A Novel Cluster Reformation Scheme to Improve Key Pre distribution for Wireless Sensor Networks

Kishore R, Radha S, Dipika G, Pavithra A, Aarthi R

Department of ECE, Sri Sivasubramaniya Nadar College of Engineering, Chennai, India {kishorer, radhas}@ssn.edu.in, {dipikagc, pavithra.arun.0101, aarthi.8288}@gmail.com

Abstract -Wireless sensor networks are becoming increasingly popular, as their usage is extended to a wide range of applications. Security plays a pivotal role in wireless sensor networks, as the data handled by the network are often sensitive. Since the network is vulnerable to various types of attacks there is a need to build efficient security services in them for secure data communication. The processing and energy limitation of the sensor nodes pose a greater challenge and make the implementation of complex security measures impossible. A variety of key pre distribution schemes were proposed in the literature to provide security in wireless sensor networks. Inspite of various improvements in the key distribution schemes the nodes are still getting compromised and a separate mechanism is not provided to filter out the malicious node. In this paper a mathematical model for novel cluster reformation technique is proposed to improve the key pre distribution scheme along with the malicious node detection and removal. Here the process of manipulation of information in the key spaces is included along with regrouping of nodes to improve the resilience of the network. Cluster reformation significantly decreases the number of nodes which provide the intruder with useful information thereby decreasing the chances of the network getting compromised .The results show that the cluster gets reformed effectively as the number of nodes getting compromised approaches the threshold i.e. the value above which there is a possibility of the entire communication getting compromised. Keywords - Security, Key Predistribution Schemes, Wireless Sensor Networks, Key Manipulation

I. INTRODUCTION

Wireless sensor network comprises of thousands of minute sensor nodes designed to sense environment and collect data in an infrastructure less environment. These networks have variegated applications in fields including military, medicine, large machinery, bottom of an ocean, contaminated fields and domestic purposes. Evidently, they work in remote unattended areas and thus these applications require sensitive data to be transferred through the network, thereby raising security concerns. WSN works with limited capabilities, the toughest constraints being limited available energy, memory, computing power, communication bandwidth and also communication range. Moreover they operate in hostile environment thereby making the network prone to multiple kinds of security attacks.

Although many researches have been conducted in this area, the WSN security needs constant improvement to guarantee secure communication. Secure data communication is possible by establishing secret keys between the sensor nodes by using various available key agreement schemes. Having a trusted server is one such scheme, in which case, the data is always transmitted through the trusted party. However, a WSN cannot rely on any trusted server in a hostile environment, thereby ruling out the option. Many other schemes employ complex encryption and decryption of data to provide security. Few of such kind include RSA algorithm and Diffie Hellman. Due to limited capabilities of sensor nodes, these schemes involving large amount of computation, cannot be used in WSN. Another important key agreement scheme is key pre distribution in which keys are distributed among the sensor nodes prior to deployment. In this case if the knowledge regarding the position and neighborhood of the nodes are known, the keys to be stored in each sensor node can be reduced. However, such schemes that rely on prior deployment knowledge are not suitable as sensor nodes are distributed randomly in most of its applications.

A more apposite solution is to let all the nodes carry a master secret key, which is used by any two nodes for computing a new pair-wise key. Clearly, in this case, the capturing of one node means the security of the entire network is at stake. The master key can be kept more securely by using a tamper resistant hardware. But this would mean an increase in cost and energy consumption. Another key pre distribution scheme involves every node sharing a unique key with every other node in the network. Though this method is extremely secure and demands the intruder to capture all the nodes in the network to compromise the whole network, it consumes a large amount of memory. For instance, in a network comprising of N nodes, each sensor node has to carry (N-1) keys. These drawbacks were overcome in an improved key predistribution which involves random key distribution known as the EG and DDHV schemes.

In the EG scheme [1], each node is allotted a few keys (called a key ring) selected from a randomly generated key pool. Whenever a link has to be established the nodes can compute their pair wise key from their respective key rings, if they share at least one key in common. The DDHV scheme

2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies

978-0-7695-3915-7/09 $26.00 © 2009 IEEE

DOI 10.1109/ACT.2009.44

145

[2], is basically a development of the Blom’s scheme. It involves allocation of key spaces for every sensor node, randomly selected from a larger key space. The major disadvantage in the above scheme is that, only few nodes are required to be captured to compromise the whole network. To overcome this drawback, a new key pre-distribution scheme with clustering approach is proposed. Here the process of regrouping the nodes is included which also involves the manipulation of information in the key spaces, thereby increasing the resilience.

The rest of the paper is organized as follows. An overview of the DDHV scheme is presented in the next section. In section III, the proposed scheme is elaborated. The results of this scheme are discussed in section IV. Section V gives the conclusion and the further work of the proposed scheme.

II. DDHV SCHEME

The DDHV scheme combines the Blom’s scheme with random key pre-distribution. The main difference between the two schemes is the use of multiple key spaces in the DDHV scheme as against a single key space in the Blom’s scheme. This is mainly done to improve the network resilience, thereby increasing the security of the network. Initially ω key spaces are generated using the Blom’s scheme and from the ω spaces, τ key spaces are selected for each sensor node. If two nodes carry key information from a common space, they can compute their pairwise key from the information; when two nodes do not carry key information from a common space, they can conduct key agreement via other nodes that share pairwise keys with them. Secure link is formed following the key agreement phase. A. Key Generation phase

The DDHV scheme generates key spaces using Blom’s scheme [6]. According to this, the base station generates a

N×+ )1(λ matrix known as the G matrix over a finite field GF(q). This matrix is available to every node and is common for the entire network. Here N is the total number of nodes in the network and λ is a secure property, i.e. as long as an adversary compromises less than or equal to λ nodes, the network is perfectly secure where as when an adversary compromises more than λ nodes, all pairwise keys of the entire network are compromised. G matrix is

G is known as the Vandermonde matrix and it can be shown that (λ+1) columns of G are linearly independent when s, s2….sN are all distinct. Here the s is known as the seed and the complete matrix can be obtained from this value. Thus it is enough to store only the seed element of each node from which the entire column required can be re-generated, thereby making the storage simpler.

The D matrix is unique for each node and is not disclosed to any other node in the network. ω symmetric D matrices each of dimension )1()1( +×+ λλ is generated. S is called a key space and Si =(Di ,G) where i=1…. ω. Using G matrix and the D matrix the A matrix is generated. Ai=(Di.G)T , which is of size )1( +× λN . From the key pool comprising of ω key spaces, τ distinct key spaces are selected for each node. For the jth node containing the key space Si, the jth row of Ai matrix i.e. Ai(j) is stored in the node. Communication takes place between two given nodes on sharing a common key space. B. Key agreement phase

On discovering the occurrence of a common key space Sc, the two associated nodes will compute their secret keys. Assume that two nodes sharing a common key space are node i and node j. Initially node i contains Ac(i) and G(i), and node j contains Ac(j) and G(j). To establish a secure link, they exchange their seeds resulting in node i regenerating G(j) and node j regenerating G(i), with which they now generate a pair wise secret key Kij as shown in fig. 1.

)().()().( iGjAjGiAKK ccjiij ===

Figure 1. Key agreement in DDHV scheme

III. PROPOSED SCHEME

In the proposed scheme clustering technique is used, the

reason being, energy efficiency and security improvement. Energy efficiency is improved by reduction in the number of data transmissions. The security level improves significantly as the number of nodes to be compromised to capture the entire network increases. Here the network is divided into L homogeneous clusters, i.e., the number of nodes in each cluster is equal and the key spaces allocated as well as the key distribution heuristics remains the same as mentioned in the literature [3]. Each cluster has a randomly elected cluster head or a coordinator that collects the information carried by the nodes in that cluster and sends the aggregated information to the sink node. A sensor node is elected as a cluster head on a rotation basis within a cluster based on energy level as given

TGDA )( ⋅= GGD T)( ⋅

× =

G

jiK

ijK

1+λ

146

in the literature [4]. Key distribution within the cluster is done using DDHV scheme [2].

As mentioned earlier, the DDHV scheme has been designed to provide efficient security. But its major drawback is when the attackers compromise sufficient number of nodes, it is possible to reconstruct the complete key pool, thereby compromising the entire network. In this paper a novel approach is introduced to overcome the above mentioned drawback. This is achieved by uniquely manipulating the key spaces for each cluster, at the time of every cluster formation. The clustering approach is also prone to a number of attacks including sinkhole that in turn results in selective forwarding. In this work a scheme to filter out the malicious node within the cluster is also proposed. This will reduce the probability of a malicious node becoming the cluster head in the subsequent turns. By chance if a malicious node is getting elected as a cluster head, the sink node checks its authentication. A. Cluster formation and re-formation

The clusters are formed initially when the nodes are deployed as shown in fig. 2 and the cluster head is chosen randomly and changed on a rotation basis. Before every cluster head election, the authenticity of the cluster members and the cluster heads were checked by the following procedure.

1) Malicious node detection procedure: a) Evaluating the authenticity of the cluster nodes:

In the case of clustered environment, for detecting a malicious node within the cluster it is not required to evaluate the message authentication code as mentioned in the literature [5], the reason is all the nodes are going to measure the same event and forward more or less the same data to the one hop cluster head. Therefore, the system can be modeled in such a way that the cluster head fixes a threshold based on the event to be measured and if the received data from a particular node deviates more from the threshold or from the average information received from the neighboring nodes, then that particular node can be detected as a malicious node and the cluster head can delete the key that it shares with the malicious node. Thus the malicious node gets filtered out. The operation is defined as follows:

vvvv

v

HCHCCHCCHMN

≡⇒

:}&{:}{

where MN is the Member Node, CH is the Cluster Head, vC is the Current value received from the Member Node and

vH is the History of values. b) Evaluating the authenticity of the cluster head:

As mentioned in the previous section if the malicious node within the cluster is filtered out, then the probability of malicious nodes getting elected as cluster head in subsequent

turns becomes very less. By chance if the malicious node gets elected as the cluster head, it can be detected by using a simple one way authentication scheme. In [5], WenCheng Yang et al proposed an evaluation scheme where the cluster member evaluates the credit of the cluster head and report this credit data to the base station directly. Then the base station does a judgment and if any of the cluster head is found malicious, sends invalidation command to cluster members. Then the cluster members under that malicious cluster head stops communicating with it, and wait for the cluster-reformation. Since wireless sensor nodes have limited energy it is not advisable to make the nodes communicate with the base station directly, each time the nodes are checked for authenticity. To overcome this difficulty a simple one way authentication procedure is used where the base station will evaluate the authenticity of the cluster head. In this scheme, the base station generates a random number, encrypts it with a base station secret key and forwards it to the cluster head along with the base station ID. On receiving this data, the cluster head decrypts this data and adds one with the result. The final result is encrypted with its cluster head secret key and is forwarded to the base station along with the corresponding cluster head’s ID. When the base station receives this information from all the cluster heads, it checks if the received values are exactly one more than the transmitted random numbers. In this way the malicious cluster heads are detected and the invalidation command is broadcast to all the cluster members directly from the base station. Based on this invalidation command the cluster members stop communicating with the corresponding malicious cluster head and wait for the next cluster head election. The process is defined as follows,

),1(||||:}{),(||||:}{

CHSKxEBSIDCHIDBSCHBSSKxECHIDBSIDCHBS+⇒

⇒

TABLE I. NOTATIONS FOR THE SCHEME

Notations Explanation BS Base Station CH Cluster Head BSID Base Station Identifier CHID Cluster Head Identifier X Random number BSSK, CHSK Secret keys

2) Cluster reformation:

In the idea proposed by Noureddine mehallegue et al [3] the number of nodes that must be compromised to break a single key space is more when compared to the basic DDHV scheme. But the network security is at stake when the attacker manages to compromise significant number of nodes. Here a different approach is used to improve security where in the number of compromised nodes in each cluster, on reaching gamma, the security threshold level, initiates cluster reformation in the network. In the proposed scheme, the cluster head is elected randomly and purely on a rotation basis

147

within the clusters and the organization of the clusters remain unchanged until the number of compromised nodes reach gamma. The gamma value should not be too less when compared to lambda as it results in frequent reformations leading to unnecessary energy consumption, at the same time a gamma value closer to lambda will not give the network sufficient time for cluster reformation. Thus here, gamma is set to 3/4th s of lambda. For a lambda value of 49 mentioned in the literature [3], the optimized gamma value is 37. The cluster reformation is followed by manipulation of the key spaces in each cluster by the cluster head chosen immediately after reformation. Suppose if it is assumed that the attacker has compromised alpha nodes that give him some information likely to break a key space. As alpha is the designed security threshold, the cluster is reformed as in fig. 3, resulting in a different interpretation of the key spaces. Thus the information obtained from the previously compromised nodes does not help the attacker anymore to re construct the complete key matrix. In this way, the chances of the network getting compromised is reduced there by improving the network security.

Figure 2. Initial cluster formation

Figure 3. After cluster reformation B. Manipulation of key spaces

Every node has a set of τ key spaces embedded in the node's memory prior to deployment as stated in the DDHV

scheme [2]. In this paper after every cluster reformation the elected cluster head randomly selects the type of manipulation to be performed on the key spaces from a set of given arithmetic operations. This manipulation is done using the seed of that corresponding cluster head. The key spaces are not permanently altered and the manipulation is done only during the computation of the key in the key agreement phase. The manipulation is done as follows,

),()().( rosfjGiAKK cjiij ×==

),()().( rosfiGjAc ×= where ‘s’ is the seed element and ‘ro’ is the random operation performed on it. That is during key agreement phase a randomly selected arithmetic operation such as multiplication, addition, division or subtraction can be performed on the seed element and finally compute ijK and jiK as in fig. 4.

Figure 4. Key manipulation in our scheme

IV. PERFORMANCE EVALUATION A. Probability of cluster reformation

In order to evaluate the proposed scheme, the following assumptions are made:

1. The compromised nodes after each cluster formation in the network are equally distributed in all the clusters.

2. The probability that at least one key space is broken in each cluster is equal initially and also after reformation.

In the proposed scheme the main concentration is on cluster reformation process and detection of malicious nodes. Basically DDHV scheme is used for key distribution along with the clustering approach as given in the literature [3]. Therefore the performance parameters like the connectivity and the resilience remains the same as proposed by Du et al [2] and Noureddine Mehallegue et al [3].

In a sensor network environment, the number of nodes compromised can be modeled as Poisson [7]. Let the counter start to monitor at arbitrary time‘t’ and then count for T0 seconds. If count is above threshold (γ ), the cluster is reformed. Assuming rate at which nodes are compromised (is equal for every cluster) is ‘r’. We want to know the probability that nodes will not be compromised.

If the expected number of occurrences in this interval is λ,

then the probability that there are exactly k occurrences (k being a non-negative integer, k = 0, 1, 2, ...) is equal to

TGDA )( ⋅= GGD T)( ⋅

× =

G

× ),( rosf

ijK

jiK

1+λ

148

0 5 10 15 20 25 30 35 400

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Count of number of nodes getting compromised

prob

abili

ty t

hat

no.

of c

ompr

omis

ed n

odes

is n

ot le

sser

tha

n th

resh

old

0 1 2 3 4 5 6 70

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Number of cluster reformations

prob

abili

ty t

hat

no.

of c

ompr

omis

ed n

odes

is n

ot le

sser

tha

n th

resh

old

!);(

kekf

k λλλ−

= (1)

In our event, independent increments of the number of compromised nodes say,α , take place in interval (t, t+T) satisfy Poisson distribution.

)()( tTt ααγ −+≡Δ (2) Where γΔ is number of compromised nodes in the interval (t, t+T)

Mean = 0Tr × (3) Probability that node do not get compromised is

)(

0

0 0

!)(

)( TreTr

P ×−

=∑ ×

=≤Δγ

α

α

αγα (4)

Probability that a node gets compromised,

compP = )(1 γα ≤Δ− P (5) Fig. 5 is a plot between the probability that the number of

compromised nodes is not less than γ and count of number of nodes compromised. It is clearly projected that the probability increases with the increase in the number of compromised nodes. The number, on reachingγ , will result in cluster reformation. Fig. 5 depicts the distribution within one cluster before reformation.

Figure 5. Probability of nodes getting compromised It is assumed that the rate r at which the attacker

compromises the node is one node per unit time. As the rate at which the nodes are compromised remains constant, the threshold value gamma is attained in each cluster within a fixed time say T0 time units. The simulated result for probability that the number of nodes is not less than threshold against number of cluster reformation is shown. From fig. 6 it is inferred that as the number of nodes compromised reaches γ , the cluster is reformed. It is inferred that the probability increases with increasing value of the number of compromised nodes, initiating cluster reformation, thereby decreasing the number of compromised nodes in the network and increasing the network resilience.

So far the results of the mathematical model is analyzed.

To further add with, in the future work the cluster reformation scheme along with the malicious node detection and key manipulation will be simulated. Different number of malicious

nodes can be set to run the simulation for a number of times and finally the number of times the network may be captured can be recorded. It is expected that the proposed scheme will out perform the other schemes mentioned in the literature [4,5].

Figure 6. Number of cluster reformations

V. CONCLUSION AND FUTURE WORK

In this paper a novel clustering reformation scheme is proposed that uses malicious node detection mechanism and key manipulation to improve the network resilience. The cluster reformation scheme is mathematically modeled using Poisson counting process and the results show that as the number of compromised nodes approaches the threshold the process of cluster reformation is initiated. In the future work as mentioned in the previous section, the proposed work will be simulated and compared with the existing schemes mentioned in the literature.

REFERENCES

[1] Laurent Eschenauer and Virgil D. Gligor, “A Key Management Scheme

for Distributed Sensor Networks”, In the Proceedings of the 9th ACM Conference on Computer and Communication Security, 2002.

[2] Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney, “A Pair wise Key Pre-Distribution Scheme For Wireless Sensor Networks” ACM Transactions on Information and System Security (TISSEC), Vol.8, No.2, May 2005.

[3] Noureddine Mehallegue, Emi Garcia Ahmed Bouridane and Gang Qu, “Improving Key Distribution for Wireless Sensor Networks”, Proceedings in Second NASA/ESA Conference on Adaptive Hardware and Systems, 2007.

[4] Wendi Rabiner Heinzelman, Anantha Chandrakasan, and Hari Balakrishnan, “Energy Efficient Communication Protocol for Wireless Microsensor Networks” Proceedings of the 33rd Hawaii International Conference on System Sciences – 2000.

[5] WenCheng Yang, YiYing Zhang, KeeBum Kim, JungHwan Kin, Myong Soon Park, “SCAF: A Secure Cluster – based Architecture Formation Scheme for Wireless Sensor Network”, Proceedings in Circuits and Systems for Communications, 2008. ICCSC Shanghai.

[6] BLOM, R., “An Optimal Class of Symmetric Key Generation Systems”, In Advances in Cryptology: Proceedings of EUROCRYPT 84, T. Beth, N. Cot, and I. Ingermarsson, Eds. Lecture Notes in Computer Science, Vol.209, Springer-Verlag, Berlin 1985.

[7] Henry Stark, John. W. Woods, “Probability and Random Processes with Applications to Signal Processing” Pearson Education (Singapore) Pte. Limited Third Edition 2002.

149