Your SlideShare is downloading. ×
ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010           Key Management Schemes for Secure       ...
ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010discusses about the percentage of links that are   ...
ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010rekey operation as a result of events like node add...
ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010which are chosen from a pool of pairwise relatively...
ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010operation by SN-sensors(other nodes in the cluster)...
Upcoming SlideShare
Loading in...5
×

Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks

332

Published on

Hierarchical Sensor Network organization is
widely used to achieve energy efficiency in Wireless Sensor
Networks(WSN). To achieve security in hierarchical WSN,
it is important to be able to encrypt the messages sent
between sensor nodes and its cluster head. The key
management task is challenging due to resource constrained
nature of WSN. In this paper we are proposing two key
management schemes for hierarchical networks which
handles various events like node addition, node compromise
and key refresh at regular intervals. The Tree-Based
Scheme ensures in-network processing by maintaining some
additional intermediate keys. Whereas the CRT-Based
Scheme performs the key management with minimum
communication and storage at each node.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
332
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks"

  1. 1. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks A.S.Poornima1, B.B.Amberker2 1 Dept. of Computer Science and Engg, Siddaganga Institute of Technology, Tumkur, Karnataka, India. Email: aspoornima@sit.ac.in 2 Dept. of Computer Science and Engg, National Institute of Technology, Warangal, Andhra Pradesh, India. Email: bba@nitw.ac.inAbstract—Hierarchical Sensor Network organization is readings, perform costly operations and manage thewidely used to achieve energy efficiency in Wireless Sensor network. It interfaces the network to outside world.Networks(WSN). To achieve security in hierarchical WSN, Transmission power of BS is usually enough to reach allit is important to be able to encrypt the messages sent nodes. The next level of sensors are called group heads orbetween sensor nodes and its cluster head. The keymanagement task is challenging due to resource constrained Cluster Heads (we call these nodes as CH-sensors).nature of WSN. In this paper we are proposing two key These nodes have better resources compared to the sensormanagement schemes for hierarchical networks which nodes which form the lowest level of this model. Clusterhandles various events like node addition, node compromise heads are responsible for intermediate data processing,and key refresh at regular intervals. The Tree-Based data aggregation e.g. collect and process the readings ofScheme ensures in-network processing by maintaining some other nodes in the cluster and send a single reading toadditional intermediate keys. Whereas the CRT-Based base station. The BS in turn performs computation onScheme performs the key management with minimum readings from multiple cluster heads. The sensor nodescommunication and storage at each node. i.e., nodes with least resources and used for sensing aIndex Terms—Hierarchical Sensor Networks, Chinese particular data (called as SN-sensors) form the majorityRemainder Theorem, Cluster Key, Cluster head, Sensor of the network. They provide the readings for theNode. parameters being sensed. I. INTRODUCTION Hierarchical Sensor Networks(HSN) are considered in [8,4,10,5]. In the scheme [8] proposed by Sajid et.al. key Wireless Sensor Networks (WSN) are composed of management based on key pre distribution is discussed.small autonomous devices, or sensor nodes, that are Routing driven key management scheme is discussed innetworked together. Sensor networks can facilitate large- [4], the scheme is based on Elliptic Curve Cryptography.scale, real-time data processing in complex environments. The scheme [10] focuses on achieving higher keyTheir applications involve protecting and monitoring connectivity and system performance using thecritical military, environmental, safety-critical or combination of nodes with higher capability and nodesdomestic infrastructures and resources. Wireless with lower capability in terms of computation,communication employed by the WSN facilitates communication and storage. In [5] algorithms areeavesdropping and packet injection by an adversary. This discussed to improve the degree of sensing coveragefactor demand security for sensor network to ensure using heterogeneous sensor networks.operation safety, secrecy of sensitive data and privacy forpeople in sensor environment. In this paper we are proposing key management schemes for Heterogeneous Sensor Networks. The first The key management schemes discussed in [1,2,3,6,7, scheme is called as tree based scheme which is based on9,11] consider homogeneous sensor networks, where all the scheme in [13]. The second scheme is based onsensor nodes have identical capabilities in terms of Chinese Remainder theorem which is proposed for wiredcommunication, computation and storage. Large scale networks [14] which is called as CRT-based scheme inhomogeneous networks suffer from high costs of this paper. Here, hierarchical architecture of sensorcommunication, computation and storage requirements. networks is considered, where data is routed from sensorHence Hierarchical Sensor Networks (HSNs)(also called nodes to the base station through cluster head. Baseas Heterogeneous Sensor Networks) are preferred as they station interfaces sensor network to the outside network.provide better performance and security solutions. In Sensor nodes are assumed to be immobile, these nodesWSNs hierarchical clustering provides scalability, self- organize themselves into clusters. The size of the clusterorganization and energy efficient data dissemination. In we are assuming here is a small group of sensor nodes. Ahierarchical networks, there is a hierarchy of nodes in cluster head is chosen from each cluster to handle theterms of resources and functions. The most powerful communication between the cluster nodes and the basenode is the Base Station (BS). BS is a powerful data station. In the key management scheme discussed in [8]processing and storage unit which collects sensor node revocation is not considered in detail. This scheme© 2010 ACEEE 21DOI: 01.ijns.01.01.05
  2. 2. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010discusses about the percentage of links that are compromised node does not have access to any key usedcompromised when a node is compromised, but how to encrypt the future messages.these compromised links are reconfigured and what is the 3. Backward confidentiality : When a new node iseffort involved to reconfigure the compromised links in added to the cluster, the scheme should ensure that thenot discussed. The proposed schemes present how node does not have access to any key such that it canactually the keys are changed ( rekey operation: is decrypt the previous messages.nothing but changing the keys that are known tocompromised node and distributing them securely to C. Threat Modelexisting nodes) in order to reconfigure the compromisedlinks when a node is compromised. The type of attacker we are considering in this paper are of two types. First type of attacker is an outside attacker The proposed schemes are analyzed in detail by who is able to eavesdrop on the communications. Secondconsidering various performance metrics like storage, type of attacker is inside attacker a compromised nodecommunication and computation. The analysis shows that which is able to get all the secrets.Tree-Based scheme achieves rekey operation byperforming logm n communication with additionalstorage, whereas [8] achieves the same goal using 2n III. DESCRIPTION OF THE TREE - BASED SCHEMEcommunication. The CRT-Based scheme achieves rekey Sensors within a cluster are organized as m-ary [13]operation by performing one modulus and one EX-OR balanced tree with sensor nodes at the leaf as shown inoperation and no additional communication cost is Fig.1 where m is the degree of the tree. The tree isincurred. maintained by the cluster head which is CH-node. In Fig.1. s0,s2, …. , s8 represent sensor nodes within aThe paper is organized as follows : In Section II we cluster. Nodes within a cluster are again organized intoexplain notations, security goals and the threat model. smaller groups (called as subgroups) of fixed size basedSection III explains in detail the Tree-Based Scheme. In on the m value. This type of grouping reduces rekeySection IV we explain the CRT-Based Scheme. Section V operation when a node is compromised. Every sensorpresents the performance analysis of the proposed node shares a key with the cluster head called its privateschemes and finally we conclude in Section VI. key used to communicate with the cluster head securely, nodes k0,k1,…., k8 correspond to private keys. The keys II. SYSTEM MODEL k0-2, k3-5, k6-8 represent the keys that are shared by some In this section we discuss about assumptions and subset of sensors (called as intermediate keys).notations, security goals and threat model used in this Intermediate keys are used for intra group communicationpaper to construct the key management schemes. within a cluster. Key at the root of the tree is the cluster CKA. NotationsFollowing are some of the notations used in this paper : BS → Base Station k0-2 k3-5 k6-8 CH → Cluster Head S → Set of all sensor nodes in a cluster CCHK → Common Cluster Head Key n → Number of nodes in a cluster si → ith Sensor node k0 k1 k2 k3 k4 k5 k6 k7 k8 CK → Cluster Key s0 s1 s2 s3 s4 s5 s6 s7 s8 ki → Private key of the ith sensor node ki-j → Key k shared between the users from I to j Fig.1. s0-s8 are sensor nodes in a cluster and k0 to k8 {x}y → Encryption of x using key y are pre loaded private keys of sensors, k0-2, k3-5, k6-8 K → Set of pairwise relatively prime numbers are auxiliary keys and CK is the cluster keyB. Security Goals key (CK). CK is shared by all the nodes in the cluster. The main security goal considered in this paper is Nodes within a cluster can communicate securely usingconfidentiality : only the authorized nodes should be able CK. Every sensor node will store all the keys along theto read the messages transmitted between the nodes. The path from leaf to root of the tree. All CH-nodes in theconfidentiality requirements that we are achieving in the network form another m-ary tree which is maintained byTree-Based Scheme and CRT- Based Scheme are : base station. We call the key that is shared by all CH- 1. Non-group confidentiality : Nodes that are not in nodes as Common Cluster head Key (CCHK). CH-nodesthe cluster should not be able to access any key that can can communicate with each other using the key CCHK.be used to decrypt the message sent to the legitimatenodes. 2. Forward confidentiality : When a node is A. Security analysis of Tree-Based Schemecompromised, the scheme should ensure that the Security analysis is explained in this section by considering the following issues : Key establishment,© 2010 ACEEE 22DOI: 01.ijns.01.01.05
  3. 3. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010rekey operation as a result of events like node addition, heads and is distributed securely to nodes in the clusternode compromise and key refresh at regular intervals. by encrypting the CK using old cluster key CK. Similarly base station will change CCHK to CCHK and distributesKey establishment : Each sensor is pre loaded with a it to all CH-nodes securely by encrypting CCHK usingprivate key that it shares with its cluster head before CCHK.deployment. Initially all CH-sensors are pre loaded withall the keys that are assigned to sensor nodes. After IV. DESCRIPTION OF THE CRT-BASED SCHEMEdeployment all CH-sensors broadcast hello message toSN-sensors. Each SN-sensor selects the nearest CH- In this section we explain the basic Chinese remaindersensor as its cluster head. After receiving reply from SN- theorem, followed by the detailed description of the protocol for key establishment using CRT.sensors each CH-sensor will delete the keys of SN-sensors that are not there in its cluster. Each CH-sensorwill now construct a m-ary tree and assigns keys for each A. Chinese Remainder Theoremnode in the tree as explained in section III. Now, initially Let the numbers m=m1,m2,…,mt be positive integersCH-sensor will distribute all the keys along the path which are prime in pair, i.e., gcd(mi,mj)=1 for i ≠ j.from leaf to root of respective nodes by encrypting the Furthermore, let b1,b2, …, bt be integers. Then the systemkeys using private keys of the sensors. Upon receiving of congruences defined below has a simultaneousthe set of keys, SN-sensors can communicate with cluster solution X to all of the congruences and any twohead as well as other sensors with in the cluster using the solutions are congruent to one another modulo m.cluster key CK. x ≡ b1 (mod m1)Node Revocation / Node compromise : We assume that x ≡ b2 (mod m2)we have intrusion detection mechanism to detect node :compromise. As soon as a node is compromised x ≡ bt (mod mt)corresponding cluster head will change all the keys that The solution for this congruence system is obtained byare known to compromised node (i.e., keys along the path tfrom compromised nodes position to root of the tree).The changed keys are distributed securely to existing solving X= ∑b c . i =1 i i Where ci=Mi(Mi-1 mod mi) andnodes. For e.g. if say node s4 is compromised, keys k3-5 tand CK are changed to k3-5 and CK. First, k3-5 is M= ∏ m i , Mi = M/ mi . Mi-1 is multiplicative inverse of i =1encrypted using k3 and k5 and CK is encrypted using k0-2,k3-5, k6-8. Nodes s3 and s5 can decrypt the new Mi, to find multiplicative inverse Extended Euclid’sintermediate key k3-5 using the keys k3 and k5. Now, Algorithm is used.nodes s0,s1,s2 can decrypt the new cluster key CK usingthe key k0-2, s3 and s5 decrypt using k3-5 and nodess6,s7,s8 can decrypt using the key k6-8. If a single node is B. Key Establishment using CRT-based Schemecompromised the number of encryptions required todistribute new set of keys securely is m(h-1) where h is Following steps explain the key establishment process.the height of the tree. Initialization : Every SN-sensor is loaded with private key ki that it shares with the base station. The key ki isAddition of New node : A new node is pre loaded with a chosen from a key pool K of pairwise relatively primeprivate key that it shares with the cluster head. Base numbers. Initially each CH-sensor is loaded with thestation encrypts the private key of the new SN-sensor information of all SN-sensors in the network (i,e,Node IDusing the CCHK that is maintained for cluster heads and and its corresponding private key of all the nodes arethe same is sent. Upon receiving the message from base stored ).station each CH-sensor will have the informationregarding the new node. Each CH-node will now Cluster Formation : After deployment all CHs (i.e.,broadcast Hello message to newly added SN-sensor. Now CH-sensors) broadcast Hello message to other sensors inas in initial setup phase SN-sensor will choose nearest the network. Each sensor selects the nearest CH-sensor asCH-sensor as its cluster head. Now the cluster head will its Cluster Head. After receiving reply from SN-sensorsfind an appropriate position for the new node in the tree each Cluster Head will delete the keys of the SN-sensorsand tree is updated (i.e., all the keys along the path that are not there in its cluster.including the cluster key are changed). Cluster head will Building Congruence System : In this step each CHnow distribute new set of keys to corresponding nodes as selects initial cluster key CK and constructs congruencewell as the new node will receive all the keys along the system using this initial key as follows :path. In order to distribute the changed keys securelycluster head uses private key of the new node and for X ≡ p1 (mod k1)other nodes it uses previous cluster key CK. X ≡p2 (mod k2) :Key Refresh : In order to achieve key freshness it is X ≡ pn (mod kn)required to change the cluster key CK as well as Where p1← CK ⊕ k1, p2← CK ⊕ k2 … pn← CK ⊕ knCommon Cluster Head Key CCHK periodically. The and k1 … kn are private keys assigned to each nodecluster key CK is changed to CK by respective cluster© 2010 ACEEE 23DOI: 01.ijns.01.01.05
  4. 4. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010which are chosen from a pool of pairwise relatively prime value each node will compute the required cluster keynumbers. CK.Find Solution :Cluster Head will solve the congruence Key Refresh : In order to achieve key freshness it issystem and compute the value of X. required to change the cluster key CK periodically. To change the key at regular interval the Cluster Head willBroadcast X: The X value computed by solving the choose a new CK and for the selected CK it builds newcongruence system in the previous step is broadcasted congruence system and solve the system to compute newsuch that other nodes in the network will receive this X value. CH broadcasts the computed X value so thatvalue. other nodes can compute the new CK.Key computation by other nodes : Each sensor will V. PERFORMANCE ANALYSISnow compute the CK as : CK ←((X mod ki) ⊕ ki). Storage : In the Tree-Based Scheme each SN-sensor is required to store logm n keys (i.e., keys along the pathC. Security analysis of CRT-Based Scheme from leaf to root of the tree) where n is the number ofIn this section we explain in detail the events like node nodes in a cluster and m degree of the tree. Each CH-addition, node compromise and key refresh at regular sensor is required to store h mi keys, where h is theinterval. ∑ i−0Node Revocation / Node compromise: We assume thatwe have intrusion detection mechanism to detect node height of the tree and m the degree of the tree. In thecompromise. As soon as a node is compromised CRT-Based Scheme no additional storage is required bycorresponding cluster head will construct new SN-sensors, each SN-sensor will store only its private keycongruence system as explained in the Building ki. For the scheme in [8] the storage is : for a key sharingcongruence system phase of section IV B. Suppose if the probability of 0.8 SN-sensor stores 5 generation keys andcompromised node is sj with private key kj then the new CH-sensor approximately 250 generation keys.congruence system constructed by Cluster Head is Computation :In Tree-Based Scheme, computation costs are measured in terms of number of encryptions. Total X ≡ p1 (mod k1) number of encryptions performed by cluster head (CH- X ≡p2 (mod k2) node) in case of node addition are 2(h-1) where h is the : tree height. For node addition computation with respect to X ≡pj-1 (mod k j-1) SN-sensor not in the path of the joining node is one and X ≡pj+1 (mod k j+1) for the SN-sensor in the path of joining node computation : is equal to (h-1) decryptions. When a single node is X ≡pn (mod kn) compromised, total number of encryptions are m(h-1). In order to compute the new cluster key CK in CRT- For the above congruence system cluster head will find Based Scheme each SN-sensor in the cluster is required tothe solution X and broadcast the X value. Now other perform one modulus operation and one EXORnodes in the cluster except the compromised node will be operation. CH-sensor is required to solve the congruenceable to compute the new cluster key CK using the X system as a result of events like node addition, nodevalue as explained in above protocol. compromise or to refresh the key at regular interval. TheAddition of New node : A new node is pre loaded with a computation cost incurred at cluster head to solve theprivate key that it shares with the cluster head. Base congruence system is O(t(log m)3) + O(t(log m)2) as perstation encrypts the private key of the new SN-sensor the analysis of Chinese Remainder Theorem in [12].using the CCHK that is maintained for cluster heads and Communication : Communication cost are studied inthe same is sent. Upon receiving the message from base terms of number of messages that are exchanged in orderstation each CH-sensor will have the information to change the required keys. In Tree-Based Scheme forregarding the new node. Each CH-node will now events like node addition and node compromise, thebroadcast Hello message to newly added SN-sensor. Now number of messages constructed and communicated varyas in initial setup phase SN-sensor will choose its cluster from one to logm n which is the communication costhead. After the node is admitted to a particular cluster, in incurred at CH-sensor. Similarly each SN-sensororder to compute new key CK the cluster head will build performs either one or logm n receive operations. For keynew congruence system, if the new node added is say sj refresh each CH-sensor performs one transmit operationswith private key kj then the congruence system and SN-sensor one receive operation in order to updateconstructed by cluster head is : the cluster key. X ≡ p1 (mod k1) X ≡p2 (mod k2) In CRT-Based Scheme, when a node is added or : compromised the cluster head constructs new congruence X ≡pj (mod k j) system in order to change the key. The computed X value : is distributed using single broadcast message to other X ≡pn (mod kn) nodes in the cluster. Each SN-sensor performs oneThe cluster head solve the above congruence system and receive operation to get the value of X, using which theybroadcast the computed X value. Upon receiving the X can compute the key CK. The communication cost incurred in the CRT-Based Scheme is : one transmit operation by CH-sensors(cluster head) and one receive© 2010 ACEEE 24DOI: 01.ijns.01.01.05
  5. 5. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010operation by SN-sensors(other nodes in the cluster). The [6] L.Eschenauer and V.D.Gligor. A key managementtable below summarizes the communication costs scheme for distributed sensor networks. Inincurred by the proposed schemes and the scheme in [8]. Proceedings of the 9th ACM conference Computer and Communications security, pages 41-47, November 2002. TABLE 1: DEPICTS STORAGE AND COMMUNICATION REQUIREMENT [7] J.Hwang and Y.Kim. Revisiting random key pre FOR THE PROPOSED SCHEMES AND THE SCHEME BY SAJID ET.AL. distribution schemes for WSN. In Proc. of the 2nd ACM workshop on Security of ad hoc and Storage Communication sensor networks , pp.43-52, 2004. [8] S.Hussain, F.Kausar, and A.Masood. An Efficient Key Distribution Scheme for Heterogeneous CH SN CH SN Sensor Networks. IWCMC07, 2007. Sensor Sensor Sensor Sensor [9] D.Liu and P.Ning. Establishing pairwise keys inTree h 1 to 1 to distributed sensor networks. In proceedings of theBased ∑ mi logm n logm n logm n 10th ACM conference on Computers and i−0 Communication Security (CCS03). pp.52-61,Scheme transmit receive 2003.CRT 1 1 [10] K.Lu, Y.Qian and J.Hu. A framework forBased n+1 2 Broadcast receive distributed key management schemes inScheme Message Operation heterogeneous wireless sensor networks. In IEEEScheme n 2 International Performance Computing andBy Sajid 250(app 5(appx) transmit transmit Communications Conference, pages 513-519,et.al x) keys keys + + 2006. [11] R.D.Pietro, L.V.Mancini, and A.Mei. Random n receive (p+1) Key assignment to secure wireless sensor receive networks. In 1st ACM workshop on Security of Ad Hoc and Sensor Networks, 2003. VI. CONCLUSION [12] Samuel S. Cryptanalysis of Number Theoretic Ciphers. CRC Press, 2003. The paper presents new schemes for key management [13] C.Wong, M.Gouda, and S. Lam, Secure Groupfor confidential communication between node and its Communication Using key Graphs. Incluster head in hierarchical sensor networks. The schemes proceedings of the ACM SIGCOMM98, Oct.1998.are analyzed in detail with respect to security and [14] Xinliang Zheng, Chin-Tser Huang and Mantonperformance. Performance analysis shows that Tree- Matthews, Chinese Remainder Theorrem BasedBased Scheme exhibits better performance which Group Key Management. ACMSE, 2007.achieves rekey operation by performing logm n [15] S.Zhu, S.Setia, and S.Jajodia. LEAP : Efficientcommunications with some additional storage. In CRT- Security Mechanisms for Large Scale Distributed Sensor Networks. In Proc. of 10th ACMBased Scheme key is established in an efficient way for Conference on Computers and Communicationnode addition, node compromise and also at regular Security (CCS03), 2003.intervals. The communication cost incurred at each nodefor establishing key is one receive operation andcomputation cost incurred is one modulus operation andone EX-OR operation by each node. REFERENCES [1] H.Chan and A.Perrig. and D.Song. Random key pre distribution schemes for sensor networks. IEEE symposium on Research in Security and Privacy, pages 197-213, 2003. [2] Y.Cheng and D.P.Agrawal. Efficient pairwise key establishment and management in static wireless sensor networks. In Second IEEE International Conference on Mobile ad hoc and Sensor Systems, 2005. [3] W.Du, J.Deng, Y.S.Han, and P.K.Varshney. A pairwise key pre distribution scheme for wireless sensor networks. In Proc. of the 10th ACM conference of Computers and Communication Security (CCS03). pp.42-51, 2003. [4] X.Du, M.GUizani, Y.Xiao, S.Ci, and H.H.Chen, A Routing-Driven Elliptic Curve Cryptography based Key Mangement scheme for Heterogeneous Sensor Networks. IEEE transactions on Wireless Communications. [5] X.Du and F.Lin. Maintaining Differential coverage in heterogeneous sensor network. EURASIP Journal of Wireless Communications and Networking, (4):565-572, 2005. 25© 2010 ACEEEDOI: 01.ijns.01.01.05

×