Group Key Management for AVL Distributed Sensor
Networks
Shobha K
Sangeetha G M
Dr. Nalini N
Computer Science Engineering
Department,
Nitte Meenakshi Institute of
Technology, Yelahanka,
Bangalore,
Computer Science Engineering
Department,
Nitte Meenakshi Institute of
Technology, Yelahanka,
Bangalore,
Computer Science Engineering
Department,
Nitte Meenakshi Institute of
Technology, Yelahanka,
Bangalore,
[email protected]
[email protected]
om
[email protected]
om
ABSTRACT
Wireless sensor networks (WSNs) can be used by the military
for a number of purposes such as observing or tracking the
enemies and force security. Unlike commercial WSNs, a
planned military sensor network has different precedence
requirements for military usage. Especially in the remote
large-scale network security, topology, self-configuration,
network connectivity, maintenance, and energy consumption
are the challenges. Deployments of distributed wireless sensor
nodes are a result of wide range of applications, effortlessly
captured by opponent, resulting in the leakage of key. Also
the distributed Sensor Networks (DSN) is largely used in
areas of surveillance. Tracking and Traffic monitoring which
requires protected communications between the sensor nodes.
In this paper, we have implemented a Group key protocol and
computed partial key delivery time and Group key delivery
time for AVL tree. The performance of partial key delivery
time and Group key delivery time are for AVL tree are
compared with partial key delivery time and Group key
delivery time of binary tree.
Hence forth the methods by which we can enhance the
capability of network security in terms of authentication,
reliability and confidentiality to a DSNs must be taken under
considerations. Therefore to support the security series one
needs cryptographic key management techniques that
provides the secure communication amongst the nodes in a
network
Group key management protocol service has the following
advantages (a) virtually invisible to operator (b) no central
key distribution site is needed (c) only group member will
have the key (d) sender or receiver oriented operation (e) can
also make use of multicast communication protocols. Alone
key management services are difficult to meet the security
goals of confidentiality, reliability, integrity and
authentication to prevent from the security attacks on a DSNs.
Therefore group key management would serve the purpose of
achieving the security goals by optimizing the services of the
key management and also to define key distribution
functionalities.
Keywords
Wireless Distributed Sensor Network, AVL,
management, root node, child node, key distribution.
Key
1. INTRODUCTION
Recommender Sensor networks are composed by a large
number of devices. The sensor placement does not need to be
engineered or predetermined; random deployment on
inaccessible terrains and it implies self-organizing
capabilities. The sensor network applications are broadly
classified into these sectors (a) environmental/health
monitoring where in is used in habitat monitoring, integrated
biology, structured monitoring and (b) commercial control,
interactive where in is used in product quality monitor,
intrusion detection and so on. The sensor nodes in a network
are usually scattered in a field, sensors route toward the sink,
sensors relay on each other for multi-hop and sink
communication to user through internet or satellite. Therefore
it’s more vulnerable to either passive or active attacks which
include the unauthorized access of reading a message of a file,
modification of messages in a file and so on.
1.1 Key management
Key management is an important task in DSN and the
research work is been extensively carried away in this area.
Key management is the management of cryptographic keys in
a cryptosystem, which includes handling with the generation,
exchange, storage, use and replacement of keys and also
includes cryptographic protocol design and other relevant key
design protocols.
Successful key management is critical to the security of a
cryptosystem, since it may use different types of keys, with
some systems using more than one. They may include
symmetric keys or asymmetric keys also both. In asymmetric
keys there are two distinct keys that are mathematically linked
whereas symmetric keys involve identical for both encryption
and decryption of a message. The major issue in the key
management system is length of key use and therefore
requires frequency of replacement because this increases any
attackers required effort. The keys should be frequently
1
changed as this also decreases the loss of information as the
number of stored encrypted message which will become
readable when a key is found will decrease as the frequency
of key change increases. Therefore there are many challenge
concerned with the key management namely (a) complex
management: managing the methodologies of encryption keys
in bulk (b) security issues: vulnerability of keys from outside
hackers and malicious insiders (c) data availability: ensuring
data accessibility for authorized users (d) scalability:
supporting multiple database, applications and standards (e)
governance of data: control and protection for data.
1.3.1
Therefore without proper management this methodology
(key management) can become complex, costly and risk
prone. The key management challenges will only increase
over time as cryptography is employed more broadly within
as organization or in an infrastructure, driving up the number
and diversity of keys to be managed. Hence individuals
responsible for implementing cryptographic security needs to
become familiar with different approaches to key
management, key managements best practices and technology
alternatives for implementing these methodologies/ practices.
The dynamic group key distribution or transport is also known
as centralized group key management this protocol is a group
key establishment technique where a single entity which is
either known as centralized authority creates or otherwise
obtains a secret value and securely transfer it to the other
members. This practice leaves open whether the central
authority may be a group member. It is also possible to have
some trusted third party (TTP) as the central authority. Hence
a group key management protocol seeks to decrease the
storage requirements, computational power and frequency of
bandwidth utilization on both client and server sides. Hence
forth to optimize the performance of the centralized group key
management protocol they employ hierarchal fashion
schemes.
1.2 Group key management
Group key management is fundamental for a various security
mechanisms in a group communication and as well as group
applications. It allows n>=2 principals to agree upon a
common secret key this can further be classified into group
key agreement, where all the principals participate in the
construction of the key, and the group key distribution, where
the key is chosen by a single principal and is then securely
communicated to the others. Both these techniques can be
analyzed in the context of either static or dynamic groups.
The dynamic key establishment is rather known as group key
management (GKM), as it involves not only the initial key
establishment, but also efficient key management when the
group members join or leaves the group. Therefore, the
changes in membership may require that the group key is
refreshed. Such a refreshing procedure prevents a joining or
leaving group member from decoding messages exchanged in
the past or future, when he or she has recorded earlier
messages in their encrypted form that is either encrypted with
the old or new keys. However, establishing and managing the
group key among the valid member is a complex problem.
Group key management also refers to the set of
methodologies to create, maintain and destroy the group key.
The group key management on peer group is very
challenging, since (a) the group key has to be changed when a
new user joins or an existing group member leaves the group
in order to make sure strong security is maintained (b) it must
coordinate with other neighbour networks in order to assure
that the sub groups can still communicate securely and (c) to
assure and efficient in communication and computation.
Group key management protocols can be
classified into two main classes:
(1) centralized group key management protocols
(2) distributed group key management protocols
Centralized group key management protocols
Distributed group key management protocols:
Dynamic group key exchange is also known as decentralized
or distributed group key management. This protocol is a group
key establishment technique where a shared secret key is
derived by two or more group members as a function of the
information contributed by each of them, so that no group
member can predetermine the resulting value. Therefore, the
main difference from centralized group key management
protocols is that the no group member is allowed to choose
the group key on behalf of the whole group. However, in
many adversary protocols the processing time and
communication requirements increases parallel with respect to
members in a group.
The basic idea here is that every member can compute a group
key so that every other members keys in a tree are known.
After any group membership event, every other member
without any constraints adds or leaves (remove) some nodes
related with the events, and invalidates all keys. Here, both
group key management establishment techniques can be
analyzed in context of either static or dynamic groups. It is
always possible to establish the group key for the modified
group key restarting the protocol. However, this may be
inefficient and tedious if groups are in large in number and
also if the protocol is expensive in regards of communication
and computational costs.
2
5.
1.3 Advantages of group key management:
1.
2.
3.
4.
It allows multicasting.
It provides better robustness than networking
keying.
It is flexible.
It supports adjustable scalability.
1.4 Security properties of group key
management:
1.
2.
3.
4.
Perfect forward secrecy- it ensures when a key is
performed its actions, a group member cannot
decipher past messages encrypted with any of the
older data encryption keys(DEK). The messages
protected by encryption using a chosen key which in
the context of group communication is known as
data encryption key or session key.
Group forward secrecy: it prevents a leaving or
expelled group member from continued access to
group communications.
Group backward secrecy: it prevents a new group
member from decoding messages exchanged before
him / her joining the group.
Collusion resistance: it ensures that even all the
past group members who presently does not belongs
to the group collude, they fail to decipher group
messages that are encrypted with the current DEKs.
Whenever a node joins or leaves a DSN the Group
Key Changes. This is described by Ju-Hyung Don et
al [8].
3. Proposed model
In this section, we describe the implementation of the Group
Key Management protocol for an AVL Tree distributed
Sensor Network with multiple level sensor nodes and relay
nodes. This Group Key protocol is described by Biswajitb
Panja[]. The leaf sensor nodes collect data and forward it toits
parents. Each parent aggregates the data and forwards that to
the root node. The topology of the AVL tree DSN and the
identification of the nodes is as shown in figure (1)
2. RELATED WORK
1.
2.
Suresha; Dr Nalini [1] they have computed Group
Key for a Binary Distributed Sensor Network,
where all the nodes contribute their partial key in
computing Group Key. This is done in order to
ensure the secure communications of Distributed
Sensor Networks using a group key protocol and
computed partial key delivery time as well group
key delivery time. Therefore, the group key
provides most important security services such as
authentication, confidentiality and also is more
resilient to node capturing.
Biswajit Panja et al [7] provides security
information in DSN, as it is one of the most
important concept. They also describe preventionary
measures for active and passive attacks and
implementations of security services such as
confidentiality and authentication in DSN through
Group Hey Management protocols.
3.
The hierarchical sensor networks helps in providing
different access control policies at different levels
and Group Key Management Protocol provides
secured communication by removing comprised
nodes. The above issues are explained by Madaria
S.K et al [7].
4.
Bharat Bhargava et al [5] describes Hierarchical
Sensor Networks, and the generation of Partial Keys
and Group Key Computation in Distributed Sensor
Networks.
Figure (1): AVL Tree distributed Sensor Network
3.1 Partial key Computation
In this section, we explain the computation of partial key in
every node of DSN. The root sends a request message to the
leaf nodes to compute partial keys. The parent nodes compute
the partial keys by using the partial keys of children. As leaf
nodes don’t have any decedents, they generate random
numbers as their partial keys.
The parent of leaf node compute the partial keys using
function f (kl, kr) = a kl⊕kr mod q, where q is the prime
number a is a prime root and k1 and kr are partial keys. Using
bottom up approach, all non leaf nodes can generate their
partial keys.
3
We have selected a group key management protocol, where
all members contribute their partial keys for computing group
key.
3.3 Group key computation
The main purpose of the function f is to produce new partial
keys, using partial keys of children.
The function f must have the following properties.
In this process of calculating Group key, every sensor node
shares its partial key. The root node accumulates all partial
keys for the computation of group key from their decedents as
this is a bottom up approach.
3.3.1 Group key computation without blind
factor
Figure (1): AVL Tree distributed Sensor Network
1. Function f can be applied to a block of data size
which can be handled by sensor nodes.
2. Function f produces a fixed length of partial key
3. F(x,y) should be easy to compute in sensor nodes.
4. For any given t, it is computationally infeasible to
find x, y such that f(x, y) =t.
A unique number is generated by a sensor node of a DSN is
used as Blind factor. Initially root node will broad cast a
message to root nodes to compute partial keys. Then leaf
nodes generate random number and use them as their partial
keys and broadcast them to their parent node. The parent node
gets partial keys from their dissidents and then adds their own
partial key and rebroadcast it. Finally root node will compute
group key and broadcast it.
The above three properties assures that the DSNs are able
to process the data and operations, as nodes in DSN will have
less storage, communication and processing power. The
function f should produce a fixed length partial key to
guarantee that at time of generating partial key the root node
knows how many partial keys are received without any loss. If
the partial key length is variable, then it is not possible to
know if the root node received all partial keys without any
loss. The last property it to make sure that partial key
computation is a one way function so that the child node
cannot act as parent node. This protects the DSN from any
insider attack.
To protect the DSNs from outside intruder, a MAC is
computed using the partial key and one time symmetric key. It
is attached to the partial keys so that the parent nodes can
verify the authenticity of the partial key.
MAC provides authentication and encryption gives
confidentiality and these two are used in the computation of
partial keys and then group key, it can be said that group key
provides security for the data transmission.
3.2 Group key management
Key management plays an important role enforcing access
control on the group key and consequently on the group
communication. It supports the establishment and
maintenance of key relation ship between valid groups
according to a security policy being enforced on the group.
Figure (2): Group key Computation
The leaf nodes N1, N2, N3, N4 compute and broadcast the
partial keys. Parent node N10 gets partial keys KN1 and KN2
from its child nodes N1 and N2 and computes its partial node
4
KN1N2N10 from KN1 and KN2 and its own contributing
factor. Like wise Group key will be calculated by the root
node
GrpKey=KN1N2N10N3N4N11N00
The root node broadcasts the above Group key to all its
dissidents
Sl No
No. of Nodes
1
2
3
4
5
3
7
15
31
63
Partial key Delivery
time in sec
0.06
0.2
0.2
0.4
0.9
The figure (3) below shows graph of the partial key delivery
time taken for Binary tree distributed wireless sensor network
and AVL tree DWSNs.
4. Simulation
Here we assume a binary tree up to level3. The parameters
considered for partial key computation of the leaf nodes are
random numbers width 16 bits. The prime number is 343 and
prime root is 3.
The partial key is computed by the parent node is
F(kl,kr)=akl ⊕ kr mod q
Where q is a prime number a is prime root of q
Figure (3) Partial key delivery time
kl and kr are partial keys of children
The computation of the Group Key is explained in section
3.3.1 and is computed as
The group key delivery time, the time required for the group
key reach all the dissidents from root node, is computed and
results are shown in Table (2)
C=kN1N2N20
Table (2)
The Group key delivery time taken for AVL tree DWSNs
5. Results
We have computed the partial key delivery time by number of
nodes for a binary distributed network.
Table shows the partial key delivery time for AVL distributed
tree and the number of nodes
Table 1
The partial key delivery time AVL distributed DWSN
Sl No
No. of Nodes
1
3
Group key Delivery
time in sec
0.06
2
3
4
5
7
15
31
63
0.098
0.15
0.265
0.37
The group key delivery time, the time required for the group
key reach all the dissidents from root node, is computed and
results are shown in Table (2)
5
The figure (4) below shows graph of the group key delivery
time taken for Binary tree distributed wireless sensor network
and AVL tree DWSNs.
[5]
Biswajit Panja and Sanjay Madria;” Energy-Efficient
Group Key Management Protocolsfor Hierarchical Sensor
Networks”, International Journal of Distributed Sensor
Networks, 3: 201–223, 2007 Copyright © Taylor &
Francis Group, LLC;ISSN: 1550-1329 print/1550-1477.
[6]
2010 International Conference on Computer Design and
Applications (ICCDA 2010).
Figure (4) Group key delivery time
6. Conclusion and future work
In this paper, we have computed Group Key for a AVL
Distributed Sensor Netwok, where all the nodes are contribute
their partial key in computing Group key. The future may be
to compute Group key for other trees such as Mordered trees
and comparision can be made with respect to broad casting
delivery time of group key by implementing routing protocols
like AODV , LEACH etc, in a Binary DSN, and study the
security features of binary DSNwhen a node I sadddeded or
deleted.
7. REFERENCES
[1]
[2]
[3]
[4]
Suresha; Dr Nalini; “Group Key Management In
Distributed Sensor Networks,” International Conference
On Data Engineering And Communication Systems
ICDECS – 2011, RNSIT, Bangalore, INDIA On Dec 3031, 2011.
Kun Zhang; Cuirong Wang;,”A New Group Key
Management Scheme With Simple Hash Based
Authentication For Wireless Sensor Networks,” Computer
Design And Applications (Iccda), 2010 International
Conference On , Vol.2, No., Pp.V2-626-V2-629, 25-27
June 2010.
Dr. Nalini N, “Distributed Sensor Networks: An
Overview”, National Conference, NCAIT, SJBIT,
Bangalore, 2010. 20.
Hairong Qia,, S. Sitharama Iyengarb, Krishnendu
Chakrabartyc Journal of the Franklin Institute 338 (2001)
655–668;www.elsevier.com/locate/jfranklin.
6