Skip to main content
SpringerLink
Log in

On security of wireless sensor networks: a data authentication protocol using digital signature

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Guaranteeing end-to-end data security in wireless sensor networks (WSNs) is important and has drawn much attention of researchers over past years. Because an attacker may take control of compromised sensor nodes to inject bogus reports into WSNs, enhancing data authenticity becomes a necessary issue in WSNs. Unlike PCREF (Yang et al. in IEEE Trans Comput 64(1):4–18, 2015) (LEDS, Ren et al. in IEEE Trans Mobile Comput 7(5):585–598, 2008), digital signature rather than message authentication polynomials (message authentication codes) is adopted by our protocol in en-route filtering. Keeping the advantages of clusters in PCREF and overcoming the drawbacks in LEDS, an enhanced and efficient cluster-based security protocol is proposed in this paper. The proposed protocol can guarantee end-to-end data authentication with the aid of digital signature and exhibits its effectiveness and efficiency through security analysis and performance analysis. Our analytical results show that the proposed protocol significantly outperforms the closely related protocols in the literature in term of security strength and protocol overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. Let us briefly explain as follows. In LEDS, a (tT) threshold linear secret sharing scheme (LSSS) is employed. Therefore, multiple sensor nodes may detect the event of interest simultaneously and are asked to generate shares based on the encrypted report. These shares generated from these non-compromised sensor nodes are then called legitimate secret shares. For details, one can refer to [31].

  2. Undoubtedly, an Imote2 was a widely employed wireless sensor node. To save power consumption, one can design low-power wireless sensor nodes for this purpose, e.g., Mica2 [25]. Therefore, an Imote2 serves as a cluster head and a Mica2 serves as a low-power sensor node in the section of performance analysis.

  3. As for how to establish a pairwise key pool, one can refer to the literature for details, e.g., [3, 7] etc.

  4. This is a feasible approach because it comes from the concept of a distributed hash table (DHT) in a peer-to-peer (P2P) network.

  5. As stated in Sect. 4.1, the size of a cell (an event cell) is covered by a circle with the radius of sensing range \(r_s\). Therefore, an event in the event cell falls within the sensing range of the sensor nodes in the event cell. This implies that the difference between two time instants to sense that event by two sensor nodes should be negligible even if it exists. To achieve the same event time calculated by the sensor nodes in the same event cell sensing the event for sure, such a rounded value is then used by sensor nodes to stand for the “true” event time. Undoubtedly, time synchronization is an important issue in the wireless sensor network but it does not fall within the scope of this paper. However, our solution does not rely on perfect time synchronization because a post-processed event time rather than an exact event time is utilized.

  6. Such overhearing happens in an individual event cell only. Therefore, the range of overhearing is limited to the range of an event cell. This will not become difficult for such a communication range even if the real-world development with different geographical areas or buildings is considered.

  7. Of course, a tradeoff between energy consumption in overhearing and security enhancement is inevitable. To alleviate possible energy consumption incurred, the number of non-participating sensor nodes to overhear can be properly controlled. For example, a random approach my be utilized to allow each non-participating sensor node to overhear and participate later or not by specifying a suitable probability \(p_o\). Such a random approach can then reduce the number of non-participating sensor nodes to overhear by a factor of \(1-p_o\) on average.

Abbreviations

WSN:

Wireless sensor network

LEDS:

Location-aware end-to-end data security

BS:

Base station

DoS:

Denial of service

MAC:

Message authentication code

PCREF:

Polynomial-based compromise-resilient en-route filtering

MAP:

Message authentication polynomial

MKMP:

Multi-BS key management protocol

DSEDA:

Digital signature assisted end-to-end data authentication

LSSS:

Linear secret sharing scheme

SEF:

Statistical en-route filtering

IHA:

Interleaved hop-by-hop authentication

LBRS:

Location-based resilient secrecy

CFFS:

Cluster-based false data filtering scheme

ECC:

Elliptic curve cryptography

ID:

Identity

OOS:

Online/offline signature

ECDSA:

Elliptic curve digital signature algorithm

LEAP:

Localized encryption and authentication protocol

LNCS:

Location-aware network-coding security

GPS:

Global positioning system

CH:

Cluster head

PK:

Public key

SK:

Secret key

DHT:

Distributed hash table

P2P:

Peer-to-peer

SHA:

Secure hash algorithm

HMAC:

Keyed-hashing for message authentication

References

  1. Ayday, E., Delgosha, F., & Fekri, F. (2012). Data authenticity and availability in multihop wireless sensor networks. ACM Transactions on Sensor Networks (TOSN), 8(2), 10–26.

    Article  Google Scholar 

  2. Cao, X., Kou, W., Dang, L., & Zhao, B. (2008). IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks. Computer Communications, 31(4), 659–667.

    Article  Google Scholar 

  3. Chan, H., Perrig, A., & Song, D. (2003, May). Random key pre-distribution schemes for sensor networks. In Proceedings of IEEE symposium on security and privacy (SP’03) (pp. 197–213).

  4. Chan, H., & Perrig, A. (2003). Security and privacy in sensor networks. IEEE Computer Magazine, 36(10), 103–105.

    Article  Google Scholar 

  5. Drissi, J., & Gu, Q. (2006, July). Localized broadcast authentication in large sensor networks. In Proceedings of IEEE international conference on networking and services (ICNS’06).

  6. Du, W., Deng, J., Han, Y. S., & Varshney, P. K. (2005). A pairwise key pre-distribution scheme for wireless sensor networks. ACM Transactions on Information and System Security, 8(2), 228–258.

    Article  Google Scholar 

  7. Eschenauer, L., & Gligor, V. D. (2002, November). A key-management scheme for distributed sensor networks. In Proceedings of ACM conference on computer and communications security (CCS’02) (pp. 41–47).

  8. Even, S., Goldreich, O., & Micali, S. (1996). On-line/off-line digital signatures. Journal of Cryptology, 9(1), 35–67.

    Article  MathSciNet  MATH  Google Scholar 

  9. Ferng, H. W., Nurhakim, J., & Horng, S. J. (2014). Key management protocol with end-to-end data security and key revocation for a multi-BS wireless sensor network. Wireless Networks, 20(4), 625–637.

    Article  Google Scholar 

  10. Gu, W., Dutta, N., Chellappan, S., & Bai, X. (2011). Providing end-to-end secure communications in wireless sensor networks. IEEE Transactions on Network and Service Management, 8(3), 205–218.

    Article  Google Scholar 

  11. Hankerson, D., Menezes, A., & Vanstone, S. (2004). Guide to elliptic curve cryptography. New York: Springer.

    MATH  Google Scholar 

  12. IEEE. (2000, May). Standard specifications for public key cryptography, IEEE P1363a/D4. http://grouper.ieee.org/groups/1363/index.html.

  13. Krontiris, I., & Dimitriou, T. (2006, June). A practical authentication scheme for in-network programming in wireless sensor networks. In Proceedings of ACM REALWSN’06.

  14. Lee, S., & Kim, K. (2010, November). Sensor authentication scheme for clustering routing protocols in wireless sensor networks. In Proceedings of IEEE sensors (pp. 1819–1822).

  15. Li, F., Zhong, D., & Takagi, T. (2012). Practical identity-based signature for wireless sensor networks. IEEE Wireless Communications Letters, 1(6), 637–640.

    Article  Google Scholar 

  16. Li, X., Zhou, F., & Du, J. (2013). LDTS: A lightweight and dependable trust system for clustered wireless sensor networks. IEEE Transactions on Information Forensics and Security, 8(6), 924–935.

    Article  Google Scholar 

  17. Liu, D., & Ning, P. (2003). Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of network and distributed system security symposium (NDSS’03).

  18. Liu, D., Ning, P., & Li, R. (2005). Establishing pairwise keys in distributed sensor networks. ACM Transactions on Information and System Security, 8(1), 41–77.

    Article  Google Scholar 

  19. Liu, D., & Ning, P. (2004). Multilevel \(\mu \)TESLA: Broadcast authentication for distributed sensor networks. ACM Transactions on Embeded Computing Systems, 3(4), 800–836.

    Article  MathSciNet  Google Scholar 

  20. Liu, D., Ning, P., Zhu, S., & Jajodia, S. (2005, July). Practical broadcast authentication in sensor networks. In Proceedings of IEEE international conference on mobile and ubiquitous systems: Networking and services (MobiQuitous’05) (pp. 118–129).

  21. Liu, A., & Ning, P. (2008, April). TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks. In Proceedings of IEEE international conference on information processing in sensor networks (IPSN ’08) (pp. 245–256).

  22. Liu, Z., Wang, J., & Zhang, X. (2011, June). A false data filtering scheme using cluster-based organization in sensor networks. In Proceedings of IEEE international conference on communications (ICC’11) (pp. 1–5).

  23. Liu, Y., Li, J., & Guizani, M. (2012). PKC based broadcast authentication using signature amortization for WSNs. IEEE Transactions on Wireless Communications, 11(6), 2106–2115.

    Article  Google Scholar 

  24. Mitzenmacher, M. (2002). Compressed bloom filters. IEEE/ACM Transactions on Networking, 10(5), 604–612.

    Article  MATH  Google Scholar 

  25. Moog Crossbow. (2008). Mica2/Imote2 Mote datasheet. http://www.xbow.com.

  26. Naccache, D., & Stern, J. (2001). Signing on a postcard. In Proceedings of international conference on financial cryptography (FC ’01) (pp. 121–135).

  27. National Institute of Standards and Technology. (2002, March). Keyed-hashing for message authentication (HMAC). Federal Information processing Standards Publication.

  28. Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., & Culler, D. E. (2002). SPINS: Security protocols for sensor networks. Wireless Networks, 8(5), 521–534.

    Article  MATH  Google Scholar 

  29. Raymond, D. R., Marchany, R. C., Brownfield, M. I., & Midkiff, S. F. (2009). Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology, 58(1), 367–380.

    Article  Google Scholar 

  30. Ren, K., Lou, W., Zeng, K., & Moran, P. J. (2007). On broadcast authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 6(11), 4136–4144.

    Article  Google Scholar 

  31. Ren, K., Lou, W., & Zhang, Y. (2008). LEDS: Providing location-aware end-to-end data security in wireless sensor networks. IEEE Transactions on Mobile Computing, 7(5), 585–598.

    Article  Google Scholar 

  32. Ren, K., Lou, W., & Zhang, Y. (2009). Multi-user broadcast authentication in wireless sensor networks. IEEE Transactions on Vehicular Technology, 58(8), 4554–4564.

    Article  Google Scholar 

  33. Shamir, A. (1979). How to share a secret. Communications of the ACM, 22(11), 612–613.

    Article  MathSciNet  MATH  Google Scholar 

  34. Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO’84.

  35. Shi, E., & Perrig, A. (2004). Designing secure sensor networks. IEEE Wireless Communications Magazine, 11(6), 38–43.

    Article  Google Scholar 

  36. Wander, A. S., Gura, N., Eberle, H., Gupta, V., & Shantz, S. C. (2005, March). Energy analysis of public-key cryptography on small wireless devices. In Proceedings of IEEE international conference on pervasive computing and communications (PerCom’05) (pp. 324–328).

  37. Yang, H., Ye, F., Yuan, Y., Lu, S., & Arbaugh, W. (2005, May). Toward resilient security in wireless sensor networks. In Proceedings of ACM international symposium on mobile ad hoc networking and computing (MobiHoc’05) (pp. 34–45).

  38. Yang, X., Lin, J., Yu, W., Moulema, P., Fu, X., & Zhao, W. (2015). A novel en-route filtering scheme against false data injection attacks in cyber-physical networked systems. IEEE Transactions on Computers, 64(1), 4–18.

    Article  MathSciNet  Google Scholar 

  39. Yao, A. C.-C., & Zhao, Y. (2013). Online/offline signatures for low-power devices. IEEE Transactions on Information Forensics and Security, 8(2), 283–294.

    Article  MathSciNet  Google Scholar 

  40. Yasmin, R., Ritter, E., & Wang, G. (2010, June–July). An authentication framework for wireless sensor networks using identity-based signatures. In Proceedings of IEEE international conference on computer and information technology (CIT’10) (pp. 882–889).

  41. Ye, F., Luo, H., Lu, S., & Zhang, L. (2004). Statiscal enroute filtering of injected false data in sensor networks. In Proceedings of IEEE INFOCOM’04.

  42. Zhu, S., Setia, S., & Jajodia, S. (2006). LEAP+: Efficient security mechanisms for large-scale distributed sensor networks. ACM Transactions on Sensor Networks, 2(4), 500–528.

    Article  Google Scholar 

  43. Zhu, S., Setia, S., Jajodia, S., & Ning, P. (2004, May). An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. In Proceedings of IEEE symposium on security and privacy (SP’04) (pp. 259–271).

Download references

Acknowledgments

The work of H. W. Ferng was supported by the Ministry of Science and Technology (MOST), Taiwan under contracts MOST 104-2221-E-011-052-MY2, MOST 103-2221-E-011-012, and MOST 102-2221-E-011-004.

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, 106, Taiwan

    Huei-Wen Ferng & Nguyen Minh Khoa

Authors
  1. Huei-Wen Ferng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nguyen Minh Khoa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Huei-Wen Ferng.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ferng, HW., Khoa, N.M. On security of wireless sensor networks: a data authentication protocol using digital signature. Wireless Netw 23, 1113–1131 (2017). https://doi.org/10.1007/s11276-016-1208-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-016-1208-0

Keywords

Search

Navigation