Multiple Keys Based Scalable Security Mechanism For Wireless Sensor Networks

G.Sangeetha
Department of Computer Science and Engineering Kalasalingam University Srivilliputhur, India sange2711@gmail.com
AbstractSensor networks usually consists of a large no of autonomous devices called sensor nodes. Sensor networks have some real time applications like military application, healthcare and smart environments. The adversaries can make use of the weakness of wireless communication to capture the secret information. Here we propose a dynamic multiple keys based scalable security mechanism to provide the maximum secured transmission and key management along with re-keying support. To provide security we use encryption/decryption keys. They are used to maximize the battery life time of sensor nodes. To achieve energy efficiency in WSNs, we use clustering techniques. In order to achieve scalability of the sensed data it is necessary to have secret key shared between a node and a cluster head. So even the node is captured physically, the sensitive information cannot be retrieved. We use Rijndael algorithm for data encryption and one-way hash function for key generation. Our approach identifies replay attack, Dosattack and Sybil attack. Our simulation results shows that our security mechanism efficiently controls the various attacks with low resource requirements.

Wireless Sensor Networks (WSNs) application such as military application has mission-critical tasks and so it is clear that security requirement to be taken into account during the design time itself. Furthermore, most of the WSN should run continuously and reliably without any interruption. Hence incorporating security in wireless sensor networks is very challenging. Moreover, the wireless sensor network design and operation extremely differs from the traditional wireless network due to the major constraints in the sensor network. Survivability of a network can be defined in such a way that the network needs to satisfy its predefined operation in a timely manner even in the existence of attacks or due to natural disasters. It is also essential for the network to anticipate undesirable events and conditions and to take necessary action when challenges do occur [3]. WSN presents major issues while designing the security schemes due to the nature of large number of nodes and adhoc deployment. The most prominent issues are wireless medium, ad-hoc deployment, hostile environment, resource scarceness and large scaling. WSNs are vulnerable to various types of attacks that include jamming attack [4], eavesdropping, packet replay attack, modification or spoofing of packets, node replication attack, Sybil attack, flooding attack, wormhole attack, Routing protocols for I. OBJECTIVE AND MOTIVATION

Keywords-wireless sensor networks, security, re-keying, replay attack, Dos attack. I. INTRODUCTION Modern advancements in wireless technology have enabled the growth of packed in, low-power, multifunctional wireless sensor nodes that look smaller in size and can communicate in short distance even in un-tethered environment. Collections of these wireless sensor nodes form a dynamic, multihop, routing network connecting each sensor node to more powerful traditional networks and processing resources. In the battlefield surveillance application, sensor nodes could monitor vehicular passage, tracking the position of the enemy or even safeguard the equipment of the side deploying sensors. Sensor Node consists of both volatile and nonvolatile memory the static information such as program, node ID, routing table and security related data can be stored. Due to the improvements in the hardware technology, the physical size of memory is reduced by increasing the capacity of the memory.

Our main objective is to i) Propose scalable security scheme.ii) Maximize the network lifetime.iii) Resource efficient key management. In wireless sensor networks, if new nodes are added in the network means traffic increases and that result in best throughput and high packet loss. In order to overcome this, the nodes in the networks are grouped into clusters to achieve scalability in sensor networks. If the same cluster heads will be used for overall the communication means each Cluster Head (CH) node can easily become bottleneck and each experiences unbalanced energy consumption. So the network may be depleting quickly. So the cluster heads will be changed during the transmission.

Key management is considered as the core of secure communication. In wireless sensor networks, during key management, the same keys will be used all the time means the intruders can easily compromise the networks. So we are using multiple keys based mechanism for secure communication. II. RELATED WORK AND BACKGROUND

preset in each sensor nodes. They are using a one-way hash function for generating the new key. Laurent Eschenauer and Virgil D. Gligor [11] have presented a key-management scheme for distributed sensor networks. Their scheme is designed in such a way to satisfy both operational and security requirements. This scheme selectively revokes and distributes the keys and also does the node re-keying process without any significant computation and communication overhead. A node called as trusted controller node which has long communication capability is used for key revocation. The key distribution in this scheme consists of key pre-distribution, shared-key discovery and path establishment. In their scheme, if a node is affected due to link failure, the affected node(s) needs to reconfigure the link by restarting the share-key discovery. Re-keying occurs if the lifetime of a shared key between any two nodes expires. B. Security Architectures Kalpana Sharma et. al. [13] introduced Intelligent Security Agent architecture to assess the level of security and cross layer interaction. It uses trust framework which consists of 11 parameters to compute trust level of all its neighbors. It requires more amount of memory to maintain these parameters. They have given an analysis on energy consumption for three types of applications. They have made an assumption that their trust-framework uses Time Division Multiplexing scheduling for communication within a group. But in the Military application, the sensor nodes have to be alert all over the time. So TDM scheduling cannot be applicable for this kind of application. Kui Ren et. al. [17] proposed an location-aware-end-toend security framework which is robust against DoS attack. It uses efficient en-route false data filtering scheme in order to identify the false data injection attack. This framework uses the preloaded master key along with its cells location to generate the cell key by hash operation. The major drawback in LEDS is its increased resource consumption due to 1) hopby-hop authentication, 2) hop-by-hop decryption, processing and encryption. To deliver an event to the sink, it broadcasts the event message that leads to consume more amount of energy. The number of keys maintained in every node depends upon the number of endorsements T. Hence the key storage overhead is directly proportional to T. II. PROPOSED FRAMEWORK

In order to achieve scalability in our proposed mechanism we used a new cluster header selection mechanism together with a new cluster formation scheme called Self Incentive and Semi-Reclustering schema. With this scheme, each sensor node within a cluster evaluates its relative energy consumption compared to other nodes in a same cluster. Based upon the relative amount of energy consumption in the current round, sensor nodes autonomously select a time frame where they will act as a cluster header in that next round. In addition, they are conditionally allowed to switch their cluster header depending on the signal strength from their current cluster header. Simulation results show the proposed scheme increases the network lifetime and provides a wellcluster compared to previously proposed schema. To elect the cluster head we are using the 2 phase algorithm called SISR. First one is setup phase, it is the initial phase it has some sequence of actions required to elect the cluster head itself. Second phase is steady phase initially it is operated with multiple rounds each having multiple frames equal to the number of sensor nodes in the clusters. A. Key Management One of the points to be noticed is that no key distribution scheme is ideal to all kind of sensor network applications [8]. Pietro et al., [9] proposed a protocol called KeEs which is composed of a key generation and a key distribution/ synchronization phases. During the key generation phase, a key is involuntarily generated by every sensor node in the network in a time-triggered approach. It does not depend upon any routing layer for key generation. The KeEs protocol considered the major security key establishment protocol properties such as session key secrecy, forward secrecy and backward secrecy. Since the authors assumed the possibility of chosen plain text attack, they have employed periodic rekeying in order to reduce the cipher text availability to the adversaries. Chin-Ling Chen and Cheng-Ta Li [10] have proposed a dynamic key management mechanism for wireless sensor networks. In the key generation protocol, instead of communicating the secret key(s) among the sensor nodes, the keys that are required in the next round are generated dynamically using the previous two keys that are already

In this section, we present the overall details of our multiple keys based security mechanism. The proposed security mechanism ensures the following security properties: Backward secrecy: Even if an adversary recovered an adjacent subset of keys, it is impossible to recover the previous keys [9].

Privacy: Even the node is physically captured by an adversary; the secret information in the nodes memory cannot be retrieved. Data Integrity: Data Integrity ensures that the data during transmission over the network is not modified by an adversary. Secure Management: Our mechanism provide secure protocols for key generation as well as for re-keying which is very much necessary in defending against cryptography attacks [5]. In the proposed security mechanism, we have planned to use three types of keys and among these 3 keys, two types of keys DK and RK can be generated by the nodes itself and the other one SK have to be embedded in the source code before the deployment of every sensor node. The cryptographic information such as cryptographic algorithm, cryptographic keys and the parameters that are used to generate the keys are to be protected by tamper evident-coatings or seals [18]. In particular, for military applications, the sensor nodes should be protected by anti-tamper mechanisms in order to protect the crypto material from any third party even if the node is captured physically [19]. The Base Station has to generate two types of parameters for every group of nodes to generate two types of keys: 1. Secure Data Encryption keys and 2. Re-keying keys These keys are generated and maintained in its local memory by securing the same using the secret key. Even the node is physically captured, the keys cannot be obtained. Anyway it increases little amount of overhead to the nodes, but it ensures privacy. SECURE DATA ENCRYPTION KEYS In the proposed security mechanism, every node in the network has to transmit the data to the base station in encrypted. We have chosen the rijindeal algorithm for encryption because the memory requirement is very less and encryption/decryption and key setup efficiency is also good and the overall performance is high. The base station requires a key to decrypt the data that is transmitted by the node. Sharing a single secret key among all the nodes is vulnerable to attack. Instead every node can have different pair-wise keys is much more secure, but this solution occupies unnecessary storage space on a sensor node [21]. So, in our proposed security mechanism, every node maintains nine keys that are used for encrypting the data before transmission. To have variations in having the keys, we have used grouping of nodes for maintaining different set of keys. In a group, all the nodes maintain same set of keys, but every node uses different key for different communications with the base station. Also the keys are not pre-distributed; instead the nodes are pre-distributed with a pair of parameters that are used to generate the keys [10]. NODE DEPLOYEMENT

Before a node is deployed, a static Secret Key (SK) has to be embedded in the source code and convert the same to its executable (.exe) format and loaded. This key will be used to maintain the secret information such as Data Encryption keys, Re-keying keys and other security information in its nonvolatile memory. Then every node is pre-distributed with 2 pairs of parameters, say (ki, ki-1) and (ri, ri-1). These pairs are used for generating Data Encryption keys and Re-keying keys using one way hash function Binary Hashing Method (BHM) [22]. These pre-distributed parameters were encrypted using SK and stored in the nodes memory while deployment. Also the details about these parameters for every node are maintained in the Base Station. After deployment, the node uses the parameters ki and ki-1 to dynamically generate nine keys which can be used for data encryption and decryption. After generating the keys, the parameters ki and ki-1 were deleted. Now the nine keys were encrypted separately using SK and stored in the nodes memory. The nine keys are generated as: DK1 = h(ki, ki-1) DK3= h(DK2, DK1) DK5= h(DK4, DK3) DK7= h(DK6, DK5) DK9= h(DK8, DK7) DK2= h(DK1, ki) DK4= h(DK3, DK2) DK6= h(DK5, DK4) DK8= h(DK7, DK6)

The parameters ri and ri-1 will be used later while generating a key for re-keying. RE-KEYING In our proposed mechanism, re-keying is initiated by the sensor node only if any five of its keys are invalidated (compromised) or the lifetime of the keys was expired. The lifetime of the key can be calculated using the counter value rc of every node. If rc reaches a maximum value (can be different for every application), re-keying can be invoked. The only overhead in the re-keying mechanism is that once any one sensor nodes keys have been re-keyed, all the other nodes in the same group have to be re-keyed. The re-keying keys are generated dynamically as and when needed, but not frequently. Once all the sensor nodes are ready to deploy in the field, we will present two parameters, such as ri and ri-1. A new key will be generated by one-way hash function, for which the key will be used to communicate with the Base Station. This (ri, ri-1) pair is different for every nodes. Like the Data Encryption keys, the consecutive rekeying keys will also be generated using the previous keys.
IV.CONCLUSION AND FUTURE WORK

Thus we used the SISR mechanism [22] for electing the cluster heads and reclustering technique. In this paper we presented the key management and security part that can

detect various attacks in the network. This mechanism uses one-way hash function to dynamically generate the keys that avoid transmission of key during runtime. In order to minimize the memory overhead, we have introduced grouping among nodes in the network that maintains different sets of keys. We present our mechanism by analyzing the parameters such as memory utilization, network availability, packet delivery ratio and energy consumption for the attack models such as replay attack, DoS attack and Sybil attack, used in military applications. In our proposed mechanism, scalability can be still increased by introducing the clustering concept. So that the cluster head itself can identify the attackers and the transmission of attacker generated packets to the base station over the network can be reduced. REFERENCES
[1] Seema Ajay Agarkar, Kulat, K. D., Kshirsagar, R. V. (December 2010). WSN based Low Cost and Low Power EPM Design and Field MicroClimate Analysis using Recent Embedded Controllers. International Journal of Computer Applications, Vol. 12 (6), 12 22. Mohamed Hefeeda and Majid Bagheri. (2009). Forest Fire Modeling and Early Detection using Wireless Sensor Networks. Ad Hoc & Sensor Wireless Networks, Vol. 7, 169224. Sterbenz, J. P. G., Hutchison, D., Egemen K. Cetinkaya, Jabbar, A, Justin P. Rohrer, Scholler,M., Smith, P. (March 2010). Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Computer Networks. Incheol Shin, Yilin Shen, Ying Xuan, My T. Thai and Taieb Znati. (2010). A novel approach against reactive jamming attack. Ad hoc & Sensor Wireless Networks, Vol. 0, 1-25. Chen, X., Makki, K., Yen, K., Pissinou, N. (2009). Sensor network security: a survey. IEEE Communications Surveys & Tutorials, Vol. 11(2), 52-73 Shivangi, R., Amar, P., Kishore Babu, P., Prateek, S., Ashish, S. and Shveta, S. (2010). Wireless sensor networks: A Survey of Intrusions and their Explored Remedies. International Journal of Engineering Science and Technology, Vol. 2(5), 962-969. Du, X. and Chen, H. H. (2008). Security in Wireless Sensor Networks. IEEE Wireless Communications Magazine, Vol. 15, Issue 4, 60-66. Xiao, Y., Rayi, V. K, Sun, B., Du, X., Hu, F., Galloway, M. (2007). A survey of key management schemes in wireless sensor networks. Computer Communications, Vol. 30, 2314 2341. Di Pietro, R., Mancini, L. V. and Jajodia, S. (2003). Providing secrecy in key management protocols for large wireless sensors networks. Journal of AdHoc Networks, Vol. 1(4), 455-468. Chen, C. L. and Li, C. T. (2008). Dynamic Session-Key Generation for Wireless Sensor Networks. EURASIP Journal on Wireless Communications and Networking, Vol. 2008. Eschenauer, L. and Gligor, V. D. (November 2002). A key-management scheme for distributed sensor networks. 9th ACM conference on Computer and communications security, Washington, DC, USA. 4147. Li, T., Wu, H., Wang, X. and Bao,. F. (2005). SenSec: Sensor Security Framework for TinyOS. Second International Workshop on Networked Sensing Systems, San Diego, USA. 145-150. Sharma, K., Ghose, M. K. (2009). Complete Security Framework for Wireless Sensor Networks. International Journal of Computer Science and Information Security (IJCSIS), Vol. 3(1). Perrig, A., Szewczyk, R, Wen, V, Culler, D and Tygar, J. D. (2001). SPINS: Security protocols for sensor networks. 7th Annual International Conference on Mobile Computing and Networking (MobiCom 01), ACM Press, 189-199. Karlof. C., Sastry. N. and Wagner. D. (2004). Tinysec: a link layer security architecture for wireless sensor networks. 2nd International

[16]

[17]

[18] [19]

[20]

[21]

[22]

[2]

Conference on Embedded Networked Sensor Systems, ACM Press, 162-175 Malan, D., Welsh, M., Smith, M. D. (October 2004). A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. 1st IEEE International Conference Communications and Networks (SECON), Santa Clara, CA. Ren, K, Lou, W. and Zhang, Y. (2008). LEDS: Providing location-aware end-to-end data security in wireless sensor networks. IEEE Transaction on Mobile Computing, Vol. 7 (5), 585598. Security Requirements for Cryptographic Modules. (January 1994). Fips Pub. 140-1. National Institute of Standard and Technology. Winkler, M., Tuchs, K.-D., Hughes, K., and Barclay, G. (2008). Theoretical and practical aspects of military wireless sensor networks. Journal of Telecommunications and Information Technology, Vol. 2, 3745. Law, Y. W., Doumen, J and Hartel, P. (2006). Survey and benchmark of block ciphers for wireless sensor networks. ACM Transactions on Sensor Networks, Vol. 2(1), 6593. Wang, E. K., Ye, Y. (2010). An Efficient and Secure Key Establishment Scheme for Wireless Sensor Network. Third International Symposium on Intelligent Information Technology and Security Informatics (IITSI), 2010. 511 516 JinsukBaek,Member,IEEE,Sun Kyong an, and Paul Fisher,Dynamic Cluster header selection and conditional re-clustering for wireless sensor networks,in. 2010 IEEE.

[3]

[4]

[5]

[6]

[7] [8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]