1 / 58

Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks

Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks. McKenzie McNeal III Ph.D. Candidate for Computer & Information Systems Engineering Advisor: Dr. Wei Chen College of Engineering, Technology, and Computer Science March 15 th , 2012.

king
Download Presentation

Robust Networking Architecture and Secure Communication Scheme for Heterogeneous Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Robust Networking Architecture andSecure Communication Scheme for Heterogeneous Wireless Sensor Networks McKenzie McNeal III Ph.D. Candidate for Computer & Information Systems Engineering Advisor: Dr. Wei Chen College of Engineering, Technology, and Computer Science March 15th, 2012

  2. Outline • Research Background and Challenges • Problem Statement • Research Goal and Objectives • Key Related Work • Conceptual and Preliminary Design • Detailed Design and Implementation • Robust networking architecture • Secure communication scheme • System Evaluation and Test Results • Evaluation of robust networking architecture • Analysis of secure communication scheme • Benchmarking • Conclusion & Recommendations

  3. Research Background– Wireless Sensor Networks (WSNs) Low-end node (L-node) • Large collection of small wireless devices with the ability to sense, process, and transmit data. • Low cost solution to distributed applications • Military • Civilian • Limited resources • Power • Storage • Processing • Communication • Unreliable communication • Unattended operation • Operate autonomously • Homogeneous or Heterogeneous Low-end node (L-node) H High-end node (H-node) Homogeneous Wireless Sensor Network H H Heterogeneous Wireless Sensor Network (HWSN)

  4. Research Background– Security Concerns for WSNs • General security concerns for communication networks • Data needs to be protected • Unauthorized access • Protection against various attacks • Specific security concerns for WSNs • Resource constraints do not support traditional security methods • Attacks can drain network resources • Uncontrollable/hostile environment

  5. Research Challenges • Network Infrastructure • Reliability and availability • High performance • Leverage security tasks • Secured Data Communication • Data confidentiality, integrity, freshness & authentication • WSNs do not support traditional security methods • Function in presence of node compromise

  6. Key Related Work

  7. Key Related Work (cont’d) Summary of Limitations • No security oriented network hierarchy • Random key pre-distribution schemes encounter the key exchange issue • Large storage of pre-loaded keys • Large number of key exchanges • Localization information needed for establishing network architecture • No energy analysis for secure routing • Resilience against node compromise w/o tamper resistant hardware

  8. Problem Statement Novel security methods and models are needed for HWSNs to function in the presence of an attack. Heterogeneity provides hierarchy that leverages resource efficient security tasks. This dissertation research focuses on developing a robust networking architecture and secure communication scheme with an efficient key management system and secure routing protocol.

  9. Research Goal and Objectives Goal Address security challenges and develop a robust networking architecture and secure communication scheme for HWSNs with resource saving key management system and provide secure data communication and resilience against node compromise. Objectives • Define and develop robust hierarchical heterogeneous networking architecture • Design secure communication scheme based on the defined hierarchical HWSN • Key management system • Cryptographic algorithms • Secure and efficient routing protocol • Test and evaluate robust networking architecture and secure communication scheme

  10. Conceptual Design Security system that integrates a robust networking architecture and secure communication scheme for HWSNs Security System for HWSNs Robust Networking Architecture Secure Communication Scheme

  11. Conceptual Design Performance Requirements • Efficiency of computation – computation of cryptographic keys and data encryption should be fast • Efficiency of communication protocol – data routing/relay should have low latency • Efficiency of energy – computation and communication tasks for security should not drain the limited power of the sensor nodes • Long Network lifetime – networking architecture can be reconfigured

  12. Conceptual Design Security Requirements • Data confidentiality –secure channel to prevent information leakage • Data integrity – data should not be altered when transmitted from node to node • Data freshness – data should be up-to-date w/o any replay of old messages • Authentication – verify identity of source • Availability – preserve energy while providing security • Self organization –robustness to overcome node failures and node compromise

  13. Conceptual Design– General Idea SINK H H H H H Send Data Back Hierarchical HWSN: Data transmission by hierarchical architecture Flat HWSN: Data transmission by flooding What is the optimal way to design robust hierarchical networking architecture to support resource efficient security for HWSNs?

  14. Conceptual Design– Proposed Cluster-based Hierarchical Networking Architecture (CHNetArch) SINK SINK SINK SINK Cluster-head Cluster-head Robust Networking Architecture H-node H-node H-node H-node L-node L-node L-node L-node Cluster Cluster Cluster member Cluster member H H H H Reconfiguration Self-Formation Data routing/relay H H H H H H H H Complete graph

  15. Conceptual Design– Proposed Secure Communication Scheme H-node H-node Secure Communication Scheme Design Public key Shared Key Cluster-head (L-node) Secure Routing Protocol Cryptographic Algorithms Key Management System Cluster member (L-node) Key Pre-distribution Scheme Key Management Protocol Public Key Cryptography Shared Key Cryptography

  16. Detailed Design and Implementation – Robust Networking Architecture Construction of CHNetArch • General Assumptions • Communication range: H-node (D) and L-node (d) • Algorithms run in rounds. • Each round consists of 1 transmission, 1 reception, and data processing • Data Structures • H-node: list of L-nodes in its region, parent and children on the backbone tree • L-node: cluster head, region head • Cluster head: its cluster member list, the parent and children on the backbone tree CHNetArch Reconfiguration Self-Formation Data routing/relay

  17. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) CHNetArch Self-formation Head Rotation Node Move-in Node Move-out

  18. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) Self-formation of CHNetArch • Step 3 – Algorithm for BT formation • A – Regional backbone trees • Start at region head: region head becomes active • Rounds 1 – 3 • (1) The active nodes find children, then turn to inactive • (2) Then the children become active • The above process repeats until the regional backbone tree is complete • B – Connect Regional backbone trees • Sink and regional heads form a tree rooted at the Sink in the same way as regional backbone tree formation • Step 2 – Algorithm for cluster formation • A – Neighbor discovery • Round 1 • L-nodes broadcast their IDs and receive IDs • B – Clustering • Rounds 1 - 4 • L-nodes form clusters by choosing the neighboring node with the lowest ID to be its cluster head • Step 1 – Algorithm for region formation • Round 1 • H-nodes broadcast their IDs and L-nodes receive H-nodes IDs and select H-node with strongest signal Cluster member SINK Region head H-node SINK Cluster head Regional head L-node H H H H H H H H H H

  19. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) Theorem 1 Given a heterogeneous wireless sensor network (HWSN), its cluster-based hierarchical networking architecture (CHNetArch) can be formed in O(T) rounds, where T is the height of the backbone tree of CHNetArch.

  20. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) CHNetArch reconfiguration Node Move-in Head Rotation Node Move-out

  21. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) Reconfiguration of CHNetArch • Head Rotation • Round 1 – 2 • Head request remaining energy. • Cluster members send back energy amount. • Round 3 – 5 • Head chooses new cluster head • Head informs cluster members and parent and children on backbone tree of new head, then changes status to cluster member • Cluster members, parent and children update new head • Node Move-in • A – Join as cluster member • Round 1 - 2 • New node broadcasts a message to join at range d/4 and receives replies • Round 3 • New node chooses a cluster head with strongest signal and becomes cluster member • B – Join as cluster head • Round 3 – 5 • New node broadcasts a message to join at range d and receive replies • New node chooses a parent (cluster head with weakest signal) • Node Move-out • A – Leaving node is cluster member • Rounds 1 – 2 • Cluster member sends message to cluster head and receives reply, then leaves network • B – Leaving node is cluster head • Rounds 1 - 7 • Cluster head invokes head rotation then follows steps to leave network as cluster member

  22. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) Theorem 2 The reconfiguration of CHNetArch can be done in O(k) rounds, where k is the maximum number of neighboring nodes for an L-node.

  23. Detailed Design and Implementation – Robust Networking Architecture (CHNetArch) Data Routing/Relay • Data relay starts at u: u becomes active. • Round 1-2 • (1) The active node transmits the data to its parent, and becomes inactive. • (2) The parent becomes active. • The above process continues until the data reaches its final destination Sink H regional head Theorem 3 The data routing/relay of CHNetArch can be done in O(T) rounds, where T is the height of the backbone tree in CHNetArch. cluster head u cluster member

  24. Detailed Design and Implementation – Secure Communication Scheme Security System for HWSNs Robust Networking Architecture Secure Communication Scheme

  25. Detailed Design and Implementation – Secure Communication Scheme Secure Communication Scheme Design Key Management System Secure Routing Protocol Cryptographic Algorithms Key Pre-distribution Scheme Key Management Protocol Public Key Cryptography Shared Key Cryptography

  26. Detailed Design and Implementation – Secure Communication Scheme Cryptographic Algorithms Public-key cryptography • Elliptic Curve Cryptography (ECC) • Elliptic Curve Integrated Encryption Scheme (ECIES) • Used for public key encryption and decryption • Elliptic Curve Digital Signature Algorithm (ECDSA) • Used for authenticated broadcasting between region head and cluster head H-node H-node Public key Shared Key Cluster-head (L-node) Cluster member (L-node)

  27. Detailed Design and Implementation – Secure Communication Scheme Cryptographic Algorithms Shared-key cryptography • Symmetric key generation using bivariate polynomial • x and y are IDs • aijare large prime number coefficients • t is degree of the polynomial, where t is 50 H-node H-node Public key Shared Key Cluster-head (L-node) Cluster member (L-node) Security Property It requires t compromised nodes to attach the symmetric keys generated by bivariate polynomial

  28. Detailed Design and Implementation – Secure Communication Scheme Key Management System Key pre-distribution scheme • H-nodes • Temporary global symmetric key • ECC private/public key pair • L-nodes • Temporary global symmetric key • Private key of ECC pair Key management protocol • Type of keys • KG – pre-loaded temporary global symmetric key • K(x)pb/K(x)pr – public and private key for node x • Kuv – symmetric key shared between node u and v, Kuv = Kvu • Broadcast message • {sender.id, key(sender.id, [message])} • Unicast message • {sender.id, receiver.id, key(sender.id, receiver.id, [message])} H-node KG H-node Public key Shared Key Cluster-head (L-node) Cluster member (L-node)

  29. Detailed Design and Implementation – Secure Communication Scheme Key Management Protocol Key distribution along with CHNetArch self-formation Purpose: • Guarantee network architecture formation is secure • Distributed keys will also be used for secured data routing/relay How to distribute the keys? • In region formation, K(H)pb (encrypted by KG) is broadcasted to all L-nodes. • After the backbone tree is formed, Each region head H sends L-node list (encrypted by K(H)pr) in its region to the basestation/sink. • The basestation sends the public key list (encrypted by K(H)pb) of the L-lodes to region head H. Cluster member SINK Cluster head Regional head H H H H H

  30. Detailed Design and Implementation – Secure Communication Scheme Key Management Protocol CHNetArch self-reconfiguration • Key used for reconfiguration: • Kuv – symmetric key shared between nodes u and v • Head rotation, node move-in, and node move-out use Kuvfor any transmission from u to v • Sender: {u.id, v.id, Kuv(u.id, v.id, [message])} • Receiver decrypts message using Kvuand compare plaintext (u.id, v.id)with encrypted text (u.id, v.id)

  31. Detailed Design and Implementation – Secure Communication Scheme Secure Routing • Key used: • K(H)pb/K(H)pr – public and private key of region head • K(u)pb/K(u)pr – public and private key of cluster head or cluster member • Kuv – shared key between u and v • H-node to H-node • {H1.id, H2.id, K(H1)pr(H1.id, H2.id, [message])} • Cluster head to H-node • {u.id, h.id, K(u)pr(u.id, h.id, [messasge])} • Cluster member to cluster head • {u.id, v.id, Kuv(u.id, v.id [message])} H2 H1 u v u v

  32. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Timeslot MAC Protocol 1 2 3 4 5 … i … M-1 M • TDMA • Used for broadcasting during region formation • Number of H-nodes known • Assigned fixed timeslots 1 Timeslot Encrypt Transmit Decrypt

  33. System Evaluation and Test Result– Evaluation of Robust Networking Architecture MAC Protocol Transmission in a random timeslot Receive • CSMA/CA • Used for unicast • Nodes transmit at random timeslot in each frame Timeslot 1 Timeslot … … … … 0 0 0 0 1 1 1 1 k-1 k-1 k-1 k-1 Encrypt Transmit Decrypt Frame 1 Frame 2 Frame 3 Frame 4

  34. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Data Packet Structure and Size • Total packet size: 28 bytes • Initialization vector (IV) • Destination (DST) • Active message type (AM) • Length of message (LEN) • Source (SRC) • Counter (CTR) – 216 different messages • Encrypted data • Data • MACode (also known as MAC) – check integrity IV Encrypted Data DST (2 bytes) AM (1 byte) LEN (1 byte) SRC (2 bytes) CTR (2 bytes) DATA (16 bytes) MACode (4 bytes)

  35. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Proposed AM Types for CHNetArch Formation

  36. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Formulas based on clustering algorithm and MAC protocols were used to evaluate the time complexity and energy consumption for CHNetArch formation and reconfiguration Variables used for evaluation of time complexity and energy consumption

  37. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Examples of formulas for CHNetArch formation • Time complexity for region formation • TRF – the time it takes to complete region formation • THSE – the time it takes an H-node to perform symmetric encryption • TLRx – the time it takes an L-node to receive a message • TLSD – the time it takes an L-node to receive a message • Energy consumption for region formation • ERF – the total energy consumed during region formation • EHSE – the energy consumed by an H-node to perform symmetric encryption • EHTx – the energy consumed by an H-node to transmit a message • ELRx – the energy consumed by and L-node to receive a message • ELSD – the energy consumed by an L-node to perform symmetric decryption

  38. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Sensor node modeling • Time and energy consumption for communication operations on MICAz • Storage, time, and energy consumption for using AES-128 on MICAz • Storage, time, and energy consumption for using ECC on MICAz • Storage and energy consumption for using ECDSA on MICAz • Storage and energy consumption for using MACode: CMACode

  39. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Simulation Environment • 500 x 500 meter sensor field • 20 H-nodes • 1000 – 3000 L-nodes (increments of 500) • H-nodes communication range: D = 250 meters • L-nodes communication range: d = 60 meters

  40. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Number and size of clusters in CHNetArch Number of clusters Average size of a cluster

  41. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Time and Energyconsumption for CHNetArch formation Energy consumption Execution time

  42. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Time and Energyconsumption for each phase of CHNetArch self-formation Energy consumption Execution time

  43. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Percentage of e/E, where e is the energy used for CHNetArch formation, and E is the total energy amount for two AA batteries in each L-node

  44. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Time and Energyconsumption for each phase of CHNetArch reconfiguration Execution time Energy consumption

  45. System Evaluation and Test Result– Evaluation of Robust Networking Architecture Time and Energyconsumption for data routing/relay Execution time Energy consumption

  46. System Evaluation and Test Result– Analysis of Secure Communication Scheme Evaluation of Key Management System • The following variables help define the number of keys stored in CHNetArch • Nh – number of L-nodes in a region where h is region head • Kh – number of neighboring H-nodes of an H-node h • Nch – number of cluster members in a cluster where ch is cluster head • Kch – number of neighbors on backbone tree for cluster head ch • Nc – number of clusters in CHNetArch, which is same as number of cluster heads • Let Ah be number of keys stored by a regional head: • Let Bch be the number of keys stored by a cluster head: • Let Ccm be the number of keys stored by a cluster member:

  47. System Evaluation and Test Result– Analysis of Secure Communication Scheme Evaluation of Key Management System • The table of variables help define the number of keys stored in CHNetArch • Let Ah be number of keys stored by a regional head: • Let Bch be the number of keys stored by a cluster head: • Let Ccm be the number of keys stored by a cluster member: • Let Kall be the total number of keys stored in CHNetArch:

  48. System Evaluation and Test Result– Analysis of Secure Communication Scheme Evaluation of Key Management System Number of stored keys

  49. System Evaluation and Test Result– Analysis of Secure Communication Scheme Evaluation of Key Management System Memory needed to store security algorithms and keys on a cluster head and cluster member • Cluster member • two 160-bit keys for ECC • one 128-bit shared key • Cluster heads • Two 160-bit keys for ECC • One 128-bit shared key with each cluster member • One 128-bit shared key with backbone neighbors • For symmetric polynomial • q = 296 • (t + 1)log2 q = 0.612 KB • 44% of memory use for security

  50. System Evaluation and Test Result– Analysis of Secure Communication Scheme Security Analysis • Provides data confidentiality • Public key and shared key cryptography • Provides data freshness • Counter in IV ensures at least 216 different messages • Provides data integrity • MACode computer over data packet can be verified by receiver • Provides data authentication • Sender and receiver IDs are sent in plain text and encrypted text • Compare for verification

More Related