ECCE: Enhanced cooperative channel establishment for secure pair-wise communication in wireless sensor networks

doi:10.1016/j.adhoc.2006.05.013

Ad Hoc Networks

Volume 5, Issue 1, January 2007, Pages 49-62

https://doi.org/10.1016/j.adhoc.2006.05.013 Get rights and content

Abstract

This paper presents the ECCE protocol, a new distributed, probabilistic, cooperative protocol to establish a secure pair-wise communication channel between any pair of sensors in a wireless sensor network (WSN). The main contributions of the ECCE protocol are: to allow the set-up of a secure channel between two sensors (principals) that do not share any pre-deployed key. This feature is obtained involving a set of sensors (cooperators) in the channel establishment protocol; to provide probabilistic authentication of the principals as well as the cooperators. In particular, the probability for the attacker to break authentication check decreases exponentially with the number of cooperators involved; to trade off the memory space required to store the pre-deployed encryption keys with the number of cooperators involved in the protocol. Hence, memory storage can be used to store keys built with the ECCE protocol, which helps amortizing the (limited) overhead incurred in the ECCE key set-up; to be adaptive to the level of threat the WSN is subject to. We provide analytical analysis and extensive simulations of ECCE, which show that the proposed solution increases both the probability of a secure channel set-up and the probability of channel resilience with respect to other protocols.

Introduction

A wireless sensor network (WSN) is a collection of sensors whose size can range from a few hundred sensors to a few hundred thousand or possibly more. Sensors do not rely on any pre-deployed network architecture, thus they communicate via an ad-hoc wireless network. The power supply of each individual sensor is provided by a battery, hence both communication and computation activities must be optimized. Distributed in irregular patterns and left unattended, sensors should autonomously aggregate into collaborative, peer-to-peer networks. Sensors networks must be robust and survivable in order to overcome individual sensor failure due to either malicious (e.g. destruction) or non-malicious (e.g. battery depletion) events. A WSN can be deployed in both military and civil scenarios [1]. For instance, it could be used: to provide a relay network for tactical communications in the battlefield; to collect data from a field in order to reveal the presence of toxic gases; to facilitate rescue operations in wide open hostile areas; to fulfill perimeter surveillance duties; to operate in harsh environments for commercial purposes.

WSNs are expected to be the basic building block of pervasive computing environments, hence establishing secure pair-wise communications could be useful for many applications. In particular, it is a pre-requisite for the implementation of secure routing, and can be useful for secure group communications. Further, secure pair-wise communication allow in-network processing [25], or facilitate the establishment of a cluster key, hence enabling passive participation, in which a sensor can take certain actions based on overheard messages. It was pointed out in [21], [1], [5], that asymmetric cryptography such as RSA or elliptic curve cryptography (ECC) is unsuitable for most sensor architectures due to high energy consumption and increased code storage requirements. However, it is worth noticing that evolution in technology allows to sparingly use asymmetric cryptography for a certain class of WSN [24]. For instance, in [20] the authors devise a protocol that, with the seldom use of ECC, thwarts the replication attack [19], [13]. However, it seems reasonable that there will be always some classes of WSNs in which asymmetric cryptography would rise an unfeasible cost due to either energy consumption or memory constraints. Indeed, as for energy consumption, in a mobile WSN if we have a secure key establishment protocol based on ECC whenever two sensors wants to agree on a shared key for the first time, this would put high requirements on battery consumption. As for memory, it seems unfeasible that any node could host the public keys of all the other nodes in the network (for instance, the Mica mote is equipped with a 8 bit 4 MHz processor and has 4 kB of RAM and 128 kB of flash RAM only). Note that the constraint on memory stands even in a static WSN. Hence, while solutions that intend to address specific problems can directly benefit of the sparingly use of EEC [20], building communication channels on symmetric algorithms, which are three order of magnitude more efficient than ECC [24], is still an attractive research field [5], [22].

This paper presents the ECCE protocol, a new protocol to establish a secure pair-wise communication channel between any pair of sensors in the WSN. The ECCE protocol can be classified as probabilistic and cooperative. Unlike other protocols for channel establishment, ECCE allows to establish a secure channel between sensors that do not share any key, involving a set of cooperating sensors (cooperators) which are not required to share a key with both principals. The same feature is not present in actual protocols such as Multipath Key Reinforcement [6] and Cooperative [10]. The overhead required is limited and it is sustained just once during the sensor life-time. ECCE shows better performance in channel existence and channel resilience than existing protocols. The Protocol also guarantees implicit and probabilistic mutual authentication of principals and cooperators without any additional overhead and without the presence of a base station. Further, the proposed protocol could be used also between sensors that already share some secret keys to increase the resilience of these shared keys. The proposed protocol is also adaptive to the required security level: to achieve an higher level of security, it suffices to involve an higher number of cooperators in the channel set-up. Finally, the protocol allows to trade off the memory required to store pre-deployed keys with cooperators. In particular, it is possible to set the number of cooperators in order to have a reduced key ring that provides the same level of security and the same probability of channel existence of solutions that involve no cooperators but a larger key ring size. For example, choosing a pool of size 1.000, a key ring of size 12, and involving 8 cooperators, provides the same probability of channel existence of a scenario in which every sensor has 20 pre-deployed keys but there are no cooperators. As for resiliency, with a pool of size 10.000, a key ring of size 100 and 8 cooperating sensors, the attacker is required to capture 110 sensors to corrupt a channel, while with the same parameters, but with no cooperators, the attacker has to corrupt only 75 sensors to corrupt the channel. Note that reducing the key ring size provides the possibility for sensors to store the cooperative keys set-up with the ECCE protocol. Analytical and experimental results show that the ECCE protocol has better performance than the other protocols as for channel existence and channel resiliency to the attacker.

The remainder of this paper is organized as follows. In Section 2, we review the current contributions in the field. In Section 3, we report some preliminaries and define our system assumptions. In Section 4, we describe the ECCE protocol, while in Section 5, we analyze the probability to establish a secure channel and the resilience of the established channel.

Section snippets

Related work

Some research focus on key establishment protocol for WSN based on centralized solution. Examples of centralized protocols include [9], [17], [21]. Centralized protocols assume the presence of a Base Station (BS), which takes part in the process of establishing a pair-wise key between pairs of sensors. This kind of solution has some drawbacks, for instance the energy consumption experienced by the nodes close to the BS, and the presence of a single point of failure. Other research focus on

Preliminaries and assumptions

This section reports the notation and the assumptions that will be used in the following. For clarity, in Table 1 we list the symbols used in the paper.

The ECCE protocol

The ECCE protocol involves, beyond the principals, other sensors (cooperating sensors). It is based on the fact that each distinguished cooperating sensor c_i can efficiently compute the keys it shares with each other cooperator. This can be efficiently done assuming that the key pre-deployment procedure is carried out according to ESP scheme, detailed in Section 2. Based on the keys cooperating sensor c_i shares with each other cooperator, c_i can compute $(s_{1}, \dots, s_{i - 1}, s_{i + 1}, \dots, s_{| C | - 1})$ . These shared

Security analysis

The condition that must be verified to guarantee the confidentiality of keys set-up using the ECCE protocol, is the existence of a non corrupted path between the principals a and b (a–b), where each link of this path is built with a Direct key and the intermediate nodes between a and b are the cooperating sensors. As an example, in Fig. 4 the sensors a and b use the ECCE protocol to build a confidential key. In Fig. 4 the path composed of continuous lines signals a Direct key unknown to the

Simulations and discussion

In order to supply an experimental support to the analytical results developed in the previous section, we have performed extensive simulations. In particular, the ECCE protocol has been compared with the following protocols:

•
Direct [11].
•
Cooperative [11].
•
Extended Cooperative.
•
MKR (Multipath Key Reinforcement) [6].
•
Extended MKR.
•
Partitioned ECCE (we have divided the set $C$ in independent subsets of size 2–4).

We assume that in all the considered protocols the ESP mechanism [11] is used in the shared-

Concluding remarks

In this paper, we presented ECCE, a new cooperative protocol to establish a secure pair-wise communication channel between any pair of sensors in a WSN. The contributions are the following: this protocol does not require cooperating sensors to share a key with both principals for the channel between principals to be established. Also cooperating sensors that do not share any key with any of the two principals can help in the set-up of the secure channel; cooperating sensors implement a

Mauro Conti received in 2005 the Laurea degree (equivalent do BS + MS) in Computer Science from the University of Rome “La Sapienza”, Italy. He is currently a Ph.D. Student at the Computer Science Department of the same University. His current research interest is on security for wireless constrained mobile devices.

References (26)

Ian F. Akyildiz et al.
Wireless sensor networks: a survey
International Journal of Computer and Telecommunications Networking
(2002)
Roberto Di Pietro et al.
Providing secrecy in key management protocols for large wireless sensors networks
Journal of Ad Hoc Networks
(2003)
Ross Anderson
Security Engineering: A Guide to Building Dependable Distributed Systems
(2001)
Ross Anderson, Markus G. Kuhn. Tamper resistance—a cautionary note, in: The 2nd USENIX Workshop on Electronic Commerce...
Antonio Caruso, Alessandro Urpi, Stefano Chessa, Swades De, Gps-free coordinate assignment and routing in wireless...
Haowen Chan, Adrian Perrig. PIKE: Peer intermediaries for key establishment in sensor networks, in: Proceedings of IEEE...
Haowen Chan, Adrian Perrig, Dawn Song, Random key predistribution schemes for sensor networks, in: Proceedings of IEEE...
Mauro Conti, Roberto Di Pietro, Luigi Vincenzo Mancini, Alessandro Mei. Requirements and open issues in distributed...
Roberto Di Pietro, Luigi V. Mancini, Alessandro Mei, Energy efficient node-to-node authentication and communication...
Roberto Di Pietro, Luigi Vincenzo Mancini, Alessandro Mei, Random key-assignment for secure wireless sensor networks,...

Roberto Di Pietro, Luigi Vincenzo Mancini, Alessandro Mei, Efficient and resilient key discovery based on pseudo-random...

Roberto Di Pietro, Luigi Vincenzo Mancini, Alessandro Mei, Alessandro Panconesi, Jaikumar Radhakrishnan, Connectivity...

John R. Douceur

The sybil attack

Cited by (24)

ESC: An efficient, scalable, and crypto-less solution to secure wireless networks
2015, Computer Networks
Citation Excerpt :
In fact, to be resilient to a pre-deployed eavesdropper, the devices must rely on a shared secret to be leveraged for the subsequent (on-line) computations and communications [14]. There are also solutions that leverage just path diversity [48,49], but they require that the adversary is not a global eavesdropper. Another solution comes from asymmetric cryptographic primitives, such as [16], nevertheless, asymmetric crypto is computationally expensive, and therefore, not suitable for massive devices deployment such as wireless sensor networks or devices that, once deployed, will be substantially unattended—operating life being at premium.
In this paper we present ESC: an efficient, scalable, and crypto-less solution for the establishment of a secure wireless network (that is, a network where, for any pair of nodes, there exists a path composed of encrypted links).
ESC guarantees the security of the 90% of the network scenario in the presence of 4 global eavesdropper adversaries with about 370 local peer-to-peer communications avoiding both pre-shared secrets and cryptographic functions.
The founding block of our proposal is inspired by COKE [1], where the bits of the secret key associated to a link are generated via a multi-round protocol that, at each round, leverages just channel anonymity.
Starting from this founding block, we further provide several relevant contributions: we devise a theoretical model and prove a lower bound for the probability to establish a safe-link in the presence of a global eavesdropper adversary. Further, we study the emergent property of network security achieved via the local property of safe-link establishment. To characterize this feature, we introduce two intuitive and useful metrics: network safety and largest safe component, both aimed at capturing the security features provided by ESC.
The thorough theoretical analysis of our proposal, the security proof (under the Canetti–Krawczyk model) supporting our key establishment protocol, as well as our extensive simulations showing the effectiveness and efficiency of our protocol for a wide range of network configuration parameters, make our proposal a viable solution to enforce the security of real networks, other than paving the way for further research in this field.
Security in wireless ad-hoc networks - A survey
2014, Computer Communications
Pervasive mobile and low-end wireless technologies, such as radio-frequency identification (RFID), wireless sensor networks and the impending vehicular ad-hoc networks (VANETs), make the wireless scenario exciting and in full transformation. For all the above (and similar) technologies to fully unleash their potential in the industry and society, there are two pillars that cannot be overlooked: security and privacy. Both properties are especially relevant if we focus on ad-hoc wireless networks, where devices are required to cooperate – e.g. from routing to the application layer – to attain their goals.
In this paper, we survey emerging and established wireless ad-hoc technologies and we highlight their security/privacy features and deficiencies. We also identify open research issues and technology challenges for each surveyed technology.
Location privacy and resilience in wireless sensor networks querying
2011, Computer Communications
Citation Excerpt :
Indeed, in some applications event location (that is, “which” sensor sensed a given event) could be more valuable than the content itself. However, for the sake of completeness, the solutions in [10,9,17] can be leveraged to address confidentiality issues in WSN. Finally, in this paper we consider an ADV able to compromise any sensor in the WSN.
Due to the wireless nature of communication in sensor networks, the communication patterns between sensors could be leaked regardless of the adoption of encryption mechanisms—those would just protect the message content. However, communication patterns could provide valuable information to an adversary. For instance, this is the case when sensors reply to a query broadcast by a Base Station (BS); an adversary eavesdropping the communication traffic could realize which sensors are the ones that possibly match the query (that is, the ones that replied). This issue is complicated by the severe resource constrained environment WSNs are subject to, that call for efficient and scalable solutions.
In this paper, we have addressed the problem of preserving the location privacy of the sensors of a wireless sensor network when they send a reply to a query broadcast by the BS. In particular, we deal with one of the worst scenarios for privacy: When sensors are queried by a BS to provide the MAX of their stored readings. We provide a probabilistic and scalable protocol to compute the MAX that enjoys the following features: (i) it guarantees the location privacy of the sensors replying to the query; (ii) it is resilient to an active adversary willing to alter the readings sent by the sensors; and, (iii) it allows to trade-off the accuracy of the result with (a small) overhead increase. Finally, extensive simulations support our analysis, showing the quality of our proposal.
Improving security in WMNs with reputation systems and self-organizing maps
2011, Journal of Network and Computer Applications
Citation Excerpt :
They can be further classified attending to the target of the attack into attacks on the confidentiality of communications, and attacks on the confidentiality of node information. The network can use well-suited cipher algorithms (Conti et al., 2007) to provide security against attacks to communications. But WMN nodes are vulnerable to confidentiality attacks due to their characteristics:
One of the most important problems of WMNs, that is even preventing them from being used in many sensitive applications, is the lack of security. To ensure security of WMNs, two strategies need to be adopted: embedding security mechanisms into the network protocols, and developing efficient intrusion detection and reaction systems. To date, many secure protocols have been proposed, but their role of defending attacks is very limited.
We present a framework for intrusion detection in WMNs that is orthogonal to the network protocols. It is based on a reputation system, that allows to isolate ill-behaved nodes by rating their reputation as low, and distributed agents based on unsupervised learning algorithms (self-organizing maps), that are able to detect deviations from the normal behavior. An additional advantage of this approach is that it is quite independent of the attacks, and therefore it can detect and confine new, previously unknown, attacks. Unlike previous approaches, and due to the inherent insecurity of WMN nodes, we assume that confidentiality and integrity cannot be preserved for any single node.
Distributed data source verification in wireless sensor networks
2009, Information Fusion
In-network data aggregation is favorable for wireless sensor networks (WSNs): It allows in-network data processing while reducing the network traffic and hence saving the sensors energy. However, due to the distributed and unattended nature of WSNs, several attacks aiming at compromising the authenticity of the collected data could be perpetrated. For example, an adversary could capture a node to create clones of the captured one. These clones disseminated through the network could provide malicious data to the aggregating node, thus poisoning/disrupting the aggregation process. In this paper we address the problem of detecting cloned nodes; a requirement to be fulfilled to provide authenticity of the data fusion process.
First, we analyze the desirable properties a distributed clone detection protocol should meet. Specifically: It should avoid having a single point of failure; the load should be totally distributed across the nodes in the network; the position of the clones in the network should not influence the detection probability. We then show that current solutions do not meet the exposed requirements. Next, we propose the Information Fusion Based Clone Detection Protocol (ICD). ICD is a probabilistic, completely distributed protocol that efficiently detects clones. ICD combines two cryptographic mechanisms: The pseudo-random key pre-distribution, usually employed to secure node pairwise communications, with a sparing use of asymmetric crypto primitives. We show that ICD matches all the requirements above mentioned and compare its performance with current solutions in the literature; experimental results show that ICD has better performance than existing solutions for all the cost parameters considered: Number of messages sent, per sensor storage requirement, and signature verification. These savings allow to increase the network operating lifetime. Finally, note that ICD protocol could be used as an independent layer by any data aggregation mechanism.
A Systematic Review on Clone Node Detection in Static Wireless Sensor Networks
2020, IEEE Access

View all citing articles on Scopus

Roberto Di Pietro received the Ph.D. in Computer Science from the University of Roma “La Sapienza”, Italy, in 2004. He received the BS. and MS. degree in Computer Science from the University of Pisa, Italy, in 1994. Since 1995 he has been working for the technical branch of the Italian Army and the Internal Affairs Ministry. His main research interests include: security for mobile ad hoc and wireless networks, security for distributed systems, secure multicast, applied cryptography and computer forensics.

Luigi V. Mancini received the Ph.D. degree in Computer Science from the University of Newcastle upon Tyne, UK, in 1989, and the Laurea degree in Computer Science from the University of Pisa, Italy, in 1983. From 2000, he is a full professor of Computer Science at the Dipartimento di Informatica of the University of Rome “La Sapienza”. Since 1994, he is a visiting research professor of the Center for Secure Information Systems, GMU, Virginia, USA. Currently he is the advisor of six Ph.D students.

His current research interests include: computer network and information security, wireless network security, fault-tolerant distributed systems, large-scale peer-to-peer systems, and hard-real-time distributed systems. He published more than 60 scientific papers in international conferences and journals such as: ACM TISSEC, IEEE TKDE, IEEE TPDS, and IEEE TSE. He served in the program committees of several international conferences which include: ACM Conference on Computer and Communication Security, ACM Conference on Conceptual Modeling, ACM Symposium on Access Control Models and Technology, ACM Workshop of Security of Ad-hoc and Sensor Networks, IEEE Securecomm, IEEE Conference on Cluster Computing. He is also the program chair of the first two editions of the IEEE Workshop on Hot Topics in Peer-to-Peer Systems held in 2004 (Volendam, Holand) and in 2005 (San Diego, California).

Currently, he is a member of the Scientific Board of the Italian Communication Police force, and the director of the Master degree program in Computer and Network Security of the University of Rome “La Sapienza”, Italy.

^☆: This work was partially supported by the WEB-MINDS project from the Italian MIUR under the FIRB program. Roberto Di Pietro was partially founded with a Post-Doc grant from CNR-ISTI, Pisa, in the framework of the “SatNEx” NoE project (Contract No. 507052).

View full text

ECCE: Enhanced cooperative channel establishment for secure pair-wise communication in wireless sensor networks☆