Elsevier

Ad Hoc Networks

Volume 37, Part 2, February 2016, Pages 324-336
Ad Hoc Networks

Modified access polynomial based self-healing key management schemes with broadcast authentication and enhanced collusion resistance in wireless sensor networks

https://doi.org/10.1016/j.adhoc.2015.08.027Get rights and content

Abstract

Though lots of research results about self-healing key management under unreliable links have been proposed, there are still some shortcomings, such as the inefficiency of broadcasts, lack of broadcast authentication, limited sessions for key issues, disastrous risks of access polynomials, and the vulnerability of collusion attacks. In this paper, we propose two modified access polynomial based self-healing key management schemes with broadcast authentication and enhanced collusion resistance. First, two kinds of attacks are introduced to break the security of access polynomials. Then, a modified security model is given, and collusion resistance capability is redefined from the perspective of session interval from node revocation to node addition, which does not depend on the number of collusive nodes. Next, based on sliding window and modified access polynomial, Sch-I and Sch-II are proposed to achieve the security and tolerate packet losses, which allow pairwise keys between member nodes and group manager to be updated dynamically. Finally, theoretical analysis validates that the proposed schemes have δ self-healing capability, any-wise forward security and backward security, and enhanced collusion resistance capability, and can also avoid the flaws of access polynomials and reduce the resource consumption. Compared with existing schemes, they are quite suitable for practical applications.

Introduction

During the last decades, various applications have been benefitting from wireless sensor networks (WSNs), such as environmental monitoring, battlefield intelligence and reconnaissance, medical caring, intelligent home, industrial control, etc. [1]. However, in some harsh and critical environments, malicious attacks, including eavesdropping, DOS attacks, and packet tampering and infection, may disturb the network operations and degrade the network performance. Security issues should be considered carefully during the design of WSNs’ protocols to defense and tolerate these attacks [2]. Cryptography is typically used to provide the security, such as confidentiality, authentication, integrity, and availability [3]. As the core role of the security, key management is responsible for key distribution, updating and revocation for sensor nodes, and establishes security associations between sensor nodes [4], [5].

Due to the dynamic topologies, node mobility and interferences caused by environment noises or human, wireless links may change temporally and spatially, leading to random packet errors or losses. Consequently, the loss of the messages for key issues will make security keys asynchronous and security associations failed. Traditional methods to recover lost keys for each node, such as retransmissions, are inefficient. In 2002, Staddon et al. in [6] first addressed the problem of self-healing key management, and since then a lot of research results have been carried out [7]. In self-healing mechanisms, some redundant information should be added in the broadcast message, which enables nodes to recover lost session keys independently and non-interactively [7]. With the help of self-healing mechanisms, network transmissions and workloads of group managers can be greatly reduced, and the risk of network traffic analysis by attackers may also be minimized.

In accordance with mathematical methods used, the related researches include polynomials [6], [8], vector space secret sharing [9], bilinear pairings [10] and elliptic curve cryptography [11], etc. Since some features of polynomials can be utilized to make a better trade-off between security performances, computation complexity and resource consumptions artfully than other methods [7], we focus on polynomial based schemes in this paper to achieve better network performances. The polynomials used for self-healing mechanisms can be classified into three categories: secret sharing polynomial, revocation polynomial and access polynomial. (1) Staddon et al. in [6] first proposed some schemes based on secret sharing polynomial, which only resists t-revocation and can be broken by the Lagrange Interpolation method easily. Blundo et al. in [12] gave novel univariate polynomial based schemes, and an exponential algebraic method to handle the polynomial reuse problem, which also exists in [6] before. However, the backward security is lost. A modified exponential algebraic method was given in [13] to support long-lived group key distribution scheme with backward secrecy. The computation overheads of exponential algebraic methods are still too high to fit resource-constrained wireless networks. (2) Revocation polynomial was first proposed by Liu et al. in [14] and simplified by Hong et al. in [15], which further reduces the storage and communication overhead. Then, there appeared many related schemes based on revocation polynomial [8], [16], [17], [18], [19]. However, some security flaws still exist, which are already analyzed in [20], [21], and the communication overhead will increase with the number of revoked nodes. (3) Access polynomial was first proposed by Zou et al. in [22], [23] to restrict that only legitimate nodes can get the keys using their access information, which reduces the communication and storage overhead. Then, several schemes are proposed in [24], [25], [26], [27], [28], [29] to improve the security. However, there still exist some flaws. Due to the inappropriate random factor used, the scheme in [26] has fatal flaws that attackers can break the security, seen in Section 3.2. Wang et al. in [27] gave a modified mechanism, which has the enhanced security, but its communication overhead is still high. In addition, it was pointed out in [30] that the forward and backward security could not be guaranteed in the scheme [28]. Moreover, nearly all access polynomial based schemes [22], [24], [25], [26], [27], [28], [29] are vulnerable to a disastrous attack called Polynomial Factorization [31], [32], [33], which makes the roots of access polynomials and even the secret information exposed to attackers easily, seen in Section 3.3.

On the other hand, the methods for constructing redundant information in self-healing mechanisms can be classified into two kinds: related approaches and independent approaches. (1) In the related approaches, one session key and the relationship between different session keys are contained in the broadcast message to recover lost keys, where the forward and backward hash chains are mostly adopted. Thus, the communication overhead can be further reduced, but some security problems arise, such as weak collusion resistance in [9], [17], [26], [27], [34], the restriction that nodes cannot be revoked during their lifetime in [16], [18], [35] and only supporting limited sessions for key issues in [34], [36], [37]. (2) Independent session key means that no mathematical relationship exists between each key. Lost keys can be recovered from single message in [8], [9], [10], [12], [17], [18], [24], [26], [27], [34], [35], [36], [37] and two or more messages in [6], [8]. Compared with related self-healing schemes, independent schemes have much more flexibility, and higher communication overheads. Sliding window proposed in [38] can help reduce communication overheads. Additionally, almost existing schemes can only achieve t-wise or mt-wise collusion resistance, but not any-wise collusion resistance.

In order to alleviate the problems existing in pioneers’ research, we propose two self-healing key management schemes based on modified access polynomial and sliding window in WSNs. The main contributions of this paper are given as follows.

  • (1)

    Based on the unconditional security in information theory, a novel self-healing security model is given, where several security performances are quantified from the perspective of system parameters, such as the capability of self-healing and collusion resistance. Particularly, collusion resistance capability is redefined from the perspective of session interval from node revocation to node addition.

  • (2)

    Flaws of the schemes based on access polynomial are pointed out. We introduce the PEK-attack to break the forward and backward security in [26]. In addition, the important and disastrous strategy, polynomial factorization attack (PF-attack), is introduced to break the security of access polynomials. Then, an effective mechanism is proposed to tolerate PF-attack and packet losses as well.

  • (3)

    Two novel self-healing key management schemes: Sch-I and II are proposed. Sch-I introduces an idea that the pairwise keys shared between member nodes and group manager are updated dynamically, which declines the vulnerability of access polynomial. The one-way hash chain guarantees the forward security; the modified access polynomial provides the backward security; and the sliding window mechanism reduces communication overhead. Sch-II only removes the hash chain but can strengthen the security.

  • (4)

    Two proposed schemes are analyzed in terms of the security, efficiency and flexibility. Our schemes have any-wise forward and backward security, self-healing capability and enhanced collusion resistance. And they can also avoid the flaws of access polynomials, support infinite sessions for key issues, adaptive configurability, and reduce resources consumption. Additionally, they support broadcast authentication and integrity protection, which has drawn few or no attention from the existing schemes. Compared with existing schemes, the schemes proposed are proved to be quite suitable for practical applications.

The rest of this paper is organized as follows. In Section 2, the preliminaries about self-healing key management are given. In Section 3, the flaws of a scheme [26] are analyzed, and the PEK-attack and PF-attack are introduced to break the security. Next, two self-healing key management schemes are given in detail in Section 4. In Section 5, the security, efficiency and availability analysis of two proposed schemes and performance comparisons of some typical schemes are given. Finally, conclusions and future work are summarized in Section 6.

Section snippets

Preliminaries

In this section, network model, adversarial model and security model are presented respectively.

Flaws of access polynomial based schemes

Before proposing our self-healing key management schemes, some flaws of the access polynomial based schemes will be analyzed first, which can make our schemes clarified. In this part, we first review a typical scheme in [26] and point out its flaws. Then, the important and disastrous strategy, polynomial factorization attack, is introduced to break the security of access polynomial. Finally, a simple and effective countermeasure is given.

Our schemes

In this part, we propose two novel and efficient self-healing group key management schemes respectively, Sch-I and Sch-II.

Performance analysis and comparison

In this part, security analysis of our schemes is given first based on the security model in Section 2.3. Then, in terms of communication, computation and storage overhead, the efficiency is analyzed. Next, flexibility analysis is provided. Finally, compared with several existing schemes, some results are concluded.

Conclusion and future work

In order to resolve or alleviate the problems existing in pioneers work, we propose two novel self-healing key management schemes with broadcast authentication and enhanced collusion resistance in WSNs. An advanced security model is given, and collusion resistance capability is redefined with the novel perspective of session interval from node revocation to node addition. Based on modified access polynomial and sliding window, Sch-I and Sch-II allow that pairwise keys between member nodes and

Acknowledgments

This work is partly supported by the Doctoral Fund of Ministry of Education of China (No. 20113219110028), the Natural Science Foundation of Jiangsu (No. BK2012803), the Graduate Education Innovation Project of Jiangsu (No. KYLX0379) and Shanghai Opening Project (No. 13DZ2260900).

Xinjiang Sun received the B.S. degree in electric engineering and automation from Nanjing University of Science and Technology, Nanjing, China, in 2011. Now he is Ph.D. candidate in the school of Automation, Nanjing University of Science and Technology. His current research interests include cooperative communications, multi-source network coding and its security in wireless sensor networks.

References (42)

  • I.F. Akyildiz et al.

    A survey on sensor networks

    Commun. Mag. IEEE

    (2002)
  • X. Chen et al.

    Sensor network security: a survey

    Commun. Surv. Tutor. IEEE

    (2009)
  • R. Roman et al.

    A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes

    Mobile Netw. Appl.

    (2007)
  • J. Staddon et al.

    Self-healing key distribution with revocation

    Proceedings. 2002 IEEE Symposium on Security and Privacy, 2002

    (2002)
  • T. Rams et al.

    A survey of group key distribution schemes with self-healing property

    Commun. Surv. Tutorials, IEEE

    (2013)
  • S. Han et al.

    Efficient threshold self-healing key distribution with sponsorization for infrastructureless wireless networks

    Wireless Commun. IEEE Trans.

    (2009)
  • J. Gu et al.

    An efficient self-healing key distribution with resistance to the collusion attack for wireless sensor networks

    2010 IEEE International Conference on Communications (ICC)

    (2010)
  • S. Han et al.

    An efficient self-healing key distribution scheme with constant-size personal keys for wireless sensor networks

    2010 IEEE International Conference on Communications (ICC)

    (2010)
  • N. Ye et al.

    An efficient authentication and access control scheme for perception layer of internet of things

    Int. J. Appl. Math. Inf. Sci

    (2014)
  • C. Blundo et al.

    Design of self-healing key distribution schemes

    Designs, Codes Cryptogr.

    (2004)
  • T. Rams et al.

    Long-lived self-healing group key distribution scheme with backward secrecy

    2013 Conference on Networked Systems (NetSys)

    (2013)
  • Cited by (29)

    • Self-healing group key distribution protocol in wireless sensor networks for secure IoT communications

      2018, Future Generation Computer Systems
      Citation Excerpt :

      Later, Sun et al. [35] showed that Zou et al.’s [29] scheme cannot resist the tampering attack. Recently, Guo et al. [36] and Sun et al. [35] respectively exhibited a new kind of attack on AP-SGKD protocols which is named as Polynomial Factorization (PF) attack. They found that Wang et al.’s scheme [33] and Dutta’s scheme [31] cannot resist PF attack, separately.

    • Mutual healing enabled group-key distribution protocol in Wireless Sensor Networks

      2017, Computer Communications
      Citation Excerpt :

      Then, two schemes are proposed and through theoretical analysis the authors validated their schemes to be having δ self-healing capability for the self-healing window size δ. The schemes proposed by Sun et al. [18] avoid the weaknesses of access polynomials and provide enhanced collusion resistance along with forward and backward security. Guo et al. [19] proposed Exponential arithmetic based Self-healing Group Key Distribution (E-SGKD) scheme with backward secrecy and resistance to collusion attack with reduced storage overhead as compared to existing E-SGKD schemes.

    • Localization under node capture attacks using fuzzy based anchor mobility control

      2023, Journal of Ambient Intelligence and Humanized Computing
    View all citing articles on Scopus

    Xinjiang Sun received the B.S. degree in electric engineering and automation from Nanjing University of Science and Technology, Nanjing, China, in 2011. Now he is Ph.D. candidate in the school of Automation, Nanjing University of Science and Technology. His current research interests include cooperative communications, multi-source network coding and its security in wireless sensor networks.

    Xiaobei Wu received the B.S. and M.S. degrees in automation from Nanjing University of Science and Technology, Nanjing, China, in 1982 and 1987 respectively. Now, she is a professor in the school of Automation, Nanjing University of Science and Technology. Her current research interests include wireless sensor networks and intelligent controls.

    Cheng Huang received the B.S. and M.S. degrees in automation from Nanjing University of Science and Technology, Nanjing, China, in 1998 and 2003 respectively. Now, he is a lecturer in the school of Automation, Nanjing University of Science and Technology. His current research interests include wireless sensor networks and Information Fusion

    Zhiliang Xu received the B.S. degree in automation from Shanghai Jiao Tong University, Shanghai, China, in 1982, and the M.S. degree from Beihang University, Beijing, China, in 1987, respectively. Now, he is a professor in the school of Automation, Nanjing University of Science and Technology, Nanjing, China. His current research interests include wireless sensor networks and auto-measurement technique.

    Jianlin Zhong received the B.E. in mechatronics from Nanjing University of Science and Technology, Nanjing, China in 2011. Now he is a Ph.D. candidate in College of Mechanical Engineering, Nanjing University of Science and Technology. His current research interests include wireless sensor networks and optimization algorithm.

    View full text