless sensor networks are inherently collaborative environments in which sensor nodes self-organize and operate in groups that typically are dynamic and mission-driven. Secure communications in wireless sensor networks under this collaborative model calls for efficient group key management. However, providing key management services in wireless sensor networks is complicated by their ad-hoc nature, intermittent connectivity, large scale, and resource limitations. To address these issues, this paper proposes a new energy-efficient key management scheme for networks consisting of a large number of commodity sensor nodes that are randomly deployed. All sensor nodes in the network are anonymous and are preloaded with identical state information. The proposed scheme leverages a location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problem. Secure and efficient group key initialization is achieved in the proposed scheme by nodes autonomously computing, without any communications, their respective initial group keys. The key server, in turn, uses a simple location-based hash function to autonomously deduce the mapping of the nodes to their group keys. The scheme enables dynamic setup and management of arbitrary secure group structures with dynamic group membership.     

PRDA: polynomial regression‐based privacy‐preserving data aggregation for wireless sensor networks

In wireless sensor networks, data aggregation protocols are used to prolong the network lifetime. However, the problem of how to perform data aggregation while preserving data privacy is challenging. This paper presents a polynomial regression‐based data aggregation protocol that preserves the privacy of sensor data. In the proposed protocol, sensor nodes represent their data as polynomial functions to reduce the amount of data transmission. In order to protect data privacy, sensor nodes secretly send coefficients of the polynomial functions to data aggregators instead of their original data. Data aggregation is performed on the basis of the concealed polynomial coefficients, and the base station is able to extract a good approximation of the network data from the aggregation result. The security analysis and simulation results show that the proposed scheme is able to reduce the amount of data transmission in the network while preserving data privacy. Copyright © 2013 John Wiley & Sons, Ltd.     

A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks

In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is large due to the large numbers of keys required and limited memory resources of sensor nodes. One possible solution is to randomly assign a few keys to sensor nodes and have nodes be able to connect to each other with some probability. This scheme has limitations in terms of the tradeoffs between connectivity and memory requirements. Recently, sensor deployment knowledge has been used to improve the level of connectivity while using lesser amounts of memory space. However, deployment based key predistribution schemes may cause a large number of nodes to be cryptographically isolated if nodes move after key pre-distribution. Mobility may be necessitated for reasons depending on applications or scenarios. In this paper, we consider mobility due to spatial retreat of nodes under jamming attacks as an example. Jamming attacks are easy and efficient means for disruption of the connectivity of sensors and thus the operation of a sensor network. One solution for mobile sensor nodes to overcome the impact of jamming is to perform spatial retreats by moving nodes away from jammed regions. Moved nodes may not be able to reconnect to the network because they do not have any shared secret with new neighbors at new locations if strict deployment knowledge based key predistribution is employed. In this paper, we propose a hybrid key predistribution scheme that supports spatial retreat strategies to cope with jamming attacks. Our scheme combines the properties of random and deployment knowledge based key predistribution schemes. In the presence of jamming attacks, our scheme provides high key connectivity (similar to deployment knowledge based schemes) while reducing the number of isolated nodes. We evaluate the performance of our scheme through simulations and analysis.     

Identity‐and‐data privacy forward security public auditing protocol in the standard model

To ensure the intactness of the stored data in cloud, numerous data public auditing mechanisms have been presented. However, most of these existing solutions suffer from several flaws: (a) identity privacy and data privacy of data owner are inevitably revealed to the auditor in the auditing process; (b) the existing public auditing mechanisms with resisting key exposure are only proved in the random oracle model. To address the problems above, in this paper, we propose an achieving identity‐and‐data privacy public auditing protocol with forward security in the standard model by incorporating knowledge proof signature, ring signature, and forward security technique. And then, we formalize the security model of forward security and anonymity of identity, in which the adversary is allowed to query private keys of some ring members. It can provide stronger security. Thus, our proposed scheme can not only achieve data owner's identity privacy and data privacy but also provide forward security for data owner's secret key. To the best of our knowledge, it is the first preserving privacy of identity‐and‐data public auditing scheme with forward security that is provably secure in the standard model. The security of the scheme is related to the computational Diffie–Hellman (CDH) problem and the subgroup decision problem. Finally, our scheme is simulatively tested; experimental results demonstrate that our mechanism is very efficient in terms of overall performance.     

Analysis and evaluation of Secos, a protocol for energy efficient and secure communication in sensor networks

Wireless sensor networks are increasingly being used in applications where the communication between nodes needs to be protected from eavesdropping and tampering. Such protection is typically provided using techniques from symmetric key cryptography. The protocols in this domain suffer from one or more of the following problems—weak security guarantees if some nodes are compromised, lack of scalability, high energy overhead for key management, and increased end-to-end data latency. In this paper, we propose a protocol called Secos that mitigates these problems in static sensor networks. Secos divides the sensor field into control groups each with a control node. Data exchange between nodes within a control group happens through the mediation of the control head which provides the common key. The keys are refreshed periodically and the control nodes are changed periodically to enhance security. Secos enhances the survivability of the network by handling compromise and failures of control nodes. It provides the guarantee that the communication between any two sensor nodes remains secure despite the compromise of any number of other nodes in the network. The experiments based on a simulation model show a seven time reduction in energy overhead and a 50% reduction in latency compared to SPINS, which is one of the state-of-the-art protocols for key management in sensor networks.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.     

Location-based compromise-tolerant security mechanisms for wireless sensor networks

Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.     

A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks

Data aggregation is an efficient method to reduce the energy consumption in wireless sensor networks (WSNs). However, data aggregation schemes pose challenges in ensuring data privacy in WSN because traditional encryption schemes cannot support data aggregation. Homomorphic encryption schemes are promising techniques to provide end to end data privacy in WSN. Data reliability is another main issue in WSN due to the errors introduced by communication channels. In this paper, a symmetric additive homomorphic encryption scheme based on Rao‐Nam scheme is proposed to provide data confidentiality during aggregation in WSN. This scheme also possess the capability to correct errors present in the aggregated data. The required security levels can be achieved in the proposed scheme through channel decoding problem by embedding security in encoding matrix and error vector. The error vectors are carefully designed so that the randomness properties are preserved while homomorphically combining the data from different sensor nodes. Extensive cryptanalysis shows that the proposed scheme is secure against all attacks reported against private‐key encryption schemes based on error correcting codes. The performance of the encryption scheme is compared with the related schemes, and the results show that the proposed encryption scheme outperforms the existing schemes.     

Efficient privacy-preserving image retrieval scheme over outsourced data with multi-user

The traditional privacy-preserving image retrieval schemes not only bring large computational and communication overhead,but also cannot protect the image and query privacy in multi-user scenarios.To solve above problems,an efficient privacy-preserving content-based image retrieval scheme was proposed in multi-user scenarios.The scheme used Euclidean distance comparison technique to rank the pictures according to similarity of picture feature vectors and return top-k returned.Meanwhile,the efficient key conversion protocol designed in proposed image retrieval scheme allowed each search user to generate queries based on his own private key so that he can retrieval encrypted images generated by different data owners.Strict security analysis shows that the user privacy and cloud data security can be well protected during the image retrieval process,and the performance analysis using real-world dataset shows that the proposed image retrieval scheme is efficient and feasible in practical applications.     

基于最小生成树的异构传感器网络抗共谋优化方案

基于EBS (Exclusion Basis Systems)的密钥管理协议,以安全性高、动态性和扩展性好,较适用于异构传感器网络,但却存在共谋问题。该文提出了一种基于MST (Minimum Spanning Tree)的密钥共谋问题优化方案。该方案利用Prim算法对由簇内感知节点所构成的无向连通图进行最小生成树求解,并对该树进行遍历,根据所得节点遍历顺序进行密钥的指派与分配,使得相邻节点间所含的密钥重叠程度增大,发生共谋的可能性得到降低。实验结果表明：同比于密钥随机分配方案与SHELL方案,所提方案有效提高了网络的抗捕获能力。     

基于分簇的有效无线传感器网络密钥管理方案

针对现有无线传感器网络密钥管理中计算量过大、存储空间过多和网络安全问题,在分簇结构无线传感器网络基础上,提出一种新的密钥管理方案,它通过将已存储的密钥部分地转化为即使被攻击者截获也无影响的特殊信息,来获取更加良好的安全性,同时又不降低网络的连通性。通过仿真与其他算法进行性能对比,结果显示这种方案具有更好的性能。     

Secure and Energy-Efficient Traffic-Aware Key Management Scheme for Wireless Sensor Network

In Wireless Sensor Network (WSN), a sensor node may communicate with a small set of neighbor sensor nodes. Existing key management schemes, did not consider this communication between these nodes. They establish shared keys for all pairs of neighbor sensor nodes. When the number of sensor nodes in WSN is augmented, large number of keys is to be loaded in each sensor node, which in turn causes supplementary energy consumption. If any two close sensor nodes are seldom in the active-state the assignment of shared keys may be gratuitous, since they may be hardly exploited.In this paper, based on this information, secure and Energy-Efficient Traffic Aware key Management (EETKM) is developed for WSN. This determines shared keys for active sensors which takes part in the direct communication. In order to broadcast keys without retransmission or acknowledgements, the proposed scheme gives an efficient Re-keying mechanism. The proposed scheme attains high connectivity which is shown through numerical results. The proposed scheme is applied for various routing protocols and the simulation results shows the stronger resilience, low energy consumption and increased delivery ratio.     

An efficient privacy-preserving scheme for secure network coding based on compressed sensing

Network coding (NC) provides an elegant solution for improving capacity and robustness in computer networks. Different to traditional “store-and-forward” transmission paradigm, each intermediate node linearly combines received data packets, and the original files can be decoded at the sink nodes in NC settings. This brand-new paradigm is vulnerable to pollution attack, which means that some malicious nodes inject fake data packets into the network and this will lead to incorrect decoding. There are some information-theoretical solutions and cryptographic solutions for solving this security issue, and most existing schemes can thwart data pollution attacks. However, the privacy of the original files are vital to some application environments (e.g. military network). To the best of our knowledge, there is not a secure scheme which can thwart pollution attack and can protect the privacy of transmitted data simultaneously. In this paper, we present an efficient privacy-preserving scheme for secure network coding based on compressed sensing (CS), which has attracted considerable research interest in the signal processing community. Specifically, we embed CS into the general NC framework, i.e., the source node needs to compress each original data packet using the sensing matrix before creating the augmented vector and the sink nodes require to perform an additional CS reconstruction algorithm for reconstructing the original file. In addition, we construct a simple key distribution protocol and each intermediate node just needs two secret keys for verifying the integrity of received data packets. Such novel hybrid construction enables the privacy-preserving guarantee, and the performance comparison shows the high-efficiency of our scheme in terms of the computational complexity and communication overhead.     

Context-aware wireless sensor networks for assisted living and residential monitoring

Improving the quality of healthcare and the prospects of "aging in place" using wireless sensor technology requires solving difficult problems in scale, energy management, data access, security, and privacy. We present AlarmNet, a novel system for assisted living and residential monitoring that uses a two-way flow of data and analysis between the front- and back-ends to enable context-aware protocols that are tailored to residents' individual patterns of living. AlarmNet integrates environmental, physiological, and activity sensors in a scalable heterogeneous architecture. The SenQ query protocol provides real-time access to data and lightweight in-network processing. Circadian activity rhythm analysis learns resident activity patterns and feeds them back into the network to aid context-aware power management and dynamic privacy policies.     

一种基于EBS的无线传感器网络动态密钥管理方法

设计安全合理的密钥管理方法是解决无线传感器网络安全性问题的核心内容。基于Exclusion Basis System (EBS)的动态密钥管理方法由于安全性高,动态性能好,节约存储资源,受到了广泛关注。但同时存在共谋问题,即对于被捕获节点通过共享各自信息实施的联合攻击抵抗性较差。针对这一问题,该文利用一种特殊形式的三元多项式(同化三元多项式)密钥取代EBS系统中的普通密钥,并在分簇式的网络拓扑结构基础上,设计了一种基于EBS的无线传感器网络动态密钥管理方法。仿真与分析结果表明,相比于采用普通密钥或是二元多项式密钥的方法,该文方法不仅可以有效地解决共谋问题,提高网络对被捕获节点的抵抗性,而且显著减低了更新密钥过程中的能量消耗。     

WSN中一种改进的密钥管理方案研究

密钥管理作为传感器网络安全中最为基本的环节,在认证和加密过程中起着重要作用。针对无线传感器网络(Wireless Sensor Network,WSN)的通信密钥易被破解的缺点以及为建立安全信道而增加密钥会造成网络的连通率低的问题,提出了一种改进的无线传感器网络密钥管理方案,通过定位算法得到网络中的坐标,利用所得到的位置信息对所存储的密钥空间进行优化,可以增大2个邻居节点拥有相同密钥空间的概率。实验结果表明:该方法占用较小密钥存储空间,能明显改善网络连通性和网络的安全性等性能,提高安全性。     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

Key establishment and management for WSNs

Wireless Sensor Networks (WSNs) are composed of a large number of low-cost, low-power, and multi-functional sensor nodes that communicate at short distances through wireless links. Those networks could be deployed in an open and hostile environment where attackers may be present. In this context, it is necessary to guarantee confidentiality, integrity and security services in the network. Those security properties could only be achieved if security associations have been created in the network between pairs of nodes, each node and the base station of groups of nodes. Those associations are created through key management protocols for pairwise or group establishment, distribution, renewing of cryptographic keys. Those protocols must only use information that is available in the network or pre-loaded in each sensor as the WSNs mus be autonomous. Moreover, due to the low-cost nature of each node, an attacker is able to compromise nodes because the nodes are not tamper-resistant. Thus a major challenge of the key management protocols becomes to preserve the general security of the network even if t nodes are compromised. We propose in this article a key management and access control protocol based upon a group deployment model. Moreover, this protocol is t-secure, i.e. t corrupted nodes are not sufficient to corrupt all the keys used in the network.