Security Support in In-Network Processing & analysis of key management in WSN
Security Support in In-Network
Processing in WSN
Introduction to Zigbee (IEEE 802.15.4)
These networks are Wireless Personal Area Networks (WPANs) that are deﬁned by a low data rate,
long battery life, and secure networking. Zigbee networks support automation and remote control.
Zigbee exist in mac & physical layer Qualnet (i.e. network sensor library, supporting Zigbee )
The following are capabilities included in the QualNet 4.5 Sensors Network Library:
• Generating network beacons if the deviceis a coordinator
• Synchronizing to the beacons
• Personal Area Network (PAN) association and disassociation
• Carrier Sense Multiple Access with Collision avoidance (CSMA-CA) for channel access
• Energy detection (ED) within the current channel
• Battery model and RF energy consumption model
• Link Quality Indication (LQI) for received packets
• Modulation schemes:
• O-QPSK with DSSS @ 2.4 GHZ, 868/915 MHz
• BPSK with DSSS @ 868/915 MHz
• PSSS with BPSK and ASK @ 868/915 MHz
Handling Security in In-Network Processing in WSN.
Benefits of In-Network Processing
1. Improved Scalability – reduction of data through aggregation
2. Prolonged Lifetime - less communication overhead due to aggregation.
3. Increased Versatility – easy dissemination of commands
Two types of In-Network Processing
1. upstream - aggregation of data send by nodes to aggregator & base station
2. downstream – disemination of commands from aggregator & base station to leaf nodes
Handling security issues such as DOS attacks, eavesdropping, tampering, physical compromise of nodes in both.
1. Secure Data Aggregation - authentication of reported data by aggregators send by nodes.
2. Secure Data Assemination - authentication of commands by nodes send by aggregators
1. dissemination of commands
2. aggregation of data
3. create & dissolve subgroups
3 issues in Delegating trust to Aggregators.
1. Nodes & aggregators should understand & identify their sensor group.
2. Aggregators can disseminate commands that are trusted by nodes
3. nodes can send trusted data to aggregators
Delegation of Authorization
It is a technique used by base station to delegate aggregators for a limited period of time.
Motive is to distinguish between commands originating from aggregators of particular sensor group &
Two mechanisms proposed
1. One-way hash chain
2. µtesla protocol
1. One-way hash chain (OHC).
It is generated by one-way hash function F which satisfies following properties:
(I) Given x it is easy to compute y such that y = F(x).
(II) Given y it is computationally infeasible to compute x.
an OHC is a sequence no. K0,K1,... Kn-1,Kn
for all j such that 0 < j < = n Kj-1 = F(Kj)
To delegate trust to aggregators, base station creates separate hash chains for each aggregator.
OHCi : Oim, Oim-1 ….. Oi0
for each sensor group SGi
Oim is send to the aggregator & Oi0 is send to every other node in the sensor group SGi.
Kth packet send by agi includes Oik. .& Fk(Oik) = Oi0 which is calculated by receiving node.
2. µtesla protocol
It is improvement over one-way hash chain. This protocol requires that the base station & nodes
are loosely time synchronized, & each node knows the upper limit of maximum synchronization error.
Sender of broadcast packets maintains a one-way hash chain .
(K0,K1,... Kn-1,Kn ) & each sensor node is configured with K0.
The base station broadcasts a list containing < SGi.,,agi, Oi0, ri> for each sensor group SGi to all the nodes in
In these protocols, if a aggregator is compromised, then it is confined to its own sub-group.
Lightweight Shared Secret Key Establishment
Privacy & secrecy of data transfer is maintained between nodes & aggregator by using a separate pairwise
secret key. It is called a subkey of sensor node. It can defend sybil attack.
Ks,r = G(Ks,r)
Ks,r = subkey
Ks = unique secret custom key which is preconfigured in sensor nodes & shared with base station only
r = random no.
Subkey is distributed in 3 step process:
1. Base Station chooses a random no. for each sensor group & creates subkey for each
node in that sub group. Then it broadcasts that random no. using utesla protocol.
2. Base Station sends encrypted unicast message to each aggregator that contains subkey
for all sensor nodes in the sensor group of that aggregator.
3. Aggregator sends a unicast message to each sensor nodes after which sensor node can
identify its sensor group.
Efficient secure broadcasts in a small group : Ripple Key
Ripple command dissemination is a method within a sensor group that doesn't rely on unicast messages, and
doesn't require time synchronization. SG is divided into layers called ripples. Ripples is defined as set of all
nodes that are at the same distance (no. of hops) from the ag. .
For each ripple a secret ripple key (Krj) is generated that is shared between ag & members of ripple.
To disseminate commands, ag sends a separate ripple message for each ripple in the group.
Assumption : distance of farthest node from ag is 5 hops or less.
1. No need of time synchronization among sensor nodes.
2. No unicast message to each node.
1. Ag sends same command multiple times for each ripple.
2. Subject to rushing attack
3. Too many layers makes the method inefficient.
Building A Secure Hierarchical WSN : An Integrated Solution
There are four rounds present in building secure hierarchical WSN.
Round 0 (Preparation)
The BS discovers the topology of the complete sensor network & perform some initial preparation Secure
Routing protocol such as INSENS. It provides following functionalities:
1. Discovering Topology of WSN
2. Building routing tables in the presence of attacks such as tampering with data, DOS etc
The BS configures hierarchical network by dividing it into sensor groups and choosing ag for each group.
Round 1 (Group Announcement)
BS uses delegation of authorization to mechanism to inform each node the identity of sensor groups such as
ag's id, initial sequence no., random no. to generate subkey by broadcasting message.
µtesla protocol protects authenticity & integrity of message.
After receiving message each node can verify that whether it is from BS or contents of the message is
tampered. At the end of round each node has the complete list of sensor groups in the WSN but still it
doesn't knows which group does it belongs to.
Round 2 (Trust Commitment)
The BS sends all information that an ag needs to build a secure sensor such as internal routing information,
one-way hash chain & the subkeys of member nodes.
At first for each sensor group BS generates subkey for each member node
BS then sends unicast message to the aggregator. This message includes
Topology contains all connectivity information among the nodes
ohc is one-way hash chain that the ag will use.
key_list is the entire key_list that BS creates for the nodes in that group.
Round 3 (Building each Sensor Group)
This round provides 4 piece of information to each node in a sensor group.
1. The sensor group it belongs to
2. Its forwarding table for sending & routing data
3. The pairwise shared key it shared with the ag
4. The ripple key of the ripple it belongs to
Since the ag has the sensor group topology information, it can compute paths & routing table for each
member node by using Breadth-First Search Algorithm.
To securely send this information to member nodes, ag sends two unicast message in breadth first manner.
1st message contains – <Oi1,agi,ri,MAC>
It tells the node its sensor group & subkey that it shares with ag.
2nd message contains - <fts,KRj>
ft is forwarding table of the node.
KR is ripple key of that node.
Now each sensor node can send its data securely to ag using its subkey Ks,r.
1. Network setup overhead
A WSN can be divided in level of hierarchies such as each top level hierarchy can be further divided into 2nd
level hierarchy & each 2nd level hierarchy can be divided into 3rd level hierarchy & so on.
The overall network overhead increases with the no. of levels & hence no. of sensor groups. Network
overhead increases in Round 1 & 2 & decreases in round 3 with increasing no. of levels.
The reason for increase in network overhead in round 1 is round 1 is repeated for each layer (µtesla
The reason for increase in network overhead in round 2 is increase in the no. of sensor groups as BS sends
unicast message to ag.s at level 1 then ag.s at level 2.
The reason for decrease in network overhead in round 3 is as the no. of sensor group increases the no. of
nodes in each SG decreases.
The overall network setup overhead is relatively small.
2. In-Network Processing Performance
By experiments it is concluded that in-network processing results in a significant reduction in the no. of
packets exchanged. While the overhead due to initial network setup results in more packets being exchanged
at first in multi-level hierarchy compared to no hierarchy
In-network processing consumes less network bandwidth after just a small no of sensor reports.
Another observation is that by increasing the no. of levels, the no. of packets exchanged decreases.
3. Aggregator Storage Requirement
An aggregator needs to store ripple keys,subkeys, one-way hash chain & topology information of its sensor
groups. Memory requirement for one-way hash chain is small as not all values is to be stored. All less no. of
ripples keys storage is required. But storage requirement of subkeys & topology increases with the size of
sensor group. By conducting experiments we conclude that storage requirement for storing shared pairwise
keys & topology information increases linearly with group size.
4. Aggregator Command dissemination
There are two mechanism aggregator can use to send command to all nodes
1 . µtesla
2 . Ripple Keys
These two approaches incur much less overhead than unicast approach. The ripple key approach
outperforms µtesla for small network size. Thus ripple key approach requires small no. of packets exchange
than µtesla. Also ripple key doesn't require time synchronization & suffer from delay key release. If group
size is large µtesla results in small no. of packet exchanged.
5. Resource requirements for cryptographic Algorithms.
One-way hash chain & Message Authentication Codes (MAC) can be generated using RC5 on berkeley
motes. Motes have 4Mhz processor with 128k flash memory, 4k RAM and RFM monolithics TR 1000 radio
at 19.2kbps. We use standard CBC mode to generate MAC.
Experiments shows that computation & memory requirement for cryptographic algorithms needed to build
WSN supporting in-network processing is fairly low. It can be easily supported by current sensor nodes such
as motes. cryptographic algorithms take about 2k flash memory & 264 bytes of RAM for data storage .
Analysis of Key Management in Wireless
WSNs come in two flavours: distributed networks and hierarchical networks. In a
hierarchical wireless sensor network (HWSN), three types of devices exist: a base station,
several cluster heads, and a multitude of sensor nodes. The sensor node can be considered
the “worker bees” of the network, whereby they diligently collect data representing various
characteristics of its surrounding atmosphere.
Pair-wise key management schemes:
All pair wise (Single master key):
The most trivial solution in terms of resource usage. All nodes are deployed with a
single master key. Problems: Since an adversary may capture a node and compromise
the key very easily, it has very low resilience. This scheme is not recommended for
much more than a test system.
All pair-wise (Distinct pair-wise keys):
Each node stores all possible pairs in the WSN. For a network of size N, Node Si stores
a unique pair-wise key for each one of N-1 sensor nodes in the WSN . However, not
all N-1 keys have to be stored in a nodes’ key-chain to have a adequate connectivity.
The storage burden is high for each sensor node but resilience is much better than
“single master key”.
Random pair-wise key scheme:
Each sensor node is given a random set of Np pair-wise keys. This gives a probability
p that two nodes can connect. “At key setup phase, each node identity is matched
with Np other randomly selected node IDs with probability p” . For each matched
pair of nodes a pair-wise key is generated. The key is then stored in both nodes’ key-
chain along with an ID of other node. 2Np units of memory are use in each node to
store the complete keychain. During the shared-key discovery phase, all nodes
broadcast their ID. As a result, each node sends and receives one message from the
other nodes within its radio range .
Closest pair-wise keys pre-distribution scheme:
In this scheme Location information is used to improve the key connectivity. Sensor
nodes are deployed in a two dimensional area similar to a grid. All sensors locations
are predicted by a setup server. Each sensor shares pair-wise keys with its c closest
neighbors. In the key setup each sensor node SA is given a unique key KA and a set
“c” of it’s closest neighbors SB1, . . . , SBc are selected. For each pair (SA, SBi), a pair-
wise key KA,Bi = PRF(KBi |IDA) is generated. All these pair-wise keys and Ids makeup
the keychain of SA, Node SBi only stores the key KBi and the PRF. Each sensor uses
2c+1 units of memory to store its key-chain . This scheme makes deployments
of new nodes easier, decreases memory usage, and has good key connectivity if
deployment errors are kept low.
ID based one-way function scheme (IOS):
This scheme is based on a connected r-regular graph G of the expected deployment.
The graph is composed of star-like sub graphs. The sub graphs are used to distributed
the pair-wise keys to the appropriate nodes. Each sensor node is the center of one
star-like graph and a leaf of r/2 star-like sub graphs. Each node uses r + 1 units of
memory to store keys and key IDs . Very good key resilience.
Multiple IOS is meant to improve the scalability of ID based one-way function scheme
(IOS). Every node in graph G corresponds to l nodes SA =SA1, . . . , SAl. Each sensor
node SAi stores a common key KA and a secret Hash(KB|IDAi). Every node SBj in the
class of node SB, can use common key KB to generate the secret Hash(KB|IDAi) for
node SAi . Memory usage decreases by a factor of l.
Broadcast session key negotiation protocol (BROSK):
A single master key is pre-deployed to all sensor nodes. Sensor node pairs (Si, Sj) then
exchange randomnonce values. The master key Km is used to establish session key
Ki,j = PRF(Km|RNi|RNj). Only one unit of memory is used (by each node) to store the
master key. If the master keyis compromised, then all links are compromised
therefore the scheme has very low resilience .
Protocols for Distributed Key Management in Clustered
Wireless Sensor Networks
Aim: To provide security to one-to-all and one-to-one communication
Rekey Interval, Periodic Rekeying , Rekeying with Cluster Dynamics:
The Rekey Interval can be defined as the period with which encryption key of a node
is changed to a new one. If the network topology does not change within the rekey
interval, the new key can be easily distributed to all the nodes by encrypting it with
the existing key. Each node decrypts the new key using the existing key and
designates the new key as its current key. This way of rekeying is called Periodic
Rekeying. If the network topology changes within the rekey interval due to joining of
new nodes or leaving of existing nodes, then the rekeying method applied at this
time is called Rekeying with Cluster Dynamics.
Key Management Protocols:
The aim of the key management protocols is to provide security to all the one-to-all
and one-to-one data communications. This requires formation of a network wide key
shared by all members of the network, pair-wise keys shared between every Cluster
Head and a cluster member and a Cluster key shared by all members of each cluster.
We assume that in a WSN there are one or more clusters. Each cluster is having a
Cluster Head decided by the HEED algorithm. The Cluster Head has a share a pair-
wise key with each of its cluster members.
Notations in the Key Management Protocols
Initial key distribution protocol
Initial cluster key distribution protocol:
Initial Network Key Distribute protocol: