HySecNJoining: A Hybrid Secure Node Joining ... - IEEE Xplore

HySecNJoining: A Hybrid Secure Node Joining Algorithm for Wireless Sensor Network Hemanta Kumar Kalita

Avijit Kar

TCS Innovation Lab–Performance Engg Akruti Business Port, Andheri(E), Mumbai Email: [email protected]

Dept of Computer Science & Engg Jadavpur University, Kolkata Email: [email protected]

Abstract—A wireless sensor network consists of several sensor nodes strewn over a large geographic area and base station.Depending upon the routing model used data collected by the sensor node are routed through several hops of the network to the base station. Before a new node becomes operational the base station verifies its authenticity for security reasons. We call this phase as secure joining of a node. The process of secure joining can be as simple as allowing a new node to join by simply verifying its MAC-ID in plain text. However, this simple secure joining is prone to many attacks and therefore, not acceptable to many organizations requiring high grade of security. On the other hand stringent process of secure joining such as multi-level verification of authentication credentials in a secure channel comes with a cost in terms of energy consumption. In this paper we propose a stringent secure joining method which uses the concept of certificate less PKI and symmetric key and goes through multi-level authentication for prevention of flooding attack. Index Terms—WSN, PKI, Authentication, Secure Joining, Symmetric Key

I. I NTRODUCTION In many applications of wireless sensor network (WSN), sensor nodes will be deployed in an ad-hoc fashion, without careful planning. In these cases, the nodes must organize themselves to form a multihop, wireless communication network. While self-organizing it is essential that only the authorized sensor nodes are allowed to join and malicious nodes are barred from joining the network. However, the more stricter the security is, the more will be the cost of the network in terms of energy consumption. Hence it is for the administrator to decide what level of security is required for a particular wireless sensor network. In this paper we propose a scheme based on certificateless PKI for secure joining of a node. The proposed scheme is in the category of high security and assumes high vulnerability of the deployed wireless sensor network. Remainder of this paper is divided into four sections. In section 2 we discuss background or related work. In section 3 we discuss our proposed algorithm. In section 4 we discuss and analyze the results and finally in section 5 conclude the chapter. II. R ELATED W ORK [17] gives an architecture of a self-organizing WSN and c 2011 IEEE 978-1-4244-8953-4/11/$26.00

presents a set of algorithms. [18, 19] provides an overview of the concept of network self-assembly for ad-hoc WSN at the link level. [3] defines self-organizing system as one where a collection of units coordinate with each other to form a system that adapts to achieve a goal more efficiently. [12] proposes a role-based hierarchical self organization algorithm for wireless sensor networks. [4] categorizes self-organization methodologies of Ad-hoc network. [22] suggests public key cryptography may not be suitable for enciphering large amount of data. [5] suggests only symmetric encryption is useful in resource limited environments like WSN. [21] probes into various security requirements with regard to WSN and analyze status quo of the security in WSN. [23] analyzes three complementary WSN applications with the goal of developing a modular toolbox to support an integrated security and reliability architecture for medium and large-scale WSNs. [15] makes a criticial analysis of WSN security and gives a layeredbased classification. [8] presents ECC based lightweight SSL for IP based WSN. [1] analyses public key cryptography for WSN security and suggests that RSA is not well-suited for WSN. [6] proposes an asymmetric key based architecture for WSN. [16] gives an analysis of WSN security management based on ZigBee. [7] presents secFleck, a Trusted Platform Module (TPM)-based public key framework for sensor network. [13] proposes WMNSec, an adaptation of IEEE 802.11i for Wireless Mesh Network with limited CPU power, node mobility and interruption free connectivity. [14] identifies a fault-based attack on RSA authentication scheme. III. P ROPOSED H Y S EC NJ OINING A LGORITHM In this section we discuss our proposed HySecNJoining Algorithm. After deployment when a set of sensor nodes starts self-organizing, the first phase of self-organization is to identify the nearest node for each sensor. We term it as node discovery. Once the node discovery is over, each sensor knows its nearest neighbor. Next step is to allow a (new) node to join the wireless sensor network with proper authentication or no authentication depending upon the security requirements. We term it as secure joining of a new node. HySecNJoining is an algorithm for secure joining of a (new) node. A. Keys Requirements We define the keys in use for HySecNJoining in this section. How these keys are distributed are discussed in [10].

Definition 1: hkki : Hook key of a sensor node i. Hook key is used for hooking (joining) a new sensor node securely to the network. A new node needs to supply its hook key as a joining credential to the base station. A new sensor node can be a node joining for the first time or a node who got disconnected from the network and wants to join again. hkki of a sensor node i needs to be pre-distributed. Definition 2: K1 : One-hop key signified by 1 in K1 . This is a symmetric key that every authorized sensor node and base station needs to possess. This key is used for communication to the neighbor who is just the next hop from the current node. Base station uses K1 for multicasting announcement of a new node’s public key. Since K1 is used for multicasting messages by base station also, hence it is required to be changed frequently and a new node needs to have an updated copy of it. pri pub Definition 3: KA /KA : This is asymmetric key pair of pri pub a sensor node A. KA is known only to A whereas KA is distributed to the authorized sensor nodes by a trusted node pub such as base station. KA is certificateless and otherwise has the same properties as in PKI. For example, if a message is pub encrypted using KA only A can decrypt the message using pri KA . B. HySecNJoining In Hybrid Secure Node Join (HySecNJoining) algorithm we propose to use both symmetric and asymmetric key based method for secure successful joining of a sensor node. This algorithm has two phases: • Phase 1: Neighbor authentication. In neigbor authentication a new node needs to authenticate itself to its neighbor with the help of K1 . In this process both the nodes also exchanges their public keys which is used for further communication between the two [11]. • Phase 2: Authentication by base station. Once authenticated by a neighbor the next step is to request the base station for joining of a new node. Upon successful joining a new node gets the public key of the base station and also its own public key is publicized by the base station. This is needed for secure data communication of the WSN [11]. Neighbor Authentication: In Algorithm 1 we describe steps for neighbor authentication. Note that public keys envisioned in this work is certificate less due to resource constraint sensor node, which is where ’authentication’ of public keys are necessary. In Algorithm 1 we propose neighbor’s public key authentication with the help of a symmetric key K1 . Base station Authentication: In Algorithm 2 we describe steps for base station authentication. For this a new node sends its hook key by encrypting ’Join Request’ message. In this phase a new node has got public key of its nearest neighbor; but it is yet to get the public key of the base station. Therefore, for sending ’Join Request’ to base station, it needs to take help of its neighbor. Neighbor forwards the ’Join Request’ by signing with its own private key and encrypting with the base station’s public key. Base station upon successful

Input : New node A and Discovered trusted node D Output: A and D authenticates and exchanges their public keys 1

2

3

4 5 6 7 8 9

10

11 12 13 14

15

16 17 18

19 20

begin // This joining request is sent by a new node A to its discovered node D for starting communication between themselves. A: begin pub // A sends its public key KA encrypting with K1 . pub e : K1 × KA →C // And, authenticating with pri KA . h:C→H pri e : KA ×H →∆ A→D :C +∆ end D: begin D upon receiving separates C and ∆ // Decrypts C with K1 and pub obtains KA . pub d : K1 × C → KA // Then, it authenticates the message by creating H 0 and H. pub e : K1 × KA → C0 0 0 h:C →H pub d : KA ×∆→H if H = H 0 then pub // That KA has come from A is established. D now responds to A by sending its public key encrypting with the public key of A and authenticating with the private key of D end A: begin A authenticates public key of D // At this stage, A can communicate with D. end end

Algorithm 1: HySecNJoining: Neighbor Authentication

authentication allows the neighbor of a new node to give the base station’s public key to it. Base station also multicasts ’public key’ of the new node to other existing member of the network in the key path. Note that–for multicasting public key of a new node, base station uses K1 for encryption and its private key for authentication (signing). IV. A NALYSIS In our proposed secure joining scheme we introduce neighbor authentication before base station authentication of a new node. Neighbor Authentication prevents any unwanted packets from traveling the network at the first hop itself. So in other words our scheme can determine if a new node is a ’potential’ new joinee to the network before receiving the join request by the base station. However, the final decision lies with the ’base station’ only. In this section we analyze the algorithm discussed in the previous section.

Input : New node A sends its Hook key hkkA to base station B through D. Output: A joins the network on successful authentication by B. 1 2

3 4 5 6 7 8 9 10

A. Estimating Cost In this section we estimate average cost incurred by HySecNJoining algorithm for its security features. Since our scheme is certificate-less, disclosure of public key of a neighbor to a new node and the same for a base station needs to be done with caution. This is necessary to prevent flooding attack, which will cause at least depletion of energy of the node. Also, how to trust the public key of a new node? So, in our scheme we don’t allow a new node to join unless it supplies certain credentials to its neighbor as well as to the base station. In our certificate less PKI scheme customized for resource constrained sensor nodes in WSN, we assume/propose the following: • No digital certificate for Public key. Nodes are rather provided with One hop key and Hook key for validating their public key. Validation is one time activity. • Any intermediary or forwarding node stores a subset of all the public keys of all the nodes. The subset public keys are basically of those nodes which uses the node for communicating to base station (key path). • Any forwarding node validates/authenticates a message coming from a node with the public key available in its store. If it is not available, then it is simply discarded. This prevents two things: Rogue node and Public key verification by talking to CA/KDC (as is done in TLS)1 . • A node can’t (and need not) generate public/private key pair by itself. It has to be generated by the Key Distribution Centre (KDC) and re-keyed with the rekeying algorithm proposed in [10]. • No session keys for communication. So, a sending node will not negotiate a session key, and encrypt the message with the session key2 . This part is avoided by simply

11 12 13 14 15 16

17 18 19 20 21 22 23 24

25 26 27 28 29 30 31

32 1 In

this approach it is accepted that some times a valid node’s forwarding request will be discarded. In that case, it is base station who needs to multicast the Public keys to the Key path nodes. Also if there is change in Public keys, then base station needs to multi-cast the new public key of a node. Otherwise, there will be negative verification by forwarding node as the node signs with the private key of the new public/private key pair. 2 In PKI, session key negotiation is a general practice.

33 34

begin A: begin hkkA of A is now sent to the base station B through D. M ← JoinRequest e : hkkA × M → C pub e : KD × C → C0 h : C0 → H pri e : KA ×H →∆ A → D : C0 + ∆ end D: begin D extracts C of A from C 0 , verifies integrity of the message and forwards C to the base station by encrypting it with the base station’s public key. Till now, new node A does not know the public key of the base station. pub e : KB × C → C 00 00 h : C → H0 pri e : KD × H 0 → ∆0 D → B : C 00 + ∆0 end B: begin Base station B now verifies hkkA from the message M and says ’Yes’ or ’No’ to D if hkkA is V alid then B → D : Y es else B → D : No end D: begin Supply of Base station’s Public Key. if B’s respond is Y es then D gives the public key of base station pub KB to A. And, confirms this to base station. else D rejects A. end B: begin Announcing A’s Public Key. if B gets confirmation from D then B multicasts A’s public key to all nodes in the Key Path. // The multicast message is encrypted using K1 and signed using B’s private key. end Node A has successfully joined the network. end

Algorithm 2: HySecNJoining: Authentication by Base station

TABLE I PKI AND PKI IN WSN Attribute Digital Certificate One hop, Hook Key PK Verification Sender’s PK for authentication or signing Session key for encryption Recipient’s PK for encryption Keypath compression PK Re-keying

Total no of packets sent and received by a trusted node, D:

PKI Yes No Yes (using CA) Yes

PKI (WSN) No Yes No Yes

Yes No (only SK is encrypted) No No (it only expires)

No Yes Yes Yes

encrypting the sending message (of any type) with the public key of the base station. In Table I we compare PKI in general with our proposed certificate less PKI for use in WSN. In HySecNJoining, a new node is required to authenticate itself by submitting its credentials. For this, it requires to send and receive a number of packets which depletes its energy. We estimate roughly how many packets a new node is required to send and receive initially for its successful joining. This estimation will help simulating HySecNJoining algorithm. • A supplies its public key using its credential (One Hop Key) to D: 1 packet (send) • D then supplies its Public key to A or drops the request based upon verification of the credential: 1 packet (receive) • A supplies the Hook key to D using the public key of D: 1 packet (send) • D then supplies the public key of B to A: 1 packet (receive) • Same is confirmed to D: 1 packet (send) • B then multicasts the public key of A to all the nodes in the Key path: 1 packet (receive) Total no of packets sent and received by a new node, A: 6. Note that, for authenticating a new node a trusted member, D is involved and D, in that process needs to send and receive several packets. If D needs to authenticate only single new node, then D needs to send and receive following packets: • D verifies the credential and accepts the Public key of A knowing that it is indeed of A only: 1 packet (receive) • D then supplies its Public key to A or drops the request based upon verification of the credential: 1 packet (send) • A supplies the Hook key to D using the public key of D: 1 packet (receive) • D encapsulates Hook Key of A with the public key of Base station (B) and signs it with its own private key and sends it to Base station: 1 packet (send) • B receives the message, verifies the Hook Key of A and sends the verification result to D: 1 packet (receive) • D then supplies the public key of B to A: 1 packet (send). • Same is confirmed to B: 1 packet (receive), 1 packet (send) • B then multicasts the public key of A to all the nodes in the Key path: 1 packet (receive)

9. Also, an intermediary node falling in the key path needs to receive and forward authenticating packets coming from D to B and from B to D: • Any intermediate node knows Public key of D and hence can verifies the authenticity of the message. Note that to reduce the size of the message, public key of any signing node is not transmitted along with the message: 1 packet (send), 1 packet (receive) • B receives the message, verifies the Hook Key of A and sends the verification result to D: 1 packet (send), 1 packet (receive) • D then supplies the public key of B to A. Same is confirmed to B: 1 packet (send), 1 packet (receive) • B then multicasts the public key of A to all the nodes in the Key path: 1 packet (receive) Total no of packets sent and received by an intermediary node (between D and B): 7. For the nth new node, A to join, (n − 1)th node will be authenticator node, D and remaining nodes (n − 2) will be the intermediary nodes. Hence, total number of packets transmitted and received for the nth new node to join are: 6 + 9 + (n − 2) ∗ 7 = 15 + 7n − 14 = 1 + 7n = 7n(approx.) A new node can’t join the network if its nearest neighbor is not the trusted member of the network. In other words, a new node has to wait till its nearest neighbor becomes a trusted member of the network. Initially, there will be only one new node,A trying to join with base station,B. In that case, B plays both the roles of D and B. Then, there will be 2nd, 3rd, 4th node,etc. And, finally nth new node will join the network. From this observation, we can infer the worst cast scenario for packets sent and received in the network for establishing security credentials. In worst case, there will be X number of packets sent and received by the network for establishing HySecNJoining security credentials, where X = 7(1 + 2 + 3 + 4..... + n) = 7n(n + 1)/2 While estimating energy consumption if we see overall scenario, the total units of energy consumed will be E = XC Where C is cost in terms of energy of a sensor node to send or receive a packet. For simulation of HySecNJoining, we distribute E evenly to the whole network. In other words, E is divided to all the sensor nodes of the network. Therefore, while using HySecNJoining, each sensor node depletes EAvg units of energy, where EAvg = E/n = (X/n)C = [7n(n+1)/2n]C = [7(n+1)/2]C In actual scenario it may not be EAvg . As some nodes may be used repeatedly as authenticator and some nodes will

TABLE II C OMPARISON OF M ODIFIED SNEP AND H Y S EC NJ OINING Modified SNEP Symmetric Master key, hkki No neighbor Authentication Master key, Hook Key pre-distributed Once Master key leaks whole Network is compromised. Layer wise encryption and Authentication.

HySecNJoining Hybrid K1 , ∀i ∈ S, KiP ub /KiP ri , hkki Neighbor Authentication K1 , ∀i ∈ S, KiP ub /KiP ri , hkki pre-distributed Only one node is compromised. Layer wise encryption and Authentication.

not even get a single chance. For example, the ’leaf node’. Since our aim is to estimate and compare overall ’life’ of the network and also we considered worst case scenario, therefore the simulation of HySecNJoining with these assumptions will give a fair idea about the behavior of the algorithm. B. Simulation Test bed For simulation we modify and enhance the Wireless Sensor Network simulator v1.1 designed by [20]. The enhancements are done implementing our proposed algorithms in C# and integrating it with the WSN simulator. The simulation consists of two stages: deploying the network and running simulations. Before deploying the network, the following properties of the network should be set using the configuration sliders. The GUI for the WSN Simulator is shown in Figure 1. • Network Configuration – Network Size: Number of nodes in the network. – Sensor Radius: Proximity range of a sensor in the network. – Sensor Period: Delay period between sensor detection events. – Sensor Cost: The energy cost in detecting a vector and generating a packet. – Transmission Radius: The maximum distance within which two network nodes can communicate. – Transmitter Period: The amount of time required to send a packet. – Transmit Cost: The energy cost in sending a packet. – Receive Cost: The energy cost in receiving a packet. • Routing Parameters – Random: Each node selects a downstream connection randomly for each packet. – Directed: The network routes packets based on the algorithm designed by [2]. Henceforth, we refer this algorithm as AllPath Algorithm. C. Modified SNEP vs. HySecNJoining We compare HySecNJoining (Algorithm 1 and 2) with Modified SNEP [9]. In Table II we compare our proposed schemes for secure joining of a new node. We see that modified SNEP is a simple symmetric key based algorithm. However, it uses a single master key. Once the master key is compromised whole network is compromised. In HySecNJoining we take advantage

of both symmetric and asymmetric key based method. For starting communication, a new node uses one-hop key K1 which is a symmetric key. This prevents any malicious node from starting communication. Again for authentication with the base station this scheme uses hook key, hkki which is again a key pre-distributed to a new node. Hook key keeps on changing. Hence, any new node can’t join if its hook key expires. Same is true for one-hop key also. The public keys of a neighbor and base station is provided to the new node when it is able to authenticate itself successfully. D. Simulation We simulate HySecNJoining using WSN Simulator. In Figure 1 we see how the algorithm is used in deploying a WSN. Note that deployment involves energy consumption and whether we are using HySecNJoining or other scheme the cost of deployment will vary. For example, deployment using HySecNJoining will take more energy than Modified SNEP (See Figure 2). This explains why at the beginning of running the simulator soon after deployment the energy level in the case of HySecNJoining is low.

Fig. 1.

The figure shows WSN deployment using HySecNJoining.

For comparison of the algorithms we take two metrics. They are: total residual energy, and total alive nodes. Starting with the same number of nodes in the same configuration what is the total residual energy and total number of alive nodes of the network after certain time-gives us an idea about overall energy efficiency/performance of the algorithms. 1) Comparison of Total Residual Energy: In this experiment we have tested Modified SNEP and HySecNJoining for overall residual energy of the network in the same network setup.Modified SNEP is better than HySecNJoining in terms of ’energy conservation’(Figure 2). 2) Comparison of Total Alive Nodes: In this experiment we have tested Modified SNEP and HySecNJoining for overall life of the network in the same network setup. Modified SNEP is better than HySecNJoining in terms of ’overall life of the network’(Figure 3). V. C ONCLUSION In this paper we have proposed our secure joining algorithm HySecNJoining. The algorithm eliminates flooding attack and

Fig. 2.

Fig. 3.

Residual Energy comparison–Modified SNEP and HySecNJoining.

Residual Node comparison–Modified SNEP and HySecNJoining.

has the benefits of PKI. HySecNJoining is a complex, hybrid secure joining algorithm and as anticipated consumes more energy as compared to Modified SNEP. Hence, HySecNJoining is suggested for use in a situation where security is high priority for the wireless sensor network. R EFERENCES [1] F. Amin, A. H. Jahangir, and H. Rasifard. Analysis of public-key cryptography for wireless sensor networks security. World Academy of Science, Engineering and Technology 41, 2008. [2] Jae-Hwan Chang and Leandros Tassiulas. Maximum lifetime routing in wireless sensor networks. IEEE/ACM Transactions on Networking (TON), Volume 12 , Issue 4, 2004. [3] Travis C. Collier and Charles Taylor. Self-organization in sensor networks. Preprint submitted to Elsevier Science, 2003. [4] Falko Dressler. Self-organization in ad hoc networks: Overview and classification. Technical Report 02, University of Erlangen, Dept. of Computer Science, 2006. [5] Christine Fotschl and Stefan Rainer. Security versus power consumption in wireless sensor networks. Master’s thesis, School of Information Science, Computer and Electrical Engineering, Halmstad University, 2006. [6] Md. Mokammel Haque, Al-Sakib Khan Pathan, Choong Seon Hong, and Eui-Nam Huh. An asymmetric key-based security architecture for wireless sensor networks. 2008.

[7] Wen Hu, Peter Corke, Wen Chan Shih, and Leslie Overs. secfleck: A public key technology platform for wireless sensor networks. 2009. [8] Wooyoung Jung, Sungmin Hong, Minkeun Ha, YoungJoo Kim, and Daeyoung Kim. Ssl-based lightweight security of ip-based wireless sensor networks. 2007. [9] H. K. Kalita and A. Kar. Secure self organization of wireless sensor network: A new approach. IEEE Explore 978-1-4244-5487-7, 2010. [10] Hemanta Kumar Kalita and Avijit Kar. Key management in secure self organized wireless sensor network: A new approach. 2010. [11] Hemanta Kumar Kalita and Avijit Kar. A new algorithm for end to end security of data in a secure self organized wireless sensor network. 2010. [12] Manish Kochhal, Loren Schwiebert, and Sandeep Gupta. Role-based hierarchical self organization for wireless ad hoc sensor networks. WSNA03, 2003. [13] Georg Lukas and Christian Fackroth. Wmnsec security for wireless mesh networks. IWCMC09, Leipzig, Germany, 2009. [14] Andrea Pellegrini, Valeria Bertacco, and Todd Austin. Faultbased attack of rsa authentication. 2010. [15] Mohit Saxena. Security in wireless sensor networks a layer based classification. Technical report, Purdue University, West Lafayette, IN 47907-2086, 2007. [16] Pehr Soderman. An analysis of wsn security managemant. Master’s thesis, School of Computer Science and Engineering, Royal Institute of Technology, 2008. [17] Katayoun Sohrabi, Jay Gao, Vishal Ailawadhi, and Gregory J. Pottie. Protocols for self-organization of a wireless sensor network. IEEE Personal Communications, 2000. [18] Katayoun Sohrabi, William Merrill, Jeremy Elson, Lewis Girod, Fredric Newberg, and William Kaiser. Scalable self-assembly for ad hoc wireless sensor networks. 2002. [19] Katayoun Sohrabi, William Merrill, Jeremy Elson, Lewis Girod, Fredric Newberg, and William Kaiser. Methods for scalable self-assembly of ad hoc wireless sensor networks. IEEE Transactions on Mobile Computing, 3 (4), 2004. [20] David J. Stein and Esq. Wireless Sensor Network Simulator v1.1, 2005. [21] L. Weimin, Y. Zongkai, C. Wenqing, and T. Yunmeng. Research on the security in wireless sensor network. Asian Journal of Information Technology, 5(3):339–345, 2006. [22] Joel Weise. Public key infrastructure overview. 2001. [23] Dirk Westoff and Amardeo Sarma Joao Girao and. Security solutions for wireless sensor networks. Special Issue : Dependable IT and Network Technology, 2006.