Abstract
Group communication has proven a powerful paradigm for designing applications and services in Wireless Sensor Networks (WSNs). Given the tight interaction between WSNs and the physical world, a security infringement may translate into a safety infringement. Therefore, in order to fully exploit the group communication paradigm we need to secure it. Traditionally, this requirement has been formalized in terms of backward and forward security and fulfilled by means of rekeying. In WSNs, group rekeying becomes particularly a complex problem because communication takes place over an easily accessible wireless medium and because sensor nodes have severe limitations in terms of computing, storage, energy, and tamper-resistance capabilities for cost reasons.
In this article we present a Lightweight Authenticated ReKeying (LARK) scheme for clustered WSNs. LARK guarantees backward and forward security, is scalable in terms of communication overhead, and efficient in terms of computing overhead for key authentiticy verification. LARK achieves security, efficiency, and scalability by exploiting two basic well-known mechanisms, namely key graph and key chain, and integrating them in an original way. LARK supports a general group model where groups can be hierachical and partially overlapping. In contrast to other WSN group rekeying schemes, LARK considers grouping a tool for designing and implementing applications and services rather than for network management. Consequently, LARK receives a group topology reflecting the application needs and manages rekeying at single-group level. In the article we describe LARK, formally argue that it meets the backward and forward security requirements, and, finally, evaluate its performance in terms of communication, computing, and storage overhead in limited-resources sensor nodes.
- Akyildiz, I. F. and Kasimoglu, I. H. 2004. Wireless sensor and actor network: Research challenges. Ad Hoc Netw. 2, 4, 351--367.Google ScholarCross Ref
- Anderson, R. J. 2008. Security Engineering: A Guide to Building Dependable Distributd Systems 2nd Ed. Wiley Publishing Inc., New York. Google ScholarDigital Library
- Årzén, K. H., Bicchi, A., Dini, G., Hailes, S., Johansson, K. H., Lygeros, J., and Tzes, A. 2007. A component-based approach to the design of networked control systems. Euro. J. Control 13, 2-3, 261--279.Google Scholar
- Bicchi, A., Danesi, A., Dini, G., La Porta, I., Pallottino, L., Savino, I. M., and Schiavi, R. 2008. A safe and secure component-based platform for heterogeneous multi-robot systems. IEEE Robot. Autom. Mag. 15, 1, 62--70.Google ScholarCross Ref
- Cárdenas, A. A., Roosta, T., and Sastry, S. 2009. Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems. Ad Hoc Netw. 7, 8, 1434--1447. Google ScholarDigital Library
- Caronni, G., Waldvogel, M., Sun, D., Weiler, N., and Plattner, B. 1999. The VersaKey framework: Versatile group key management. IEEE J. Select. Areas Comm. 17, 9, 1614--1631. Google ScholarDigital Library
- Chan, H., Gligor, V. D., Perrig, A., and Muralidharan, G. 2005. On the distribution and revocation of cryptographic keys in sensor networks. IEEE Trans. Depend. Secure Comput. 2, 3, 233--247. Google ScholarDigital Library
- Chipcon. 2004. CC2420 Datasheet. http://www.chipcon.com/files/CC2420_Data_Sheet_1_3.pdf.Google Scholar
- Choudhary, D., Anshul, D., Roy, S., and Thejaswi, C. 2007. Computationally and resource efficient group key agreement for ad hoc sensor networks. In Proceedings of the 2nd IEEE International Conference on Communication Systems Software and Middleware (COMSWARE’07). IEEE, 1--10.Google Scholar
- Cole, E. 2009. Network Security Bible 2nd Ed. Wiley Publishing Inc., New York. Google ScholarDigital Library
- Coppersmith, D. and Jakobsson, M. 2002. Almost optimal hash sequence traversal. In Financial Cryptography, Lecture Notes in Computer Science, vol. 2357, Springer. 102--119. Google ScholarDigital Library
- Costa, P., Coulson, G., Mascolo, C., Picco, G. P., and Zachariadis, S. 2005. The RUNES Middleware: A reconfigurable component-based approach to networked embedded systems. In Proceedings of the 16th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’05). Vol. 2, IEEE, 806--810.Google Scholar
- Deng, J., Han, R., and Mishra, S. 2006. Secure code distribution in dynamically programmable wireless sensor networks. In Proceedings of the 5th International Conference on Information Processing in Sensor Networks (IPSN’06). ACM, 292--300. Google ScholarDigital Library
- Dermibas, M. 2005. Wireless sensor networks for monitoring of large public buildings. Tech. rep., University at Buffalo (www.cse.buffalo.edu/tech-reports/2005-26.pdf).Google Scholar
- Dini, G. and Savino, I. 2006. S 2 RP: A secure and scalable rekeying protocol for wireless sensor network. In Proceedings of the IEEE International Conference on Mobile Adhoc and Sensor Systems (MASS 06). IEEE, 457--466.Google Scholar
- Dini, G. and Savino, I. M. 2010. A security architecture for reconfigurable networked embedded systems. Int. J. Wirel. Inf. Netw. 17, 1, 11--25.Google ScholarCross Ref
- Dini, G., Porta, I. S. L., Savino, I. M., Hailes, S., Gold, R., and Ahmed, M. 2008. Secure reconfiguration in networked embedded systems with the runes approach. In Proceedings of the 5th European Conference on Wireless Sensor Networks (EWSN’08). Lecture Notes in Computer Science, vol. 4913, Springer, 1--2.Google Scholar
- Dobbertin, H., Bosselaers, H., and Preenel, B. 1996. Ripemd-160, a strengthened version of ripemd. In Proceedings of the 3rd International Workshop on Fast Software Encryption (FSE’96). Lecture Notes in Computer Science, vol. 1039, Springer, 71--82. Google ScholarDigital Library
- Dutta, P. K., Hui, J. W., Chu, D. C., and Culler, D. E. 2006. Securing the deluge network programming system. In Proceedings of the 5th International Conference on Information Processing in Sensor Networks. ACM, 326--333. Google ScholarDigital Library
- Eltoweissy, M., Heydari, M. H., Morales, L., and Sudborough, I. H. 2004. Combinatorial optimization of group management. J. Netw. Syst. Manage. 12, 1, 33--50. Google ScholarDigital Library
- Eltoweissy, M., Wadaa, A., Olariu, S., and Wilson, L. 2005. Group key management for large-scale sensor networks. Ad-Hoc Netw. 3, 5, 668--688. Google ScholarDigital Library
- Eltoweissy, M., Moharrun, M., and Mukkala, R. 2006. Dynamic key management in sensor networks. IEEE Comm. Mag. 44, 4, 122--130. Google ScholarDigital Library
- Eschenauer, L. and Gligor, V. D. 2003. A key-management scheme for distributed sensor networks. In Proceedings of 10th ACM Conference on Computer and Communication Security (CCS’03). ACM, 41--57. Google ScholarDigital Library
- Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D. E., and K., P. 2000. System Architecture Directions for Networked Sensors. In Proceedings of the 9th Symposium on Architectural Support to Programming Languages and Operating Systems (ASPLOS’00). ACM, 93--104. Google ScholarDigital Library
- Intanagonwiwat, C., Govindan, R., and Estrin, D. 2000. Directed diffusion: A scalable and robust communication paradigm for sensor networks. In Proceedings of ACM Mobile Computing and Networking (Mobicom’00). ACM, 56--67. Google ScholarDigital Library
- Karlof, C., N., S., and Wagner, D. 2004. Tinysec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys’04). ACM, 162--175. Google ScholarDigital Library
- Lamport, L. 1981. Password authentication with insecure communication. Comm. ACM 24, 11, 770--772. Google ScholarDigital Library
- Law, Y. W., Doumen, J., and Hartel, P. 2006. Survey and benchmark of block ciphers for wireless sensor networks. ACM Trans. Sensor Netw. 2, 1, 65--93. Google ScholarDigital Library
- Liu, A., P.Kampanakis, and Ning, P. 2007. Tinyecc: elliptic curve cryptography for sensor networks (version 0.3). http:discovery.csc.nvsu.edu/software/TinyECC/.Google Scholar
- Mainwaring, A., Culler, D., Polastre, J., Szewczyk, R., and Anderson, J. 2002. Wireless sensor networks for habitat monitoring. In Proceedings of the 1st International Workshop on Wireless Sensor Networks and Applications (WSNA’02). ACM, 88--97. Google ScholarDigital Library
- Menezes, A. J., van Oorschot, P. C., and A., V. S. 1996. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL. Google ScholarDigital Library
- Mišić, J. 2008. Traffic and energy consumption of an IEEE 802.15.4 network in the presence of authenticated, ECC Diffie-Hellman ephemeral key exchange. Comput. Netw. 52, 11, 2227--2236. Google ScholarDigital Library
- Moteiv. 2011. Tmote sky. http://www.moteiv.com/.Google Scholar
- Mottola, L. and Picco, G. P. 2006a. Logical neighborhood: A programming abstraction for wireless sensor networks. In Proceedings of the 2nd International Conference on Distributed Computing in Sensor Systems (DCOSS’06). Lecture Notes in Computer Science, vol. 4026. Springer, 150--168. Google ScholarDigital Library
- Mottola, L. and Picco, G. P. 2006b. Programming wireless sensor networks with logical neighborhoods. In Proceedings of the 1st International Conference in Integrated Internet Ad Hoc and Sensor Networks, (InterSense 2006). IEEE, 1--6. Google ScholarDigital Library
- National Institute of Standards and Technology. 1995. FIPS PUB 180-1: Secure Hash Standard. National Institute of Standards and Technology.Google Scholar
- National Institute of Standards and Technology. 1998. SKIPJACK and KEA Algorithm Specifications. National Institute of Standards and Technology.Google Scholar
- National Institute of Standards and Technology. 2001. NIST FIPS PUB 197 Specification for the Advanced Encryption Standard (AES). National Institute of Standards and technology.Google Scholar
- National Institute of Standards and Technology. 2005. Plan for New Cryptographic Hash Functions. National Institute of Standards and Technology.Google Scholar
- Park, T. and Shin, K. 2004. LiSP: A lightweight security protocol for wireless sensor networks. ACM Trans. Embed. Comput. Syst. 3, 3, 634--660. Google ScholarDigital Library
- Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, J. D. 2001. SPINS: Security suite for sensor networks. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking (MOBICOM’01). ACM, 189--199. Google ScholarDigital Library
- Petriu, E., Georganas, N., Petriu, D., Makrakis, D., and Groza, V. 2000. Sensor-Based information appliances. IEEE Instrument. Measur. Mag. 3, 4, 31--35.Google ScholarCross Ref
- Piotrowski, K., Langendörfer, P., and Peter, S. 2006. How public key cryptography influences wireless sensor node lifetime. In Proceedings of the 4th ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN’06). ACM, 169--176. Google ScholarDigital Library
- Polastre, J., Szewczyk, R., and Culler, D. 2005. Telos: Enabling ultra-low power wireless research. In Proceedings of the 4th International Symposium on Information Processing in Sensor Networks (IPSN’05) (Poster Session). ACM. Google ScholarDigital Library
- Rafaeli, S. and Hutchison, D. 2003. A survey of key management for secure group communication. ACM Comput. Surv. 35, 3, 309--329. Google ScholarDigital Library
- Ravi, S., Raghunathan, A., Kocher, P., and S., H. 2004. Security in embedded systems: Design challenges. ACM Trans. Embed. Comput. Syst. 3, 3, 461--491. Google ScholarDigital Library
- Reiter, M. K. 1996a. Distributing trust with the rampart toolkit. Comm. ACM 39, 4, 71--74. Google ScholarDigital Library
- Reiter, M. K. 1996b. A secure group membership protocol. IEEE Trans. Softw. Engin. 22, 1, 31--42. Google ScholarDigital Library
- Rivest, R. 1992. The MD5 message-digest algorithm. Internet Request for Comment RFC 1321, Internet Engineering Task Force.Google Scholar
- Rivest, R., Shamir, A., and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21, 2, 120. Google ScholarDigital Library
- Rivest, R. L. 1994. The RC5 encryption algorithm. In Proceedings of the 2nd International Workshop on fast Software Encryption. B. Preenel Ed. Lecture Notes in Computer Science, vol. 1008. Springer, 86--96.Google Scholar
- Roman, R., Zhou, J., and Lopez, J. 2006. Applying intrusion detection systems to wireless sensor networks. In Proceedings of the IEEE Consumer Communications and Networking Conference (CCNC’06). IEEE, 640--644.Google Scholar
- Roman, R., Alcaraz, C., and Lopez, J. 2007. A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. Mobile Netw. Appl. 12, 4, 231--244. Google ScholarDigital Library
- Sherman, A. T. and McGrew, D. A. 2003. Key establishment in large dynamic groups using one-way function trees. IEEE Trans. Softw. Engin. 29, 5, 444--458. Google ScholarDigital Library
- Sinopoli, B., Sharp, C., Schenato, L., Schaffert, S., and Sastry, S. S. 2003. Distributed control applications within sensor networks. Proc. IEEE 91, 8, 1235--1246.Google ScholarCross Ref
- Son, J., Lee, J., and Seo, S. 2007. Energy efficient group key management scheme for wireless sensor networks. In Proceedings of the 2nd IEEE International Conference on Communication Systems Software and Middleware (COMSWARE’07). IEEE, 1--9.Google Scholar
- Waldvogel, M., Caronni, G., Sun, D., Weiler, N., and Plattner, B. 1999. The versakey framework: Versatile group key management. IEEE J. Select. Areas Comm. 17, 9, 1614--1631. Google ScholarDigital Library
- Wallner, D. M., Harder, E. G., and Agee, R. C. 1999. Key management for multicast: Issues and architecture. RFC 2627, IETF. Google ScholarDigital Library
- Wang, X., Yao, A., and Yao, F. 2005. New collisions search sha-1. In Rump Session of the 25th Annual International Cryptology Conference (CRYPTO’05). Springer.Google Scholar
- Wang, Y. and Ramamurthy, B. 2007. Group rekeying schemes for secure group communication in wireless sensor networks. In Proceedings of the IEEE International Conference on Communications (ICC’07). IEEE, 3419--3424.Google Scholar
- Wang, Y., Wang, X., Xie, B., Wang, D., and Agrawal, D. P. 2008. Intrusion detection in homogeneous and heterogeneous wireless sensor networks. IEEE Trans. Mobile Comput. 7, 6, 698--711. Google ScholarDigital Library
- Wong, C. K., Gouda, M., and Lam, S. S. 2000. Secure group communications using key graphs. IEEE/ACM Trans. Network. 8, 1, 16--30. Google ScholarDigital Library
- Younis, M., Ghumman, K., and Eltoweissy, M. 2006a. Location-aware combinatorial key management scheme for clustered sensor networks. IEEE Trans. Parall. Distrib. Syst. 17, 8, 865--882. Google ScholarDigital Library
- Younis, M. F., Ghumman, K., and Eltoweissy, M. 2005. Key management in wireless ad hoc networks: Collusion analysis and prevention. In Proceedings of the 24th IEEE International Performance Computing and Communications Conference. IEEE, 199--203.Google Scholar
- Younis, O., Krunz, M., and Ramasubramanian, S. 2006b. Node clustering in wireless sensor networks: Recent developments and deployment challenges. IEEE Netw. 20, 3, 20--25. Google ScholarDigital Library
- Zhang, Q., Yu, T., and Ning, P. 2008. A framework for identifying compromised nodes in wireless sensor networks. ACM Trans. Inf. Syst. Secur. 11, 3, 1--37. Google ScholarDigital Library
- Zhou, X., Ramamurthy, B., and Magliveras, S. 2005. Secure Group Communication over Data Networks. Springer, New York.Google Scholar
- Zhu, S., Setia, S., and Jajodia, S. 2006. LEAP+: Efficient security mechanims for large-scale distributed sensor networks. ACM Trans. Sensor Netw. 2, 4, 500--528. Google ScholarDigital Library
Recommendations
TinyPK: securing sensor networks with public key technology
SASN '04: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networksWireless networks of miniaturized, low-power sensor/actuator devices are poised to become widely used in commercial and military environments. The communication security problems for these networks are exacerbated by the limited power and energy of the ...
LiSP: A lightweight security protocol for wireless sensor networks
Small low-cost sensor devices with limited resources are being used widely to build a self-organizing wireless network for various applications, such as situation monitoring and asset surveillance. Making such a sensor network secure is crucial to their ...
Two-tier, location-aware and highly resilient key predistribution scheme for wireless sensor networks
VoCS'08: Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic ConferenceWe propose a probabilistic key predistribution scheme for wireless sensor networks, where keying materials are distributed to sensor nodes for secure communication. We use a two-tier approach in which there are two types of nodes: regular nodes and ...
Comments