securityinwirelessactoresensornetworks-towardsahierarchicalre-keyingdesign - icit-cc05 - apr05

8/7/2019 SecurityInWirelessActorESensorNetworks-TowardsAHierarchicalRe-KeyingDesign - ICIT-CC05 - Apr05

http://slidepdf.com/reader/full/securityinwirelessactoresensornetworks-towardsahierarchicalre-keyingdesign 1/6

Security in Wireless Actor & Sensor Networks (WASN): Towards A

Hierarchical Re-Keying Design

Fei Hu 1 Xiaojun Cao 2

1: {[email protected]}, Computer Engineering, RIT, 83 Lomb Memorial Dr, Rochester, NY USA2: {[email protected]}, Dept. of Information Technology, RIT, 102 Lomb Memorial Dr, Rochester, NY USA

Abstract – Our work aims to address the challenging security issues inan important information infrastructure – large-scale and low-energyWireless Actuator and Sensor Networks (WASN). Since WASNs havespecific network constraints and data transmission requirements

compared to general ad hoc networks and other wireless/wirednetworks, the security issues need to be tackled accordingly. We

propose to seamlessly integrate WASN security with a promisingrouting architecture that is scalable and energy-efficient. To protect

from active attacks in mobile sensor networks, we propose two-levelre-keying/re-routing schemes that can not only adapt to a dynamicnetwork topology but also securely update keys for each data

transmission session. Moreover, to provide the security for the in-networking processing such as data aggregation in WASNs, we define

a multiple-key management scheme in conjunction with the proposedTree-Ripple-Zone (TRZ) routing architecture.

Keywords – Homeland Security, Wireless Sensor and Actor networks(WASN), Hierarchical Routing

A. Introduction

ecently Wireless Sensor Networks (WSN) have attractedwide attentions in academia. A promising solution called

Wireless Sensor and Actuator Networks (WSANs) has

been proposed to accomplish microclimate contril in buildings, battlefield surveillance, attack detection for homeland security,environmental monitoring, and so on [3]. WSANs, which can

both detect and respond to intrusion and attacks promptly, have

emerged as one of the most important technologies toimplement the vision of a pervasive system that consists of

nomadic computing (through wireless networking protocols)

and smart spaces (through the coordination of sensors and

actuators). In WSANs, sensing the environment and acting on

the information gathered are the means by which the nodesinteract with the physical world. A civilian application example

is the wild fire handling: sensors relay the information about the

exact origin and fire intensity to water sprinkler actuators so thatthe fire can be extinguished before spreading uncontrollably.

Similarly, motion and light sensors in a room can detect the

presence of people and then direct the appropriate actuators toexecute actions based on user pre-specified preferences.

WSANs have some unique characteristics compared to

WSNs (Wireless Sensor Networks), such as real-time sensing

/acting, sensor / actor heterogeneity, and actuator mobility [2].

WSANs typically consist of large-scale low-energy tiny sensorsand a small number of resource-rich actuators that are randomly

distributed among sensors. Sensors send data to local actuator(s)

instead of to a remote sink for real-time control. Compared totiny sensors, actuators typically have higher power, more

memory and stronger calculation capability in order to perform

more complicated tasks such as interacting with remote sink [3]

While WSNs are concerned mainly about sensor-to-sensor

interconnections, in WSANs four types of coordination need to be considered in the same scenario: actuator-to-actuator (A-A)

sensor-to-sensor (S-S), actuator-to-sensor (A-S) (downlink), and

sensor-to-actuator (S-A) (uplink).As pointed out in [3], even though a significant number of

work has been done in WSN, very little research work has beenconducted on WSANs that have the coexistence of actuators andlarge-scale low-energy sensors. There exist many challenging

issues to be addressed in WSANs such as real-time A-S/S-A

routing, A-A mobility management, and so on [2], however, the

focus of this paper is to solve the issue of energy-efficien

security in WSANs.In terms of WSN security issues, the pioneering work on

securing WSN end-to-end transmission is SPINS [4,5]

However, it requires time synchronization among sensors. A

key-pool scheme was suggested in [6] to guarantee that any twonodes share at least one pairwise key with a certain probability

Multiple pairwise keys may be found between nodes by the

schemes proposed in [7-9]. Key pre-distribution schemesutilizing location information were described in [10-12]. Other

WSN security research works include Denial-of-Service (DOS)

attacks [13], routing security [14], group security [15], etc.

The common drawback of the current WSN security

schemes is that they do not integrate security with a hierarchicalow-energy routing architecture, which cannot be applied to

WSANs effectively. In this paper, we will propose a low

energy, scalable WASN security scheme that has closeintegration with a two-level ripple-zone-based WASN routing

architecture. Our goal is to ensure that data can be transmitted

among actuators and sensors with desired security (i.eovercoming network attacks such as eavesdropping and

intrusion). To the best of our knowledge, this is the first attempto solve the security issue that arises from the coordination of S

S, A-A and A-S/S-A communication.

The rest of this paper is organized as follows. Section B

introduces a hierarchical scalable routing architecture. SectionC provides a detailed security implementation and cryptographic

procedure. We present performance analysis and simulatio

results in Section D and E. Finally, Section F concludes the paper with a summary of its major contribution.

R

Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)0-7695-2315-3/05 $ 20.00 IEEE



B. A Scalable Routing Architecture

As the prerequisite of security, we argue that it is very

important to design a hierarchical, energy-efficient routing

scheme compatible with the specific network characteristics of WSAN since security key management needs such a low-energy

routing protocol. The design of security-oriented routing should

address the following concerns: (1) Suitability to unique WSANtopology characteristics; e.g. how do we utilize the small

number of resource-rich actuators to do the most calculation-

intense security tasks while using the large number of resource-

constrained sensors for lighter tasks? (2) Scalability to high-

density WSANs; (3) Energy efficiency in terms of routingoverhead; (4) Favorability in terms of security implementation.

Accordingly, we propose a Ripple-zone-based algorithm to self-

organize sensors into different ‘ripples’ and introduce theconcept of a “Ripple key” to achieve asynchronous broadcast

authentication in our routing scheme (see discussion below).

Our proposed Ripple-zone-based WSAN routing scheme is

as follows [16]: To design a scalable, energy-efficient routingscheme, we have created a Member Recognition Protocol

(MRP) to allow actuators and sensors to self-organize into

separate “domains” with each actuator as the domain center.

After running our MRP, each actuator will be aware of its

domain members. Within the domain of each actuator, wefurther propose the concept of a Ripple-Zone (RZ) around each

actuator, in which sensors are assigned to different “ripples”

based on their distances, in number of hops, from their actuator,and we further choose some sensors as “masters” based on our

self-organized Topology Discovery Algorithm (TDA). Each

“master” aggregates data from the sensors in its zone before ittransmits data to a “master” in a closer “ripple” to the actuator,

i.e. with a smaller number of hops to the actuator (see Figure 1).

Figure 1. Proposed security-oriented Ripple-zone-based Routing

The proposed RZ-based routing architecture is veryimportant in terms of WSAN security scalability and energy-efficiency. Each actuator can aggregate the sensed data from its

domain sensors or send new query commands to some sensors

in its domain. It does NOT need to interact with sensors

belonging to other domains. To reduce data redundancy, a“master” aggregates data from its zone sensors and then sends

data to next master in a nearby ripple. Unlike LEACH [17], our

“masters” use multi-hop communication (i.e. ripple-to-ripple) to

eventually reach an actuator instead of directly transmitting data

to an actuator.

C. Security Implementation

As described in Section B, the proposed WASN routing

protocol self-organizes the whole network into two levels: (1

high-level actuators, and (2) low-level sensors that belong to adomain of a actuator and self-organize themselves into a zone-

ripple architecture. In this section the security protocol used

among high-level nodes is discussed, including actuators and a

sink. A sink can execute all major sensor network management

tasks such as the distribution of keys to each actuator/sensor andcollection of sensed data from sensors. In the High Level MST

(Minimum Spanning Tree)-based backbone architecture, two

types of keys exist: (1) A Session-Key (SK) is used for theencryption/decryption of data packets. (2) A Backbone Key

(BK) is used to secure control packets that include SK re-keying

information.

Figure 2 Two-level key management scheme

(Supernode means actuators)

Figure 2 shows the relationship between these two keys. Note

that SKs need to be re-keyed periodically to defeat activeattacks. However, the BK is refreshed in an event-triggered

way. Typical events include new actuator insertion, node death

or node compromise. The sink can use any well-known group

communication protocol [18,19] to update the BK, i.e. BK-

rekeying. The rest of this section is focused on the re-keying ofSKs since frequent SK renewal during data packet transmission

is crucial to defend against keystream-reuse attacks 1.A unique issue in WASN security is that the selection o

key sharing schemes should consider the impact on in

networking processing [20]. For example, data aggregation isnecessary for reducing communication overhead from redundan

sensed data. If one simply adopts one type of key, i.e., pairwise

1 Keystream-reuse attack : To save energy, a WASN protocol should minimize

the amount of data transmitted. Thus the symmetric stream cipher is a good

choice for WASN security because the size of the ciphertext is the same as that

of the plaintext. A keystream is generated as a function of the message key and

the initialization vector, and is XORed with the plaintext to produce the

ciphertext. Stream ciphers usually encrypt packets with a per-packeinitialization vector (IV), but due to the limited IV space (only 24 bits in IEEE

802.11 WEP), it is vulnerable to practical attacks.




key that is shared between only two nodes, memory limitations

will prohibit a master from maintaining all the keys necessary toaggregate data from its member nodes. Simply building an end-

to-end secure channel between each sensor and the sink is

inadvisable, because intermediate sensors / actuators may needto decrypt and authenticate the data collected from multiple

sensors. Since different types of messages exchanged among

sensor nodes have different security requirements (such as dataaggregation security), a single keying mechanism may not be

suitable for all cases. Thus, multiple keys need to be introduced

in Low Level sensors. Again, one can integrate the key

management with the team’s routing architecture consisting of

zones and ripples. To save security overhead, our schemegenerates a new key based on a family of Pseudo Random

Functions (PRF) {f} as follows: )(' , x f K K x K , where K is

last key and x is a random number.

We have defined multiple types of keys for differentsecurity purposes as follows: (1) Master-to-Actuator Key

(MAK): An MAK is shared between each master and its

Domain Actuator. It is used for direct Master-to-Actuator secure

communication. An MAK is generated based on a Level 1Session Key (SK) as follows: MAK = f SK (Master-ID); (2) Inter-Master Pairwise key (MPK): Occasionally secure channels need

to be established between two masters that belong to two

actuator domains; (3) Sensor-to-master Pairwise Key (SPK): Asensor-to-master pairwise key is shared between a master and

each of the sensors in its zone; (4) Zone Key (ZK): Zone keys

are used for data aggregation and also for the propagation of a

query message to the whole zone. Each ZK is shared among allsensors in the same zone; (5) Ripple Key (RK): A ripple key is

used for broadcast authentication in an actuator domain.

TESLA [5] is not used in our broadcast authentication

due to the following two reasons: (a) TESLA needs loose time

synchronization that is not practical among a large number of low-cost sensors; (b) the delayed release of the authentication

key needs a long-size data packet buffer in each sensor, which isa high requirement due to the very limited memory of a tiny

sensor. These shortcomings are overcome by using a RK that is

shared by all master s belonging to the same ripple. The RK is

determined by the actuator , which sends different RKs for

different ripples through control packets encrypted by the MSK.A actuator will send out a broadcast message that needs to be

authenticated multiple times. Each time the actuator uses a

different RK to encrypt it. Therefore, only the masters in the

corresponding ripple can decrypt it.Security Implementation: A stream cipher RC4 has been

used to implement encryption/decryption algorithm because thestream cipher has a lower complexity of security algorithmcompared to a block cipher. To address the keystream reuse

problem, a sender includes its own sensor_ID into the generated

keystream. For each message sent, the sender increments its

own per-packet initialization-vector (IV) by 1. Keystream

uniqueness can therefore be ensured. The cryptographic procedure will follow the function components as shown in

Figure 3. Please notice that MAC is included for authentication

purposes. In addition, to generate multiple secret keys, the

Pseudo Random Functions (PRF) {f} are adopted to derive new

secret keys based on the current session key SKnow and a random

number x as follows: xSK f KEY now NEW , , the

generation of a x is based on the counter approach in [5].

Figure 3. Cryptographic procedure

D. JiST-based Performance Analysis

JiST (Java in Simulation Time) [21] and SWANS [22]

provide a good starting point for the performance analysis oWASN security. JiST provides the core simulation engine, and

SWANS implements both an efficient Field for propagating

messages and a complete network stack. However certain design

limitations in the base distribution of SWANS create challenges

in developing a WASN simulator that need to be overcomeThere are however, certain problems generated by the SWANS

layer interface definitions. SWANS represents a full-fledged IP

stack, providing the application layer with sockets, allowing formultiple network interfaces (between the Network layer and one

or more MAC layers). In a WASN, such a powerful, general purpose network stack is unnecessary. There are most likel

only one application, one routine protocol, and one pair ofMAC/Physical layers. Message priority and other parameters

are not a concern.

In our WASN security simulation framework (see Figure

4), the underlying SWANS code base was modifiedconsiderably to meet the demands of a wireless sensor network

simulator. The interfaces were modified heavily to allow for a

simpler network stack, more general address and message types




and transmission power adjustment. The SWANS network and

routing layers were removed and replaced by the WASN routingand encryption layer, which are implemented as a single layer

because the encryption protocol is tightly bound to the routing.

The transport layer is removed completely, and the applicationlayer tied directly to the network (routing and encryption) layer.

The MAC layer now implements an acknowledgement for each

packet sent on a hop-by-hop basis, reducing latency in the eventof a packet loss or collision. Finally, a Battery class was

implemented, and hooked into the network and radio layers, to

track the remaining battery energy, as well as the energy spent

on communication and computation (encryption/decryption).

Figure 4. JiST-based security simulation

Based on our JiST-based security simulator, we have

investigated the energy-efficiency of our Ripple-zone-based

security scheme. Figure 5 shows the global network energyconsumption (the sum of all nodes) based on three different

routing schemes: our proposed one, LEACH 17], and general

flat topology. Because we use ripple-to-ripple relay instead of

the direct clusterhead-to-sink communication in LEACH, our

scheme can save much energy than other security

infrastructures.In Figure 6, we show that our master-selection algorithm

has good scalability. Even the network density increases a lot,our algorithm can still select a low amount of sensors as

masters. This characteristic is very important from security

complexity viewpoint since too many masters can lead too manyripples and large inter-zone communication overhead.

Our security scheme uses “control” packets to send keying

information that is used to encrypt “data” packets. It is very

important to guarantee reliable transmission for all “control”

packets. We adopt ripple-to-ripple link recovery scheme to

handle “control” packet losses issue. Figure 7 shows that other

security schemes that are based on ACQUIRE [23] (it simplyuses cluster-to-cluster forwarding) or based on TAG (it uses a

simple spanning tree WSN architecture [24]), have a much

higher control packet loss rate (i.e., key loss rate) than oursecurity scheme that is based on Ripple-zone architecture.

Figure 5. Energy consumption for control / data packets

Figure 6: Density vs. Zones per Actuator Domain

Figure 7. Robustness to wireless transmission errors

Sensor densi

Number of nodes

Control packet loss rate

No. of sensors




Figure 8: Control Packet communication overhead

Figure 8 shows the low communication overhead of oursecurity scheme based on ripple-zone routing architecture

instead of other routing schemes such as LEACH [17] andflooding-based flat topology.

E. Analytical model on security overhead of Our

Scheme

We used a first-order Markov Chain model to analyze thecalculation and communication overhead when incorporating

our security features into Level 1 actuator communications.

0

1

2

34

5

6

7

0 0.1 0.2 0.3 0.4 0.5

Analytical model

Simulation results

In local sensor processing, calculations involving the one-

way hash function consume the most energy [25]. We therefore

focus on the cost of computing hash functions during each re-keying session. An actuator may fail to receive a new session

key, or it may receive an incorrect session key that cannot be

authenticated by using the hash function. Incorrect session keysmay come from opponents attempting Denial-of-service attacks.If the key chain buffer length is n, the probability of key loss is

PLoss, and the probability of key corruption is PCorruption. We

derive the expected times for hash function calculations in a re-

keying cycle, Ere-keying [#_of_hash], as follows [26]:

Corruption Loss

n

i

i

failure

n

nkeying

P P Pwhere

Pi P Pn P

Phashof E

0

1

0

1

0

0

0Re ()1(

2

5.2 _ _#

Assuming PCorruption = 0.25, we vary PLoss from 0.0 to 0.5 and

compare the simulation and analytical results. Figure 9 clearlyshows the validity of our analytical model.

F. Conclusions

This work addressed some challenging security issues in an

important information infrastructure – large-scale and low-

energy Wireless Actuator and Sensor Networks (WASN). Thesalient advantages of this work compared to other related ones

are as follows: (1) Instead of purely focusing on security

research itself as in most of the current literature, we argued tha

WASNs have specific network constraints and data transmission

requirements compared to general ad hoc networks and otherwireless/wired networks. We proposed to seamlessly integrate

WSN security with a promising routing architecture that proves

to be scalable and energy-efficient; (2) To protect from activeattacks in mobile sensor networks, we proposed two-level re

keying/re-routing schemes that can not only adapt to a dynamic

network topology but also securely update keys for each datatransmission session; (3) Due to the importance of secure in-

networking processing such as data aggregation in WASNs, we

defined a multiple-key management scheme closely related to

the proposed Tree-Ripple-Zone (TRZ) routing architecture.

In terms of our future work, it will be interesting toinvestigate tighter integration of security with routing in

WASNs in our future work. For example, if there are no

predetermined supernodes, how can we use wireless backboneconstruction algorithms to select actors or sensors that are

evenly distributed in a WSN in a way that guarantees maximumconnection with neighboring sensors?

References:

[1] James F. Kurose, Keith W. Ross, “Computer Networking, Atop-down approach featuring the Internet,” Pp 74-75, ISBN: 0-201-97699-4, publisher: Addison-Wesley, 2003.

[2] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “ASurvey on Sensor Networks,” IEEE Communications Magazinevol. 40, no. 8, August 2002.

[3] Ian F. Akyildiz and Ismail H. Kasimoglu, “Wireless Sensor and

Actor Networks: Research challenges,” Ad hoc Networks Journa

(Elsevier), (to appear), 2004.[4] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D

Tygar, “SPINS: Security Protocols for Sensor Networks,”Proceedings of Seventh Annual International Conference onMobile Computing and Networks MOBICOM 2001, July 2001.

[5] Adrian Perrig, Robert Szewczyk, Victor Wen, Alec Woo, “Security

for Sensor Network,”http://www.cs.berkeley.edu/~vwen/classes/f2000/cs261/project/sensor_security.html.

[6] Laurent Eschenauer, Virgil D. Gligor. “A key-management scheme

for distributed sensor networks.” Conference on Computer andCommunications Security”. Proceedings of the 9th ACM

Fig.9 Analytical and Simulation Results




conference on Computer and communications security 2002 ,Washington, DC, USA

[7] Haowen Chan, Adrian Perrig, and Dawn Song, “Random KeyPredistribution Schemes for Sensor Networks,” IEEE Symposiumon Research in Security and Privacy, 2003.

[8] Roberto Di Pietro, Luigi V. Mancini, and Alessandro Mei,“Random Key Assignment for Secure Wireless Sensor Networks,”2003 ACM Workshop on Security of Ad Hoc and Sensor

Networks (SASN '03) October 31, 2003 George W. JohnsonCenter at George Mason University, Fairfax, VA, USA.

[9] Wenliang Du, Jing Deng, Yunghsiang S. Han, and PramodVarshney, “A Pairwise Key Pre-distribution Scheme for Wireless

Sensor Networks,” Proceedings of the 10th ACM Conference onComputer and Communications Security (CCS), Washington DC,October 27-31, 2003.

[10] Donggang Liu and Peng Ning, “Establishing Pairwise Keys in

Distributed Sensor Networks,” The 10th ACM Conference onComputer and Communications Security (CCS '03), WashingtonD.C., October, 2003

[11] Donggang Liu and Peng Ning, “Location-Based Pairwise Key

Establishments for Relatively Static Sensor Networks,” 2003ACM Workshop on Security of Ad Hoc and Sensor Networks(SASN '03) October 31, 2003 George W. Johnson Center at

George Mason University, Fairfax, VA, USA.[12] Wenliang Du, Jing Deng, Yunghsiang S. Han, Shigang Chen and

Pramod Varshney, “A Key Management Scheme for WirelessSensor Networks Using Deployment Knowledge,” To appear in

IEEE INFOCOM'04, March 7-11, 2004, Hongkong.[13] Anthony D. Wood, and John A. Stankovic, “Denial of Service in

Sensor Networks,” IEEE Computer, 35(10):54-62, 2002

[14] Chris Karlof and David Wagner, “Secure Routing in WirelessSensor Networks: Attacks and Countermeasures,” First IEEEInternational Workshop on Sensor Network Protocols andApplications, May 2003.

[15] Guiling Wang , Wensheng Zhang , Guohong Cao , and Tom LaPorta, “On Supporting Distributed Collaboration in Sensor

Networks,” MILCOM 2003, October, 2003.[16] Fei Hu and Sunil Kumar, “Energy-efficient Multimedia

Telemedicine Data Transmission in an Integrated MobileComputing Environment,” IEEE Transactions on MobileComputing (Conditionally accepted), 2004.

[17] W.R. Heinzelman, A. Chandrakasan, and H. Balakrishnan,“Energy-efficient communication protocol for wireless

microsensor networks,” IEEE Proceedings of the HawaiiInternational Conference on System Sciences, January 2000, pp.1–10.

[18] H. Harney and C. Muchenhirn, “Group Key Management Protocol

(GKMP) Architecture,” RFC 2094, July 1997.[19] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam, “Batch

Rekeying for Secure Group Communications,” Proceedings of 10th

International Word Wide Web Conference, May 2001.[20] S. Zhu, S. Setia and S. Jajodia. “LEAP: Efficient Security

Mechanisms for Large-Scale Distributed Sensor Networks.” 10th

ACM Conference on Computer and Communications Security(CCS '03), Washington D.C., October, 2003.

[21] Barr, Rimon. "JiST - Java in Simulation Time Users Guide."March 19, 2004 http://jist.ece.cornell.edu/docs/040319-jist-

user.pdf [22] Barr, Rimon. "SWANS - Scalable Wireless Ad hoc Network

Simulator Users Guide." March 19, 2004http://jist.ece.cornell.edu/docs/040319-swans-user.pdf

[23] N. Sadagopan, B. Krishnamachari, and A. Helmy, "The ACQUIRE mechanism for efficient querying in sensor networks", First IEEEInternational Workshop on Sensor Network Protocols and

Applications (SNPA), in conjunction with IEEE ICC 2003, May2003, Anchorage, AK, USA.

[24] S. Madden, M. J. Franklin, J. M. Hellerstein and W. Hong, “TAGa tiny aggregation service for ad-hoc sensor networks”Proceedings of the Fifth Annual Symposium on Operating

Systems Design and Implementation (OSDI), December 2002.[25] Adrian Perrig, Robert Szewczyk, Victor Wen, Alec Woo

“Security for SmartDust Sensor Network,” the whole paper is

available from the following websitehttp://www.cs.berkeley.edu/~vwen/classes/f2000/cs261/project/sensor_security.html.

[26] Fei Hu, Waqaas Siddiqui, “LESS: Light-wEight Security Solution

for Wireless Sensor Networks Based on a Scalable Tree-Ripple-Zone Routing Scheme,” To appear in IEEE Transactions onMobile Computing (special monograph on sensor networks) 2004.


securityinwirelessactoresensornetworks-towardsahierarchicalre-keyingdesign - icit-cc05 - apr05

Documents