Rong Fan,Dao-jing He,Xue-zeng Pan,Ling-di Ping

DOI: https://doi.org/10.1631/jzus.c1000377

2011-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to security attacks due to their deployment and resource constraints. Considering that most large-scale WSNs follow a two-tiered architecture, we propose an efficient and denial-of-service (DoS)-resistant user authentication scheme for two-tiered WSNs. The proposed approach reduces the computational load, since it performs only simple operations, such as exclusive-OR and a one-way hash function. This feature is more suitable for the resource-limited sensor nodes and mobile devices. And it is unnecessary for master nodes to forward login request messages to the base station, or maintain a long user list. In addition, pseudonym identity is introduced to preserve user anonymity. Through clever design, our proposed scheme can prevent smart card breaches. Finally, security and performance analysis demonstrates the effectiveness and robustness of the proposed scheme.

Hung-Min Sun,Cheng-Ta Yang,Yue-Hsun Lin,Mu-En Wu

DOI: https://doi.org/10.1109/iih-msp.2009.221

2009-01-01

Abstract:Random key pre-distribution scheme is a flexible key management scheme for wireless sensor networks. Recently, numerous related studies have been proposed. However, most of them have weaknesses. First of all, sensors require large storage to store keys in order to maintain high connectivity. Secondly, impact caused by compromised sensors cannot be completely eliminated. In this paper, a novel pair-wise key establishment scheme based on the combination is proposed. Impact of key exposure from compromised sensors can be ignored since the pair-wise key for each pair of sensors is unique. Most significantly, we achieve the merit of fully connectivity without increasing storage requirement of sensors.

Rong Fan,Lingdi Ping,JianQing Fu,Xuezeng Pan

DOI: https://doi.org/10.1109/PACCS.2010.5626600

2010-01-01

Abstract:As wireless sensor networks (WSNs) are susceptible to attacks and sensor nodes have limited resources, designing a secure and efficient user authentication protocol for WSNs is a difficult task. Considering that most future large-scale WSNs follow a two-tiered architecture, we propose an efficient and Denial-of-Service resistant user authentication scheme for two-tiered WSNs, which imposes very light computational load and requires simple operations such as one-way hash function and exclusive-OR operations. In addition, there is a growing requirement for preserving user anonymity recently. Thus we introduce pseudonym identity for each user which is concealed in login messages. And through clever design, our proposed scheme can prevent from smart card breach. Moreover, the security analysis on this scheme demonstrates that our proposed scheme enjoys security attributes such as preventing the various kinds of attacks and user anonymity. Finally, performance analysis shows that our proposed scheme is simple and efficient.

Jianqing Fu,Xiaoning Jiang,Lingdi Ping,Rong Fan

DOI: https://doi.org/10.1109/icime.2009.14

2009-01-01

Abstract:In this paper, we identify a vulnerability of IEEE 802.11 wireless Mesh LANs in which a compromised mesh point can still receive data from other mesh points. Then we propose a new protocol that can counter this attack by considering the effective period of both the mesh points (MPs) when decide the lifetime of the key shared between them. We also amend 802.11s draft in order not to bring about a fundamental change to the whole key hierarchy, and propose a protocol to refresh the shared key when it expired. Then we prove the security of the protocol using protocol composition logic (PCL).

Jang-Ping Sheu,Jui-Che Cheng

DOI: https://doi.org/10.1016/j.comcom.2007.04.021

IF: 5.047

2007-01-01

Computer Communications

Abstract:When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.

Bidi Ying,Huifang Chen,Wendao Zhao,Peiliang Qiu

DOI: https://doi.org/10.1109/ICICIC.2006.449

2006-01-01

Abstract:Due to limited resources and the threats to the security, a challenging problem is how to implement secure pairwise communications among any pair of sensors in a wireless sensor network. An energy-based key management (EKM) scheme was proposed in this paper. This scheme stored identifier, residual energy and the pairwise keys into each node in the key pre-distribution phase, searched for better secure links according to the identifier and residual energy, and then took multiplied times hash functions to implement the security for EKM scheme the view of the multi-hop communication. Both analytical evaluations and extensive simulations of EKM scheme were provided. The results indicate that EKM scheme has lower energy consumption and longer the lifetime of the network, and reduces the probability of nodes capture

Song Guo,Victor Leung,Zhuzhong Qian

DOI: https://doi.org/10.1109/icc.2010.5502141

2010-01-01

Abstract:The wireless sensor networks (WSNs) are normally operated in unattended, harsh, or hostile environment. Some strategies have been proposed to establish pairwise keys to protect the sensitive data and the sensor readings, but most existing schemes either suffer the large-scale node capture attacks, or cannot provide full and direct key establishment. In this paper, we present a permutation-based multi-polynomial scheme for pairwise key establishment in wireless sensor networks. This scheme is highly robust to the large-scale node capture attacks. Even after a large number of nodes have been compromised, the pairwise keys shared by non-compromised nodes remain secure. It also guarantees that any two nodes can directly establish a pairwise key without exposing any secret to other nodes. This full and direct key establishment features enable our scheme every adaptive to support node addition and mobility, which are particularly beneficial to the real-world applications. Our performance analysis also shows that the proposed scheme incurs low communication, storage, and computation overhead.

Bidi Ying,Huifang Chen,Wendao Zhao,Peiliang Qiu

DOI: https://doi.org/10.1109/wcica.2006.1712373

2006-01-01

Abstract:In wireless sensor networks, nodes are easy to be compromised by the adversary due to the resource limitations of the sensor nodes. How to reduce the energy consumption of nodes and increase the security becomes the goal of the security technologies. An energy-aware random pairwise keys (ERPK) scheme was proposed in this paper. In the phase of the key-setup, the node identity and the residual energy were stored, and the pairwise keys were generated after the node identity was matched up with the neighbor nodes, the pairwise keys between the node and the neighbor nodes were validated according to the identity and residual energy, then analyzed the security of the ERPK scheme with the multi-hop communication. The performances of the ERPK scheme such as the energy consumption, the lifetime of network and the security were analyzed and simulated. The results show that the ERPK scheme has lower energy consumption and longer network lifetime than those of the random pairwise keys scheme, and also the compromised probability of the nodes is reduced

Qing Yang,QiaoLiang Li,Xiaoming Wang,Naixue Xiong,Yi Pan

DOI: https://doi.org/10.1007/978-3-540-88582-5_45

2008-01-01

Abstract:The establishment of shared keys between communicating neighbor nodes in wireless sensor networks is a challenge due to resource-constrained sensor networks. Several key pre-distribution schemes have been proposed in literatures to establish pairwise keys between sensor nodes. However, many of them are either too complicated to fit for wireless sensor networks or insecure for some common aggressions. In this paper, we propose a random key management scheme based on random key pre-distribution for wireless sensor networks. To achieve better performance and security, the proposed scheme employs two different phases to establish enhanced pairwise keys between neighboring nodes. Compared with other existing random key pre-distribution schemes, our scheme has better resilience against node capture and also performs better in terms of network connectivity and scalability with appropriate memory, computation and communication overheads.

Zhong Su,Yixin Jiang,Fengyuan Ren,Chuang Lin,Xiaowen Chu

DOI: https://doi.org/10.1155/2010/808797

2010-01-01

EURASIP Journal on Wireless Communications and Networking

Abstract:Key management is a core mechanism to provide secure and reliable communications in wireless sensor networks (WSNs). In large-scale WSNs, due to the resource constraint on sensor nodes, it is still an extremely challenging task to achieve good performance in terms of high network connectivity and strong resilience against sensor nodes capture with low overheads. To address this issue, in this paper we propose a novel random pairwise key establishment scheme, called RPKE. In RPKE, sensor nodes differentiate their roles as either auxiliary nodes or ordinary nodes prior to network deployment. The auxiliary nodes act as distributed key distribution center (KDC), and neighboring ordinary nodes can establish pairwise key with the help of the distributed KDC. Theoretical analysis and simulation evaluation demonstrate that RPKE performs well in terms of network connectivity and resilience at the cost of low computation/communication/ storage overheads, compared to the existing counterparts.

Dong Jiao,Mingchu Li,Yan Yu,Jinping Ou

DOI: https://doi.org/10.1155/2012/821486

IF: 1.938

2012-01-01

International Journal of Distributed Sensor Networks

Abstract:In wireless sensor networks, self-healing key-distribution schemes are used to ensure that, even if the message packets that are broadcast in some sessions get lost, the group nodes can still recover the lost session keys simply by using their personal secret keys and broadcast messages that have been received without requesting additional transmissions from the group manager. These schemes reduce network traffic, decrease the group manager's workload, and lower the risk of node exposure through traffic analysis. However, most existing schemes have many deficiencies, such as high overhead for storage and communication and collusion attacks. In this paper, we have proposed a modified, self-healing, key-distribution scheme based on one-way key chains and secret sharing. Our scheme has the properties of constant storage, lower communication overhead, long lifespan, forward secrecy, backward secrecy, and resistance to collusion attacks.

sun qian

DOI: https://doi.org/10.1016/j.phpro.2012.03.368

2012-01-01

Abstract:To establish the two key in wireless sensor network is a basic security services, forming the basis other security services, such as authentication and encrypted. However, due to the sensor network resource constraints on to establish the two key not wireless sensor networks trivial tasks. The existing key, pre-alpha-ever scheme compromise node number and a minor part however influence key will increase quickly. As a result, a small compromise the number of node may affect the most adversaries. This paper proposes an improved key management wireless sensor network plan, take advantage of one-way hash function to alleviate the influence of compromise the sensor high sensor nodes. At the same time, this method does not affect the connection between neighboring sensor node. The analysis shows that compared with the existing plan which has good network resilience against node capture attack. (C) 2012 Published by Elsevier B.V. Selection and/or peer-review under responsibility of Garry Lee

Haoyang Pu,Wen Chen,Hongchao Wang,Shenghong Bao

DOI: https://doi.org/10.3390/s24196217

IF: 3.9

2024-09-26

Sensors

Abstract:Due to their inherent openness, wireless sensor networks (WSNs) are vulnerable to eavesdropping attacks. Addressing the issue of secure Internet Key Exchange (IKE) in the absence of reliable third parties like CA/PKI (Certificate Authority/Public Key Infrastructure) in WSNs, a novel key synchronization method named NDPCS-KS is proposed in the paper. Firstly, through an initial negotiation process, both ends of the main channels generate the same initial key seeds using the Channel State Information (CSI). Subsequently, negotiation keys and a negative database (NDB) are synchronously generated at the two ends based on the initial key seeds. Then, in a second-negotiation process, the NDB is employed to filter the negotiation keys to obtain the keys for encryption. NDPCS-KS reduced the risk of information leakage, since the keys are not directly transmitted over the network, and the eavesdroppers cannot acquire the initial key seeds because of the physical isolation of their eavesdropping channels and the main channels. Furthermore, due to the NP-hard problem of reversing the NDB, even if an attacker obtains the NDB, deducing the initial key seeds is computationally infeasible. Therefore, it becomes exceedingly difficult for attackers to generate legitimate encryption keys without the NDB or initial key seeds. Moreover, a lightweight anti-replay and identity verification mechanism is designed to deal with replay attacks or forgery attacks. Experimental results show that NDPCS-KS has less time overhead and stronger randomness in key generation compared with other methods, and it can effectively counter replay, forgery, and tampering attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Donggang Liu,Peng Ning

DOI: https://doi.org/10.1145/948109.948119

2003-01-01

Abstract:Pairwise key establishment is a fundamental security service in sensor networks; it enables sensor nodes to communicate securely with each other using cryptographic techniques. However, due to the resource constraints on sensors, it is infeasible to use traditional key management techniques such as public key cryptography and key distribution center (KDC). To facilitate the study of novel pairwise key predistribution techniques, this paper presents a general framework for establishing pairwise keys between sensors on the basis of a polynomial-based key predistribution protocol [2]. This paper then presents two efficient instantiations of the general framework: a random subset assignment key predistribution scheme and a grid-based key predistribution scheme. The analysis in this paper indicates that these two schemes have a number of nice properties, including high probability (or guarantee) to establish pairwise keys, tolerance of node captures, and low communication overhead. Finally, this paper presents a technique to reduce the computation at sensors required by these schemes.

Yuan Cheng,Yanan Liu,Zheng Zhang,Yanxiu Li

DOI: https://doi.org/10.3390/s23146460

IF: 3.9

2023-07-18

Sensors

Abstract:Wireless sensor networks are usually applied in hostile areas where nodes can easily be monitored and captured by an adversary. Designing a key distribution scheme with high security and reliability, low hardware requirements, and moderate communication load is crucial for wireless sensor networks. To address the above objectives, we propose a new key distribution scheme based on an ECC asymmetric encryption algorithm. The two-way authentication mechanism in the proposed scheme not only prevents illegal nodes from accessing the network, but also prevents fake base stations from communicating with the nodes. The complete key distribution and key update methods ensure the security of session keys in both static and dynamic environments. The new key distribution scheme provides a significant performance improvement compared to the classical key distribution schemes for wireless sensor networks without sacrificing reliability. Simulation results show that the proposed new scheme reduces the communication load and key storage capacity, has significant advantages in terms of secure connectivity and attack resistance, and is fully applicable to wireless sensor networks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jaydip Sen

DOI: https://doi.org/10.13140/RG.2.1.2978.0722

2010-12-12

Abstract:Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Unfortunately, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as in a tactical battlefield. Random failure of nodes and intentional compromise of nodes by an insider attack in a WSN pose particularly difficult challenges to security engineers as these attacks cannot be defended by traditional cryptography-based mechanisms. In this paper, a security solution is proposed for detecting compromised and faulty nodes in a WSN. The mechanism also isolates a compromised node from the network so that it cannot participate in any network activity. The proposed mechanism is based on misbehavior classification, behaviour monitoring and trust management. It involves minimum computation and communication overhead and is ideally suited for a resource-constrained, high-integrity WSN.

Cryptography and Security

Bi-di YING,Hui-fang CHEN,Wen-dao ZHAO,Pei-liang QIU

DOI: https://doi.org/10.3969/j.issn.1004-1699.2007.07.032

2007-01-01

Abstract:Key establishment and management in wireless sensor networks are one of the important targets of security technology researches because traditional key cryptosystems are unsuitable for resource constrained sensor nodes. A novel scheme named Low-power Key Pre-distribution Scheme (LKP) was proposed. This scheme generated a combination of inherited key chain, stored the head key of the key chain and the first key of overlay of keys into each node, searched for better network connectivity between nodes according to the overlap of keys, and then analyzed the security of the LKP scheme. At last the performances of the LKP scheme such as energy consumption and capture probability were simulated. The results show that LKP scheme is better than q-composite random key pre-distribution scheme and multi-path key reinforcement scheme on security and energy.

Lei Wang,Yaping Lin,Minsheng Tan,Chunyi Shi

DOI: https://doi.org/10.1007/11833529_90

2006-01-01

Abstract:Security schemes of pairwise key establishment, which enable sensors to communicate with each other securely, play a fundamental role in research on security issue in wireless sensor networks. A new kind of pairwise key pre-distribution model for sensor networks is proposed. And in addition, based on which, an efficient dynamic key path establishment algorithm is designed. Theoretic analysis and experimental figures show that the new algorithm has better performance than those previous related works.

Youtao Zhang,Jun Yang,Weijia Li,Linzhang Wang,Lingling Jin

DOI: https://doi.org/10.1016/j.jnca.2009.06.003

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:Wireless sensor networks have recently emerged as a promising computing model for many civilian and military applications. Sensor nodes in such a network are subject to varying forms of attacks since they are left unattended after deployment. Compromised nodes can, for example, tamper with legitimate reports or inject false reports in order to either distract the user from reaching the right decision or deplete the precious energy of relay nodes. Most of the current designs take the en-network detection approach: misbehaved nodes are detected by their neighboring watchdog nodes; false reports are detected and dropped by trusted en-route relay nodes, etc. However en-network designs are insufficient to defend collaborative attacks when many compromised nodes collude with each other in the network. In this paper we propose COOL, a COmpromised nOde Locator for detecting and locating compromised nodes once they misbehave in the network. It is based on the observation that for a well-behaved sensor node, the set of outgoing messages should be equal to the set of incoming and locally generated or dropped messages. However, comparing the message sets for different nodes is not enough to identify attacks as their sanity is unknown. We exploit a proven collision-resilient hashing scheme, termed incremental hashing, to sign the incoming, outgoing and locally generated/dropped message sets. The hash values are then sent to the sink for trusted comparisons. We discuss how to securely collect these hash values and then confidently locate compromised nodes. The scheme can also be combined with existing en-route false report filtering schemes to achieve both early false report dropping and accurate compromised nodes isolation. Through identifying and excluding compromised nodes, the COOL protocol prevents further damages from these nodes and forms a reliable and energy-conserving sensor network.

Rongrong Jiang,Tieming Chen

DOI: https://doi.org/10.1109/cis.2011.153

2011-01-01

Abstract:Key management for wireless sensor networks meets new challenges due to its special properties. However, key distribution is a key problem for wireless sensor networks key management. In this paper, literature researches on WSN key distributions are reviewed at first, and the popular key pre-distribution schemes and protocols are analyzed. Then, a new key management scheme based on the novel cryptographic technique named bilinear pairing is proposed, as well as its security and performance are all discussed.