Mobile Device Based Dynamic Key Management Protocols for Wireless Sensor Networks

In recent years, wireless sensor network (WSN) applications have tended to transmit data hop by hop, from sensor nodes through cluster nodes to the base station. As a result, users must collect data from the base station. This study considers two different applications: hop by hop transmission of data from cluster nodes to the base station and the direct access to cluster nodes data by mobile users via mobile devices. Due to the hardware limitations of WSNs, some low-cost operations such as symmetric cryptographic algorithms and hash functions are used to implement a dynamic key management. The session key can be updated to prevent threats of attack from each communication. With these methods, the data gathered in wireless sensor networks can be more securely communicated. Moreover, the proposed scheme is analyzed and compared with related schemes. In addition, an NS2 simulation is developed in which the experimental results show that the designed communication protocol is workable.


Introduction
In recent years, wireless sensor networks (WSNs) have been used to extensively monitor physical environments, emerging as an important component in the fusion of wireless networks.These tiny sensors make use of wireless communication to process data and require security protocols for safety during communication.The sensor, however, has limited scope as a result of its power supply and the distance of the wireless communication.Due to this limited power and delivery distance, multihop methods are used to transmit data.Thus, the sensor can monitor the environment and process the data collected from the networks, transmitting it to cluster nodes or a base station.Due to the use of wireless communication, latent attacks on data frequently occur during transmission.
WSNs [1,2] have certain characteristics that make them adaptable to various areas, including their small size and low costs.The advantage of these sensors is that their small size with smaller memory size makes them portable but limits their capabilities in high cost operations.Due to these properties, this study proposes a combination of low-cost operation and user authentication to enhance security in WSN communication.
A key management procedure is an essential constituent of network security.Symmetric key systems require the keys to be kept out of reach of potential attackers.Because of the resource constraints and the lack of the infrastructure support, key distribution and management are much more difficult in WSNs than in their traditional wired and wireless counterparts [3].
Public key-based asymmetric cryptographic algorithms [4] are not suitable for sensor networks.This is why new security protocols or mechanisms need to be proposed to meet the new emerging security requirements for WSNs.The symmetric key approach is an appropriate cryptography for wireless sensors due to its low energy consumption and simple hardware requirements, but the distribution of symmetric keys into sensor nodes presents a significant challenge [5].Many researchers [6][7][8][9][10][11] have focused on this area recently and proposed several key management schemes to establish the session key between sensor nodes.However, these schemes [6][7][8][9][10][11] do not support mobile users directly accessing cluster node data via mobile device.For example, the administrators of farms or nuclear power plants can use mobile devices to gain access to the monitor data at any time from any place, rather than logging into the monitor system.Moreover, as sensor networks have energy and computational constraints, it is therefore necessary to maintain a balanced security level with respect to those constraints.
Since sensor networks can be used in a variety of applications, such as military sensing and tracking, environmental monitoring, patient monitoring and tracking, smart environments, and disaster management, this study envisages many applications in which people could navigate through sensor networks using common omnipresent devices (such as a mobile phone or a personal digital assistant) at any time and from anywhere.Since a mobile device is more portable and personal than a personal computer, it is more convenient for operating certain applications.
Some applications [12][13][14] have proposed novel solutions to remote user authentication by using smart cards.The smart card is a processor that can compute some low-cost operations, such as one-way hash function and exclusion-OR operation.In the proposed system, each user is issued with a smart card for login and authentication.These lightweight operations are similar to the processors of sensor nodes in WSNs.In addition, there have been authentication schemes based on the ElGamal cryptosystem [15,16] that belong to a public key cryptosystem.Owing to their high operation costs, these schemes are not suitable for WSNs.
Password-based authentication is the most widely used method for remote user authentication.Existing schemes can be categorized into two types: the weak password approach and the strong password approach.The weak password approach is based on the ElGamal cryptosystem.Its advantage lies in the fact that it does not need a user ID-password table to verify the validity of the user login.Unfortunately, the weak password approach places a heavy computational load on the system, and remote sensor nodes lack the capacity for rendering the system applicable to WSNs.The strong password approach is based on one-way hash function and exclusive-OR (XOR) operations.The one-way hash function ℎ( ) has the following properties: (1) ℎ() is relatively easy to compute for any given , making both hardware and software implementation practical.(2) For any given value , it is computationally infeasible to find  such that ℎ() = .(3) For any given block , it is computationally infeasible to find  ̸ =  with ℎ() = ℎ().This is sometimes referred to as weak collision resistance.Das et al. [17] proposed a dynamic IDbased remote user authentication scheme in 2004.It requires much less computation and needs only simple operations.For this reason, this scheme has certain advantages when applied to a WSN environment.
In 2002, El-Fishway and Tadros [18] proposed a user authentication scheme oriented for mobile users using the Global System for Mobile Communication (GSM).The advantage of using GSM is that there is no central certification authority, but the scheme requires high computation costs by the public key system.Thus, a user authentication scheme of the public key system is unsuitable for WSNs.In 2010, Chen [19] proposed a mobile DRM mechanism based on PKI (Public Key Infrastructure).He also emphasizes that the mobile device should be operated in a lightweight environment.
In this paper, we use some lightweight operations (such as symmetric encryption/decryption, hash function) to implement a dynamic key management scheme.The proposed scheme also supports a direct accessing of cluster node data by a user via mobile device at anytime from anywhere and provides more security analysis; refer to related works.The organization of the remainder of the paper is as follows.In Section 2, the proposed protocol is presented.In Section 3, several familiar attacks and the performance of the proposed scheme are analyzed.Comparison is also made with other related schemes in Section 4. Finally, Section 5 offers conclusions.

The Proposed Scheme
2.1.Notations.The following is the introduction to the notations that will be used in our scheme.ℎ( ) is a one-way hash function.
Cert  is the th mobile user's digital certificate.
ID mob is the identity of the th mobile user.
ID  is the identity of the th cluster node.
ID  is the identity of the base station.
RND is a random number generated by mobile user.PW is the mobile user's password.  () is the th updated session keys of the th cluster node, where   () = ℎ(  (−1) ,   (−2) ), with   (0) = ;   (1) = , and  and  are the initial random numbers. req is request message issued by mobile user.
is the latest information received from the cluster node. upd-key is the message of the updated key.(msg, ) is the symmetric encryption of the infrastructure that makes use of key  to encrypt msg.(, ) is the symmetric decryption of the infrastructure that makes use of key  to decrypt the ciphertext . ?=  compares whether  is equal to  or not.

Environmental Conditions
(1) As a general rule, hundreds or even thousands of sensor nodes are deployed in a WSN.In this paper, cluster management is used to transmit data.Additionally, the deployed sensor nodes are divided into different regions so that each sensor node can transmit data in the effective range [9].
(2) In each of the regions, a sensor node is chosen automatically as a cluster node [20][21][22].These related algorithms are similar to those used by Park and Corson [23], Perkins and Royer [24], and Johnson and Maltz [25].Once the cluster node has received a certain number of packets, the data is transmitted to the base station.The user can also use a mobile device to access data from the cluster node.To achieve better performance and security, a heterogeneous sensor network model consisting of a small number of powerful high-end sensors (H-sensors) (e.g., PDAs or cellular phones) and a large number of low-end sensors (L-sensors) (e.g., the small MICA2 sensors, manufactured by Crossbow Technology) are adopted [26].L-sensors are ordinary sensor nodes with limited computation, communication, energy supply, and storage capability.The transmission paths of the sensor network are shown in Figure 1.Additionally, in a heterogeneous sensor network (HSN) [27,28], more types of different nodes with different levels of battery energy and functionality are employed.It may be argued that, by using a few designated nodes with complex hardware, extra battery energy, and additional functionalities, while keeping the rest of the nodes simple, the total cost of hardware in the network can be minimized to offer a longer life span.
(3) Once each of the cluster nodes is dispatched from the factory, it is preset according to the parameters   and  −1 .A new key is generated by a one-way hash function (e.g.,   = ℎ(  ,  −1 )) to communicate with the base station.
(4) When the cluster node has received a certain number of packets, the data is arranged, encrypted, and transmitted to the backend base station.When the base station receives the packet from the cluster node, it will update the cluster node's key, successfully decrypting the ciphertext to the next communication.
(5) Since the size of the sensor node is limited, its memory capacity is also limited.The memory capacity of each sensor node is 512 K bytes.When the security of the WSN is enhanced, the memory capacity of sensor nodes should also be taken into account.
(6) The CPU is fixed in the sensor node to handle and calculate the data.This limited size and power supply only allowed for a low-end CPU model such as the StrongARM [29] from Intel and ATmega [30] from Atmel, which are commonly used.

Registration Phase.
In order to allow mobile users to directly communicate with cluster nodes at anytime from anywhere, in the registration phase, mobile users register with a base station, which will send a certificate to the mobile users.After registering, the mobile users can communicate directly with the cluster node.
The cluster node will receive the authenticated data from the base station if a mobile user chooses to receive data.Since the cluster nodes are predeployed in advance, it is assumed that the communication channel is insecure between the cluster node and the base station in the registration phase.Unlike the communication between the cluster node and the base station, the communication channel is secure between the mobile user and the base station in the registration phase.The proposed registration phase is divided into the following steps.The scenarios are shown in Figure 2.
When a mobile user wants to communicate with the cluster node, it must obtain a digital certificate Cert  from the base station in advance.The mobile user makes a request message  req and chooses a password PW and random number RND.The mobile user transmits ( req , ID mob , PW, RND) to the base station via the secure channel.
Once the base station receives the above request message from the mobile user, the base station issues a certification Cert  , to determine the correct cluster node ID  , allowing the mobile user to communicate and compute The base station stores (ID mob , ID  ,   () , ) in its database.
The messages (Cert  , ID  ,   () ) are transmitted to the mobile user.At that moment, the base station uses   () to encrypt RND as a complete packet  clu in the following manner: Then, the  clu is transmitted to the cluster node.
(3) Upon receiving the packet  clu , the cluster node uses the session key   () to decrypt  clu and obtain ID mob and the random number RND: Base station Cluster node Mobile user (1) Selecting (ID mobk , PW, RND) (M req , ID mobk , PW, RND) Figure 2: The registration phase protocol.

Base station
Cluster node Figure 3: The communication phase protocol between the base station and the cluster node.

The Communication Phase Protocol between Base Station and Cluster
Node.This study proposes a dynamic key management mechanism with two keys preset in each sensor node, cluster node, and a new key for the next round generated by the previous two keys.
The new session key is updated after each round between the base station and the cluster node.The cluster nodes periodically respond to the collected data sent to the base station.The proposed protocol is divided into the following four steps, as shown in Figure 3.
The cluster node uses the preset parameters  and  to generate a session key When the deployed cluster node returns the collected information   , the cluster node will transmit the information to the base station periodically.The cluster node uses   () to encrypt   as a complete packet  BS : Together with the code ID  of the cluster node, ( BS , ID  ) is transmitted to the base station.
When the base station receives the packet from the cluster node, it confirms the code ID  of the cluster node and seeks the session key   () of that cluster node in the database.
() is used to decrypt   as follows: Therefore, the base station can receive the collected data   from the cluster node.It can then access this information and send the finished message  finish to the cluster node.At that moment, the base station uses   () to encrypt  finish .The encrypted data  1 will be returned to the cluster node: (3) Cluster node → base station: ( 2 , ID  ).
When the cluster node receives the returned data from the base station, it uses the session key   () to decrypt  1 as follows: The cluster node updates the session key, and (  (−1) and   () ) are used to generate a new session key   (+1) At that moment, the cluster node uses   (+1) to encrypt the updated key message  upd-key as a complete packet and sends ( 2 , ID  ) to the base station.
(4) The base station receives the packet from the cluster node and uses   (+1) to decrypt and obtain the message  upd-key as follows: Mobile user Base station Cluster node For the same reason, the base station will use the   () and   (+1) to update the new session key   (+2) for the next transaction:

Communication Phase Protocol between Mobile User, Cluster Node, and Base Station.
The mobile user can also obtain the data from the cluster node through the communication phase.When the cluster node receives the request, it authenticates the identity of the mobile user.If the mobile user is authenticated as legal, the cluster node will transmit the collected data to the mobile user.When the mobile user receives the data from a cluster node, it can use the session key of the cluster node to decrypt it.If the key is overdue, the user should communicate with the base station to update the session key and decrypt the received data.These scenarios are shown in Figure 4.
When the mobile user wants to obtain data from the cluster node, it uses the last transaction session key with the cluster node,   () , to encrypt password PW, ID mob , and ID  : The mobile user transmits ( req , ID mob ) to the cluster node.
The cluster node receives the packet from the th mobile user and uses the last transaction session key with the mobile user,   () , to decrypt and obtain the complete message: The cluster node computes   as follows: It then uses the key   () to encrypt   as follows: It then transmits the packet ( auth , ID  ) to the base station.
The base station receives the packet ( auth , ID  ) from the cluster node, which uses the key   () to decrypt the packet  auth as follows: The base station verifies whether or not ID mob exists in the database.If it can be found, the base station will verify If the equality is not held, the base station abandons the packet; otherwise, the base station uses   () to encrypt the acknowledgement message ack as a packet  ack : and ( ack , ID  ) is then transmitted to the cluster node.
When the cluster node receives the packet ( ack , ID  ), it uses the session key   () to decrypt the acknowledgement message ack to confirm whether or not the mobile user has registered with the base station: The cluster node then makes use of   () to encrypt the collected information   received from the sensor node and the identification code ID  as follows: Together with ID  , ( resp , ID  ) is transmitted and sent to the mobile user as a complete packet.
(5) After the base station receives the packet ( resp , ID  ), it uses the session key   to decrypt and obtain the message   : (  , ID  ) =  ( resp ,   () ) .
(6) Mobile user → base station: (  user , ID mob ).Since the base station and the cluster node communicate periodically, the cluster node's session key   () is updated for each transaction.Thus, the mobile user's key is likely to be overdue, and the key cannot decrypt  resp smoothly.This means that the key should be updated.The mobile user computes  as follows: Later,  is used to encrypt the ID mob and Cert  as a complete packet   user , which is generated as follows: and (  user , ID mob ) is then transmitted to the base station.(7) Base station → mobile user: ( newkey , ID  ).
After receiving the message   user , the base station uses  to decrypt and obtain the message (ID mob , Cert  ) as follows: The base station uses its public key to verify the digital certificate Cert  and finds the current cluster node's session key    .The base station uses  to encrypt    : Along with the codes ID  , it is transmitted to the mobile user as a complete packet ( newkey , ID  ).
(8) Once the mobile user receives the packet from the base station and uses  to decrypt and obtain the    , The mobile user can use the new session key    to decrypt the collected message   from the cluster node.

Prevention of Malicious Guessing Attack
Adversary Model 1. Attackers try to intercept sensitive information by guessing the sensitive information.
In the proposed protocol, dynamic key management is used between the cluster node and base station.After a given time, the base station updates the session key with the cluster node.Thus, even if attackers do intercept the sensitive information, they will gain no relevant knowledge about the session key.In this scheme, the base station and cluster nodes update the session key at the end of communication for every round.This communication enhances the security between the base station and the cluster node.

Prevention of Replay Attack
Adversary Model 2. Attackers try to intercept data and retransmit it maliciously or fraudulently repeat or delay it to achieve the purpose of the attack.
In the proposed protocol, the encryption key   () is refreshed for each communication.Therefore, the attackers have no opportunity to achieve the purpose of the attack.

Prevention of the Falsification Attack
Adversary Model 3. Attackers try to impersonate a legal user to achieve a falsification attack.
In the communication phase protocol (Figure 4), the mobile users use the session key   () to encrypt the PW, ID mob , and ID  into a complete packet  req .Once the base station receives the packet, it verifies   ?
= .If it is not correct, the cluster node will abandon the packet.The base station can authenticate the mobile user via this authentication mechanism.Therefore, the proposed scheme can prevent the attackers from impersonating a legal user.A cryptography mechanism can be used between the mobile user and the cluster node to encrypt data in order to prevent man-in-the-middle attacks, such as Thus, malicious attackers cannot falsify the protected data.At the end of the communication, the cluster node updates the session key, preventing the attacker from obtaining the node and accessing the protected data.For the same reason, the attacker cannot obtain the protected data   , encrypted into  BS (see step 1.2 of Figure 3).Therefore, this scheme can prevent man-in-the-middle attacks.

Dynamic Key Management Attack
Adversary Model 5. Attackers try to guess the key repeatedly.
In the proposed infrastructure, for each data transmission, a new key is generated from the previous two keys.For example, if the session keys of the first transaction are   (0) = ;   (1) = , where  and  are the initial random numbers, the th updated session key of the th cluster node is   () = ℎ(  (−1) ,   (−2) ).Because of the secure oneway hash chain, an attacker in possession of the current session key cannot obtain the last session key.This dynamic key management reduces the possibility of attackers correctly guessing the key from the key chain and using it repeatedly.

The Captured Node Attack Analysis
Adversary Model 6. Attackers try to capture nodes and thus obtain sensitive information.
For the mobile user and cluster node transmission or cluster node and base station transmission, the proposed scheme adopts the hash function to generate a one-way key chain   () ,   (+1) , and   (+2) to encrypt messages, because the one-way hash function can prevent attackers from inverting the key.Therefore, even if an attacker captures a node, he/she cannot gain access to sensitive information.This mechanism is similar to point 5.

Performance Analysis.
This study considers the ramifications of using applications in two different environments: hop by hop transmission of data from cluster nodes to the base station (Figure 3 scenario) and mobile users directly accessing cluster node data via mobile device (Figure 4 scenario).In Table 1, the time complexity in the communication phase is analyzed, and the communication cost of the proposed scheme is analyzed in Table 2.
At the end of this section, the communication values and data transmission times are summarized in Table 2.The length of hash function || is 160 bits; it is assumed that the 256-bit pseudorandom number generator is used to generate RND.In order to simplify the length of messages, it is also assumed that the lengths || of ID and PW are also 256 bits, the length of digital certificate |Cert| is 1024 bits, and the length of symmetric ciphertext || is set to 192 bits.As shown in Table 2, the two relative transmission rates are 1 Mbps and 3.6 Mbps.Note that, within the environment of 3.6 Mbps, the longest communication cost is required by the communication phase, while the data transmission time is only 0.093 ((6|| + 6||)/(3600 * 8)) milliseconds.
A simulation based on NS2 (Network Simulation 2) is developed, as shown in Table 3.
The IEEE 802.15.4 standard is used in NS2, with an operating frequency of 2.45 GHz, and 10 dBm for transmitting power and receiving sensitivity for −103 dBm.The initial battery type is CR2303.The mobility model is based on the ad hoc model.The sensor nodes are deployed uniformly in a 1000 m × 1000 m field.The simulation lasted for 10 ms.Each simulation was run 50 times (TCP Data Flow).The average throughput of the proposed scheme is shown in Figure 5.
The chip rate of IEEE 802.15.4 in a 2.45 GHz frequency band is 2 MHz, and the chip rate length is 32 when chip period   = 0. Based on the results above, in the registration phase, the average throughput in the 3.6 Mbps frequency band is 20.32 K bps.In the communication phase (base station and cluster node, as in Figure 3), the average throughput is 8.365 Kbps.In the communication phase (mobile user, cluster node, and base station, as in Figure 4), the average throughput is 19.171Kbps.
In the registration phase, the average throughput in the 1 frequency band is 72.648Kbps.In the communication phase (base station and cluster node, as in Figure 3), the average throughput is 30.351Kbps.In the communication phase (mobile user, cluster node, and base station, as in Figure 4), the average throughput is 62.3 Kbps.According to the IEEE 802.15.4 standard in 2.45 GHz, the maximum transmission rate is 250 Kbps.The communication protocol designed has a rate much lower than 250 Kbps.
In the following section.A comparison of the average throughput of the related works for various different phases in 3.6 Mps and 1 Mps frequency bands is shown in Figure 5.

Discussions
In this section, a comparison is made with the related works in Table 4.A complete security analysis has been presented for the proposed scheme.These security issues include malicious guessing attacks, replay attacks, falsification attacks, man-in-the-middle attacks, dynamic key management attacks, and captured node attacks.The security analysis of the proposed scheme is more complete; refer to "Cheng and Agrawal's scheme [6]" and "Liu and Ning's scheme [7]."Compared with the partial analysis of "Cheng and Agrawal's scheme" and "Liu and Ning's scheme," the proposed scheme is more complete.Moreover, the proposed scheme also supports direct accessing of cluster node data by a user via mobile device at any time, from anywhere.Cheng and Agrawal's scheme did not propose a clear application.These works were not specific with regard to time complexity, communication cost, and storage cost.The proposed scheme adopted the symmetric encryption/description algorithm, thus making the time complexity, communication cost, and storage cost of key computation are specific.Alcaraz et al. [27] offer a complete analysis of key management schemes (KMS), which provides information on how different protocols fit with the properties.Apart from this, it also offers a comprehensive review on how the application requirements and the properties of various key management schemes influence each other.However, it does not provide accessing of cluster node data via mobile device and give a clear illustration of time complexity analysis, communication cost analysis, and storage cost.

Conclusions
This study proposed two schemes for accessing collected data through dynamic key management in heterogeneous and homogenous WSN environments.In addition to allowing the base station to periodically collect data from the cluster node, mobile users can also communicate with the latest cluster nodes with immediacy and mobility.
In this study, we use some lightweight cryptography mechanisms (such as symmetric encryption/decryption, hash function, and random number) to implement a dynamic key management scheme.A performance analysis of time complexity and communication cost was also conducted.Compared to related works, this analysis is clearer.An NS2 simulation was developed, in which the experimental results show that the designed communication protocol is workable.Therefore, regardless of the security analysis, time complexity, and communication cost, our dynamic key management is an appropriate mechanism for wireless sensors network.

Figure 1 :
Figure 1: Transmission paths of the sensor network.

Figure 4 :
Figure 4: The communication phase protocol between the mobile user, the cluster node, and the base station.

Table 1 :
The time complexity of the proposed communication phase.  : the time complexity of using symmetric decryption algorithm;   : the time complexity of using symmetric encryption algorithm;   : the time taken to execute the hash function;  COMP : the time for comparing operation.

Table 2 :
The communication cost of the proposed scheme.
3.1.4.Prevention of Man-in-the-Middle AttackAdversary Model 4. Attackers have the ability to both monitor and alter or inject messages into a communication channel.

Table 3 :
Parameters used in the simulation environment.
Figure5: The comparison of the average throughput of the proposed scheme in various different phases.Remark: 1, 2, and 3 denoted in the top row of the table are the transmission time of the registration phase, communication phase protocol between the base station and the cluster node, and communication phase protocol among the mobile user, the cluster node, and the base station, respectively.

Table 4 :
Comparison of the related works.