![ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010
Key Management Schemes for Secure
Communication in Heterogeneous Sensor
Networks
A.S.Poornima1, B.B.Amberker2
1
Dept. of Computer Science and Engg, Siddaganga Institute of Technology,
Tumkur, Karnataka, India.
Email: aspoornima@sit.ac.in
2
Dept. of Computer Science and Engg, National Institute of Technology,
Warangal, Andhra Pradesh, India.
Email: bba@nitw.ac.in
Abstract—Hierarchical Sensor Network organization is readings, perform costly operations and manage the
widely used to achieve energy efficiency in Wireless Sensor network. It interfaces the network to outside world.
Networks(WSN). To achieve security in hierarchical WSN, Transmission power of BS is usually enough to reach all
it is important to be able to encrypt the messages sent nodes. The next level of sensors are called group heads or
between sensor nodes and its cluster head. The key
management task is challenging due to resource constrained
Cluster Heads (we call these nodes as CH-sensors).
nature of WSN. In this paper we are proposing two key These nodes have better resources compared to the sensor
management schemes for hierarchical networks which nodes which form the lowest level of this model. Cluster
handles various events like node addition, node compromise heads are responsible for intermediate data processing,
and key refresh at regular intervals. The Tree-Based data aggregation e.g. collect and process the readings of
Scheme ensures in-network processing by maintaining some other nodes in the cluster and send a single reading to
additional intermediate keys. Whereas the CRT-Based base station. The BS in turn performs computation on
Scheme performs the key management with minimum readings from multiple cluster heads. The sensor nodes
communication and storage at each node. i.e., nodes with least resources and used for sensing a
Index Terms—Hierarchical Sensor Networks, Chinese
particular data (called as SN-sensors) form the majority
Remainder Theorem, Cluster Key, Cluster head, Sensor of the network. They provide the readings for the
Node. parameters being sensed.
I. INTRODUCTION Hierarchical Sensor Networks(HSN) are considered in
[8,4,10,5]. In the scheme [8] proposed by Sajid et.al. key
Wireless Sensor Networks (WSN) are composed of management based on key pre distribution is discussed.
small autonomous devices, or sensor nodes, that are Routing driven key management scheme is discussed in
networked together. Sensor networks can facilitate large- [4], the scheme is based on Elliptic Curve Cryptography.
scale, real-time data processing in complex environments. The scheme [10] focuses on achieving higher key
Their applications involve protecting and monitoring connectivity and system performance using the
critical military, environmental, safety-critical or combination of nodes with higher capability and nodes
domestic infrastructures and resources. Wireless with lower capability in terms of computation,
communication employed by the WSN facilitates communication and storage. In [5] algorithms are
eavesdropping and packet injection by an adversary. This discussed to improve the degree of sensing coverage
factor demand security for sensor network to ensure using heterogeneous sensor networks.
operation safety, secrecy of sensitive data and privacy for
people in sensor environment. In this paper we are proposing key management
schemes for Heterogeneous Sensor Networks. The first
The key management schemes discussed in [1,2,3,6,7, scheme is called as tree based scheme which is based on
9,11] consider homogeneous sensor networks, where all the scheme in [13]. The second scheme is based on
sensor nodes have identical capabilities in terms of Chinese Remainder theorem which is proposed for wired
communication, computation and storage. Large scale networks [14] which is called as CRT-based scheme in
homogeneous networks suffer from high costs of this paper. Here, hierarchical architecture of sensor
communication, computation and storage requirements. networks is considered, where data is routed from sensor
Hence Hierarchical Sensor Networks (HSNs)(also called nodes to the base station through cluster head. Base
as Heterogeneous Sensor Networks) are preferred as they station interfaces sensor network to the outside network.
provide better performance and security solutions. In Sensor nodes are assumed to be immobile, these nodes
WSN's hierarchical clustering provides scalability, self- organize themselves into clusters. The size of the cluster
organization and energy efficient data dissemination. In we are assuming here is a small group of sensor nodes. A
hierarchical networks, there is a hierarchy of nodes in cluster head is chosen from each cluster to handle the
terms of resources and functions. The most powerful communication between the cluster nodes and the base
node is the Base Station (BS). BS is a powerful data station. In the key management scheme discussed in [8]
processing and storage unit which collects sensor node revocation is not considered in detail. This scheme
© 2010 ACEEE 21
DOI: 01.ijns.01.01.05](https://image.slidesharecdn.com/05-120925224014-phpapp02/85/Key-Management-Schemes-for-Secure-Communication-in-Heterogeneous-Sensor-Networks-1-320.jpg)
![ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010
discusses about the percentage of links that are compromised node does not have access to any key used
compromised when a node is compromised, but how to encrypt the future messages.
these compromised links are reconfigured and what is the 3. Backward confidentiality : When a new node is
effort involved to reconfigure the compromised links in added to the cluster, the scheme should ensure that the
not discussed. The proposed schemes present how node does not have access to any key such that it can
actually the keys are changed ( rekey operation: is decrypt the previous messages.
nothing but changing the keys that are known to
compromised node and distributing them securely to
C. Threat Model
existing nodes) in order to reconfigure the compromised
links when a node is compromised. The type of attacker we are considering in this paper are
of two types. First type of attacker is an outside attacker
The proposed schemes are analyzed in detail by who is able to eavesdrop on the communications. Second
considering various performance metrics like storage, type of attacker is inside attacker a compromised node
communication and computation. The analysis shows that which is able to get all the secrets.
Tree-Based scheme achieves rekey operation by
performing logm n communication with additional
storage, whereas [8] achieves the same goal using 2n III. DESCRIPTION OF THE TREE - BASED SCHEME
communication. The CRT-Based scheme achieves rekey Sensors within a cluster are organized as m-ary [13]
operation by performing one modulus and one EX-OR balanced tree with sensor nodes at the leaf as shown in
operation and no additional communication cost is Fig.1 where m is the degree of the tree. The tree is
incurred. maintained by the cluster head which is CH-node. In
Fig.1. s0,s2, …. , s8 represent sensor nodes within a
The paper is organized as follows : In Section II we cluster. Nodes within a cluster are again organized into
explain notations, security goals and the threat model. smaller groups (called as subgroups) of fixed size based
Section III explains in detail the Tree-Based Scheme. In on the m value. This type of grouping reduces rekey
Section IV we explain the CRT-Based Scheme. Section V operation when a node is compromised. Every sensor
presents the performance analysis of the proposed node shares a key with the cluster head called its private
schemes and finally we conclude in Section VI. key used to communicate with the cluster head securely,
nodes k0,k1,…., k8 correspond to private keys. The keys
II. SYSTEM MODEL k0-2, k3-5, k6-8 represent the keys that are shared by some
In this section we discuss about assumptions and subset of sensors (called as intermediate keys).
notations, security goals and threat model used in this Intermediate keys are used for intra group communication
paper to construct the key management schemes. within a cluster. Key at the root of the tree is the cluster
CK
A. Notations
Following are some of the notations used in this paper :
BS → Base Station
k0-2 k3-5 k6-8
CH → Cluster Head
S → Set of all sensor nodes in a cluster
CCHK → Common Cluster Head Key
n → Number of nodes in a cluster
si → ith Sensor node k0 k1 k2 k3 k4 k5 k6 k7 k8
CK → Cluster Key s0 s1 s2 s3 s4 s5 s6 s7 s8
ki → Private key of the ith sensor node
ki-j → Key k shared between the users from I to j Fig.1. s0-s8 are sensor nodes in a cluster and k0 to k8
{x}y → Encryption of x using key y are pre loaded private keys of sensors, k0-2, k3-5, k6-8
K → Set of pairwise relatively prime numbers are auxiliary keys and CK is the cluster key
B. Security Goals
key (CK). CK is shared by all the nodes in the cluster.
The main security goal considered in this paper is Nodes within a cluster can communicate securely using
confidentiality : only the authorized nodes should be able CK. Every sensor node will store all the keys along the
to read the messages transmitted between the nodes. The path from leaf to root of the tree. All CH-nodes in the
confidentiality requirements that we are achieving in the network form another m-ary tree which is maintained by
Tree-Based Scheme and CRT- Based Scheme are : base station. We call the key that is shared by all CH-
1. Non-group confidentiality : Nodes that are not in nodes as Common Cluster head Key (CCHK). CH-nodes
the cluster should not be able to access any key that can can communicate with each other using the key CCHK.
be used to decrypt the message sent to the legitimate
nodes.
2. Forward confidentiality : When a node is A. Security analysis of Tree-Based Scheme
compromised, the scheme should ensure that the Security analysis is explained in this section by
considering the following issues : Key establishment,
© 2010 ACEEE 22
DOI: 01.ijns.01.01.05](https://image.slidesharecdn.com/05-120925224014-phpapp02/85/Key-Management-Schemes-for-Secure-Communication-in-Heterogeneous-Sensor-Networks-2-320.jpg)
![ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010
which are chosen from a pool of pairwise relatively prime value each node will compute the required cluster key
numbers. CK'.
Find Solution :Cluster Head will solve the congruence Key Refresh : In order to achieve key freshness it is
system and compute the value of X. required to change the cluster key CK periodically. To
change the key at regular interval the Cluster Head will
Broadcast X: The X value computed by solving the choose a new CK' and for the selected CK' it builds new
congruence system in the previous step is broadcasted congruence system and solve the system to compute new
such that other nodes in the network will receive this X value. CH broadcasts the computed X value so that
value. other nodes can compute the new CK'.
Key computation by other nodes : Each sensor will V. PERFORMANCE ANALYSIS
now compute the CK as : CK ←((X mod ki) ⊕ ki).
Storage : In the Tree-Based Scheme each SN-sensor is
required to store logm n keys (i.e., keys along the path
C. Security analysis of CRT-Based Scheme from leaf to root of the tree) where n is the number of
In this section we explain in detail the events like node nodes in a cluster and m degree of the tree. Each CH-
addition, node compromise and key refresh at regular sensor is required to store h mi keys, where h is the
interval.
∑
i−0
Node Revocation / Node compromise: We assume that
we have intrusion detection mechanism to detect node height of the tree and m the degree of the tree. In the
compromise. As soon as a node is compromised CRT-Based Scheme no additional storage is required by
corresponding cluster head will construct new SN-sensors, each SN-sensor will store only its private key
congruence system as explained in the Building ki. For the scheme in [8] the storage is : for a key sharing
congruence system phase of section IV B. Suppose if the probability of 0.8 SN-sensor stores 5 generation keys and
compromised node is sj with private key kj then the new CH-sensor approximately 250 generation keys.
congruence system constructed by Cluster Head is Computation :In Tree-Based Scheme, computation costs
are measured in terms of number of encryptions. Total
X ≡ p1 (mod k1) number of encryptions performed by cluster head (CH-
X ≡p2 (mod k2) node) in case of node addition are 2(h-1) where h is the
: tree height. For node addition computation with respect to
X ≡pj-1 (mod k j-1) SN-sensor not in the path of the joining node is one and
X ≡pj+1 (mod k j+1) for the SN-sensor in the path of joining node computation
: is equal to (h-1) decryptions. When a single node is
X ≡pn (mod kn) compromised, total number of encryptions are m(h-1).
In order to compute the new cluster key CK' in CRT-
For the above congruence system cluster head will find Based Scheme each SN-sensor in the cluster is required to
the solution X and broadcast the X value. Now other perform one modulus operation and one EXOR
nodes in the cluster except the compromised node will be operation. CH-sensor is required to solve the congruence
able to compute the new cluster key CK' using the X system as a result of events like node addition, node
value as explained in above protocol. compromise or to refresh the key at regular interval. The
Addition of New node : A new node is pre loaded with a computation cost incurred at cluster head to solve the
private key that it shares with the cluster head. Base congruence system is O(t(log m)3) + O(t(log m)2) as per
station encrypts the private key of the new SN-sensor the analysis of Chinese Remainder Theorem in [12].
using the CCHK that is maintained for cluster heads and Communication : Communication cost are studied in
the same is sent. Upon receiving the message from base terms of number of messages that are exchanged in order
station each CH-sensor will have the information to change the required keys. In Tree-Based Scheme for
regarding the new node. Each CH-node will now events like node addition and node compromise, the
broadcast Hello message to newly added SN-sensor. Now number of messages constructed and communicated vary
as in initial setup phase SN-sensor will choose its cluster from one to logm n which is the communication cost
head. After the node is admitted to a particular cluster, in incurred at CH-sensor. Similarly each SN-sensor
order to compute new key CK' the cluster head will build performs either one or logm n receive operations. For key
new congruence system, if the new node added is say sj refresh each CH-sensor performs one transmit operations
with private key kj then the congruence system and SN-sensor one receive operation in order to update
constructed by cluster head is : the cluster key.
X ≡ p1 (mod k1)
X ≡p2 (mod k2) In CRT-Based Scheme, when a node is added or
: compromised the cluster head constructs new congruence
X ≡pj (mod k j) system in order to change the key. The computed X value
: is distributed using single broadcast message to other
X ≡pn (mod kn) nodes in the cluster. Each SN-sensor performs one
The cluster head solve the above congruence system and receive operation to get the value of X, using which they
broadcast the computed X value. Upon receiving the X can compute the key CK'. The communication cost
incurred in the CRT-Based Scheme is : one transmit
operation by CH-sensors(cluster head) and one receive
© 2010 ACEEE 24
DOI: 01.ijns.01.01.05](https://image.slidesharecdn.com/05-120925224014-phpapp02/85/Key-Management-Schemes-for-Secure-Communication-in-Heterogeneous-Sensor-Networks-4-320.jpg)
![ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010
operation by SN-sensors(other nodes in the cluster). The [6] L.Eschenauer and V.D.Gligor. A key management
table below summarizes the communication costs scheme for distributed sensor networks. In
incurred by the proposed schemes and the scheme in [8]. Proceedings of the 9th ACM conference Computer
and Communications security, pages 41-47,
November 2002.
TABLE 1: DEPICTS STORAGE AND COMMUNICATION REQUIREMENT [7] J.Hwang and Y.Kim. Revisiting random key pre
FOR THE PROPOSED SCHEMES AND THE SCHEME BY SAJID ET.AL.
distribution schemes for WSN. In Proc. of the
2nd ACM workshop on Security of ad hoc and
Storage Communication sensor networks , pp.43-52, 2004.
[8] S.Hussain, F.Kausar, and A.Masood. An Efficient
Key Distribution Scheme for Heterogeneous
CH SN CH SN Sensor Networks. IWCMC'07, 2007.
Sensor Sensor Sensor Sensor [9] D.Liu and P.Ning. Establishing pairwise keys in
Tree h
1 to 1 to distributed sensor networks. In proceedings of the
Based ∑ mi
logm n logm n logm n
10th ACM conference on Computers and
i−0 Communication Security (CCS'03). pp.52-61,
Scheme transmit receive 2003.
CRT 1 1 [10] K.Lu, Y.Qian and J.Hu. A framework for
Based n+1 2 Broadcast receive distributed key management schemes in
Scheme Message Operation heterogeneous wireless sensor networks. In IEEE
Scheme n 2 International Performance Computing and
By Sajid 250(app 5(appx) transmit transmit Communications Conference, pages 513-519,
et.al x) keys keys + + 2006.
[11] R.D.Pietro, L.V.Mancini, and A.Mei. Random
n receive (p+1)
Key assignment to secure wireless sensor
receive networks. In 1st ACM workshop on Security of Ad
Hoc and Sensor Networks, 2003.
VI. CONCLUSION [12] Samuel S. Cryptanalysis of Number Theoretic
Ciphers. CRC Press, 2003.
The paper presents new schemes for key management [13] C.Wong, M.Gouda, and S. Lam, Secure Group
for confidential communication between node and its Communication Using key Graphs. In
cluster head in hierarchical sensor networks. The schemes proceedings of the ACM SIGCOMM'98, Oct.1998.
are analyzed in detail with respect to security and [14] Xinliang Zheng, Chin-Tser Huang and Manton
performance. Performance analysis shows that Tree- Matthews, Chinese Remainder Theorrem Based
Based Scheme exhibits better performance which Group Key Management. ACMSE, 2007.
achieves rekey operation by performing logm n [15] S.Zhu, S.Setia, and S.Jajodia. LEAP : Efficient
communications with some additional storage. In CRT- Security Mechanisms for Large Scale Distributed
Sensor Networks. In Proc. of 10th ACM
Based Scheme key is established in an efficient way for
Conference on Computers and Communication
node addition, node compromise and also at regular Security (CCS'03), 2003.
intervals. The communication cost incurred at each node
for establishing key is one receive operation and
computation cost incurred is one modulus operation and
one EX-OR operation by each node.
REFERENCES
[1] H.Chan and A.Perrig. and D.Song. Random key
pre distribution schemes for sensor networks.
IEEE symposium on Research in Security and
Privacy, pages 197-213, 2003.
[2] Y.Cheng and D.P.Agrawal. Efficient pairwise key
establishment and management in static wireless
sensor networks. In Second IEEE International
Conference on Mobile ad hoc and Sensor Systems,
2005.
[3] W.Du, J.Deng, Y.S.Han, and P.K.Varshney. A
pairwise key pre distribution scheme for wireless
sensor networks. In Proc. of the 10th ACM
conference of Computers and Communication
Security (CCS'03). pp.42-51, 2003.
[4] X.Du, M.GUizani, Y.Xiao, S.Ci, and H.H.Chen,
A Routing-Driven Elliptic Curve Cryptography
based Key Mangement scheme for Heterogeneous
Sensor Networks. IEEE transactions on Wireless
Communications.
[5] X.Du and F.Lin. Maintaining Differential
coverage in heterogeneous sensor network.
EURASIP Journal of Wireless Communications
and Networking, (4):565-572, 2005.
25
© 2010 ACEEE
DOI: 01.ijns.01.01.05](https://image.slidesharecdn.com/05-120925224014-phpapp02/85/Key-Management-Schemes-for-Secure-Communication-in-Heterogeneous-Sensor-Networks-5-320.jpg)
Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks
- 1. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 Key Management Schemes for Secure Communication in Heterogeneous Sensor Networks A.S.Poornima1, B.B.Amberker2 1 Dept. of Computer Science and Engg, Siddaganga Institute of Technology, Tumkur, Karnataka, India. Email: [email protected] 2 Dept. of Computer Science and Engg, National Institute of Technology, Warangal, Andhra Pradesh, India. Email: [email protected] Abstract—Hierarchical Sensor Network organization is readings, perform costly operations and manage the widely used to achieve energy efficiency in Wireless Sensor network. It interfaces the network to outside world. Networks(WSN). To achieve security in hierarchical WSN, Transmission power of BS is usually enough to reach all it is important to be able to encrypt the messages sent nodes. The next level of sensors are called group heads or between sensor nodes and its cluster head. The key management task is challenging due to resource constrained Cluster Heads (we call these nodes as CH-sensors). nature of WSN. In this paper we are proposing two key These nodes have better resources compared to the sensor management schemes for hierarchical networks which nodes which form the lowest level of this model. Cluster handles various events like node addition, node compromise heads are responsible for intermediate data processing, and key refresh at regular intervals. The Tree-Based data aggregation e.g. collect and process the readings of Scheme ensures in-network processing by maintaining some other nodes in the cluster and send a single reading to additional intermediate keys. Whereas the CRT-Based base station. The BS in turn performs computation on Scheme performs the key management with minimum readings from multiple cluster heads. The sensor nodes communication and storage at each node. i.e., nodes with least resources and used for sensing a Index Terms—Hierarchical Sensor Networks, Chinese particular data (called as SN-sensors) form the majority Remainder Theorem, Cluster Key, Cluster head, Sensor of the network. They provide the readings for the Node. parameters being sensed. I. INTRODUCTION Hierarchical Sensor Networks(HSN) are considered in [8,4,10,5]. In the scheme [8] proposed by Sajid et.al. key Wireless Sensor Networks (WSN) are composed of management based on key pre distribution is discussed. small autonomous devices, or sensor nodes, that are Routing driven key management scheme is discussed in networked together. Sensor networks can facilitate large- [4], the scheme is based on Elliptic Curve Cryptography. scale, real-time data processing in complex environments. The scheme [10] focuses on achieving higher key Their applications involve protecting and monitoring connectivity and system performance using the critical military, environmental, safety-critical or combination of nodes with higher capability and nodes domestic infrastructures and resources. Wireless with lower capability in terms of computation, communication employed by the WSN facilitates communication and storage. In [5] algorithms are eavesdropping and packet injection by an adversary. This discussed to improve the degree of sensing coverage factor demand security for sensor network to ensure using heterogeneous sensor networks. operation safety, secrecy of sensitive data and privacy for people in sensor environment. In this paper we are proposing key management schemes for Heterogeneous Sensor Networks. The first The key management schemes discussed in [1,2,3,6,7, scheme is called as tree based scheme which is based on 9,11] consider homogeneous sensor networks, where all the scheme in [13]. The second scheme is based on sensor nodes have identical capabilities in terms of Chinese Remainder theorem which is proposed for wired communication, computation and storage. Large scale networks [14] which is called as CRT-based scheme in homogeneous networks suffer from high costs of this paper. Here, hierarchical architecture of sensor communication, computation and storage requirements. networks is considered, where data is routed from sensor Hence Hierarchical Sensor Networks (HSNs)(also called nodes to the base station through cluster head. Base as Heterogeneous Sensor Networks) are preferred as they station interfaces sensor network to the outside network. provide better performance and security solutions. In Sensor nodes are assumed to be immobile, these nodes WSN's hierarchical clustering provides scalability, self- organize themselves into clusters. The size of the cluster organization and energy efficient data dissemination. In we are assuming here is a small group of sensor nodes. A hierarchical networks, there is a hierarchy of nodes in cluster head is chosen from each cluster to handle the terms of resources and functions. The most powerful communication between the cluster nodes and the base node is the Base Station (BS). BS is a powerful data station. In the key management scheme discussed in [8] processing and storage unit which collects sensor node revocation is not considered in detail. This scheme © 2010 ACEEE 21 DOI: 01.ijns.01.01.05
- 2. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 discusses about the percentage of links that are compromised node does not have access to any key used compromised when a node is compromised, but how to encrypt the future messages. these compromised links are reconfigured and what is the 3. Backward confidentiality : When a new node is effort involved to reconfigure the compromised links in added to the cluster, the scheme should ensure that the not discussed. The proposed schemes present how node does not have access to any key such that it can actually the keys are changed ( rekey operation: is decrypt the previous messages. nothing but changing the keys that are known to compromised node and distributing them securely to C. Threat Model existing nodes) in order to reconfigure the compromised links when a node is compromised. The type of attacker we are considering in this paper are of two types. First type of attacker is an outside attacker The proposed schemes are analyzed in detail by who is able to eavesdrop on the communications. Second considering various performance metrics like storage, type of attacker is inside attacker a compromised node communication and computation. The analysis shows that which is able to get all the secrets. Tree-Based scheme achieves rekey operation by performing logm n communication with additional storage, whereas [8] achieves the same goal using 2n III. DESCRIPTION OF THE TREE - BASED SCHEME communication. The CRT-Based scheme achieves rekey Sensors within a cluster are organized as m-ary [13] operation by performing one modulus and one EX-OR balanced tree with sensor nodes at the leaf as shown in operation and no additional communication cost is Fig.1 where m is the degree of the tree. The tree is incurred. maintained by the cluster head which is CH-node. In Fig.1. s0,s2, …. , s8 represent sensor nodes within a The paper is organized as follows : In Section II we cluster. Nodes within a cluster are again organized into explain notations, security goals and the threat model. smaller groups (called as subgroups) of fixed size based Section III explains in detail the Tree-Based Scheme. In on the m value. This type of grouping reduces rekey Section IV we explain the CRT-Based Scheme. Section V operation when a node is compromised. Every sensor presents the performance analysis of the proposed node shares a key with the cluster head called its private schemes and finally we conclude in Section VI. key used to communicate with the cluster head securely, nodes k0,k1,…., k8 correspond to private keys. The keys II. SYSTEM MODEL k0-2, k3-5, k6-8 represent the keys that are shared by some In this section we discuss about assumptions and subset of sensors (called as intermediate keys). notations, security goals and threat model used in this Intermediate keys are used for intra group communication paper to construct the key management schemes. within a cluster. Key at the root of the tree is the cluster CK A. Notations Following are some of the notations used in this paper : BS → Base Station k0-2 k3-5 k6-8 CH → Cluster Head S → Set of all sensor nodes in a cluster CCHK → Common Cluster Head Key n → Number of nodes in a cluster si → ith Sensor node k0 k1 k2 k3 k4 k5 k6 k7 k8 CK → Cluster Key s0 s1 s2 s3 s4 s5 s6 s7 s8 ki → Private key of the ith sensor node ki-j → Key k shared between the users from I to j Fig.1. s0-s8 are sensor nodes in a cluster and k0 to k8 {x}y → Encryption of x using key y are pre loaded private keys of sensors, k0-2, k3-5, k6-8 K → Set of pairwise relatively prime numbers are auxiliary keys and CK is the cluster key B. Security Goals key (CK). CK is shared by all the nodes in the cluster. The main security goal considered in this paper is Nodes within a cluster can communicate securely using confidentiality : only the authorized nodes should be able CK. Every sensor node will store all the keys along the to read the messages transmitted between the nodes. The path from leaf to root of the tree. All CH-nodes in the confidentiality requirements that we are achieving in the network form another m-ary tree which is maintained by Tree-Based Scheme and CRT- Based Scheme are : base station. We call the key that is shared by all CH- 1. Non-group confidentiality : Nodes that are not in nodes as Common Cluster head Key (CCHK). CH-nodes the cluster should not be able to access any key that can can communicate with each other using the key CCHK. be used to decrypt the message sent to the legitimate nodes. 2. Forward confidentiality : When a node is A. Security analysis of Tree-Based Scheme compromised, the scheme should ensure that the Security analysis is explained in this section by considering the following issues : Key establishment, © 2010 ACEEE 22 DOI: 01.ijns.01.01.05
- 3. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 rekey operation as a result of events like node addition, heads and is distributed securely to nodes in the cluster node compromise and key refresh at regular intervals. by encrypting the CK' using old cluster key CK. Similarly base station will change CCHK to CCHK' and distributes Key establishment : Each sensor is pre loaded with a it to all CH-nodes securely by encrypting CCHK' using private key that it shares with its cluster head before CCHK. deployment. Initially all CH-sensors are pre loaded with all the keys that are assigned to sensor nodes. After IV. DESCRIPTION OF THE CRT-BASED SCHEME deployment all CH-sensors broadcast hello message to SN-sensors. Each SN-sensor selects the nearest CH- In this section we explain the basic Chinese remainder sensor as its cluster head. After receiving reply from SN- theorem, followed by the detailed description of the protocol for key establishment using CRT. sensors each CH-sensor will delete the keys of SN- sensors that are not there in its cluster. Each CH-sensor will now construct a m-ary tree and assigns keys for each A. Chinese Remainder Theorem node in the tree as explained in section III. Now, initially Let the numbers m=m1,m2,…,mt be positive integers CH-sensor will distribute all the keys along the path which are prime in pair, i.e., gcd(mi,mj)=1 for i ≠ j. from leaf to root of respective nodes by encrypting the Furthermore, let b1,b2, …, bt be integers. Then the system keys using private keys of the sensors. Upon receiving of congruences defined below has a simultaneous the set of keys, SN-sensors can communicate with cluster solution X to all of the congruences and any two head as well as other sensors with in the cluster using the solutions are congruent to one another modulo m. cluster key CK. x ≡ b1 (mod m1) Node Revocation / Node compromise : We assume that x ≡ b2 (mod m2) we have intrusion detection mechanism to detect node : compromise. As soon as a node is compromised x ≡ bt (mod mt) corresponding cluster head will change all the keys that The solution for this congruence system is obtained by are known to compromised node (i.e., keys along the path t from compromised node's position to root of the tree). The changed keys are distributed securely to existing solving X= ∑b c . i =1 i i Where ci=Mi(Mi-1 mod mi) and nodes. For e.g. if say node s4 is compromised, keys k3-5 t and CK are changed to k'3-5 and CK'. First, k'3-5 is M= ∏ m i , Mi = M/ mi . Mi-1 is multiplicative inverse of i =1 encrypted using k3 and k5 and CK' is encrypted using k0-2, k'3-5, k6-8. Nodes s3 and s5 can decrypt the new Mi, to find multiplicative inverse Extended Euclid’s intermediate key k'3-5 using the keys k3 and k5. Now, Algorithm is used. nodes s0,s1,s2 can decrypt the new cluster key CK' using the key k0-2, s3 and s5 decrypt using k'3-5 and nodes s6,s7,s8 can decrypt using the key k6-8. If a single node is B. Key Establishment using CRT-based Scheme compromised the number of encryptions required to distribute new set of keys securely is m(h-1) where h is Following steps explain the key establishment process. the height of the tree. Initialization : Every SN-sensor is loaded with private key ki that it shares with the base station. The key ki is Addition of New node : A new node is pre loaded with a chosen from a key pool K of pairwise relatively prime private key that it shares with the cluster head. Base numbers. Initially each CH-sensor is loaded with the station encrypts the private key of the new SN-sensor information of all SN-sensors in the network (i,e,Node ID using the CCHK that is maintained for cluster heads and and its corresponding private key of all the nodes are the same is sent. Upon receiving the message from base stored ). station each CH-sensor will have the information regarding the new node. Each CH-node will now Cluster Formation : After deployment all CH's (i.e., broadcast Hello message to newly added SN-sensor. Now CH-sensors) broadcast Hello message to other sensors in as in initial setup phase SN-sensor will choose nearest the network. Each sensor selects the nearest CH-sensor as CH-sensor as its cluster head. Now the cluster head will its Cluster Head. After receiving reply from SN-sensors find an appropriate position for the new node in the tree each Cluster Head will delete the keys of the SN-sensors and tree is updated (i.e., all the keys along the path that are not there in its cluster. including the cluster key are changed). Cluster head will Building Congruence System : In this step each CH now distribute new set of keys to corresponding nodes as selects initial cluster key CK and constructs congruence well as the new node will receive all the keys along the system using this initial key as follows : path. In order to distribute the changed keys securely cluster head uses private key of the new node and for X ≡ p1 (mod k1) other nodes it uses previous cluster key CK. X ≡p2 (mod k2) : Key Refresh : In order to achieve key freshness it is X ≡ pn (mod kn) required to change the cluster key CK as well as Where p1← CK ⊕ k1, p2← CK ⊕ k2 … pn← CK ⊕ kn Common Cluster Head Key CCHK periodically. The and k1 … kn are private keys assigned to each node cluster key CK is changed to CK' by respective cluster © 2010 ACEEE 23 DOI: 01.ijns.01.01.05
- 4. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 which are chosen from a pool of pairwise relatively prime value each node will compute the required cluster key numbers. CK'. Find Solution :Cluster Head will solve the congruence Key Refresh : In order to achieve key freshness it is system and compute the value of X. required to change the cluster key CK periodically. To change the key at regular interval the Cluster Head will Broadcast X: The X value computed by solving the choose a new CK' and for the selected CK' it builds new congruence system in the previous step is broadcasted congruence system and solve the system to compute new such that other nodes in the network will receive this X value. CH broadcasts the computed X value so that value. other nodes can compute the new CK'. Key computation by other nodes : Each sensor will V. PERFORMANCE ANALYSIS now compute the CK as : CK ←((X mod ki) ⊕ ki). Storage : In the Tree-Based Scheme each SN-sensor is required to store logm n keys (i.e., keys along the path C. Security analysis of CRT-Based Scheme from leaf to root of the tree) where n is the number of In this section we explain in detail the events like node nodes in a cluster and m degree of the tree. Each CH- addition, node compromise and key refresh at regular sensor is required to store h mi keys, where h is the interval. ∑ i−0 Node Revocation / Node compromise: We assume that we have intrusion detection mechanism to detect node height of the tree and m the degree of the tree. In the compromise. As soon as a node is compromised CRT-Based Scheme no additional storage is required by corresponding cluster head will construct new SN-sensors, each SN-sensor will store only its private key congruence system as explained in the Building ki. For the scheme in [8] the storage is : for a key sharing congruence system phase of section IV B. Suppose if the probability of 0.8 SN-sensor stores 5 generation keys and compromised node is sj with private key kj then the new CH-sensor approximately 250 generation keys. congruence system constructed by Cluster Head is Computation :In Tree-Based Scheme, computation costs are measured in terms of number of encryptions. Total X ≡ p1 (mod k1) number of encryptions performed by cluster head (CH- X ≡p2 (mod k2) node) in case of node addition are 2(h-1) where h is the : tree height. For node addition computation with respect to X ≡pj-1 (mod k j-1) SN-sensor not in the path of the joining node is one and X ≡pj+1 (mod k j+1) for the SN-sensor in the path of joining node computation : is equal to (h-1) decryptions. When a single node is X ≡pn (mod kn) compromised, total number of encryptions are m(h-1). In order to compute the new cluster key CK' in CRT- For the above congruence system cluster head will find Based Scheme each SN-sensor in the cluster is required to the solution X and broadcast the X value. Now other perform one modulus operation and one EXOR nodes in the cluster except the compromised node will be operation. CH-sensor is required to solve the congruence able to compute the new cluster key CK' using the X system as a result of events like node addition, node value as explained in above protocol. compromise or to refresh the key at regular interval. The Addition of New node : A new node is pre loaded with a computation cost incurred at cluster head to solve the private key that it shares with the cluster head. Base congruence system is O(t(log m)3) + O(t(log m)2) as per station encrypts the private key of the new SN-sensor the analysis of Chinese Remainder Theorem in [12]. using the CCHK that is maintained for cluster heads and Communication : Communication cost are studied in the same is sent. Upon receiving the message from base terms of number of messages that are exchanged in order station each CH-sensor will have the information to change the required keys. In Tree-Based Scheme for regarding the new node. Each CH-node will now events like node addition and node compromise, the broadcast Hello message to newly added SN-sensor. Now number of messages constructed and communicated vary as in initial setup phase SN-sensor will choose its cluster from one to logm n which is the communication cost head. After the node is admitted to a particular cluster, in incurred at CH-sensor. Similarly each SN-sensor order to compute new key CK' the cluster head will build performs either one or logm n receive operations. For key new congruence system, if the new node added is say sj refresh each CH-sensor performs one transmit operations with private key kj then the congruence system and SN-sensor one receive operation in order to update constructed by cluster head is : the cluster key. X ≡ p1 (mod k1) X ≡p2 (mod k2) In CRT-Based Scheme, when a node is added or : compromised the cluster head constructs new congruence X ≡pj (mod k j) system in order to change the key. The computed X value : is distributed using single broadcast message to other X ≡pn (mod kn) nodes in the cluster. Each SN-sensor performs one The cluster head solve the above congruence system and receive operation to get the value of X, using which they broadcast the computed X value. Upon receiving the X can compute the key CK'. The communication cost incurred in the CRT-Based Scheme is : one transmit operation by CH-sensors(cluster head) and one receive © 2010 ACEEE 24 DOI: 01.ijns.01.01.05
- 5. ACEEE International Journal on Network Security, Vol 1, No. 1, Jan 2010 operation by SN-sensors(other nodes in the cluster). The [6] L.Eschenauer and V.D.Gligor. A key management table below summarizes the communication costs scheme for distributed sensor networks. In incurred by the proposed schemes and the scheme in [8]. Proceedings of the 9th ACM conference Computer and Communications security, pages 41-47, November 2002. TABLE 1: DEPICTS STORAGE AND COMMUNICATION REQUIREMENT [7] J.Hwang and Y.Kim. Revisiting random key pre FOR THE PROPOSED SCHEMES AND THE SCHEME BY SAJID ET.AL. distribution schemes for WSN. In Proc. of the 2nd ACM workshop on Security of ad hoc and Storage Communication sensor networks , pp.43-52, 2004. [8] S.Hussain, F.Kausar, and A.Masood. An Efficient Key Distribution Scheme for Heterogeneous CH SN CH SN Sensor Networks. IWCMC'07, 2007. Sensor Sensor Sensor Sensor [9] D.Liu and P.Ning. Establishing pairwise keys in Tree h 1 to 1 to distributed sensor networks. In proceedings of the Based ∑ mi logm n logm n logm n 10th ACM conference on Computers and i−0 Communication Security (CCS'03). pp.52-61, Scheme transmit receive 2003. CRT 1 1 [10] K.Lu, Y.Qian and J.Hu. A framework for Based n+1 2 Broadcast receive distributed key management schemes in Scheme Message Operation heterogeneous wireless sensor networks. In IEEE Scheme n 2 International Performance Computing and By Sajid 250(app 5(appx) transmit transmit Communications Conference, pages 513-519, et.al x) keys keys + + 2006. [11] R.D.Pietro, L.V.Mancini, and A.Mei. Random n receive (p+1) Key assignment to secure wireless sensor receive networks. In 1st ACM workshop on Security of Ad Hoc and Sensor Networks, 2003. VI. CONCLUSION [12] Samuel S. Cryptanalysis of Number Theoretic Ciphers. CRC Press, 2003. The paper presents new schemes for key management [13] C.Wong, M.Gouda, and S. Lam, Secure Group for confidential communication between node and its Communication Using key Graphs. In cluster head in hierarchical sensor networks. The schemes proceedings of the ACM SIGCOMM'98, Oct.1998. are analyzed in detail with respect to security and [14] Xinliang Zheng, Chin-Tser Huang and Manton performance. Performance analysis shows that Tree- Matthews, Chinese Remainder Theorrem Based Based Scheme exhibits better performance which Group Key Management. ACMSE, 2007. achieves rekey operation by performing logm n [15] S.Zhu, S.Setia, and S.Jajodia. LEAP : Efficient communications with some additional storage. In CRT- Security Mechanisms for Large Scale Distributed Sensor Networks. In Proc. of 10th ACM Based Scheme key is established in an efficient way for Conference on Computers and Communication node addition, node compromise and also at regular Security (CCS'03), 2003. intervals. The communication cost incurred at each node for establishing key is one receive operation and computation cost incurred is one modulus operation and one EX-OR operation by each node. REFERENCES [1] H.Chan and A.Perrig. and D.Song. Random key pre distribution schemes for sensor networks. IEEE symposium on Research in Security and Privacy, pages 197-213, 2003. [2] Y.Cheng and D.P.Agrawal. Efficient pairwise key establishment and management in static wireless sensor networks. In Second IEEE International Conference on Mobile ad hoc and Sensor Systems, 2005. [3] W.Du, J.Deng, Y.S.Han, and P.K.Varshney. A pairwise key pre distribution scheme for wireless sensor networks. In Proc. of the 10th ACM conference of Computers and Communication Security (CCS'03). pp.42-51, 2003. [4] X.Du, M.GUizani, Y.Xiao, S.Ci, and H.H.Chen, A Routing-Driven Elliptic Curve Cryptography based Key Mangement scheme for Heterogeneous Sensor Networks. IEEE transactions on Wireless Communications. [5] X.Du and F.Lin. Maintaining Differential coverage in heterogeneous sensor network. EURASIP Journal of Wireless Communications and Networking, (4):565-572, 2005. 25 © 2010 ACEEE DOI: 01.ijns.01.01.05