Research On Key Management Schemes And Cryptographic Algorithms For Wireless Sensor Networks

Recently, as one of the major technologies of the Internet of Things, wireless sensor network (WSN) is attracting more and more research interests because of its wide applications such as military operations, scientific explorations and so on. In WSN security, all key-based encryption for secure key management solutions require the services to be responsible for tracking and binding keys among sensor nodes and to help build trust secure communication. Therefore, key management is a fundamental securlity issue for wireless sensor networks. It is difficult to research on WSN security due to its energy, resource-constrained hardware characteristic. Cryptographic algorithms in the traditional sense can not be directly used in WSN. So how to design appropriate cryptographic algorithms for WSN is a new challenging problem, which should achieve high security regardless of limited computing resources and energy.In this paper, we conduct research on key establishment and management scheme, encryption scheme and authenticated key agreement protocol for WSN. In terms of key management, the main idea is to construct key establishment and management scheme based on self-healing, improved ECMQV (Elliptic Curve MQV) and EBS (Exclusion Basis System). In terms of encryption scheme, the main idea is to classify encryption and decryption into offline and online stages, thus constructing identity-based online/offline efficient encryption scheme. In terms of authenticated key agreement, the main idea is to drop off pairings, thus constructing secure and lightweight identity-based authenticated key agreement protocol. Motivated by the above research ideas, the work of this paper are as follows:(1) We propose a key establishment and dynamic key management scheme for large-scale clustering wireless sensor networks based on improved ECMQV and EBS. We use improved ECMQV for periodic registration and verification between cluster leader and base station, take two one-way hash chains for nodes registration and verification, and to establish multi-node communication lightweightly. Analysis and performance evaluations show that the proposed scheme improves the resistance to node capture and node masquerade, reduces energy consumption during rekeying and node ejection, which is quite suitable for large-scale clustering wireless sensor networks.(2) We present a self-healing dynamic key management scheme for large-scale clustering wireless sensor networks which based on EBS. We use two one-way hash chains for nodes registration and verification, and forward and backward key chains to form cluster session key chain for self-healing. We also take half-symmetric t-degree trivariate polynomial keys to replace the original keys used in EBS, and improve EBS making it eject more than one node simultaneously. The analysis shows that the proposed scheme has the properties of forward and backward secrecy and resisting to a collusion attack, which is suitable for resource-constrained wireless sensor networks.(3) Aiming at the features of wireless sensor network with constrained resources, this paper classifies encryption and decryption into offline and online stages, then presents a lightweight identity-based online/offline encryption scheme, and proves its security in the random oracle model. Most heavy computations are done in the offline phase as pre-computation, and they do not require the knowledge of the plaintext or the receiver’s identity, making our scheme much more flexible and feasible. Comparison with other schemes shows that the proposed scheme needs smaller computational overhead, achieves higher security and is, as a result, more applicable, which is more suitable to WSN for lightweight implementation.(4) In this paper, first we show an identity-based key agreement protocol in reference is not secure against man-in-the-middle attacks. To improve the security and performance, then we present our new identity-based authenticated key agreement (AKA) protocol without pairings. We show that our scheme is secure under Computational Diffie-Hellman (CDH) assumption in the enhanced Canetti-Krawczyk (eCK) model, which better supports the adversary’s queries than previous AKA models. Compared with previous identity-based AKA schemes, our protocols have advantages over them in security or efficiency.