ISSN ONLINE(2320-9801) PRINT (2320-9798)

All submissions of the EM system will be redirected to Online Manuscript Submission System. Authors are requested to submit articles directly to Online Manuscript Submission System of respective journal.

Enhancing the Efficiency of Secure and Distributed Reprogramming Protocol for Wireless Sensor Network

Sandeepa Perumalsamy1, Balaji Subramani2
  1. M.Tech, Department of IT, V.S.B Engineering College, Karur, TamilNadu, India
  2. Assistant Professor, Department of IT, V.S.B Engineering College, Karur, TamilNadu, India
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

Wireless reprogramming is a method of modifying the working of existing code or transferring new code image to sensor nodes in order to improve its performance in sensor network. Reprogramming the sensor network in a secure way is a challenging task. For security purpose every code update must be authenticated to prevent an attacker from installing malicious code in the network. A Secure and Distributed Reprogramming protocol named SDRP is the first protocol which has been established to reprogram the sensor nodes in a distributed way without involving the base station, where different reprogramming privileges will be given to several authorized users. The protocol uses identity based cryptography to secure the reprogramming and also to reduce the communication overhead and storage requirements of each node. After analyzing this protocol, it is found that it is tractable to impersonation attack. Hence adding 1-byte redundant data has been proposed as a solution to prevent the impersonation attack. The proposed solution will improve the performance and efficiency of the SDRP protocol.

 

Keywords

Sensor network, Reprogramming, Security, and Authentication

INTRODUCTION

A wireless sensor network (WSN) consists of spatially distributed autonomous sensors to monitor physical or environmental conditions, like temperature, sound, pressure, etc... The major functions of sensor nodes are sensing, computing and communicating with other nodes in the sensor network. The WSN will be deployed once and it is aimed to operate for long period of time. At that situation some of the issues like an updating the operating system, updating an application, addition of new application, modification of arguments in existing application may arise. So reprogramming is an essential task in order to overcome the above issues.
Many reprogramming protocols have been established recently and their main goal is to disseminate the code images to the sensor nodes. Reprogramming the sensor nodes manually will consume more cost and sometimes it is not possible to perform such operation when the network is huge in size. So we are opting either centralized method or distributed method. In centralized approach, only two participants will be involved (base station and sensor nodes). The network owner has the entire control to perform the reprogramming tasks like solving bugs, changing the functionality of the working software or adding new function to improve the performance of the network. The network owner will propagate the code images to sensor nodes and the nodes will accept the image only if it is signed by him. The transmission of code images takes place by means of multi-hop routing. Regrettably this method is dangerous to single point of failure and hence reprogramming is not possible at that instant. So to overcome the above problem, we can move towards distributed method.
In distributed approach, three kinds of participants will be involved (network owner, authorized users, sensor nodes). The network administrator will admit several authorized users to perform the reprogramming task. Reprogramming the sensor nodes in a secure way is also an important criteria which is to be considered to prevent the adversaries from injecting the malicious code in the sensor network, So different privileges will be given to different authorized users to perform the reprogramming task without involving the base station. The following frameworks need to be considered while implementing this: Scope selection: Choosing either all the nodes in the sensor network or particular node to perform the reprogramming job. Encoding/decoding: In order to provide security, the code images have to be encoded and decoded appropriately. Code dissemination: It is the process of propagating the code images to the specified target nodes. It works jointly with scope selection. Completion validation: It ensures that the code images received by the target nodes are complete and also error free. Code acquisition: In order to actuate the events some conditions must be specified in sensor nodes. If a condition is satisfied, then the sensor node will send code acquisition requests to find source node that have the desired program, module, or patch. After that, route will be built to send the codes from the source node to the requesting node.

SECURITY REQUIREMENTS

As Sensor networks are used widely in many applications, security is a major concern which will assure the secure communication among the nodes in wireless network. The security requirements of wireless sensor network are as follows.
1) Authenticity: It refers to trustfulness of origin. Before installing the program image, a sensor node must verify the source of the packet. This will ensure that the code images came from the authorized users.
2) Integrity: It helps to prevent the changes made by unauthorized users. For that purpose, a message authentication code (MAC) is generated by the sender using some MAC key and that is sent with the encrypted message. At the other end, the receiver will verify the authenticity of the received message by using that MAC key.
3) Confidentiality: It refers to concealment of information. To achieve this, messages will be encrypted before transmitting through the communication channel.
4) Freshness: Even if data integrity and confidentiality are assured, it is also required to ensure the freshness of each message. Informally, data freshness indicates that the data is recent, and it assure that no old messages have been replayed.
5) Node compromise tolerance: This prevents the compromised node from inducing the uncompromised node to violate the security requirements.
6) Distributed: This allows the authorized users to update the code images directly without involving the base station and also it should prevent the code updates made by unauthorized users.
7) Supporting different user privileges: The network owner will grant different privileges to authorized users.
8) Partial reprogram capability: This prevents the sensor nodes from being totally controlled by the authorized network user. Major changes can be made only by the network owner.
9) Scalability: The key management scheme should be scalable in the sense that if network size grows, it should not increase the chances of node compromise and communication overhead. It should allow nodes to be added in network after the deployment as well.
10) Self-Organization: A wireless sensor network is a typically an ad hoc network, which requires every sensor node be independent and flexible enough to be self-organizing and self-healing according to different situations.
11) Time Synchronization: Most sensor network applications depend on some type of time synchronization. In order to save power, an individual sensor’s radio may be turned off for periods of time.
12) Secure Localization: Often, the effectiveness of a sensor network will depend on its ability to accurately and automatically locate each sensor in the network.

RELATED WORKS

Recently several methods have been developed to provide secure code dissemination for wireless sensor networks. All methods are extension to deluge. Lanigan et al. proposed a set of rules called Sluice to incorporate cryptographic hash function and signature which provides efficient authentication for code propagation. This method adopts deluge to divide each code image into pages. The hash image of first page is included in the signature packet, second page is included in the first page and in similar way the following pages are included in previous page. In sluice, a node can perform authentication only when it receives an entire page and hence it cannot authenticate individual packet immediately when it is received. When adversary sends a large number of packets during code dissemination, a node cannot notify whether it is authentic or not. So finally the adversary may force the sensor node to accept the bogus packet and to drop the authenticate packet.
Similar to sluice another technique have been proposed for securing the deluge network programming method. In this technique the hash image of first packet is signed and included in the advertisement packet whereas the hash images of following packets are included in the previous packet. Here the author proposed a scheme such that the packets have to be authenticated individually when the node receives and unusable packets will be stored separately. Unfortunately this method also will lead to DoS attacks, as the adversary will exhaust the buffers of receivers by sending more packets. The DoS attacks can be avoided by not storing the unusable packets but the code dissemination process will not be efficient. During transmission if one packet is dropped from a page then the node have to follow retransmission process of all packets in the particular page.
Deng et al. proposed a method to improve the code dissemination process by the use of Merkle hash tree which prevents the DoS attacks. In addition to the hash image of each page it also uses Merkle hash tree for immediate authentication of packets as soon as the node receives. But Merkle hash tree will be transmitted for every page and due to this the overhead will be increased. The hash tree will be distributed in the level-by-level fashion. The packets in one level will receive the hash tree and after verifying all the packets the next level will sends a request. But this approach will leads to higher propagation delays. However all the existing approaches are based on deluge none of the method provides the acceptable solution for the authentication of the packets. In order to exhaust the battery power, the adversary may send the packet request repeatedly. If adversary catches the hash value during the genuine code dissemination, the value can be reused to send the fake signature to the other regions of the network. Because of low bandwidth and multi hop transmission in wireless sensor network, the adversary has adequate time to launch the DoS attacks against the sensor nodes

CODE DISSEMINATION PROCESS IN WSN

Fig 4.1 describes about the code dissemination process which has following steps:
1. The node which acts as a base station reads the code images and split into packets for dissemination.
2. The node disseminates packets to all other sensor nodes which are within their communication range.
3. After receiving the packets sensor nodes stores it in external flash memory. Also the node will request if any packets missed during transmission.
4. The node will keep on forwarding the packets to its neighbors until all nodes get the new code image.
5. After receiving all the packets the node will start to verify the program image in external flash memory. If verification passes it will transfer the code image to program memory and restart it to begin the new code.

THE SDRP PROTOCOL

SDRP is the first protocol which is used to perform reprogramming process in a distributed manner. This protocol extends Deluge to be a secure protocol. The design of SDRP is to map the identity and reprogramming privilege of an authorized user into a public/private-key pair. Based on the public key, user identity and his reprogramming privilege can be verified, user traceability and different levels of user authorities can be supported. A novel identity-based signature scheme is employed in generating the public/private-key pair of each authorized user, and then this protocol is efficient for resource-limited sensor nodes and mobile devices in terms of communication and storage requirements. Moreover, the proposed protocol can achieve all the requirements of distributed reprogramming
Fig 5.1 shows overview of distributed reprogramming approach. This approach consists of three kinds of participants namely network owner, authorized network users and all sensor nodes. Here the network owner is not needed to be in online always, he can also be in offline. After registering to the owner the user can enter into the WSN. The owner will assign certain privileges to the user in order to perform the reprogramming process in the sensor network. In-network data aggregator is used to summarize the resultant data which enhance the robustness and accuracy of information obtained by entire network and also it reduces the traffic load and conserves energy of the sensors. The SDRP Protocol consists of following phases.
A. System Initialization
The network owner performs the following steps:
1. Generate the public parameters and load them in all the sensor node before deployment. Public parameter={G1,G2,G3,g1,g2,g,eˆ,ψ,Qpub,H3,H4} where (G1,G2,G3 ) are bilinear group of large prime order P with generators ( g2? G2), g1= ψ(g2)?G1 and g= eˆ (g1,g2). Randomly choose a random number s?Zp* as the master key. Compute public key as Qpub=s. g2 ?G2.The cryptographic hash functions H3:{0,1}*→Zp *and H4:{0,1}*× G3→Zp*
2. User Public/Private key generation: Let us consider a user Uj with identity UIDj ?{0,1}*.The network owner sets Uj’s public key as Pj=H3(UIDj|| Prij)EZ* p.The private key is computed as Sj=(1/Pj+s).g1=(1/(H3(UIDj||Prij)+S)).g1.Then the public key, private key and privilege of the user {Pj,Sj,Prij} will be sent through the secure channel. Then the user will be allowed to reprogram the nodes in the specific region for the subscription period.
B. User Preprocessing
After entering the WSN user has to perform the following actions if he has a new program image.
1. The user Uj partitions the program image to Y fixed-size pages and denoted from page 1 through page Y. Then the user splits the page i into N fixed size packets where 1 i Y. The packet is denoted as Pkti,1 through Pkti,N. The hash value of each packet in page Y is appended to the corresponding previous packet i.e the value of packet Y is included to the packet Y-1, similarly the value of packet Y-1 is included in packet Y-2 and process goes on until the Uj finishes hashing all the packets in page 2 and including their hash values in co9rresponding packet in page 1. Merkle hash tree is used to smooth the progress of authentication of hash values of the packets in page 1. The packets related to this Merkle hash tree are referred collectively as page 0. The signature message m consists of information about the root of the Merkle hash tree, metadata about the code image and signature. Metadata means version number, targeted node identity set and program image size. The format of the message m is represented as shown in fig 5.2.
The targeted node identity set indicates the identities of sensor node, the network user wishes to reprogram. Let us assume that the length of identity of each sensor node is 2B, in this case protocol supports up to 65535 nodes. The identity field is set according to the reprogramming privilege of the user. In order to ensure authenticity and integrity of new code, Uj has to take following actions to construct the signature message.
2. The user Uj can compute the signature j of message m with the private key Sj as follows.Choose a random number x? * p, compute r=gx . set h=H4(m,r) ? * p and calculate W=(x+h). Sj . The Signature j is the pair (h,W) ? * p×G1.
3. Uj transmits the signature message {UIDj,Prij,m, j} to the targeted nodes.
C. Sensor node verification
After receiving the signature message sensor node verifies as follows.
1. The sensor node first checks the programming privilege Prij and message m.If it is valid then the verification process goes to next step.
2. With the help of public parameter the sensor node checks whether h* is equal to h or not. The signature is valid only if the result is positive otherwise node drops the signature.
h*=H4(m,e(W,H3(UIDj||Prij).g2+Qpub)g-h)
3. If the verification passes the sensor node believes that message came from authorized user and it accepts the root of the Merkle hash tree. Based on the security of hash tree node authenticates the hash packets. After verifying the hash packets node can easily verify data packets based on one way hash function property. Similarly after verifying the packets in page i the packets in page i+1 (i=1,2,..,Y-1) will also be verified and node accepts the image only if the verification passes.

CONCLUSION AND FUTURE WORK

A number of secure reprogramming protocols have been proposed, but none of these approaches support distributed operation. A Secure and Distributed Reprogramming Protocol is the only method which supports reprogramming in a distributed manner. It allows authorized users to reprogram the sensor nodes in a distributed way. This protocol uses identity based signature scheme for key generation and Elliptic curve cryptography for encrypting the code images. By using 1-byte redundant data the security protection will be enhanced for reprogramming which prevents the impersonation attacks that make use of distributed reprogramming protocol.
The future work may focus on various cryptographic techniques and also how to improve the efficiency of SDRP by integrating with existing centralized reprogramming protocol like Rateless Deluge and DIP.

Figures at a glance

Figure Figure Figure
Figure 1 Figure 2 Figure 3

References