Energy efficient security protocol for wireless sensor ... - CiteSeerX

61 downloads 202697 Views 309KB Size Report
(micro electromechanical systems) technology, combined with low power ..... for 3G Wireless and Beyond Systems”, To appear in the Special Issue of. Computer ...
Energy Efficient Security Protocol for Wireless Sensor Networks Hasan Çam1, Suat Özdemir1, Devasenapathy Muthuavinashiappan1, and Prashant Nair2 Department of Computer Science and Engineering1 Department of Electrical Engineering2 Arizona State University Abstract—Wireless sensor networks consist of many inexpensive wireless nodes, each having sensing capability with some computational and communication power. Asymmetric cryptographic algorithms are not suitable for providing security on wireless sensor networks due to limited computation, power, and storage resources available on sensor nodes. Therefore, the energy-efficient security protocol proposed in this paper uses symmetric cryptographic algorithms to support security. To mitigate the drawbacks of symmetric cryptographic algorithms, the session key is changed dynamically, in addition to employing code-hopping technique in non-blocking OVSF codes. Keywords- NOVSF, OVSF, wireless sensor networks, security, key management

I. INTRODUCTION In the near future, the wireless sensor networks are expected to consist of thousands of inexpensive wireless nodes, each having sensing capability with some computational and communication power. The feasibility of these inexpensive sensor networks is accelerated by the advances in MEMS (micro electromechanical systems) technology, combined with low power, low cost digital signal processors (DSPs) and radio frequency (RF) circuits [1]. Such sensor networks are expected to be widely deployed in a vast variety of environments for commercial, civil, and military applications including surveillance, vehicle tracking, climate and habitat monitoring, intelligence, medical, and acoustic data gathering. Since sensor nodes are severely energy constrained and it is infeasible to replace the batteries of thousands of sensor nodes, the key challenge in sensor networks is to maximize the lifetime of sensor nodes. Therefore, sensing and computation operations of nodes, and communication protocols must be made as energy efficient as possible. Another key issue in wireless sensor networks is to have secure communication between sensor nodes and base station. Unfortunately, only a little research has been reported in the literature so far on sensor network security. This paper presents an energy efficient security protocol for communication in wireless sensor networks. Asymmetric cryptographic algorithms are not suitable for providing security on wireless sensor networks due to the limited computation, power, and storage resources available on wireless sensor nodes. Therefore, symmetric key cryptographic algorithms are employed to support security in wireless sensor

0-7803-7954-3/03/$17.00 ©2003 IEEE.

2981

networks [2]. But these algorithms also compromise security because of limited key length and memory available on the sensor nodes. In this paper, to mitigate this shortcoming of symmetric cryptographic algorithms, code-hopping technique using non-blocking OVSF [3] codes is employed in addition to changing session keys dynamically. Non-blocking Orthogonal Variable Spreading Factor (NOVSF) also increases the utilization of channelization codes in WCDMA without having overhead of code reassignments unlike OVSF. II.

SYSTEM MODEL

This paper considers a hierarchical architecture of sensor networks where data is routed from sensor nodes to base station through cluster heads. Base stations interface sensor network to the outside network. Sensor nodes are assumed to be immobile and also they do not have a specific architecture when deployed over a specific geographic area. However, these nodes organize themselves into clusters, based on self-organizing clustering technique. A cluster head is chosen from each cluster to handle the communication between the cluster nodes and the base station. Sensor nodes are battery powered and their lifetime is limited. Therefore, cluster heads are dynamically chosen initially. In order to have uniform power consumption among all the sensor nodes, cluster heads are then selected based on the remaining battery power. To maximize the lifetime, sensor nodes are in active mode when they sense data from the environment or transmit data to the cluster head otherwise they are put to sleep mode. Base station is assumed to have sufficient power and memory to communicate securely with all sensor nodes and also with the external wired network. Sensor nodes are assigned a secret key (Ki) and a unique ID number that identifies itself in the network. As wireless transmission is not completely trustable, assigning secret keys to sensor nodes in wireless environment is not secure. Hence Ki and sensor IDs are assigned during the manufacturing phase. Base station is then given all the ID numbers and Ki used in the network before the deployment of network. Having a complete list of sensors in the base station protects sensor network from malicious sensor nodes. In addition, base station generates a session key (Kb), at certain time intervals and broadcasts to all sensor nodes. Whenever base station broadcasts a new Kb all the sensor nodes have to re-generate their new secret session keys (Ki, b). The built-in keys in sensor nodes avoid the

distribution if secret keys in the wireless environment as well as providing substantial security. III.

SECURE DATA TRANSMISSION ALGORITHMS FOR WIRELESS SENSOR NETWORKS The security protocol described in this paper achieves secure data transmission on wireless sensor networks by implementing the following five phases in two algorithms: Algorithm A and B are implemented in the sensor nodes and in the base station respectively. 1) Broadcasting session key by base station, performed in algorithm B. 2) Generation of cryptographic keys in sensor nodes, performed in algorithm A. 3) Transmission of encrypted data from sensor nodes to cluster heads using NOVSF code-hopping technique, performed in algorithm A. 4) Appending the ID# to data and then forwarding it to higher level cluster heads, performed in algorithm A. 5) Decryption and authentication of data by the base station, performed in algorithm B. The base station, periodically broadcasts a new session key to maintain data freshness. Sensor nodes receive broadcasted session key Kb and computes their node-specific secret session key (Ki, b) by XORing Ki with Kb. Ki, b is used for all the consequent data encryption and decryption during that session by both algorithms. Since each sensor node calculates Ki, b using its unique built in key, encrypting data with Ki, b also provides data authentication in the proposed architecture. Changing encryption keys time-to-time guarantees data freshness in the sensor network, moreover it helps to maintain confidentiality of transmitted data by preventing the use of the same secret key at all times. During the data transmission, each sensor node appends its ID# and time stamp to the messages to verify data freshness. Additional security in the data communication is obtained by sending the encrypted data using the NOVSF code-hopping technique. The cluster head, when receives the data from the nodes, appends its own ID# before forwarding the data to the base station. This helps the base station in locating the origin of the data. Algorithm A: Implemented in Sensor Nodes Step 1: If sensor node i wants to send data to its cluster head, go to next step, otherwise exit the algorithm. Step 2: Sensor node i requests the cluster head to send the current session key Kb. Step 3: Sensor node i XORs the current session key (Kb) with its built-in key Ki to compute the encryption key Ki, b. Step 4: Sensor node i encrypts the data with Ki, b, and appends its ID# and the time stamp to the encrypted data and then sends them to the cluster head using NOVSF code-hopping technique.

0-7803-7954-3/03/$17.00 ©2003 IEEE.

2982

Step 5: Cluster head receives the data, appends its own ID#, and then sends them to the higher-level cluster head or the base station. Go to step 1. Note: Cluster head appends it own ID# to the data in order to help the base station to locate the originating sensor node. Algorithm B: (Implemented in Base Station) Step 1: Check if there is any need to broadcast the session key Kb to all the sensor nodes. If so, broadcast Kb to all sensor nodes. Step 2: If there is no need for a new session key then check if there is any incoming data from the cluster heads. If there is no data being sent to the base station go to step 1 after the session is complete. Step 3: If there is any data coming to the base station then compute the encryption key, Ki, b, using the ID# of the node and the time stamp within the data. Base station then uses the Ki, b to decrypt the data. Step 4: Check if the current encryption key Ki, b has decrypted the data perfectly. This leads to check the creditability of the time stamp and the ID#. If the decrypted data is not perfect discard the data and go to step 6. Step 5: Process the decrypted data and obtain the message sent by the sensor nodes. Step 6: Decides whether to request to all sensor nodes for retransmission of data. If not necessary then go back to step 1. Step 7: If a request is necessary send the request to the sensor nodes to retransmit the data. When this session is finished go back to step 1. IV. NOVSF CODE HOPPING TECHNIQUE Due to resource constraints, the biggest challenge in sensor network security protocols is the implementation of cryptographic primitives. This challenge might require sacrificing some security to achieve feasibility; like using small keys or weak cryptographic algorithms. Hence, to provide complete security, we introduce the NOVSF code-hopping technique without utilizing additional power for implementation. In this paper, algorithm A uses NOVSF codehopping technique to improve security and spectral efficiency on wireless sensor networks. In NOVSF codes, each OVSF code has 64 time slots such that any number of these timeslots can be assigned to a channel. The proposed NOVSF codehopping technique takes advantage of these time slots by assigning data blocks to time slots using different permutations in every session. Base station periodically sends out different mapping permutations to cluster heads. An example mapping of data blocks to time slots is shown in Figure 1.

small algorithm, but it is not as secured as Rindajel. DES also uses large lookup tables and hence could not be considered. Finally, we decided on Blowfish [7]. Mini version of Blowfish is implementable on 8-bit processor with a minimum of 24 bytes of RAM (in addition to the RAM required to store the key) and 1 kilobyte of ROM [7]. The performance analysis results for these cryptographic algorithms are presented in Table 2. Because of implementation easiness, a P3 750 MHz i586 desktop is used for performance analysis.

Block 1 Block 2 Block 3 Block 4 Block 5 Block 6 Block 7 Block 8

NOVSF NOVSF NOVSF NOVSF NOVSF NOVSF NOVSF NOVSF slot 1 slot 2 slot 3 slot 4 slot 5 slot 6 slot 7 slot 8

Figure 1. Mapping data blocks to NOVSF time slots where data blocks are transmitted in the following order in time: block 3, block 1, block 5, block 2, block 7, block 4, block 6, and block 8, assuming that these eight blocks are available in buffer.

In algorithm A, before sensor nodes send data to base station, they first encrypt data as explained above then apply the NOVSF code-hopping technique. By this code-hopping the malicious user would have to first find the mapping pattern for that particular session and then try decrypting the data using the secret symmetric key, which makes the data transmission more secure. The advantage of this technique is that it increases communication security without requiring additional energy. The additional mapping data blocks to NOVSF code slots is accomplished by adding a multiplexer to the system.

V.

IMPLEMENTATION

In the implementation of algorithm A and B we use prototype sensor nodes of Smart Dust project [4]. As shown in Table 1 these sensor nodes are resource constraint in every sense. Considering restricted resources the cryptographic primitives used in sensor networks must be chosen carefully in terms of their code size and energy consumption. Therefore, we evaluated several cryptographic algorithms to be used for encryption and decryption. It is observed from the analysis that code space can be saved by using same cipher for both encryption and decryption. TABLE I.

Storage

512 bytes EEPROM 916 MHz radio 10 Kilobits per second

Operating System

TinyOS

OS code space

3500 bytes

Available code space

4500 bytes

One of the algorithms we considered was AES algorithm Rindajel [5]; Rindajel is a very fast algorithm but requires at least 800-byte memory space for lookup tables. TEA [6] is a

0-7803-7954-3/03/$17.00 ©2003 IEEE.

PERFORMANCE ANALYSIS RESULTS FOR CRYPTOGRAPHIC ALGORITHMS.

TEA

128

Total Time for 16B data input (Microsecond) 8.402185

AES

128

7.639798

2094.296

DES

56

8.218642

1946.794

Blowfish

128

7.781995

2056.028

Algorithm Key Length (bit)

2983

Throughput (Kbps) 1904.267

The cryptographic algorithm, Blowfish, necessitate 1KB memory; in addition to that we need 400-Byte for key setup. CBC-MAC also requires 580-Byte in the smallest case [2]. The total memory space cryptographic primitives are around 2KB (Table 3), and this amount acceptable for Smart Dust sensor nodes. TABLE III.

MEMORY SPACE CONSUMPTION (IN BYTES) MAC operations Key Setup 580

VI.

8K Instruction flash

Bandwidth

TABLE II.

1000

8-bit, 4 MHz 512 bytes RAM

Communication

In both algorithms, CBC-MAC [9] protocol is used to provide data integrity, where as node authentication is granted by using periodically changing user specific session keys, Ki, b, and NOVSF codes assigned to each node.

Encryption

CHARACTERISTICS OF SMART DUST SENSORS [4].

CPU

The amount of computational energy consumed by a security function on a given microprocessor is primarily determined by the number of clocks needed by the processor to compute the security function. The number of clocks necessary to perform the security function mainly depends on the efficiency of the cryptographic algorithm [8]. The last column of Table 2 reflects the power consumption, which is relative to the efficiency of the algorithms.

400

Total Memory Consumption 2080

CONCLUSION

In this paper, we have designed an energy efficient security protocol for wireless sensor networks by using symmetric key cryptography and NOVSF code-hopping technique. We identified the need of energy efficiency in a resource limited wireless sensor networks. Hence we considered efficient and small cryptographic algorithms in our design, which can be used unaltered, irrespective of the network size. To save memory space, the same cryptographic algorithm is used for encryption and decryption. Due to the limited resources in sensor networks, symmetric key cryptographic algorithms cannot be employed without

sacrificing some aspects of the algorithms, like key length or number of encryption rounds. In order to overcome these shortcomings and to reduce interference in data transmission, NOVSF code-hopping technique is introduced. Using NOVSF codes provide better spectral efficiency to the system. It takes advantage of the time slots and assigns data blocks to different time slots in every session. The scrambling of data blocks can be implemented using a multiplexer in the system. Finally, to make the proposed security protocol suitable for data aggregation and routing in wireless sensor networks, we have also proposed a new energy efficient data aggregation protocol [10]. REFERENCES [1]

[2]

A. Sinha and A. Chandrakasan, “Dynamic power management in wireless sensor networks” IEEE Design and Test of Computers, pp. 6274, March-April 2001. A. Perrig, R. Szewczyk, J.D. Tygar, V. Wen, and D.E. Culler, “SPINS: Security protocols for sensor networks”, Wireless networks 8,521-534, 2002, Kluwer Academic Publications.

0-7803-7954-3/03/$17.00 ©2003 IEEE.

2984

[3]

H. Cam, “Nonblocking OVSF Codes and Enhancing Network Capacity for 3G Wireless and Beyond Systems”, To appear in the Special Issue of Computer Communications on "3G Wireless and Beyond For Computer Communications", Spring 2003. [4] K.S.J. Pister, J.M. Kahn and B.E. Boser, Smart dust: “Wireless networks of millimeter-scale sensor nodes” (1999). [5] J. Daemen and V. Rijmen, AES proposal: Rijndael (1999). [6] S.P.Miller, C. Neuman, J.I. Schiller and J.H. Saltzer, Kerberos authentication D. Wheeler and R. Needham, “TEA, a Tiny Encryption Algorithm” (1994) http://www.ftp.cl.cam.ac.uk/ftp/papers/djw-rmn/djwrmn-tea.html [7] B. Schneier “Fast Software Encryption”, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204. [8] D.W. Carman, P.S. Kruus and B.J. Matt “Constraints and approaches for distributed sensor network security”, NAI Labase station Technical Report No. 00-010 (2002) [9] National Institute of Standards and Technology (NIST), DES model of operation, Federal Information Processing Standards Publication 81 (FIPS PUB 81) (1981). [10] H.Cam, S.Ozdemir, P.Nair, and D. Muthuavinashiappan “ESPDA: Energy-efficient and secure pattern based data aggregation for wireless sensor networks”, in press, IEEE Sensors 2003, Toronto, Canada.