08-06-2013, 03:59 PM
SKEW: An Efficient Self Key Establishment Protocol for Wireless Sensor Networks
SKEW.rtf (Size: 1.36 MB / Downloads: 15)
ABSTRACT
Since wireless sensor networks continue to grow in usage and many sensor-based systems reside in adversarial environments, security consideration is really vital for these systems. But one of the main challenges for the efficient distribution of security keys in wireless sensor networks is the resource scarcity. This paper presents an efficient Self Key Establishment protocol for Wireless sensor networks, nicknamed SKEW, in support of in-network processing. We show that SKEW manages keys with less storage, communication, key transmission frequency, and computational overheads in comparison with similar protocols for the same purpose. All of these benefits are attained by usage of a very few number of messages for key distribution. Since SKEW preserves the network security even before start up time, it can well serve as a base security protocol for all types of security protocols in wireless sensor networks. In this protocol, none of the sensors in the network can send any packets without encryption. It also uses a key refreshing mechanism that prolongs the network security. Smart dust networks and pervasive computing environments can particularly benefit from the proposed protocol.
INTRODUCTION
Wireless Sensor Networks (WSNs) are quickly gaining popularity due to the fact that they are potentially low cost solutions to a variety of real-world challenges [1].
WSNs architectures can generally be organized in two ways: distributed and hierarchal as shown in Figure 1 [11]. A hierarchical WSN has a network hierarchy among the sensor nodes based on their properties such as power and memory.
RELATED WORK
The key management protocols for WSNs most relevant to SKEW are SPINS, SNAKE, BROSK and LEAP protocols.
SPINS
SPINS (Security Protocols for Sensor Networks) is a security protocol that includes two protocols, SNEP, μ-TESLA [3]. SNEP provides data confidentiality, two-party data authentication and data freshness, and μ-TESLA provides authenticated broadcast for severely resource-constrained environments.
In this protocol, the base station (Key Server) assigns a unique key to each session for communication between any pair of nodes.
All cryptographic primitives, i.e. encryption, message authentication code (MAC), hash, and random number generator, are constructed out of a single block cipher for code reuse. This, along with the symmetric cryptographic primitives used reduces the overhead on the resource constrained sensor network.
In a broadcast medium such as a sensor network, data authentication through a symmetric mechanism cannot be applied as all the receivers know the key. μ-TESLA constructs authenticated broadcast from symmetric primitives, but introduces asymmetry with delayed key disclosure and one-way function key chains [6].
BROSK
BROSK is another key management protocol that stands for BROadcast Session Key Negotiation Protocol. In this protocol each node can negotiate a session key with its neighbors by message broadcasting. BROSK can be deployed in a large-scale sensor networks and Ad Hoc networks. In this protocol each sensor node, such as A, broadcasts IDA| NA |MACK (ID A|N A) message to all its neighbors as shown in Figure 3 [6]. Every receiving node responds by broadcasting a reply message; e.g. node B broadcasts the IDB| NB|MACK (IDB|NB) message. A shared session key can then be generated accordingly; for example.
SKEW APPROACH
We describe our approach in two cases: hierarchical WSNs and distributed WSNs. In the first case, our network is a hierarchical WSN and each sensor node has: A unique ID, A pseudo-random function [10] (F) for generating the next key in sequence, A unique cluster number for each cluster member, and A group key as shared key between all nodes.
We divide node memory to three logical parts: 1) RAM memory section, 2) executive code memory section, and 3) non volatile memory section. Some of these logical memory sections can be in one physical hardware unit.
An attacker can steal information which is in executive code and non volatile memory sections but it cannot steal information that is in RAM. If an attacker desires to access RAM information, the node detects this situation
PERFORMANCE EVALUATION DISCUSSION
In this paper we select BROSK and LEAP protocols as benchmark for evaluation. As related work section discussions, we found the BROSK protocol has a distributed structure so all nodes distribute randomly on the environment, However in LEAP protocol all nodes distribute on a hierarchically structure.
The following metrics are often used for the performance evaluating of key management scheme [20]: Connectivity (local/global): local connectivity is the probability of at least one key sharing between two neighbor nodes. The global connectivity is ratio of the numbers of nodes that can earn the new key with communicating to the network size.
Resilience to sensor nodes capture: resilience is the fraction of total keys information exposed to adversary. Scalability: the possibility that new nodes might be added later. Memory efficiency: the amount of memory that used for key storage.
As all nodes in the proposed protocol shared the group key as global key so local connectivity is accepted. For global connectivity proving, we implement our proposed protocol in both distributed and hierarchical cases with VisualSense simulator [29] as shown in figure 9. In first experiment we distributed 16 sensor nodes with 100 meter radio range on 500x500 meter dimensions in 60 second. So key server sensor nodes generate new version key and distributes on the network, each sensor node which received the message, refresh its key version.
CONCLUSION AND FUTURE WORK
SKEW is a lightweight protocol for key management in WSNs. It tries to manage keys with minimum communication, key transmission and storage usage. It is a base key management protocol that preserves network security before start up. Other protocols can be mounted on top of this protocol. This protocol uses a refreshing mechanism to provide higher security. It does not require a specific key server for key broadcasting, and each node in each session can generate a key, and other nodes that