| Wireless senor network can be used in many areas, military field, intelligence live, environmental science, industry agriculture and so on; the security of wireless sensor network received more and more attention. Especially in military applications, data confidentiality is particularly important, Key management mechanism is the base of secure communications in wireless sensor network. The hardware capabilities of sensor nodes are limited, and WSN has usually no infrastructure support, therefore, the key management scheme used in the traditional network can not be applied to WSN.Due to the characteristics of wireless sensor networks itself, the Key management scheme used in WSN should meet the following Indicators: Scalability, efficiency, key connectivity, resilience, It should also meet the security needs of the traditional network: availability, integrity, confidentiality, authentication. A sensor node should not decrypt the ciphertext transmitted in WSN after it left the network or before it joins in the network.There are some deficiencies in the key management scheme we now used:EG: the key connectivity is uncertain. With the enlargement of the network, the senor nodes have to keep more keys. Once some nodes be compromised, the influence to other nodes is very tremendous. Resilience is not good; the keys of the compromised nodes can still be used to decrypt the message transferred in WSNKDC: Network size is limited by the capability of base station, the communication overhead of key establishment is too large, In addition to calculating the reply message, and nodes have to do additional encryption and decryption operations.RS: the scheme exists a threshold, when the number of compromised nodes exceeds the threshold, the resilience sharply decreases. The network size is also limited by the threshold, it is hard to extend, however, in the scheme, nodes need to store polynomials.LEAP: the resilience is good, but Scalability is bad. Computational cost and communication cost are great, so is the storage requirement.Our scheme includes support for establishing five types of keys due to different communication patterns:1. a initial group key that is shared by all the nodes in the network, used to ensure the safety of message between nodes in network initialization phase.2. a pair key ,cluster head shared a pair key with neighbor cluster head. 3. a cluster key, Ordinary node shared a cluster key with cluster head, each node can update the key periodically on its own.4. a private key, each node shared a private key with the base station, node use the key to encrypt message between base station and itself.5. a extend key used for new nodes join in WSN. Our key management scheme has the following properties:Five types of keys establishing in Our scheme help to improve network security, Any two nodes in the network are available through cluster key or right key is to establish a secure communication path, key connectivity is high.There is no threshold to limit network size, compared with other key management, our scheme has better performance, computational cost, communication cost and the storage requirement are all littler.We use cluster authentication scheme to make sure that the local broadcast messages are from the cluster head, an adversary can know the cluster key from a compromised node and inject the false packets.WSN is usually deployed in unattended environments. Nodes frequently invalidate because of energy exhausts or physical destroy, the key management should Support network expansion. The extend key is used for new nodes to join the network,Scalability of our scheme is goodcluster key is automatically updated without additional communication overhead Most outsider attacks are prevented since each message in WSN must be authenticated or encrypted before it is transmitted. If one or more sensor nodes has been compromised, our scheme can prevent the following attacks launched by an insider adversary:The adversary disguises nodes with the keys of compromised nodes, disposed them in the network, the nodes try to communicate with his neighbor nodes , Once accepted by the neighbors, they launch internal attacks.Sensor systems are often deployed in unattended environments. Our scheme cannot prevent the adversary from launching these attacks. Our scheme can thwart the consequences of these attacks. Attacks launched by an insider adversary that has compromised one or more sensor nodes.An insider attacker may try to spoof, alter or replay routing information, in order to increase routing loops, generating false error messages. The attacker may start the Selective Forwarding attack in which the compromised node partly holds back the routing packets. However, our scheme can reduce the consequences of the attacks. Ordinary node capture has no effect on the routing; cluster head only builds pair keys with its neighbors within a two-hop zone of itself. It is easy to find the attacks because the attacks are limited in so small a zone. When a compromised node is discovered, the base station broadcasts its ID, rekeying scheme can cancel the compromised node from WSN, Other nodes will be re-select a new reliable routing communication paths.In our scheme, the location of a sensor node is static, after the network topology is established. a node will know the rough number of hops it is away from the base station . So it is difficult for the adversary to build a super attractive path without being suspected. If the adversary attacks in network initialization phase which Cluster heads have not finished the pair key establishment with their neighbors, adversary can not join the network successfully without the initial group key.The attack that is most difficult to detect or prevent is one that combines the Sinkhole and the Wormhole attacks.In our scheme, a node knows all its neighbors except in the network initialization phase; the adversary cannot persuade two distinct nodes that they are neighbors. The adversary without initial group key cannot join in the network in the network initialization phase.In applications where the location of a base station is static, a node will know the rough number of hops it is away from the base station after the network topology is constructed.The key management has a good safety performance. |
PDF Full Text Request