Wireless Sensor Network Security Problems and Solutions in Sport Stadium

LI Zhanping1, WANG Long2, LIU Bin3

1. Dept. of P.E., North China University of Science & Technology, Beijing, China

2. Department of Physical, Hebei University, Baoding, China

3. College of Electronics and Informational Engineering, HeBei University, Baoding, China

e-mail: wllbin@sina.com

Abstract: In this paper, firstly, the characteristics analysis of wireless sensor network (WSN) has been car-ried out through analysis. Secondly, the overall assessment involved in the key issues of wireless sensor net-work security has been achieved, and security defense on the wireless sensor network security issues has been implemented. Finally, the pair-wise keying algorithm has been described and analyzed. From above all, the ultimate security solution of wireless sensor network has been proposed.

Keywords: wireless sensor network; security; key algorithm; security defense

1. Introduction

General network of wireless sensor networks nurtured a

new information acquisition and processing techniques. A

typical sensor network has hundreds to millions of sensor

nodes [1]. Each sensor node is typically low-cost, limited

in computation and information storage resources, highly

power constrained, and communicates over a short- range

wireless network interface [2]. These described features

ensure a wide range of applications for sensor networks.

However, it seems that the security issue of sensor net-

works has not been considered as sufficiently as it should

be. Sensor networks compared with the traditional net-

works have the following characteristics [3]: the node dis-

tributions are dense, the node resources are very limited,

and most of the nodes are static. From above, the high

security of the sensor networks is very difficult.

2. Wireless Sensor Network Characteristics and Security Analyses

2.1 Wireless Sensor Network Characteristics and Composition

WSN is a large-scale distributed network, often deployed

in the no maintenance, poor conditions of the environ-

ment, and in most cases, sensor nodes are one-time use.

It is characterized mainly reflected in the following as-

pects: 1) energy is limited; 2) computing power is limited;

3) the storage capacity is limited; 4) the communication

range is limited. In addition, most sensor network topol-

ogy can not be predicted, while the entire network to-

pology, sensor nodes in the network are constantly

changing and a lot of network parameters and keys are

after deployment formed after consultations. Based on

the above analyses, we can see wireless sensor networks

are vulnerable to variety of threats and attacks.

The infrastructure of a WSN can be described as a

combination of two parts: data acquisition network and

data dissemination network [4].

1) Data acquisition network: It is a collection of sensor

nodes and the base station. The base station collects the

information from the motes and forwards control data to

the network environment.

2) Data dissemination network: It is a collection of

wired and wireless networks that provides an interface of

the data acquisition network to a user.

The security model we expect to encounter in current

WSN applications need to consider two kinds of security

namely Inside Security and Outside Security, respec-

tively, in two different network parts (in Data acquisition

network and Data dissemination network).

1) Inside Security: Since data acquisition network part

of WSN use a shared wireless communication medium,

authentication is necessary to enable both the sensor

nodes and BS (Base Station), for detecting the message

that was injected with a malicious intent. This authenti-

cation prevents the attacker from injecting/spoofing

packets. We call these security schemes as Inside Secu-

rity, since it secures the mote–mote, mote–BS and BS–

mote communication.

322978-1-935068-06-8 © 2009 SciRes.

Proceedings of 2009 Conference on Communication Faculty

2) Outside Security: This security concentrates on the

data dissemination network part of the WSN. In this

place, threats may arise from either side i.e., illegitimate

users retrieve information from the network, or a mali-

cious node forces the legitimate user to accept the false

information. The security solution to countermeasure

these threats is referred as Outside Security as it involves

the (outside) user and WSN.

2.2 Security Requirements and Analyses

Various security requirements on wireless sensor net-

works are presented in almost all the related papers. As a

summary, we classify those requirements into three se-

curity levels [5]:

1) Message-Based level. Similar with that in conven-

tional networks, this level deals with data confidentiality,

authentication, integrity and freshness. Symmetric key

cryptography and message authentication codes are nec-

essary security primitives to support information flow

security. Also data freshness is necessarily required as

lots of content-correlative information is transmitted on a

sensor network during a specific time.

2) Node-Based level. Situations such as node com-

promise or capture are investigated on this level. In case

that a node is compromised, loaded secret information

may be improperly used by adversaries.

3) Network-Based level. On this level, more net-

work-related issues are addressed, as well as security

itself. A major benefit of sensor networks is that they

perform in-network processing to reduce large streams of

raw data into useful aggregated information. Protecting it

is critical. The security issue becomes more challenging

when discussed seriously in specific network environ-

ments. Firstly, securing a single sensor is completely

different from securing the entire network, thus the net-

work-based anti-intrusion abilities have to be estimated.

Secondly, such network parameters as routing, node’s

energy consumption, signal range, network density and

etc., should be discussed correlatively. Moreover, the

scalability issue is also important with respect to the re-

deployment of node addition and revocation.

3. Security Components of Wireless Sensor Network

Security components include the following four phases [6].

3.1 Pre-Deployment Phase

Before the deployment the BS chooses a secret . Then

it distributes an identity ( ) and a distinguished se-

cret key

xS

kIDS

)xS( kk IDSHSK to each ( k th) sensor node,

where H is a strong one way hash function.

3.2 Registration Phase

Each user needs to register under BS to access for the

services in future. User sends its identity and regis-

tration request for this purpose. BS computes a secret

token ( ) using its secret as

iID

(IDHiS xS )xii SS .

Then, it returns the computed to the corresponding user

via a secure channel. iS

3.3 Authentication and Group Key Establishment Phase

A user stands some where in the network, and broadcasts

its identity ( ) as a request for service. The motes in

the proximity provide the confidential information in

their hand after authenticating the user.

iID

Step 1: Let m nodes in the user’s periphery. Each sen-

sor node (with identity ) generates a random nonce

, and sendsk

(kIDS

IkN SKEkiikN IDSID ), to BS.

Where, is the symmetric key encryption with

key . Each individual node keeps corre-

sponding to for a valid time period in its buffer.

kIDS

ikN

(.)k

iID

SkE

kSK kIDS

Step 2: BS selects first arrived message

and decrypts (

)( mpp )))(( kiikSKsk IDSIDNED

kK

k HSK

to obtain ,

, using the secret key (IkN

)xSiID kIDS ( kIDS ).

If computed after decryption does not match with

that received (in non-encrypted form), BS rejects that

nonce. If those two matches, BS computes

using.

kIDS

,....,1n ),( '1 pp nn

),....,(),....,( 11 ipiqpp NNRCAnn (1)

ipp Snn ' (2) Finally, BS sends along with the cor-

responding sensor node identities < > to the

user .

'11 ,,...., pp nnn

pIDSIDS ,....,1

iID

Step 3: The user reverse computes the nonce values

using its assigned secret token as in ),....,( 1 ipi NN

ipp Snn ' (3) ),....,(),....,( 11 nnRCANN p

qpiip (4)

The user uses these nonce values as session key with

323 978-1-935068-06-8 © 2009 SciRes.

Proceedings of 2009 Conference on Communication Faculty

the corresponding sensor nodes. To proof its identity, the

user sends ( ) (the encrypted identity with the

nonce ( ) as key) to the corresponding sensor with

identity IDS .

ikNE

k

iID

ikN

Step 4: Each sensor node ( ) accesses the nonce

value ( ) corresponding to from its buffer. It de-

crypts the received information using . If is ob-

tained as result, sensor node ( ) authenticates the

user ( ).

kIDS

iID

IDS

ikN

iID

ikN iID

k

The next phase (secured response phase) needs to be

executed only for legitimate users. Node discards

the information and closes the communication. kIDS

3.4 Secured Response Phase

This phase maintains confidentiality of responses re-

sisting node capturing attack. For this reason, it has been

assumed that each mote has partial information that to be

provided to the user. The correct answer can be deter-

mined using at least s partial correct answers.

4. Key Algorithm Scheme

Key algorithm plays a very key role in deploying secu-

rity strategies of wireless sensor networks [7-9]. In this

section, two different kinds of key algorithms are pre-

sented: probabilistic key distribution and polynomial

pool-based key distribution.

4.1 Probabilistic Key Distribution

Probabilistic key distribution scheme is designed to make

sure that at least a key-shared path exists in “almost cer-

tain” situation. This algorithm scheme picks a random

pool (set) of keys out of the total possible key space.

For each node, keys are randomly selected from the

key pool and stored into the node’s memory. This set

of keys is called the node’s key ring. The number of

keys in the key pool

Sm

Sm

S is chosen such that two random

subsets of size in will share at least one key with

some probability .

m Sp

We abstract a sensor network as a random graph

, with the wireless communication rang limit 'n ,

where denotes the number of sensor nodes, the

probability that a link exists between any two nodes.

Given a desired global probability for graph connec-

tivity,

),( pnGn p

cP

n

Pnp

4.2 Polynomial Pool-Based Pair-Wise Key Pre-Distribution

As addressed above [10,11], a bivariate tdegree polyno-

mial is used to generate keys. However, this polyno-

mial-based key pre-distribution scheme can only tolerate

no more than t compromised nodes, and the value of t is

limited due to the memory constraints of sensor nodes.

The idea of a pool of multiple random bivariate polyno-

mials is desirable. The basic idea of the polynomial

pool-based scheme can be considered as the expansion

on the meaning of “key”. That is, this scheme is also

based on the concept of “key pool”, whereas keys are

expressed as different polynomials.

5. Conclusions

Wireless sensor network security has become a hotspot

of current research. Although research on wireless sensor

networks security has achieved many notable results as

addressed above, more challenges arise due to the con-

tinuous change of requirements. The next step is to im-

prove the existing limitations in order to better meet the

communication security of wireless sensor networks.

6. Acknowledgments

This paper is supported by Natural Science Foundation of Hebei Prov-

ince and project of science and technology of Hebei Province.

References [1] Perrig A, Szewczyk R, Wen V, Culler D, Tygar J.D. SPINS:

Security protocols for sensor networks. In: Proc. of the 7th Annual Int’l Conf. on Mobile Computing and Networks. Rome: ACM Press, 2001. 189−199.

[2] Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E. Wire-less sensor networks: A survey. Computer Networks, 2002, 38(4): 393−422.

[3] Zhu S, Setia S, Jajodia S. LEAP: Efficient security mecha-nisms for large-scale distributed sensor networks. In: Proc. of the 10th ACM Conf. on Computer and Communications Secu-rity (CCS 2003). Washington D.C., 2003. 62−72.

[4] J. Deng, R. Han, S. Mishra, Defending against path-based DoS attacks in wireless sensor networks, in: Proc. ACM Workshop on Security of Ad Hoc and Sensor Networks SASN-2005, 2005, 89–96.

[5] M. Manzo, T. Roosta, Time synchronization attacks in sensor networks, in: Proc. ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2005), 2005, pp. 107–116.

[6] Zhang W, Cao G. Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration-ba- sedapproach. http://www.cse.psu.Edu/~wezhang/papers/paper- infocom05.pdf

[7] Malan D.J., Welsh M, Smith M.D. A public-key infrastructure for key distribution in Ting OS based on elliptic curve cryp-tography.

c))ln(ln()ln( is held. [8] http://airclic.eecs.harvard.edu/publications/secon04.pdf

324978-1-935068-06-8 © 2009 SciRes.

Proceedings of 2009 Conference on Communication Faculty

[9] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. In: Proc. of the IEEE Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society, 2003. 197−213.

[10] Du WL, Wang RH, Ning P. An efficient scheme for auth- en-ticating public keys in sensor networks. In: Proc. of the 6th ACM Int’l Symp. On Mobile Ad Hoc Networking and Com-puting (MobiHoc 2005). Urbana-Champaign: ACM Press, 2005. 58−67.

[11] Eschenauer L, Gligor VD. A key-management scheme for dis-tributed sensor networks. In: Proc. of the 9th ACM Conf. on Computer and Communications Security. Washington DC: ACM Press, 2002. 41−47.

[12] A.Chadha, Y. Liu, S.K. v, Group key distribution via local collaboration in wireless sensor networks, in: Proc. IEEE SECON 05, 2005, 46–54.

325 978-1-935068-06-8 © 2009 SciRes.

Proceedings of 2009 Conference on Communication Faculty