Jang-Ping Sheu,Jui-Che Cheng

DOI: https://doi.org/10.1016/j.comcom.2007.04.021

IF: 5.047

2007-01-01

Computer Communications

Abstract:When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.

WANG Qiuhua,CHEN Huifang,XIE Lei,WANG Kuang

DOI: https://doi.org/10.3724/SP.J.1219.2010.00268

2011-01-01

Information and Control

Abstract:In the path-key establishment phase of existing pre-distribution key management schemes,there are many problems,such as long path-key establishment path,high communication overhead,and low secure network connectivity growth rate.In order to resolve these problems,an enhanced scheme for establishing the path-key is proposed.In path-key set up phase,the proposed scheme makes full use of the pre-distributed keys in the securely connected neighboring nodes within the communication range of the node,and increases the number of nodes used to negotiate the path-key.Analysis and comparison results between the enhanced scheme and the original scheme without the enhanced method show that with the enhanced scheme,secure network connectivity rate is obviously improved,and it achieves to 1 quickly.Moreover,the enhanced scheme needs much less pre-distributed keys to achieve the prospective network connectivity rate.

Zhuo Hao,Sheng Zhong,Nenghai Yu

DOI: https://doi.org/10.1155/2013/935604

2013-01-01

Abstract:A number of key agreement schemes based on wireless channel characteristics have been proposed recently. However, previous key agreement schemes require that two nodes which need to agree on a key are within the communication range of each other. Hence, they are not suitable for multihop wireless networks, in which nodes do not always have direct connections with each other. In this paper, we first propose a basic multihop key agreement scheme for wireless ad hoc networks. The proposed basic scheme is resistant to external eavesdroppers. Nevertheless, this basic scheme is not secure when there exist internal eavesdroppers or Man-in-the-Middle (MITM) adversaries. In order to cope with these adversaries, we propose an improved multihop key agreement scheme. We show that the improved scheme is secure against internal eavesdroppers and MITM adversaries in a single path. Both performance analysis and simulation results demonstrate that the improved scheme is efficient. Consequently, the improved key agreement scheme is suitable for multihop wireless ad hoc networks.

Shrikant H Talawar,R. c. Hansdah,Shrikant H. Talawar,R.C. Hansdah

DOI: https://doi.org/10.1109/aina.2015.183

2015-03-01

Abstract:An end-to-end shared secret key between two distant nodes in a mobile ad hoc network(MANET) is essential for providing secure communication between them. However, to provide effective security in a MANET, end-to-end key establishment should be secure against both internal as well as external malicious nodes. An external malicious node in a MANET does not possess any valid security credential related to the MANET, whereas an internal malicious node would possess some valid security credentials related to the MANET. Most of the protocols for end-to-end key establishment in MANETs either make an unrealistic assumption that an end-to-end secure channel exists between source and destination or use bandwidth consuming multi-path schemes. In this paper, we propose a simple and efficient protocol for end-to-end key establishment during route discovery (E2-KDR) in MANETs. Unlike many other existing schemes, the protocol establishes end-to-end key using trust among the nodes which, during initial stage, is established using public key certificate issued by an off-line membership granting authority. However, the use of public key in the proposed protocol is minimal to make it efficient. Since the key is established during route discovery phase, it reduces the key establishment time. The proposed protocol exploits mobility to establish end-to-end key, and provides comprehensive solution by making use of symmetric keys for protecting routing control messages and end-to-end communication. Moreover, as the end-to-end keys are established during route discovery phase, the protocol is on-demand and only necessary keys are established, which makes the protocol storage scalable. The protocol is shown to be secure using security analysis, and its efficiency is confirmed by the results obtained from simulation experiments.

Mohammed Gharib,Ali Owfi,Soudeh Ghorbani

DOI: https://doi.org/10.48550/arXiv.1911.05126

2019-11-12

Networking and Internet Architecture

Abstract:The security of cyber-physical systems, from self-driving cars to medical devices, depends on their underlying multi-hop wireless networks. Yet, the lack of trusted central infrastructures and limited nodes' resources make securing these networks challenging. Recent works on key pre-distribution schemes, where nodes communicate over encrypted overlay paths, provide an appealing solution because of their distributed, computationally light-weight nature. Alas, these schemes share a glaring security vulnerability: the two ends of every overlay link can decrypt---and potentially modify and alter---the message. Plus, the longer overlay paths impose traffic overhead and increase latency. We present a novel routing mechanism, KPsec, to address these issues. KPsec deploys multiple disjoint paths and an initial key-exchange phase to secure end-to-end communications. After the initial key-exchange phase, traffic in KPsec follows the shortest paths and, in contrast to key pre-distribution schemes, intermediate nodes cannot decrypt it. We measure the security and performance of KPsec as well as three state-of-the-art key pre-distribution schemes using a real 10-node testbed and large-scale simulations. Our experiments show that, in addition to its security benefits, KPsec results in $5-15\%$ improvement in network throughput, up to $75\%$ reduction in latency, and an order of magnitude reduction in energy consumption.

Zhijie Jerry Shi,Bing Wang,Fan Zhang

DOI: https://doi.org/10.1142/9789812837318_0016

2010-01-01

Abstract:Because of limited resources at sensor nodes, sensor networks typically adopt symmetric-key algorithms to provide security functions such as protecting communications between nodes. In order to use symmetric-key algorithms, two nodes need to establish a secret session key first. In this chapter, we describe a novel chord-based key establishment (CBKE) protocol that allows any pair of nodes in a sensor network to establish a secret session key. CBKE is a generalized deterministic key establishment scheme that provides great flexibility for balancing memory overhead, reliability, and communication cost. We also analyze the properties of CBKE and explore the performance trade-os using simulation.

Hung-Min Sun,Cheng-Ta Yang,Yue-Hsun Lin,Mu-En Wu

DOI: https://doi.org/10.1109/iih-msp.2009.221

2009-01-01

Abstract:Random key pre-distribution scheme is a flexible key management scheme for wireless sensor networks. Recently, numerous related studies have been proposed. However, most of them have weaknesses. First of all, sensors require large storage to store keys in order to maintain high connectivity. Secondly, impact caused by compromised sensors cannot be completely eliminated. In this paper, a novel pair-wise key establishment scheme based on the combination is proposed. Impact of key exposure from compromised sensors can be ignored since the pair-wise key for each pair of sensors is unique. Most significantly, we achieve the merit of fully connectivity without increasing storage requirement of sensors.

Gang Yao,Kui Ren,Feng Bao,Robert H. Deng,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-540-45203-4_27

2003-01-01

Abstract:Mobile ad hoc networks offer convenient infrastructureless communications over the shared wireless channel. However, the nature of mobile ad hoc networks makes them vulnerable to security attacks, such as passive eavesdropping over the wireless channel and denial of service attacks by malicious nodes. To ensure the security, several cryptography protocols are implemented. Due to the resource scarcity in mobile ad hoc networks, the protocols must be communication efficient and need as less computational power as possible. Broadcast communication is an important operation for many application in mobile ad hoc networks. To securely broadcast a message, all the members in the network need share a group key so that they can use efficient symmetric encryption, such as DES and AES. Several group key management protocols have been proposed. However, not all of them are communication efficient when applied to mobile ad hoc networks. In this paper, we propose a hierarchical key agreement protocol that is communication efficient to mobile ad hoc networks. We also show how to manage the group efficiently in a mobile environment.

V. Anitha,Dr. J. Akilandeswari

DOI: https://doi.org/10.48550/arXiv.1104.4690

2011-04-25

Abstract:The emerging need for mobile ad hoc networks and secured data transmission phase is of crucial importance depending upon the environments like military. In this paper, a new way to improve the reliability of message transmission is presented. In the open collaborative MANET environment, any node can maliciously or selfishly disrupt and deny communication of other nodes. Dynamic changing topology makes it hard to determine the adversary nodes that affect the communication in MANET. An SMT protocol provides a way to secure message transmission by dispersing the message among several paths with minimal redundancy. The multiple routes selected are known as APS -Active Path Set. This paper describes a technique for fault discovery process to identify Byzantine failures which include nodes that drop, modify, or mis-route packets in an attempt to disrupt the routing service. An adaptive probing technique detects a malicious link through binary search and according to the nodes behavior, these links are avoided in the active path by multiplicatively increasing their weights. The proposed scheme provides secure communication even with increased number of adversaries.

Networking and Internet Architecture,Performance

Weichao Xie,Jian Wang

DOI: https://doi.org/10.1109/sns-pcs.2013.6553830

2013-01-01

Abstract:Wireless Ad Hoc network is vulnerable to attacks due to its open and decentralized properties. This paper proposes a trusted connection based scheme for Ad Hoc network to prevent attacks. A trusted architecture is introduced into the node platform, which consists of two phases, platform identity verification and platform integrity measurement. For a communication requirement of two nodes, the terminal platform identity is firstly authenticated via Direct Anonymous Attestation, and the platform integrity measurement is performed for the nodes passing authentication. The communication is established if the nodes in both sides pass the authentication and measurement. We conduct simulation experiments to analyze the performance of the proposed scheme and verify its security in the attack scenario. The simulation results show that the proposed scheme can prevent the malicious nodes from accessing the network and resist the attacks from network.

Ashok Kumar Das

DOI: https://doi.org/10.48550/arXiv.1108.1302

2011-08-05

Cryptography and Security

Abstract:Establishment of pairwise keys between sensor nodes in a sensor network is a difficult problem due to resource limitations of sensor nodes as well as vulnerability to physical captures of sensor nodes by the enemy. Public-key cryptosystems are not much suited for most resource-constrained sensor networks. Recently, elliptic curve cryptographic techniques show that public key cryptosystem is also feasible for resource-constrained sensor networks. However, most researchers accept that the symmetric key cryptosystems are viable options for resource-constrained sensor networks. In this paper, we first develop a basic principle to address the key pre-distribution problem in mobile sensor networks. Then, using this developed basic principle, we propose a scheme which takes the advantage of the post-deployment knowledge. Our scheme is a modified version of the key prioritization technique proposed by Liu and Ning. Our improved scheme provides reasonable network connectivity and security. Moreover, the proposed scheme works for any deployment topology.

Ruichuan Chen,Wenjia Guo,Liyong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-540-85451-7_64

2008-01-01

Abstract:Peer-to-Peer (P2P) communication model has the potential to harness huge amounts of resources. However, due to the self-organizing and self-maintaining nature, current P2P networks suffer from various kinds of attacks. Public key authentication can provide a fundamental building block for P2P communication security. In this paper, we propose a scalable Byzantine fault tolerant public key authentication scheme for P2P networks, in which each participating peer dynamically maintains a trusted group to perform distributed challenge-response authentication without centralized infrastructure. To guarantee the authentication correctness, we additionally present a complementary trusted group maintenance scheme. The experimental results demonstrate that our authentication scheme can work in various different P2P scenarios effectively and efficiently.

Kamal Kumar,A. K. Verma,R. B. Patel

DOI: https://doi.org/10.5121/ijfcst.2014.4404

2014-08-13

Abstract:Multipath routing in WSN has been a long wish in security scenario where nodes on next-hop may be targeted to compromise. Many proposals of Multipath routing has been proposed in ADHOC Networks but under constrained from keying environment most seems ignorant. In WSN where crucial data is reported by nodes in deployment area to their securely located Sink, route security has to be guaranteed. Under dynamic load and selective attacks, availability of multiple secure paths is a boon and increases the attacker efforts by many folds. We propose to build a subset of neighbors as our front towards destination node. We also identified forwarders for query by base station. The front is optimally calculated to maintain the security credential and avail multiple paths. According to our knowledge ours is first secure multipath routing protocol for WSN. We established effectiveness of our proposal with mathematical analysis

Networking and Internet Architecture

Zhong Su,Yixin Jiang,Fengyuan Ren,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1155/2010/808797

2010-01-01

EURASIP Journal on Wireless Communications and Networking

Abstract:Key management is a core mechanism to provide secure and reliable communications in wireless sensor networks (WSNs). In large-scale WSNs, due to the resource constraint on sensor nodes, it is still an extremely challenging task to achieve good performance in terms of high network connectivity and strong resilience against sensor nodes capture with low overheads. To address this issue, in this paper we propose a novel random pairwise key establishment scheme, called RPKE. In RPKE, sensor nodes differentiate their roles as either auxiliary nodes or ordinary nodes prior to network deployment. The auxiliary nodes act as distributed key distribution center (KDC), and neighboring ordinary nodes can establish pairwise key with the help of the distributed KDC. Theoretical analysis and simulation evaluation demonstrate that RPKE performs well in terms of network connectivity and resilience at the cost of low computation/communication/ storage overheads, compared to the existing counterparts.

Song Fang,Ian Markwood,Yao Liu

DOI: https://doi.org/10.1109/tmc.2019.2939529

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Wireless communication is easily eavesdropped due to the broadcast nature of the wireless medium. This has spurred extensive research into secret key establishment using physical layer characteristics of wireless channels. In all these schemes, the secret keys directly originate from the physical features of the real wireless channel, which is highly dependent on the communication environment nearby. Also, previous schemes require performing information reconciliation, which increases both the costs and the risk of key leakage. In this paper, we exhibit a novel wireless key establishment method allowing the transmitter to specify arbitrary content as the key and cause the receiver to obtain the same key leveraging a channel manipulation technique. We furthermore enable the transmitter to apply error-correction code to the key, so that the receiver can automatically correct any mismatched bits without sending key-related information back to the transmitter over the public channel. Experimental results demonstrate that our key establishment method reaches a success rate as high as 91.0 percent for establishing a 168-bit key between the transmitter and the receiver, and meanwhile the chance that the eavesdropper can infer the key in meter-order range of the receiver is subdued into the range of 0$sim$<math>∼</math>0.10 percent.

computer science, information systems,telecommunications

Mohamed‐Lamine Messai

DOI: https://doi.org/10.1002/dac.5824

2024-05-19

International Journal of Communication Systems

Abstract:Studying the self‐healing mechanism as a security metric in key management schemes. Proposing a new scheme called adaPtive and rObust Key pre‐distribution (POK). POK ensures the establishment of pairwise keys between neighboring nodes. POK facilitates the post‐deployments of nodes while preserving energy and guarantees resilience against node compromising attacks. Summary Internet of Things (IoT) networks continue to be deployed and play a crucial role in our daily life. Thus, ensuring their security is of utmost importance. This necessitates the use of cryptographic materials to maintain the confidentiality of exchanged data between IoT devices (or sensor nodes). The key component of these cryptographic materials is the encryption and decryption keys. In resource‐constrained networks like sensor and IoT networks, employing symmetric pairwise keys offers a trade‐off between resource saving and security. However, symmetric cryptosystems suffer from node compromising attacks. In addition, such networks often require the post‐deployment of new IoT devices either periodically or based on specific use cases leading to a multi‐phase IoT networks. So, key establishment is required to secure newly added node communications. This paper presents an adaPtive and rObust Key pre‐distribution (POK) that enables key establishment between deployed nodes. POK enhances the generation and pre‐loading of keys in sensor nodes. The fundamental concept of POK involves pre‐loading newly added IoT or sensor nodes with pairwise keys computed using a hash function and taking into account the expected number of future post‐deployments. Through a comparative analysis with related works, POK minimizes communication overhead, eliminates the need for time synchronization, and offers an energy‐efficient scheme. Furthermore, POK offers a resilience to node compromising attack by the self‐healing property, where compromised nodes have a limited effect on the network, and newly deployed nodes remain unaffected.

telecommunications,engineering, electrical & electronic

Yifei Zou,Dongxiao Yu,Jiguo Yu,Yong Zhang,Falko Dressler,Xiuzhen Cheng

DOI: https://doi.org/10.1109/TNET.2021.3069324

2021-04-02

IEEE/ACM Transactions on Networking

Abstract:The byzantine model is widely used to depict a variety of node faults in networks. Previous studies on byzantine-resilient protocols in wireless networks assume reliable communications and do not consider the jamming behavior of byzantine nodes. Such jamming, however, is a very critical and realistic behavior to be considered in modern wireless networks. In this paper, for the first time, we integrate the jamming behavior of byzantine nodes into the network setting. We show that, in this much more comprehensive and harsh model, efficient distributed communication protocols can be still devised with elaborate protocol design. In particular, we developed an algorithm that can accomplish the basic multiple-message dissemination task close to the optimal solution in terms of running time. Empirical results validate the byzantine-resilience and efficiency of our algorithm.

Song Guo,Victor Leung,Zhuzhong Qian

DOI: https://doi.org/10.1109/icc.2010.5502141

2010-01-01

Abstract:The wireless sensor networks (WSNs) are normally operated in unattended, harsh, or hostile environment. Some strategies have been proposed to establish pairwise keys to protect the sensitive data and the sensor readings, but most existing schemes either suffer the large-scale node capture attacks, or cannot provide full and direct key establishment. In this paper, we present a permutation-based multi-polynomial scheme for pairwise key establishment in wireless sensor networks. This scheme is highly robust to the large-scale node capture attacks. Even after a large number of nodes have been compromised, the pairwise keys shared by non-compromised nodes remain secure. It also guarantees that any two nodes can directly establish a pairwise key without exposing any secret to other nodes. This full and direct key establishment features enable our scheme every adaptive to support node addition and mobility, which are particularly beneficial to the real-world applications. Our performance analysis also shows that the proposed scheme incurs low communication, storage, and computation overhead.

Jen-Yeu Chen,Yi-ying Tseng

DOI: https://doi.org/10.48550/arXiv.1303.2553

2013-03-11

Abstract:Network coding is an elegant technique where, instead of simply relaying the packets of information they receive, the nodes of a network are allowed to combine \emph{several} packets together for transmission and this technique can be used to achieve the maximum possible information flow in a network and save the needed number of packet transmissions. Moreover, in an energy-constraint wireless network such as Wireless Sensor Network (a typical type of wireless ad hoc network), applying network coding to reduce the number of wireless transmissions can also prolong the life time of sensor nodes. Although applying network coding in a wireless sensor network is obviously beneficial, due to the operation that one transmitting information is actually combination of multiple other information, it is possible that an error propagation may occur in the network. This special characteristic also exposes network coding system to a wide range of error attacks, especially Byzantine attacks. When some adversary nodes generate error data in the network with network coding, those erroneous information will be mixed at intermeidate nodes and thus corrupt all the information reaching a destination. Recent research efforts have shown that network coding can be combined with classical error control codes and cryptography for secure communication or misbehavior detection. Nevertheless, when it comes to Byzantine attacks, these results have limited effect. In fact, unless we find out those adversary nodes and isolate them, network coding may perform much worse than pure routing in the presence of malicious nodes. In this paper, a distributed hierarchical algorithm based on random linear network coding is developed to detect, locate and isolate malicious nodes.

Networking and Internet Architecture

Yuan Cheng,Yanan Liu,Zheng Zhang,Yanxiu Li

DOI: https://doi.org/10.3390/s23146460

IF: 3.9

2023-07-18

Sensors

Abstract:Wireless sensor networks are usually applied in hostile areas where nodes can easily be monitored and captured by an adversary. Designing a key distribution scheme with high security and reliability, low hardware requirements, and moderate communication load is crucial for wireless sensor networks. To address the above objectives, we propose a new key distribution scheme based on an ECC asymmetric encryption algorithm. The two-way authentication mechanism in the proposed scheme not only prevents illegal nodes from accessing the network, but also prevents fake base stations from communicating with the nodes. The complete key distribution and key update methods ensure the security of session keys in both static and dynamic environments. The new key distribution scheme provides a significant performance improvement compared to the classical key distribution schemes for wireless sensor networks without sacrificing reliability. Simulation results show that the proposed new scheme reduces the communication load and key storage capacity, has significant advantages in terms of secure connectivity and attack resistance, and is fully applicable to wireless sensor networks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation