A role based access in a hierarchical sensor network architecture to provide multilevel security

Transcription

1 1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty Morehead KY 4351 USA b Department of Computer Scence Unversty of Mssour-Rolla Rolla MO 459 USA c Department of Computer Scenc Purdue Unversty West Lafayette IN 4797 USA Abstract Most of the proposed securty protocols for Wreless Sensor Networks (WSN) are desgned to provde the unform level of securty across the network There are varous mult-sensng applcatons lke sensors montorng arport runway control system whch may also be used to montor envronmental condtons such as wnd speed and drecton When these nodes communcate they may requre dfferent levels of securty For example n case of a hghjack event the secure communcaton among nodes n a target regon n the arport runway control system should be provded as they exchange hghly crtcal data In ths paper we propose a scheme called RBASH (Role Based Access n Sensor Networks) whch provdes role-based multlevel securty n sensor networks Each group s organzed n such a way that they can have dfferent roles based on the context and thus can provde or have dfferent levels of accesses RBASH provdes the desred securty level based on the applcaton need The multlevel securty s based on assgned keys to dfferent nodes at dfferent levels To acheve ths goal we organze the network usng Hasse dagram then compute the key for each ndvdual node and extend t further to construct the key for a group Based on expermental observatons we conclude that RBASH s energy and communcaton effcent n provdng securty compared to some other protocols whch provdes unform securty for all the nodes Keywords: Wresless Sensor Networks Hasse dagram Access control Securty 1 Introducton Recently varous securty protocols [ ] have been proposed for sensor networks However most of these protocols are desgned to provde unform securty across the network That s all the nodes n a network provde the same level of secure communcaton whch consumes extra battery power There are varous mult-sensng applcatons where a sensor node can be a part of two dfferent networks; lke arport runway control system and sensng of sesmc actvtes In case of a hjacked plane nodes need secure communcaton to avod spoofng of messages and to provde the exact locaton of the arplane whereas n case of routne sesmc actvtes nodes can collaborate wth other neghborng sensors wthout any secure communcaton snce sensed data do not contan any senstve nformaton and thus can conserve power In one applcaton (arport traffc control applcaton) each sensor node s part of a hghly secure communcaton network whereas n the other t can communcate wth others at a much lower degree of securty (usng a small key sze) or may be no securty at all Snce all the nodes do not have to mantan the same role n the network all the tme they do not need the same level of unform securty In essence the advantages of provdng role-based securty n sensor networks over the unform securty are as follows: 1 Instead of deployng multple nodes n a hostle envronment t s cost effectve to put more than one sensor wth a sngle rado board for multple applcatons lke sensng arplane locaton and sesmc actvtes The wdely used Crossbow MICA motes [16] are compatble wth dfferent sensor boards (GPS temperature lght and sound) on a sngle rado board The responsblty of the nodes n the network can be changed dynamcally based on the nature of the sensed data For example the sesmc actvty montorng sensors can be put nto a relay mode when there s any chemcal leakage notced The chemcal sensors can wake-up n that case and can

2 start communcatng securely wth the neghborng sensors usng large sze encrypted keys 3 The network bandwdth communcaton and computng cost can be saved by reducng the key sze when there s no need to provde hgh level of secure data 4 The updatng of secure keys can be avoded by usng only nstance based keys The communcaton overhead and energy consumpton can be reduced as the nstance based sesson key s computed and valdated only for certan duraton of tme and n a certan geographcal regon Ths model provdes multlevel access control where dfferent sensor nodes can have dfferent levels of access to data generated by other nodes For example each termnal of an arport can have ther local secure sensor network consstng of group of sensors who have access to the data of ther lmted regon whereas few nodes at a much hgher level of the arport s secure sensor network can have access to the data of all the termnals at the arport Each group can consst of several general sensors and a cluster head A cluster head s responsble for communcatng among sensor nodes n ts own group and wth nodes or cluster heads of other sensor networks of dfferent termnals as well Usng ths access polcy sensor nodes on nstructon from a base staton n-charge of a local termnal can shut down the termnal gates and the securty chef who controls the arport securty can shut down the complete arport by sngle command n case of an ntruson In ths paper we propose a protocol called RBASH (Role Based Access n Sensor Network) model whch provdes role-based multlevel securty n sensor networks Each group s organzed n such a way that they can play dfferent roles and based on ther current roles can provde dfferent levels of access control The multlevel securty s based on assgned keys to dfferent nodes To acheve ths goal we organze the network usng Hasse dagram [1 ] then compute the key for each ndvdual node and extend t to construct the key for a group The reasons for usng Hasse dagram to setup the herarchcal archtecture for multlevel access are as follows: 1 The role of each node can be defned and changed dynamcally based on the applcaton The role s assgned by the cluster head of each group durng reorganzaton step Each node n a group can have dfferent levels of access and therefore nodes need to have dfferent sets of keys A multlevel access control can be acheved usng ths model as follows Each node n the network has a unque dentfcaton and t can be provded wth a unque key durng the self-organzaton process The key generaton process s ntalzed by the cluster head Each group n the network has dfferent levels and the key of each node n the group s based on the level In other words f an upper level node needs to ntercept messages of a lower level node then the lower level node s key must be derved from the key of the upper level node (the process of key generaton process s explaned n Secton 4) As the encrypton/decrypton of messages s controlled by the key f an upper level node has access to the messages of let s say three lower level nodes then ts access to one more node can be added by modfyng the key Smlarly the access prvleges of a lower level node can be revoked from upper level node by modfyng the key In ths scheme not every node can have drect communcaton wth all other nodes If a node does not have drect communcaton lnk wth a partcular node then t needs to fnd a path before sendng data packets Usng the Hasse dagram the nodes can be organzed nto dfferent levels startng from the cluster head to be the node consdered at the frst level The nodes n the second level have drect communcaton lnk wth the cluster head The nodes startng from the thrd level communcate wth the cluster head through the second level The cluster head has the authorty to ntercept and decrypt any messages generated by ts group members We present several desgn consderatons for the RBASH protocol such as only legtmate group members can acqure the communcaton prvleges and contents That means f a key for a lower level node s generated from an upper level node then t can be used to decrypt any message whch s for lower level node The authorzaton to ntercept other node s messages s decded by the cluster head For example some of the nodes nvolved n the key dstrbuton as relay nodes should not have access to the cryptographc keys for encryptng/decryptng messages These nodes can only help relayng messages from nodes at one level to nodes at another level as not all the nodes can have drect communcaton possble wth other members n ther groups Sometmes these nodes only forward the nformaton requred for key computaton but can not access the contents In other words nodes at dfferent levels can have dfferent authorzaton polces As a way to model the above explaned secure role based sensor network we ntroduce a multlevel access model wthn the Hasse Dagram [1 ] called RBASH In the RBASH framework the cryptographc operatons are performed by the nodes based on ther roles levels and the keys The prmary advantage of workng wth the RBASH ncludes the followngs: (1) It provdes group securty () The group sesson keys generated by ths protocol can be used by dfferent applcatons (3) The tme wndow for refreshng the group key s wde enough so that t can have a new key before an ntruder can decrypt the key at a rate 6 of 1 decrypton/mcro seconds We show how RBASH works for both one-to-one and group securty We have expermentally evaluated our scheme through the smulatons usng TnyOs and TOSSIM [8 17] In the frst experment to evaluate the packet loss n the network we compare the packet delvery by varyng the pro-actvty factor and packet sze The pro-actvty factor s determned by the formula ( m + n) / k where m s the packets generated n the applcaton layer for the key generaton and k s the party packets of each block to reduce error n the delvered messages The pro-actvty factor s nversely

3 3 proportonal to the packet loss n the network It s also drectly proportonal to the packet sze and bandwdth We observe that the number of packets can be reduced by makng the pro-actvty factor 1 From experments we observe that the pro-actvty factor 1 can balance the packet sze and bandwdth requrements n the network We measure the energy consumpton for ths scheme and compare t wth the total avalable energy n the network We observe that the proposed approach consumes around 1% of the total avalable energy In the next experment we compare the bandwdth overhead for dfferent key szes of the cluster head that can help to decde the optmum key sze to be used The key sze s based on the decrypton rate by the ntruder and tme wndow assumpton for updatng the key We assume that the key can be decrypted by an 6 ntruder at the decrypton rate of 1 decrypton/mcro second The chosen key sze n ths scheme s 15 bytes long The reason for choosng ths key sze s explaned n Secton 6 wth the expermental results The expermental study concludes that the energy consumpton of SPINS [13] ncreases rapdly as the number of group members ncreases n comparson to RBASH We also compare bandwdth overhead and energy consumpton of RBASH wth µtesla [] and observed that though RBASH s energy effcent than µtesla but at the cost of more bandwdth overhead We frmly beleve that energy effcency takes prorty n wreless sensor networks The rest of ths paper s organzed as follows: Secton provdes the related work Secton 3 presents the system model In secton 4 key computaton scheme s proposed In secton 5 we provde the authorzaton model and access control Secton 6 reports the performance evaluaton and secton 7 concludes the paper Related work Ths secton provdes the overvew of the work done n securty and key management area n sensor networks Perrg et al [13] developed a securty protocol called SPINS They ntroduced two concepts µtesla and SNEP SNEP provdes two party data authentcaton data confdentalty freshness and ntegrty whereas µtesla takes care of authentcaton for broadcasted data The advantage of SNEP s low communcaton overhead for semantc securty µtesla works wth delayed dsclosure of symmetrc keys The sender chooses a key K n from a key chan and uses a one way functon to compute other keys It dvdes the broadcast tme nterval and assocates each key wth an nterval The key s sent from the sender after a certan delay The recever knows the schedule for dsclosng the key It uses symmetrc key whch s computatonally effcent than publc-key cryptography However over a perod of tme an ntruder can know the dsclosng tme of the key from the sender and can compute other keys as each key s assocated wth other keys Eschenauer et al [7] presented a key management scheme whch has selectve dstrbuton and revocaton of keys n sensor nodes Ther scheme s based on the probablstc dstrbuton of the key n whch they guarantee that two neghborng nodes wll have at least one common key n ther key rng Ths key s used by the neghborng nodes to encrypt/decrypt messages The three steps followed n ths method are key pre-dstrbuton shared-key dscovery and path-key establshment In the key pre-dstrbuton phase a large pool of keys ( 17 ) and ther key dentfers are generated Then k keys out of P are chosen to generate a key rng and put n the sensor nodes In shared-key dscovery phase the sensor nodes fnd ther neghbors who share at least one common key The nodes broadcast the dentfers of the keys t has wthn ther communcaton range The neghborng nodes check to fnd a common dentfer; f they do then they create a secure communcaton path The advantage of ther scheme s that 75 keys are needed from 1 keys n order to have 5 probablty of sharng a key However to have the hghest probablty all the nodes needs to have a master key If an attacker can forge the master key then the securty of the whole network s compromsed Zhu et al [4] developed a key management protocol called LEAP It uses four types of keys: ndvdual key group key cluster key and parwse shared key The ndvdual key s shared wth the base staton The base staton can perform a secure communcaton wth the nodes usng ths key The group key s used by the whole group and the base staton It s used for broadcastng messages for a partcular group The cluster key s shared by a node and one another node from a dfferent group It s used to have secure ndvdual communcaton wth other group s nodes The parwse key s shared between mmedate neghbors Each node s unquely dentfed n ths scheme Each node has dfferent types of keys to communcate wth neghbor or cluster head or node from another group whch makes the network secure However ths method requres each sensor node to store too many keys whch s not possble because of lmted memory constrant Matt et al n NAI LAB report [1] explored dfferent securty and key management protocols They have developed Identty-Based Symmetrc Keyng and the Rch Uncle protocol Frst they have analyzed exstng network securty protocols and then developed a keyng protocol sutable for dstrbuted sensor network Ther man goal was to overcome the energy constrants envronment n the battlefeld Du et al [5 6] modeled a scheme whch uses node deployment knowledge to provde key management n sensor networks It s assumed that sensor nodes are deployed n groups If N s the number of deployed sensor nodes they can be dvded nto t n groups They specfy an ndex ( and ponts (x y j ) assocated wth the group G j The neghborng nodes can share a key from a small key chan as the nodes know the probable neghbors at the tme of key pre-dstrbuton However the smultaneous

4 4 dropped nodes from a helcopter may be neghbors s not a vald assumpton Rogers et al [4] proposed a model n whch the key dscovery s done usng prvacy homomorphsm and Chnese Remander Theorem Pre-dstrbuton of the keys are done before deployng the network Instead of sendng an ndex assocated wth the key to fnd the neghbor who s sharng at least one key from the key chan a modfed Rvest s scheme (MRS) s used and the keys are sent n encrypted format The path dscovery for secure communcaton s done wthout knowng the actual keys However t needs to do too much processng for key dscovery whch s not practcal n sensor networks Sun et al [14] proposed a model for provdng access control n dfferent groups For provdng data to a partcular group they form a dstrbuted network n tree structure In ths scheme each sub tree can have dfferent keys dependng on the applcaton The users can have a separate prvate key for nter sub-tree communcaton For buldng the key graph they follow three steps: ) Assocate leaf wth ther parents ) Assocate the upper level parents ) Connect all the sub trees The key graph can be used to create levels; however t s unable to provde prorty of the nodes based on ther roles The concept of key graph s used n the Hasse dagram for ntal setup of the network After ntalzaton the role can be assgned to each ndvdual node that both nodes v and u are wthn the communcaton range We assume that all the nodes are homogeneous The correspondng graph s an undrected graph n whch connectons to nodes are determned by ther roles and dstances The roles are assgned by the cluster head The nodes wth hgher level of access try to reach the lower level nodes wthn one hop If they cannot reach those nodes n one hop then they use ntermedate nodes The Hasse dagram algorthm uses markng of each node for organzng the network For markng each node the cluster head of each group runs an algorthm n the graph G = (VE) startng from the cluster head The notaton m(v) s used as a marker for vertex v V whch s ether T (marked) or F (unmarked) Intally all the nodes n each group are unmarked and each vertex v has ts neghbor set as N(v) = {u (v u) E} As an example the markng process s shown n Fgure where N(u) = {v y} N(v) = {uw y} N(w) = {vy} N(y) = {u v w} After the markng process vertex u has N(v) and N(y); v has N(u) N(w) and N(y); w has N(v) and N(y); y has N(u) and N(v) and N(w) 3 Sensor network organzed as Hasse dagram Ths secton provdes the archtecture of the sensor network used for RBASH Here we explan how the network s realzed usng a Hasse dagram Frst the nodes n each group communcate wth each other to fnd the node wth hghest energy level node That node s selected as the cluster head After that the organzaton process starts from the cluster head to construct a Hasse model We propose here a modfed Hasse dagram whch can work n a herarchcal sensor network envronment Organzaton of the network usng Hasse dagram: The archtecture of a herarchcal sensor network wth multple levels consst of sensor nodes cluster heads and relay nodes There are two types of sensor groups: one s a group of sensor nodes lead by a cluster head and the other s a group of cluster heads wth one cluster head as the head of that group Fgure 1 shows the archtecture Ths selfreconfgurable sensor network can rearrange the network accordng to the requrements of sensng coverage In ths model nodes n each sensor group collect data from a partcular geographcal area and send data to the nearest sensor nodes If the neghborng nodes are relay nodes they forward data usng the approprate routng path Fnally the cluster head aggregates the data and forwards that to ts upper level cluster head We represent the sensor network by a graph G = (VE) where V represents a set of sensors and E represents a set of communcaton lnks A lnk between nodes (v u) ndcates Fgure 1 Sensor network model Notatons Used: G = (VE) Where V are sensors and E are lnks m(v) Marker for vertex v V E left Energy left n each node E total Total energy E Tx Energy requred for transmsson E Rx Energy requred for recepton H Herarchy (levels) N(y) Neghborng set of y N(u) Neghborng set of u HN Set of nodes n a group that do not have lowest level of access Fgure Communcaton

5 5 Fgure 3 Runnng algorthm Fgure 4 Organzaton Fgure 5 Organzaton of the network usng Hasse dagram algorthm In order to create Hasse dagram usng the markng process two rules are proposed Assumng that each vertex v n G s assgned a dstnct ID d(v) t then calculates ts closed neghbor set N[v] as N[v] = N(v) v Rule 1: Consder two vertces v and u n G If N[v] N[u] and G and d(v) < d(u) change the marker of v to F f node v s marked; e G s changed to G v Note that < compares the levels of the two nodes Rule : Assume that u and w are two marked neghbors of vertex v n G If N(v) N(u) N(w) n G and d(v) = mn{d(v) d(u) d(w)} then change the marker of v to F In Fgure snce N[v] < N[u] vertex v s removed from G f d(v) < d(u) and vertex u s the only domnatng node n the graph In Fgure 3 snce N[v] = N[u] ether v or u can be removed from G If d(v) = mn{d(v) d(u) d(w)} node v can be removed from G based on Rule The communcaton lnk shown n Fgure 5 means the nodes can communcate wth those nodes drectly If they want to communcate wth some other nodes they have to create a lnk The levels n ths Fgure 5 are {A} {BCDE} {FGHIJK} {LMNO} {P} For example the node B can not communcate drectly wth nodes C D or E but t can communcate to these nodes through node A Each node has a key The keys are shown n the Fgure 5 The steps for organzng the network n Hasse dagram are as follows: Step-1: Assgnment of dentty Three dfferent types of dentfcatons are used n ths model: a unque dentfcaton (ID) for each sensor node cluster head and each group of clusters The assgnments of the IDs are done n the followng ways: The IDs of the sensor nodes are gven by the cluster head of that partcular group The IDs of the cluster heads are gven by the Head of Cluster Heads [HCH] of a partcular geographcal area HCH s the cluster head responsble for leadng the group of cluster heads Also the IDs of the group of sensor nodes are gven by HCH The IDs of the nodes cluster heads and group of sensor nodes depend on the level and the locaton The sensor nodes Ids at level one would be <1 > <1 1> <1 > etc For level two the IDs would be < > < 1> etc When a sensor node jons or leaves a group the IDs have to be re-assgned The re-assgnment of the dentfcaton s based on the applcaton needs Whenever there are events lke jon and leave the network s partally reorganzed to make sure t follows the Hasse dagram It may be possble that a node can have multple nodes n ts communcaton range but t can not communcate wth those nodes as t has to go through those sensors wth who t shares the key If a node n a partcular regon leaves group or a new node jons the regon then part of the network needs to be updated It s not necessary to update the whole network as long as the network mantans the structure of Hasse dagram Each node needs to mantan a key chan f t has the authorzaton to communcate wth nodes at the multple levels of the network For organzng the network sensors fnd the lnks wth other nodes n that regon We assume that there are S sensors n the regon R The lnk between two nodes s denoted as L The notaton L s used for the set of all lnks n that group Consder an nstance of a regon R as R 1 = ( S L) where S are the nodes n the regon R 1 For example n Fgure the sensor node A n the regon S can be denoted as S A and the lnk between nodes A and B s L AB The Hasse dagram can be created startng from the cluster head To start wth one of the nodes s chosen as the cluster head The base staton communcates wth the cluster head for organzng the network The cluster head of each group runs the proposed modfed Hasse dagram algorthm so that each group s organzed n the form of a Hasse dagram Step-: Cluster Head Electon Algorthm For choosng the cluster head an electon algorthm s used where the nodes communcate among themselves to know the energy left and the node wth the hghest energy

6 6 left s chosen as CH The nodes that do not have access to the nodes at the lowest level are denoted as HN That means HN are the parent nodes of those who have chldren One of these parent nodes s chosen as the cluster head When executng ths algorthm nodes consder the energy left after ntal communcaton wth ts group members as for transmttng or recevng messages each node spends energy Some of the nodes are mult-hop away from the others and n that case the spent energy also depends on the number of hops requred for the communcaton In the algorthm the dentfcaton of each node s denoted as ID The algorthm for choosng the cluster head s as follows: Algorthm: 1 n number[hn] where HN are the parent nodes For 1 to n 3 Do Whle ( E left of ID > ) 4 E left = E total (E Tx + E Rx ) h 5 If (( E left of ID ) + 1 > ( E left of ID )) 6 CH ID else 8 CH ID 9 Return CH The nodes collaborate wth each other to fnd out who s left wth the maxmum energy The hghest energy sensor nodes among HN s then selected as the cluster head; CH To balance the energy n the network the cluster head s rotated perodcally The tme for selectng dfferent node as the cluster head s predefned and the base staton communcates wth the cluster head for re-ntalzng the cluster head electon algorthm Step-3: Modfed Hasse Dagram Algorthm RBASH uses the followng algorthm to get a subset of nodes S' S whch covers the lnks wth the nodes at dfferent levels The relaton RN s defned based on the communcaton lnk among the nodes It s based on the role of each node n a group The communcaton lnk s decded by the cluster head The total number of nodes n a group s denoted by n The relatonshp nstance of node and j can also be denoted usng w where w j = { RN( for j ( {1 n} For example the relatonshp between two nodes wth dentfcaton 1 and can be denoted as w 1 The edges between two nodes s denoted usng E The dentfcaton of each node s unque that s j E = ( and( {1 n} j The vertces V are consdered as the nodes In ths model each node plays a dfferent role and the lnks between the nodes are establshed dynamcally when needed That means f the relatonshp between two nodes w s at a hgher level wlm than other two nodes then a lnk can be created among them ( l m) V )( w j w ) Ths process starts untl ( lm t creates all the lnks among j and k Once t fnd those lnks then t repeats ths for j k l and m The process contnues untl t fnds all the lnks n a group Algorthm: 1 RBASH (RN n ) Input: RN: Relaton of the nodes based on roles 3 n : Number of nodes n a group 4 Begn 5 w j = { RN( for ( {1 n} where and j are the dentfcaton of two nodes 6 E = ( and( {1 n} j 7 Repeat 8 Start the process from cluster head 9 ( V such that 1 ( ( l m) V )( w j wlm ) where l and m are dentfcaton of nodes 11 For =1 to n do 1 For j=1 to n do 13 For k=1 to n do 14 If wj w jk and w jk > wk 15 then w connects w k jk endf 16 If wj wk and w k > wkj 17 then wkj connects 18 End For 19 End For end for 1 untl V= end 4 Key computaton scheme j w k endf In ths secton the proposed key computaton scheme s dscussed We frst show the steps for computng the key for one-to-one communcaton and then we dscuss how that scheme can be extend for the group key In our model each node s unquely dentfed by an ID where { 1 n} Each group n the network s denoted by U The operatons performed for the group key computaton fall n the fnte feld F q where q s a suffcently large prme number Every group U stores secret key S Fq The entropy functon s denoted by H() K j s used for denotng the sesson key of each group durng the sesson j Each group member also has a personal key k The broadcasted and revocaton sesson

7 7 key messages are denoted by B j and R j The revoked group members are denoted by t The whole regon s denoted by N and levels by L Notatons: ID Identfcaton of nodes U Identfcaton of group n the network F q Fnte feld where q s a suffcently large prme number S Group secret key provded by the base staton H() K j k B j R j N L n Entropy functon Sesson key for j Personal key of ndvdual sensors Broadcasted mess for sesson j Revocaton message for sesson j Network of a regon Herarchcal levels Arbtrary number of nodes Followng steps are used to compute the key n ndvdual sensor nodes: 1 The cluster head of each group communcates wth the base staton and all ts group members Each node fnds ts drect communcaton lnk The communcaton lnk s decded at the tme of organzaton of the network 3 Each node mantans the knowledge of ts level and the dentfcaton of the nodes wth whom t can communcate drectly wthout usng relay nodes n the mddle 4 Cluster head communcates wth the base staton to let t know the number of nodes n each level of ts group 5 The base staton communcates wth the cluster head to compute the cluster head key 6 The Cluster head computes ndvdual keys and send those to dfferent nodes n ts group The detaled process of key computaton n each group s as follows: STEP 1: Key computaton at the cluster head: The cluster head key k CH s computed from the fnte feld F q and a broadcast message B from the base staton where q s a large prme number The computed new cluster head key s kch Fq 1 The key k CH for each cluster head s computed from the key provded by the base staton (a) For any cluster head the key k CH s computed usng S and B where H(k B S )= where H s the one way hash functon (b) For B { S 1 S n } B t whch means the broadcasted message has to be wthn tme wndow t where t < t Expraton and U B means that not all the messages from the base staton are for all the groups (c) The key computaton follows the formula k = H ( k S { S } U B) Ch B (d) The keys for the cluster heads are { kch} {1 n} when n cluster heads are there n the network STEP : Key computaton at each node: Each node n a group computes ts personal secret key k from the key k CH (a) The ndvdual secret key k s computed usng the cluster head key k CH and the dentfcaton of each node ID where { 1 n) (b) For kch U N the key computaton s done usng the formula k = H ( kch ID{ ID}) (c) The key k s used to compute the keys at dfferent levels For example K134 K13 K14 K34 (d) The unque dentfcaton of each node ID also makes sure that each key generaton from the has functon s unque STEP 3: Sesson key dstrbuton: Assume that each group n the network s organzed at dfferent levels U N L for { n} For each level L N the key S s dfferent The cluster head CH broadcasts message CH B ( S ) to members whch contans the sesson key S (a)the functon Fq helps to compute the key H() S =H( F q ) For { n} where the group keys are { S 1 S n } (b) Sesson key S from S for target regon s used for encrypton/decrypton of group messages Ths helps n reducng communcaton overhead as ndvdual keys are not used for secure message exchange f multple nodes need to ntercept certan messages STEP 4: One-to-One key computaton: The personal key k H ( F Fn ) For computng the personal keys H() s appled on F Based on F and L dfferent nodes

8 8 wll have a dfferent key k Each personal key depends on the defned key feld locaton of the node at a partcular level lke k1 H ( F1 L1 ) kn H ( Fn Ln ) (a) For computng one-to-one key each node communcates wth the cluster head and then t computes the key STEP 5: Secure communcaton path selecton: The communcaton path at the tme of key dstrbuton s CH { L 1 L } U N The broadcasted message B conssts of B = k S The formaton of k and S s shown n defntons and 3 (a) The secure communcaton path selecton can start from: () the cluster head () to lower level nodes from upper level nodes and () lower level nodes to upper level nodes (b) When cluster head wants to communcate wth ts group members t uses ts personal key k CH [ Message] k Nodes As the secret key at 1 n each ndvdual node s computed from the cluster head key the cluster head generates those key for encrypton/decrypton of messages Each ndvdual secret keys can be consdered to be the subset of the cluster head key e k1 n kch (c) When the upper level nodes want to communcate wth the lower level nodes they need to fnd drect communcaton lnk If the nodes do not have drect communcaton lnk then they have to reach those nodes through other nodes [ Uppper] K 1 Lower n (d) The lower level nodes can only communcate wth ther parent nodes Therefore they can communcate wth other nodes through only ther parent nodes STEP 6: Updatng the group key: The updatng of group key s done wthn the tme wndow of decrypton of key decrypton _ tme > key _ updatng _ tme For updatng each ndvdual secret key the cluster head does batch processng (a) The cluster head broadcasts a message whch contans the nformaton about the dentfcaton of the node the level and the updatng functon for the key (b) The key updatng s done n dfferent stuatons lke () gvng new access to certan nodes () revokng access of some nodes () updatng keys because of expraton tme (c) For gvng new access to the nodes the modfcaton of the key s done n the relevant communcaton path as the key s generated startng from the cluster head untl the node whch s at the end of ths path There s no need to modfy the keys n the whole group (d) The key revocaton process s smlar to gvng the access to nodes The only dfference s that at the tme of key updatng the revoked node s not ncluded n the path Access to lower level nodes: The upper level nodes can have access of the messages whch are for lower level nodes f they have the drect communcaton lnks In Fgure 5 the followng key level access are possble For example node B has access to nodes F G and I K K K K 3 K14 K1 K14 K 4 3 K134 K13 K14 K 34 4 K 34 K 3 K 4 K 34 Example of the key herarchy: The key herarchy for Fgure s as follows: K K K 1 3 K13 c K1 K 3 c K 13 The followng message exchanges are done for the key computaton: 1 The cluster head sends a message to the base statonch ( Msg) BS where Msg = ( ID L U numberofnodes) The base staton can dentfy the herarchy from ths message It calculates the L where { 1 n} For example f for ID =16 and L=5 andu = 1 then the base staton computes the key K134 for the cluster head The base staton encrypts K 134 usng the cluster head s personal key k CH The base staton has the prvlege to compute any personal or group keys Next k CH s dscarded and K 134 s consdered as ts personal key 3 The BS also computes all other personal keys for thatu In ths case t computes K K K K K K K { K 3 K K K K K } K4

9 9 4 After recevng ths set of keys the cluster head starts uncastng the personal keys to ndvdual nodes 5 After recevng the personal keys the nodes can communcate wth the desgnated node n a partcular path To make sure when the cluster head s sendng the keys only the authentc nodes get those followng steps are followed: 1 We modfy the ID-based cryptography [19] to delver the personal ndvdual key The groups are denoted byu for =1 let us consder U 1 to be the prme order of q for the fnte feld F Let U be the multplcatve for the same Then U1 U1 U can be mapped usng the propertes of (a) Blnear (b) Non-degenerate (c) Computable Usng the blnear parng [18] ID-based encrypton scheme can be modfed The cluster head uses a master key and the ID of each node to compute the key The ID of the nodes are not nteger numbers they are 16 bts key nstead whch has an nteger ndex assocated wth t The cluster head computes three hash functons from U 1 andu * H1 :{1 } U1 (It s extracted from the ID) l H : U {1 } Here l s the length of the text * H : 3 U Z q (Ths s used to compute the personal keys) * In CH K Z t computes ndvdual keys 134 q k = K134K where factor * Z q s multplcatve group 41 Extended scheme for the group key computaton Logcal key constructon phase: The RBASH frst computes a sesson-encryptng key (SEK) For dong that t chooses a pseudorandom functon denoted as fs wth a random seed s and a random nteger r A logcal key tree s formed from the functon Only the cluster head of each group has the knowledge of r and fs In ths scheme each group conssts of n members Each node of the tree s assgned wth a pre-deployed encrypton key These keys are used to encrypt the new sesson-encryptng key for vald members q Fgure 6 Group key computaton Assgnng group key: Each node n Fgure 6 can be consdered as group of nodes Each group has a group key dstrbuted by the cluster head The base staton communcates wth the cluster head to form the group keys The group keys are based on the ID of each group The dentfcaton assgnng technque s explaned n Secton 3 The followng steps are followed to form the group key 1 SEK Pr e deployed ths pre-deployed key s used to guarantee that message exchange wth the base staton for group key (GK ) computaton s secure The same ID-based cryptography s used as explaned for one-to-one key computaton Each group exchanges a message BS[ Msg] SEK U wth the base staton whch s encrypted usng SEK As each regon of the network have multple groups each GK needs to be unque The unque group keys are denoted bygk for =1n GK1 GK1 GK can be mapped usng the propertes of (a) Blnear (b) Non-degenerate (c) Computable 3 Usng the pseudorandom functon f s n the logcal tree of each group a master key s computed n each group by the cluster head Later ths master key s assocated wth the ndex of each group whch s decded based on the ID of each group Each group uses a 16 bts key nstead whch has an nteger ndex assocated wth t The cluster head computes three hash functons from GK 1 andgk * a H1 :{1 } GK1 (It s extracted from the ID of each group) l b H : GK {1 } Here l s the length of the text * c H : 3 GK Z q (Ths s used to compute the group keys)

10 1 5 Authorzaton model and access control In ths secton we dscuss the secure nformaton sharng usng the herarchcal path Our focus s on mantanng the herarchy rather than mantanng a shortest path We seek to dentfy major approaches to acheve the goals lke usage revocaton re-dssemnaton and dstrbuton polcy Usage polcy: If a user s authorzed to access data of a partcular level n the network then t performs the operaton as many tmes he wants Essentally there s no pre-defned usage control The concept of lmtng usage was frst emphaszed n recent years by RBAC [1 ] where lmts on how often or how long an access s permtted are often vewed as a base of multlevel access The usage polcy n RBASH s based on the dstrbuton of the key If the hgher level nodes have the keys whch are used to derve the keys for the lower level nodes then the hgher level nodes have access to the lower level nodes It s necessary that the revocaton must be addressed at the polcy model The revocaton handled by the mplementaton layer Some of the questons addressed n ths secton are: Can authorzed access be revoked? What s the delay n revocaton? More generally can authorzed access be changed? the key K 134 ths can be used to decrypt any messages of ts group members Node B can encrypt a message M usng the nternal key K 13 If B[ M ] K A message s sent 13 from node B to A then only A can decrypt t because t s n the hgher level than B and t has a drect communcaton lnk The known paths are based on the key and the drect lnk Assgnment of operators: Along wth the keys each node n the network s assgned wth an operator Ths helps n makng the functon for multlevel access Also an ntruder node wll not be able to decrypt the functon as t s dstrbuted at dfferent levels Each node n the tree may have the responsblty for dong operatons such as AND/OR/NOT/ ASSIGNMENT or EQUAL-TO The cluster head n each group can compute the secret functon usng the node ID and relevant operaton of each node In Fgure 4 the cluster head computes a functonφ = (( x 1 x) (( x1 x3) x4)) x Ths can be used to perform secure communcaton wth other groups The parent nodes n each level can generate a functon based on the operaton and ID of ts chldren As the cluster head knows the values for the lterals t can compute the key from that The parent nodes can compute the functon and communcate wth the chldren nodes wthout retrevng the actual keys from the chldren nodes For example y6 = ( x1 x3) so t can be assgned wth the access of x 1 or x 3 Another example from Fgure 8 would be y5 = (( x1 x3 ) x4 )) If we nterpret ths wth respect to multlevel access then y 5 has access of x1 or x3 and x 4 The functon can be shared wth other levels based on the needs and prvleges of the nodes Fgure 7 Authorzaton model Fgure 7 shows the authorzaton model In ths model the authorzaton starts wth the level selecton of the network At the tme of choosng the levels the nodes can have ther nternal keys for the secure communcaton A node can have dfferent paths to reach to other nodes; t can choose any partcular path based on the preference The preference can depend on the number of hops The role selecton of the nodes s determned by three parameters: 1) a node s servce hstory ) ts current authorzed tasks 3) expectaton of other nodes Each network group or regon can have usage revocaton and contnuaton polcy determned by the upper level nodes The output of ths model s: access control key selecton and relatonshps creaton Level selecton: The level selecton n the network or group s based on the nternal key known path and preferences For example n Fgure 5 the cluster head s at level It has Fgure 8 Assgnng operator to the nodes Another example from Fgure 8 the equaton for the functon n the cluster head sφ = (( x 1 x) (( x1 x3) x4)) x If the functon at s y5 = (( x1 x3) x4 )) then y 5 can access x1 or x3 and x 4 In the reverse way the x 1 does not

11 11 have access to y 5 The y 5 can be modfed as y5 = (( x1 ) x4 ) ( x3) x4 )) Ths means y 5 as a parent node does not need to have the actual functon n order to compute the functon usng the operators of ts chldren nodes The y 5 can also control the access of y6 and x 4 to other nodes ( y or y 1 ) by changng the operator n them The functon at y = (( x1 x ) (( x1 x3) x4 )) by changng the operators to n the nodes y 5 y 4 and y the equaton would be y y ) 6 Performance evaluaton ( 5 y4 We analyze n ths secton the performance of RBASH for relable key computaton and multlevel access The followng performance metrcs are used for the smulaton: 1) Bandwdth overhead: It s defned as the rato t/b where t s the total number of packets that the base staton and cluster head sends for computng the key for a block of packets ncludng the repar packets to provde relablty and b s the block sze The reasons for usng the bandwdth overhead are: (a) effcent bandwdth utlzaton n sensor network s one of the man concerns because of ts lmted avalablty (b) t has a packet sze lmt of 3 byte t s mportant to balance the securty wth the packer sze The securty s drectly proportonal to the sze of the key but sze of the key can lmt the actual packet carryng capacty (c) The communcaton overhead can be reduced by reducng the number of messages exchanges among the nodes whch also saves the bandwdth ) Pro-actvty factor: the pro-actvty factor s computed by the formula ( m + n) / k where m s the packets generated n the applcaton layer for key generaton and k s the party packets of each block to reduce error n the delvered messages The pro-actvty factor s nversely proportonal to the packet loss n the network and drectly proportonal to the bandwdth 3) Power consumpton In our smulaton we use TnyOS [17] to create multcast groups made up of four multcast groups organzed as shown n Fgure 1 In order to show the ablty of RBASH to cope wth dfferent applcaton requrements we make the smulaton characterzed by threat models In the smulaton we consder maxmum expraton tme of each sesson key as 3 hours an nter-arrval between members of seconds and average membershp duraton of 3 mnutes In ths model sensor nodes are dstrbuted unformly n a regon of1 8m The communcaton range of the nodes s 4m The nodes are dvded nto groups (clusters) of to 1 nodes The nodes communcate wth each other usng mult hopng We smulate the organzaton of the network usng modfed Hasse dagram whch s explaned n Secton 3 If some nodes are physcally captured by ntruders and the applcaton layer software s modfed to communcate wth the unauthentc nodes and then they can pretend to be authentc nodes For addressng ths problem the group key re-freshness should be fast enough so that ntruders should not be able to decode the ntal key used for encrypton/decrypton of packets before computng the new key Block sze for key message Proactvty factor=15 Proactvty factor=1 Proactvty factor=11 Proactvty factor=1 Fgure 9 Number of group members compute key The Pro-actvty factor for dfferent blocks wll typcally be dfferent as t depends upon the number of sensors n a group who are nterested n the keys n a partcular block as well as the estmated packet loss rates of these users Fgure 11 shows the number of blocks needed to compute the group key for dfferent group sze varyng the pro-actvty factor The chosen pro-actvty factors are: and 15 From ths experment we observe that wth the ncrease n pro-actvty factor the number of blocks needed to compute a group key decreases The reason s f the packet loss n the network s less t s more lkely to have a group key n lesser tme perod For the pro-actvty factor of 15 the graph remans constant and do not change wth the change n the number of nodes per group We observe that number of packets needed can be reduced by makng the pro-actvty factor to 1 From the experment we observe that wth the pro-actvty factor of 1 we can balance the packet sze and the bandwdth requrement n the network Number of nodes per group Fgure 1 Bandwdth overhead Key sze=8 byte Key sze=1 byte Key sze=15 byte

12 1 Bandwdth overhead: The bandwdth overhead s calculated based on the total number of packets over the number of packets per block are used for ths protocol We performed an experment where the key szes and number of nodes per group are vared to measure the bandwdth consumpton for key computaton The varyng key szes are 8 bytes 1 bytes and 15 bytes From Fgure 1 we observe that the change of key sze do not change the notceable bandwdth overhead as long as the key fts nto the packet of 3 bytes The packets used for TnyOS are up to 3 bytes n sze and we learned from the TnySec [8] that removng some bytes from the packet can make the securty packets more accommodatng whch can keep the bandwdth overhead low In RBASH the key sze can be changed based on the level of securty needed n the network For example f we defne the securty level as yellow orange red from lowest to hghest 8 bytes key s used for yellow and 15 bytes for red In ths way the bandwdth overhead can be saved when the securty threat s yellow or no threat The total bandwdth s calculated usng the communcaton performed for organzng the network key computaton and key freshness Avalable energy (KJ) Energy consumpton (Joule) Number of nodes per group Fgure 11 Energy consumpton Component Current drawn(ma) CPU Actve 8 Idle 3 Power save 11 Rado Recepton (Rx) 7 Transmsson (Tx) 37 Fgure 11 compares the energy consumed for ntal communcaton and the total avalable energy n each group It s assumed that each sensor node has two 15volts AA batteres We observe that the battery power consumpton for ntal communcaton n ths scheme (RBASH) s very less compared to the total avalable energy The calculaton for energy consumpton s based on the followng parameters: 1) organzaton of the network ) communcaton for the key computaton and recomputaton 3) key updatng to change accesses and revocaton The energy consumpton for each transmsson and recepton s shown n the above table for rado and CPU usage In RBASH the energy can be saved by puttng some of the nodes n sleep mode when the applcaton does not need all the nodes to be awake lke durng sensng of wnd speed When all the nodes need to be awake the secure communcaton also needs more battery power as the key computaton and encrypton/decrypton of messages consumes more energy than wthout such actvtes Bandwdth overhead (Kbps) RBASH SPIN Nodes per group Fgure 1 Comparson of energy wth SPINS RBASH SPIN Number of nodes per group Fgure 13 Comparson of bandwdth overhead wth SPINS In Fgure 1 the energy consumpton n SPINS [13] and RBASH are compared Though SPINS s used for oneto-one node communcaton here t used for the group communcaton It s observed that SPINS takes more tme for communcatng wthn a group We observed that the energy consumpton of SPINS ncreases exponentally wth the ncrease n the number of nodes n a group Though ntally the RBASH protocol consumes energy exponentally as the number of nodes ncreases t tends to consume comparatvely lesser energy The reason s that n ths protocol the ntal actvtes such as the selforganzaton and the key computaton uses sgnfcant amounts of communcaton and computaton In RBASH after the reorganzaton of the network the energy consumpton decreases as some of the nodes go to doze or sleep modes too In organzaton f the deployment of the network s dense enough so that not all the needs to be actve all the tme Fgure 13 provdes the comparson of RBASH and SPINS for bandwdth overheads A 15 bytes key computaton and broadcast s done n both the cases We observe that the bandwdth overhead n SPINS s lesser compared to RBASH The reasons for that are: (a) SPINS works usng the delayed dsclosure of keys The keys are broadcasted from the base staton and none of the keys are modfed n the communcaton path whereas RBASH needs to modfy the keys based on the needs of access level

13 13 and the number of communcaton messages needed for the key level and access polcy setup s more than SPINS (b) Number of steps needed to setup a communcaton path s less n SPINS It has manly two steps Frst broadcastng the encrypted messages usng the key chan n the base staton The second s broadcastng the key chan n a predefned tme nterval In RBASH t has many steps: choosng a cluster head settng up the network usng Hasse dagram dstrbutng the key from the cluster head and modfcaton of the keys based on the access need Energy consumpton (Joule) RBASH M cro-tesla Nodes per goup Fgure 14 Comparson of energy wth Mcro-Tesla Bandwdth (Kbps) RBASH Mcro-Tesla Number of nodes per group Fgure 15 Comparson of bandwdth overhead wth Mcro-Tesla To compare the energy consumpton and bandwdth overhead of RBASH wth µtesla [] we performed two experments Agan a 15 bytes key computaton s done n both the cases We observe that the bandwdth overhead n µtesla s lesser than n RBASH However RBASH consumes less energy than µtesla The reasons for havng less bandwdth overhead n µtesla are: (a) the messages for broadcast are pre-determned and these messages are created by the base staton whereas n RBASH the messages are orgnated from the cluster head and ntermedate nodes only need to modfy t based on the access polcy (b) to provde multlevel authentcaton nstead of usng levels n the network logcal key chans are used n µtesla Any changes n the network need to have modfed key chan whch s provded by the base staton The reasons for more energy consumpton n µtesla are as follows: (a) as delayed dsclosure of keys s used n µtesla the verfcaton of each key needs more battery and computatonal power whereas n RBASH the key computaton s done through levels no verfcaton of key s nvolved (b) computaton of MAC wth every message n µtesla needs battery power Bandwdth overhead (Kbps) Energy consumpton (Joule) Levels=3 Levels=6 Levels=9 Levels= Number of nodes per group Fgure 16 Comparson of energy consumpton by varyng number of levels n a group Levels=3 Levels=6 Levels=9 Levels= Number of nodes per group Fgure 17 Comparson of bandwdth overhead by varyng number of levels n a group We compare the energy consumpton and bandwdth overhead of RBASH protocol by varyng number of levels n a group The sze of the key for performng these experments s 15 bytes The total energy consumpton and bandwdth overhead of a group of dfferent number of nodes are shown n Fgures 16 and 17 As a remnder RBASH computes the keys startng from the cluster head and the upper level nodes can get the access to lower level nodes f t s authorzed by the cluster head We observe from the Fgures 16 and 17 that the energy consumpton and bandwdth overhead s proportonal to the number of levels n each group Ths s because of the followng reasons: (a) more the number of levels n each group more communcaton s needed for choosng the cluster head settng up communcaton path provdng the keys to ndvdual nodes and updatng the keys The number of messages s drectly proportonal to the battery power and bandwdth consumpton (b) wth the ncrease n the number of levels n each group the number of hops needed by the lower level nodes to communcate wth the upper level nodes ncreases As the cluster head re-ntalzes the process of key updatng after a pre-defned tme nterval the messages are forwarded by the ntermedate level nodes so that they can reach to the lower level

14 14 7 Conclusons and future work In ths paper we have descrbed a multlevel securty protocol called RBASH where computaton of the key (and ts sze) s done based on the securty need durng the sesson Each node n the network can have a dfferent level of access accordng to the role each node plays n the applcaton Frst one-to-one key computaton s proposed and then t s extended for the group The keys are computed dynamcally usng a Hasse dagram Usng a detaled smulaton study t s observed that the energy consumpton for generatng the group key s very small compared to the total avalable energy n the sensor nodes It s also shown that the proposed RBASH protocol s able to compute the group key usng the less network bandwdth and energy n comparson wth SPINS In comparson wth µtesla t uses more bandwdth but saves the energy usage One natural drecton for future research s to model a herarchcal certfcaton scheme along wth key management technque A possble approach can be computng a {prvate publc} key par n each node and nstead of just provdng the key a certfcate s attached wth the key for the verfcaton of ts access control n the network In ths model the base staton creates a dgtal sgnature and sends t to a group of nodes These nodes jontly act as a certfcaton authorty Ths group of nodes s responsble for generatng the certfcate for the nodes The certfcate must be created based on the locaton of each node n the herarchy References [1] Davd W Carman Peter S Kruus and Bran JMatt Constrants and approaches for dstrbuted sensor network securty NAI Labs Techncal Report #- 1 September [] Rav Sandhu A Perspectve on Graphs and Access Control Models Second Internatonal Conference on Graph Transformatons (ICGT) 4 [3] Pete Epsten and Rav Sandhu Engneerng of Role- Permsson Assgnments ACSAC 1 [4] Aldar CF Chan Edward S Rogers Sr Dstrbuted Symmetrc Key Management for Moble Ad hoc Networks IEEE INFOCOM 4 [5] Wenlang Du Jng Deng Yunghsang S Han and Pramod Varshney A Parwse Key Pre-dstrbuton Scheme for Wreless Sensor Networks In Proceedngs of the 1th ACM Conference on Computer and Communcatons Securty (CCS) Washngton DC October [6] Wenlang Du Jng Deng Yunghsang S Han Shgang Chen and Pramod Varshney A Key Management Scheme for Wreless Sensor Networks Usng Deployment Knowledge IEEE INFOCOM 4 [7] L Eschenauer and V D Glgor A key-management scheme for dstrbuted sensor networks n Proceedngs of the 9th ACM conferenceon Computer and communcatons securty Washngton DC USA November 18- [8] Chrs Karlof Naveen Sastry and Davd Wagner TnySec: A Lnk Layer Securty Archtecture for Wreless Sensor Networks Proceedngs of the Second ACM Conference on Embedded Networked Sensor Systems (SenSys 4) November 4 [9] Wend Henzelman Anantha Chandrakasan and Har Balakrshnan Energy-Effcent Communcaton Protocols for Wreless Mcrosensor Networks Proc Hawaaan Int'l Conf on Systems Scence January [1] Samuel R Madden Mchael J Frankln Joseph M Hellersten and We Hong TAG: a Tny AGgregaton Servce for Ad-Hoc Sensor Networks OSDI December [11] D Malan M Welsh M Smth A Publc-Key Infrastructure for Key Dstrbuton n TnyOS Based on Ellptc Curve Cryptography IEEE SECON 4 [1] Vctor S Mller Use of Ellptc Curves n Cryptography Advances n Cryptology CRYPTO 85 Proceedngs Lecture Notes n Computer Scence 18 (1986) Sprnger-Verlag [13] A Perrg R Szewczyk V Wen D Culler and JD Tygar SPINS: Securty protocols for sensor networks In Proceedngs of Mobcom 1 [14] Yan Sun and K J Ray Lu Scalable Herarchcal Access Control n Secure Group Communcatons IEEE INFOCOM 4 [15] Mchael Stener Gene Tsudk Mchael Wadner Key Agreement n Dynamc Peer Groups IEEE Transactons on Parallel and Dstrbuted Systems 11(8): [16] etworkshtm [17] [18] Fan Ye Hayun Luo Songwu Lu Lxa Zhang Statstcal En-route Flterng of Injected False Data n Sensor Networks INFOCOM 4 [19] Danfeng Yao Nelly Fazo Yevgeny Dods Anna Lysyanskaya ID-based encrypton for complex herarches wth applcatons to forward securty and broadcast encrypton 11th ACM conference on Computer and communcatons securty 4 [] Donggang Lu Peng Nng Mult-Level µtesla: Broadcast Authentcaton for Dstrbuted Sensor Networks ACM Transactons n Embedded Computng Systems (TECS) Vol 3 No 4 pages November 4