[BACK]
Computers, Materials & Continua
DOI:10.32604/cmc.2022.021641
images
Article

Lightweight Key Management Scheme Using Fuzzy Extractor for Wireless Mobile Sensor Network

Eid Rehman1, Ibrahima Kalil Toure2, Kashif Sultan3, Muhammad Asif4, Muhammad Habib1, Najam Ul Hasan5, Oh-Young Song6,* and Aaqif Afzaal Abbasi1

1Department of Software Engineering, Foundation University, Islamabad, 44000, Pakistan
2Centre Informatique, Universite Gamal Abdel Nasser de, Conakry, Guinea
3Department of Software Engineering, Bahria University Islamabad Campus, Islamabad, Pakistan
4GDC Ahmad Karak, Higher Education Department, Khyber Pakhtunkhwa, Pakistan
5Department of Electrical and Computer Engineering, Dhofar University, Salalah, Oman
6Department of Software, Sejong University, Seoul, 05006, Korea
*Corresponding Author: Oh-Young Song. Email: oysong@sejong.edu
Received: 09 July 2021; Accepted: 20 August 2021

The mature design of wireless mobile sensor network makes it to be used in vast verities of applications including from home used to the security surveillance. All such types of applications based on wireless mobile sensor network are generally using real time data, most of them are interested in real time communication directly from cluster head of cluster instead of a base station in cluster network. This would be possible if an external user allows to directly access real time data from the cluster head in cluster wireless mobile sensor network instead of accessing data from base station. But this leads to a serious security breach and degrades the performance of any security protocol available in this domain. Most existing schemes for authentication and cluster key management for external users, exchange a number of messages between cluster head and base station to allow external to access real time data from the base station instead of cluster head. This increase communication cost and delay in such real time access information. To handle this critical issue in cluster wireless mobile sensor network, we propose a lightweight authentication and key management scheme using a fuzzy extractor. In this scheme, any external user can access data directly from the cluster head of any cluster without the involvement of the base station. The proposed scheme only uses the one-way hash functions and bitwise XOR operations, apart from the fuzzy extractor method for the user biometric verification at the login phase. The presented scheme supports scalability for an increasing number of nodes using polynomials. The proposed scheme increases the life-time of the network by decreasing the key pool size.

Keywords: Fuzzy extractor; user authentication; key management; cluster session key; wireless mobile sensor network

1  Introduction

The most recent innovative advances in Multi-Electro-Mechanical Systems (MEMS) have empowered the improvement of scaled-down sensor nodes [1]. These nodes are small in size having constrained communication and processing abilities with non-replaceable small power batteries. Besides, these nodes constrained storage capacity and commonly have transmission radio range.

Wireless sensor networks whose all or some sensors have the capability of movement around thef deployed area are called Wireless Mobile Sensor Network (WMSN) [2]. WMSN consists of a huge number of dispersed tiny mobile nodes possibly installed in a remote hostile environment. These nodes have limited power in terms of processing, memory storage, and most importantly the energy resources. After random deployment, sensor nodes are divided into different groups called clusters. Each group has selected one node as a representative node called cluster head (CH). The remaining nodes of a group are called member nodes and transmit their data toward the cluster head.

All the data are summarized on the cluster head and forward to BS [3]. Any external user can access data from a base station. A general structure of cluster base WMSN with the external user is shown in Fig. 1. Each cluster head has to manage a cluster of nodes and forward the send information of their member to the base station.

The given structure shown in Fig. 1, assumes an external user who went access the real-time information from the cluster head directly instead of a base station. Such access is provided both the external user and cluster head mutually authenticate each other with the help of the base station. The base station is mostly considered a trustworthy entity and will not be compromised by an attacker. Because of the wireless communication nature, different security issues occur in WMSN. Ordinary security frameworks utilizing open key cryptography make overhead with deference computational and transmission costs. Therefore, secure lightweight authentication and key management scheme need to be designed for WMSN, which should be efficient communicationally and computationally for an external user, sensor nodes, and base station [4].

Different nameless security schemes have been proposed for WMSN in the later past which shows differing natures and additional levels of security assurance at different prices. In this section, we talk about the current cryptography schemes that tended to the issue of key management for secure communication in WMSNs. Because of the resource’s limitation in WMSNs, a comprehensive harmony between energy usage overhead and the security level is expected to moderate the safety threats. Some symmetric metrics, for example, Node-ID, message authentication code (MCA), nonce-number, and time-stamps. These are energy efficient parameters for cluster key management techniques. Additionally, this keeps away from the distinctive kind of attacks from a suspected node and stays away from compromised node attacks. Various security schemes presented for WMSNs utilize symmetric encryption, because of the simplicity of its execution [5]. Other than this, single node authentication has turned out to be not able to take care of the increasing transmission demand. When the services request is growing up day by day, a multiparty calculation is fundamental for nodes verification (authentication) concurrently and safely. Similarly, for inter and intracluster communication, member nodes jointly build a mutual session key called cluster key to allow secure exchange of messages [6].

The majority of the applications engaged with the WMSN are real-time based [7]. Along these lines, the external users are for the most part keen on getting to the real-time data from the base station instead of the cluster head of a specific cluster which may create a delay for such time-sensitive data. This occurs on the off chance that we permit the external user to straightforwardly access real-time information from the cluster head and not from the base station. As a rule, the data that is accumulated by the base station from the automatons cluster head occasionally, and accordingly, the gathered data may not be in real time. Accordingly, to acquire the real time data from the cluster head, the user (for instance, driver of a rescue vehicle) needs to get to the information legitimately from a got to ramble given that the user is an authentic one to get to it from that cluster head is ordered to restrict un-authorized access information from the cluster head. On the premise of the received information from the specific cluster head, the external user can take a significant choice, for example, the driver of the rescue vehicle can pick the correct run time path which has fewer blockages to help that driver to spare the life of a patient. This requires designing an efficient external user authentication and key management scheme for providing real-time access in WMSN.

The rest of the paper is organized as follows. Section 2 provides the literature review of some well-known cluster key management algorithms for WMSN. Section 3 describes the network and threat model. Section 3.2 describes the System model. Section 4 presents some preliminaries and Section 5 presents a proposed scheme. Section 6 describes the security analysis of the proposed scheme with other schemes and Section 7 discusses the simulation performance of the proposed scheme.

2  Literature Review

Wireless Sensor Networks (WSNs) have a few applications including traffic observing, avalanche location, pipeline observing, fringe watch, restoration applications, accuracy horticulture, research facility mentoring, constant human services checking furthermore, military applications [8]. For all such types of applications, real-time information access is required by an approved user (external) from a specific node directly. Along these lines, user authentication is required for making secure communication.

By and large, security in WSN has been broadly researched in recent times. A large portion of the security arrangements has been composed either to protect WSNs from some known attacks (e.g., particular sending, dark gap) or cautious procedures: for example, intrusion detection system [9] is proposed.

Prevention mechanism such as key management scheme is presented [10]. The key messages transmitted through an intermediate node ought to likewise be secure [11]. In any case, they are designed for static WSN [12] which requires a vast number of messages to set up and maintain an update key over the system. Also, the dynamic nature of WMSN (frequent mobility) requires keys to be refreshed when needed. This causes immense communication overhead on nodes with less energy and henceforth decreases their lifetime.

To build up secure keys among the member node of a cluster, the scheme in [13] proposed a Logical Key Hierarchy (LKH) where the whole cluster is represented like a tree. Leaf nodes i.e., member nodes share symmetric keys. The cluster key is allocated to CH. Jen-Chiun Lin et al. presented One-way Key derivation (OKD) [14] that used the idea of one-way hash function like Dini et al. LKH scheme was additionally enhanced by Je et al. to consider the resources of each node during tree development. In these schemes, indirect path keys between leaf sensor nodes over the cluster are set up using the CH node of a neighboring cluster. Similarly, another tree-based cluster key management is presented [15] in which a leaf node can calculate keys toward CH.

One key exchange scheme is Localized Encryption and Authentication Protocol (LEAP) [16], which was proposed to secure the inter-cluster communication of WSNs. LEAP organized communication messages and presented four sorts of keys inside a network for security. Every one of the four keys was shared between individual nodes of the WSN. This scheme is very costly because large keys are used.

The paper [17] utilized two polynomial pools, common mobile and common static, on which they executed three-level architecture to pick up an improved level of security for WSNs. The pools have a sensor node with getting to focus and movable sinks. Keys are conveyed by the access point and the portable sinks. Pairwise key pre-distribution techniques are utilized for the authentication of a node with the assistance of polynomial keys.

One of the key management schemes [18] is presented for heterogeneous WMSNs using asymmetric key pre-distribution and hash function. It utilizes a seed key and hash capacity to understand the authentication of a mobile CH, however, it just allows CH mobility, and the entire members are static.

A key pre-distribution algorithm where BS provides seeds to sensor nodes to compute another key that gives satisfactory security was depicted in [19]. It permits secretly appropriating a secret to an arrangement of beneficiaries with just a single multicast correspondence [20]. A less expensive XOR-based re-keying scheme is presented in [21] which does not need message exchange in WSN for key distribution.

A dynamic polynomial-based key management scheme is presented in [22] where the master node is used for secure communication during cluster key establishment. In this scheme, some advanced nodes are used called H-sensor nodes responsible for key management. Every time H-Sensor nodes generate polynomial when change occurs in a cluster. It enhances the left-time of the sensor network by reducing the key pool size but this needs an advanced node which increases the cost of a network.

In [23] the author presents an energy efficient distributed deterministic key management algorithm (EDDK) for WMSN. EDDK concentrates on the establishment and updating of the pairwise keys, also the inter-cluster keys, and can settle a few imperfections in some current key management schemes. Construction of a neighboring table during key establishment not only gives the security to key support and information exchanges but it can likewise be utilized to adequately deal with the storage and refresh of the keys. By utilizing the elliptic curve digital signature algorithm in EDDK, both new and movable sensor nodes can join or leave or re-join a sensor network safely. The real reason for the low performance of EDDK is that it calculates the pairwise keys and changes in neighborhood impact on the estimation of pairwise keys, which may give the wrong example of pairwise keys and needs the recalculation of pairwise keys.

In [24] a new scheme called cluster based mobile key management system (CMKMS) considers two stages, first stage for key maintenance which sets up two private keys, home key for its cluster, and foreign key when a node move starting with one cluster then onto the next. The second stage keeps up the keys when CH moves starting with one group then onto the next. The proposed scheme enhances the efficiency of key management as far as security, energy saving, mobility, and network scalability. This scheme has efficiency because of using the RC4 algorithm for encryption and decryption.

Nabavi et al. [25] presents a novel key management scheme to enhance the energy efficiency, security, and scalability prerequisites by diminishing the computational complexity of the scheme. This scheme keeps running in two stages; in the first stage, it sets up the cluster and appoints the home and foreign keys to every node. The second stage keeps up the key update during the node and CH mobility. Besides, to improve energy efficiency, reduce computational overhead, and enhance encryption speed, the ECDSA encryption algorithm has been used.

Similarly, a lot of schemes [2634] have been presented for dynamic key generation and authentication in cluster WMSN for a heterogeneous network, where advanced nodes are used for key generation and maintenance.

Turkanovic et al. [35] proposed a user-authentication technique for WSNs, which arranges a cluster key with an overall sensor node in a cluster. This scheme plan gives mutual authentication between the external user, sensor, and the base station. Their scheme is reasonable for the asset obliged sensor hubs as it utilizes just straightforward hash and bitwise XOR calculations.

Nonetheless, Farash et al. [36] pointed out a few security traps in Turkanovic et al. [35] plot scheme, for example, it doesn’t give sensor obscurity and user discernibility, and it isn’t likewise secure against man-in-the-middle, session key security, sensor impersonation, and stolen card attacks.

Rehman et al. [37] has proposed a scheme called P that generated polynomials whenever they are needed by nodes. Polynomials are generated dynamically when changes occur in the cluster to create a new cluster key (session key). The proposed key management scheme is secure against eavesdropping and node capturing by using efficient key management based on the dynamic generation of a polynomial. The proposed scheme has low communication, storage, and computation without compromising the security of key management. The number of keys stored in CH is considerably reduced and provides resistance against insider and outsider attacks. But this scheme does not consider the real-time data communication as required by an external user when went to join a cluster and access data directly from the cluster head instead of from the base station.

3  Threat and System Models

The threat model is based on Dolev-Yao model [38], initially, the nodes are deployed and can communicate over an open (insecure) channel. As the communication channel is open and the party like EUi and CHi are assumed to be untrusted.

Adversaries try to get important data from nodes or networks by deleting and modifying the transmitted data. The adversaries say Ai can be in the form of either active or passive attacks. Physical attacks can be launched by an adversary to compromising nodes and get secret data for future use. Inside and outside attacks can distribute the vital thing, caught data, interrupt the security collusively, and are called collusive physical attacks. For example, the CHi node and the newly joined nodes can dispatch tricky attacks over the cluster key no longer having a place with them. Capturing node physical attacks is exceptionally destructive to the system if over-the-top cryptographic keys are still available inside a node. By and large, attacks influencing safe key distribution are eavesdropping and node capturing.

Our network consists of two types of nodes, External node user (EUi) and base station BS as shown in Fig. 1. One type is a normal node that gather data from the environment and the second type of node is one which are selected as a cluster head (CHi) using some well know algorithm [39]. These nodes have limited computation, communication, and storage capacity. The second type of node is BS having a lot of resources, powerful computation, and is the most trusted entity. To establish mutual authentication among the sensor nodes (sensors, cluster heads), each sensor needs to accomplish a shared authentication mechanism and create a dynamic shared cluster prior to the communication. At last, every node can confirm its authenticity using this shared with another. Any EUi can access real-time data directly from any CHi after proper authentication and key agreement. BS provides authentication between EUi and CHi and after authentication EUi and CHi can establish a session key and start secure communication. The notations used in this study and its description are shown in Tab. 1.

images

Figure 1: Cluster based network model of WMSN

images

4  Preliminaries

This segment quickly presents fuzzy extractor work as follows. A fuzzy extractor alters the biometric input information into uniform random strings which at that point fills in as a biometric key [40]. Utilizing this calculation, any random length string Li could be transformed by consolidating a nonexclusive biometric input (pulse noise) Ji with the aide string Hi. This calculation needs two activities to work appropriately, for example, Gen and Rep. The Gen activity takes biometric input Ji and creates double output Li ∈ {0, 1} l and an aide yield Hi ∈ {0, 1} ∗. The Li string is left well enough alone, while Hi is additionally put away. To recoup Li, the second activity Rep is utilized to utilize the components Ji and Hi. To approve the rightness of the fuzzy extractor, the capacity ds (Ji, Ji*) <= t and Gen (Ji) → (Li, Hi) is used. At that point, we get Rep (Ji*, Hi) → Li, where ds show distance function and terr as error threshold.

5  Proposed Scheme

The proposed scheme presented in this section consists of six steps: 1. Initial deployment, 2. External user registration, 3. External user login, 4. External user authentication and key management, 5. New cluster head addition and 6. is cluster head key management. One of the strong aspects of the proposed scheme is that it is based on a lightweight one-way hash function and bit-wise XOR operation as well as using fuzzy extractor technique which is only required for biometric verification of external users. A detailed explanation of each phase is given below.

In the initial deployment, it is the responsibility of BS to register each Chi. So, BS chose 20 Bytes unique secret number l and also the identity of CHIdi of each CH. Pseudo ID is computed for each CH as CHPId = h(CHIdi1)and BS also selects 20 B network cluster key CMki to each CHi. After that BS calculates temporary credential as TChi = h(CHIdiCMki CHRTi) and CHRTi denotes registration timestamp.

As because of random mobility in WMSN, for the establishment of pair-wise key between two neighbour CH, BS uses asymmetric bivariate polynomial p(x, y) = i=1kj=0kgi,jxiyj € GF(p)[x, y] of degree k over GF(p) and the coefficient of gi,j are taken from GF(P). p shows the selected larger prime and k must be larger than the number of selected CHs in the deployed network.

At all, BS station send the calculated values of {CHIdi, CHRTi, TChi, p(TChi, y)} to CH in the secure channel, TChi is the CHi temporary id. BS also stores the same information in its memory.

5.1 External User Registration

In this section, how the external user (firefighter) EUi register in the network for accessing real-time data from a particular CHi for providing relief to a particular region. For this EUi first time register itself with BS using secure channel using the following step.

1. EUi send registration request-massage including EUidi to BS in secure channel. Upon receptions of this massage, BS compute EUpid = h(EUid l) using 20 Bytes secret number l and at the same time BS calculates BSPid = h(BSid l) and A = h(BSpid EUi) and temporary credential TEUi = h(EUidi EUMKi RTEUi). BS send reply massage to EUi in secure channel including (RTEUi, RTChi, RTBS, TEUi, A).

2. Upon the receipt of the reply massage from BS, EUi selects his password PWEui and biometric EUBoi at his mobile device MBi. Widely used fuzzy extractor/verification [38] is applied from biometric verification. EUi uses his MBi to generate biometric key φ and its public parameter ti as Gen(EUBoi) = (φi, ti).

3. EUi generates 20 B secret number n and computes EU~Pid = EUPid ⊕ h(PWEui φ), CH~Pid = CHPid ⊕ h(EUidi PWEui φ), T~EUi = TEUi h(PWEui φ) and new temporary password TPWi = h(PWEui n), BS~ Pid = BSPid ⊕ h(EUPid φ) and further more computes the below given as:

A=Ah(EUPidφiPWEUi)(1)

B=nh(PWEUiEUidiφi)(2)

C=h(ACHPidTPWiφi)(3)

After all, Ui store the following information in its mobile device memory: {EU~Pid, CH~Pid, BS~ Pid, TEUi, A~, B, C, ti, Gen/Rep, h(.), t). BS also stores the following in its memory {EUi, EUPid, TEUi, BSPid}.

4. For Login into the system, EUi generates T1, 20 B nonce r1 and computes the following using a mobile device:

K1=EUPidh(BSPidT1)(4)

K2=CHPidh(TEUiEUidiT1)(5)

K3=h(BSPidTEUiT1)r1(6)

K4=h(EUidBSPidCHPidTEUir1T1)(7)

Finally, EUi send login-req including M1 = {K1, K2, K3, K4, T1} to BS using any open channel and the registration process is shown in Fig. 2.

images

Figure 2: External user registration

5.2 Key Agreement

Upon the receipt of login-req massg from EUi, the following communication step-wise are performed among BS, EUi, and particular CHi for the establishment of session key between EUi and CHi.

1. BS first checks the freshness of login-req masg by calculating |T1 − T~1| < T~ and when false then terminate it, otherwise BS computes EUPid = K1 ⊕ h(BSPid T1). For extraction of TEUi, BS calculates the following:

CHPid=K2h(TEUiEUidiT1)(8)

r1=K3h(BSidTEUiT1)(9)

K4=h(EUidiBSPidCHPidTEUir1T1)(10)

When K~4 = K4, then EUi is truly authenticated by BS, otherwise, BS terminates session.

2. BS send auth-req masg to CHi in open channel, including {K5, K6, K7, T2}, generates new nonce r2 and computes K5, K6, K7 as follows:

K5=h(TCHiCHPid)H(BSPidr1r2)(11)

K6=h(TChiT2)EUPid(12)

K7=h(CHPidTChih(BSPidr1r2T1)(13)

3. When CHi received auth-reg masg, first check the freshness of this massage by computing |T2 − T~2| < T~. When this condition true, then CHi computes the following:

EUPid=K6h(TChiT2)(14)

K8=K5h(TChi  CHPid)(15)

K9=h(CHPidTChiK8T2)(16)

CHi check K9 = K7, if it is true then BS is authenticated by CHi, otherwise CHi terminates session.

After BS authentication, CHi generates nonce r3 and new timestamp T3, and compute K10 = h(CHPid EUPid T3) r3, cluster session key CSKi = h(K8 r3 EUPid CHPid) which shared with EUid. CHi also generates K11 = h(EUPid CHPid r3) ⊕ K8 and K12 = h(CSKi T3). CHi send auth-reply massg M2 = {K10, K11, K12, T3} to EUi in open channel.

4. Upon reception of auth-reply masg, EUi first check freshness of this masseg by find |T3 − T3| < T~, if true then computes r~3 = K10 ⊕ h(CHPid EUPid T3). K~8 = K11 ⊕ h(EUPid CHPid r~3), CSK~I = h(K~8 r~3 EUPid CHPid) and K13 = h(CSK~2 T3) and if K13 = K12 then CHi is authenticated by EUi. After that EUi computes CSK~I = CSKi then maintain this cluster session key for communication as shown in Fig. 3.

images

Figure 3: Authentication and key agreement

5.3 New/Existing Cluster Head Addition

As in WMSN, all nodes are mobile and can move in any direction. So, it is the possibility that CHi can move from an existing cluster and join a new cluster. Because of mobility in WMSN, the node may be moved from one cluster to another or a new cluster head can be added to the network. A scalable key management scheme needs the capacity of adding a new node to the network. These new nodes require building a new cluster shared cluster key (CSKi) with the existing cluster head for authentication. When a new CHj tries to join a cluster, it sends a join request message containing ID to the correspondence CHi. BS plays an important role in the authentication process.

When CHi leaves their cluster and tries to join their neighbour cluster then BS generates used their CHidi for the calculation of new-pseudo identity CHPidN = h(CHidi l) using the l secrete key of BS. BS also select 20B new network key CMKiN and computes new temporary credential as TChiN = h(CHidi CMKiN CHRTiN). Furthermore, BS also generates a new temporary ID CHTidi and computes the polynomial p(CHTidi, y).

BS station send some data {CHTidi, CHPidN, TChiN, p(CHTidi, y)} to the migrated CHi. BS also broadcast all the nodes of the network about the new change.

5.4 Dynamic Key Management

The management of mobility in WMSN is an important and critical issue. As discus earlier, because of the mobility of nodes, CHi can share their data to neighbouring CHj. For sharing of information between neighbouring cluster heads (CHi, CHj), there must be first secure communication between these nodes. This requires pair wise key management between these nodes. For the establishment of pair wise key between these nodes (CHi, CHj), we use a polynomial based key management scheme [41].

First CHi sends their temporary identity CHTidi to CHj and CHj also sends their CHTidj to CHi for pair wise key establishment. CHi computes shared secret cluster key CSKi,j using share polynomial as:

CSKi,j=p(CHidi,CHTidi)(17)

In the same way CHj also calculates share secret key using their polynomial as:

CSKi,j=p(CHTidi,CHTidi)(18)

=p(CHidi,CHTidj)(19)

=SKi,j(20)

Hence CHi can communicates with neighbouring CHj using share key CSKi,j through polynomial p(x, y).

6  Security Analysis

This section analyses the security features of the proposed scheme. The threats and attack models try to affect the key management in cluster communication of two types, one is inside attacks and the second is outside attacks. The proposed scheme is secure against physical capture and offline password guessing attack. Assume if attackers say A find the ID’s of EUidi or extract information {EU~Pid, CH~Pid, EUTid, A, B, C, t} from EUidi biometric device by physical capture or stolen this device after the completion of registration of the external user. After performing power analysis attack [41], A can computes secret credential n = B ⊕ h(PWEUi EUidi φ). Without EUidi biometric key