Key Management Technique For Heterogeneous Computer Science Essay

Published Date: 02 Nov 2017

wireless sensor networks

Abstract—Advancement in wireless networking and embedded

systems technology has given rise to Wireless sensor networks

(WSN). Wireless sensor network promises ubiquitous data collection

and processing for variety of commercial and military

applications. Recently proposed Internet of things concept [1]

utilises wireless sensor network as medium connecting physical

world to virtual world. Practical realization of these applications

is possible only after assuring network security. Cryptographic

key distribution is crucial stage in implementing network security.

For wireless sensor networks, because of its resource constrained

nature, it is important to design key management protocol

with minimum resource overhead. At the same time, to satisfy

increasing security demands resource consuming asymmetric

key primitives are need to be implemented. As a solution to

this problem, hybrid key management technique is proposed

in this paper. Both symmetric and asymmetric key distribution

techniques are compared with the proposed scheme and detailed

security analysis is presented.

I. INTRODUCTION

Tracking and monitoring events in remote locations is always

a challenging task in military, commercial and healthcare

applications. Wireless sensor networks, characterized with self

sustainable networking protocols, solve this problem by continuously

sensing the physical parameters from surroundings.

Tiny sensor nodes are randomly deployed on the field to

collect the data and it is monitored by Base Station(BS). Base

station, is computationally powerful device which monitors

and controls flow of data in the network. Furthermore, Base

station can be connected to Internet to forward the collected

data to remote users. In security point of view, sensor nodes are

openly distributed on the field and vulnerable to node capture

attack. Base station, on the other hand, is mounted in secure

place and connected to remote users through secure channel.

Considering this scenario, security protocols for connecting

sensor nodes to base station should be designed to assure

reliability of data, from the point where it is gathered. Since,

sensor nodes lack in computational and energy resources

security protocol overhead should be kept as minimum as

possible.

Network security relies on symmetric cryptography,

message authentication code and public key cryptography

to provide confidentiality, integrity and authentication.

Symmetric cryptography uses same key to encrypt and

decrypt data. Encryption assures confidentiality of data

when it is transmitted through the link. To check the

integrity of received data Message authentication codes

are used. But before encrypting the data with symmetric

cipher, parties involved in communication should agree

on secret key. For this, key exchange mechanism based

on asymmetric cryptographic primitives can be used. In

CH 1

CH 2

CH 3

Sensor nodes Base Station

Internet

Remote User

Remote User

Sensor nodes: Prone to Node capture attack

Low security cryptographic algorithms

Mounted in secure place User Authentication

Fig. 1. Wireless sensor network

asymmetric cryptography, keys used for encryption and

decryption are different. Server encrypts the secret key used

in symmetric cipher with its private key and related public

key is distributed to all the clients. The public key can be used

to decrypt the symmetric key and subsequently the symmetric

key is used for further communication. The technique used

for distributing these cryptographic keys in the network is

termed as key management scheme.

Cryptographic key management is fundamental part of

network security. For wireless sensor network, because of their

resource constrained nature, symmetric key pre-distribution

techniques were considered more suitable. With the advent of

Elliptic curve cryptography many researchers explored the use

of asymmetric key. Taking further the work on elliptic curve

key exchange mechanism, Identity based key management

makes use of bilinear pairing on elliptic curves. Even though

identity based key management technique provides features

like self authentication, on line key calculation, key update

mechanisms and scalability, bilinear pairing function used

in its key calculation intensively consumes computational

resources. Hence, to provide solution to this problem hybrid

key management technique is proposed in this paper. In the

proposed scheme, identity based key management technique

is applied to establish secure connection between the node in

higher level of hierarchy i.e. cluster heads and base station. To

secure the nodes in the lower level of hierarchy i.e. sensor node

inside the cluster, pairwise probabilistic key pre-distribution

scheme is used. Section 2, reviews the recent literature related

to key management in wireless sensor networks. Section 3

provides mathematical background for proposed scheme and

section 4 discusses the proposed scheme in detail. Analysis of

the scheme is presented in section 5. Section 6 concludes the

paper and gives direction for future work.

2

II. LITERATURE REVIEW

Security of wireless sensor networks is becoming critical

issue because of their new role in Internet of things [2]. To

assure secure connectivity inside wireless sensor networks key

management techniques plays important role. The Simplest

way to establish key in WSN is to use single master key

for the complete network. It provides full connectivity and

scalability, but single node compromise can expose the whole

network. To circumvent this problem pairwise keys can be

pre-distributed in each node so that capturing the node will

affect only single node keeping all other connections secure.

But for WSN consisting N nodes each node has to store

(N-1) pairwise keys to achieve full connectivity. Apart from

stringent memory requirement this technique limits scalability

of the network.

To provide trade-off between connectivity and resilience

against node capture attack, Eschenauer and Gligor[3] first

proposed probabilistic key pre-distribution scheme. In this

scheme, prior to deployment subset of keys from large key

pool is stored into each node. Each key is tagged with

unique identifier. Nodes broadcast key identifiers to their

neighbours and pairwise key with the nodes having at least

one common key. Nodes that are unable to establish direct

pairwise key enters into secure path discovery phase. Node

capture attack affects non-captured nodes as captured node

contains common keys with given probability.

Improvement to the scheme is Q-composite random key

distribution[4] which requires nodes to contain at least Q

common keys to establish pairwise key. This technique reduces

the probability of compromising secured link between non

captured nodes by the factor Q. Another improved random

key pre-distribution uses hash function H[5]. For node i key

from key pool is hashed (i−1) times. For establishing pairwise

key between nodes A and B having keys KA = Hia (Ki) and

KB = Hib (Ki) respectively shares ia and ib value. If ia < ib

node B can easily calculate symmetric key as

KAB = Hia−ib (KB) (1)

Polynomial based pair wise key distribution scheme[6] provides

more resilience against node capture attack with less

memory requirement. Polynomial p (x, y) of degree t and having

coefficients over GF (q) is used to establish keys between

the nodes. The polynomial has the property p (x, y) = p (y, x)

p (x, y) =

t

X

0≤i,j≤t

aijxiyj (2)

where, aij are the elements of symmetric matrix A of order

t× t. Node with identity i stores p (i, y) and to establish pair

wise key with the node having identity j calculates stored

polynomial over point j, ki,j . Similarly node j computes pair

wise key p (j, y) over point i, kj,i. Because of symmetry

property of A, ki,j = kj,i. Matrix A is the secret information

in the network and (t + 1) /2 nodes has to compromised to

calculate A.

Improvement in key pre-distribution scheme can be

obtained by combination of probabilistic key pre-distribution,

Q-composite key generation and Polynomial pool based key

pre-distribution scheme[7]. Proposed schemes have threshold

property which means that network security is maintained

if number of nodes captured is less than some threshold.

Comparing communication overhead, memory requirement,

connectivity and security aspects improvement achieved by

combination of different schemes is highlighted. Most of the

key pre-distribution techniques provide hop to hop secure

links, but for better security end to end secure links between

sensor and sink is required [8]. Well known data centric

and location centric routing techniques are extended and

applying differentiated key pre-distribution end to end secure

communication is achieved.

Key pre-distribution schemes are based on security vs

connectivity trade-off. Hence to achieve both security

and connectivity with minimum resource overhead many

researchers have focussed on asymmetric key establishment

techniques suitable for Wireless sensor networks. Public key

infrastructures(PKI)[9] used in computer networks requires

Certification authority(CA) to bind the public key of user

to its identity. Mechanism to handle large certificates and

computationally intensive Digital Signature algorithms are

too complex to implement on resource constrained WSN.

Shamir[10] first introduced Identity based encryption

scheme which uses unique ID of the device as its public

key. For computer networks, this ID can be email address or

IP address. In the context of WSN, ID can be assigned by

network deploying party to ensure its uniqueness. Identity

based key management scheme does not require CA but

another entity termed as Private key generator (PKG) is

used to generate private keys from node’s ID. Research

on ID based key techniques for WSN focus on Pairing

based cryptography (PBC) to establish pairwise key between

the sensor nodes. ID-based key management scheme is

implemented in MANET with key refreshment technique[11].

Apart from Setup, Extract, Encrypt and Decrypt phases

in IBE, Refresh phase is added to update private keys

after certain amount of time. This achieves Forward secrecy

and dynamic key management. Taking this work further,

Refresh, Recover and Revocation phases are added in

ID-based key management technique for WSN[12]. In their

scheme more than one base stations are used to generate

private key. In effect, this scheme achieves forward secrecy,

backward secrecy, intrusion detection and resilience against

base station capture attack. To achieve dynamic network

topology cluster formation and group key management

techniques are used along with key update and Revocation

mechanism[13].

Sensor nodes are energy constrained devices. Requirement

of pairing algorithm when implemented on ARM processor

is studied[14] using Pairing functions from MIRACL[15]

library. Pairing is considered as the most power consuming

operation. Results shows that 0.444J power is consumed by

3

pairing algorithm. Energy consumption and execution time of

point operations over super singular elliptic curve is also presented.

TinyPBC[16] is Pairing algorithm for ID-based Non-

Interactive Key distribution in sensor networks. It demonstrates

how sensor nodes can exchange keys in authenticated and

non-interactive way. Paper shows that MICA2 sensor nodes

with ATmega128L micro-controller (8 − bit/7.3828MHz)

computes pairings in 5.5s time. K. McCusker [17] presented

symmetric key distribution scheme based on Identity based

cryptography (IBC). The idea is to use asymmetric key

algorithm (IBC) for authenticated key agreement and then

encryption can be performed using symmetric keys generated.

An accelerator hardware for Tate pairing achieves running time

of 1.75ms and energy consumption of 0.08mJ. These are the

best result in the field of ID-based key management scheme for

WSN. Balance between resilience and resource consumption

between nodes can be achieved by applying both symmetric

and asymmetric key distribution techniques in hierarchical

wireless sensor network [18].

III. MATHEMATICAL FRAMEWORK

Identity based key management technique is based on

bilinear pairing over elliptic curves. Following discussion gives

the mathematical background of elliptic curve cryptography

and pairing algorithms required for key calculation.

A. Elliptic curve cryptography

Elliptic curve (E) is given by the simplified Weistrass

equation [19],

y2 = x3 + ax + b (3)

where a and b are curve parameters. Mathematical operations

over elliptic curve involves point addition, point doubling and

scalar point multiplication. Scalar point multiplication is the

most time consuming operation and many computationally

efficient methods like computationally efficient methods like

NAF(Non-Adjacent Form), windowed NAF, Montgomery and

comb methods[20] are proposed to minimize the overhead.

Point addition: Let P and Q be the points on elliptic curve

Fig. 2. Point addition over elliptic curve (E : y2 = x3

− 3x + 1)

such that P : (x1, y1) ∈ E, Q : (x2, y2) ∈ E and P 6= }Q,

then R = P + Q : (x3, y3) is given by,

x3 = (

y − y1

x2 − x1

)2 − x1 − x2

y3 = (

y2 − y1

x2 − x1

) − (x1 − x3) − y1 (4)

Point doubling: Let the point P : (x1, y1) ∈ E where P 6=

−P then 2P : (x3, y3) is given by,

x2 = (

3x2

1 + a

2y1

) − 2x1

y2 = (

3x2

1 + a

2y1

)(x1 − x3) − y1 (5)

Scalar Point multiplication: Point P ∈ E can be multiplied

with scalar k ∈ GF(q) using iterative doubling and addition

operations to get another point on elliptic curve Q = k.P .

Binary method is applied for scalar multiplication in which k

is converted to binary string and addition or doubling operation

is performed according bit value(0/1). If k = 38, then

Q = k.P = 2(2(2(2(2P) + P) + P) + P) (6)

B. Bilinear pairing

Bilinear pairing can be defined as a mapping function,

e : G1 × G2 → GT (7)

The Bilinearity function satisfies following properties

∀P, P′ ∈ G1 and ∀Q,Q′ ∈ G2

e(P + P′,Q) = e(P,Q)e(P′,Q)

e(P,Q + Q′) = e(P,Q)e(Q,Q′)

Weil pairing and tate pairing are popular bilinear pairing

functions defined over elliptic curves. Weil pairing is simple

to implement but consumes more time than Tate pairing.

Calculation and implementation of tate pairing is carried by

Miller algorithm over prime field and by _T pairing over

binary field. For hardware implementation binary field is more

suitable and hence _T algorithm is preferred. _T algorithm[21]

over super singular curve E (GF(2m)) : y2 + y = x3 +x +b

is given in 1.

Algorithm 1 _T Algorithm

Input:P,Q

Output:e (P,Q)

Let P = (xP , yP ) and Q = (xQ, yQ)

f ← 1

for i← 1 to m do

u ← x2

p

g ← (u + 1) . (xP + xQ) + u + yP + yQ +

(u + xQ + 1) s + t

f ← f.g

xP ← u, yP ← y2

P , xQ ← √xQ, yQ ← √yQ

end for

return fq2−1

4

IV. HIERARCHICAL KEY MANAGEMENT SCHEME

In proposed key management technique, symmetric and

asymmetric key primitives are used at different level of hierarchy

of sensor nodes. Heterogeneous wireless sensor network

is considered in which cluster head aggregate the data from

sensor nodes inside the cluster and communicate it with base

station and other cluster heads as per queries received. Since

data exchanged between cluster heads and base station is

more vital than intra-cluster data exchange, identity based

key management technique is applied at cluster head level.

Identity based key management technique consumes more

computational resources but it assures full connectivity and

resilience against node capture attack. For sensor nodes inside

the cluster pairwise keys are calculated using probabilistic key

distribution scheme. This reduces computational burden on

sensor nodes at lower level of hierarchy. Symmetric encryption

algorithm AES − 128 is used for encryption and decryption

after pairwise keys are established.

A. Setup phase

For Identity based and probabilistic shared key calculation

by sensor nodes after deployment, relevant mathematical functions

and key rings should be installed in the nodes prior to

deployment. Setup phase of key management technique loads

following parameters:

• IDi ← Unique identity number of sensor node i.

• IDlist ← List of identities loaded in each node

• s ← Randomly generated master secret key loaded in BS

• E ← Elliptic curve parameters

• e ← Bilinear pairing function (_T )

• H1 ← Hash function to map node ID to elliptic curve

point

• H2 ← Hash function for AES 128 − bit key calculation

B. Inter cluster key calculation

Identity based key management technique is used to establish

cryptographic keys between cluster head-base station

and cluster head-cluster head. Cluster head identity is mapped

to point on elliptic curve and same is used as public key of

the node (kCHi ) using SHA−1 and ECC encoding method.

As node identity number is unique, no other authentication

mechanism is required.

kCHi ← H1(IDCHi) ← SHA − 1(ECCencode(IDCHi))

(8)

To generate private key, trusted private key generator is

required in ID-based key management scheme. In proposed

technique Base station performs the function of private key

generator because BS is mounted in secure place and can be

trusted by all the sensor nodes.

Bilinearity property of Tate pairing is used to generate

pairwise keys for the nodes participating in secure communication

without direct interaction between them. This can be

justified by the following mathematical expressions in which

Bilinearity property is applied to calculate the pairwise key.

KAB: Pairwise key of nodes A and B

IDA: Identity of node A

Private Key Generator

(PKG)

Public key: hash(ID−B)

Private key: s.ID−B

Node ID: ID−A Node ID: ID−B

Public key: hash(ID−A)

Private key: s.ID−A

Secret key: s

Pairing function: e

Node A Node B

Send Request (ID−A || Nonce)

Send Request (ID−B || Nonce)

Secure Path Established

Private Key e(ID−B, s.ID−A)

Private Key e(ID−A, s.ID−B)

Fig. 3. Non-interactive key calculation between cluster heads

IDB: Identity of node B

H: Hashing and mapping function which encodes node ID in

to elliptic curve point

s: Master secret key

KAB = e(KA,H1(IDB))

KAB = e(s.H1(IDA),H1(IDB))

KAB = e(H1(IDA), s.H1(IDB))

KAB = e(KB,H1(IDA))

KAB = KBA

C. Secure cluster formation

After sensor nodes are randomly deployed in remote area,

clusters of the nodes should be formed in secure way. Number

of clusters to be formed is programmed in base station. Base

station starts cluster formation process by selecting first cluster

head randomly. Base station calculates private key of the node

and communicate it to the cluster head with time stamp (TS).

BS → CH : s.H1(IDCH)||TS (9)

Cluster head then broadcast HELLO packet to its neighbours.

Sensor nodes responding to cluster head are registered in the

respective cluster. List is encrypted by cluster head and sent

to base station.

CH → BS : EKCH,BS (IDlist||TS) (10)

Base station records the sensor node list and selects next

cluster head. In similar way all the clusters are formed without

any overlap.

D. Intra Cluster key distribution

Sensor nodes inside the cluster should be connected to cluster

head securely. Probabilistic key pre-distribution technique

is used for this purpose in which key ring set ks from randomly

generated large key pool S is pre-loaded in each node. Cluster

head broadcast key identifiers of keys in its key ring set. Sensor

nodes having same keys send response packet to cluster head

containing shared key identifiers. The sensor nodes not sharing

any key with cluster head establish the pairwise key using

path key calculation in two or more hops. Key reinforcement

5

is carried out by adding private key of cluster head KCHi to

shared key kCH−Node.

KCH−Node ← HashtoAES−128(KCHi⊕kCH−Node) (11)

CH CH CH

CH

CH CH−Node

H (K K )

2

(i) Broadcast key identifiers

sensor nodes

(ii) Shared key discovery (iii) Path key discovery

(iv) Connectivity graph (v) Key Reinforcement

Sensor node

CH

Fig. 4. Intra cluster pairwise key establishment

E. Key update mechanism

Bilinear pairing calculations and other communications carried

by cluster head drains its energy. For better lifetime

of network, cluster heads are altered based on energy level

threshold. When cluster head is changed both inter cluster and

intra cluster keys are updated consequently. New cluster head

ID is securely communicated to base station by old cluster

head.

CHi → BS : EKCHi,BS (IDj ||TS) (12)

V. RESULT AND DISCUSSION

The proposed hybrid key management scheme is compared

with probabilistic key pre-distribution and identity based key

management scheme. Advantages and drawbacks of the proposed

scheme are highlighted in following discussion.

A. Analysis of key management scheme

Different key management related issues of the proposed

hybrid key technique are discussed as follows.

Scalability: Cluster head formation mechanism adopted in

the scheme allows large sensor nodes to be deployed with

minimum overhead on the memory and energy resources.

Cluster head formation mechanism is secure and because of

on-line key calculation mechanism new clusters can be easily

added at any phase of network lifetime.

Forward and backward secrecy: Because of periodic Cluster

head alteration secret keys related to each cluster are updated

regularly and hence new nodes can not detect previous

messages. Revocation phase takes care that old nodes in the

network should not be able to read new messages in the

network.

Communication overhead: Wireless communication requires

1000 times more power than that of wired communication. In

ID-based key distribution, public key is nothing but the node

identity, which is stored in each node for routing purpose.

Also, bilinear pairing allows non-interactive key distribution

between the two nodes. In this way, Non interactive key

establishment using ID based cryptography minimizes communication

overhead. However, communication overhead is

implied by shared key and path key discovery inside the

cluster. I shows total bytes communicated in the network.

Memory overhead: Memory overhead of proposed scheme is

more than probabilistic key distribution and Identity based key

management technique. Reduced computational and energy

cost is compensated with additional memory overhead.

Energy consumption: Cluster head consumes most of the

Probabilistic IBK Hybrid

Memory Overhead 2176 bytes 48 KBytes 50.125 Kbytes

TABLE II

MEMORY OVERHEAD

energy and there is a chance of single node energy drain out.

In the proposed scheme, Energy consumption is distributed

among all the nodes as cluster head is updated periodically.

Most of the node expect cluster heads uses polynomial based

key technique which requires less energy compared to IBE.

Also energy is conserved by avoiding communication between

cluster heads.

B. Resilience against node capture attack

0

0.2

0.4

0.6

0.8

1

0 100 200 300 400 500

Fraction of communication links compromised

Number of nodes captured

Resilience against node capture attack

Probabilistic pre-distribution

q-composite(q=3)

Polynomial based

Hybrid scheme

Fig. 5. Analysis of resilience against node capture attack

In wireless sensor networks, sensor nodes are openly distributed

on the field and chances of node capture are more.

When node is captured in case of probabilistic key predistribution

scheme, secret information related to non-captured

nodes is also revealed. In Identity based key management

technique, communication links between non-captured nodes

are not compromised because of discrete logarithmic problem

imposed by bilinear pairing. In Hybrid key management

technique, communication links between non-captured nodes

inside the cluster are affected. Key reinforcement assures that

communication links outside the cluster are not compromised.

6

Key ID broadcast Path Key Discovery Private key sharing Total

Probabilistic pre-distribution 240 Bytes/node 240 Bytes/alternate node - 352 KBytes

IBK - - 16 Bytes/node 16 KBytes

Hybrid 240 Bytes/ CH 240 bytes/ alternate node in cluster 16 Bytes/CH 120 KBytes

TABLE I

COMMUNICATION OVERHEAD ANALYSIS. TABLE SHOWS NUMBER OF BYTES TRANSMITTED BY RESPECTIVE NODE

The parameters used to analyse the proposed key management

scheme are:

Number of nodes in WSN: 1000

Number of nodes captured: 0 to 500

Number of clusters: 10

Connectivity probability: 0.5

Key pool size: 20000

Key ring size: 120

0

0.2

0.4

0.6

0.8

1

0 100 200 300 400 500

Fraction of communication links compromised

Number of nodes captured

Resilience against node capture attack

Probabilistic pre-distribution

q-composite(q=3)

Polynomial based

Hybrid scheme

Fig. 6. Analysis of resilience against node capture attack

VI. CONCLUSION

Management of cryptographic keys in the network is important

stage in implementing security protocol. Both symmetric

key pre-distribution and asymmetric key distribution techniques

fail to provide required security at resource overhead

acceptable in resource constrained wireless sensor networks. In

heterogeneous wireless sensor networks, solution to solve this

problem by implementing hybrid key management technique

is analysed thoroughly. Computational and energy cost is reduced

at the expense of communication and memory overhead.

Resilience against node capture attack of hybrid key management

scheme is improved compared to probabilistic key predistribution

techniques. Further improvement in hybrid key

management scheme is possible by efficient implementation

of bilinear pairing algorithms on sensor nodes.