A Security Scheme Based on Location for Wireless Sensor Networks

A pair wise key pre-distribution scheme based on the concept of the Overlap Key Sharing (OKS) and clusters for wireless sensor networks is proposed. This strategy divides the sensing area into square cells and logical groups and distributes key information to the sensor nodes by employing the OKS scheme. Sensor nodes establish their secure communication through using their keys. Analysis and comparison demonstrate that this scheme has good network connectivity, effectively reduces storage cost and enhances the security for WSNs and provides flexible security grades.


INTRODUCTION
A Wireless Sensor Network (WSN) is a wireless network that consists of numerous spatially deployed tiny autonomous devices cooperatively monitoring environmental conditions and sending the collected data to a command center through wireless channels.Various feasible applications are introduced including industrial sensor networks (Lakshman, et al., 2005), volcano monitoring networks (Werner-Allen et al., 2006), habitat monitoring (Ning, 2003), health monitoring and home automation etc.
The security and reliability for wireless sensor networks face many challenges because of the wireless nature of communications, resource limitations of sensor nodes, generally very large and dense networks, unknown network topology prior to deployment and the high risk of physical attacks on unattended sensors (Tolle and Culler, 2005;Shin and Cha, 2006).
In order to protect sensitive sensing data and communications between sensor nodes in WSNs, security capacity of wireless sensor networks, including availability, authorization, authentication, confidentiality, integrity, non-repudiation and freshness, is required.The key management is extremely of importance to assure WSN security.This study presents a key management strategy based on location for wireless sensor networks.
Key management, a key issue in security for wireless sensor networks, has been investigated widely and some approaches have been proposed for distributed wireless sensor networks (Eschenauer and Gligor, 2002;Chan et al., 2003;Blundo et al., 1992;Liu and Ning, 2003a).Eschenauer and Gligor (2002) introduced a probabilistic key pre-distribution scheme recently for key establishment.The chief idea is to let each sensor node randomly pick a set of keys from a key pool before deployment so that any two sensor nodes have a certain probability to share at least one common key.The strategy has further been improved by Chan et al. (2003), namely, a q-composite key pre-distribution scheme.The q-composite key pre-distribution also uses a key pool but requires two nodes compute a pair wise key from at least q pre-distributed keys that they share.The random pair wise key scheme randomly picks pairs of sensor nodes and assigns each pair a unique random key.Both schemes improve the security over the basic probabilistic key pre-distribution scheme.But, they can not scale to large sensor networks.Blundo et al. (1992) archived key distribution for dynamic conferences by using bivariate polynomials.In order to establish a pair-wise key between two nodes, the key setup server randomly generates a t-degree bivariate polynomial over a finite field.The desired symmetric property can be obtained through choosing appropriate coefficient.This study guarantees that this strategy is unconditionally secure and t-collusion resistant.The constraint in this study is that the scheme can only tolerate no more than t compromised nodes, where the value of t is limited by the memory available in sensor nodes.Obviously, the larger a wireless sensor network is, the more likely an attacker comprises more than t sensor nodes.
The sensing area S in the wireless sensor networks is divided into m same cells, denoted as C 0 , C 1 , C I , C (m-2) and C m-1 , where 0≤ I ≤ m-1, according to their geographical locations.The sensor nodes in group   ′ are deployed in cell C I .Prior to the deployment, the key setup server distributes GID I to those sensor nodes in   ′ and forms the logical groups.There are m-1 logical groups denoted as 2 , where 0≤ I≤m-2, each of which consists of two cells.Namely, the logical group G I comprises cell C I and C (I+1) , where 0 ≤ I≤ m-2 and then the logical G I has 2N/m sensor nodes.

Pairwise key establishment in a logical group:
Utilizing the concept in paper (Chan et al., 2003;Liu and Ning, 2003b), the setup server randomly generates Suppose node S 0 is in the logical group G I and its index is [(J c ) S0 , (J r ) S0 ].After deployment of nodes, node S 0 broadcasts its message {[(J c ) S0 , (J r ) S0 ], GID I , NID Jc , GID I+1 , NID Jr } to discover nodes, which have common sub bit clusters with it.The common sub bit clusters shared by nodes with it are GID I NID Jc or GID I+1 NID Jr .
For GID I NID Jc , the communication connection K between node S 0 and S 1 is generated by the common section GID I NID Jc and the indexes of the node S 0 and S 1 as follows: { where, { where, For GID I+1 NID Jr , the communication connection key 0 1 r S S K between node S 0 and S 1 is generated by the common section GID I+1 NID Jr and the indexes of the node S 0 and S 1 as follows: where, Obviously, GID I+1 NID Jr is shared by √2N/m sensor nodes including S 0 and S 1 , therefore, we can obtain the communication connection key 0 1 r S S K − between S 0 and S 1 as follows: where, K − are computed quickly through exclusive OR based on digit in hash functions.
In general, the sensor node U in the logical group G I can establish a pair wise key with any other sensor node V in the same logical group according to the overlap key sharing concept.If the node A and B share GID I NID Jc or GID I+1 NID Jr , the two nodes can directly establish a pair wise key.If the two nodes share nothing, they also can establish a pair wise key through a midway node W. We will describe in detail as follows.
Let C U , C V , C W , R U , R V , and R W stand for the sub bit cluster in GID I NID Jc and GID I+1 NID Jr , of node U, V and W respectively.If C U = C V or R U = R V , they can establish a pair wise key directly using the common sub bit cluster.W can directly establish a pair wise key with In the same way, W can directly establish a pair wise key with V if they still can establish a pair wise key through a midway node W. The pair wise key establishment path is U→W→V or V→W→U.We can obtain the communication connection keys between node U and V respectively as follows: Addition of new node: If a sensor node S h will be added to the logical group G I , the setup server randomly distributes an ID denoted as: ) , ( ) and two sub bit clusters GID I NID Jc to S h , where, have common sub bit cluster GID I NID Jr , is generated by the common section as follows: where, ( ) In the same way, The communication connection key S and S h , 0 ≤ h≤ √2N/m -1, which have common sub bit cluster GID I+1 NID Jr , is generated as follows: where, J r = (J r ) Sh .

Eviction of node:
In wireless sensor networks, nodes inevitably are compromised, or, they deplete their energy, so those nodes ought to be deleted in time to guarantee network security.Our scheme can delete those nodes and refresh related keys.According those formulas (1-8), new pairwise keys are generated among normal nodes through deleting the indexes of the compromised nodes and their sub bit clusters.Therefore, this scheme realizes key refreshment.

PERFORMANCE ANALYSIS FOR WSNS
Security analysis for WSNs: The sub bit clusters stored in nodes determine all the nodes, which can establish pair wise keys with them, so the node replication does not increase other pair wise nodes and then captures more pair wise keys.This scheme is secure to node replication attacker.This scheme divides sensing area into square cells and logical groups and nodes in different logical groups have different bit clusters, so bit clusters are distributed unevenly in entire sensing area.When attackers randomly compromise different nodes without special target, they can capture a certain bit cluster with low probability.
According to the concept of the q-composite key pre-distribution scheme in study (Chan et al., 2003), our scheme may require node S 0 and S 1 sharing 0 1 c S S K and 0 1 r S S K simultaneously or one of them to realize their secure communication.Therefore, this scheme can realize flexible secure grades for wireless sensor networks.Additionally, the pair wise keys in the nodes are generated by using hash functions; therefore, compromised nodes do not reveal pair wise keys in other nodes even though they probably lose their keys.
The storage expense of WSNs: Each node in the logical groups is distributed a node index and two single sub bit clusters in our scheme and each node in Xiao-Yu et al. (2008) stores seven sub bit clusters.It is clear that the storage cost in this scheme greatly reduces than that in study (Xiao-Yu et al., 2008).
The connectivity in WSNs: discussion above, any two sensor node U and V in the same logical group can establish their pair wise key through using the overlap key sharing concept.Our strategy can guarantee any two sensor node U 0 and U 3 , which are not in the same logical group, establish a pair wise key.In Fig. 2, U 0 is in the logical group G I consisting of cell C I and C I+1 and U 3 is in G I+2 consisting of cell C I+2 and C I+3 .In general, suppose that C U0 ≠ C U1 and R U0 ≠ R U1 , where C U0 , C U1 , R U0 and R U1 stand for the sub bit cluster in GID I NID Jc and GID I NID Jr of the node V 0 and W 0 , so, the node U 0 and U 1 can always establish a pairwise key through employing intermediate node V 0 or W 0 .In the same way, the node U 1 and U 2 can always establish a pairwise key by using intermediate node V 1 or W 1 in the logical group G I+1 and the node U 2 and U 3 can always establish a pairwise key by using intermediate node V 2 or W 2 in the logical group G I+2 .In Fig. 2, the key discovery paths include: random key K is generated and it is utilized as the pair wise key between node U 0 and U 3 that is in different logical groups and has no common sub bit cluster.The K can be transmitted through any one of the key discovery paths.The nodes outside the key discovery paths can not obtain the K, because it is transmitted through secure connection.Additionally, in this scheme the pair wise keys among sensor nodes still can be established with high probability, even if some sensor nodes are compromised.Therefore, this strategy is resilient to node compromise.

CONCLUSION
The scheme in this study combines overlap sharing key scheme and the key management strategy based on cells and logical groups.The sensing area is divided in a number of cells and logical groups.The sensor nodes are distributed sub bit clusters and establish their pair wise keys through using the OKS concept.This scheme effectively reduces storage cost, has good network connectivity, improves the security for WSNs and provides flexible security grades.

Fig. 1 :
Fig. 1: Location-based cells and logical groups sharing keys with their neighbor sensors.In this study, the overlap key sharing protocol creates m bit clusters denoted as GLD I , where i = 0, 1, …, (m-2), (m-1), namely,0 ≤ I≤ m-1.Cells based on location and logical groups: In Fig. 1, There are N sensor nodes in the sensing area S. Those nodes are divided into m same groups denoted as ' 0 C , in GID I NID Jc and GID I+1 NID Jr for logical group G I respectively, where J c = 0The setup server divides all nodes in a logical group into √2N/m small groups denoted as c 0 , c 1 , …, c i , …, c� 2  -1where i = 0, 1,…, (� 2  -2), (� 2  -1) and assigns GID I NID 0 to all nodes in c 0 , GID I NID 1 to all nodes in c 1 , …, GID I NID 1 to all nodes in c i,… and GID I NID √2N/m -1 to all nodes in c� 2  -1 respectively and assigns GID I+1 NID 0 , … , GID I+1 NID 1 …, GID I+1 NID Jr ,…, GID I+1 NID √2N/m-1 to the different nodes in group c 0 , c 1 , …, c i , …, c � 2  -1respectively.Therefore, any node in a cluster has a certain GID I+1 NID Jc , J c = 0, 1,.., (� GID I+1 NID Jr , J r = 0, 1, …, (� .Let ID, denoted as (J c , J r ), be the index of the sensor nodes, which is distributed GID I NID Jc and GID I+1 NID Jr .It is clear that different nodes have different indexes.The setup server then distributes {(J c , J r )} GID I NID Jr, GID I+1 NID Jr } to each sensor.If two nodes have a common sub bit cluster, they can establish pair wise keys and then can communicate securely.It is clear that a certain sub bit cluster is shared by √2N/m nodes in a certain cluster and a node can directly establish communication keys with 2(� 2  -1) sensor nodes.
I NID Jc is shared by √2N/m sensor nodes including S 0 and S 1 , therefore, we can obtain NID Jc , GID I+1 , NID Jr } to other nodes.The communication connection key K c ShSh between S h and S h , 0 ≤ h ≤ �