A Lightweight Authentication and Key Management Scheme for Wireless Sensor Networks

Security problem is one of the most popular research fields in wireless sensor networks for both the application requirement and the resource-constrained essence. An effective and lightweight Authentication and Key Management Scheme (AKMS) is proposed in this paper to solve the problem of malicious nodes occurring in the process of networking and to offer a high level of security with low cost. For the condition that the mobile sensor nodes need to be authenticated, the keys in AKMS will be dynamically generated and adopted for security protection. Even when the keys are being compromised or captured, the attackers can neither use the previous keys nor misuse the authenticated nodes to cheat. Simulation results show that the proposed scheme provides more efficient security with less energy consumption for wireless sensor networks especially with mobile sensors.


Introduction
Wireless sensor networks (WSNs) [1] consist of a large number of nodes in a self-organized manner, where there are no central control nodes, and the nodes lying out of the transmitting range can communicate in a multihop way.As the wireless sensor network is independent of the predeploy infrastructure, it has broad application prospects in the battlefield environment, disaster relief, and environmental threats exploration, which make the security and efficiency the most basic requirements and the most popular research areas [2].
The characteristics of wireless sensor networks determine the network security threats, the security systems, and security algorithms that are quite different from those in traditional networks [3], and the traditional network security systems and security algorithms cannot be introduced directly.Meanwhile, the inherent essence of limited storage space, computational capabilities [4], bandwidth, and communication energy does not make the computational data encryption and public key cryptography based on the traditional cryptographic techniques adapt to wireless sensor networks.The security system and algorithm for WSN are mainly focused on in this paper to design an effective Authentication and Key Management Scheme with low computing and energy cost.

Related Work
With the development of security technology in wireless sensor networks, the research on routing protocols has been increasing in recent years.This section describes the three existing master key-based key management protocols: LOCK [5], SPINS [6], and BROSK [7].These protocols have been widely discussed in this area.
The Localized Combinatorial Keying (LOCK) proposed by Eltoweissy is an Exclusion-Based Systems (EBS) dynamic key management approach for cluster-based sensor networks.LOCK takes use of three keys, including the administrative key, the group session key, and the cluster session key.A special node selected by the cluster head is called a key generation node and will perform a key generation process.LOCK is for static networks.But the proposed scheme in this paper will be suitable for dynamic networks.
SPINS is a famous security framework for wireless sensor networks.Although it contains two protocols, SNEP and TESLA, which are used to achieve the confidentiality and authentication of data broadcasting, respectively, we will concentrate on the key agreement protocols [8].
BROSK can be considered as a more recent ad hoc key agreement protocol compared to SPINS.There are no trusted parties or servers in this scheme, in which each node negotiates the session key directly with its neighbor node by broadcasting key agreement message.

Network Model and Key Generation
This part briefly introduces the network model, the importance of authentication, and the idea of CPK system based on ECC.

Network Model.
The members of wireless sensor network are BS (base station), CH (cluster head), and resourceconstrained nodes, which are deployed in a geographical area to perform some special monitoring functions.In most applications, especially for large scale deployment, the sensors are arranged in multiple static clusters, as shown in Figure 1.The members' changing makes the authentication and key management always a key research point in wireless network.Considering the resource-constrained essence of WSN, a lightweight scheme is badly needed, which keeps the key changeless to save the limited energy.Many applications, however, require the mobility of network nodes to support.In such a mobile sensor network, there will be always the condition that a node from an existing cluster moves into another cluster.The separated nodes may be the cluster heads or cluster members.The main reason causing the changes in cluster heads and cluster members is the mobility.The mobility of nodes together with the transient nature of the wireless media often leads to a highly dynamic network topology.In this case, security protection with moving sensors must be incorporated into wireless sensor network.
Authentication is one of the security practices to verify the identity of the sensor nodes.Public key cryptography is a popular way to provide authentication for WSN.Though the easy design and effective operation make it attractive, the disadvantage of more energy requirement greatly restricts the network performance.Thus, the sensor node has to use elliptic curve digital signature algorithm to generate a digital signature authentication.The combination of pairwise, global key, cluster key, and preloaded secret information is also used to verify the sensor nodes in the network.The node mobility will lead to random topology changes, which affects the security of mobile sensor networks.The lightweight Authentication and Key Management Scheme (AKMS) proposed in this paper will adopt a Hash Message Authentication Code (HMAC) algorithm [9] and a Combined Public Key (CPK) password system based on ECC to authenticate the moving nodes within the network effectively.
Sensor network has many features that make them more vulnerable to attack than the traditional computing devices.For example, the nature of the broadcasting allows the information to be intercepted, eavesdropped on, tampered with, or exchanged easily.Besides suffering the same threats with the conventional wireless networks, WSN is vulnerable to resource depletion attacks, which attempt to run out of resources, such as node battery and network bandwidth, and causes more damage.Finally, most devices in WSN cannot be tamper-resistant typically, which facilitates the physical manipulation and keys being stolen.To approach the real condition, the attack model is assumed as follows: (1) The sensors are not tamper-resistant, so an attacker is able to access the stored information and the keys in the node storage directly.
(2) The attackers may appear not only before the network deployment but also during all the network life cycle without any assumptions about the quantity or the physical location of the attackers.
(3) The attackers may easily intercept and modify the exchanged information among the network nodes.

The Idea of CPK System Based on ECC. Combined
Public Key (CPK) password system based on ECC is a way of authentication based on the identity.According to the mathematical principle of elliptic curve discrete logarithm, we build public key matrix and private key matrix and use the hash function to map the entity's identity for the row and column coordinates sequence of the matrix; it is used for the selection and combination of matrix element, and it can generate a large number of public and private key pairs, so as to realize the large scale of identity-based key generation and distribution.Entity nodes need to know each other's identity to calculate its public key, which can easily achieve authentication and security features.Among them, identify key is generated by the entity's identity through combination matrix.The CPK system based on ECC has the following advantages.
(1) In wireless sensor network (WSN), the only legitimate nodes have the private key, and, according to the other identity ID and segmentation key, we can calculate the other Combined Public Keys (CPK), so the simple and efficient authentication process can be realized without the participation of the third party.(2) The CPK system based on ECC can combine large public/private key pair through a small amount of public/private key matrix; nodes only need to store a small matrix to achieve a large number of nodes' security authentication in the network.
Point multiplication operation is the foundation of CPK algorithm.ECC Signature Algorithm (ECDSA) is the elliptic curve version of digital signature algorithm (DSA); it is the basis for the CPK digital signature algorithm.This paper adopts ECC algorithms based on Montgomery type curve [10].We use point multiplication operation of Montgomery type elliptic curve and the binary shift NAF coding algorithm to solve the large amount of calculation generated by ECC point multiplication.We use the point addition and times point fast operation where the value of  is not calculated to avoid modular inversion algorithm under the projective coordinates.

Proposed Authentication and Key Management Scheme
The lightweight AKMS proposed in this paper consists of three main phases: key predistribution phase, network initialization phase, and authentication protocol.The first phase is enabled before the nodes are being deployed.The second phase sets the security of network, and it is enabled during the network deployment.The last phase is enabled when a new node joins the network with the previous stage being over.

Key Predistribution Phase
. Key predistribution phase is a key step for dynamic key management with moving nodes in WSN.For reasons of clarity, the symbols used in this paper are listed in the Notations.
In this phase, a network-wide symmetric master key will be generated and stored securely.This key should be long enough to destroy the common attack, namely, a minimum of 128 bits.During the networking stage, each node is preinstalled with an initial authenticator.The th cycle authenticator ∇  can be used by a node to identify another node, the superscript symbol of which indicates the cycle where the authenticator takes.It consists of the random number of  tuples and the results of using a keyed-hash function with the current authentication key over them.
During the first authentication cycle, the authentication key is equal to the master key  0 auth =   before the deployment; therefore In general, the authentication key of the first cycle is   auth = [  ]  ; then the authenticator set is when the tuples are exhausted at this time, the authenticator will transmit to the next cycle.

Network Initialization
Phase.This phase is enabled during the network deployment.In such operating environment, each node can find its neighbors within the communication range.Specific steps are as follows: (1) Each node  generates its unique symmetric key by the CPK system based on ECC,   enc , called the node encryption key, which is obtained by generating a random number and performing   enc = [  ,   ].For example, the encryption key of some node  can be calculated as   enc = [  ,   ].
(2) For a very short time, each node broadcasts its random value   with the unit as seconds [11].In this way, the attackers listening to the broadcast communication will get the random values.
(3) Each node receives a random value from its neighbor node and uses common master key to calculate their encryption key.In this case, each node will store a list of paired keys of its neighbor nodes.
(4) Each node hashes the common master key and keeps it with the first forms of authentication key as  1 auth = [  ], for the easy reason that storing master key in node's storage space has great potential danger if a node is captured.This is mainly because of the existence of the authenticator, which will help to authenticate other nodes and to verify the information of common master key without storing master key.

Performance Evaluations
In this section, the performance of AKMS will be evaluated and analyzed in terms of the average packet delivery rate, the average energy consumption, and the networking success rate with different types of attackers.

Simulation Settings.
The performance of AKMS proposed in this paper is assessed by NS2 [17].The simulations have been carried out 20 times in different scenarios with the results being averaged for each [18].The simulation parameters are shown in Table 2.

Simulation Results.
The number of nodes remains 200 with the number of attackers being 5, 10, 15, 20, and 25, respectively [19].Firstly, the average packet delivery rate (PDR) of AKMS is simulated compared with that of LOCK, SPINS, and BROSK, and the results are shown in Figure 3.Because of the bidirectional malware detection technology to eliminate malicious node cluster members and CH, AKMS will reduce the error packets effectively, so as to be able to send more legitimate packets to the destination compared to other schemes.Besides, AKMS adopts multipath propagation routing technology to eliminate the selective forwarding attacks, which makes the PDR even higher.
Secondly, the average energy consumption of all the nodes is measured during transmission, including the energy consumption by sending, receiving, and calculating.Figure 4 shows the average energy consumption comparisons of AKMS, LOCK, SPINS, and BROSK.When the number of attackers is growing, the average energy consumption will also increase.This is because the increasing attackers will cause more error packets.CH will filter out error packets based on AKMS to avoid the spreading of the packets from attackers throughout the network, so as to reduce the energy consumption.In LOCK, the CH node must initiate the key updating if it is captured.A new CH is selected as the new BS, and it will distribute new keys to its cluster members with the help of key generation node (KGN) [20], which will consume more energy.
Thirdly, the impact of network resilience ability has been analyzed and evaluated by the percentage of successful networking in the network of 500 nodes with 25% being the attacker.Three types of attack scenarios are set with only static attackers, only mobile attacker, and combination of both, and the simulating results are shown in Figures 5(a), 5(b), and 5(c), respectively.AKMS will detect the malicious nodes and exclude them from the network to avoid them participating in the network activities.Moreover, network environment variation based dynamic key scheme makes it difficult for the attackers to capture node.Even if the nodes are compromised by attackers, it cannot affect the entire network with AKMS.
Figure 5(a) shows the successful networking rate in the presence of 25 static attackers.In LOCK, the key updating is initiated only if the node-capturing rate reaches the Network Resilience Point (Nc).If a certain node in the network is attacked before the key updating, it will be further used by the attacker to destroy the rest of the nodes in the network.Therefore, the proportion of the mobile nodes will be decreasing rapidly.AKMS, however, is able to capture the key that is hidden before distribution or stored in each node in the cluster.Once these keys are captured, the attacker will further attempt to compromise more nodes until AKMS reinitiates the key updating.Since AKMS support mobility, the neighbors of any attacker may move to another cluster, so the performance of AKMS will be better than other schemes, especially in mobile WSN.
Figure 5(b) shows the successful networking rate in the presence of 25 mobile attackers.The attackers in the network are moving with different speed.Generally, the attacker with the maximum speed is able to attack the most nodes by moving from one to another cluster quickly and continuously launching attacks before being recognized and separated.Simulating results and analysis both indicate that the performance of AKMS is better than that of LOCK, SPINS, and BROSK, because AKMS can identify the malicious nodes and isolate them from the network at the same time.
Figure 5(c) shows the successful networking rate in the presence of 10 mobile and 15 static attackers.From the simulation it can be seen that the static attackers are able to be identified before the network becomes stable; the mobile attackers will attack by moving from one to another cluster.AKMS will perform better because of the mobility-support characteristics.

Conclusions
The resource-constrained essence of WSN makes the attack threat, security system, and algorithm quite different from those in traditional wireless network.In this paper, a lightweight authentication and key management protocol AKMS has been proposed for wireless sensor networks.It uses the symmetric cryptographic primitives with keyedhash functions (HMAC) and bidirectional encryption algorithm to provide message confidentiality and authenticity for WSN and reduces the encryption overhead to the minimum as well with just a few bytes to be performed for once per authentication attempt.Simulation results show that the proposed scheme AKMS will provide more efficient security with less energy consumption, control overhead, and packet loss rate than other typical schemes, and the advantages will become remarkable with the number of nodes, attackers, and cycles increasing.Moreover, for the condition that there are mobile sensors in the network, the proposed scheme AKMS performs quite well compared to LOCK, SPINS, and BROSK.Future research will focus on the way to resist various attacks and robust routing in ubiquitous communication network.

Table 1 :
Example of the authenticator with  = 3.