Research On Key Management And False Data Filtering In Wireless Sensor Networks

A wireless sensor network (WSN) is typically composed of a large number ofself-organizing sensor nodes with limited capabilities in computation, communicationand storage, etc., through wireless communication techniques. WSNs have awidespread prospect on such applications as military, environment, health and home,etc., making themselves one of the research hotspots in the domain of computernetworking and communications. The research orientations related to WSNs includemedia access control, routing, localization, security and so on. Due to the vastness andcomplexity, there exist a great number of challenges and issues in each of theseorientations for us to explore and address. This dissertation aims to work on somesecurity issues with WSNs, focuses on the key management and false data filteringproblems, and presents some positive research achievements, which are respectivelysummarized as follows.●Pairwise Key Management in WSNsPairwise key management issues have been playing a key role in keymanagement in WSNs. They concern the procedures of key distribution,establishment and maintenance between a pair of nodes, and try to answer thequestion that how to diminish the negative influence of the key informationexposure to the adversary on the network security. Due to unique characteristicsof WSNs, such as limited resources and unattended deployment, traditionallyapplicable data encryption algorithms and key management schemes are provento be undesirable for WSNs, such as RSA, ECC and Diffie-Hellman which arebased on public-key cryptography as well as Kerberos which relies on a keydistribution center. The symmetric cryptography based key predistributionmechanism has then become the highlight of pairwise key management issues inWSNs. In this context, we propose a time deployment based, pairwise keymanagement scheme called TDBK. In TDBK, the network lifetime is divided intoseveral consecutive network deployment statuses which are separated by nodedeployment events. Each node to be deployed is assigned its key informationthrough a special two-tier key predistribution mechanism, and timely deletes theuseless part of the key information through the key elimination mechanism eachtime the pairwise key establishment is finished in terms of a new nodedeployment event. When compared with existing typical schemes, TDBK cuts down the node memory usage while sustaining a high network connectivity,reduces the key information redundancy and exposure, and thus improves thenetwork resilience against node compromise.●Group Key Management in WSNsGroup key management in WSNs concerns the procedures of key distribution,establishment and maintenance among a group of nodes, and tries to answer thequestion that how to prevent revoked nodes from obtaining future group keys(forward secrecy) and how to prevent newly added nodes from obtaining formergroup keys (backward secrecy). Due to their relatively heavy resourceconsumption and dependency on reliable links, many conventionally viable groupkey management schemes cannot be efficiently implemented in WSNs. In suchsettings as WSNs which are based on unreliable wireless communication links, agroup rekeying message is very likely to be lost in transit. Requesting the groupmanager to retransmit lost messages every time will increase the node energyusage and impose a non-negligible burden on the group manager, especially whenthere are a lot of member nodes missing the current group rekeying message. Forthis sake, we propose a self-healing group key management scheme called SHGK.SHGK employs the idea of self healing which guarantees that a member nodewhich misses the current session key can recover the lost key through a futuregroup rekeying message sent by the group manager, generally withoutindividually requesting the group manager to retransmit the key, thus reducing thenetwork resource consumption and improving the group communicationefficiency. Moreover, SHGK employs the threshold secret sharing mechanism tosupport dynamic groups of arbitrary sizes, and the typical operating characteristicof switching the working status between "active" and "sleeping" for energysavings to ensure that no more than a threshold number of nodes can get noinformation about keys which none of them are authorized to possess, even ifthey share their own key information between each other. When compared withsome existing schemes, SHGK eliminates the restriction on the maximum numberof sessions in the group communication, and reduces the node resourceconsumption under the same security level of group communication.●False Data Filtering in WSNsSensor nodes typically explore the surroundings in order to collectinformation, and deliver the information to the data collection center, the sink node, for further processing. Due to hardware constraints and the unattendedoperating mode of sensor nodes, WSNs, deployed in unprotected or hostileenvironments, are susceptible to an adversarial attack called false data injection.In such attacks, the adversary dumps a great amount of false data into the networkthrough compromised nodes. Delivery of the false data not only leads the sinknode to make wrong decisions, but also wastes the energy of en-route forwardingnodes, thus shortening the network lifetime. Although many key managementschemes for WSNs have provided mechanisms to examine the data integrity, theycan only address false data injection from outside adversaries rather thancompromised nodes. Therefore, we propose a key chain based false data filteringscheme called KAEF. In KAEF, one-way key chains are used for endorsing andverifying delivered sensing reports. Each en-route node along the report deliverypath will store part of the key chain information for report integrity verification.Each en-route node verifies a received report with certain probability and thendecides whether to forward the report to the next hop. As the delivery destination,the sink node possesses all the authentication information from within thenetwork, thus examining the report truthfulness much more comprehensively. InKAEF, the influence of false data injection on the network by compromisednodes is constrained through the network clustering mechanism, and also, theresilience against replay attacks is enhanced through the one-way key chainmechanism. Moreover, KAEF achieves the better false data en-route filteringcapability and the reduced energy consumption caused by the false data delivery,which is an advantage over some existing schemes.