Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks


Published on

Providing security in wireless sensor networks is
a very crucial task. Because of its dynamic nature (no fixed
topology) and resource constraint devices. Which has limited
computational abilities, memory storage and physical
restrictions. Advancement in the field of intrusion and
evaesdroping has increased challenges for a secure
communication between nodes. So, establishments of pair wise
keys in a wireless network becomes a vital issue. Hence,
securely distributing keys among sensor nodes is a
fundamental challenge for providing seamless transmission
and security services. Having little resources in our hand,
it is always a tough task to design and implement protocols.
But this paper proposes a new robust key pre-distribution
scheme which resolves this issue without compromising
security. This paper presents a new mechanism to achieve
pair wise keys between two sensor nodes by using the
algebraic, exponential, logarithm functions and prime
numbers. The resilience method under this scheme is based
on discontinuous functions which is hard to be spoofed.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks

  1. 1. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011 Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks Nayan1 , Swapnil Singh2, Mahesh Kumar Bhandari3 and Sanjay Kumar4 1 ,2,3 ,4 I cf ai U niversity, Department of C omputer Science, Dehradun , I ndia, Email: 1nayan366, 2swapnilsingh17, 3mahesh.kamtess, 4sanju2077@gmail.comAbstract —Providing security in wireless sensor networks is algorithm, public key cryptography and digital signaturea very crucial task. Because of its dynamic nature (no fixed methods. The public key and digital signature method istopology) and resource constraint devices. Which has limited not suitable for small sensor because of two reasonscomputational abilities, memory storage and physical • Economicallyrestrictions. Advancement in the field of intrusion and • large amount of energy is used in signature methodsevaesdroping has increased challenges for a securecommunication between nodes. So, establishments of pair wise The other methods became fragile due to advancement inkeys in a wireless network becomes a vital issue. Hence, intrusion and eavesdroping techniques. Recently a newsecurely distributing keys among sensor nodes is a method of LDU decomposition method of numerical anal-fundamental challenge for providing seamless transmission ysis is been designed by Park, Choi, and Youn [5] which isand security services. Having little resources in our hand, one of the best method for generation of pair wise keys init is always a tough task to design and implement protocols. sensor networks. but prediction of element of diagonal matrixBut this paper proposes a new robust key pre-distribution make it vulnerable to attacker.scheme which resolves this issue without compromising Our technique which is based on two fundamentalsecurity. This paper presents a new mechanism to achieve principle of number system. We have used prime numberpair wise keys between two sensor nodes by using thealgebraic, exponential, logarithm functions and prime concept and various types of algebraic, logarithmic,numbers. The resilience method under this scheme is based exponential and some discontinuous function. By usingon discontinuous functions which is hard to be spoofed. the prime numbers we have immaterialize the prediction aspects because it is not easy to predict prime numbers .It I. INTRODUCTION has only two factors 1 and number itself. We are not taking 1 into account for our calculation. The advancement of computer literacy in world is The rest of the paper is organized as follows. Nextvery much dependent upon internet and various types of section contains literature survey and motivation forinformation. Wireless sensor networks acts as a bridge in our work. In Section 3, we propose the key distributionbetween the development and computer literacy. Wsns scheme for two nodes and individual nodes between aconsist of small nodes which is a paradigm of small node and a sink node. Section 4 provides resilience andcomputers. It consist of memory space, a small processor contains methods of improvement in our scheme. Sectionand lifelong battery. Since another source of energy is 6,7 ends the paper with conclusions and power. These sensor nodes are deployed in hostileenvironments of military areas and forest. Where nothing II. RELATED WORKcan be handled manually nor updation of resources ispossible. These sensor nodes has a special type of sensor There are various key distribution schemes areinstalled with them which works on heat ,light and avail- able. But Ecliptic curve schemes[1] are the basis ofpressure e.t.c. a light sensor communicate with another modern key distribution schemes. As the sciencelight sensor and in same fashion heat and pressure nodes progressed various Ref[7]Deterministic key distributionworks. The basic topology consist of large number of sensor schemes are launched. Other methods include publicnodes and a sink node. A sink node is like a base station key cryptography and digital Signature methods whichwhere all the data are organized and processed which is not suitable for tiny wireless Sensors. Deterministic keygathered by different sensor nodes. Sink node has a large methods include SNEP, TESLA,SPIN Which has theirmemory space, more powerful processing units and robust advantages and disadvantages. Neither of them hassecurity techniques. The most important part in wireless holistic approach to deal with wireless network. Recentlysensor network re- volves round a crucial juncture i.e. The Park, Choi and Youn proposed a new scheme called Ref[5]Away of communica- tion between different sensor nodes. noble key pre-distribution scheme with LU matrix for secureSecure establishment of pair wise keys between two sensor wireless sensor networks. According to this scheme, thenodes is very impor- tant. Because it deals with various base station creates a large pool of elements and selectssecurity aspects like authentication, data integrity, non- randomly some numbers elements from the pool torepudation e.t.c.. Vari- ous techniques have been discovered construct a symmetric matrix . After constructing thisand implemented, few examples are Difflie-hellman, RSA symmetric matrix, the base station applies LU decomposition© 2011 ACEEE 10DOI: 01.IJNS.02.04.537
  2. 2. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011for calculating and matrices by using some formula. if x is a prime number greater than 3.If that x contains 5 in unit‘s place then it should be removed because that III. NEW PROPOSED KEY DISTRIBUTION SCHEME number will be divisible by 5 and it will not be a prime number The given equation check values for positive integer. We start with a brief description of various concepts • Step1.2:- each node is deployed with different typesand definitions used in this paper. functions like:A. Definition: (group1 ) Algebraic (group 2 ) Logarithmic (group 3 ) • Definition 1 : prime number :-a number which has only Exponential (group4 ) Discontinuous2 factors 1 and number itself. • Sensitiveness of function depends upon environment• Definition 2 : A hash function (H)is any well-defined where it is employed. Like for house hold worksprocedure or mathematical function that converts a large, algebraic functions with low degrees are used. Places wherepossibly variable-sized amount of data into a small datum, high security is required then exponential and logarithmusually a single integer that may serve as an index to an functions are used. Functions are taken from squarearray. The values returned by a hash function are called matrix for sensor nodes. During the selection of functionshash values, hash codes, hash sums, or simply hashes. to each node is done in such a way that there must be at least• Definition 3: Discontinuous function: a function is said to one common function is pre deployed in nodes. If this doesbe discontinuous at a point where neither its lower value not happen then node will able to make connection withexist nor upper value. At that point the function is not other node , with the help of common functions which isdefined. shared between any other sensor nodes(i.e. generation• Definition 4: A reverse function (R) is a function that of path key).In case of logarithmic and exponential functionsrearranges the entries of a tuple in a reverse order ex:- approximation is done so that actual prime values areR((m,n,p,q))=(q,p,n,m) calculated.• Definition 5: If a square matrix A has the property AT = A, • Phase 2:-( connection between two nodes)where transpose of matrix A is denoted by AT • step 1. For pair wise establishment between two sensor nodes only three group functions is used.B. Node to Node Pair wise Key establishment Group4 functions will only used in resilience which will Generation of functions to deploy in nodes be discussed in later chapter. First node say (nodea ) sendsAll the functions which are used in pairwise generation of number of values for (nodeb).These values are calculatedkeys is pre-deployed with the help of large square matrix. by a on a function say f (x) = (x2 + 2).Node takeslet‘s say a network has 1000 nodes then a matrix of n × n is values as(13,17,19) because these values are primeused. n will basically half of total number of nodes. The numbers. After taking these values, these values arematrix has 20 functions 5 each of from calculated over any algebraic function. Let say f (x) = (x24 different groups (Algebraic ,Logarithmic, Exponential, + 2) Values are (171,291,363) and (nodea ) has applied hashdiscontinuous ).From matrix functions are deployed as functions. H (171, 291, 363) = (h1 , h2 , h3 ) R(h1 , h2 ,node(a) will have a first row of matrix and node(b) will h3 ) = (h3 , h2 , h1 )have first column of matrix. This distribution will create at • Step 2: when (nodeb ) receives these data it decrypts usingleast a common function between them. Same distribution reverse function and applying hash function in same mannerwith alternate row and column is followed with every as it is been encrypted. It calculates the value of x bynode. Separate matrixes of 20 × 20 is used to deploy using different functions which is already deployed infunctions. Each matrices have some common rows and node. After calculating these values it checks whether thecolumns. This will create common functions between x is a prime number or not. if x is a prime number then itdifferent nodes and will reduce the formation of path sends another copy of numbers for node a Using samekeys. Each matrixes have some common rows,common function, hash function and reverse function. The valuescolumn and common functions.This improves probability are different than the previous data.of common functions between two nodes and time taken • Step 3: when (nodea ) receives the values it againfor connection establishment. calculates and check the function type .if same function type is there then in that case the pair wise key establishment is generated between two nodes. • Step 4: After establishment of a secure connection between two nodes ,all the data which have been send for connection establishment is deleted. There are two advantages of this 1) Memory usage is reduced because there is no need to store that values.• phase 1: First phase: (pre-deployment work) 2) It has improved security between two nodes.• Step 1.1:- Each sensor nodes have a particular func-tion Remainder((x2-1)/24)) = 0 (1)© 2011 ACEEE 11DOI: 01.IJNS.02.04.537
  3. 3. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011B.1 Advantages of proposed protocol N=1000,m=4,k=20 Number of keys= 20 + log • By using prime number concept we are minimizing the (1000/4) = 22.39prediction values which is send for connection establishment. N=2000, m=4, k= 20 Number of keys = 20+ logsince there are only two factors of prime number 1 and (2000/4) = 22.69.number itself. an eavesdropper cannot able to take value • Number of neighboring nodes:because formula is only applicable for number greater Ref[8]The upper range or maximum number of neighboringthan 3. And there are no multiples of prime number. prime nodes in a network can be calculated with the help ofnumber has only two factors one and number itself and ((N modulus10) + 1)we are not considering one. so ultimately she has to (3) N = total number of nodes inside a network Fordiscover correct prime number. Which is not an easy task N=1000 total number of neighboring nodes= 101 N=because after that she have to find the function which we are 2000 total number of neighboring nodes=201using for generation of pair wise keys.• By using this algorithm a node can be connected with IV. RESILENCE IN PROPOSED ALGROITHMother sensor nodes with same function with different sets • Ref[2] It is defined as the number of the secure linksof values and also different functions which improves that are compromised after a certain number of nodes aresecurity threat and a challenging task for eavesdropper. captured by adversaries. We need to find the additionalC. Number of keys using the above protocol communication among uncaptured nodes that an adversary Ref[9]For dense sensor field (suppose there are aver- can compromise based on the information retrieved fromage k neighbors per node). Every sensor node has different captured nodes. Using Gilgor and Eschenaur schemefunctions which is grouped (m). N is the size of the probability of compromising the shared key between anywireless network (i.e.) number of nodes. Each group has n two non captured notes.= (N/m) keys to communicate with different neighboring P compromised = (1 - (1 - (q/N ))x ) (4)nodes. Each sensor node is pre deployed with 15 functions Where q= total number of keys in network, N=total numberwhich is grouped in 3 parts .These 15 keys constitute number of nodes, x=number of compromised nodes.of pair wise keys and log(n)group keys are there. • Case:1 If adversary did not get any information from keys(q) = k + log(n) = k + log(N/m) (2) compromised nodes about non compromised nodes.For example:- N=1000, m=3, k=15 Number of keys we can say that x=0. For N=1000 ,x=0= 15+ log (1000/3)=15+2.52=17.52 P compromised = (1 - (1 - (q/N ))0) = 0.For N=2000, m=3 k=15 Number of keys= 15+ log • Case2: if there are compromised nodes.(2000/3)=15+2.82=17.82 For N=1000 assumed x=1 P compromised =So by increasing the network size there is little increment (1 - (1 - ((15.72/1000))1)of keys on the network. An additional group of function is =.0152 For x=4deployed in every sensor nodes. these group consist of P compromised = (1 - (1 - (15.72/1000))4)discontinuous functions like:f (x) = 1/(1-x2 ) which is =(1-.9385)discontinuous at x=+-1these group are only used in the =.061case attack on sensor nodes. After attack if these malicious • We can see that as the number of compromised nodessensor nodes is deployed in network then these special types are increasing probability of compromised is increasing.of function is multiplied with any normal group of But keys is not only a sole criteria through which afunctions . And whole of the process is repeated for network will be compromised. It depends upon theestablishment of connection between that node and sink information which is retrieved through a particular node.node (base station).after connection is established between In our scheme an attacker can get information only aboutthat malicious node and sink node then this node is free to the functions which are stored in that node. but the setsconnect with any node in that particular network. In that of values over any function still remains an area which issituation the number of keys in particular node will be hard to crack. Because it is the values which is essentialincreased such that. for pair wise generation of keys not functions.© 2011 ACEEE 12DOI: 01.IJNS.02.04.537
  4. 4. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011 TABLE I. NODE TO NODE PAIR WISE KEY ESTABLISHMENTA. Methods to improve resilience is also called individual key which is generated between sink node and node. A new implementation is done with pair wise Suppose a situation comes in which a node is captured.After some modification that compromised node is again keys. Functions having point of discontinuity isdeployed in same environment. Then in that case it has to introduced with normal functions. We have grouped fourestablish connection with sink node for further transmis- type of functions, in one group we will deploy functionssion .without successful establishment of individual keys it like f (x) = 1/(1 -x2 ). which is discontinuous at x = + -will not be able to perform its transmission with other (1).When a node want to set up individual keys with sinkneighboring nodes. Every node has a unique initialization node with the functions values it can also send valuesvector(iv) or called id‘s .These id‘s are stored in the base evaluated on this new type discontinuous function. it isstation. if any node is deployed after eavesdrop then ithas to send its id to base station checks that id with the done on the same way as previous one only a new step isstored value , if it matches then it is able to function as introduced.previously. Otherwise it will be discarded from the Ex:- suppose node (b) is captured after modifications it isnetwork and no transmission line is generated either with again deployed in network.sink node or neighboring nodes. This method will not • Step 1: it has to connect with sink node before normalincrease the burden of sink node because nothing stored. functioning. It has to generate pair wise keys using theThis topic is more elaborated in next section. deployed functions with special type of discontinuous functions.B. Method to evaluate a malicious node in the network by • Step2 : it has to transmit computational time(Ctm ) andsink node node(id‘s)(Nid ) with values which is calculated over • Transmission between a node and sink node(base particular function say= f (x) = ex/(1 -x2).station) is always a vital transmission in wireless sensor • Step3 : sink node computes the value to find the functionnetworks. Because all the information which is gathered is on which the value is calculated and it stores thetransmitted to sink node for further processing. so an computational time. It matches computational time with theadditional security is needed with above pair wise keys. It send values. If value matches then node is allowed from© 2011 ACEEE 13DOI: 01.IJNS.02.04. 537
  5. 5. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011transmission otherwise it is discarded and that node(id) is VII. ACKNOWLEDGMENTtransmitted all over the network to all nodes. That particular The author wants to thank Mr. Gaurav Srivastava, Mr.node is not used for carrying data in future use. Nishi Mani and Mr. Amit Kumar for there motivational support throughout this paper. V. ALGORITHM TO CHECK MALICIOUS NODE IN NETWORK Suppose Nodeb is captured by an intruder and some REFERENCESmodifications is done. After that these are steps which [1] ( Whitfield Diffie and Martin E. Hellman), New Directionshave to be followed by that malicious node before in Cryptography, year 1976functioning as usual. [2] Laurent Eschenauer and Virgil D. Gligor,A key-management1: N odeb has to set up pair wise key with sink node using scheme for distributed sensor networks, ACM Conference ondiscontinuous function. Computer and Communications Security, (year 2002, pages2: it has to send evaluated values on which computation is 41-47), {http : / / doi . acm . org / 10 . 1145 / 586110 . 586117} ,done along with computational time and own nodeid DBLP , http : / / dblp . uni-trier . de3: after receiving that value sink node will find that func- [3] Sencun Zhu and Shouhuai Xu and Sanjeev Setia and Sushiltion on which evaluation is done. Jajodia, Establishing Pair wise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach,4: Sink node will evaluate same data set on same function (year2003,pages326-335,http : / / csdl . computer . org / comp /and calculate computation time. proceedings / icnp / 2003 / 2024 / 00 / 20240326abs . htm, bib-5: Sink node will compare computational time which is source = DBLP, http://dblp.uni-trier.desend by malicious node with the time which is calcu- lated [4] Perrig, Adrian and Szewczyk, Robert and Wen, Victorby itself and Culler, David and Tygar, J. D.,SPINS: security6: if computational time is correct then that node is al- protocols for sensor networks, MobiCom ’01:Proceedingslowed to communicate with network. of the 7th annual international conference on Mo- bile7: otherwise that particular nodei d is transmitted over computing and networking,year2001,pages = 189–199, http :whole network and that node is discarded from normal / / doi . acm . org / 10 . 1145 / 381677 . 381696 [5] Chang-Won Park and Sung Jin Choi and Hee Yong Youn,Afunctioning. Noble Key Pre-distribution Scheme with LU Matrix for8: End. Secure Wireless Sensor Networks, year2005,pages = 494- 499,http : / / dx . doi . org / 10 . 1007 / 11596981 _ 73, VI. CONCLUSIONS [6] Adrian Perrig and Robert Szewczyk and Victor Wen and David E. Culler and J. D. Tygar”, SPINS : security protocols The proposed algorithm is suitable for all type of for sensor networks”, “Mobile Computing and Networking”,network places. The randomness of functions make it pagesalmost impossible for eavesdropper to predict which “189-199”,year”2001",function is working and corresponding values which are [7] Lee J. and Stinson D.,” Deterministic key pre-used in connection. values and function provide a two way distribution schemes for distributedsecurity. Because for a same function two sets of values sensor networks”, http :are different from each other. After the node capture also / / www . cacr . math . uwaterloo . ca / dstinson / pubs . html, year “2004”node i d and computational time over particular [8] Mary Mathews, Min Song, Sachin Shetty, Rickdiscontinuous function make aware of malicious node to McKenzie Detecting Compromised Nodes in Wireless Sensorentire network. The future work will revolve around to Networks Eighth ACIS International Conference on Softwaredecrease the time which is used for connection establishment Engineering, Artificial Intelligence, Networking, and Parallel/and to minimize energy consumption. One technique is Distributed Computingused when the nodes are only active when packets of data [9] Eric Ke Wang, Lucas C.K.Hui and S.M.Yiu A New Keyis arriving otherwise rest of time it is in sleep mode this will Establishment Scheme For Wireless Sensor Networks journalsave energy. “International Journal of Network Security and Its Applications (IJNSA)”, Vol 1, No 2, July 2009© 2011 ACEEE 14DOI: 01.IJNS.02.04. 537