sensors Article
A Hybrid Key Management Scheme for WSNs Based on PPBR and a Tree-Based Path Key Establishment Method Ying Zhang 1 , Jixing Liang 1 , Bingxin Zheng 1 and Wei Chen 2, * 1 2
*
College of Information Engineering, Shanghai Maritime University, Shanghai 201306, China;
[email protected] (Y.Z.);
[email protected] (J.L.);
[email protected] (B.Z.) Department of Computer Science, Tennessee State University, Nashville, TN 37209, USA Correspondence:
[email protected]; Tel.: +1-615-963-5878; Fax: +1-615-963-5847
Academic Editors: Neal N. Xiong and Xuefeng Liang Received: 17 February 2016; Accepted: 4 April 2016; Published: 9 April 2016
Abstract: With the development of wireless sensor networks (WSNs), in most application scenarios traditional WSNs with static sink nodes will be gradually replaced by Mobile Sinks (MSs), and the corresponding application requires a secure communication environment. Current key management researches pay less attention to the security of sensor networks with MS. This paper proposes a hybrid key management schemes based on a Polynomial Pool-based key pre-distribution and Basic Random key pre-distribution (PPBR) to be used in WSNs with MS. The scheme takes full advantages of these two kinds of methods to improve the cracking difficulty of the key system. The storage effectiveness and the network resilience can be significantly enhanced as well. The tree-based path key establishment method is introduced to effectively solve the problem of communication link connectivity. Simulation clearly shows that the proposed scheme performs better in terms of network resilience, connectivity and storage effectiveness compared to other widely used schemes. Keywords: wireless sensor networks; key management; tree-based; path key establishment; mobile sink
1. Introduction In most of the traditional key management schemes for wireless sensor network, the sink node is fixed, which may cause lots of data storage and forwarding among the sensor nodes, and the keys may have higher risks of being captured [1–4]. Sometimes, with the random deployment, there exist some isolated sensor nodes which cannot communicate with any sink node. Thus, many more sink nodes are usually needed to guarantee reliable data collection, which increases the system cost and energy consumption [5,6]. Mobile Sink (MS) nodes with abundant resources can move within the range of the whole network, which not only reduces the amount of data storage and forwarding, but also decreases the energy consumption and network communication overhead, and meanwhile, it can effectively avoid the appearance of isolated nodes [7–10]. There are many constraints in wireless sensor networks because of the lack of energy resources, limited communication range, low transmission power and poor computing abilities [11–16]. Thus, sometimes nodes cannot use an asymmetric key encryption mechanism during communications, or they cannot get the geographic information after node deployment, or the storage capacity to store more information is limited, and so on. MS nodes will persistently broadcast their own identities on the move, and sensor node within communication range will send data stored in itself to the MS node after receiving the handshaking messages. In case the nodes are captured by an adversary, the adversary can acquire the information transmitted in the network by attacks including forgery, modification, and replay. They can prevent the MS node from receiving date from the sensor nodes, or even reduce the lifetime of the network as well. Sensors 2016, 16, 509; doi:10.3390/s16040509
www.mdpi.com/journal/sensors
Sensors 2016, 16, 509
2 of 18
Existing key management schemes proposed for WSNs cannot solve the problems mentioned above well. First, most schemes are designed for networks with fixed sink nodes, which is not applicable for future application environments. Secondly, the generation and establishment of the keys mostly depend on a single encryption method, so the keys are easily captured and identified, which leads to lower network security. In addition, research on path key establishment and maintenance based on multi-hop links is insufficient for the current key management schemes. Thus in most cases, when the system security is improved, at the same time the connectivity of the network will be decreased. This paper proposes a hybrid key management scheme (PPBR scheme) based on a polynomial pool-based key pre-distribution and basic random key pre-distribution. The scheme combines the advantages of the two protocols, utilizes the t-degree property of polynomials and improves the security of the traditional basic random key pre-distribution scheme. It makes the adversary need to capture a large number of nodes in the network to decode the keys, since it has to possess the polynomial coefficients and random keys at the same time in order to capture the uncompromised nodes. Therefore, the scheme improves the security of the network and enhances the network's ability to resist capture attacks. Furthermore, the proposed scheme puts forward a path key generation method based on the tree-based path key establishment, which regards the MS node as the root in the range of communication. This can deal with the problem of higher nodes’ storage capacity requirements and poor network connectivity. Simulation and analysis prove that the proposed method has better storage efficiency, connectivity and resilience for WSNs with MS compared to other widely used key management schemes. The rest of this article is organized as follows: in Section 2, some background knowledge and related work on key management schemes are introduced. Then, in Section 3, we describe the PPBR key management scheme in detail. Section 4 presents the simulation and results analysis, and finally we conclude the article in Section 5. 2. Related Works Eschenauer and Ghgor were the first to present a key management scheme based on random probability (the so-called basic random key distribution scheme, or E-G scheme [17]) for WSNs, which is the foundation of the other key management schemes. The scheme randomly deposits partial keys on the basis of pre-setting all pairwise keys, so it can greatly decrease the node resources cost on the premise of maintaining a certain connectivity in the network. The basic random key pre-distribution scheme concept can be roughly summed up as the following process: (1)
(2) (3)
Key pre-distribution. The server (usually in the base station) creates a big key pool M and each key has a unique ID identifier. Nodes pre-store K keys randomly selected from the pool and build the key ring. This ensures that two nodes can share at least one of the keys at a certain probability. Shared-key discovery. Each node gets the shared-key by matching the key ring in its own storage with identifier broadcasting. Path key establishment. If the two nodes do not have the shared-key directly, they can develop the path key through the intermediate nodes. The disadvantages of this scheme are obvious, such as the utilization of keys in the key ring is lower, the same key will be established by different nodes, and it will reduce robustness of the system.
Chan et al. [18] proposed an improved random key distribution scheme, called q-composite scheme, which increases exponentially the difficulty for an adversary to destroy the safety link, but it reduces the network connectivity. Choi et al. [19] developed a new robust key predistribution scheme by using keys assigned based on the notion of eigenvalues and eigenvectors of a square matrix of a keys pool. Zhou et al. [20] proposed a key predistribution scheme combining the Chinese Remainder Theorem (CRT) with a LU matrix. The scheme achieves smaller storage overhead and better network
Sensors 2016, 16, 509
3 of 18
resilience. Such schemes can be classified as key pre-allocation schemes based on key pools. They use the same key to establish a session key between the nodes, and it can increase the connectivity when the nodes store a certain number of keys, but the network security is usually not better. Liu et al. proposed a modified scheme in [21] based on the Blundo et al. scheme [22], namely a key predistribution scheme based on polynomial pool, and two possible instantiation schemes were presented. In this scheme, the server randomly generates S bivariate t-degree polynomials: {fi (x,y)}, i = 1,2, . . . S: f px, yq “
t ÿ
aij xi y j “ at0 x t ` apt´1q1 xpt´1q y ` ¨ ¨ ¨ ` a1pt´1q xypt´1q ` a0t yt
(1)
i,j“0
The polynomials have the property f (x,y) = f (y,x) and each aij is different and completely confidential for each node. Prior to the deployment, each node randomly selects m polynomials, where, 1 ď m ď S, and shares polynomials at a certain probability. After nodes are deployed, if two nodes find there exist shared polynomials, they can calculate the direct session key by exchanging the binomial ID identifiers and putting the ID into the binomial, otherwise the two nodes establish a session key with path key agreement. In this scenario, the t-degree polynomial has a safety threshold t (t-degree property), and the key information in other nodes will not be influenced by the captured nodes as long as the number of captured nodes is less than t. The scheme needs to calculate the value of the polynomial during the key establishment, so the computation cost will be increased. However, it will be able to get in return security for the whole network as long as the computational overhead requirement of sensor nodes is satisfied. With increasing network scale, the number of nodes probably captured by an adversary will increase, which makes the polynomial lose its t-degree property easily. The safety threshold can be improved by increasing the degree of the polynomial, but it means that the node’s storage and computational overhead will be significantly higher for the limited resources of sensor nodes. Besides the current ideas for establishing a shared key, Wang et al. [23] presented the multiple asymmetric quadratic form of a polynomial, which generates the session key by the relationship between eigenvalues and eigenvectors of the quadratic form. The modified Liu scheme [24] increases the rate of direct connection by predistributed polynomials in a heterogeneous network. In recent years, many scholars have put forward some combined methods with different predistribution schemes. The Amar scheme [25] combines the polynomial pool-based key pre-distribution with the probabilistic generation key pre-distribution scheme [26]. In fact, the Amar scheme assigns the same number of polynomials and keys in MS and sensor nodes, and it has not fully made use of the heterogeneity of the networks to enhance the security performance of the system. In addition, the Amar scheme establishes communication links only based on the probability, and its connectivity is relatively lower. Huang’s scheme [27] builds the key pairs based on the LEACH protocol, which generates the key pool and ternary polynomial. These kinds of schemes can be classified as key predistribution scheme based on polynomials, and their objective is to establish a unique session key for any two nodes under the condition of having the same polynomial. However, polynomials’ t-degree property makes the scale of the network limited, and its connectivity and security cannot be guaranteed by the limited resources. Tree-routing generation protocols for wireless sensor networks were proposed in [28–30], and they have been used in routing selection, relay configuration and probabilistic top-k queries, but they were only used in static networks. In this paper, the PPBR scheme assigns different number of polynomials and keys in MS and sensor nodes to make the polynomial ring, and the heterogeneity of PPBR will improve its security performance compared to the homogeneity of the Amar scheme. In addition, compared to the method of communication link establishment only based on probability in the Amar scheme, the tree-based path key establishment method in the PPBR scheme can improve the connectivity probability of establishing communication links. We use the tree-based method to establish the path key for key
Sensors 2016, 16, 509 Sensors 2016, 16, 509
4 of 18 4 of 18
and the sensorItnodes who cannot communicate with the MS directly. The dynamic path management. can establish a dynamic indirect communication link between the MStree-based and the sensor key establishment can improve the key management of the network. nodes who cannot communicate with theconnectivity MS directly.for Thekey dynamic tree-based path key establishment can improve the key connectivity for key management of the network. 3. The PPBR Key Management Scheme 3. The PPBR Key Management Scheme 3.1. Network Model and Hypothesis 3.1. Network Model and Hypothesis This article assumes that sensor nodes can temporarily store the sensed data, all the data is This article sensor nodes temporarily data,toallretrieve the data is managed by theassumes network that server in the basecan station, and MSstore nodethe is sensed dispatched and managed the regularly. network server in theenvironment base station,monitoring, and MS node is dispatched to retrieve and collect collect theby data In marine a surveillance ship can be regarded as the data regularly. In marine environment monitoring, a surveillance ship can be regarded as a MS a MS which can converge the monitoring data. In battlefield reconnaissance, a mobile which can converge thecan monitoring data. In as battlefield reconnaissance, a mobile communication communication vehicle also be regarded a MS which can collect the battlefield information vehicle can also be regarded as a MSinwhich can collect the battlefield from the of from the nodes of sensor networks the future informatization war.information The MS contains thenodes sole ID sensor networks in the future informatization war. The MS contains the sole ID identifier of the whole identifier of the whole network, and it has more abundant computation, storage, and energy network, it has more abundant computation, storage, and energyscheme resources than ordinary resourcesand than ordinary sensor nodes. However, the traditional with fixed sink sensor nodes, nodes. However, the traditional scheme with fixed sink nodes, usually requires a large number of usually requires a large number of sink nodes distributed in the network. In addition, the sink nodes distributed in the network. In addition, the heterogeneity on storage space, energy and heterogeneity on storage space, energy and computational ability between fixed sink nodes and the computational ability between sinkdifferent nodes and the ordinary sensor nodes is not so verynode different ordinary sensor nodes is not fixed so very from the heterogeneity between a MS and from the heterogeneity between a MS node and ordinary sensor nodes. A schematic diagram of a ordinary sensor nodes. A schematic diagram of a wireless sensor network with MS is shown in wireless sensor network with MS is shown in Figure 1. Figure 1.
r
Figure 1. 1. A A schematic schematic diagram diagram of of aa wireless wireless sensor sensor network network with with aa mobile mobile sink. sink. Figure
There are mainly three kinds of moving patterns for sink nodes, which includes random route There are mainly three kinds of moving patterns for sink nodes, which includes random route movement [31], fixed route movement [32], and controlled route movement [33,34]. In this article, movement [31], fixed route movement [32], and controlled route movement [33,34]. In this article, the sink node moves among fixed sensor nodes, and collects the monitoring data uploaded by the the sink node moves among fixed sensor nodes, and collects the monitoring data uploaded by the ordinary sensor nodes within their communication range, and the sensor nodes which are out of the ordinary sensor nodes within their communication range, and the sensor nodes which are out of the communication range will be in the sleep mode. In fact, when the MS broadcasts the information communication range will be in the sleep mode. In fact, when the MS broadcasts the information within its communication range, it does not need to know whether the sensor node Si is its neighbor within its communication range, it does not need to know whether the sensor node Si is its neighbor node or not. Many sensor nodes in the network are limited in storage space, communication distance node or not. Many sensor nodes in the network are limited in storage space, communication distance and energy supplies, and they will remain in a static state after deployment. Nevertheless, the MS and energy supplies, and they will remain in a static state after deployment. Nevertheless, the MS node has relatively more abundant resources and is equipped with tamper-proof hardware and node has relatively more abundant resources and is equipped with tamper-proof hardware and safety safety detection equipment, so it is reasonable to assume that generally a MS node would not be detection equipment, so it is reasonable to assume that generally a MS node would not be captured. captured. This kind of network system can implement more complex data fusion, data access, data This kind of network system can implement more complex data fusion, data access, data transmission, transmission, data forwarding and routing service by using a MS with its abundant resources. This data forwarding and routing service by using a MS with its abundant resources. This manner can manner can greatly reduce the communication overhead, and energy consumption in the ordinary greatly reduce the communication overhead, and energy consumption in the ordinary nodes and nodes and effectively avoid generating isolated nodes in the network. effectively avoid generating isolated nodes in the network. The proposed PPBR scheme includes the initialization phase, direct key establishment, path key establishment, the key revocation, update, and the joining in of new nodes. The process of the scheme is shown in Figure 2, and the main steps of key establishment are shown in Figure 3.
Sensors 2016, 16, 509
5 of 18
The proposed PPBR scheme includes the initialization phase, direct key establishment, path key establishment, the key revocation, update, and the joining in of new nodes. The process of the scheme is shown in Figure 2, and the main steps of key establishment are shown in Figure 3. Sensors 2016, 16, 509 5 of 18 Sensors 2016, 16, 509
5 of 18
Figure 2. 2. The process of of the the PPBR PPBR scheme. scheme. Figure The main main process Figure 2. The main process of the PPBR scheme.
Si Si IDMS , IDPk , IDKi IDMS , IDPk , IDKi Hash function Hash function
IDi , IDPk ' , IDKi’ ID i , IDfunction Pk ' , IDKi’ Hash Hash function
Sj Sj
ID j , IDPk ' , IDKi’ ID j , IDPk ' , IDKi’ Hash function Hash function
MS *:hello{IDMS , IDPk , IDKi } MS *:hello{IDMS , IDPk , IDKi }
1) k k1 k 2 k r 1) kr 2 2)k kp k1 f k (kID MS , ID i ) f k ( ID i , ID MS ) 2) k p f k ( ID MS , IDi ) f k ( IDi , ID MS )
K MS Si hash(k || k p ) K MS Si hash(k || k p ) MS *:Req{IDMS , list IDPk M , list ( IDKi ) m , depth 1} MS *:Req{IDMS , list IDPk M , list ( IDKi ) m , depth 1} Si MS:Conf{IDi , IDMS , list IDPk S , list IDKi S ' } Si MS:Conf{IDi , IDMS , list IDPk S , list IDKi S ' } S i * : Re q{IDMS , list IDPk N , list IDKi n , depth 2} S i * : Re q{IDMS , list IDPk N , list IDKi n , depth 2}
S j Si :Conf{ID j , IDMS , list IDPk R , list IDKi R' , depth 3} S j Si :Conf{ID j , IDMS , list IDPk R , list IDKi R' , depth 3} K MS Si hash( K IM1 || K IM 2 ... || K IM i ) K MS Si hash( K IM1 || K IM 2 ... || K IM i )
Figure 3. The steps of key establishment for the PPBR scheme. Figure Figure3. 3.The Thesteps stepsof ofkey keyestablishment establishmentfor forthe thePPBR PPBR scheme. scheme.
The proposed PPBR key management scheme is a combination of the Polynomial Pool-based proposed PPBR key management scheme is a combination of the Polynomial Pool-based key The predistribution andkey Basic Random key predistribution scheme. schemePool-based combines the The proposed PPBR management scheme is a combination of theThe Polynomial key key predistribution and Basic Random key predistribution scheme. The scheme combines the advantages of the two protocols, utilizes the t-degree property of polynomial to improve the security predistribution and Basic Random key predistribution scheme. The scheme combines the advantages of advantages of the two protocols, utilizes the t-degree property of polynomial improve the security of the traditional random key predistribution scheme. In detail, we use the to Polynomial Pool-based of the traditional random key predistribution scheme. In detail, we use the Polynomial Pool-based key predistribution scheme to create the polynomial pool F which includes Sp t-degree bivariate key predistribution to Random create thekey polynomial pool Fscheme which includes Sp t-degree polynomials and usescheme the Basic pre-distribution to create the key poolbivariate K which polynomials and use the BasicofRandom key pre-distribution create the key pool K which contains Sk keys. Regardless the establishments of direct scheme session to keys or path keys, they are all contains Sk calculated keys. Regardless thefunction establishments of direct keys or path keys, It they are the all need to be by the of hash using shared keyssession and shared polynomials. makes
Sensors 2016, 16, 509
6 of 18
the two protocols, utilizes the t-degree property of polynomial to improve the security of the traditional random key predistribution scheme. In detail, we use the Polynomial Pool-based key predistribution scheme to create the polynomial pool F which includes Sp t-degree bivariate polynomials and use the Basic Random key pre-distribution scheme to create the key pool K which contains Sk keys. Regardless of the establishments of direct session keys or path keys, they are all need to be calculated by the hash function using shared keys and shared polynomials. It makes the adversary need to capture a large number of nodes in the network to decode the keys, since it has to compromise the polynomial coefficients and random keys at the same time in order to capture the uncompromised nodes. 3.2. The Initialization Phase The server generates polynomial pool F including Sp t-degree bivariate polynomials, the polynomial can be expressed as Equation (2): f k px, yq “
t ÿ
aij xi y j
(2)
i,j“0
where k “ 1, 2, ¨ ¨ ¨, Sp, and it satisfies f (x,y) = f (y,x). Each polynomial contains a unique identifier IDPk (k = 1,2, . . . ,Sp ), and it creates the key pool K which contains Sk keys. Each key has a unique identifier IDKi (k = 1,2, . . . ,Sk ) as well. Before deployment, the MS node needs to pre-store the following key information: the identifier IDMS , the polynomial ring which consists of M polynomials selected from the polynomials pool F, and the key ring which consists of m keys selected from the keys pool K randomly by the server. On the other hand, sensor nodes need to pre-load the identifier IDi , the polynomial ring which consists of N polynomials selected from the polynomials pool F, and the key ring which consists of n keys randomly selected from the keys pool K by the server. The MS and sensor nodes both need to store the hash function H. 3.3. Direct Key Establishment Stage The sink node broadcasts packets within its communication range while it moves along a fixed path. The information contains its own ID identifier, the polynomial ring and the key ring: MS Ñ*: hello{IDMS ,IDPk ,IDki }. Sensor node Si in the communication range matches the received packets with their own information. If IDPk of the polynomial ring and IDKi of key ring can both be matched, the Si will determine to share the keys with MS. Once MS and Si at least have one shared polynomial and one shared key, they can establish the session key directly by the following process: (1) (2) (3)
If there are r shared keys in the key ring, then k = k1 ‘ k2 ‘ . . . ‘ kr . If there are R shared polynomials in the polynomial ring, then chooses a polynomial fk( x,y) randomly and calculates: kp = fk (IDMS ,IDi ) = fk (IDi ,IDMS ). Finally, the direct session key between MS and sensor nodes can be calculated by the function H: KMS–Si = hash(k||kp ).
In the session key transmission process, we can take the secure transmission method based on the ECC with public-private encryption. The ordinary nodes encrypt the shared key with the public key and the MS decrypts it with the private key, which can ensure the key cannot be decrypted in case the key is intercepted in the transmission process. 3.4. Path Key Establishment PPBR scheme establishes the communication link based on a certain probability, thus there are some nodes which may not be able to communicate with the MS node, and this will reduce the network connectivity. It must establish an indirect communication link in the path key establishment phase when the MS and sensor nodes cannot establish a session key directly. The path key establishment
Sensors 2016, 16, 509
7 of 18
method used in this article is different from the conventional polynomial key management scheme, and it utilizes the tree-based construction method in wireless sensor networks [35]. It builds a tree which regards the sink node as a root within the scope of the sink node’s communication. The schematic Sensors 2016, 509 as Figure 4. 7 of 18 diagram is 16, shown
Figure 4. Path key establishment method via the tree-based construction. Figure 4. Path key establishment method via the tree-based construction.
Suppose that the status and the depth denote whether the nodes are in the range of sink node’s Suppose that thethe status and denote whether nodes are of in status the range sinkare node’s communication and depth of the the depth tree, respectively. Thethe initial values and of depth all 0. communication and the depth of the tree, respectively. The initial values of status and depth are all 0. The steps of the process can be summarized as follows: The steps thebroadcasts process can be summarized as follows: First,ofMS request information to sensor nodes within the scope of communication, First, MS broadcasts request information to sensor nodes within scope of communication, the the information contains MS identifier, ID table (ID identifiers of M the polynomials) of the polynomial information contains MS identifier, ID table (ID identifiers of M polynomials) of the polynomial ring, ring, and ID table (ID identifiers of m keys) of the key ring: MS *: and ID table (ID identifiers of m keys) of the key ring: MS Ñ*: Req{IDMS ,list(IDPk )M ,list(IDKi )m ,depth = 1}. Req{ID MS,list(IDPk)M,list(IDKi)m,depth = 1}. Second, sensor node nodeSSi iwithin withinthe therange range communication value of status 1, Second, sensor of of communication willwill set set the the value of status as 1,as and and match the list(ID and list(ID from MSthe with the polynomials andstored keys Pk )list(ID Ki ) received thenthen match the list(ID Pk) and Ki) received from the MSthe with polynomials and keys stored inside the sensor node. If there are shared polynomials and the keys, the sensor node Si inside the sensor node. If there are shared polynomials and the keys, the sensor node Si makes the makes the value of depth add 1. Then, the sensor node S will send response packets to the MS, the i value of depth add 1. Then, the sensor node Si will send response packets to the MS, the information information contains: sensor nodes ID, mobile node ID, the shared polynomial ID (ID tableidentifiers (ID identifiers contains: sensor nodes ID, mobile node ID, the shared polynomial ID table of S of S polynomials, 1 ď S ď N), and the shared key ID table (ID identifiers of S’ keys, 1 ďSiS’ďMS: n): polynomials, 1 ≤ S ≤ N), and the shared key ID table (ID identifiers of S’ keys, 1 ≤ S’ ≤ n): SRes{ID Ñ MS: Res{ID ,ID ,list(ID ) ,list(ID ) }. MS i i Ki S’ i,IDMS,list(ID Pk )S,list(IDKiPk)S’S}. If there are no shared polynomials If there are no shared polynomials and and the the shared shared keys, keys, the the sensor sensor node node SSii will will discard discard the the broadcast packets from the MS. broadcast packets from the MS. Finally, Si broadcasts request information to its neighbor nodes again, the information Finally,sensor sensornode node Si broadcasts request information to its neighbor nodes again, the includes: MS identifier ID , ID table (ID identifiers of N polynomials) of the polynomial ring, and MS information includes: MS identifier IDMS, ID table (ID identifiers of N polynomials) of the polynomial ID table (ID identifiers of n keys) of the key ring which are all pre-stored in the sensor node: i Ñ *: ring, and ID table (ID identifiers of n keys) of the key ring which are all pre-stored in the sensorSnode: Req{ID ,list(ID = 2}. Pk )N ,list(ID Ki )n ,depth Si *: MS Req{ID MS,list(ID Pk)N,list(ID Ki)n,depth = 2}. In the scope of the node’s communication, will make make the the value value of of depth depth add add 1, 1, In the scope of the node’s communication, the the sensor sensor node node SSii will and send the response information at the same time once finding out the shared polynomials and keys. and send the response information at the same time once finding out the shared polynomials and keys.With the above steps, sensor nodes within the range of communication can be joined into the tree as much possible, that sensor nodes are connectivity by joined establishing a With theas above steps,sosensor nodes within the able rangetoofincrease communication can be into the multi-hop communication to the sink nodes node. The between target node and sourcea tree as much as possible, link so that sensor are session able to key increase connectivity byMS establishing node S can be obtained by the indirect session key K established by the intermediate nodes: i IMi multi-hop communication link to the sink node. The session key between target node MS and source K = hash(K ||K . . . ||K ). IM2 by the indirect MS–SiSi can be IM1 IMi node obtained session key KIMi established by the intermediate nodes: KMS–Si = hash(KIM1‖KIM2…‖KIMi). 3.5. Key Updating and Revocation When the residual energy of sensor nodes is less than a certain threshold, they will automatically report to the MS node, and send disengaging requests automatically. The MS removes the disengaging node’s information from the ID table, and deletes all key information associated with the departing node after sending the MS reply confirmation. When sensor nodes are captured by an adversary, the network will find the compromised nodes by using the intrusion detection
Sensors 2016, 16, 509
8 of 18
3.5. Key Updating and Revocation When the residual energy of sensor nodes is less than a certain threshold, they will automatically report to the MS node, and send disengaging requests automatically. The MS removes the disengaging node’s information from the ID table, and deletes all key information associated with the departing node after sending the MS reply confirmation. When sensor nodes are captured by an adversary, the network will find the compromised nodes by using the intrusion detection mechanism, and then the MS will delete all the information related to the captured nodes. After the MS sets up a session key with sensor nodes, it can communicate with sensor nodes safely with the session key by using a symmetric encryption algorithm. Symmetric encryption algorithms have the advantage of lower energy consumption, but the session key is easy to crack when the same session key is used for a long time, so the session key should be updated regularly. The MS launches a key update at interval of time T, generates a random number r which is encrypted by session key: message = EKMS–Si (r), and then broadcasts the message to the sensor nodes which already had established a session key with the MS. Sensor nodes will receive the message, decrypt the random number r with the corresponding session key, and meanwhile they will complete the key update with the H function: K’MS–Si = hash(KMS–Si ||r). After the updating, the random number r will be deleted. 3.6. Joining Into of the New Nodes When a new node Si joins the network, the unique identifier IDi , N polynomials and n keys which are randomly selected and assigned from the polynomials pool F and the keys pool K by the server respectively, and the hash function H will all be pre-loaded. When the new node is within the communication radius of the MS node, the MS will launch the identity authentication for the new node. After confirming the node’s legality, it will establish a session key by using the method mentioned above. 4. Simulations and Analysis 4.1. Storage Effectiveness Analysis The proposed scheme assigns different number of polynomials and keys in the MS node and sensor nodes, and this reflects the heterogeneity property between the two kinds of nodes. Compared to homogeneous network, for example, Amar scheme assigns the same number of polynomials and keys to MS and sensor nodes. In the case of achieving the same connectivity, the proposed scheme can significantly reduce the storage overhead. The probability P1 of sharing at least one polynomial between MS and sensor node Si can be expressed as Equation (3): P1
“ 1 ´ Ppdo not share any polynomial between MS and Si q ¨ ˛¨ ˛ Sp Sp ´ M ˝ ‚˝ ‚ N M ˛¨ ˛ “ 1´ ¨ Sp ‚˝ Sp ‚ ˝ M N
(3)
where Sp is the size of polynomial pool, M is the size of polynomial ring in MS, and N is size of the polynomial ring in Si . The probability P2 of sharing at least one polynomial between MS and sensor node Si in homogeneous network can be expressed as Equation (4): P2
“ 1 ´ Ppdo not share any ˛polynomial between MS and Si q ¨ ˛¨ Sp Sp ´ S ‚ ˝ ‚˝ S S ˛¨ ˛ “ 1´ ¨ Sp Sp ˝ ‚˝ ‚ S S
(4)
Sensors 2016, 16, 509
9 of 18
where Sp is the size of polynomial pool, and S is the size of polynomial ring in the nodes (including MS and Si ). In this case, MS and sensor nodes store the same size of polynomial ring. For the two different structures of the network, the different values of M, N, S will have different influences on storage overhead, because the more polynomials are stored in a node, the larger the storage space cost will be. We can get the simulation results as shown in Figure 5. Sensors 2016, 16, 509 9 of 18 1
P1: [M,N,S]=[4,1,2] P2: [M,N,S]=[4,1,2] P1: [M,N,S]=[8,2,4] P2: [M,N,S]=[8,2,4] P1: [M,N,S]=[12,3,6] P2: [M,N,S]=[12,3,6] P1: [M,N,S]=[16,4,8] P2: [M,N,S]=[16,4,8]
P(the probability of sharing at least one polynom ial between M S and sensor nodes)
0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 20
30
40
50
60
70
80
90
100
Sp(the size of polynomial pool)
Figure Figure 5. 5. The The probability probability of of sharing sharing polynomial polynomial with with different different S Spp..
This article takes an example of polynomial distribution, and the key distribution method This article takes an example of polynomial distribution, and the key distribution method follows follows the same way. In Figure 5, the parameters set [M, N, S] in four curves from bottom to up are the same way. In Figure 5, the parameters set [M, N, S] in four curves from bottom to up are taken the taken the values as: [4, 1, 2], [8, 2, 4], [12, 3, 6] and [16, 4, 8] respectively, where M, N and S satisfy the values as: [4, 1, 2], [8, 2, 4], [12, 3, 6] and [16, 4, 8] respectively, where M, N and S satisfy the equation: equation: M × N = S2. According to Figure 5, on the premise of ensuring the same sharing probability, M ˆ N = S2 . According to Figure 5, on the premise of ensuring the same sharing probability, we can we can adjust the values of M and N properly to minimize the number of polynomials which are adjust the values of M and N properly to minimize the number of polynomials which are stored in stored in the sensor nodes, and let the MS with more resources store more polynomials. For the sensor nodes, and let the MS with more resources store more polynomials. For example, when example, when [M, N, S] = [16, 4, 8] and the size of polynomial pool Sp = 60, the probabilities to share [M, N, S] = [16, 4, 8] and the size of polynomial pool Sp = 60, the probabilities to share at least one at least one polynomial for homogeneous and heterogeneous networks are: P1 = 0.71 and P2 = 0.7, polynomial for homogeneous and heterogeneous networks are: P1 = 0.71 and P2 = 0.7, respectively. respectively. At this time, although the two probabilities are nearly similar, the number of polynomials stored At this time, although the two probabilities are nearly similar, the number of polynomials by sensor nodes in a homogeneous network is: S = 8, and the number for a heterogeneous network is: stored by sensor nodes in a homogeneous network is: S = 8, and the number for a heterogeneous N = 4. It indicates that the proposed scheme can save sensor node storage space, and it improves the network is: N = 4. It indicates that the proposed scheme can save sensor node storage space, and it storage efficiency by using different disposal schemes for the storage between MS nodes and fixed improves the storage efficiency by using different disposal schemes for the storage between MS sensor nodes. nodes and fixed sensor nodes. The existence of MS nodes makes the fixed sensor nodes’ communication no longer rely too much The existence of MS nodes makes the fixed sensor nodes’ communication no longer rely too on cluster heads. When MS nodes do not communicate with the sensor nodes, the sensor nodes will not much on cluster heads. When MS nodes do not communicate with the sensor nodes, the sensor communicate with each other, and they will remain in sleeping mode, thus reducing the communication nodes will not communicate with each other, and they will remain in sleeping mode, thus reducing overhead among the sensor nodes. However, due to the adoption of the polynomial method, the the communication overhead among the sensor nodes. However, due to the adoption of the protocol will increase the computation overhead relatively in the process of key establishment for polynomial method, the protocol will increase the computation overhead relatively in the process of sensor nodes. In order to improve the robustness of the whole network, it is worthy contributing some key establishment for sensor nodes. In order to improve the robustness of the whole network, it is computation overhead. worthy contributing some computation overhead. 4.2. Connectivity 4.2.1. Directly Establishing Communication Links The probability q of sharing at least one key between MS and sensor node Si can be expressed as Equation (5):
Sensors 2016, 16, 509
10 of 18
4.2. Connectivity 4.2.1. Directly Establishing Communication Links The probability q of sharing at least one key between MS and sensor node Si can be expressed as Equation (5): q
Sensors 2016, 16, 509
“ 1 ´ Qpdo not share any˛key between MS and Si q ¨ ˛¨ S S ´m ‚ ˝ k ‚˝ k m n ˛¨ ˛ “ 1´ ¨ S S ˝ k ‚˝ k ‚ n m
(5) 10 of 18
where Sk is the size of the key pool, m is the size of key ring stored in MS, and n is the key ring size of q 1 Q (do not share any key between MS and Si ) sensor node Si . Therefore, the probability p of MS establishing a direct communication link with sensor Sk Sk m q. In the node Si can be represented as p = P1 ˆ m n Amar scheme, MS and sensor node Si select (5) the same =1 number of polynomial to build the polynomial Sk Sk ring, so the probability p’ of the scheme establishing a direct communication link can be represented m n as p’ = P2 ˆ q. In Figure the them three curves bottom toand topn take values in sequence where 6, Sk is theparameters size of the key in pool, is the size of keyfrom ring stored in MS, is the the key ring size of as follows: sensor node Si. Therefore, the probability p of MS establishing a direct communication link with sensor node Si can be represented as p = P1 × q. In the Amar scheme, MS and sensor node Si select the
Amar scheme: same number of polynomial to build the polynomial ring, so the probability p’ of the scheme
establishing a direct communication link can be represented as p’ = P2 × q. Amar scheme-1: n = 2, Sink the = 111, = 100, S =bottom 2. to top take the values in sequence as In Figure 6, the parameters threemcurves from follows: Amar scheme-2: n = 5, S = 168, m = 100, S = 5. k
Amarscheme-3: scheme: Amar n = 10, Sk =275, m =100, S = 7. Amar scheme-1: n = 2, Sk = 111, m = 100, S = 2. The proposed scheme:
Amar scheme-2: n = 5, Sk = 168, m = 100, S = 5. Amar scheme-3: n = 10, Sk =275, m =100, S = 7.
Proposed scheme-1: n = 2, Sk = 111, m = 100, N = 2, M = 4. The proposed scheme: Proposed scheme-2: n = 5, Sk = 168, m = 100, N = 5, M = 10. Proposed scheme-1: n = 2, Sk = 111, m = 100, N = 2, M = 4. Proposed scheme-3: n = 10, Sk = 275, m = 100, N = 7, M = 14. Proposed scheme-2: n = 5, Sk = 168, m = 100, N = 5, M = 10. Proposed scheme-3: n = 10, Sk = 275, m = 100, N = 7, M = 14.
As shown in Figure 6, the proposed scheme which selects a different number of polynomials As shown in Figure 6, the proposed scheme which selects a different number of polynomials to to store in the sink node and sensor nodes can achieve a higher probability of establishing direct store in the sink node and sensor nodes can achieve a higher probability of establishing direct communication links than scheme which thesame same number of polynomials communication linksthe thanAmar the Amar scheme which selects selects the number of polynomials to store to store in these different in thesenodes. different nodes.
1
Amar scheme-1 Amar scheme-2 Amar scheme-3 1
0.8 0.7 0.6 0.5 0.4 0.3 0.2
0.9 P(the probability of establishing communication link directly )
P(the probability of establishing communication link directly )
0.9
0.1 0 20
Proposed scheme-1 Proposed scheme-2 Proposed scheme-3
40 60 80 Sp( the size of polynomial pool)
0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 20
40 60 80 Sp( the size of polynomial pool)
Figure 6. The probability that MS and sensor nodes directly establish the communication link in
Figure 6. The probability that MS and sensor nodes directly establish the communication link in different size of polynomial ring and polynomial pool when q = 0.99. different size of polynomial ring and polynomial pool when q = 0.99. Meanwhile, the probability that the MS directly establishes a session key with sensor nodes could increase with the increasing number of polynomials and keys stored in sensor nodes, and
Sensors 2016, 16, 509
11 of 18
Sensors 2016, 16, 509
11 of 18
Meanwhile, the probability that the MS directly establishes a session key with sensor nodes could number polynomials and pool. keys stored and could could increase decreasewith withthe theincreasing increasing of the of size of polynomial Figurein7 sensor showsnodes, that the directly decrease with the increasing of proposed the size of scheme polynomial pool. Figure 7 shows that the directly connected probability of the is higher than that of the Amar schemeconnected and Liu probability of the proposed scheme is higher than that of the Amar scheme and Liu scheme, but it scheme, but it is a little bit lower than the modified Liu scheme. The reason is that the modified Liu is a little bit lower than the modified Liu scheme. The reason is that the modified Liu scheme only scheme only considers assigning a different number of polynomials to mobile nodes and fixed considers assigning different number of polynomials to mobile and fixed sensor nodes, while sensor nodes, whileathe proposed scheme also takes into accountnodes the probability of using the shared the proposed scheme also takes into account the probability of using the shared keys simultaneously keys simultaneously to improve the robustness of the network in the process of calculating the to improve the robustness of the network in the process of calculating the direct connectivity. direct connectivity. 1 Amar scheme Liu scheme Modified Liu scheme Proposed scheme
P ( the probability of es tablis hing c om m unic ation link direc tly )
0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0
0
10
20
30 40 50 60 Sp( the size of polynomial pool)
70
80
Figure 7. 7. The The probability probability that that MS MS and and sensor sensor nodes nodes directly directly establish establish the the communication communication link link with with Figure different schemes. different schemes.
4.2.2. Establishing Establishing aa Communication Communication Link Link with with Multi-Hops Multi-Hops 4.2.2. The method methoddiscussed discussedabove abovewill will reduce connectivity of network the network to some In The reduce thethe connectivity of the to some extent.extent. In order order to improve the connectivity, we aintroduce tree-based path key establishment method to to improve the connectivity, we introduce tree-baseda path key establishment method to make as many make as many nodes as possible connect to the tree with the sink node. It defines p(n) as the nodes as possible connect to the tree with the sink node. It defines p(n) as the probability that any sensor probability that anyasensor node Si establishes communication link n hops, so p(n –the 1) node Si establishes communication link withaMS within n hops, sowith p(n –MS 1) –within p(n – 2) will signify – p(n – 2) will signify the probability that sensor nodes can establish communication link with MS probability that sensor nodes can establish communication link with MS within n-1 hops. If we define within n-1 hops. If any we two define the nodes probability anydirectly two sensor nodes Si and Sj can directly the probability that sensor Si andthat Sj can establish a communication link as establish a communication link as p ss, thus the probability of establishing communication link with pss , thus the probability of establishing communication link with MS in only n hops is pss ˆ (p(n – 1) – MS –in n hops pss ×are (p(n – 1) –nodes p(n –in2)). that there areof dthe sensor nodesthen in the the p(n 2)).only Suppose thatisthere d sensor theSuppose communication range sink node, communication range of the sink node, then the probability that sensor nodes cannot establish probability that sensor nodes cannot establish a communication link with the MS in n hops is (1 – pss ˆa communication link the MS in n that hopsnodes is (1 –cannot pss × (p(n – 1) – p(n – 2)))d. The probability that nodes d . with (p(n – 1) – p(n – 2))) The probability establish a communication link within n´1 cannot establish a communication link within n − 1 hops is 1 – p(n – 1). Thus the probability of failing hops is 1 – p(n – 1). Thus the probability of failing to establish communication link within n hops can to establish communication link within n hops can be expressed as Equation (6): be expressed as Equation (6): d
(1 p ( n 1)) (1 pss ( p ( n 1) p ( n 2))) (6) p1 ´ ppn ´ 1qq ¨ p1 ´ pss ¨ pppn ´ 1q ´ ppn ´ 2qqqd (6) The probability that a sensor node can establish a communication link with MS within n hops The probability that a sensor can be derived as Equation (7): node can establish a communication link with MS within n hops can be derived as Equation (7): p ( n) 1 (1 p ( n 1)) (1 pss ( p ( n 1) p ( n 2))) d (7) For simulation convenience, this article discusses the establishment of a communication link within two hops, so Equation (7) can be simplified as Equation (8):
Sensors 2016, 16, 509
12 of 18
ppnq “ 1 ´ p1 ´ ppn ´ 1qq ¨ p1 ´ pss ¨ pppn ´ 1q ´ ppn ´ 2qqqd
(7)
For simulation convenience, this article discusses the establishment of a communication link 12 of 18 within two hops, so Equation (7) can be simplified as Equation (8): Sensors 2016, 16, 509
d d pd “ p1´ppssss p¨ )pq pd 1´1 p1(1´ pq p ) ¨ (1
(8) (8)
S pSp N´N S k n Sk ´ n ˝ ‚ ˝ ‚ N n n N ¨ (1´ )˛ (1 q ¨ p1 ´ ¨ ) , Sp and denote thedenote size ofthe polynomials pool and pool keys where, psspss“p1 ˛ S where, Sk and size of polynomials q,k Sand p and S p S p Sk S k ‚ ˝ ‚ ˝ n N N n and pool respectively, are the size of polynomial ring in stored in the sensor poolkeys respectively, N and n N areand thensize of polynomial ring andring keyand ringkey stored the sensor nodes, nodes, respectively. respectively. ¨
˛
¨
˛
1 Amar scheme(q=0.9),N=2,d=10 Liu scheme Modified Liu scheme
P d ( the probability of establis hing the c om m unic ation link within two hops )
0.9
Proposed scheme(q=0.9),N=2,M=4,d=10
0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0
5
10
15
20 25 30 35 40 Sp( the size of polynomial pool)
45
50
55
Figure 8.8.The Theprobability probabilitythat that a MS sensor nodes establish a communication link within two Figure a MS andand sensor nodes establish a communication link within two hops hops when the number of neighbor when the number of neighbor nodes nodes d = 10.d = 10.
In Figure 8, when the number of neighbor nodes d = 10, the probability of establishing a In Figure 8, when the number of neighbor nodes d = 10, the probability of establishing a communications link within two hops between sensor nodes and MS will reduce with the increasing communications link within two hops between sensor nodes and MS will reduce with the increasing of of the size of polynomial pool, and the probability of establishing a communications link within two the size of polynomial pool, and the probability of establishing a communications link within two hops hops for the proposed scheme will be higher than that in the Amar scheme, Liu scheme and the for the proposed scheme will be higher than that in the Amar scheme, Liu scheme and the modified Liu modified Liu scheme, respectively. Comparing Figures 8 and 9, the probability of establishing a scheme, respectively. Comparing Figures 8 and 9 the probability of establishing a communication link communication link within two hops will increase with the increasing number of neighbor nodes within two hops will increase with the increasing number of neighbor nodes within the communication within the communication range of a MS. As analyzed from the simulation result, the proposed range of a MS. As analyzed from the simulation result, the proposed tree-based path key establishment tree-based path key establishment method improves the probability of establishing a method improves the probability of establishing a communication link significantly. The reason is that communication link significantly. The reason is that it forms a dendroid local network structure it forms a dendroid local network structure within the communication range of mobile nodes. The within the communication range of mobile nodes. The tree-based structure allows the sensor nodes tree-based structure allows the sensor nodes which cannot directly establish session keys with the MS which cannot directly establish session keys with the MS to more easily establish session key with to more easily establish session key with the MS via the intermediate nodes by multi-hops, whereas the MS via the intermediate nodes by multi-hops, whereas the other schemes establish the other schemes establish communication links only based on the probability, which cannot better communication links only based on the probability, which cannot better solve the problem of lower solve the problem of lower connectivity probability. connectivity probability.
Sensors 2016, 16, 509 Sensors 2016, 16, 509
13 of 18 13 of 18 1 Amar scheme(q=0.9),N=2,d=30 Liu scheme Modified Liu scheme
P d ( the probability of es tablis hing the c om m unic ation link within two hops )
0.9
Proposed scheme(q=0.9),N=2,M=4,d=30
0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0
5
10
15
20 25 30 35 40 Sp( the size of polynomial pool)
45
50
55
Figure 9. 9. The Theprobability probabilitythat thata MS a MS and sensor nodes establish a communication link within two Figure and sensor nodes establish a communication link within two hops hops when the number of neighbor nodes d = 30. when the number of neighbor nodes d = 30.
4.3. Resilience Resilience 4.3. Resilience is is an an important important safety safety performance performance index index in in aa key key management management scheme. scheme. It It indicates indicates Resilience the probability probability of of the the exposure exposure of of the the session session keys keys among uncompromised nodes nodes after after the among the the remaining remaining uncompromised some of the nodes are captured. The proposed key management scheme forms a polynomial pool some of the nodes are captured. The proposed key management scheme forms a polynomial pool with withkey thepool. key pool. It makes full the threshold character in the polynomial key scheme, and it the It makes full use ofuse the of threshold character in the polynomial key scheme, and it makes makes the adversary have to crack both the polynomial coefficients and the shared keys the adversary have to crack both the polynomial coefficients and the shared keys simultaneously after simultaneously after a large number of nodes are captured, before it can influence the other a large number of nodes are captured, before it can influence the other uncompromised nodes. This uncompromised nodes. This greatly the robustness network. Normally greatly enhances the robustness of the enhances entire network. Normallyof thethe MSentire is safe, but a large numberthe of MS is safe, but a large number of fixed sensor nodes have the risk of being captured. If there arepx fixed sensor nodes have the risk of being captured. If there are x captured nodes, the probability k captured nodes, k that the key in the key ring could be captured in any pair of that the key in thethe keyprobability ring could pbe captured in any pair of uncompromised nodes can be expressed uncompromised as Equation (9): nodes can be expressed as Equation (9): n x pk “ 1 ´ p1 ´ n q x (9) pk 1 (1 Sk ) (9)
S
k Suppose that the number of captured nodes: x > t (where t denotes the degree of the polynomial). OnlySuppose if the number of captured nodes is greater than the degree of the polynomial, the adversary that the number of captured nodes: x > t (where t denotes the degree of the could have theOnly possibility of cracking the polynomial coefficients. The probability any polynomial polynomial). if the number of captured nodes is greater than the degree of that the polynomial, the fadversary (x,y) is randomly selected by the sensor nodes is n/S , and the probability p that the polynomial is could have the possibility of cracking the polynomial coefficients. The probability that any p k j contained by j nodes in the x captured nodes can be expressed as Equation (10): polynomial fk(x,y) is randomly selected by the sensor nodes is n/Sp, and the probability pj that the polynomial is contained by j nodes in the can ˜ x captured ¸ ˆ ˙ nodes ˆ ˙ be expressed as Equation (10): n jj nx j x´ j x pj “ (10) x n 1 ´n p j j Sp 1 Sp (10) j Sp Sp Therefore, the probability pp of polynomial exposure in the uncompromised sensor nodes can be Therefore, the probability pp of polynomial exposure in the uncompromised sensor nodes can expressed as Equation (11): be expressed as Equation (11): t ÿ p p “ 1 ´ t ppjq (11)
j“0 pp 1 p( j ) j 0
(11)
According to Equations (9) and (11), the probability plink that the safety link is captured can be expressed as Equation (12):
Sensors 2016, 16, 509
14 of 18
According to Equations (9) and (11), the probability plink that the safety link is captured can be Sensors 2016, 16, 509 14 of 18 expressed as Equation (12): plink “ pk ¨ p p (12) plink pk p p (12) The simulation parameters are set as follows: The simulation parameters are set as follows: (1) P1 P1==0.5055 0.5055(N (N==2,2,MM==4,4,Sp Sp = 14, tt == 100), 100), qq ==0.99 0.99(n (n==5,5,SSk k==1000, 1000,mm= =600); 600); (1) (2) P2 P2==0.3335 0.3335(N (N==2,2,MM==4,4,Sp Sp = 22, t == 100), 100), qq ==0.99 0.99(n (n==5,5,SSk k==1000, 1000,mm= =600). 600). (2)
From the the above above simulation simulation results, results, we we can can draw draw the the conclusion conclusion that that the the resilience resilience performance performance From of the proposed scheme is better than that of the basic random predistribution scheme (E-G of the proposed scheme is better than that of the basic random predistribution scheme (E-G scheme), scheme), polynomial predistribution predistribution scheme scheme (Liu (Liu scheme), scheme), and and Amar Amar scheme, scheme, respectively. When the the capture capture polynomial respectively. When probability of a normal communication link is a certain value, the number of permitted captured probability of a normal communication link is a certain value, the number of permitted captured nodes nodes is far than greater the of number of three the other threeFor schemes. For example, when the direct is far greater the than number the other schemes. example, when the direct connectivity connectivity p = 0.33 and the number of captured nodes in the network reaches 650, the probability p = 0.33 and the number of captured nodes in the network reaches 650, the probability that a normal that a normal communication captured is 0.95 as high as about 0.95 in these three schemes (EG communication link is captured link is as is high as about in these three schemes (EG scheme, Liu scheme scheme, Liuscheme), scheme in and Amar in thisiscase, the network is inbut dangerous status, butscheme, for the and Amar this case,scheme), the network in dangerous status, for the proposed proposed scheme, for the capture probability to reach 0.95, the adversary has to capture almost 1300 for the capture probability to reach 0.95, the adversary has to capture almost 1300 sensor nodes. It sensor nodes. It indicates that the resilience ability of the proposed PPBR scheme is better than that indicates that the resilience ability of the proposed PPBR scheme is better than that of the other three of the other schemes. in this scheme adversary wants to capture a schemes. Thethree reason is that inThe thisreason schemeisifthat the adversary wantsiftothe capture a normal communication normal communication link, it must crack the t + 1 coefficients of the polynomial and the link, it must crack the t + 1 coefficients of the polynomial and decrypt the shared keys decrypt among the shared nodes keys among the sensorConsequently, nodes simultaneously. Consequently, it compared is more difficult than the sensor simultaneously. it is more difficult than the schemes above. compared schemes above. Comparing Figures 10 and 11, with the decrease in direct connectivity, for Comparing Figures 10 and 11 with the decrease in direct connectivity, for example, when p is reduced example, when p is reduced from 0.5 to 0.33, the number of permitted captured nodes increases from 0.5 to 0.33, the number of permitted captured nodes increases obviously. When the number of obviously.nodes When number captured nodes isthe greater than a certainofthreshold, the capture captured is the greater than of a certain threshold, capture probability normal nodes will be probability of normal nodes will be pretty high in the E-G scheme, Liu scheme and Amar scheme. pretty high in the E-G scheme, Liu scheme and Amar scheme. The whole network could be in danger Thethe whole could be in dangernodes as theand ratio oftotal the number and network the total as ratio network of the number of captured the numberof of captured nodes of nodes the whole number aofcertain nodes value. of the whole network exceeds a certain value. exceeds EG scheme(k=5,Sk=1000) Liu scheme(s=2,Sp=7,t=100) Amar scheme(k=5,Sk=1000,m=600,s=2,Sp=7,t=100) Proposed scheme(n=5,Sk=1000,m=600,N=2,M=4,Sp=14,t=100)
P link ( the fraction of norm al com m unication link being com prom ised )
1.2 1 0.8 0.6 0.4 0.2 0
0
100
200 300 400 500 600 x ( the number of captured nodes )
700
800
Figure 10. 10.The The probability a normal communication link is when captured whenconnectivity the direct Figure probability thatthat a normal communication link is captured the direct connectivity p = 0.5. p = 0.5.
Sensors 2016, 16, 509 Sensors 2016, 16, 509
15 of 18 15 of 18 EG scheme(k=5,Sk=1000) Liu scheme(s=2,Sp=11,t=100) Amar scheme(k=5,Sk=1000,m=600,s=2,Sp=11,t=100) Proposed scheme(n=5,Sk=1000,m=600,N=2,M=4,Sp=22,t=100)
P link ( the frac tion of norm al c om m unic ation link being c om prom is ed )
1.2 1 0.8 0.6 0.4 0.2 0
0
500 1000 x( the number of captured nodes)
1500
Figure 11. The probability that a normal communication link is captured when the direct Figure 11. The probability that a normal communication link is captured when the direct connectivity connectivity p = 0.33. p = 0.33.
In this paper, sensor nodes can directly or indirectly build a link to a MS. After a round of data In thissensor paper, nodes sensorcan nodes or indirectly build a link to a MS. After a round of links data collection, findcan andirectly appropriate tree-based path to establish communication collection, sensor nodes can find an appropriate tree-based path to establish communication links with with the MS no matter what changes in the topology occur, including nodes’ death, the addition of the no matter what changes occur, including death, addition of new newMS nodes, or dynamic changes in inthe thetopology intermediate nodes. For a nodes’ new round ofthe data collection, the nodes, or dynamic changes in the intermediate nodes. For a new round of data collection, the sensor sensor nodes will also follow the steps in the scheme above. nodes will also follow the steps in the scheme above. 5. Conclusions 5. Conclusions This article puts forward a hybrid key management scheme for wireless sensor networks with This article puts forward a hybrid key management scheme for wireless sensor networks with MS MS based on a polynomial pool and basic random key pre-distribution. A tree-based key discovery based on a polynomial pool and basic random key pre-distribution. A tree-based key discovery strategy strategy was introduced in the path key establishment phase. The proposed scheme takes full was introduced in the path key establishment phase. The proposed scheme takes full advantages of advantages of these two kinds of methods, and comprehensively considers various performances of these two kinds of methods, and comprehensively considers various performances of the system. It the system. It can make full use of the heterogeneity between the ordinary sensor nodes and MS to can make full use of the heterogeneity between the ordinary sensor nodes and MS to save the storage save the storage space of the ordinary sensor nodes by adequately increasing the storage utilization space of the ordinary sensor nodes by adequately increasing the storage utilization rate of the MS on rate of the MS on the premise of satisfying a certain connectivity. In terms of connectivity, it can the premise of satisfying a certain connectivity. In terms of connectivity, it can make the sensor nodes make the sensor nodes link with the MS as much as possible via the tree-based path key discovery link with the MS as much as possible via the tree-based path key discovery phase, thus improving the phase, thus improving the connectivity of the whole network. On the premise of solving the problem connectivity of the whole network. On the premise of solving the problem of the t-degree property of of the t-degree property of the polynomial, the proposed scheme can make it more difficult for an the polynomial, the proposed scheme can make it more difficult for an adversary to capture the sensor adversary to capture the sensor nodes by means of integrating the basic random key predistribution nodes by means of integrating the basic random key predistribution scheme, and it improves the scheme, and it improves the resilience of the sensor network. In most practical application scenarios, resilience of the sensor network. In most practical application scenarios, sometimes the sensor nodes sometimes the sensor nodes are not absolutely fixed, they can move with some certain velocities. In are not absolutely fixed, they can move with some certain velocities. In future work, we will further future work, we will further consider the complex mobile network model. It means we need to consider the complex mobile network model. It means we need to further extend this scheme to the further extend this scheme to the networks with mobile sensor nodes, not only mobile sink nodes. In networks with mobile sensor nodes, not only mobile sink nodes. In that case, we need to evaluate that case, we need to evaluate the influence on key management of topology changes due to the the influence on key management of topology changes due to the relative motion among the sensor relative motion among the sensor nodes, and we need to investigate a secure handover mechanism nodes, and we need to investigate a secure handover mechanism when the communication links are when the communication links are disconnected due to the sensor node movement. Furthermore, disconnected due to the sensor node movement. Furthermore, we will verify the specific performances we will verify the specific performances of the scheme in a practical platform. of the scheme in a practical platform. Acknowledgments: This work was supported by National Nature Science Foundation of China (No. 61273068), and International Exchanges and Cooperation Projects of Shanghai Science and Technology Committee (No. 15220721800).
Sensors 2016, 16, 509
16 of 18
Acknowledgments: This work was supported by National Nature Science Foundation of China (No. 61273068), and International Exchanges and Cooperation Projects of Shanghai Science and Technology Committee (No. 15220721800). Author Contributions: Ying Zhang conceived and designed the research and experiments, and contributed as the lead author of the article; Ying Zhang and Bingxin Zheng wrote the article; Jixing Liang and Bingxin Zheng performed the experiments; Jixing Liang contributed to revising and proofreading of the article; Wei Chen analyzed the data, and gave more valuable suggestion to the research. Conflicts of Interest: The authors declare no conflict of interest.
Appendix Abbreviations Annotation Table Symbols MS F Sp IDPk K Sk IDki ID MS M m IDi N n H r R status depth K MS´Si K I Mi T P1 P2 q p P'
Annotation The mobile sink The polynomial pool The number of polynomials in pool The identifier of polynomial The key pool The number of keys in pool The identifier of key The identifier of MS The number of polynomials in MS The number of keys in MS The identifier of sensor node The number of polynomials in sensor node The number of keys in sensor node The Hash function The number of shared keys The number of shared polynomials Whether the nodes are in the MS' of communication range The depth of the tree The direct session key The indirect session key The period of key update Probability of sharing at least one polynomial between MS and sensor node Probability of sharing at least one polynomial between MS and sensor node in homogeneous network Probability of sharing at least one key between MS and sensor node Probability of MS establishing a direct communication link with sensor node Probability of establishing a direct communication link
References 1. 2. 3. 4.
5. 6.
Shang, F.; Zhou, Y. A survey of key management schemes in wireless sensor networks. Comput. Commun. 2007, 30, 2314–2341. Qin, Z.; Zhang, X.; Feng, K.; Zhang, Q.; Huang, J. An efficient identity-based key management scheme for wireless sensor networks using the bloom filter. Sensors 2014, 14, 17937–17951. [CrossRef] [PubMed] Chen, C.; Lin, I. Location-Aware Dynamic Session-Key Management for Grid-Based Wireless Sensor Networks. Sensors 2010, 10, 7347–7370. [CrossRef] [PubMed] Xiong, N.; Vasilakos, A.V.; Yang, L.T.; Song, L.; Pan, Y.; Kannan, R.; Li, Y. Comparative analysis of quality of service and memory usage for adaptive failure detectors in healthcare systems. IEEE J. Selected Areas Commun. 2009, 27, 495–509. [CrossRef] He, X.; Niedermeier, M.; Meer, H. Dynamic key management in wireless sensor networks: A survey. J. Netw. Comput. Appl. 2013, 36, 611–622. [CrossRef] Xia, Z.; Wang, X.; Sun, X.; Liu, Q.; Xiong, N. Steganalysis of LSB matching using differences between nonadjacent pixels. Multimed. Tools Appl. 2016, 75, 1947–1962. [CrossRef]
Sensors 2016, 16, 509
7.
8. 9. 10. 11. 12. 13. 14. 15. 16. 17.
18. 19. 20. 21. 22. 23. 24. 25. 26.
27. 28. 29. 30. 31.
17 of 18
Wang, J.; Yin, Y.; Kim, J.; Lee, S.; Lai, C. A mobile-sink based energy-efficient clustering algorithm for wireless sensor networks. In Proceedings of the 12th International Conference on Computer and Information Technology (CIT), Chengdu, China, 27–29 October 2012; pp. 678–683. Jiang, S.; Zhang, J.; Miao, J.; Zhou, C. A privacy-preserving reauthentication scheme for mobile wireless sensor networks. Int. J. Distrib. Sens. Netw. 2013, 2013, 913782. [CrossRef] Yin, J.; Lu, X.; Pu, C.; Wu, Z.; Chen, H. JTangCSB: A cloud service bus for cloud and enterprise application integration. IEEE Internet Comput. 2015, 19, 35–43. [CrossRef] Yin, J.; Lu, X.; Zhao, X.; Chen, H.; Liu, X. BURSE: A bursty and self-similar workload generator for cloud computing. IEEE Trans. Parallel Distrib. Syst. 2015, 26, 668–680. [CrossRef] Hoz, E.; Gimenez-Guzman, J.; Marsa-Maestre, I.; Orden, D. Automated negotiation for resource assignment in wireless surveillance sensor networks. Sensors 2015, 15, 29547–29568. [CrossRef] [PubMed] Lloret, J. Underwater sensor nodes and networks. Sensors 2013, 13, 11782–11796. [CrossRef] [PubMed] Xie, S.; Wang, Y. Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wirel. Pers. Commun. 2014, 78, 231–246. [CrossRef] Guo, P.; Wang, J.; Li, B.; Lee, S. A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 2014, 15, 929–936. Xiong, N.; Jia, X.; Yang, L.T.; Vasilakos, A.V.; Li, Y.; Pan, Y. A distributed efficient flow control scheme for multirate multicast networks. IEEE Trans. Parallel Distrib. Syst. 2010, 21, 1254–1266. [CrossRef] Shen, J.; Tan, H.; Wang, J.; Wang, J.; Lee, S. A novel routing protocol providing good transmission reliability in underwater sensor networks. J. Internet Technol. 2015, 16, 171–178. Eschenauer, L.; Gligor, V.D. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (ACM CCS’02), Washington, DC, USA, 18–22 November 2002; pp. 41–47. Chan, H.; Perring, A.; Song, D. Random key pre-distribution schemes for sensor networks. In Proceedings of the 2003 Symposium on Security and Privacy, Pittsburgh, PA, USA, 11–14 May 2003; pp. 197–213. Choi, S.J.; Kim, K.T.; Youn, H.Y. An energy-efficient key predistribution scheme for secure wireless sensor networks using eigenvector. Int. J. Distrib. Sens. Netw. 2013, 2013, 216754. [CrossRef] Zhou, N.; Jing, Q.; Gong, L. Key pre-distribution scheme based on CRT and LU matrix for wireless sensor networks. J. Shanghai Jiaotong Univ. 2012, 46, 1800–1805. Liu, D.; Ning, P.; Li, R. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur. 2005, 8, 41–77. [CrossRef] Blundo, C.; Santis, A.D.; Herzberg, A.; Kutten, S.; Vaccaro, U.; Yung, M. Perfectly secure key distribution for dynamic conferences. Inf. Comput. 1998, 146, 1–23. [CrossRef] Wang, X.; Shi, W.; Zhou, W. A key management scheme based on quadratic form for wireless sensor network. Acta Electron. Sin. 2013, 41, 214–219. Liu, D.; Ning, P.; Du, W. Group-based key pre-distribution for wireless sensor networks. ACM Trans. Sens. Netw. TOSN 2008, 4, 11–18. Rasheed, A.; Mahapatra, R. Key predistribution schemes for establishing pairwise keys with a mobile sink in sensor networks. IEEE Trans. Parallel Distrib. Syst. 2011, 22, 176–184. [CrossRef] Hussain, S.; Kausar, F.; Masood, A. An efficient key distribution scheme for heterogeneous sensor networks. In Proceedings of the 2007 International Conference on Wireless Communications and Mobile Computing, IWCMC’07, Honolulu, HI, USA, 12–16 August 2007; pp. 388–392. Huang, T.; Yang, M.; Cui, G.; Yang, F. Routing scheme of key management in wireless sensor network based on the LEACH. J. Transduct. Technol. 2014, 27, 1143–1146. Villas, L.; Boukerche, A.; Ramos, H.S. A lightweight and reliable routing approach for in-network aggregation in WSN. J. IEEE Trans. Comput. Netw. 2011, 38, 393–422. El-Moukaddem, F.; Torng, E.; Xing, G. Mobile relay configuration in data-intensive wireless sensor networks. IEEE Trans. Mob. Comput. 2009, 12, 261–273. [CrossRef] Ye, M.; Lee, W.; Lee, D. Distributed processing of probabilistic top-k queries in wireless sensor networks. IEEE Trans. Knowl. Data Eng. 2013, 25, 76–91. Anastasi, G.; Conti, M.; Gregori, E. Motes sensor networks in dynamic scenarios: An experimental study for pervasive applications in urban environments. J. Ubiquitous Comput. Intell. 2007, 1, 9–16. [CrossRef]
Sensors 2016, 16, 509
32. 33. 34. 35.
18 of 18
Konstantopoulos, C.; Pantziou, G.; Gavalas, D. A rendezvous-based approach enabling energy-efficient sensory data collection with mobile sinks. IEEE Trans. Parallel Distrib. Syst. 2012, 23, 809–817. [CrossRef] Chang, C.; Lin, C.; Kuo, C. EBDC: An energy-balanced data collection mechanism using a mobile data collector in WSNs. Sensors 2012, 12, 5850–5871. [CrossRef] [PubMed] Guo, J.; Sun, L.; Xu, W. Mobile sink-based data collection scheme for wireless sensor networks. J. China Inst. Commun. 2012, 33, 176–184. Poornima, A.S.; Amberker, B.B. Secure data collection using mobile data collector in clustered wireless sensor networks. IET Wirel. Sens. Syst. 2011, 1, 85–95. [CrossRef] © 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).