Abstract
Guaranteeing end-to-end data security in wireless sensor networks (WSNs) is important and has drawn much attention of researchers over past years. Because an attacker may take control of compromised sensor nodes to inject bogus reports into WSNs, enhancing data authenticity becomes a necessary issue in WSNs. Unlike PCREF (Yang et al. in IEEE Trans Comput 64(1):4–18, 2015) (LEDS, Ren et al. in IEEE Trans Mobile Comput 7(5):585–598, 2008), digital signature rather than message authentication polynomials (message authentication codes) is adopted by our protocol in en-route filtering. Keeping the advantages of clusters in PCREF and overcoming the drawbacks in LEDS, an enhanced and efficient cluster-based security protocol is proposed in this paper. The proposed protocol can guarantee end-to-end data authentication with the aid of digital signature and exhibits its effectiveness and efficiency through security analysis and performance analysis. Our analytical results show that the proposed protocol significantly outperforms the closely related protocols in the literature in term of security strength and protocol overhead.
Similar content being viewed by others
Notes
Let us briefly explain as follows. In LEDS, a (t, T) threshold linear secret sharing scheme (LSSS) is employed. Therefore, multiple sensor nodes may detect the event of interest simultaneously and are asked to generate shares based on the encrypted report. These shares generated from these non-compromised sensor nodes are then called legitimate secret shares. For details, one can refer to [31].
Undoubtedly, an Imote2 was a widely employed wireless sensor node. To save power consumption, one can design low-power wireless sensor nodes for this purpose, e.g., Mica2 [25]. Therefore, an Imote2 serves as a cluster head and a Mica2 serves as a low-power sensor node in the section of performance analysis.
This is a feasible approach because it comes from the concept of a distributed hash table (DHT) in a peer-to-peer (P2P) network.
As stated in Sect. 4.1, the size of a cell (an event cell) is covered by a circle with the radius of sensing range \(r_s\). Therefore, an event in the event cell falls within the sensing range of the sensor nodes in the event cell. This implies that the difference between two time instants to sense that event by two sensor nodes should be negligible even if it exists. To achieve the same event time calculated by the sensor nodes in the same event cell sensing the event for sure, such a rounded value is then used by sensor nodes to stand for the “true” event time. Undoubtedly, time synchronization is an important issue in the wireless sensor network but it does not fall within the scope of this paper. However, our solution does not rely on perfect time synchronization because a post-processed event time rather than an exact event time is utilized.
Such overhearing happens in an individual event cell only. Therefore, the range of overhearing is limited to the range of an event cell. This will not become difficult for such a communication range even if the real-world development with different geographical areas or buildings is considered.
Of course, a tradeoff between energy consumption in overhearing and security enhancement is inevitable. To alleviate possible energy consumption incurred, the number of non-participating sensor nodes to overhear can be properly controlled. For example, a random approach my be utilized to allow each non-participating sensor node to overhear and participate later or not by specifying a suitable probability \(p_o\). Such a random approach can then reduce the number of non-participating sensor nodes to overhear by a factor of \(1-p_o\) on average.
Abbreviations
- WSN:
-
Wireless sensor network
- LEDS:
-
Location-aware end-to-end data security
- BS:
-
Base station
- DoS:
-
Denial of service
- MAC:
-
Message authentication code
- PCREF:
-
Polynomial-based compromise-resilient en-route filtering
- MAP:
-
Message authentication polynomial
- MKMP:
-
Multi-BS key management protocol
- DSEDA:
-
Digital signature assisted end-to-end data authentication
- LSSS:
-
Linear secret sharing scheme
- SEF:
-
Statistical en-route filtering
- IHA:
-
Interleaved hop-by-hop authentication
- LBRS:
-
Location-based resilient secrecy
- CFFS:
-
Cluster-based false data filtering scheme
- ECC:
-
Elliptic curve cryptography
- ID:
-
Identity
- OOS:
-
Online/offline signature
- ECDSA:
-
Elliptic curve digital signature algorithm
- LEAP:
-
Localized encryption and authentication protocol
- LNCS:
-
Location-aware network-coding security
- GPS:
-
Global positioning system
- CH:
-
Cluster head
- PK:
-
Public key
- SK:
-
Secret key
- DHT:
-
Distributed hash table
- P2P:
-
Peer-to-peer
- SHA:
-
Secure hash algorithm
- HMAC:
-
Keyed-hashing for message authentication
References
Ayday, E., Delgosha, F., & Fekri, F. (2012). Data authenticity and availability in multihop wireless sensor networks. ACM Transactions on Sensor Networks (TOSN), 8(2), 10–26.
Cao, X., Kou, W., Dang, L., & Zhao, B. (2008). IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31(4), 659–667.
Chan, H., Perrig, A., & Song, D. (2003, May). Random key pre-distribution schemes for sensor networks. In Proceedings of IEEE symposium on security and privacy (SP’03) (pp. 197–213).
Chan, H., & Perrig, A. (2003). Security and privacy in sensor networks. IEEE Computer Magazine, 36(10), 103–105.
Drissi, J., & Gu, Q. (2006, July). Localized broadcast authentication in large sensor networks. In Proceedings of IEEE international conference on networking and services (ICNS’06).
Du, W., Deng, J., Han, Y. S., & Varshney, P. K. (2005). A pairwise key pre-distribution scheme for wireless sensor networks. ACM Transactions on Information and System Security, 8(2), 228–258.
Eschenauer, L., & Gligor, V. D. (2002, November). A key-management scheme for distributed sensor networks. In Proceedings of ACM conference on computer and communications security (CCS’02) (pp. 41–47).
Even, S., Goldreich, O., & Micali, S. (1996). On-line/off-line digital signatures. Journal of Cryptology, 9(1), 35–67.
Ferng, H. W., Nurhakim, J., & Horng, S. J. (2014). Key management protocol with end-to-end data security and key revocation for a multi-BS wireless sensor network. Wireless Networks, 20(4), 625–637.
Gu, W., Dutta, N., Chellappan, S., & Bai, X. (2011). Providing end-to-end secure communications in wireless sensor networks. IEEE Transactions on Network and Service Management, 8(3), 205–218.
Hankerson, D., Menezes, A., & Vanstone, S. (2004). Guide to elliptic curve cryptography. New York: Springer.
IEEE. (2000, May). Standard specifications for public key cryptography, IEEE P1363a/D4. http://grouper.ieee.org/groups/1363/index.html.
Krontiris, I., & Dimitriou, T. (2006, June). A practical authentication scheme for in-network programming in wireless sensor networks. In Proceedings of ACM REALWSN’06.
Lee, S., & Kim, K. (2010, November). Sensor authentication scheme for clustering routing protocols in wireless sensor networks. In Proceedings of IEEE sensors (pp. 1819–1822).
Li, F., Zhong, D., & Takagi, T. (2012). Practical identity-based signature for wireless sensor networks. IEEE Wireless Communications Letters, 1(6), 637–640.
Li, X., Zhou, F., & Du, J. (2013). LDTS: A lightweight and dependable trust system for clustered wireless sensor networks. IEEE Transactions on Information Forensics and Security, 8(6), 924–935.
Liu, D., & Ning, P. (2003). Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of network and distributed system security symposium (NDSS’03).
Liu, D., Ning, P., & Li, R. (2005). Establishing pairwise keys in distributed sensor networks. ACM Transactions on Information and System Security, 8(1), 41–77.
Liu, D., & Ning, P. (2004). Multilevel \(\mu \)TESLA: Broadcast authentication for distributed sensor networks. ACM Transactions on Embeded Computing Systems, 3(4), 800–836.
Liu, D., Ning, P., Zhu, S., & Jajodia, S. (2005, July). Practical broadcast authentication in sensor networks. In Proceedings of IEEE international conference on mobile and ubiquitous systems: Networking and services (MobiQuitous’05) (pp. 118–129).
Liu, A., & Ning, P. (2008, April). TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In Proceedings of IEEE international conference on information processing in sensor networks (IPSN ’08) (pp. 245–256).
Liu, Z., Wang, J., & Zhang, X. (2011, June). A false data filtering scheme using cluster-based organization in sensor networks. In Proceedings of IEEE international conference on communications (ICC’11) (pp. 1–5).
Liu, Y., Li, J., & Guizani, M. (2012). PKC based broadcast authentication using signature amortization for WSNs. IEEE Transactions on Wireless Communications, 11(6), 2106–2115.
Mitzenmacher, M. (2002). Compressed bloom filters. IEEE/ACM Transactions on Networking, 10(5), 604–612.
Moog Crossbow. (2008). Mica2/Imote2 Mote datasheet. http://www.xbow.com.
Naccache, D., & Stern, J. (2001). Signing on a postcard. In Proceedings of international conference on financial cryptography (FC ’01) (pp. 121–135).
National Institute of Standards and Technology. (2002, March). Keyed-hashing for message authentication (HMAC). Federal Information processing Standards Publication.
Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., & Culler, D. E. (2002). SPINS: Security protocols for sensor networks. Wireless Networks, 8(5), 521–534.
Raymond, D. R., Marchany, R. C., Brownfield, M. I., & Midkiff, S. F. (2009). Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology, 58(1), 367–380.
Ren, K., Lou, W., Zeng, K., & Moran, P. J. (2007). On broadcast authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 6(11), 4136–4144.
Ren, K., Lou, W., & Zhang, Y. (2008). LEDS: Providing location-aware end-to-end data security in wireless sensor networks. IEEE Transactions on Mobile Computing, 7(5), 585–598.
Ren, K., Lou, W., & Zhang, Y. (2009). Multi-user broadcast authentication in wireless sensor networks. IEEE Transactions on Vehicular Technology, 58(8), 4554–4564.
Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613.
Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO’84.
Shi, E., & Perrig, A. (2004). Designing secure sensor networks. IEEE Wireless Communications Magazine, 11(6), 38–43.
Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C. (2005, March). Energy analysis of public-key cryptography on small wireless devices. In Proceedings of IEEE international conference on pervasive computing and communications (PerCom’05) (pp. 324–328).
Yang, H., Ye, F., Yuan, Y., Lu, S., & Arbaugh, W. (2005, May). Toward resilient security in wireless sensor networks. In Proceedings of ACM international symposium on mobile ad hoc networking and computing (MobiHoc’05) (pp. 34–45).
Yang, X., Lin, J., Yu, W., Moulema, P., Fu, X., & Zhao, W. (2015). A novel en-route filtering scheme against false data injection attacks in cyber-physical networked systems. IEEE Transactions on Computers, 64(1), 4–18.
Yao, A. C.-C., & Zhao, Y. (2013). Online/offline signatures for low-power devices. IEEE Transactions on Information Forensics and Security, 8(2), 283–294.
Yasmin, R., Ritter, E., & Wang, G. (2010, June–July). An authentication framework for wireless sensor networks using identity-based signatures. In Proceedings of IEEE international conference on computer and information technology (CIT’10) (pp. 882–889).
Ye, F., Luo, H., Lu, S., & Zhang, L. (2004). Statiscal enroute filtering of injected false data in sensor networks. In Proceedings of IEEE INFOCOM’04.
Zhu, S., Setia, S., & Jajodia, S. (2006). LEAP+: Efficient security mechanisms for large-scale distributed sensor networks. ACM Transactions on Sensor Networks, 2(4), 500–528.
Zhu, S., Setia, S., Jajodia, S., & Ning, P. (2004, May). An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of IEEE symposium on security and privacy (SP’04) (pp. 259–271).
Acknowledgments
The work of H. W. Ferng was supported by the Ministry of Science and Technology (MOST), Taiwan under contracts MOST 104-2221-E-011-052-MY2, MOST 103-2221-E-011-012, and MOST 102-2221-E-011-004.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ferng, HW., Khoa, N.M. On security of wireless sensor networks: a data authentication protocol using digital signature. Wireless Netw 23, 1113–1131 (2017). https://doi.org/10.1007/s11276-016-1208-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-016-1208-0