Professional Documents
Culture Documents
Abstract—Mobile sinks (MSs) are vital in many wireless sensor network (WSN) applications for efficient data accumulation, localized
sensor reprogramming, and for distinguishing and revoking compromised sensors. However, in sensor networks that make use of the
existing key predistribution schemes for pairwise key establishment and authentication between sensor nodes and mobile sinks, the
employment of mobile sinks for data collection elevates a new security challenge: in the basic probabilistic and q-composite key
predistribution schemes, an attacker can easily obtain a large number of keys by capturing a small fraction of nodes, and hence, can
gain control of the network by deploying a replicated mobile sink preloaded with some compromised keys. This article describes a
three-tier general framework that permits the use of any pairwise key predistribution scheme as its basic component. The new
framework requires two separate key pools, one for the mobile sink to access the network, and one for pairwise key establishment
between the sensors. To further reduce the damages caused by stationary access node replication attacks, we have strengthened the
authentication mechanism between the sensor and the stationary access node in the proposed framework. Through detailed analysis,
we show that our security framework has a higher network resilience to a mobile sink replication attack as compared to the polynomial
pool-based scheme.
1 INTRODUCTION
0.8 Pm = 0.2
0.8
Pm = 0.3
0.6
Pm = 0.5
0.6
P
d P
d
0.4
0.4 P = 0.1
m
P = 0.2
m
0.2
0.2 P = 0.3
m
P = 0.5
0 m
0 10 20 30 40 50 60 0
d 0 10 20 30 40 50 60
d
(a) (b)
Fig. 7. The probability Pd of a mobile sink establishing a pairwise key with a sensor node versus the number of sensor neighbors d.
probability that a captured node is a stationary access node by a replicated stationary access node to enable insecure
1
and it hold w is jMj mn . Therefore, the probability that this access to the network. When successful access to the
polynomial being chosen exactly by x stationary access nodes network has been obtained through the compromised static
among Rc captured nodes is polynomial, the replicated stationary access node transmits
recorded mobile sink data request messages. Next, the
Rc 1 m x 1 m Rc x sensor nodes that have the compromised polynomial in
P ðxÞ ¼ 1 : ð6Þ
x jMj n jMj n their rings will insecurely authenticate and establish a
pairwise key with the replcated node and thus deliver their
Thus, the probability that any polynomial from P
the mobile data to the replicated node.
pool being recovered by an attacker is Pr ¼ 1 tx¼0
m
P ðxÞ. In this section, we remedy the security performance of
Fig. 8 shows the probability Pr when two separate the proposed scheme in the case of a stationary access node
polynomial pools are used and compares it with the case replication attack. We use a one-way hash chain [20] algorithm
of a single polynomial pool approach. The figure clearly in conjunction with the polynomial pool scheme. In
shows that an attacker must capture many more sensors in addition to the static polynomial, a pool of randomly
this scheme than in the single polynomial pool approach. generated passwords is used to enhance the authentication
between sensor nodes and stationary access nodes.
4 THE ENHANCED THREE-TIER SECURITY SCHEME In the enhanced security scheme, each sensor node, such as
u, is preloaded with a subset of Ks polynomials randomly
As described in the previous section, the three-tier security
chosen from the static pool jSj. In addition to the Ks preloaded
scheme provides better network resilience against mobile
static polynomials, node u randomly picks a subset of Gs
sink replication attack compared to the single polynomial
passwords from the password pool jW j. Subsequently, for
pool approach. This scheme delivers the same security
performance as the single polynomial pool approach when each of the Gs password P wi that has been randomly chosen
the network is under a stationary access node replication by node u, its rth hash value, H r ðP wi Þ, is loaded into node u.
attack. In both schemes, for any sensor node u that needs to Each password is blinded with the use of a collision-resistant
authenticate and establish a pairwise key with a stationary hash function such as MD5 [22]. Due to the collision-resistant
access node A, the two nodes must share at least a common property, it is computationally infeasible for an attacker to
polynomial in their polynomial rings. To perform a find a value P wx , such that HðP wy Þ ¼ HðP wx Þ; P wx 6¼ P wy .
stationary access node replication attack on a network, the For stationary access nodes, each node is preloaded with Ks 1
adversary needs to compromise at least a single polynomial static polynomials and Ga hash values (H r1 ðP wi ÞÞ for the
from the static pool. This can be obtained easily by randomly chosen passwords from the pool jW j.
capturing arbitrary sensor nodes in the network. Then, the To establish an authentication between a sensor node
adversary can make use of this compromised polynomial and a stationary access node in the enhanced scheme, the two
1.1 1.1
1 1
0.9 RS(|M| =7, t =100) 0.9 RS(|M| =11, t =100)
0.8 PS(|M| =7, tm =100, m/n =0.08) PS(|M| =11, tm =100, m/n =0.08)
0.8
0.7 PS(|M| =7, tm =100, m/n =0.1) PS(|M| =11, t =100, m/n =0.1)
m
0.7
PS(|M| =7, tm =100, m/n =0.15) PS(|M| = 11, tm =100, m/n =0.15)
Pr 0.6 Pr 0.6 PS(|M| = 11, tm =100, m/n =0.2)
PS(|M| =7, tm =100, m/n =0.2)
0.5 0.5
0.4 0.4
0.3 0.3
0.2 0.2
0.1 0.1
0 0
0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
# of compromised sensor nodes # of compromised sensor nodes x 10
4
(a) (b)
Fig. 8. The probability Pr that any polynomial from the mobile polynomial pool is being recovered. PS and RS refer to the proposed scheme and the
single polynomial approach, respectively.
Fig. 9. The probability Pconn for various node density versus the ratio of stationary access nodes and the probability p that a sensor and a stationary
access node share at least a common chosen password. (a) c ¼ 10; n ¼ 1;000. (b) c ¼ 20; n ¼ 1;000. (c) c ¼ 120; n ¼ 1;000.
must share a common static polynomial. Also, they need to , and a node density c, the probability of connectivity
discover at least a single access node verification of increases as p increases.
HðH r1 ðP wi ÞÞ ¼ H r ðP wi Þ for which both the sensor node We also estimated the probability Pg of the mobile sink
and the stationary access node have the same password P wi , being connected directly or indirectly to a sensor node via
randomly chosen from the pool jW j. In the access node a stationary access node that shared with the sensor node, at
verification, to verify the authenticity of a stationary access least one common static polynomial and a common
node, the sensor node performs a single hash operation on chosen password P wi , for which the node was able to
the hash value that is sent from the stationary access node. verify the access node by HðH r1 ðP wi ÞÞ ¼ H r ðP wi Þ. To
drive the probability Pg , we used a similar analysis as that
4.1 Security Analysis used for the estimation of probability Pd , except that no
Similar to the security analysis presented in Section 3.1, sensor neighbor could act as an intermediate node; thus,
we evaluate the connectivity of the enhanced three-tier Pg could be estimated by
security scheme. We estimated the Pconn , verified by
Pg ¼ 1 ð1 pPsa Pm Þg ð1 pPm Pa Psa Þgðg1Þ : ð9Þ
HðH r1 ðP wi ÞÞ ¼ H r ðP wi Þ, where H r1 ðP wi Þ and H r ðP wi Þ
are the preloaded hash values of P wi in each of stationary Fig. 10 shows probability Pg under the given probabil-
access nodes and the sensor nodes, respectively. Thus, ities of Psa ; Pa ; Pm , and p versus the average number of
c m stationary access nodes g in a sensor neighborhood.
Pconn ¼ 1 1 p ; ð7Þ
n 4.2 Threat Analysis
where p is the probability that a stationary access node and a In the stationary access node replication attack, the adversary
sensor node share at least a common chosen password for needs to capture at least one polynomial from the static pool
access node verification and at least one hash value H r1 () of a chosen password. To
analyze the security performance of the enhanced three-tier
jW j Gs þ Ga scheme, we estimated probability Php of a noncompromised
Gs þ Ga Gs sensor node being under a stationary access node replication
p¼1 : ð8Þ
jW j jW j attack, when x number of nodes were being captured. To
calculate the probability Php for a noncompromised sensor
Gs Ga
node that had a hash value H r ðP wi Þ in its hash value ring
For different node densities c ¼ 10, c ¼ 20, c ¼ 60, and and static polynomial y in its static polynomial ring, we
c ¼ 120, Fig. 9 shows the probability Pconn versus the ratio of were required to obtain the probabilities of both H r1 ðP wi Þ
stationary access nodes and the probability p. All figures and polynomial y, as they were being compromised when
clearly indicate that for a given stationary access node ratio of the x nodes were captured.
Fig. 10. Probability Pg versus probability Pm and the average number of stationary access nodes g in sensor neighborhood.
Fig. 11. The probability Ph of hash value being compromised versus the number of compromised nodes under different stationary access
node ratio m
n.
The probability Ph that a given hash value is not chosen the probability of this polynomial being chosen exactly j
by a noncompromised stationary access node is 1 Ga m
jwj n . If times among x nodes is
there are x compromised nodes, the probability that a given j
hash value H r1 ðP wi Þ is not captured is ð1 Ga m x x Ks Ks xj
jwj n Þ . As in, P ðjÞ ¼ 1 : ð11Þ
the probability of the hash value being captured is, thus, j jSj jSj
Thus, the probability of polynomial y being compromised is
Ga m x
Ph ¼ 1 1 : ð10Þ
jW j n X
j¼t
Fig. 12. The probability Php of a noncompromised sensor node under a stationary access node replication attack.
attack. The figure clearly indicates that for low fraction of [11] W. Zhang, G. Cao, and T. La Porta, “Data Dissemination with
Ring-Based Index for Wireless Sensor Networks,” Proc. IEEE Int’l
stationary access node ðm m
n ¼ 0:01; n ¼ 0:02Þ, the enhanced Conf. Network Protocols (ICNP), pp. 305-314, Nov. 2003.
three-tier security scheme has a better security performance [12] L. Eschenauer and V.D. Gligor, “A Key-Management Scheme for
in terms of network resilience to stationary access node Distributed Sensor Networks,” Proc. ACM Conf. Computer Comm.
replication attack than the previously proposed scheme. For Security (CCS ’02), pp. 41-47, 2002.
[13] H. Chan, A. Perrig, and D. Song, “Random Key Pre-Distribution
access node ratios greater than 2 percent, both versions of the Schemes for Sensor Networks,” Proc. IEEE Symp. Research in
three-tier security scheme have a similar network resiliency Security and Privacy, 2003.
against access node replication attacks. [14] D. Liu, P. Ning, and R.Li. Establishing, “Pairwise Keys in
Distributed Sensor Networks,” Proc. 10th ACM Conf. Computers
and Comm. Security (CCS ’03), pp. 52-61, Oct. 2003.
[15] H. Chan, A. Perrig, and D. Song, “Key Distribution Techniques for
5 CONCLUSION Sensor Networks,” Wireless Sensor Networks, pp. 277-303, Kluwer
In this paper, we proposed a general three-tier security Academic, 2004.
[16] D. Liu and P. Ning, “Location-Based Pairwise Key Establishments
framework for authentication and pairwise key establish- for Static Sensor Networks,” Proc. First ACM Workshop Security Ad
ment between mobile sinks and sensor nodes. The proposed Hoc and Sensor Networks, 2003.
scheme, based on the polynomial pool-based key predis- [17] S. Zhu, S. Setia, and S. Jajodia, “LEAP: Efficient Security
tribution scheme substantially improved network resilience Mechanisms for Large-Scale Distributed Sensor Networks,” Proc.
10th ACM Conf. Computers and Comm. Security (CCS ’03), pp. 62-72,
to mobile sink replication attacks compared to the single Oct. 2003.
polynomial pool-based key predistribution approach [14]. [18] A. Rasheed and R. Mahapatra, “An Efficient Key Distribution
Using two separate key pools and having few stationary Scheme for Establishing Pairwise Keys with a Mobile Sink in
Distributed Sensor Networks,” Proc. IEEE 27th Int’l Performance
access nodes carrying polynomials from the mobile pool in Computing and Comm. Conf. (IPCCC ’08), pp. 264-270, Dec. 2008.
the network may hinder an attacker from gathering sensor [19] A. Rasheed and R. Mahapatra, “A Key Pre-Distribution Scheme
data, by deploying a replicated mobile sink. Analysis for Heterogeneous Sensor Networks,” Proc. Int’l Conf. Wireless
indicates that with 10 percent of the sensor nodes in the Comm. and Mobile Computing Conf. (IWCMC ’09), pp. 263-268,
June 2009.
network carrying a polynomial from the mobile pool, for [20] L. Lamport, “Password Authentication with Insecure Commu-
any mobile polynomial to be recovered, the attacker would nication,” Comm. ACM, vol, 24, no. 11, pp. 770-772, Nov. 1981.
have to capture 20.8 times more nodes as compared to the [21] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and
M. Yung, “Perfectly-Secure Key Distribution for Dynamic Con-
single polynomial pool approach. We have further im- ferences,” Proc. 12th Ann. Int’l Cryptology Conf. Advances in
proved the security performance of the proposed scheme Cryptology (CRYPTO ’92), pp. 471-486, 1993.
against stationary access node replication attack by strengthen- [22] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1321,
ing the authentication mechanism between stationary access Apr. 1992.
nodes and sensor nodes. We used the one-way hash chains Amar Rasheed received the MS degree in
algorithm [20] in conjunction with the static polynomial computer science from Northeastern Illinois
pool-based scheme [14]. University, Chicago, in 2005. Currently, he is
working toward the PhD degree in computer
science and engineering at Texas A&M Uni-
REFERENCES versity, College Station. His research interests
include wireless sensor networks, cryptographic
[1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, algorithms for sensor networks, security
“Wireless Sensor Networks: A Survey,” Computer Networks, schemes in mobile sensor networks, and key
vol. 38, no. 4, pp. 393-422, 2002. predistribution schemes. He is a student mem-
[2] T. Gao, D. Greenspan, M. Welesh, R.R. Juang, and A. Alm, “Vital ber of the IEEE.
Signs Monitoring and Patient Tracking over a Wireless Network,”
Proc. IEEE 27th Ann. Int’l Conf. Eng. Medicine and Biology Soc.
(EMBS), Sept. 2005.
[3] L. Hu and D. Evans, “Using Directional Antenna to Prevent
Wormhole Attacks,” Proc. Network and Distributed System Security
Symp., 2004.
[4] J.R. Douceur, “The Sybil Attack,” Proc. First Int’l Workshop Peer-to-
Peer Systems (IPTPS ’02), Mar. 2002.
2001. His current research interests include
[5] B.J. Culpepper and H.C. Tseng, “Sinkhole Intrusion Indicators in
embedded systems, low-power design, secure
DSR MANETs,” Proc. First Int’l Conf. Broadband Networks (Broad-
sensor networks, semantic routing, system-on-
Nets ’04), pp. 681-688, Oct. 2004.
chip (SoC), and (VLSI). He is the author/
[6] H. Deng, W. Li, and D.P. Agrawal, “Routing Security in Wireless
coauthor of more than 100 research papers in
Ad Hoc Networks,” Proc. IEEE Comm. Magazine, pp. 70-75, 2002.
referred international journals/conferences. His research has been
[7] C. Intanagonwiwat, R. Govindan, and D. Estrin, “Directed
funded by the US National Science and Foundation (NSF), DoT,
Diffusion: A Scalable and Robust Communication Paradigm for
National Aeronautics and Space Administration (NASA). He is a senior
Sensor Networks,” Proc. MobiCom, pp. 56-67, 2000.
member of the IEEE.
[8] A. Kansal, A. Somasundara, D. Jea, M. Srivastava, and D. Estrin,
“Intelligent Fluid Infrastructure for Embedded Networks,” Proc.
Second ACM Int’l Conf. Mobile Systems, Applications, and Services
(MobiSys ’04), June 2004. .
[9] Y. Tirta, Z. Li, Y. Lu, and S. Bagchi, “Efficient Collection of
Sensor Data in Remote Fields Using Mobile Collectors,” Proc.
13th Int’l Conf. Computer Comm. and Networks (ICCCN ’04), Oct.
2004.
[10] A. Rasheed and R. Mahapatra, “An Energy-Efficient Hybrid Data
Collection Scheme in Wireless Sensor Networks,” Proc. Third Int’l
Conf. Intelligent Sensors, Sensor Networks and Information Processing,
2007.