Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

WANG Qiuhua,CHEN Huifang,XIE Lei,WANG Kuang

DOI: https://doi.org/10.3724/SP.J.1219.2010.00268

2011-01-01

Information and Control

Abstract:In the path-key establishment phase of existing pre-distribution key management schemes,there are many problems,such as long path-key establishment path,high communication overhead,and low secure network connectivity growth rate.In order to resolve these problems,an enhanced scheme for establishing the path-key is proposed.In path-key set up phase,the proposed scheme makes full use of the pre-distributed keys in the securely connected neighboring nodes within the communication range of the node,and increases the number of nodes used to negotiate the path-key.Analysis and comparison results between the enhanced scheme and the original scheme without the enhanced method show that with the enhanced scheme,secure network connectivity rate is obviously improved,and it achieves to 1 quickly.Moreover,the enhanced scheme needs much less pre-distributed keys to achieve the prospective network connectivity rate.

Fatma Hendaoui,Hamdi Eltaief,Habib Youssef

DOI: https://doi.org/10.1002/ett.3198

IF: 3.6

2017-05-28

Transactions on Emerging Telecommunications Technologies

Abstract:Secure communication of Internet of Things (IoT) devices relies on cryptographic approaches whose robustness is based on the security of encryption keys. For instance, an adequate key management scheme must be used to properly manage the used keys. Designing an efficient and robust key management scheme for the connected devices is a challenging task. Reported key management schemes suffer from several deficiencies such as the single point of failure and the non–trade‐off between scalability, connectivity, and resiliency. This paper first reviews key management schemes in the context of the IoT. Then, we propose a collaborative lightweight key management scheme that secures the keys during the life cycle of the embedded devices. Our proposal relies on the collaboration of the smart devices, where all the devices participate in the construction of the global key. Following the analytical and the comparative studies, we show that our proposal can be integrated in several communication protocols designated for embedded devices such as IEEE 802.15.4. Simulation results validate the analytical study and show that the proposed collaborative group key scheme exhibits superior performance when compared with two corresponding schemes reported in the literature. This paper proposes a collaborative key management scheme for smart devices. The proposed solution respects the restraints of IoT devices such as processing, storage and communication resources. The key update does not engender further costs.

telecommunications

Ashok Kumar Das

DOI: https://doi.org/10.48550/arXiv.1108.1302

2011-08-05

Cryptography and Security

Abstract:Establishment of pairwise keys between sensor nodes in a sensor network is a difficult problem due to resource limitations of sensor nodes as well as vulnerability to physical captures of sensor nodes by the enemy. Public-key cryptosystems are not much suited for most resource-constrained sensor networks. Recently, elliptic curve cryptographic techniques show that public key cryptosystem is also feasible for resource-constrained sensor networks. However, most researchers accept that the symmetric key cryptosystems are viable options for resource-constrained sensor networks. In this paper, we first develop a basic principle to address the key pre-distribution problem in mobile sensor networks. Then, using this developed basic principle, we propose a scheme which takes the advantage of the post-deployment knowledge. Our scheme is a modified version of the key prioritization technique proposed by Liu and Ning. Our improved scheme provides reasonable network connectivity and security. Moreover, the proposed scheme works for any deployment topology.

Donggang Liu,Peng Ning

DOI: https://doi.org/10.1145/948109.948119

2003-01-01

Abstract:Pairwise key establishment is a fundamental security service in sensor networks; it enables sensor nodes to communicate securely with each other using cryptographic techniques. However, due to the resource constraints on sensors, it is infeasible to use traditional key management techniques such as public key cryptography and key distribution center (KDC). To facilitate the study of novel pairwise key predistribution techniques, this paper presents a general framework for establishing pairwise keys between sensors on the basis of a polynomial-based key predistribution protocol [2]. This paper then presents two efficient instantiations of the general framework: a random subset assignment key predistribution scheme and a grid-based key predistribution scheme. The analysis in this paper indicates that these two schemes have a number of nice properties, including high probability (or guarantee) to establish pairwise keys, tolerance of node captures, and low communication overhead. Finally, this paper presents a technique to reduce the computation at sensors required by these schemes.

Zahid Mahmood,Ata Ullah,Huansheng Ning

DOI: https://doi.org/10.1109/access.2018.2840131

IF: 3.9

2018-01-01

IEEE Access

Abstract:With the inclusion of mobile devices and ubiquitous connectivity of smart devices in Internet of Things, secure key management is mandatory to ensure privacy for information exchange. In this regard, the multiparty key establishment schemes achieve better security strength by taking shared parameters from neighboring member nodes to calculate the key. The similar multiparty mechanism can be adopted among other hierarchical nodes, including head node, server and gateway node. Moreover, session keys can also be set up in a similar manner. The main problem in multiparty password-based authentication schemes is the computation of extensively hard problem that limits it to three parties and N-party is quite more complex or infeasible. This paper presents a novel distributed multiparty keying scheme where chaotic maps are used to provide one-way hashing and Chebyshev polynomial are used for establishing a common multiparty key. In this paper, Phase-I covers keying among trusted server and group heads and Phase-II elaborates the key establishment among smart devices and their group heads. The scheme is verified through the formal specification and security analysis using Rubin Logic for inter-group key establishment scenario. We have validated the intra-group and inter-group key establishment by doing extensive simulations in NS 2.35. Moreover, a test bed is setup for group head to server level authentication and key establishment. Results prove the supremacy of our scheme as compared with preliminaries in terms of computation cost, communication cost, and resilience.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qing Yang,QiaoLiang Li,Xiaoming Wang,Naixue Xiong,Yi Pan

DOI: https://doi.org/10.1007/978-3-540-88582-5_45

2008-01-01

Abstract:The establishment of shared keys between communicating neighbor nodes in wireless sensor networks is a challenge due to resource-constrained sensor networks. Several key pre-distribution schemes have been proposed in literatures to establish pairwise keys between sensor nodes. However, many of them are either too complicated to fit for wireless sensor networks or insecure for some common aggressions. In this paper, we propose a random key management scheme based on random key pre-distribution for wireless sensor networks. To achieve better performance and security, the proposed scheme employs two different phases to establish enhanced pairwise keys between neighboring nodes. Compared with other existing random key pre-distribution schemes, our scheme has better resilience against node capture and also performs better in terms of network connectivity and scalability with appropriate memory, computation and communication overheads.

Bi-di YING,Hui-fang CHEN,Wen-dao ZHAO,Pei-liang QIU

DOI: https://doi.org/10.3969/j.issn.1004-1699.2007.07.032

2007-01-01

Abstract:Key establishment and management in wireless sensor networks are one of the important targets of security technology researches because traditional key cryptosystems are unsuitable for resource constrained sensor nodes. A novel scheme named Low-power Key Pre-distribution Scheme (LKP) was proposed. This scheme generated a combination of inherited key chain, stored the head key of the key chain and the first key of overlay of keys into each node, searched for better network connectivity between nodes according to the overlap of keys, and then analyzed the security of the LKP scheme. At last the performances of the LKP scheme such as energy consumption and capture probability were simulated. The results show that LKP scheme is better than q-composite random key pre-distribution scheme and multi-path key reinforcement scheme on security and energy.

Samia Belattaf,Mohamed Mohammedi,Mawloud Omar,Rachida Aoudjit

DOI: https://doi.org/10.1007/s11277-021-08437-9

IF: 2.017

2021-04-03

Wireless Personal Communications

Abstract:The Internet of Things (IoT) is an emerging paradigm in the world of computer networks, where physical objects are connected over the Internet. Given the huge number of connected devices that are potentially vulnerable, highly significant risks emerge around the issues of communication security. Unfortunately, the conventional security methods are hard to adapt due to the heterogeneity and resource-constrained objects. In this paper, we propose a reliable and adaptive distributed public-key management infrastructure for the IoT. The main purpose of our proposal is to mitigate the resource issue for public-key certificate management to design an effective security mechanism, which offers reliable end-to-end security services. In order to evaluate the performances of our proposal, we have conducted intensive simulations with comparison to the literature, in which we have obtained promising results in terms of storage, communication, response time and resilience against malicious nodes.

telecommunications

Kui Ren,Kai Zeng,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2005.1605657

2005-01-01

Abstract:In a wireless sensor network, pre-distribution of secret keys is possibly the most practical approach to protect network communications. To meet the stringent resource constraints of the sensor nodes, such as limited storage capability, low computation capability, and limited battery life, key pre-distribution schemes should be highly efficient, namely requiring as little storage space as possible, and at the same time, maintain a strong security strength, i.e., high resilience against node capture. In this paper, a new approach for random key pre-distribution is proposed to achieve both efficiency and security goals. The novelty of this approach lies in that, instead of using a key pool consisting of random keys, a random key generation technique is carefully designed such that a large number of random keys can be represented by a small number of key-generation keys. Then, instead of storing a big number of random keys, each sensor node stores a small number of key-generation keys while computes the shared secret key during the bootstrapping phase on-the-fly using efficient hash operations. The proposed scheme outperforms the previous random key pre-distribution schemes by significantly reducing the storage requirement while holding the same security strength as shown by the detailed analysis

Safwan Mawlood Hussein,Juan Antonio López Ramos,José Antonio Álvarez Bermejo

DOI: https://doi.org/10.3390/s20082242

IF: 3.9

2020-04-15

Sensors

Abstract:With the deepening of the research and development in the field of embedded devices, the paradigm of the Internet of things (IoT) is gaining momentum. Its technology’s widespread applications increasing the number of connected devices constantly. IoT is built on sensor networks, which are enabling a new variety of solutions for applications in several fields (health, industry, defense, agrifood and agro sectors, etc.). Wireless communications are indispensable for taking full advantage of sensor networks but implies new requirements in the security and privacy of communications. Security in wireless sensor networks (WSNs) is a major challenge for extending IoT applications, in particular those related to the smart-agro. Moreover, limitations on processing capabilities of sensor nodes, and power consumption have made the encryption techniques devised for conventional networks not feasible. In such scenario, symmetric-key ciphers are preferred for key management in WSN; key distribution is therefore an issue. In this work, we provide a concrete implementation of a novel scalable group distributed key management method and a protocol for securing communications in IoT systems used in the smart agro sector, based on elliptic curve cryptography, to ensure that information exchange between layers of the IoT framework is not affected by sensor faults or intentional attacks. In this sense, each sensor node executes an initial key agreement, which is done through every member’s public information in just two rounds and uses some authenticating information that avoids external intrusions. Further rekeying operations require just a single message and provide backward and forward security.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hung-Min Sun,Cheng-Ta Yang,Yue-Hsun Lin,Mu-En Wu

DOI: https://doi.org/10.1109/iih-msp.2009.221

2009-01-01

Abstract:Random key pre-distribution scheme is a flexible key management scheme for wireless sensor networks. Recently, numerous related studies have been proposed. However, most of them have weaknesses. First of all, sensors require large storage to store keys in order to maintain high connectivity. Secondly, impact caused by compromised sensors cannot be completely eliminated. In this paper, a novel pair-wise key establishment scheme based on the combination is proposed. Impact of key exposure from compromised sensors can be ignored since the pair-wise key for each pair of sensors is unique. Most significantly, we achieve the merit of fully connectivity without increasing storage requirement of sensors.

Mohammed Gharib,Ali Owfi,Soudeh Ghorbani

DOI: https://doi.org/10.48550/arXiv.1911.05126

2019-11-12

Networking and Internet Architecture

Abstract:The security of cyber-physical systems, from self-driving cars to medical devices, depends on their underlying multi-hop wireless networks. Yet, the lack of trusted central infrastructures and limited nodes' resources make securing these networks challenging. Recent works on key pre-distribution schemes, where nodes communicate over encrypted overlay paths, provide an appealing solution because of their distributed, computationally light-weight nature. Alas, these schemes share a glaring security vulnerability: the two ends of every overlay link can decrypt---and potentially modify and alter---the message. Plus, the longer overlay paths impose traffic overhead and increase latency. We present a novel routing mechanism, KPsec, to address these issues. KPsec deploys multiple disjoint paths and an initial key-exchange phase to secure end-to-end communications. After the initial key-exchange phase, traffic in KPsec follows the shortest paths and, in contrast to key pre-distribution schemes, intermediate nodes cannot decrypt it. We measure the security and performance of KPsec as well as three state-of-the-art key pre-distribution schemes using a real 10-node testbed and large-scale simulations. Our experiments show that, in addition to its security benefits, KPsec results in $5-15\%$ improvement in network throughput, up to $75\%$ reduction in latency, and an order of magnitude reduction in energy consumption.

Akbar Morshed Aski,Hamid Haj Seyyed Javadi

DOI: https://doi.org/10.48550/arXiv.2102.07137

2021-02-14

Abstract:In a resource-constrained IoT network, end nodes like WSN, RFID, and embedded systems are used which have memory, processing, and energy limitations. One of the key distribution solutions in these types of networks is to use the key pre-distribution scheme, which accomplishes the key distribution operation offline before the resource-constrained devices deployment in the environment. Also, in order to reduce the shared key discovery computing and communication overhead, the use of combinatorial design in key pre-distribution has been proposed as a solution in recent years. In this study, a ${\mu}$-PBIBD combinatorial design is introduced and constructed and the mapping of such design as a key pre-distribution scheme in the resource-constrained IoT network is explained. Through using such key pre-distribution scheme, more keys are obtained for communication between two devices in the IoT network. This means that there will be a maximum of q + 2 keys between the two devices in the network, where q is the prime power, that is, instead of having a common key for a direct secure connection, the two devices can have q + 2 common keys in their key chain. Accordingly, we would increase the resilience of the key pre-distribution scheme compared to the SBIBD, TD, Trade-KP, UKP *, RD * and 2-D ${\mu}$-PBIBD designs. Keywords: resource-constrained IoT network; combinatorial design; ${\mu}$-PBIBD; resilience.

Cryptography and Security

sun qian

DOI: https://doi.org/10.1016/j.phpro.2012.03.368

2012-01-01

Abstract:To establish the two key in wireless sensor network is a basic security services, forming the basis other security services, such as authentication and encrypted. However, due to the sensor network resource constraints on to establish the two key not wireless sensor networks trivial tasks. The existing key, pre-alpha-ever scheme compromise node number and a minor part however influence key will increase quickly. As a result, a small compromise the number of node may affect the most adversaries. This paper proposes an improved key management wireless sensor network plan, take advantage of one-way hash function to alleviate the influence of compromise the sensor high sensor nodes. At the same time, this method does not affect the connection between neighboring sensor node. The analysis shows that compared with the existing plan which has good network resilience against node capture attack. (C) 2012 Published by Elsevier B.V. Selection and/or peer-review under responsibility of Garry Lee

Vishal Choudhary,S. Taruna

DOI: https://doi.org/10.1007/978-981-13-3143-5_21

2018-11-28

Abstract:In sensor network where large group of nodes share the information, in such scenario it’s difficult to scale the application, in addition security in wireless sensor network often vary with purpose and context, but in broad-spectrum, security for wireless sensor networks should centered on the protection of the data itself and the network communications between the nodes. Privacy, reliability and validation are the most important data security concerns. Traditional cryptographic methods are not promising on resource limited sensor nodes. Node initiated key management is a novel idea where rather than base station or key distribution center initiate the security algorithm. We can give control to sensor nodes or cluster head for securing communicating nodes with in a sensor network. It is a non centralized key management method which is more robust than other methods. in this paper we proposed the proactive key management which guarantee efficiency, robustness, and dynamic clustering.

Zahid Mahmood,Huansheng Ning,AtaUllah Ghafoor

DOI: https://doi.org/10.3390/s17040670

IF: 3.9

2017-03-24

Sensors

Abstract:Wireless Sensor Networks (WSNs) consist of lightweight devices to measure sensitive data that are highly vulnerable to security attacks due to their constrained resources. In a similar manner, the internet-based lightweight devices used in the Internet of Things (IoT) are facing severe security and privacy issues because of the direct accessibility of devices due to their connection to the internet. Complex and resource-intensive security schemes are infeasible and reduce the network lifetime. In this regard, we have explored the polynomial distribution-based key establishment schemes and identified an issue that the resultant polynomial value is either storage intensive or infeasible when large values are multiplied. It becomes more costly when these polynomials are regenerated dynamically after each node join or leave operation and whenever key is refreshed. To reduce the computation, we have proposed an Efficient Key Management (EKM) scheme for multiparty communication-based scenarios. The proposed session key management protocol is established by applying a symmetric polynomial for group members, and the group head acts as a responsible node. The polynomial generation method uses security credentials and secure hash function. Symmetric cryptographic parameters are efficient in computation, communication, and the storage required. The security justification of the proposed scheme has been completed by using Rubin logic, which guarantees that the protocol attains mutual validation and session key agreement property strongly among the participating entities. Simulation scenarios are performed using NS 2.35 to validate the results for storage, communication, latency, energy, and polynomial calculation costs during authentication, session key generation, node migration, secure joining, and leaving phases. EKM is efficient regarding storage, computation, and communication overhead and can protect WSN-based IoT infrastructure.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ashok Kumar Das

DOI: https://doi.org/10.48550/arXiv.1103.4496

2011-03-23

Abstract:Due to resource constraints of the sensor nodes, traditional public key cryptographic techniques are not feasible in most sensor network architectures. Several symmetric key distribution mechanisms are proposed for establishing pairwise keys between sensor nodes in sensor networks, but most of them are not scalable and also are not much suited for mobile sensor networks because they incur much communication as well as computational overheads. Moreover, these schemes are either vulnerable to a small number of compromised sensor nodes or involve expensive protocols for establishing keys. In this paper, we introduce a new scheme for establishing keys between sensor nodes with the help of additional high-end sensor nodes, called the auxiliary nodes. Our scheme provides unconditional security against sensor node captures and high network connectivity. In addition, our scheme requires minimal storage requirement for storing keys mainly due to only a single key before deployment in each node in the sensor network, supports efficiently addition of new nodes after initial deployment and also works for any deployment topology.

Cryptography and Security

Pourya Alimoradi,Ali Barati,Hamid Barati

DOI: https://doi.org/10.1002/dac.5076

2021-12-30

International Journal of Communication Systems

Abstract:In wireless sensor networks, sensor nodes are typically distributed in harsh environments for continuous monitoring and data collection. All sensor nodes send the collected data directly or through other sensor nodes to the base station. Due to the nature and range of applications of these networks, maintaining security has always been one of the most critical challenges in wireless sensor networks. Key management is one of the methods used to maintain security in wireless sensor networks. In this paper, a hierarchical key management method for wireless sensor networks is presented. In the proposed method, first, the network is zoned, then the connection between the network nodes is established through two keys within the zone and between zones. The zone key is the shared key between the zone members and the zone manager. For intra‐zone communication, a lightweight authentication operation is performed between zone members and the zone manager. If the authentication operation is successful, the key generation process is performed within the zone. The inter‐zone key is shared between both of the manager nodes and is used for inter‐zone communication. The performance of the proposed method is compared with the Zhang et al. (2016); the EDAK (Athmani et al., 2019), DKMS (Yousefpoor & Barati, 2020), SSEKMS (Kumar et al., 2021), and ADPK (Ahlawat & Dave, 2021) methods show the proposed method's better performance. In this paper, a hierarchical key management method for wireless sensor networks is presented. In the proposed method, first, the network is zoned, then the connection between the network nodes is established through two keys within the zone and between zones. The zone key is the shared key between the zone members and the zone manager. For intra‐zone communication, a lightweight authentication operation is performed between zone members and the zone manager. If the authentication operation is successful, the key generation process is performed within the zone. The inter‐zone key is shared between both of the manager nodes and is used for inter‐zone communication.

telecommunications,engineering, electrical & electronic