An Improved Asymmetric Key Based

Security Architecture for WSN

Md. Abdul Quaum Shajir Uddin Haider Md. Mokammel Haque
Dept. of CSE, CUET Dept. of CSE, CUET Dept. of CSE, CUET
Chittagong-4349, Bangladesh Chittagong-4349, Bangladesh Chittagong-4349, Bangladesh
Email: [email protected] Email: [email protected] Email: [email protected]

Abstract—Ubiquitous Healthcare System (U-Healthcare) is a The rest of the paper is organized as follows: Section 2
well-known application of wireless sensor networking (WSN). states the related works, Section 3 presents some preliminaries,
In this system, the sensors take less power for operating the Section 4 states review of different schemes, Section 5 states
function. As the data transfers between sensor and other stations
is sensitive so there needs to provide a security scheme. Due security isssues in AKA system, Section 6 states security anal-
to the low life of sensor nodes in Wireless Sensor Networks ysis, Section 7 states performance analysis and Section 8 states
(WSN), asymmetric key based security (AKS) architecture is the conclusion of the paper and some future recommendations.
always considered as unsuitable for these types of networks.
Several papers have been published in recent past years regarding
how to incorporate AKS in WSN, Haque et al’s Asymmetric
key based Architecture (AKA) is one of them. But later it is
found that this system has authentication problem and therefore II. R ELATED W ORK
prone to man-in-the-middle (MITM) attack, furthermore it is
not a truly asymmetric based scheme. We address these issues in
this paper and proposed a complete asymmetric approach using As wireless sensors are used in U-health care system,
PEKS-PM (proposed by Pham in [8]) to remove impersonation
attack. We also found some other vulnerabilities in the original for ensuring security in this system several security schemes
AKA system and proposed solutions, therefore making it a better have been proposed. WBAN (Wireless Body Area Network)
and enhanced asymmetric key based architecture. infrastructure is used to monitor health status [1]. Markovic
Index Terms—Cryptography, WSN, AKA, PKC, PEKS-PM, proposed a user authentication system based on smart cards in
Pseudo inverse matrix. [2]. Haque et al. introduced an asymmetric key based system
which can be generated from linear operations using pseudo-
I. I NTRODUCTION inverse matrices [3]. Later, Mohaisen et al. mentioned that
Wireless sensor network (WSN) is a distributed sensor the scheme proposed in [3] was not secure enough against
network. This sensors are deployed in harsh environment. impersonation due to the man-in-the middle attacks [4]. Haque
Sensors are used to pass the data which can be sensitive et al. described an application on U-healthcare for generating
between multiple nodes. Any adversary can retrieve or ma- shared key between two nodes by using AKA system. They
nipulate the information from the network or can change the also expressed that this system would have an authentication
normal working procedure of the network. As this sensors are system, but did not explain about it. Moreover, they did not
small devices which have a limitation in resources such as address about how the encryption key and decryption key
low energy, memory, and computation, it is very challenging would be generated in [5]. A. Chowdhury et al. proposed an
to provide robust security in WSN. Cryptosystem has two asymmetric key based scheme, where the mathematical prop-
types of security architecture- asymmetric and symmetric. erties of pseudo-inverse matrix and SVD have been employed
Asymmetric key uses two keys, one for encryption and another for producing keys for wireless sensor networks [6],[3],[5].
for decryption. So asymmetric key provides more security than Boneh et al. proposed a public key encryption with keyword
symmetric key. Based on asymmetric key, AKA system has search [7]. He gave two construction (1) system based on a
been given[3]. As there was no user authentication system, variant of the Decision Diffie-Hellman (DDH) assumption and
attacks can be possible. We have proposed a mutual user (2) system based on general trapdoor permutations. Pham et al.
authentication system and after further analysis we have found proposed a mutual authentication mechanism for outsourcing
some attacks can be possible. In our work, we give solutions service using pseudo inverse matrix [8]. It was mentioned
against this attacks. As a result, the system has become more in [9] that, there was no mention about the data and user
stable then previous one. authentication in [5]. They proposed a secure situated data
In this work, we proposed a mutual user authentication processing mechanism in mobile phone for U-healthcare sys-
process to validate the sensor and the base station and security tem. They evaluated the system and proved that their proposal
analysis on the current AKA system [3] and comparison can improve security in addition to dealing with different kinds
between AKA system and PKC system on security level. of data efficiently.
 III. P RELIMINARIES • T est(Apub , Y, Tk ): let Tk = (M, N ). If H(M Y ) = N
A. Square Matrix,Singular Matrix then returns true; otherwise false.
Square matrix A is a matrix with the equal number of rows V. S ECURITY I SSUES IN AKA S YSTEM
and columns. In a square matrix, if the determinant of a matrix
is zero then it is a singular matrix. Singular matrix does not According to the AKA system in [3], we see that AKA
have matrix inverse. system needs to generate a shared key between SBS and other
nodes like: sensor or medical assistance. But according to [4],
B. Pseudo inverse matrix AKA system is vulnerable to two different types of attacks.
If a system of linear equation is Ax = b where A is a matrix 1) Impersonation attack: As there is no semantics for
of dimension m×n then the general solution x = A+ b, where authentication prior to the key establishment process, Eve
+
A+ is the pseudo inverse matrix of A. who is the attacker can receive XA XA form Alice, fabri-
1) Properties of Pseudo inverse matrix: cate her own Yeve , such that at least n number of rows
+ +
1) According to [8], following properties hold for Pseudo in Yeve are linearly independent, compute Yeve , Yeve Yeve ,
+ + + +
inverse matrix of A XA XA Yeve Yeve , XA XA Yeve and sends the last two results
+
• AA A = A to Alice. In response, Alice computes her own key and sends
+ +
+
• A AA = A
+ + XA Yeve Yeve . Now it has been mentioned that Yeve Yeve is
+
2) Left Inverse: Pseudo inverse matrix of A constitutes a invertible. So, after getting XA Yeve Yeve Eve can get XA . As:
left inverse (if m ≥ n),then: +
XA Yeve Yeve + −1
(Yeve Yeve ) = XA
A+ A = I. + −1
It was also proved in the [4] that Eve can get (Yeve Yeve )
3) Right inverse: Pseudo inverse matrix of A constitutes
in linear time.
a right inverse (if m ≤ n),then:
2) Not asymmetric: As for both encryption and decryption
AA+ = I. process the same shared key XA YA is used, so it can not be
IV. R EVIEW OF D IFFERENT S CHEMES referred as Asymmetric. We have analyzed these attacks in
A. AKA System terms of AKA system and found some solutions.
In [3] three primary components are - User (U), Service A. Solution for the impersonation attack
Providing System (SPS), and Secure Base Station (SBS) and
To protect the AKA system from impersonation attack
all this are connected with each other for exchanging data.
we are providing a mutual authentication system using user
1) U’s sensor(si ) produces a matrix X and its pseudo authentication scheme of [8]. The proposed mutual authenti-
inverse matrix is X + . Then the si calculates X + X and cation system can be implemented as follows:
sends it to SBS.
2) Now, SBS produces Y and its pseudo inverse matrix 1) At the beginning of setting the communication between
Y + . SBS calculates X + XY and X + XY Y + and sends nodes and SBS, authority of the system will generate
the calculated values to U’s sensor(si ). a user id uidi for each node likes sensor or medical
3) U’s sensor(si ) converts X + XY Y + by multiplying with assistance. At the same time each node i will generates
it X and gets XY Y + and sends it back to SBS. si also a public key Apubi and a private key Aprivi and sends
calculates X(X + XY ) = XY and stores this value for Apubi to authority. Authority will use this Apubi for
future use. generating PEKS value.
4) SBS calculates (XY Y + )Y = XY . 2) Authority will store each user id and PEKS value
(E(UN)) using PEKS-PM and key Apub .
XY is the common secret.
3) Each node i will generate its password pwi and the
B. PEKS-PM System values P EKS(Apubi , uidi ), h(pwi )) is saved in SBS.
In [8], PEKS-PM scheme was proposed for a mutual au- Here, h(pwi ) is the hash value of password pwi and hash
thentication mechanism for outsourcing service where there function h can be any kind of secured hash function.
are three one way hash function H, H1, H2. Four functions 4) When a node sends P EKS(Apubi , uidi ) to SBS, to test
are used to evaluate respected values: for validity of the user by checking the entry where
+ +
• KeyGen(m, n): produces Apub = XX and Apriv = X
P EKS(Apubi , uidi )
using PseudoInverseMatrixGen algorithm.
• P EKS(Apub , K): PEKS value is calculated using Apub is stored in SBS and it also stores the password correctly.
which generated by Keygen and returns Y= XX + P After sending PEKS value, it will be valid if SBS also
where P is a non-singular matrix generates through Ma- has that value.
trixGen(K, n). 5) The relation Info-Users (E(UN), H(PW)) is hold by the
• T rapdoor(Apriv , K): calculates V = H2(H1(K)X); SBS, where E(UN) represents the search-able encryption
generates P and returns Tk = (M, N ), where M = V X + form of all the user id’s and H(PW) represents the hash
and N = H(V X + Q). value of the passwords of all the users. As it stores only
 hash value of the password, so it learns nothing about using both sk1 and sk2 and sends the decryption key to B with
passwords. a secure communication path. B decrypt the message using
After setting PEKS values and corresponding passwords, this decryption key and revel the message. Here the procedure
for mutual authentication between any node and SBS needs for encryption and decryption is different and encryption and
to follow some steps: decryption key are also different. So the system is asymmetric.
But the problem is in the AKA system it was not mentioned
1) In first phase of authentication, a node with user id
exactly how the encryption and decryption would take place.
uid and private key Apriv will generate trapdoor Tw =
But this was included in the future work. But the problem
(Apriv , uid). This trapdoor Tw is sent to SBS.
in the AKA system is, it had not mentioned exactly how the
2) For security reasons SBS will generate a random in-
encryption and decryption would take place and what would
teger N for each time when an authentication request
be the encryption and decryption key and this was included in
will occur. When SBS receives Tw , it will use the
the future work. So, it can not be surely said that the process
Test(.,.,.) function of PEKS-PM architecture where Apub
is not asymmetric.
was already in it and using PEKS values stored in
SBS. The function will return true if it matches with VI. S ECURITY A NALYSIS
any P EKS(Apub , uidi ) stores in it. If SBS finds
After using authentication scheme, the impersonation attack
P EKS(Apub , uidi ), then using h(pw) and N, SBS
is solved. But in the existing AKA system, further attack is
produces H = h(h(pw)||N ) and sends H and N to user.
possible.
Where h(pw) is the Hash function of user’s password.
3) Node will produce h(pw) using his password and uses A. Right Inverse Problem in AKA System
N which is given by SBS with this h(pw) to produce
Let, Alice has sensor and she can get the values of the
H 0 = h(h(pw)||N ) and ensures H=H’, if it is true then
operations happening in AKA system.
can ensure that SBS is valid. Then this node uses N+1
From the definition of right inverse property of pseudo inverse
for establishing his validity and uses it to produce H1 =
matrix: step (2) of AKA system, it can be said that value
h(h(pw)||N + 1), then sends it to SBS.
X + XY Y + sent from Alice to SBS is equals to X + X as
4) SBS increments N and produce N+1. Now it uses this
Y Y + = In
to have H10 = h(h(pw)||N + 1) and checks H1=H1’.
So, in practical SBS only sends X + XY and X + X to Alice
If it is true, then it represents the validity of the node
in step (2).
which wanted to communicate with SBS.
In step (3), Alice’s sensor should convert X + XY Y + to
5) SBS acknowledges accept or reject to the user.
XY Y + .
This system needs some step to add a new user with the But for right inverse property it will send X to SBS.
system or if existing one need to leave or modify password. As X is exposed there will have a great chance of man in the
1) User Management: When a new user comes to the middle attack.
system, authority generates a user id uid and it generates pair 1) Man in the middle attack: X is exposed in step (3) of
of keys (Apub , Apriv ) and authority will have used Apub for AKA system. Now, if an eavesdropper closely watches to the
making PEKS. Rest of the process will follow as the procedure network traffic at the time of key generation. He will get all
to implement the system. When an existing user uid needs to value that were passed from Alice to SBS and vice versa.
leave, authority check the PEKS value and send it to SBS’s He will get X + X, X + XY, X + XY Y + as X + X and XY Y +
server. As a result, SBS will search for this PEKS value to its as X.
database. After finding the entry of the user, SBS will remove Now from X + XY and X he can calculate using property
the entry and it can not communicate with the system. When a of pseudo inverse: XX + XY = XY , as XX + X = X. So,
user wants to change its password, it will generate new h(pw) attacker can easily find the value of the shared key and can
and send it to the SBS with its P EKS(Apub , uid).As a result, use the key to decrypt future message that will be encrypted
SBS will modify the entry in the table. with it.
2) Solution: In the terminal of SBS, as matrix Y(n×k) has
B. Possible solution for symmetric Problem right inverse property. We will take (n × k) as n > k instead
In [3], Haque et al. expressed this AKA system to be an of n < k. By changing the property of the parameter, it will
asymmetric by taking some assumptions. Summary of this not affect the process of AKA system.
assumptions are given below. Let, sensor A wants to send So, Y Y + will not be equal to In and X will not reveal and
message to medical assistance B and their generated shared man in the middle attack can be prevented. We can apply the
key between SBS is sk1 = XA YA and sk2 = XB YB . Now at architecture of AKA system that was described by Haque et
the time of sending the message from A to B, A will encrypt al. in [3] here.
the message with help of encryption key generated using sk1.
After receiving the encrypted message from A, B will need B. More attack(Non-singular matrix problem)
a decryption key to recover the message. B request for the At the time of step (3) of original AKA system, User’s
Decryption key to the SBS. SBS generates decryption key sensor (si ) converts X + XY to XY and store this value for
future use. determinant of singular matrix is equals to zero. As a result,
It can achieve the value of Y without knowing SBS. Because, there will not have any inverse matrix of plain-text message
as we can see that X + X is a (n × n) square matrix. So, matrix.
it can be invertible if it is non-singular. At the endpoint of
User’s sensor(si ) user can choose matrix X in a such way VII. P ERFORMANCE A NALYSIS
that X + X is non-singular. Then he can generate (X + X)−1 The performance of PEKS-PM, AKA and PKC system
and gets Y from X + XY by multiplying it with (X + X)−1 . is measured according to cost, security and availability. For
As well as, SBS can also find the value of X at the step (4) authentication, P EKS(Apub , K) returns Y= XX + P which
+
by using same procedure used at User’s sensor end point and will be transferred or stored in SBS. Here, Xm×n , Xn×m
multiplying (Y Y + )−1 with XY Y + . and Qm×m . So, dimension of Y will be
Moreover, man in the middle person can also reveal the shared
= (m × n)(n × m)(m × m) = (m × m)
key. By eavesdropping he can get the values X + X, X + XY ,
X + XY Y + , XY Y + . So, total m2 bits is needed by the SBS for transferring and
Now, X + X is a square matrix. So, it has an inverse matrix. storing searchable encryption is mentioned in [6]. As we are
Let, the attacker gets the inverse matrix (X + X)−1 and by using this model for our authentication scheme, it will be same.
multiplying it with X + XY , he can get the value of Y. Trapdoor Tk = (V X + , H(V X + Q)) is transferred to the SBS
After getting Y, by multiplying it with XY Y + we can see for searching an encrypted keyword.The trapdoor is 2m bits
that: . Therefore, the maximum tranmission bits is m2 (m > 1).
(XY Y + )Y = XY , and the shared key revealed. In AKA system described in Haque et al. in [1] , any node
So, it can be said that current AKA system can not provide si sends n × n matrix to the SBS. The matrix is n2 bits. In
security that the system needs. return,a k × n and n × n matrix is sent from SBS. So, total
1) Solution: There are two possible solutions. n2 + nk = n(n + k) bits is passed for the matrices. Again,
• Calulate the provability of being a non-square matrix by m × n bit is sent by si to SBS. For handshaking process, total
multiplying a matrix with its pseudo inverse matrix. Then number of bits for the matrices transmitted for deriving the
if the expected value of being a non-square matrix is shared key,
negligible then we can use AKA without risk. n2 + n(n + k) + mn = n(n + n + k + m) = n(2n + k + m)
• Use a different architecture. For this solution we have
choosen the PKC system provided in [6]. This scheme In [6] , matrix multiplications are used in the public key based
uses SVD for encryption and decryption. system which is a linear operations and can be swiftly executed
as complexity for the matrix multiplications is low. For the
C. PKC system simplicity, let the dimension of the matrix of two nodes is
PKC system is more feasible instead of AKA system. same, n1 × m1 = n2 × m2 = n × m node n1 has to send
Moreover this system includes a encryption and decryption n × m matrix to node n2 . It is consist of 2nm bits and
process besides key exchange protocol. transmit through the SBS. n × m matrix is also transmitted
But, by analyzing the PKC system carefully it can be seen by n2 to n1 . It is also 2nm bits. This successful node to node
that there is possibility of revealing the private of sender to communication, utilizes in total
receiver.
= 2nm + 2nm = 4nm bits
1) Possible attack: Let, sensor is node n1 and medical
assistance is node n2 . Now, by encrypting a plain-text message As PEKS-PM, AKA and PKC schemes mainly uses linear
M(m2 × m1 ), n1 sends D2−1 U2T M A1 V1 to n2 . On the other matrix operations. So all the calculations can be performed
way, n2 knows A2 V2 , D2−1 U2 and D1−1 U1T . As a result, by very easily and without difficulty every computation can be
using decryption process n2 can get message M. If m1 equals executed. Moreover, cost needed to generate a searchable
m2 , the matrix M will be a square matrix. If n2 can check encryption keyword of the algorithm PEKS-PM and for given
that the matrix M is non-singular, from the definition of square word K the trapdoor Tk are low.
matrix, a non-singular matrix must have a matrix inverse. As mentioned in [6], the secrets X + , P is impossible to get
Then n2 can find M −1 . By multiplying A2 V2 with encrypted though the messages XX + P and V X + is known. Suppose
message finds M A1 V1 and from this n2 can get A1 V1 . So, it that rank(X) = r and
X + X = Ir×r 0
, XX + P = Pr×r 0



can be seen that the private key of sensor reveals on B. Which 0 0 0 0
is unsecured. Where I(r × r) is an identity matrix, and P (r × r) the left
2) Solution: For the purpose of better security, it needs to upper sub-matrix of the matrix P. 2−(n−r)m is the probability
be considered that the plain-text message matrix M( m2 × m1 ) of Correctness for determining P and actual value of X +
should not be a square matrix. If it is not a square matrix, then is very small if V of V X + is completely reveled and X is
there will not have a matrix inverse. But if anyone wants to use randomly generated. So, it can be said that successful cracking
square matrix for plain-text message, extra overhead needs to of PEKS-PM is 2−(n−r)m and security is reasonably high.
be taken. At the time of encrypting the plain-text message need But it must be guaranteed that n must be considerably larger
to check if it is singular or non-singular. If it is singular then than r. In AKA and PKC based system according to [3] and
[6] respectively, probability of successful cracking of these R EFERENCES
scheme also is 2−(n−r)k . [1] S. Warren, J. Lebak, J. Yao, J. Creekmore, A. Milenkovic and E.
Jovanov, “Interoperability and Security in Wireless Body Area Network
A. Security level Infrastructures”, Proceedings of the 27th IEEE Annual Conference on
For user authentication, to achieve security level of 250 , Engineering in Medicine and Biology EMBC, pp. 3837-3840, Shanghai,
China, 2005.
PEKS-PM needs 100 bits (m=5, n=10) and to obtain security [2] M. Markovic, “On Secure e-Health Systems”, PSD 2006, Lecture Notes
level of 275 PEKS-PM needs 225 bits (m=15, n=20). AKS in Computer Science 4302, pp. 360-374, Springer-Verlag, 2006.
system needs key of (m=4, n=8, r=4, k=12) 48 and (m=6, n=11 [3] M. M. Haque, A.-S.K. Pathan, C.S. Hong, and E. Huh, “An Asymmetric
Key-Based Ecurity Architecture for Wireless Sensor Networks”, TIIS,
,r=6, k=14) 84 bits for obtaining security level of 248 and 270 vol. 2, no. 5, pp. 265-279, 2008.
respectively. But PKC system needs keys of (m=5, n=9) 45 [4] Mohaisen, J. W. Choi, D. Hong, “On the Insecurity of Asymmetric Key-
and (m=6, n=11) 66 bits for getting the similar security level based Architecture for Wireless Sensor Networks,” TIIS, vol. 3, no. 4,
pp. 376-384, 2009.
of 245 and 266 respectively. [5] M. M. Haque, A. K. Pathan, and C. S. Hong, “Securing U-Healthcare
Sensor Networks using Public Key Based Scheme”, IEEE ICACT, 2008.
No of bits 100 225
[6] A. Chowdhury, F. A. Tanzilla, S. Chowdury, M. M. Haque, “An
Security level 249.3 ≈ 250 274.4 ≈ 275 Efficient Security Architecture for Wireless Sensor Networks using
Pseudo-inverse Matrix”, 18th International Conference on Computer and
TABLE I: number of bits required for PEKS-PM Information Technology (ICCIT), Pages:396-400, 2015.
[7] D. Boneh, G.D. Crescenzo, R. Ostrovsky, G.Persiano, “Public-key
encryption with keyword search”, Cachin, C. (ed.) EUROCRYPT 2004,
security level key size for AKA key size for PKC LNCS vol. 3027,Springer, pp. 506522, Heidelberg, 2004.
248 48 48 [8] H.T.B. Pham, T.D. Nguyen, V.H. Dang, I. Echizen, T.T.B. Dong, “A
260 75 60 Mutual and Pseudo Inverse Matrix Based Authentication Mechanism for
270 84 70 Outsourcing Service”, Nguyen N.T., Kim CG., Janiak A. (eds) Intelligent
275 105 75 Information and Database Systems. ACIIDS 2011. Lecture Notes in
Computer Science, vol 6591. Springer, Berlin, Heidelberg, 2011.
TABLE II: Difference of key size for security level between [9] J-M. Park , I. Doh , K. Chae , “Secure U-healthcare Service based on
asymmetric key based architecture (AKA) [3] and public key Wireless Sensor Network”, International Information Institute, Vol 17,
No.1, pp.181-195, 2014.
based cryptography (PKC) [6] [10] R. MacAusland “MATH 420: Advanced Topics in Linear Algebra. The
Moore-Penrose Inverse and Least Squares”, University of Puget Sound,
2014.
[11] D. Nyang, Mohaisen, “Cooperative Public Key Authentication Protocol
in Wireless Sensor Network”, UIC 2006, LNCS 4159, Springer-Verlag,
pp. 864-873, 2006.
[12] Piotrowski, P. Langendoerfer, S. Peter, “How Public Key Cryptography
Influences Wireless Sensor Node Lifetime”, Proceedings of ACM SASN
2006, Virginia, USA, pp. 169-176, 2006.
[13] P. Kumar, and H. Lee, “Security Issues in Healthcare Applications Using
Wireless Medical Sensor Networks: A Survey”, Sensors, vol. 12, pp. 55-
91, 2012.
[14] H. Kim, “Enhanced Identity Authentication and Context Privacy Preser-
vation in Ubiquitous Healthcare System”, Int. J. Control Autom, vol. 7,
pp. 409-418, 2014.
[15] K.S. Gayathri, S. Elias, and B. Ravindran, “Hierarchical Activity
Recognition for Dementia Care Using Markov Logic Network”, Pers.
Fig. 1: Difference between key sizes according to security level Ubiquitous Comput., vol. 19, pp. 271-285, 2015.
of AKA and PKC system

According to our security level verses no of bit size, it can

be seen that PKC system is more efficient than AKA system. It
also can be noticed that, AKA system does not express about
the encryption and decryption process but it was mentioned
on PKC system. So, PKC system looks more reliable.
VIII. C ONCLUSION AND F UTURE RECOMMENDATION
This paper proposed a mutual user authentication system for
solving impersonation attack on existing AKA system and also
include some possible attacks and their possible solutions. In
this paper the comparison about security level between AKA
and PKC system are also given. In future, we would like to
prove that AKA system is not vulnerable to non-singularity
problem and by mathematically prove that, the probability of
X + X is being non-singular, if the probability is negligible
than AKA can be used and also state the encryption and
decryption process for AKA.