Conference PaperPDF Available

Secure and Efficient Key Management Protocol (SEKMP) for Wireless Sensor Networks

Authors:

Abstract and Figures

Wireless sensor networks (WSNs) are used in the many critical applications, such as, military, health, and civil applications. Sometimes such applications require that the WSNs to be randomly deployed in inaccessible terrains such as a remote territory. As a result, the sensors are left unattended and become a potential target for an adversary. Therefore, we propose a highly Secure and Efficient Key Management Protocol for WSN, called SEKMP. The proposed protocol (SEKMP) adapts a new key management approach by leveraging the advantages of asymmetric cryptography and employs them in a very efficient way for delivering the session key to sensor nodes.
Content may be subject to copyright.
Secure and Efficient Key Management Protocol (SEKMP)
for Wireless Sensor Networks
Majid Alshammari and Khaled Elleithy
Department of Computer Science and Engineering
University of Bridgeport
Bridgeport, CT 06604
maalsham@my.bridgeport.edu; elleithy@bridgeport.edu
ABSTRACT
Wireless sensor networks (WSNs) are used in the many critical
applications, such as, military, health, and civil applications.
Sometimes such applications require that the WSNs to be
randomly deployed in inaccessible terrains such as a remote
territory. As a result, the sensors are left unattended and become a
potential target for an adversary. Therefore, we propose a highly
Secure and Efficient Key Management Protocol for WSN, called
SEKMP. The proposed protocol (SEKMP) adapts a new key
management approach by leveraging the advantages of
asymmetric cryptography and employs them in a very efficient
way for delivering the session key to sensor nodes.
Categories and Subject Descriptors
E.3 [Data Encryption]: Public key cryptosystems; C.2.1
[Computer-Communication Networks]: Network Architecture and
Design – Wireless communication
Keywords
Wireless sensor networks.
1. INTRODUCTION
Wireless sensor networks (WSN) is a growing area, and today
become involved in variety of applications due to the nature of
sensors nodes that are small in size and cost effective [1]. WSN in
inaccessible terrains is usually left unattended. As a result, they
become an easy target for an adversary. In such environments, the
major security concern of WSN is the key management protocol.
Thus, there are varieties of protocols in literature that utilize one
or more of the following schemes: symmetric, asymmetric, or
quantum cryptography for addressing the security of key
management in WSN. However, the direct application of these
schemes is not the best choice when it comes to limited-resource
environments such as WSN. With this in mind, we came up with a
very Secure and Efficient Key Management Protocol for WSN,
called SEKMP. The proposed protocol (SEKMP) adapts a new
key management approach by inheriting the advantages of
asymmetric cryptography and employs it in very efficient way for
delivering the session key to sensor nodes.
Symmetric-based key management protocols are considered more
resource-efficient than Asymmetric-based key management. The
downsides of these protocols are: 1) maintaining a large number
of keys, 2) or dependency on intermediary nodes for the keys
distribution. For example, [2] and [3]. Asymmetric-based key
management protocols proved to be secure in literature, and thus,
they are one of the best protocols for the key distribution. The
downside is, the direct application of these protocols in WSN
leads to have many keys, and as a result, affecting the protocol
performance. For example, in [4] the sink node must maintain
keys with sensor nodes. Where is the number of nodes.
2. THE PROPOSED PROTOCOL
SEKMP includes three phases: Pre–deployment phase, Key
distribution phase, and Key refreshment phase. Table 1 shows the
notations used in the proposed protocol.
Table 1. Notations
Notation Description
N Number of nodes.
PUS Public key used in the sink node.
PRN Private key used in each node.
KS Session key used to encrypt the communication.
C Ciphertext.
M Plaintext.
EK (X) Function for Encrypting X with K.
DK (X) Function for Decrypting X with K.
2.1 Pre-deployment phase
In pre-deployment phase, a pair of keys, called public (PUS) and
private (PRN) key is generated for the WSN. The public key (PUS)
is assigned to the sink node, whereas, the private key (PRN) is
assigned to the sensor nodes. Afterwards, the sink node has the
public key (PUS), and each sensor of the WSN has a copy of the
private key (PRN). Furthermore, building Wireless Sensor
Network of N nodes requires two keys only, one for the sink node
and the other one for the sensors nodes.
2.2 Key distribution phase
After the sensor nodes have been deployed, the sink node
generates a random session key (KS), and then encrypts the
session key by using its key, the public key (PUS). Then, the sink
node broadcasts the following cipher message C = EPUS (KS) to
its neighbors. These neighbors broadcast the same cipher message
to their neighbors if any, in multi-hop fashion until all sensor
nodes get the cipher message. Since all the sensor nodes already
have the private key (PRN), they can decrypt the cipher message C
= EPUS (KS) as, KS = DPRN(C). In the end, the entire nodes
securely receive the session key (KS). Figure 1 shows the key
distribution phase.
2.3 Key refreshment phase
In the key refreshment phase, the sink node can generate a new
session key (KS) on time-basis (e.g. generating a new session key
every 24 hours), or on event-basis, (e.g. generating a new session
Permission to make digital or hard copies of part or all of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage, and that
copies bear this notice and the full citation on the first page. Copyrights
for third-party components of this work must be honored. For all other
uses, contact the owner/author(s). Copyright is held by the
author/owner(s).
ANCS’14, October 20–21, 2014, Los Angeles, CA, USA
ACM 978-1-4503-2839-5/14/10.
http://dx.doi.org/10.1145/2658260.2661775
253
key whenever a node detects a specific event) based on the
desired application, and then securely broadcasts it to the all
sensor nodes as it does in the key distribution phase. The key
refreshment phase makes the proposed scheme more secure
because of its flexibility of generating a new session key at any
time and for any reason.
Figure 1. key distribution phase.
3. PROPOSED PROTOCOLS ANALYSIS
3.1 Security analysis
In this section, the security of the proposed protocol (SEKMP) is
analyzed and investigated based on the following security
services: Confidentiality, Integrity, and Authenticity.
3.1.1 Confidentiality
The proposed protocol (SEKMP) assures the confidentiality of the
communication among sensors nodes by using a session key (KS).
This session key is securely delivered by utilizing the asymmetric
encryption properties.
3.1.2 Integrity
The integrity is achieved in the proposed protocol by encrypting
the traffic by the authorized nodes to prevent data modification.
Also, the protocol can employ Message Authentication Codes
(MAC) to guarantee that the message has not been altered.
3.1.3 Authentication
This security service is assured by using a pair of keys, called
public (PUS) and private (PRN) key. Since the sink node is the
only node that has the public (PUS) key, it encrypts the session
key (KS) by the public key and broadcasts it to the sensor nodes.
Once the sensor nodes successfully decrypt it by the private key
(PRN), this authenticates the sink node to the sensor nodes in the
network and proves that the session key (KS) is sent by a trusted
source.
3.2 Performance analysis
In this section the performance of proposed protocol (SEKMP) is
analyzed according to Efficiency, Connectivity, Scalability, and
Flexibility.
3.2.1 Efficiency
The efficiency of the proposed protocol (SEKMP) is achieved by
using a small number of keys compared to other protocols such as
[2], [3], and [4]. It also provides an extremely secure key
management protocol in the same time. As a result, SEKMP
preserves the energy of the sensors. Table 2, represents the
number of keys being used by the sink node/KDC, and each
sensor node in SEKMP, [2], [3], and [4].
Table 2. Numbers of keys
Scheme/protocol. Number of keys in
the sink node.
Number of keys in
each sensor node.
SEKMP 1 1
[2]
[3] x /2 -1
[4] 2
3.2.2 Connectivity
Connectivity of the proposed protocol is considered high because the
protocol ensures that each node would receive a session key (KS) by
broadcasting an encrypted message contains that session key.
3.2.3 Scalability
The proposed protocol is able to maintain the security of the
wireless sensor as the network expands, and it can be achieved by
adding N nodes with an assigned private key (PRN).
3.2.4 Flexibility
The proposed protocol is flexible due the fact that a node can be
added or removed easily; even the sink node can be replaced
without affecting the security of WSN. For example, a sink node
can be added after it gets assigned with the public key (PUS). Also
with the same approach, a sensor node can be added after it is
assigned with the private key (PRN).
4. CONCLUSIONS
The SEKMP protocol adapts a new key management approach by
leveraging the advantages of asymmetric cryptography properties
and employs them in a very efficient way for delivering the
session key to sensor nodes. We have simulated and compared
SEKMP to existing protocols in literature in terms of the number
of keys being used. Based on the simulation results, SEKMP is
protocol is more efficient than those protocols. Thus, we believe
that adapting SEKMP protocol addresses several security
challenges of the key management in WSNs.
5. REFERENCES
[1] I. F. Akyildiz and M. C. Vuran, Wireless sensor networks vol. 4: John
Wiley & Sons, 2010.
[2] H. Chan and A. Perrig, "PIKE: Peer intermediaries for key establishment
in sensor networks," in INFOCOM 2005. 24th Annual Joint Conference
of the IEEE Computer and Communications Societies, 2005, pp. 524-
535.
[3] L.-C. Wuu, C.-H. Hung, and C.-M. Chang, "Quorum-based key
management scheme in wireless sensor networks," presented at the
Proceedings of the 6th International Conference on Ubiquitous
Information Management and Communication, Kuala Lumpur,
Malaysia, 2012.
[4] Y. Zhang, "The scheme of public key infrastructure for improving
wireless sensor networks security," in Software Engineering and Service
Science (ICSESS), 2012 IEEE 3rd International Conference on, 2012,
pp. 527-530.
PUS
PRN
PRN
PRN
PRN
PRN
PRN
PRN
EPUS (KS)
EPUS (KS)
EPUS (KS)
EPUS (KS)
EPUS (KS)
EPUS (KS)
EPUS (KS)
The Sink node Generates a random session key KS
Broadcasts EPUS (KS)
to all nodes
254
... e results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS. characteristics such as limited memory, power, and CPU [12,13]. ere are many methods that can be used to design a secure key distribution protocol for the IoT-based HCS. ...
Article
Full-text available
Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.
... Utilizing asymmetric cryptographic schemes [3][4][5] is considered impractical as they require extensive computation and large storage that are not suitable for implementation 2 Security and Communication Networks in sensors due to their inherit characteristics (i.e., limited memory, processing, and battery power). There are several approaches to designing secure key distribution schemes in WSNs. ...
Article
Full-text available
Securing data transferred over a WSN is required to protect data from being compromised by attackers. Sensors in the WSN must share keys that are utilized to protect data transmitted between sensor nodes. There are several approaches introduced in the literature for key establishment in WSNs. Designing a key distribution/establishment scheme in WSNs is a challenging task due to the limited resources of sensor nodes. Polynomial-based key distribution schemes have been proposed in WSNs to provide a lightweight solution for resource-constraint devices. More importantly, polynomial-based schemes guarantee that a pairwise key exists between two sensors in the WSNs. However, one problem associated with all polynomial-based approaches in WSNs is that they are vulnerable to sensor capture attacks. Specifically, the attacker can compromise the security of the entire network by capturing a fixed number of sensors. In this paper, we propose a novel polynomial-based scheme with a probabilistic security feature that effectively reduces the security risk of sensor-captured attacks and requires minimal memory and computation overhead. Furthermore, our design can be extended to provide hierarchical key management to support data aggregation in WSNs.
Article
The computational complexity of the next generation internet (NGI) is increasing at a faster rate. Due to the large scale of ubiquitous devices, effective and secure communication and addressing mechanism is vulnerable to several threats. Apart from resource constraints of the devices, the unknown topology of the network and the higher risk of device capture make the key management a more challenging task in NGI. In this context, a novel attack resistant and salable key management scheme must be in place to enable end-to-end secure communication. In the first part of the article, is a detailed analysis of various threats along with behavioral modeling of attack. Further, this article presents comprehensive literature survey and the gap analysis. The proposed key management scheme has been evaluated in two scenarios viz. centralized and decentralized and its formal security analysis also proves that it is safe from replay attack. The proposed key management scheme has been evaluated with a performance metric like delay and the results shows that it is salable in nature.
Conference Paper
To ensure the security of wireless sensor networks, it is important to have a robust key management scheme. In this paper, we propose a Quorum-based key management scheme. A specific sensor, called as key distribution server (KDS), generates a key matrix and establishes a quorum system from the key matrix. The quorum system is a set system of subsets that the intersection of any two subsets is non-empty. In our scheme, each sensor is assigned a subset of the quorum system as its pre-distributed keys. Whenever any two sensors need a shared key, they exchange their IDs, and then each sensor by itself finds a common key from its assigned subset. A shared key is then generated by the two sensors individually based on the common key. By our scheme, no key is needed to be refreshed as a sensor leaves the network. Upon a sensor joining the network, the KDS broadcasts a message containing the joining sensor ID. After receiving the broadcast message, each sensor updates the key which is in common with the new joining one. Only XOR and hash operations are required to be executed during key update process, and each sensor needs to update one key only. In summary, the proposed scheme satisfies the following properties: low communication overhead, low computational overhead, fully key connectivity, and resistance against node capture attack.
Conference Paper
In this paper we have presented a Public Key Infrastructure for wireless sensor networks. The scheme tries to solve the problem of security in WSN by the use of public key cryptography as a tool for ensuring the authenticity of the base station. RSA is composed of two phases, the first is the sensor to base station handshake in which the base station and a given sensor node setup a session key to secure end to end link between them, this handshake is protected and authenticated using the public key of the base station. The second phase is the use of this session key for data encryption to ensure confidentiality and ensuring the integrity of the exchanged data using the MAC joined to each packet.
Conference Paper
The establishment of shared cryptographic keys between communicating neighbor nodes in sensor networks is a challenging problem due to the unsuitability of asymmetric key cryptography for these resource-constrained platforms. A range of symmetric-key distribution protocols exist, but these protocols do not scale effectively to large sensor networks. For a given level of security, each protocol incurs a linearly increasing overhead in either communication cost per node or memory per node. We describe peer intermediaries for key establishment (PIKE), a class of key-establishment protocols that involves using one or more sensor nodes as a trusted intermediary to facilitate key establishment. We show that, unlike existing key-establishment protocols, both the communication and memory overheads of PIKE protocols scale sub-linearly (O(√n)) with the number of nodes in the network yet achieving higher security against node compromise than other protocols.
Mehmet Can Vuran, Wireless Sensor Networks
  • Ian Akyildiz