SciELO - Scientific Electronic Library Online

 
vol.45 número1A multigrid method for the solution of composite mesh problemsOptimization of solid-liquid extraction of ethanol obtained by solid-state fermentation of sugarcane bagasse índice de autoresíndice de assuntospesquisa de artigos
Home Pagelista alfabética de periódicos  

Latin American applied research

versão On-line ISSN 1851-8796

Lat. Am. appl. res. vol.45 no.1 Bahía Blanca jan. 2015

 

A hybrid group based re-key management scheme for secure communication in wireless sensor

S. Suma Christal Mary and M. Pallikonda Rajasekaran

Computer Science and Engineering, Kalasalingam University, Krishnankovil, Tamil Nadu, India.
Electronics and Communication Engineering, Kalasalingam University, Krishnankovil, Tamil Nadu, India. Email: sumachristy2012@gmail.com

Abstract— Secured Communication is primarily important in Wireless Sensor Networks (WSNs), since the communication signals are explicitly available as they broadcast through the air. These networks are more vulnerable to attacks extending from passive eavesdropping to active snooping. In this paper, a hybrid Group based Re-Key Management Scheme (HG-RMS) is proposed. The objective of this paper is to provide a secure group communication in WSNs. The Group Controller is elected for each group to manage the group members. The proposed HG-RMS incorporates the Modified Hybrid Energy Efficient Distributed (M-HEED) protocol to elect the group controller. Rivest Shamir Adleman (RSA) is used by the Key Management Center (KMC) to generate the keys and distribute to the group controllers. The key exchange mechanism is explored for secure communication between the users. Node compromise attacks are detected and prevented based on the periodic broadcast messages. The re - keying process is initiated whenever a node joins/leaves the group. The experimental results show that the proposed scheme performs better than the existing Cluster based Group Key Management (CB-GKM) in terms of energy, privacy level, memory, and time consumption.

Keywords— Diffie Hellman; Modified Hybrid Energy Efficient Distributed (M-HEED); Key Management Center (KMC); Node Compromise Attack; and Rivest Shamir Adleman (RSA).

I. INTRODUCTION

Wireless Sensor Networks (WSNs) have recently developed as a platform for numerous important surveillance and control applications (Rahman, 2010). Generally, sensor nodes stay fewer mobility, more limited in capabilities and more densely deployed than the Mobile Adhoc Networks (MANETs). The sensor nodes gather the information and route the information to the base station. All of the nodes are not essentially communicating at any particular time and nodes can only transfer with a few nearby nodes. The network has a routing protocol to regulate and control the routing of data messages between nodes. Moreover, Grouping is an essential practice to localize computation and decrease the communication overhead in WSNs (Wang et al., 2010). The most standard method of grouping is clustering. The main operation in the sensor node grouping is to choose the set of group controllers or group heads among the sensor nodes (Klaoudatou et al., 2011). The group controller nodes are responsible for organizing among the nodes and communications between the nodes. Many routing protocols and key management protocols have been proposed already. Usually, the cluster has a cluster head node and the group contains the group controller node. The main difference between clustering and grouping are: Clustering is a universal concept, whereas grouping is typically focused on a small area. A group can be a part of the cluster or may be the union of several clusters.

Security is the most important research domain in the field of wireless sensor networks. The secure group communication is based on the trusted transmission of the group key between valid nodes in a group. It includes the communication between the nodes that are eligible to send and receive the messages to the group. The major problem of secure group communication is key management. An asymmetric group key known only to group nodes and the key server is used for encrypting the data traffic among the group users. The group key access is controlled by the group key management system. It sends the group key to certified new users and also performs the rekeying process whenever the node joins/leaves the network. Precisely, a group key management model can implement two kinds of access control (Wen et al., 2012): backward access and forward access control (Alzaid et al., 2010). If the group alters the group key after the new node joins, the new node may not be able to decrypt the past communications; this is termed as a backward access control. If the group rekeys after a current node leaves, then the departed node may not able to access the future communications; this is referred as forward access control.

Yang et al. (2013) proposed an Identity Based Key Agreement Scheme (IBKAS). This scheme was based on identity based encryption and Elliptic Curve Diffie Hellman (ECDH). This scheme prevents the man in the middle attacks and node capture attacks by encrypting the key agreement parameters (Yang et al., 2013). Lin et al. (2010) designed a key management scheme for sensor networks based on bilinear pairings and Diffie Hellman group. This scheme ensures that any node pair can steadily assign one session key (Lin et al., 2010). Yuan et al. (2010) proposed a cluster based group key management approach for WSN. A group key was created by the association of cluster head and nodes within the particular cluster. Cluster heads were responsible to reconstruct and transfer the group key (Yuan et al., 2010). The advantage of secure group communication is that outside nodes are not able to get the messages. The group controller node is used to gather the similar data in order to reduce the communication overhead. Nowadays, several research revealed that the group key can be used for filtering the false data included in WSN (Li et al., 2011; Lu et al., 2012).

In this paper, a hybrid Group based Re-Key Management Scheme is proposed. Here, the network is divided into groups and each has one Group Controller (GC). Group Controller (GC) is elected for each group based on the Modified Hybrid Energy Efficient Distributed (M-HEED) protocol (Kour and Sharma, 2010). M-HEED is the clustering protocol, it uses the remaining energy as the initial parameter and node degree, and distance to neighbors are used as secondary parameters. The role of GC is to manage, monitor the group members and distribute the keys to the group members. To establish a secure key, a dedicated Key Management Center (KMC) is designed to generate and produce high quality keys. A node which wants to initiate the data communication, it sends a request to KMC for an appropriate key. The keys are generated based on the Rivest Shamir Adleman (RSA) algorithm (Chang et al., 2012). If the network senses a node compromise attack, that node will be terminated. In case of node joining or leaving the network, the proposed method initiates the rekeying process. For secure communication between the group members, the proposed method uses the key exchange Diffie Hellman algorithm (Schmidt et al., 2012).

Instead of rekeying after each join or leave, the proposed method uses the periodic batch rekeying to improve scalability and alleviate out-of-sync problems among rekey messages as well as between rekey and data messages. Many solutions have been proposed in the conventional methods for efficiently handling a single membership change. In these solutions, for a group of N users, the group controller distributes the new group key encrypted with old group key. The proposed system can dramatically minimize the energy consumption of the node in the network. Hence, the durability of the node and network also increased. Privacy level is increased by securely sharing the group key among the clusters.

II. HYBRID GROUP BASED RE-KEY MANAGEMENT PROTOCOL

The key management protocols for one-to-all communication needs formation of a network with shared key by the group members of the network. The key management for one-to-one transmission assisting the aggregation, which needs the formation of pair wise keys shared by every group members and group controllers. Also, the group key is shared by all the members in a cluster. The flow of the proposed system is shown in Fig.1.


Fig.1. Framework for Group Based Re-Key Management Scheme

Assume that the network is composed of n nodes. A group is composed of n-1 group members and one group controller are elected based on the M-HEED protocol. The group controller takes the responsibility to control and manage the group members. Each node has unique n-ID and each group have unique separate group ID g-ID. A group key called k is shared among the group members. The group members use this key to get confidential information/ communications. The proposed framework allows protecting the data communication based on the group key, which can be shared among group members.

The Key Management Centre (KMC) provides the ability to create and distribute keys within arbitrary sized groups without the intervention of a global/ centralized key manager. A controller of the group generates and distributes the group key using the individual key of each user to all the users in the group and the group key is known only to the participating users in Group. The tasks involved when a user joins or user leaves are straight forward in KMC; the GC sends the new group key to the joining user through a secure channel and to the users in the old group by encrypting it with the old group key.

A. Grouping and Security Requirements

Assume that the nodes are quasi-stationary. Nodes have similar communication abilities and processing. Group Controller is elected based on the M-HEED protocol. The group controller can identify all the compromised nodes as it controls the members in the group. Each node is recognized by a unique ID and it can belong to more than one group. Every node periodically broadcasts the HELLO message to confirm its presence on that particular group. If any of the nodes does not send any notifications, then that node will be identified as a compromised node. These nodes will be added to blacklist to provide secure data communication. This proposed system achieves forward and backward secrecy.

1) Modified Hybrid Energy Efficient Distributed

M-HEED is a multi-hop WSN grouping algorithm which brings an energy efficient routing with an explicit concern about energy. The group formation is performed based on the following two parameters:

  1. Nodes residual energy
  2. Intra-grouping communication cost

The percentage of GC among all the nodes, Gprob is fixed to assume that an optimal percentage ca not be calculated a priori. The probability that the node elect as GC:

(1)

Here, Eresidual is the computed energy of the current node and Emax is the maximum energy. The value of GCprob is not allowed to fall below a threshold value. The selected threshold value is inversely proportional to Emax. Each node goes through numerous iterations until it selects the GC. If no GC is selected, the node elects itself as GC and forwards a message to its neighbor nodes. Each node twice its GCprob value and moves to the next iteration until GC reaches 1.

There are two kinds of status that a sensor node could broadcast to its neighbors:

  • Tentative status
  • Final status

// Tentative status
If GCprob < 1
The node becomes a tentative GC and changes the status as regular node

// Final status
If GCprob = 1
The node permanently becomes GC.

The advantages of the M-HEED protocol are: (a) M-HEED is a completely distributed grouping scheme that takes the benefits of two parameters for GC election. (b) Low power levels of groups stimulate an increase in spatial reuse, though high power levels of groups are needed for inter-group communication. Hence it uniformly distributes the GC and balances the load. (3) It efficiently balances the multi-hop and single-hop communications.

B. Key Management Center (KMC)

The key management is the set of procedures and mechanisms that support the establishment of a shared key and manages the ongoing key relationship between nodes by replacing the older keys with new keys if needed. KMC should assure that only authenticated nodes access the channel or participate the communication. Whenever the network node changes, the shared key should be replaces to avoid that the new group members cannot access the old data traffic. If a node joins/ leaves the network, then rekeying process will be initiated.

1) Group Key Generation- RSA

The group controller sends the group_key_req to the KMC. KMC generates the group_key_req, it composed of individual key and group key and forwards the secure key to the corresponding group controller. The keys are generated based on the RSA algorithm.

Steps for key generation:

  1. Choose two distinct prime numbers x and y
  2. Compute n=xy
  3. Compute φ(n)= φ(x) φ(y) = (x-1) (y-1)
  4. Choose an integer k such that 1<k<φ(n)
  5. gcd(k, φ(n))=1
  6. Find l as l-1=k(mod φ(n))
  7. Publish the public encryption key: (k, n)
  8. Keep secret private decryption key: (l, n)
    // Encryption
  9. c=me(mod n) 0 ≤ m < n
    // Decryption
  10. m=cd(mod n) 0 ≤ m < n

The keys are generated and send it to the Group controllers. Group controllers distribute the keys to that particular group members. The proposed schemes use the Diffie Hellman algorithm to exchange and validate the keys. This algorithm checks whether the two participated nodes are authenticated.

2) Diffie Hellman Key Exchange

The proposed system uses the Diffie Hellman algorithm to exchange and validate the user keys. Consider the sender node s and receiver node r. The following steps are applied after the key generation procedure:

1: s selects a random private key as .
2: r selects a random private key as .
3: s calculates the corresponding public key
kpubM =M = mm mod x
4: r calculates the corresponding public key
kpubN =N = mn mod x
5: s calculates the common secret kMN =Nm=(mm)n mod x
6: r calculates the common secret kMN =Mn=(mn)m mod x
7: Use the joint key kMN for encryption (with RSA)

If the key matches, the node is declared as a trusted node and the data are allowed to transfer to the user. Otherwise the node is declared as a malicious node and rekeying process gets initiated.

C. Re-Key Management

Initially, a new group key is generated, which is retrieved from KMC. The new group key is sent to the new group member through the secure unicast channel. When a group member leaves the group, the new group key should be privately sent to all the remaining members with the exception of the leaved node. By means of the group is dynamic, the group key must be changed consequently. This process has to be finished privately.

The group management system sends the group key to certify new users and also performs the rekeying process whenever the node joins/leaves the network. A group key management model can implement two kinds of access control: backward access and forward access control. If the group alters the group key after the new node joins, the new node may not be able to decrypt the past communications; this is termed as a backward access control. If the group rekeys after a current node leaves, then the departed node may not able to access the future communications; this is referred as forward access control.

There are three main pieces of information are used in the rekeying process. They are:

  • Every sensor node holds a personal secrets Ki
  • Re-keying information should not revealed and used by GC to estimate a broadcast message.
  • GC uses the broadcast message with Ki to calculate the new group key.

If a new group member joins or an existing group member leaves the group, then new key should be created for preventing the future communication and preserve the past communications. The rekey action dictates how the new keys are delivered to group member nodes so that only trusted members receive the new key and blacklisted members cannot receive the new key.

III. PERFORMANCE ANALYSIS

In this section, the proposed scheme performance is evaluated and compared with the existing scheme. A Hybrid Group based Re-Key Management Scheme is modeled in a network of 100 nodes. Nodes are deployed according to a uniform distribution function over an area of 100 x 100 meters. The network nodes are composed of diverse groups based on M-HEED. Each group is composed of a collection of nodes. The performance is tested based on the following metrics: Energy consumption, privacy level analysis, key accuracy level, memory consumption and time analysis. The proposed Hybrid Group Based Re-key Management System (HG-RMS) is compared with the existing Clustering Based Group Key Management System (CB-KMS) (El-Sayed, 2013) to show the efficiency of the proposed system.

A. Energy Consumption

In addition to consuming energy through computational processing, security protocols also reserves energy due to the transmission of messages. The energy consumption depends on the distance between the source and the receiver node, which calculates the transmitted power level. The time required for transmitting the message is latter proportional to the data size and it is indirectly proportional to the transmission rate.

(2)

where ETot denotes the total consumed energy, ER denotes the total consumed energy for data receiving and ET denotes the total consumed energy for data transmitting.

The proposed Hybrid Group Based Re-Key Management System uses the M-HEED protocol for group formation and group controller election. Residual energy is taken as the major constraint for electing the group controller. Figure 2. depicted the energy utilized for each groups.


Fig. 2. Energy utilized among the groups for HG-RMS

where ETot denotes the total consumed energy, ER denotes the total consumed energy for data receiving and ET denotes the total consumed energy for data transmitting.

B. Privacy Level Analysis

Whenever the node joins/leaves, the propose scheme securely share the group key to the respective group members through the group controller. Privacy level is investigated with the number of iterations. The experimental results show that the proposed HG-RMS provides high level of security than the existing Cluster Based-Group Key Management (CB-GKM) is shown in Fig.3.


Fig. 3. Privacy level analysis between CB-GKM and HG-RMS

C. Key Accuracy Level

Key accuracy level is examined and compared between CB-GKM and HG-RMS. The proposed system utilized the Diffie Hellman protocol for key exchange between the nodes. The proposed system results better key accuracy than the existing approach which is shown in Fig. 4.


Fig. 4. Key Accuracy analysis between CB-GKM and HG-RMS

D. Memory Consumption

The memory consumption is analyzed and compared with proposed HG-RMS and existing CB-GKM, which is shown in Fig.5. It shows that the proposed scheme utilizes less memory than the existing approach.


Fig. 5. Memory Consumption analysis between CB-GKM and HG-RMS

E. Time Analysis

The average time taken to execute the model for existing CB-GKM and HG-RMS is depicted in Fig. 6. The proposed model takes lesser time than the existing model.

(3)


Fig. 6. Time analysis between CB-GKM and HG-RMS

where Tc denotes the time taken to complete the data transfer, TR denotes the time taken to receive the data and TT denotes the time taken to transmit the data.

IV. CONCLUSION AND FUTURE WORK

A hybrid group based re-key management scheme is proposed in this paper. This scheme relies on grouping which divides the sensor network into groups with the group clusters. This scheme exploits the re-keying process to overcome the fore-mentioned problem. The forward and backward secrecy is achieved by re-keying phase. Hence the shared keys are periodically updated. The node replication attack is detected and prevented the sensor field through the periodic HELLO message broadcast by the group members. The experimental result shows that the proposed scheme performs better than the existing model in terms of energy consumption, privacy level, key accuracy level, memory and time consumption.

In future, the proposed model can be adopted by Trust Based Management protocols to effectively improve the network performance and detect the malicious attacks.

REFERENCES
1. Alzaid, H., D.G. Park, J. González Nieto, C. Boyd and E. Foo, "A forward and backward secure key management in wireless sensor networks for pcs/scada," Sensor Systems and Software, 24, 66-82 (2010).
2. Chang, S.-Y., Y.-H. Lin, H.-M. Sun and M.-E. Wu, "Practical RSA signature scheme based on periodical rekeying for wireless sensor networks," ACM Transactions on Sensor Networks, 8, 13 (2012).
3. El-Sayed, A., "Clustering Based Group Key Management for MANET," Advances in Security of Information and Communication Networks, 381, 11-26 (2013).
4. Klaoudatou, E., E. Konstantinou, G. Kambourakis and S. Gritzalis, "A survey on cluster-based group key agreement protocols for WSNs," IEEE Communications Surveys & Tutorials, 13, 429-442 (2011).
5. Kour, H. and A.K. Sharma, "Hybrid energy efficient distributed protocol for heterogeneous wireless sensor network," International Journal of Computer Applications, 4, 0975-8887 (2010).
6. Li, H., K. Lin and K. Li, "Energy-efficient and high-accuracy secure data aggregation in wireless sensor networks," Computer Communications, 34, 591-597 (2011).
7. Lin, I.-C., P.Y. Chang and C.-C. Chang, "A key management scheme for sensor networks using bilinear pairings and gap Diffie-Hellman group," International Journal of Innovative Computing, Information and Control, 6, 809-816 (2010).
8. Lu, R., X. Lin, H. Zhu, X. Liang and X. Shen, "BECAN: a bandwidth-efficient cooperative authentication scheme for filtering injected false data in wireless sensor networksm" IEEE Trans. on Parallel and Distributed Systems, 23, 32-43 (2012).
9. Rahman, K.C., "A survey on sensor network," Journal of Computer and Information Technology, 1, 76-87 (2010).
10. Schmidt, B., S. Meier, C. Cremers and D. Basin "Automated analysis of Diffie-Hellman protocols and advanced security properties," 25th IEEE Computer Security Foundations Symposium, 78-94 (2012).
11. Wang, J., R.K Ghosh and S.K Das, "A survey on sensor localization," Journal of Control Theory and Applications, 8, 2-11 (2010).
12. Wen, T., Y. Zhang, Q. Guo and F.-K. Li, "Dynamic group key management scheme for homogeneous wireless sensor networks," Journal of China Institute of Communications, 33, 164-173 (2012).
13. Yang, L., M. Wu and C. Ding, "An identity-based key agreement scheme for large scale sensor networks," Journal of Electronics (China), 30, 574-586 (2013).
14. Yuan, Z., S. Yongluo and L.S. Keun, "A Cluster-Based Group Key Management Scheme for Wireless Sensor Networks," 12th International Asia-Pacific Web Conference, 386-388 (2010)

Received: May 15, 2014.
Accepted: August 27, 2014.
Recommended by Subject Editor: Jorge Solsona