Avinash Srinivasan,Feng Li,Jie Wu,Minglu Li

DOI: https://doi.org/10.1504/ijsn.2008.020730

2008-01-01

International Journal of Security and Networks

Abstract:Security has become the corner stone of research in Wireless Sensor Networks (WSNs). Watchdog-based-monitoring systems require pairwise-connectivity of group-members to avoid information asymmetry attacks. Existing group-key protocols in literature don't address this requirement. Although, pairwise-key protocols resolve this drawback, they are highly restrictive and impose substantial storage overhead. Additionally, messages encrypted with pairwise-keys render monitoring systems useless. In this paper, we propose CAGE – a novel, distributed, clique-based group-key protocol that strikes an optimal balance between pairwise-key and group-key protocols. We then present E-CAGE, an improvisation of CAGE that mitigates computation-time to achieve the same results as CAGE.

Fang Wangsheng,Zhang Tao,Chen Kang

DOI: https://doi.org/10.1109/ICCSE.2009.5228436

2009-01-01

Abstract:This paper proposes a new key management scheme for wireless sensor networks to reduce the memory and communication overhead, and improve the security capacity. Comparing with the typical key pre-distribution schemes, a new method of establishing keys is adopted, and is analyzed deeply in three important performance indexes. The theory of liner combination is applied to generate the keys using the random vectors in vector group. In order to validate such positive effects of the proposed scheme, simulations are performed on the software of Matlab7.1. The results of simulations demonstrate that the proposed scheme has better performances to improve the resilience to node capture of the networks and reduces the memory and communication overhead than that of key pre-distribution schemes.

Bo Yu,Haiguang Chen,Min Yang,Dilin Mao,Chuanshan Gao

DOI: https://doi.org/10.1007/11576235_76

2005-01-01

Abstract:The current wireless sensor network designs are largely based on a layered approach. The suboptimality and inflexibility of this paradigm result in poor performance, due to constraints of power, communication, and computational capabilities. Key management plays an important role in wireless sensor networks, because it not only takes charge of securing link-layer communications between nodes, but also has great effects on other protocol layers, e.g. routing and IDS (Intrusion Detection System). However, no existing key management protocols have attached enough importance to cross-layering designs. In this paper, we propose a cross-layering key management scheme, which can provide other protocol layers with a nice trust-level metric. The trust-level metric is generated during the pairwise key establishment phase, and it varies as system conditions change. This metric describes the security level between two neighboring nodes and helps other protocol layers to make decisions. We also present simulations and analysis to show the superior characteristics of our scheme against both passive attacks and active attacks.

Huifang Chen,Hiroshi Mineno,Yoshitsugu Obashi,Tomohiro Kokogawa,Tadanori Mizuno

DOI: https://doi.org/10.1007/978-3-540-72685-2_58

2007-01-01

Abstract:Confidentiality, integrity, and authentication services are critical to preventing an adversary from compromising the security of a Wireless Sensor Network (WSN). An essential component of any key-based security solution is managing the encryption keys to providing this protection. Hence, we propose a novel group key management scheme based on the key-chain tree mechanism for the clustered WSNs in this paper. In this scheme, the functions of key management are decoupled and distributed among multiple network elements of the clustered WSNs for providing compromise/failure resistance. This scheme also supports rekeying to enhance network security and survivability against the node capture. Analysis results show that the scheme does provide a secure encryption of the messages even if the revoked sensor nodes collude with each other or the cluster head is compromised.

Zhijie Jerry Shi,Bing Wang,Fan Zhang

DOI: https://doi.org/10.1142/9789812837318_0016

2010-01-01

Abstract:Because of limited resources at sensor nodes, sensor networks typically adopt symmetric-key algorithms to provide security functions such as protecting communications between nodes. In order to use symmetric-key algorithms, two nodes need to establish a secret session key first. In this chapter, we describe a novel chord-based key establishment (CBKE) protocol that allows any pair of nodes in a sensor network to establish a secret session key. CBKE is a generalized deterministic key establishment scheme that provides great flexibility for balancing memory overhead, reliability, and communication cost. We also analyze the properties of CBKE and explore the performance trade-os using simulation.

Dahai Xu,Jeffrey Dwoskin,Jianwei Huang,Tian Lan,Ruby Lee,Mung Chiang

DOI: https://doi.org/10.1007/978-3-642-14849-1_23

2011-01-01

Abstract:Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Supported by the surprisingly large successful attack probabilities (SAPs) computed in this chapter, we show that the probabilistic approaches have only limited performance advantages over deterministic ones. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [9], where any node capture happens after the establishment of all pair-wise links. In this scenario, we show that the deterministic approach can achieve a performance as good as the probabilistic one. In a mobile network scenario, however, the probabilistic key management as described in [9] can lead to a SAP of one order of magnitude larger than the one in a static network due to node fabrication attacks.The above analysis motivates us to propose two low-cost secure-architecture-based techniques to improve the security against such attacks. Our new architectures, specifically targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can significantly decrease the SAP and increase the security level of key management for mobile ad hoc networks.Finally, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, the REM resilience vector, to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any on-demand key establishment scheme. This bound that characterizes the optimal security performance analytically is shown to be tight, as we propose a REM-resilient key establishment scheme which achieves any vector within this bound. In addition, we develop a class of low-complexity key establishment schemes which achieve nearly optimal REM attack resilience.

Fan Wu,Hao-Ting Pai,Xinxin Zhu,Pei-Yun Hsueh

DOI: https://doi.org/10.1109/ecticon.2011.5947829

2011-01-01

Abstract:The concept of secure group communication (SGC) has recently appeared in the filed of wireless sensor networks (WSNs). To design a dynamic, efficient, and secure group access control scheme is one of the essential issues. Although several studies have made progress in terms of access control, their methods are inadequate for SGC-based WSNs. This paper proposes a dynamic access control scheme (DACS), which can fulfill the requirements of dynamic, efficiency, and security. Specifically, the DACS offers the following advantages. Every sensor node needs to compute hash computation only once and then can obtain the corresponding group access key, whether in the initialization or in the maintenance. In addition, the task manager (i.e., the administrator) can flexibly generate the secure filter function for every entity (i.e., the sensor nodes or other devices) to derive the corresponding group access key, regardless of whether the relation among entities is hierarchical or horizontal.

Wei-dong Qiu,Yao-wei Zhou,Bo Zhu,Yan-fei Zheng,Zheng Gong

DOI: https://doi.org/10.1007/s11771-013-1612-x

2013-01-01

Journal of Central South University

Abstract:The key exposure problem is a practical threat for many security applications. In wireless sensor networks （WSNs）, keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption （KIE）, we propose a group key management scheme （KIE-GKMS）, which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.

Liu Zhiyuan,Fu Yalong

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.09.249

2013-01-01

Abstract:For the distributed collaborative applications deployed in an open network environment,in some circumstances the users participating in the application may join or leave a group consisting of multi-user at any time,such dynamic nature of membership leads to higher requirements and challenges in security of group communication system for collaborative applications in distributed network environment. Based on identity cryptography mechanism and threshold cryptography,a new secure distributed group key management scheme is proposed. The presented scheme can strongly resist active attacks and the coalition attacks from malicious adversaries,and with the features of robustness and adaptiveness.

Jiming Chen,Qing Yu,Bo Chai,Youxian Sun,Yanfei Fan,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/tpds.2014.2307868

IF: 5.3

2015-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Multiple channels in Wireless Sensor Networks (WSNs) are often exploited to support parallel transmission and to reduce interference. However, the extra overhead posed by the multi-channel usage coordination dramatically challenges the energy-constrained WSNs. In this paper, we propose a Regret Matching based Channel Assignment algorithm (RMCA) to address this challenge, in which each sensor node updates its choice of channels according to the historical record of these channels' performance to reduce interference. The advantage of RMCA is that it is highly distributed and requires very limited information exchange among sensor nodes. It is proved that RMCA converges almost surely to the set of correlated equilibrium. Moreover, RMCA can adapt the channel assignment among sensor nodes to the time-variant flows and network topology. Simulations show that RMCA achieves better network performance in terms of both delivery ratio and packet latency than CONTROL [1], MMSN [2] and randomized CSMA. In addition, real hardware experiments are conducted to demonstrate that RMCA is easy to be implemented and performs better.

Huanzhao Wang,Dongwei Luo,Feifei Chen,Zengzhi Li

2006-01-01

Abstract:Sensor networks are characterized by strict resource limitations and large scalability. Many sensor network applications require secure communication, but establishing a shared key for communicating parties is very challenging. The low computational capability and small storage budget within sensor nodes render many popular public-key based key distribution and management mechanisms impractical, especially for clustered sensor networks. For address the issue of key management in clustered sensor networks, we propose a dynamic key management scheme based on key-pool in this paper. We first summarize the existing approaches of key management; in contrast with them, we introduce our scheme which consists of two phases: key distribution and key exchange. By our approach, the cluster heads and leaf nodes construct different size of key rings from the base station respectively, and the new elected cluster head will exchange keys with the old cluster head, which is called role exchange. Finally, a series of performance analysis to our scheme show that, in the clustered sensor networks, the sensor nodes save more memory resource and the entire networks shows great resilience against node capture; and an evaluation of traffic and energy consumption overhead in key exchange phase is also presented.

Vishal Choudhary,S. Taruna

DOI: https://doi.org/10.1007/978-981-13-3143-5_21

2018-11-28

Abstract:In sensor network where large group of nodes share the information, in such scenario it’s difficult to scale the application, in addition security in wireless sensor network often vary with purpose and context, but in broad-spectrum, security for wireless sensor networks should centered on the protection of the data itself and the network communications between the nodes. Privacy, reliability and validation are the most important data security concerns. Traditional cryptographic methods are not promising on resource limited sensor nodes. Node initiated key management is a novel idea where rather than base station or key distribution center initiate the security algorithm. We can give control to sensor nodes or cluster head for securing communicating nodes with in a sensor network. It is a non centralized key management method which is more robust than other methods. in this paper we proposed the proactive key management which guarantee efficiency, robustness, and dynamic clustering.

Fan Wu,Hao-Ting Pai,Xinxin Zhu,Pei-Yun Hsueh,Ya-Han Hu

DOI: https://doi.org/10.1016/j.tele.2012.03.011

IF: 9.14

2013-01-01

Telematics and Informatics

Abstract:Access control is a prime technology to prevent unauthorized access to private information, which is one of the essential issues appearing in secure group communication (SGC) of wireless sensor networks (WSNs). Many studies have made good progress on access control; however, their methods are inadequate to cope with this new issue for SGC-based WSNs since of their inflexibility, inefficiency, insecurity, or small-scale.This paper, based on cryptographic theory, develops a scheme to manage the group access key used in SGC-based WSNs. In comparison with previous studies, the proposed method provides two main advantages. First, regarding adaptability, the administrator can assign access privilege flexibly, regardless of whether the relation among entities is hierarchical, peer-to-peer or heterogeneous. Second, regarding scalability, when an entity joins or leaves such a WSN, the administrator can re-generate the secure filter function alone and then send it to the entities (i.e., sensor nodes or base stations). While receiving this new secure filter function, the existing entities merely need to compute hash computation once to obtain the updating group access key, despite operating in an incremental system with a large number of entities. (C) 2012 Published by Elsevier Ltd.

Mi Wen,Jingsheng Lei,Zhong Tang,Xiuxia Tian,Kefei Chen,Weidong Qiu

DOI: https://doi.org/10.1007/978-3-642-05250-7_44

2009-01-01

Abstract:As a result of the growing popularity of wireless sensor networks (WSNs), secure group communication becomes an important research issue for network security because of the popularity of group-oriented applications in WSNs, such as electronic monitoring and collaborative sensing. The secure group key agreement protocol design is crucial for achieving secure group communications. As we all know, most security technologies are currently deployed in wired networks and are not fully applicable to WSNs involving mobile nodes with limited capability. In 2008, we proposed a Blom's matrix based group key management protocol (BKM) with robust continuity for WSNs. Unfortunately, in this paper we present that the BKM has a security weakness in which participants cannot confirm that their contributions were actually involved in the group key establishment. This is an important property of group key agreement. Therefore, we propose a verified group key agreement protocol (V-BKA) for resource-constrained WSNs. We show that the proposed protocol produces contributory group key agreement. We demonstrate that the proposed protocol is a perfect key management protocol and is well suited for resource- constrained WSNs.

ZHU Yunge,SHI Jianjun,FAN Lei,LI Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.04.058

2006-01-01

Abstract:The paper proposes a group key agreement and management scheme for wireless Ad Hoc networks on the basis of the concept of CDS.The process of key agreement doesn’t demand any specific topology or previous shared information between nodes.The structure of key agreement can be maintained easily.Analysis shows that the scheme provides more reliable and quick communication,decrease the communication delay,produce better performance.And this scheme prevents the malicious attack raised by some dominators together.The scheme is suitable for Ad Hoc networks of any size.

Qingqi Pei,Lei Wang,Hao Yin,Liaojun Pang,Hong Tang

DOI: https://doi.org/10.1109/IAS.2009.309

2009-01-01

Abstract:Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. For cluster head node plays a pivotal role in this scheme, a trust management system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.

Pranav Agrawal,Joy Kuri

DOI: https://doi.org/10.48550/arXiv.0907.5438

2009-08-29

Abstract:Many basic key distribution schemes specifically tuned to wireless sensor networks have been proposed in the literature. Recently, several researchers have proposed schemes in which they have used group-based deployment models and assumed predeployment knowledge of the expected locations of nodes. They have shown that these schemes achieve better performance than the basic schemes, in terms of connectivity, resilience against node capture and storage requirements. But in many situations expected locations of nodes are not available. In this paper we propose a solution which uses the basic scheme, but does not use group-based deployment model and predeployment knowledge of the locations of nodes, and yet performs better than schemes which make the aforementioned assumptions. In our scheme, groups are formed after deployment of sensor nodes, on the basis of their physical locations, and the nodes sample keys from disjoint key pools. Compromise of a node affects secure links with other nodes that are part of its group only. Because of this reason, our scheme performs better than the basic schemes and the schemes using predeployment knowledge, in terms of connectivity, storage requirement, and security. Moreover, the post-deployment key generation process completes sooner than in schemes like LEAP+.

Cryptography and Security

Jiana Bi,Hui Wang,Yandong Sun,Yanzhao Liu,Zhenzhou Ji

DOI: https://doi.org/10.1007/s11767-009-0021-7

2009-01-01

Abstract:In this letter, a Function node-based Multiple Pairwise Keys Management (MPKMF) protocol for Wireless Sensor Networks (WSNs) is firstly designed, in which ordinary nodes and cluster head nodes are responsible for data collection and transmission, and function nodes are responsible for key management. There are more than one function nodes in the cluster consulting the key generation and other security decision-making. The function nodes are the second-class security center because of the characteristics of the distributed WSNs. Secondly, It is also described that the formation of function nodes and cluster heads under the control of the former, and five kinds of keys, i.e., individual key, pairwise keys, cluster key, management key, and group key. Finally, performance analysis and experiments show that, the protocol is superior in communication and energy consumption. The delay of establishing the cluster key meets the requirements, and a multiple pairwise key which adopts the coordinated security authentication scheme is provided.

Qing Yang,QiaoLiang Li,Xiaoming Wang,Naixue Xiong,Yi Pan

DOI: https://doi.org/10.1007/978-3-540-88582-5_45

2008-01-01

Abstract:The establishment of shared keys between communicating neighbor nodes in wireless sensor networks is a challenge due to resource-constrained sensor networks. Several key pre-distribution schemes have been proposed in literatures to establish pairwise keys between sensor nodes. However, many of them are either too complicated to fit for wireless sensor networks or insecure for some common aggressions. In this paper, we propose a random key management scheme based on random key pre-distribution for wireless sensor networks. To achieve better performance and security, the proposed scheme employs two different phases to establish enhanced pairwise keys between neighboring nodes. Compared with other existing random key pre-distribution schemes, our scheme has better resilience against node capture and also performs better in terms of network connectivity and scalability with appropriate memory, computation and communication overheads.

Dahai Xu,Jeffrey Dwoskin,Jianwei Huang,Tian Lan,Ruby Lee

2011-01-01

Abstract:Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Supported by the surprisingly large successful attack probabilities (SAPs) computed in this chapter, we show that the probabilistic approaches have only limited performance advantages over deterministic ones. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [9], where any node capture happens after the establishment of all pairwise links. In this scenario, we show that the deterministic approach can achieve a performance as good as the probabilistic one. In a mobile network scenario, however, the probabilistic key management as described in [9] can lead to a SAP of one order of magnitude larger than the one in a static network due to node fabrication attacks. The above analysis motivates us to propose two low-cost secure-architecture-based techniques to improve the security against such attacks. Our new architectures, specifically targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can significantly decrease the SAP and increase the security level of key management for mobile ad hoc networks. Finally, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, the REM resilience vector, to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any on-demand D. Xu (B) AT&T Labs Research, 180 Park Ave, Building 103, Florham Park, NJ 07932, USA e-mail: dahaixu@research.att.com The AT&T Labs Research, The work was done when Xu was in Princeton University. S. Nikoletseas, J.D.P. Rolim (eds.), Theoretical Aspects of Distributed Computing in Sensor Networks, Monographs in Theoretical Computer Science. An EATCS Series, DOI 10.1007/978-3-642-14849-1_23, C © Springer-Verlag Berlin Heidelberg 2011 741