More Related Content Similar to Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks (20) More from IDES Editor (20) Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks1. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
Pairwise Keys Generation Using Prime Number
Function in Wireless Sensor Networks
Nayan1 , Swapnil Singh2, Mahesh Kumar Bhandari3 and Sanjay Kumar4
1 ,2,3 ,4 I cf ai U niversity, Department of C omputer Science, Dehradun , I ndia,
Email: 1nayan366, 2swapnilsingh17, 3mahesh.kamtess, 4sanju2077@gmail.com
Abstract —Providing security in wireless sensor networks is algorithm, public key cryptography and digital signature
a very crucial task. Because of its dynamic nature (no fixed methods. The public key and digital signature method is
topology) and resource constraint devices. Which has limited not suitable for small sensor because of two reasons
computational abilities, memory storage and physical • Economically
restrictions. Advancement in the field of intrusion and
• large amount of energy is used in signature methods
evaesdroping has increased challenges for a secure
communication between nodes. So, establishments of pair wise The other methods became fragile due to advancement in
keys in a wireless network becomes a vital issue. Hence, intrusion and eavesdroping techniques. Recently a new
securely distributing keys among sensor nodes is a method of LDU decomposition method of numerical anal-
fundamental challenge for providing seamless transmission ysis is been designed by Park, Choi, and Youn [5] which is
and security services. Having little resources in our hand, one of the best method for generation of pair wise keys in
it is always a tough task to design and implement protocols. sensor networks. but prediction of element of diagonal matrix
But this paper proposes a new robust key pre-distribution make it vulnerable to attacker.
scheme which resolves this issue without compromising Our technique which is based on two fundamental
security. This paper presents a new mechanism to achieve
principle of number system. We have used prime number
pair wise keys between two sensor nodes by using the
algebraic, exponential, logarithm functions and prime concept and various types of algebraic, logarithmic,
numbers. The resilience method under this scheme is based exponential and some discontinuous function. By using
on discontinuous functions which is hard to be spoofed. the prime numbers we have immaterialize the prediction
aspects because it is not easy to predict prime numbers .It
I. INTRODUCTION has only two factors 1 and number itself. We are not taking
1 into account for our calculation.
The advancement of computer literacy in world is The rest of the paper is organized as follows. Next
very much dependent upon internet and various types of section contains literature survey and motivation for
information. Wireless sensor networks acts as a bridge in our work. In Section 3, we propose the key distribution
between the development and computer literacy. Wsns scheme for two nodes and individual nodes between a
consist of small nodes which is a paradigm of small node and a sink node. Section 4 provides resilience and
computers. It consist of memory space, a small processor contains methods of improvement in our scheme. Section
and lifelong battery. Since another source of energy is 6,7 ends the paper with conclusions and Acknowledgement.
solar power. These sensor nodes are deployed in hostile
environments of military areas and forest. Where nothing II. RELATED WORK
can be handled manually nor updation of resources is
possible. These sensor nodes has a special type of sensor There are various key distribution schemes are
installed with them which works on heat ,light and avail- able. But Ecliptic curve schemes[1] are the basis of
pressure e.t.c. a light sensor communicate with another modern key distribution schemes. As the science
light sensor and in same fashion heat and pressure nodes progressed various Ref[7]Deterministic key distribution
works. The basic topology consist of large number of sensor schemes are launched. Other methods include public
nodes and a sink node. A sink node is like a base station key cryptography and digital Signature methods which
where all the data are organized and processed which is not suitable for tiny wireless Sensors. Deterministic key
gathered by different sensor nodes. Sink node has a large methods include SNEP, TESLA,SPIN Which has their
memory space, more powerful processing units and robust advantages and disadvantages. Neither of them has
security techniques. The most important part in wireless holistic approach to deal with wireless network. Recently
sensor network re- volves round a crucial juncture i.e. The Park, Choi and Youn proposed a new scheme called Ref[5]A
way of communica- tion between different sensor nodes. noble key pre-distribution scheme with LU matrix for secure
Secure establishment of pair wise keys between two sensor wireless sensor networks. According to this scheme, the
nodes is very impor- tant. Because it deals with various base station creates a large pool of elements and selects
security aspects like authentication, data integrity, non- randomly some numbers elements from the pool to
repudation e.t.c.. Vari- ous techniques have been discovered construct a symmetric matrix . After constructing this
and implemented, few examples are Difflie-hellman, RSA symmetric matrix, the base station applies LU decomposition
© 2011 ACEEE 10
DOI: 01.IJNS.02.04.537
2. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
for calculating and matrices by using some formula. if x is a prime number greater than 3.If that x contains 5
in unit‘s place then it should be removed because that
III. NEW PROPOSED KEY DISTRIBUTION SCHEME number will be divisible by 5 and it will not be a prime
number The given equation check values for positive integer.
We start with a brief description of various concepts
• Step1.2:- each node is deployed with different types
and definitions used in this paper.
functions like:
A. Definition: (group1 ) Algebraic (group 2 ) Logarithmic (group 3 )
• Definition 1 : prime number :-a number which has only Exponential (group4 ) Discontinuous
2 factors 1 and number itself. • Sensitiveness of function depends upon environment
• Definition 2 : A hash function (H)is any well-defined where it is employed. Like for house hold works
procedure or mathematical function that converts a large, algebraic functions with low degrees are used. Places where
possibly variable-sized amount of data into a small datum, high security is required then exponential and logarithm
usually a single integer that may serve as an index to an functions are used. Functions are taken from square
array. The values returned by a hash function are called matrix for sensor nodes. During the selection of functions
hash values, hash codes, hash sums, or simply hashes. to each node is done in such a way that there must be at least
• Definition 3: Discontinuous function: a function is said to one common function is pre deployed in nodes. If this does
be discontinuous at a point where neither its lower value not happen then node will able to make connection with
exist nor upper value. At that point the function is not other node , with the help of common functions which is
defined. shared between any other sensor nodes(i.e. generation
• Definition 4: A reverse function (R) is a function that of path key).In case of logarithmic and exponential functions
rearranges the entries of a tuple in a reverse order ex:- approximation is done so that actual prime values are
R((m,n,p,q))=(q,p,n,m) calculated.
• Definition 5: If a square matrix A has the property AT = A, • Phase 2:-( connection between two nodes)
where transpose of matrix A is denoted by AT • step 1. For pair wise establishment between two
sensor nodes only three group functions is used.
B. Node to Node Pair wise Key establishment Group4 functions will only used in resilience which will
Generation of functions to deploy in nodes be discussed in later chapter. First node say (nodea ) sends
All the functions which are used in pairwise generation of number of values for (nodeb).These values are calculated
keys is pre-deployed with the help of large square matrix. by a on a function say f (x) = (x2 + 2).Node takes
let‘s say a network has 1000 nodes then a matrix of n × n is values as(13,17,19) because these values are prime
used. n will basically half of total number of nodes. The numbers. After taking these values, these values are
matrix has 20 functions 5 each of from calculated over any algebraic function. Let say f (x) = (x2
4 different groups (Algebraic ,Logarithmic, Exponential, + 2) Values are (171,291,363) and (nodea ) has applied hash
discontinuous ).From matrix functions are deployed as functions. H (171, 291, 363) = (h1 , h2 , h3 ) R(h1 , h2 ,
node(a) will have a first row of matrix and node(b) will h3 ) = (h3 , h2 , h1 )
have first column of matrix. This distribution will create at • Step 2: when (nodeb ) receives these data it decrypts using
least a common function between them. Same distribution reverse function and applying hash function in same manner
with alternate row and column is followed with every as it is been encrypted. It calculates the value of x by
node. Separate matrixes of 20 × 20 is used to deploy using different functions which is already deployed in
functions. Each matrices have some common rows and node. After calculating these values it checks whether the
columns. This will create common functions between x is a prime number or not. if x is a prime number then it
different nodes and will reduce the formation of path sends another copy of numbers for node a Using same
keys. Each matrixes have some common rows,common function, hash function and reverse function. The values
column and common functions.This improves probability are different than the previous data.
of common functions between two nodes and time taken • Step 3: when (nodea ) receives the values it again
for connection establishment. calculates and check the function type .if same function
type is there then in that case the pair wise key establishment
is generated between two nodes.
• Step 4: After establishment of a secure connection between
two nodes ,all the data which have been send for connection
establishment is deleted. There are two advantages of this
1) Memory usage is reduced because there is no need to
store that values.
• phase 1: First phase: (pre-deployment work) 2) It has improved security between two nodes.
• Step 1.1:- Each sensor nodes have a particular func-tion
Remainder((x2-1)/24)) = 0 (1)
© 2011 ACEEE 11
DOI: 01.IJNS.02.04.537
3. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
B.1 Advantages of proposed protocol N=1000,m=4,k=20 Number of keys= 20 + log
• By using prime number concept we are minimizing the (1000/4) = 22.39
prediction values which is send for connection establishment. N=2000, m=4, k= 20 Number of keys = 20+ log
since there are only two factors of prime number 1 and (2000/4) = 22.69.
number itself. an eavesdropper cannot able to take value • Number of neighboring nodes:
because formula is only applicable for number greater Ref[8]The upper range or maximum number of neighboring
than 3. And there are no multiples of prime number. prime nodes in a network can be calculated with the help of
number has only two factors one and number itself and ((N modulus10) + 1)
we are not considering one. so ultimately she has to (3) N = total number of nodes inside a network For
discover correct prime number. Which is not an easy task N=1000 total number of neighboring nodes= 101 N=
because after that she have to find the function which we are 2000 total number of neighboring nodes=201
using for generation of pair wise keys.
• By using this algorithm a node can be connected with IV. RESILENCE IN PROPOSED ALGROITHM
other sensor nodes with same function with different sets
• Ref[2] It is defined as the number of the secure links
of values and also different functions which improves
that are compromised after a certain number of nodes are
security threat and a challenging task for eavesdropper.
captured by adversaries. We need to find the additional
C. Number of keys using the above protocol communication among uncaptured nodes that an adversary
Ref[9]For dense sensor field (suppose there are aver- can compromise based on the information retrieved from
age k neighbors per node). Every sensor node has different captured nodes. Using Gilgor and Eschenaur scheme
functions which is grouped (m). N is the size of the probability of compromising the shared key between any
wireless network (i.e.) number of nodes. Each group has n two non captured notes.
= (N/m) keys to communicate with different neighboring P compromised = (1 - (1 - (q/N ))x ) (4)
nodes. Each sensor node is pre deployed with 15 functions Where q= total number of keys in network, N=total number
which is grouped in 3 parts .These 15 keys constitute number of nodes, x=number of compromised nodes.
of pair wise keys and log(n)group keys are there. • Case:1 If adversary did not get any information from
keys(q) = k + log(n) = k + log(N/m) (2) compromised nodes about non compromised nodes.
For example:- N=1000, m=3, k=15 Number of keys we can say that x=0. For N=1000 ,x=0
= 15+ log (1000/3)=15+2.52=17.52 P compromised = (1 - (1 - (q/N ))0) = 0.
For N=2000, m=3 k=15 Number of keys= 15+ log • Case2: if there are compromised nodes.
(2000/3)=15+2.82=17.82 For N=1000 assumed x=1 P compromised =
So by increasing the network size there is little increment (1 - (1 - ((15.72/1000))1)
of keys on the network. An additional group of function is =.0152 For x=4
deployed in every sensor nodes. these group consist of P compromised = (1 - (1 - (15.72/1000))4)
discontinuous functions like:f (x) = 1/(1-x2 ) which is =(1-.9385)
discontinuous at x=+-1these group are only used in the =.061
case attack on sensor nodes. After attack if these malicious • We can see that as the number of compromised nodes
sensor nodes is deployed in network then these special types are increasing probability of compromised is increasing.
of function is multiplied with any normal group of But keys is not only a sole criteria through which a
functions . And whole of the process is repeated for network will be compromised. It depends upon the
establishment of connection between that node and sink information which is retrieved through a particular node.
node (base station).after connection is established between In our scheme an attacker can get information only about
that malicious node and sink node then this node is free to the functions which are stored in that node. but the sets
connect with any node in that particular network. In that of values over any function still remains an area which is
situation the number of keys in particular node will be hard to crack. Because it is the values which is essential
increased such that. for pair wise generation of keys not functions.
© 2011 ACEEE 12
DOI: 01.IJNS.02.04.537
4. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
TABLE I. NODE TO NODE PAIR WISE KEY ESTABLISHMENT
A. Methods to improve resilience is also called individual key which is generated between sink
node and node. A new implementation is done with pair wise
Suppose a situation comes in which a node is captured.
After some modification that compromised node is again keys. Functions having point of discontinuity is
deployed in same environment. Then in that case it has to introduced with normal functions. We have grouped four
establish connection with sink node for further transmis- type of functions, in one group we will deploy functions
sion .without successful establishment of individual keys it like f (x) = 1/(1 -x2 ). which is discontinuous at x = + -
will not be able to perform its transmission with other (1).When a node want to set up individual keys with sink
neighboring nodes. Every node has a unique initialization node with the functions values it can also send values
vector(iv) or called id‘s .These id‘s are stored in the base
evaluated on this new type discontinuous function. it is
station. if any node is deployed after eavesdrop then it
has to send its id to base station checks that id with the done on the same way as previous one only a new step is
stored value , if it matches then it is able to function as introduced.
previously. Otherwise it will be discarded from the Ex:- suppose node (b) is captured after modifications it is
network and no transmission line is generated either with again deployed in network.
sink node or neighboring nodes. This method will not • Step 1: it has to connect with sink node before normal
increase the burden of sink node because nothing stored. functioning. It has to generate pair wise keys using the
This topic is more elaborated in next section. deployed functions with special type of discontinuous
functions.
B. Method to evaluate a malicious node in the network by • Step2 : it has to transmit computational time(Ctm ) and
sink node node(id‘s)(Nid ) with values which is calculated over
• Transmission between a node and sink node(base particular function say= f (x) = ex/(1 -x2).
station) is always a vital transmission in wireless sensor • Step3 : sink node computes the value to find the function
networks. Because all the information which is gathered is on which the value is calculated and it stores the
transmitted to sink node for further processing. so an computational time. It matches computational time with the
additional security is needed with above pair wise keys. It send values. If value matches then node is allowed from
© 2011 ACEEE 13
DOI: 01.IJNS.02.04. 537
5. ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
transmission otherwise it is discarded and that node(id) is VII. ACKNOWLEDGMENT
transmitted all over the network to all nodes. That particular
The author wants to thank Mr. Gaurav Srivastava, Mr.
node is not used for carrying data in future use.
Nishi Mani and Mr. Amit Kumar for there motivational
support throughout this paper.
V. ALGORITHM TO CHECK MALICIOUS NODE IN NETWORK
Suppose Nodeb is captured by an intruder and some REFERENCES
modifications is done. After that these are steps which
[1] ( Whitfield Diffie and Martin E. Hellman), New Directions
have to be followed by that malicious node before in Cryptography, year 1976
functioning as usual. [2] Laurent Eschenauer and Virgil D. Gligor,A key-management
1: N odeb has to set up pair wise key with sink node using scheme for distributed sensor networks, ACM Conference on
discontinuous function. Computer and Communications Security, (year 2002, pages
2: it has to send evaluated values on which computation is 41-47), {http : / / doi . acm . org / 10 . 1145 / 586110 . 586117} ,
done along with computational time and own nodeid DBLP , http : / / dblp . uni-trier . de
3: after receiving that value sink node will find that func- [3] Sencun Zhu and Shouhuai Xu and Sanjeev Setia and Sushil
tion on which evaluation is done. Jajodia, Establishing Pair wise Keys for Secure Communication
in Ad Hoc Networks: A Probabilistic Approach,
4: Sink node will evaluate same data set on same function
(year2003,pages326-335,http : / / csdl . computer . org / comp /
and calculate computation time. proceedings / icnp / 2003 / 2024 / 00 / 20240326abs . htm, bib-
5: Sink node will compare computational time which is source = DBLP, http://dblp.uni-trier.de
send by malicious node with the time which is calcu- lated [4] Perrig, Adrian and Szewczyk, Robert and Wen, Victor
by itself and Culler, David and Tygar, J. D.,SPINS: security
6: if computational time is correct then that node is al- protocols for sensor networks, MobiCom ’01:Proceedings
lowed to communicate with network. of the 7th annual international conference on Mo- bile
7: otherwise that particular nodei d is transmitted over computing and networking,year2001,pages = 189–199, http :
whole network and that node is discarded from normal / / doi . acm . org / 10 . 1145 / 381677 . 381696
[5] Chang-Won Park and Sung Jin Choi and Hee Yong Youn,A
functioning.
Noble Key Pre-distribution Scheme with LU Matrix for
8: End. Secure Wireless Sensor Networks, year2005,pages = 494-
499,http : / / dx . doi . org / 10 . 1007 / 11596981 _ 73,
VI. CONCLUSIONS [6] Adrian Perrig and Robert Szewczyk and Victor Wen and
David E. Culler and J. D. Tygar”, SPINS : security protocols
The proposed algorithm is suitable for all type of for sensor networks”, “Mobile Computing and Networking”,
network places. The randomness of functions make it pages
almost impossible for eavesdropper to predict which “189-199”,year”2001",
function is working and corresponding values which are [7] Lee J. and Stinson D.,” Deterministic key pre-
used in connection. values and function provide a two way distribution schemes for distributed
security. Because for a same function two sets of values sensor networks”, http :
are different from each other. After the node capture also / / www . cacr . math . uwaterloo . ca / dstinson / pubs . html, year
“2004”
node i d and computational time over particular
[8] Mary Mathews, Min Song, Sachin Shetty, Rick
discontinuous function make aware of malicious node to McKenzie Detecting Compromised Nodes in Wireless Sensor
entire network. The future work will revolve around to Networks Eighth ACIS International Conference on Software
decrease the time which is used for connection establishment Engineering, Artificial Intelligence, Networking, and Parallel/
and to minimize energy consumption. One technique is Distributed Computing
used when the nodes are only active when packets of data [9] Eric Ke Wang, Lucas C.K.Hui and S.M.Yiu A New Key
is arriving otherwise rest of time it is in sleep mode this will Establishment Scheme For Wireless Sensor Networks journal
save energy. “International Journal of Network Security and Its Applications
(IJNSA)”, Vol 1, No 2, July 2009
© 2011 ACEEE 14
DOI: 01.IJNS.02.04. 537