A Dynamic Self-healing Key Management Scheme for Wireless Sensor Networks Based on Ebs

A self-healing mechanism in key management is an important means for large-scale clustering wireless sensor networks that enable non-revoked nodes use their private information and the received broadcast messages to recover the lost session keys on their own. In this study, we propose a dynamic self-healing key management scheme for large-scale clustering wireless sensor networks that is based on Exclusion Basis System (EBS). We use forward and backward key chains to form cluster session key chain for self-healing, take t-degree polynomial keys to replace the original keys used in EBS. The analysis shows that the proposed scheme has the properties of forward and backward secrecy and resisting to a collusion attack, which is suitable for resource-constrained wireless sensor networks.


INTRODUCTION
Recently, as one of the core technologies of the Internet of Things, Wireless Sensor Networks (WSNs) is attracting more and more research interests because of its wide applications such as military operations, scientific explorations and so on.Among all security issues in WSNs, key management is a fundamental security issue for wireless sensor networks.Staddon et al. (2002) first proposed self-healing key distribution schemes with revocation capability in WSNs in 2002 (Staddon et al., 2002).Blun Do et al. (2003) analyzed Staddon's schemes and showed that an adversary could though just broadcast messages to recover the group session key which proved that (Staddon et al., 2002) is not safe (Blun Do et al., 2003).Later on many self-healing key distribution schemes (Liu et al., 2003) based on Staddon et al. (2002) are proposed, Liu et al. (2003) proposed a novel method by combining the personal secret key distribution scheme with the self-healing technique to improve the scheme in Staddon et al. (2002).Dutta et al. (2007) proposed a self-healing group key distribution scheme based on one-way key chain (Dutta et al., 2007).Du and He proposed a self-healing key distribution with revocation which is claimed to resist to the collusion attack (Du and He, 2008).Bao and Zhang found the scheme in Du and He (2008) is not secure against the collusion attack and proposed a modified scheme (Bao and Zhang, 2011).Eltoweissy et al. (2004) proposed a combination of dynamic key management scheme EBS based on combinatorial optimization methodology (Eltoweissy et al., 2004).Kim et al. (2006) proposed an EBS and tdegree bivariate based polynomial group key management scheme (Kim et al., 2006).
In this study, we propose a dynamic self-healing key management scheme for large-scale clustering wireless sensor networks that is based on Exclusion Basis System (EBS).We use forward and backward key chains to form cluster session key chain for self-healing, take t-degree polynomial keys to replace the original keys used in EBS.The analysis shows that the proposed scheme has the properties of forward and backward secrecy and resisting to a collusion attack, which is suitable for resource-constrained wireless sensor networks.

LITRATURE REVIEW
Network and adversary model: Network model: Research shows that cluster-style network topology is more suitable for large-scale energy-constrained wireless sensor networks.WSN nodes determine how clustering based on their location information or other criteria.We assume that the network nodes are divided into two categories:  Cluster head node: This scheme assumes that, cluster head node' energy is sufficient to support the basic study requirements of each cluster and is assigned by system.They are mainly as a data gathering point within cluster, sent data to remote terminal after simple data processing.In addition to data aggregation, such nodes will be responsible for key distribution, updating, sensor nodes join and eviction, resistance against attacks and so on.A small number of cluster head node exists in the network. Sensor nodes: Compared to cluster head node, sensor node has less storage capacity, energy, weak computing power.It is responsible for sensing the external environment, to obtain and transfer data to the cluster head node belonged to after a simple treatment.Lots of these nodes distributed in the network.
Adversary model: For distributed in an open and hostile environment, sensor nodes face communication monitor, Sybil attack and so on.Among them, the collusion attack arising from node capturing is a direct threat to the security of key systems.How to resist collusion attack, to prevent as captured node increases, adversary with more key information until owns and explains the whole key system, is to be considered an important issue in WSNs key management scheme.

Forward and backward key chains:
In short, Randomly select key seeds KF 0 , KB 0 , one-way hash function H (.), H B (.), d numbers , δ , … ., .Then we can get the corresponding forward key chain , , … ., .for d sessions through: . For session 1, the forward key is , , the backward key seed is , and the backward key chain is .For session 2, the forward key is , , the backward key seed is , and the backward key chain is , . For session j 1 , the forward key is , , the backward key seed is , , then the backward key chain is , , . . ., ， j=1, 2,… d, where, ….
. For session j, the cluster session key is , as showed in Fig. 1.
Dynamic key management scheme EBS: Let n, k and m be positive integers, such that k>1, n>m.An Exclusion Basis System of dimension (n, k, m), denoted by EBS (n, k, m), is a collection  of subsets of [1, n] = {1, 2,…, n} such that for every integer ∈ 1, the following 2 properties hold: .(That is, each element t is excluded by a union of exactly m subsets in ).
We take the EBS (n, k, m) described above as a wireless sensor network dynamic key management method, n is the number of nodes, k is the number of administrative keys and m is the number of rekeying messages.A set of (k + m) administrative keys is used to support a set of n nodes and each node is assigned a distinct combination of k keys.A node can be simply admitted to the group by assigning one of the unused set of k keys out of the total of C (k + m, k), i.e., !/ !!, distinct combinations.Ejection of a compromised node can be performed by broadcasting replacement of the k keys that the evicted node knows using the m keys.

NEW SCHEME FOR WSNS
In this study, we present a dynamic EBS-based key management scheme with the property of self-healing.The skeleton of self-healing in this scheme is mainly showed in Fig. 2.
System initialization: Assume that the life cycle of a communication is divided into d sub-sessions.And the cluster key in every session will be updated periodically.as described above.After strict registration and authentication, each sensor node N a within cluster will be assigned its unique Id a , forward hash function H(.) and one-way hash function H 1 (.) which used for updating.And each node will be allocated a key-buffer of length L (kb (L), …, kb (1)) and two key-slots.in the key-buffer and key-slots, respectively.CK 1 is used for the present cluster session key and when the timer expires, switches the active key to CK 2 and right move CK s as showed in Fig. 3.
Broadcast: Assume that , , … ., is the set of all active sensor nodes for j-th session, where, p is the number of active user in session j.Let , , … ., be the set of all active users' secret values in j-th session.In session j, cluster head node generates a masking key sequence , , … , , where, ⊕ (j = 1, 2,…, d; i = 1, 2,…, j), then broadcasts the following message: .

⊂ , , … ,
Receives the j-th broadcast message B j , N i can evaluate 1 by using its secret value t i .For any revoked user, however, the is a random value.

Cluster session key and self-healing key recovery:
Assume Suppose that sensor node N a joins in the cluster in session I and not revoked in session 1 n j, then it can recover the cluster session key CK j from the broadcast message B j as follows: where, 1  N a evaluates ⊕  N a computes all the future , , … , through the one-way hash function H(.), then get = .
Meanwhile, N a calculates the forward key (KF o ) by using the preloaded key seed KF o and one-way hash function H(.).Thus, gets the cluster session key CK j = KF j +KB d-j+1 for j-th session; , … , by using the corresponding keys , , … , , thus getting the corresponding self-healing keys , , … ., .If N a has already obtained from B j , he can recover all the session keys KB d-l+1 (j<l<j) with and the selfhealing keys , , … ., .

Key update:
The administrative and session keys need to be updated periodically or on-demand within cluster in order to improve system's security.The cluster head node broadcasts update packets: , where, ∑ ∑ , , .Each node receives and decrypts the packet, calculates to replace the original f(x), thus completing the administrative key update.Also, each node can decrypt the packet and calculate to get like described above.And will be put in the keybuffer and switches the active-key like showed in Fig. 3.

Add new sensor node:
To maintain a good connectivity in the network, new nodes need to be added into network to replace dead nodes and.First system detects EBS matrix for all the cluster distributions and find out the smallest number of nodes n among whole clusters which meets , , then assigns one of the unused set of k keys to the new sensor node and preload its unique Id , thus admitting the new node.Meanwhile, the new node will stores forward hash function ) ( H and one-way hash function . used for updating.And the new node will be allocated a keybuffer of length L (kb (L),…, kb (1) and 2 key-slots.If all clusters meet , , then the system will assign a new cluster head node H new to form a new cluster, the new cluster head node H new will distribute the key to the new sensor node as described above.
Node ejection: When system detects an abnormal sensor node i N , response should be made by system immediately.According to EBS, we need to update all k administrative keys , j = 1, 2,…, k, ∈ 1, 2, … , that i N owns.So the cluster head node broadcasts m data packets: Piis the new administrative key that is generated by using the one-way hash function H 1 (.).According to EBS matrix, since N i has not been assigned by , it cannot decrypt any data packets, thus unable to update the key and being ejected from the network.According to EBS matrix, the other nodes could be assigned one or more , so they can decrypt data packet to get update information to form newly polynomial keys, thus being retained in the network.

RESULT ANALYSIS
Computational overhead: We build our quantitative analysis of the proposed scheme's performance according to steady-state distributions of 2-dimensional Markov chain.Let p L = pr {B j is lost}, P F = Pr {B j authentication fails |B j is received} and P s = 1-p L -P F .Also, let p(I, j) denote the steady-state probability of state (I, j) and the probability that there were exactly k empty slots.Then, we can get: Since the sensor nodes have relatively limited computing resources, so we only consider the computational overhead of sensor nodes.The cost of computing of each node include polynomial evaluate, sum operation and Hash operation and the computational overhead of polynomial operation is relatively small and fixed, so we mainly focus on the hash computation to analyze the computational overhead.Assume that E(N H ) is the expected number of hash computations per updating, when there are k empty slots in key-buffer, we have: (o, o).Compared to the proposed scheme LiSP, we have the same expected number of hash computations after the node receives the key update message with Lisp.Moreover, our scheme is based on EBS and we take the t-degree polynomial keys to replace the original keys used in EBS, which makes our scheme more effective than LiSP against collusion attack.Figure 4 gives the relationship between the expected number of hash computations per updating and the length of key-buffer, which shows that we only execute small hash computation even if under a highly lose of wireless channel.

Communication overhead:
The overhead of communication between the cluster head node and the sensor nodes is mainly about 2 parts: the cost of init key C init and the cost of update key C update .When the d subsessions circle is finished or the L key-buffer is empty, the cluster head node needs to re-initialize, in other case the cluster head node only to broadcast to update periodically, We take n is the ratio of the key C update , so we can get the expected communication cost .
. p(0, 0)+ ∑ .Figure 5 shows the relationship between the expected communication cost and the length of key-buffer, which indicates that the longer the length of the key-buffer, the smaller the communication overhead requires.Forward secrecy: Suppose that R j is the set of the nodes revoked in and before session j.For the broadcast message: simulation and analysis indicate that the proposed scheme in this study is more resilient against node capture and collusion attack and Fig. 6 gives the relationship between the number of captured nodes and the fraction of keys compromised.

CONCLUSION
We propose a dynamic key management scheme for wireless sensor networks with the property of selfhealing.We take t-degree polynomial keys to replace the original keys used in EBS, use forward and backward key chains and broadcast polynomial key to achieve self-healing, forward and backward secrecy and resisting to a collusion attack.Meanwhile, this scheme has a small calculation and communication overhead, which is efficient and secure for resource-constrained wireless sensor networks.

Fig. 1 :
Fig. 1: The structure of forward and backward key chains  t is in at most k subsets of   There are exactly m subsets say A1, A2,…, Am, in such that 1,2, … ,. (That is, each element t is excluded by a union of exactly m subsets in ).We take the EBS (n, k, m) described above as a wireless sensor network dynamic key management method, n is the number of nodes, k is the number of administrative keys and m is the number of rekeying messages.A set of (k + m) administrative keys is used to support a set of n nodes and each node is assigned a distinct combination of k keys.A node can be simply admitted to the group by assigning one of the unused set of k keys out of the total of C (k + m, k), i.e., !/ !!, distinct combinations.Ejection of a compromised node can be performed by broadcasting replacement of the k keys that the evicted node knows using the m keys.

Fig. 4 :
Fig. 4: The relationship between the expected number of hash computations per updating and the length of key-buffer

Fig. 6 :
Fig. 6: Relationship between the number of captured nodes and the fraction of keys compromised (m = 5) At system initialization, the system select key seeds KF O , KB O , on-way hash functions H(.), H B (.) and .