International Journal of Intelligent Information Processing

Volume 4, Number 2, July-December 2010, pp. 145 – 151

IJIIP
© Serials Publications

KEY MANAGEMENT SCHEME WITH SECURE ROUTING FOR WSN

ASHISH KUMAR SRIVASTAVA AND ADITYA GOEL
Department of Electronics and Communication Engineering, MANIT, Bhopal, India,
E-mail: [email protected] and [email protected]

Abstract: Wireless Sensor Networks (WSNs) are emerging as a promising technology to serve the need of
monitoring and automation requirement of the companies as well as remote environments. Wireless sensor
nodes have limited energy, communication and computational resources. Researchers have devoted their efforts
to develop protocols for making WSNs useful for a variety of applications but less emphasis was given on the
security of WSNs. Therefore, we tried to summarize the issues related to WSN security and proposed an
integrated approach to secure wireless sensor network. The proposed approach has taken routing protocol
into consideration to implement secure communication. The work presented in this paper emphasizes a routing
architecture with re-keying and key pre-distribution to provide security to the wireless nodes .The proposed
approach is simulated in NS2 to present the route discovery and the secure data communication between
sources to destination.
Keywords: Wireless Sensor Network, Re keying, key pre-distribution, authentication.

1. INTRODUCTION physical attacks such as jamming, node capturing

WSNs have following properties: and tempering.
• It is having Self-organizing capabilities to form The objective of the work presented in the paper
the network after deployment. is to achieve security in Wireless Sensor Networks
for their best utilization of the available resources.
• It is using short-range broadcast communi-
cation. The rest of this paper is organized as follows in
Section 2 discusses literature related to the work.
• It is using multi-hop routing protocol to send Section 3 defined problem taken in the paper. In
the data from individual nodes to base station. Section 4 explains the approach developed to
• It has High node deployment density. implement security in WSN. Simulation and results
• Frequently changing topology due to node to evaluate the performance of proposed approach
failures. have been presented in section 5. Finally, the
conclusion and future work is discussed in Section 6.
• Limitations in energy, power transmission,
memory, and computational power.
2. LITERATURE SURVEY
This uniqueness, particularly the last three,
From the security point of view, WSN system
features make sensor networks different from other
architectures can be broadly divided in two
wireless ad-hoc networks. One of the key issues in
categories:
wireless communication is the security. It is not as
easy to isolate wireless communication from attack. • Cell-based WSN: It consist of low-power, low-
WSN has a promising network infrastructure for cost sensor nodes, operating in relatively
many applications such as environmental friendly environments of houses, office
monitoring, military, industrial, scientific and home buildings and in easily accessible outdoor areas.
appliance management. Wireless networks are • Ad hoc WSNs consisting only of low-cost
exposed to numerous security threats that can sensor nodes distributed in an ad hoc manner
adversely affect the success of important into remote and inhospitable environments
applications. without any backbone infrastructure.
Since wireless sensor nodes have limited energy In cell-based WSN, nodes are organized around
and computational capability therefore, we cannot one or more base stations that have significantly
utilize traditional security protocols to implement more computing and energy resources than the
security in WSN. Also, hostile operational regular sensor nodes. These networks are often used
environment of deployment make it exposed to for object tracking systems in home and commercial
146 International Journal of Intelligent Information Processing

building environments, as well as in outdoor There is the need for integrating all the four
perimeter. The base stations collect information from phases to achieve secure routing and secure
the network and provide a link between the WSN information exchange in WSN. The four part of the
and the outside world. Cell-based networks are often approach has been divided into four phases as
used in an environment in which it is easy to add explained below.
new nodes, remove the ones that are not functioning,
and even recharge the energy supplies for nodes. 4.1 Phase 1: Key Pre-distribution
An example of a WSN organized around one or In this phase, shared Key approach is used to achieve
more base stations is SPINS [5]. The SPINS protocol security, communication and authentication.
suite assumes that the base stations share a unique Currently two schemes are proposed to address key
master key with each node in the network. The pre-distribution problem in sensor networks:
system architecture and security protocols require • Key-pool approach [12].
that the base station keep track of the route to each • Probabilistic approach [36].
node and of the secret key. All other keys that base
station and a node use for communication are Here we use probabilistic approach as it can be
derived from the master key. Even though the base sued to build a key chain in each sensor and make
station is a single point of failure, it is trusted, sure any two sensors share a key at (at least) 50%
implying no one can capture the base station and probability, and generate a temporary matrix when
recover all keys. SNEP protects unicast communi- two sensors need to build a secure channel. The
cation between the base stations and the nodes, matrix is also called a seed and this seed contains
while µTESLA provides secure broadcast communi- the sensor ID pre-stored in each sensor. Each seed
cation [5]. can generate a matrix over a finite field. If there is
a common space between two matrixes, a shared key
3. PROBLEM DEFINITION can be found out [26].
To enforce security in WSN we have analyzed issues For example, Let’s we have a set of four targets,
related to maintain the integrity of information T = {t1, t2, t3, t4}, and a set of four sensors, S = {s1, s2,
exchange. Thus, we have focused our work on the s3, s4}; such that B = β (t, s)
following key issues:
• To develop secure routing architecture. 1 0 1 1
1 1 0 0 
• To develop approach for using modifiable key B= 
distribution schemes. 1 0 0 0
 
• To develop a simulation framework to analyze 0 1 1 0
the performance of the algorithm.
1 if s1 cover t1
4. PROPOSED APPROACH Where B (t1 , s1 ) 
0 otherwise
In recent years there has been an increasing trend
towards the sensor networks, it is important to Sensor s1 must be in Cover S1 as it is the only
manage the routing architecture to secure the one that covers target t3. But to maximize coverage
routing path as discussed above. By analyzing of S1, either sensor s2 or s3 has to be included as
various issues and facts for Key-pre distribution and well. Because they both induce an over coverage of
ad-hoc routing networks of sensor, here sensor 1, we could suppose s2 is the one which selected; if
network security scheme includes four phases as this were so then the resulting coverage would be
given in Fig. 1: S1 = {s1, s2}, S2 = {s3} and S3 = {s4}
Covering 4, 2 and 1 targets respectively. In case
s3 is selected in the first cover instead of s2 then the
resulting coverage would be
S1 = {s1, s3} and S2 = {s2, s4}
covering 4 and 3 targets respectively.
In this way the monitoring is done through the
right way of probability and also chooses the best
Fig. 1: Integrated Security approach key optimization.
Key Management Scheme with Secure Routing for WSN 147

4.2 Phase 2: Forming Routing Architecture

After sensors are deployed randomly in an area, to
reduce key generation overhead (a flat topology can
lead an exponential increase of pair-wise key
generation frequency with the increase of network
density [28], we choose some sensors to become
cluster heads. The choosing probability decreases
with the increase of sensor density (as shown in
Fig. 2).

Fig. 3: Re-keying Period ~ Speed

Kuv = fKv (u)

Where, u and v are principals, such as
communicating nodes. Nu is a Nonce generated by
u (a nonce is an unpredictable bit string, unusually
used to achieve freshness, K uv denotes the
concatenation of messages, f Kv (u) denotes the
encryption of message with the key shared by u
and v.
Re-keying (for pair-wise keys) in each cluster,
the cluster head broadcasts a message including its
ID and a ‘nonce’ (a sequence number used only once
Fig. 2: Cluster-head Choosing Probability in the whole sensor network lifetime) to all the
neighboring sensors. When a neighboring sensor
receives this message, it feedbacks a Message
After some sensors declare themselves as cluster
Authenticated Code (MAC) encrypted by a pair-wise
heads, they send a message to the neighboring
key to the cluster head. Thus the cluster head can
sensors to form clusters. Inside each cluster, we
adopt Minimum Spanning Tree (MST) algorithm to use a pseudo-random function to regenerate a new
maintain a connected intra-cluster topology. pair-wise key between itself and its sensor. Once all
Between different clusters, to find out low-energy the ‘pair-wise keys’ in a cluster are updated, the new
secure path, we use a con-centric topology forming ‘cluster key’ can be transmitted to each cluster
architecture [36], each cluster head maintains a cost member through the corresponding pair-wise key.
level that is determined by the hop number and
required communication energy consumption 4.4 Phase 4: Broadcast Authentication
between itself and base station. The last phase is a broadcast authentication scheme
that addresses the problem: if the lifetime of a sensor
4.3 Phase 3: Re-keying network is much larger than the interval of a
To adapt to the dynamic topology of sensor networks, µTESLA [11], how can we reduce the pseudo-random
we update keys (re-keying) periodically. The re- calculation overhead and key chain length in the
keying period is calculated based on the mobility whole broadcast authentication procedure. We
factor [36]. cannot just simply enlarge each authentication
In our re-keying scheme, we will update two interval since it brings too much buffer space in each
keys: (1) Cluster keys which are shared between sensor.
each cluster head and all its cluster members. Thus For this we use a hierarchical broadcast
data aggregation security can be achieved through
authentication scheme, where we divide the whole
cluster keys; (2) Pair-wise keys which are shared
lifetime into big time frames. Each frame has a
only between any two sensors themselves. Pair-wise
‘frame key’ and a pseudo-random function. Each
keys can be used to generate cluster keys as:
‘frame’ is further divided into sub-intervals. We use
u -----→ *: u, Nonceu µTESLA in each ‘frame’. The sub-intervals have
v -----→ u: v, MAC (Kv, Nonceu|v) corresponding authentication keys and a common
148 International Journal of Intelligent Information Processing

pseudo-random function. The high-level keys can Table 1

generate low-level keys. Simulation Parameter

Parameter Value
5. SIMULATION AND RESULT
No. of Nodes 21
Our studies are confined within an area of 50 * 50 m2
where 21 nodes are situated. The two sources and Area 50 × 50
the two destinations are defined for communicating Traffic CBR (5 Pkts/sec.)
the node, which follow the path by using the Duration 900 sec.
probability approach as well as centralized approach. Neighbor Distance 10 m
This makes the sense that the routing security will Tx. Range 12 m
maintain properly and thus the data communication
Central coordinator 1
will do with an effective and secure way. All our runs
Max. Packet in Interface Queue 50
are done in a probability manner in which the
shortest route will be searched in the scenario of the MAC layer protocol 802.4.15
start co-ordinate point (in termed with centralized
approach). At stations, we attached a CBR source
However, in the above algorithm, the route discovery
that simulates arrival of frames for transmission at
depends only on the receipt of route packet, not on
constant rate.
its contents. As mentioned above ,that the µTESLA
We have used the default values for all the key disclosure packets can easily function as routing
physical and MAC layer parameters. Nodes are beacons. We accept only the sources of authenticated
placed with in the specific co-ordinates and assigned beacon as valid parents. Reception of a µTESLA
by the numbers. We simulated our proposed packet guarantees that that packet originated at the
technique in NS2 2.30. Support for wireless base station, and that it is fresh. For each time
simulations in NS2 is being added in this version interval, we accept as the parent the first node that
various support for the sensor nodes with the energy sends a packet that is later successfully
constraints are also be added to produce the effective authenticated. Combining µTESLA key disclosure
result and the simulation. with the distribution of routing beacons allows us
• We make 21 nodes which are situated in a to charge the costs of the transmission of the keys
specific range of area to communicate between to network maintenance, rather than the encryption
the one sensor to another with the concept of system, which leads to a lightweight authenticated
Key-pre distribution, where the probability of routing protocol. Since each node accepts only the
the choosing sensor path is searched to make first authenticated packet as the one to use in
the communication in shorter distance and an routing, it is impossible for an attacker to reroute
effective manner. arbitrary links within the sensor network.
• We also add the concept of routing where the Furthermore, each node can easily verify whether
route is discovered between sources to the parent forwarded the message: by our
destination node, without getting loosing the assumption of bidirectional connectivity, if the
energy constraint of the whole nodes. parent of a node forwarded the message, the node
• We added the re-keying support as when the must have heard that. The authenticated routing
source and destination is changed the key will scheme, thus build authenticated ad hoc routing
also be re maintained according to the source protocol. In protocols where base stations are not
and the destination path way. involved in route construction, µTESLA can still be
used for security. In these cases, the initiating node
We simulated the source node 3 to destination
will temporarily act as base station and beacons
node 18 which establishes the path of the centralized
authenticated route updates (the node here will need
node, i.e. start co-ordinate and maintain the least
to have significantly more memory resource than the
path to secure the routing by using the CBR traffic,
sensor nodes we explored here in order to store the
i.e. discover the route. In the same scenarios the
key chain).
Poisson Traffic is also used by us to maintain the
path of the specific route. The route here is followed The following simulation shows the route
through the node 9 to node 17. Using different traffic discovery of source to destination.
loads with different priority and constant network The first case has the min. hop which is 2 and
size which makes the traffic network not congested the route is directly forwarded to the key contained
and hence the network security is managed. node towards the destination as shown in Fig. 4 (a).
Key Management Scheme with Secure Routing for WSN 149

Table 2
Source-destination Nodes for CBR and Poisson
Traffic in 21 Nodes

Source node Destination node Traffic

3 18 CBR
9 17 Poisson

While in second case the route discover is taken place

by using the central co-ordinate to maintain the
secure path as shown in Fig. 4 (b).
Fig. 5 (a): X-graph of Receive Event for CBR
Traffic

Fig. 4 (a): CBR Traffic from 3  18 Fig. 5 (b): X-graph of Sending Event for CBR
Traffic

The second case of the graph shown below is for

the receive events of the Poisson traffic where the
throughput is also according to the node discovery
and communication among the source and
destination nodes. The X-graph of the Poisson traffic
is shown in the following Figs 6 (a) and 6 (b).

Fig. 4 (b): Poisson Traffic From 9  17

The sending and receiving node analysis are

shown in the Figs 5 (a) and (b) in which the two fields
are considered. One is the simulated time at which
event occurred and the other is the communication
throughput according to the various time changes.
The x-graph is traced for send as well as receive Fig. 6 (a): X-graph of Receiving Event for Poisson
event for both the traffics such as CBR and Poisson. Traffic
150 International Journal of Intelligent Information Processing

REFERENCES
[1] Lin Shen and Xiangquan SHI for “A Dynamic
Cluster-based Key Management Protocol in
Wireless Sensor Networks”, International journal
of intelligent control and systems, 13 (2), June 2008,
146 – 151.
[2] Eric Sabbah, Adnan Majeed, Kyoung-Don Kang, Ke
Liu and Neal Abu Ghazaleh for “An Application-
Driven Perspective on Wireless Sensor Network
Security”, Torremolinos, Melga, Spain’ 2006.
[3] Fei Hu, Xiaojun Cao for “Security in Wireless Actor
and Sensor Networks”, Proceedings of the ITCC' 05,
2 (4 – 6), April 2005 pp. 528 – 533.
[4] Stefan Schmidt, Holger Krahn, Stefan Fischer and
Fig. 6 (b): X-graph of Sending Event for Poisson Watjen for “A Security Architecture for Mobile
Traffic Wireless Sensor Networks”, Springer-Verlag Berlin
Heidelberg 2005.
5.1 Result Summary [5] Adrin Perrig, Robert Szewczyk, Victor Wen, David
Culler, J.D. Tygar for “SPINS: A Security Protocol
The mentioned routing phases are more appropriate
for Sensor Networks” University of California,
and solve the problem of routing architecture to
Berkeley.
secure the path and also maintain the security of
the sensor network. We have seen improvements in [6] Fei Hu, Waqaas Siddiqui, and Xiaojun Cao,
energy loss which helps to maintain the sensors in “SPECTRA: Secure Power-Efficient Clustered-
Topology Routing Algorithm in Large-scale Wireless
a network more time.
Micro-Sensor Networks”.
We have used different traffic load, while
[7] John Lach1, David Evans2, Jon McCune3, Jason
experimenting with re-keying, key pre-distribution Brandon1, Lingxuan Hu2 for, “Power-Efficient
and routing and have concluded that the opportunity Adaptable Wireless Sensor Networks”, University
of getting security by marinating the key chain of of Virginia.
the sensor nodes is possible.
[8] Arvinderpal S. Wander, Nils Gura, Hans Eberle,
Vipul Gupta for, “Energy Analysis of Public Key
6. CONCLUSION AND FUTURE WORK Cryptography for WSN”, University of California.
Our research work provides the solution of security [9] Fernan Pedraza and Andres L. Medaglia and
challenges in wireless sensor networks and Alfredo Garcia for “Efficient Coverage Algorithm for
summarized key issues that should be solved to WSN” Universidad de los andes and University of
achieve the WSN security. We summarized our Virginia respectively.
integrated security scheme that considered the [10] Mohammad Ilyas and Imad Mahgoub "Handbook
specific routing characteristics of sensor networks: of Sensor Networks: Compact Wireless and Wired
large-scale, dynamic topology and low-energy. Sensing Systems”, CRC Press, 2005.
The key-pre distribution helps to manage the [11] Holge Karl, Andreas Willig, “Protocols and
nodes for achieving security and communication as Architecture for Wireless Sensor Network”, Wiley
it distributes the key information to all sensor nodes publication 2006.
prior to deployment. Hence the information [12] Adrin Perring, Rob Szewczyk, Victor Wen, David
communication will be much secure. The re-keying Culler, and J.D. Tygar for “Security Protocols for
updates the key periodically according to the source Sensor Networks”, IRB-TR-01-004, April 2001.
and the destination nodes so that the communication [13] L. Eschenauer and V.D. Gligor. “A Key-
between them becomes easier and also reduces the management Scheme for Distributed Sensor
overheads. Networks”. In the 9th ACM conference on Computer
The main limitation of our platform was the and Communications Security, 2002.
amount of available memory. In particular, the [14] B.H. Wellenhoff, H. Lichtenegger, and J. Collins.
buffering restrictions limited the effective bandwidth “Global Positions System: Theory and Practice”,
of authenticated broadcast. Despite the short- Fourth Edition. Springer Verlag, 1997.
comings of our target platform, we were able to [15] N. Sastry, U. Shankar, and D. Wagner. “Secure
demonstrate a security subsystem for the prototype Verification of Location Claims”. In the ACM
sensor network. workshop on Wireless Security, 2003.
Key Management Scheme with Secure Routing for WSN 151

[16] C. Karlof, Y. Li, and J. Polastre. ARRIVE: Algorithm [28] Jeffery Undercoffer, Sasikanth Avancha, Anupam
for Robust Routing in Volatile Environments. Joshi and John Pinkston, “Security for Sensor
Technical Report UCB//CSD-03-1233, University of Networks”, 2002 CADIP Research Symposium,
California at Berkeley, 2003. www.csee.umbc.edu/cadip/2002Symposium.
[17] S. Zhu, S. Setia, S. Jajodia, and P. Ning. “An [29] D.W. Carman, B.J. Matt, and G.H. Cirincione,
Interleaved Hop-by-Hop Authentication Scheme for “Energy-Efficient and Low-Latency Key
Filtering of Injected False Data in Sensor Management for Sensor Networks”.
Networks”. In IEEE Symposium on Security and
Privacy, 2004. [30] University of California, Santa Barbara. “Ad hoc
On-Demand Distance Vector Routing”. http://
[18] J. Deng, R. Han, and S. Mishra. “Countermeasures
Against Traffic Analysis Attacks in Wireless Sensor moment.cs.ucsb.edu/AODV/aodv.html.
Networks”. Technical report, CU-CS-987-04, 2004. [31] Rice University. Rice University Monarch Project:
[19] A. Mainwaring, J. Polastre, R. Szewczyk, D. Culler, “Mobile Networking Architectures”. http://
and J. Anderson. “Wireless Sensor Networks for www.monarch.cs.rice.edu.
Habitat Monitoring”. In WSNA, 2002. [32] C.E. Perkins, editor. “Ad Hoc Networking”. Addison
[20] Paul Meeneghan and Declan Delaney, “An Wesley, 2001.
Introduction to NS”, Nam OTcl scripting
[33] Yih-Chun Hu, A. Perrig, and D.B. Johnson.
downloaded through http://www.cs.may.ie/
“Ariadne: A Secure On-demand Routing Protocol”,
[21] H. Harney and C. Muchenhirn, “Group Key Mobicom’02, September, 2002, Atlanda, USA.
Management Protocol (GKMP) Architecture”, RFC
2094, July 1997. [34] W.R. Heinzelman, A. Chandrakasan, and H.
Balakrishnan, “Energy-efficient Communication
[22] Anthony D. Wood, and John A. Stankovic, “Denial
Protocol for Wireless Microsensor Networks”, IEEE
of Service in Sensor Networks”, IEEE Computer,
Proceedings of the Hawaii International Conference
35 (10): 54 – 62, 2002.
on System Sciences, January 2000.
[23] A. Wood and J. Stankovic. “Denial of Service in
Sensor Networks”. IEEE Computer, pp. 54 – 62, [35] S. Madden, M.J. Franklin, J.M. Hellerstein and W.
Sept. 2002. Hong, “TAG: A Tiny Aggregation Service for Ad-hoc
Sensor networks”, Proceedings of the Fifth Annual
[24] D. Wagner. “Resilient Aggregation in Sensor
Symposium on Operating Systems Design and
Networks”. SASN'04, Oct. 2004.
Implementation (OSDI), December 2002.
[25] H. Luo and S. Lu, “Ubiquitous and Robust
Authentication Services for Ad Hoc Wireless [36] Wenliang Du and Jing Deng, “A Pairwise Key Pre-
Networks”, Technical Report 200030, UCLA Distribution Scheme for Wireless Sensor Networks”,
Computer Science Department 2000. Conference on Computer and Communications
Security archive Proceedings of the 10th ACM
[26] EYES project, University of Twente, The
Netherlands, “Security in Wireless Sensor conference on Computer and communication security
Networks”, by URL http://wwwes.cs.utwente.nl/ table of contents Washington D.C., USA, 2003.
24cqet/adhoc.html. [37] Fei Hu, Sunil Kumar, “Wireless Sensor Networks
[27] A. Menezes, P. van Oorschot and S. Vanstone, for Mobile Telemedicine: QoS Support”, IEEE
“Handbook of Applied Cryptography”, CRC Press Transactions on Information Technology in
1997. Bioinformatics, 2003.