Heterogeneous Wireless Sensor Networks (HWSN) Management

A Key Management & Establishment Scheme in Heterogeneous Wireless Sensor Networks (HWSN)

• Premamayudu B, Venkata rao K, and Suresh Varma P

Abstract: Key management is the one of the fundamental requirement for securing the hierarchical wireless sensor networks (HWSN) and also prevents adversarial activities. This paper presents a new pairwise key management scheme using matrix for HWSNs. In HWSN, cluster headers are more powerful than cluster members in all the resources like power, storage, communication and processing data. This heterogeneity alleviates the overhead of cluster members during the key establishment. All the expensive computations can be given to cluster headers in the network. Compared with other popular key management schemes, our scheme has many advantages in consuming the resources. The experiment and analysis show that our scheme can maintain the full network connectivity, easy configuration management, neighbor cluster members directly establish pairwise keys during the communication and reduce storage overhead.

Keywords: Pairwise key, Symmetric matrix, Heterogeneous Wireless Sensor Networks, Key establishment.

1. Introduction

A wireless sensor networks build with a large number of sensors, which are equipped with batteries, sensing, communication unit, data processing and radio communication unit. At present any real time applications implementing on wireless sensor networks, like home automation, environment monitoring, military or security areas, targeting and target tracking systems, agriculture monitoring system and battlefield surveillance. However all the applications need protection in all the level of the sensor network. The wireless connectivity, the interaction among the sensor nodes, data gathering and query processing and physical protection. If the sensors are equipped with built-in tamper-resistance mechanisms, the memory chips are still suffering from various memory read-out vulnerabilities [1].

Key management is the mechanism to provide the security in all the levels of the wireless sensor networks. Since sensor nodes in WSNs have constrains in their computational power and memory capability and security. The solutions of traditional networks like computer networks, ad hoc networks, and wired networks are not suitable for WSNs. The goal of key management in WSNs is to solve the problem of creating, distributing and protecting those secret keys. Hence, the feasible and reliable techniques for key management and distribution of these keys are of major importance for the security in WSNs.

The trusted server scheme [9] is not suitable for sensor networks because there is no trusted infrastructure in sensor networks. The self-enforcing scheme [10] is also not suitable due to the limited computation and energy resources of sensor nodes often make it undesirable to use public key algorithms, such as Diffie-Hellman key agreement. The third type of key agreement scheme is key pre-distribution. There exist a number of key predistribution schemes which do not depend on a priori deployment knowledge. A naive solution is to let all the nodes carry a master secret key. This scheme does not exhibit desirable network resilience: if one node is compromised, the security of the entire sensor network will be compromised. Another key pre-distribution scheme is to let each sensor carry N − 1 secret pairwise keys [3], each of which is known only to this sensor and one of the other N − 1 sensors (assuming N is the total number of sensors). The resilience of this scheme is perfect. But this scheme is impractical for sensors with an extremely limited amount of memory because N could be large. Moreover, adding new nodes to a pre-existing sensor network is difficult because the existing nodes do not have the new nodes’ keys. Eschenauer and Gligor [7], proposed a random key pre-distribution scheme each sensor node receives a random subset of keys from a large key space pool, to agree on a key for communication, two nodes find one common (shared) key within their subsets and use that key as their shared secret key. The problem with this scheme is that when we pick a large key pool, the connectivity of the sensor networks becomes low. In this paper, we will pick pairwise key pre-distribution scheme as the basic scheme and develop this scheme on the deployment model and show that knowledge regarding the sensor deployment can help us improve the performance of a pairwise key predistribution scheme.

2. Related Work

The fundamental work is introduced by Blom, who proposed a KPS allowing any pair of nodes to establish pairwise key directly [12]. The set of keys generated from A.G in Blom’s Scheme as a key-space, Du et al.[13] improved Blom’s scheme using Vandermonde matrix G, and employing multiple key-space KPS.

Nodes may be deployed following a pre-defined method in certain situations. In nodes deployment using pairplane [14], for example, sensors nodes are partitioned into a sequence of groups and dropped out of the pairplane sequentially as the airplane flies forward. It is easy to see that sensor groups that are dropped next to each other have a better chance to be close to each other after deployment. By exploiting deployment knowledge in such situations, Du et al. [14] extended Eschenauer-Gligor’s scheme and proposed a key management scheme. Du et al. further extended the scheme in [13] and proposed a new KPS using deployment knowledge [15]. Other relevant works include Eschenauer and Gligor’s random KPS [10], Chan et al.’s q-composite random KPS [11], etc.

3. Our Key Establishment Scheme in HWSNs

3.1. Network Model:

There are three types of nodes in our key establishment scheme, namely Base Station (BS), Cluster Header (H-Sensor) and Cluster Member (L-Sensor). Base Station operated completely in secured environment. In the case of H-Sensor and L-Sensor are not operated in the secure area. If the sensor nodes are captured by adversaries, whole material can be accessible. We adopt the maximum energy cluster head (MECH) protocol for our network architecture [1]. As shown in Figure 1, in the MECH architecture, the sensors automatically organized into some clusters and act as two types of nodes in the network: cluster heads and cluster member nodes. In each cluster, one node as a H (H-Sensor) manages the it’s associated cluster and forward the information from member nodes to the base station (BS). MECH constructs clusters according to the radio signal range and the number of cluster nodes. The nodes distribution is more equally in all the clusters in the network. This distribution does not exceed a certain threshold.

BS: Base Station

H: Cluster Head

L: Cluster Member

Figure 1: Architecture of heterogeneous Sensor Networks

3.2. Assumptions

(i) All nodes are static

(ii) Each sensor has unique ID assigned by Base Station

(iii) If a sensor is compromised, whole material in the node is accessible

(iv)The Base Station can communicate with Cluster Heads

3.3. Basic Scheme

Our scheme is completely variant form the Blom’s Scheme [12]. This scheme is completely modified in the way of usage and generating matrices.

3.3.1. System Setup

There are N sensor nodes to be deployed in the network including Cluster Heads and Base Station, and λ be the security parameter.

1. Base Station selects N distinct key seeds s₁,s₂,…..,s_N from the Finite Field GF_q, where q is the prime number. Every seed s_i mapped with a identifier id_i.
2. Base Station generates a secret (λ+1)×N matrix G

G is a secret matrix in our scheme. It is compressed with selected seed from the Finite Field GF_q.

3.3.2. Key pre-distribution

(i) Base Station generates the secret symmetric matrix (λ+1)×(λ+1) form GF_q, and Computes the public matrix A=(D.G)­­^T.

(ii) Base Station pre loads each key seed s_i and its identifier id_i to the i^th sensor node including Cluster Heads and also stores i^th row from the matrix A.

3.3.3. Pairwise Key Establishment

After deployment, each sensor node broadcast its key seed identifier id_i to its neighbors. Any two neighbor nodes can establish pairwise keys directly. Let the i^th node and the j^th node want to establish a pairwise key to secure the communication channel.

1. Calculation at i^th node:

The i^th column of matrix G using its key seed sⁱ: (s_i,s_i²,…….,s_i^λ+1)

And (a_j1,a_j2,…..,a_j(λ+1)) be the j^th row of the matrix A, which loaded before deployment by BS.

The i^th node calculates the pairwise key with j^th node denoted as k_ji.

k_ij=(a_j1,a_j2,…..,a_j(λ+1)). (s_i,s_i²,…….,s_i^λ+1)

k_ij=

2. Calculation at j^th node:

The j^th sensor node calculate the j^th column of matrix G using its key seed s_j:

(s_j,s_j²,s_j³,…..,s_j^λ+1)

And (a_i1,a_i2,…..,a_i(λ+1)) be the i^th row of matrix A, loaded by the BS.

The j^th node calculate the pairwise key k_ij as

k_ij=

It remains to show that k_ij=k_ij, because the matrix k=A.G is a symmetric matrix. i.e k_ij calculated by the cluster member i is same as k_ij calculated by cluster member j.

The same process is applied for cluster heads to establish pairwise key between them to establish secure communication.

4. Implementation

4.1. Setup Phase

Let the number of nodes in the network be 6(N=6), Secure Property λ=3, prime number q=29 and 6 distinct key seeds {5, 8, 15, 4, 2, 17}

4.2. Key pre-distribution

Secret Symmetric matrix (D), Secretly stored in the Base Station (BS).

A=(D.G)^T mod 29

A=

Once Matrix A is calculated, Base Station pre loads key seed and a row from the matrix A into sensor node based on its identifier. The rows of matrix A represent the private keys of each node.

4.3. Key Generation

Suppose consider two nodes, node 1 and node 5 wish to communicate with each other. Then node 1 and 4 need to calculate the shared secret key(pairwise key). In order to calculate the pairwise key, node 1 will multiply the assigned row A₍₁₎ which is from A and column G₍₄₎ which is calculated from the seed key value of node 4. The seed key values is broadcasted each other during shared key generation. Similarly node 4 multiplies its row A₍₄₎ with the seed key value of node 1.

K_1,4=2596 mod 29 =15

K_4,1=156905 mod 29=15

It is observed that both nodes generate a common key and further communication between them will make use of the pairwise key. The matrix K represents as shown below has the symmetric nature, because of the matrix D. Hence any pair of nodes can have the common key such that K_i,j=K_j,i.

K=(A.G) mod 29

5. Analysis

5.1. Local Connectivity

Local connectivity addresses the size of key space between any neighbors. In our scheme, any pair of nodes can directly establish the shared key, under assumptions noted in the proposed scheme. Our scheme local connectivity is 1.

5.2. Resilience against node capture attacks

Our scheme is providing λ-security property to the network. If more than λ nodes are compromised then only it is possible to calculate the keys of others, which means that to find the k symmetric matrix. Even λ-1 nodes compromised, it not possible to predicate the other node key seed values. Our scheme achieves a high level of resilience against node capture attacks.

5.3. Computation Complexity

Our scheme needs 2λ+1 multiplication operations in the field of GF_q: λ multiplications to calculate a column of G matrix with given key seed and λ+1 multiplication to calculate the inner product of corresponding row-column pairs. Pairwise key establishment between neighbor nodes requires 2λ+1 multiplication operations. If the λ value is large to protect the network, it increases the computational complexity. We have made analysis between our scheme and Blom’s scheme on the computations complexity. From Fig. 2 we can see computations effort for 6 nodes under different Finite Field (FG_q) ranging from 0-50, 0-100, 0-150, 0-200, 0-250, 0-300, 0-350. The analysis carried out with the network size of 6 nodes and security property (λ) 3.

Figure 2. Computational Complexity for a Network with 6 nodes

5.4. Communication Complexity

In pairwise key establishment phase, sensor nodes need to broadcast a key seed identifier id_i. All the materials required to generate pairwise key are loaded in the sensor node before deployment. But other key establishment schemes should perform other phases to generate a shared key between neighbors like path key establishment, rekeying, and broadcasting row values from the public matrix A. It leads to more communication overhead. But in case of our scheme has very low communication overhead. Compare to space complexity, our scheme consuming little more space than other schemes [5,6]. The space complexity depends on the value of λ, if the λ value is reasonably small, then space complexity is very similar to the other schemes.

6. Conclusion This paper presents the new pairwise key establishment scheme for heterogeneous wireless sensor network using the symmetric propriety of matrices. Our scheme achieves very light communication and computation complexity. The nature of heterogeneity made reasonable results in the analysis. In addition that, our scheme is updatable, scalable and secure against node capture attacks.

References:

[1] I. F. Akyildiz,W. Su, Y. Sankarasubramaniam, and E. Cayirci, 2002 ,“A survey on sensor networks,” IEEE Communications Magazine, vol. 40, no. 8, pp. 102–114,.

[2] R. Blom, 1985, “An optimal class of symmetric key generation systems”, Advances in Cryptology, ser. Lecture Notes in Computer Science, T. Beth, N. Cot, and I. Ingemarsson, Eds. Springer Berlin / Heidelberg, vol. 209, pp. 335–338.

[3] Wenliang Du et al., 2003, “A pairwise key pre-distribution scheme for wireless sensor networks”, ACM transactions.

[4] B. Premamayudu, K. Venkata Rao, P. Suresh Verma, 2014, “A Novel pairwise Key Establishment and Management in Hierardical Wireless Sensor Networks (HESN) using matrix”, CT and Critical Infrastructure: Proceedings of the 48th Annual Convention of Computer Society of India- Vol I Advances in Intelligent Systems and Computing, Volume 248, pp. 425-432.

[5] D. Liu, P. Ning, and R. Li., 2005, “Establishing pairwise keys in distributed sensor networks”, ACM Trans. Inf Syst. Secur., vol. 8, pp. 41-77.

[6] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D., 2002, “Tygar. Spins: Security protocols for sensor networks”, Wireless Networks Journal (WINE).

[7] L. Eschenauer and V. D. Gligor, 2002, “A key-management scheme for distributed sensor networks”, in Proceedings of the 9th ACM conference on Computer and communications security.

[8] R. Blom, An Optimal Class Of Symmetric Key Generation Systems. Ericsson Radio Systems, Stockholm, Sweden.

[9] B. C. Neuman and T. Tso, 1994, “Kerberos: An authentication service for computer networks”, IEEE Communications, vol. 32, no. 9, pp.33-38.

[10] W. Diffie and M. E. Helllman, 1976, “New directions in cryptography”, IEEE Transactions on Information Theory, vol. 22, pp. 644-654.

[11] H. Chan, A. Perrig, and D. X. Song, 2003, “Random key predistribution schemes for sensor networks,” in IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 197–213.

[12] R. Blom, 1985, “An optimal class of symmetric key generation systems,” in Advances in Cryptology, ser. Lecture Notes in Computer Science, T. Beth, N. Cot, and I. Ingemarsson, Eds. Springer Berlin /Heidelberg, vol. 209, pp. 335–338.

[13] W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili, 2005, “A pairwise key predistribution scheme for wireless sensor networks,” ACM Trans. Inf. Syst. Secur., vol. 8, no. 2, pp. 228–258.

[14] W. Du, J. Deng, Y. S. Han, S. Chen, and P. K. Varshney, 2004, “A key management scheme for wireless sensor networks using deployment knowledge,” in INFOCOM, pp. 586–597.

[15] W. Du, J. Deng, Y. S. Han, and P. K. Varshney, , 2006, “A key predistribution scheme for sensor networks using deployment knowledge,” IEEE Trans. Dependable Sec. Comput., vol. 3, no. 1, pp. 62–77.