Virtual Energy- Based Encryption and Keying

Virtual Energy- Based Encryption and Keying

Abstract
In this paper, we focus on keying mechanisms for WSNs. There are two fundamental key management schemes for WSNs: static and dynamic. In static key management schemes, key management functions (i.e., key generation and distribution) are handled statically. That is, the sensors have a fixed number of keys loaded either prior to or shortly after network deployment. On the other hand, dynamic key management schemes perform keying functions (rekeying) either periodically or on demand as needed
by the network. The sensors dynamically exchange keys to communicate. Although dynamic schemes are more attack resilient than static ones, one significant disadvantage is that they increase the communication overhead due to keys being refreshed or redistributed from time to time in the network. There are many reasons for key refreshment, including: updating keys after a key revocation has occurred, refreshing the key such that it does not become stale, or changing keys due to dynamic changes in the topology. In this paper, we seek to minimize the overhead associated with refreshing keys to avoid them becoming stale. Because the communication cost is the most dominant factor in a sensor’s energy consumption [5], [6], the message
transmission cost for rekeying is an important issue in a WSN deployment (as analyzed in the next section). Furthermore, for certain WSN applications (e.g., military applications), it may be very important to minimize the number of messages to decrease the probability of detection if deployed in an enemy territory. That is, being less “chatty” intuitively decreases the number of opportunities for malicious entities to eavesdrop or intercept packets.

The purpose of this paper is to develop an efficient and secure communication framework for WSN applications. Specifically, in this paper, we introduce Virtual Energy- Based Encryption and Keying (VEBEK) for WSNs, which is primarily inspired by our previous work [7]. VEBEK’s
secure communication framework provides a technique to verify data in line and drop false packets from malicious nodes, thus maintaining the health of the sensor network. VEBEK dynamically updates keys without exchanging
Messages for key renewals and embeds integrity into packets as opposed to enlarging the packet by appending message authentication codes (MACs). Specifically, each sensed data is protected using a simple encoding scheme
based on a permutation code generated with the RC4 encryption scheme and sent toward the sink. The key to the encryption scheme dynamically changes as a function of the residual virtual energy of the sensor, thus requiring no
need for rekeying. Therefore, a one-time dynamic key is used for one message generated by the source sensor and different keys are used for the successive packets of the stream. The nodes forwarding the data along the path to the sink are able to verify the authenticity and integrity of the data and to provide nonrepudiation. The protocol is able to continue its operations under dire communication cases as it may be operating in a high-error-prone deployment area like under water. VEBEK unbundles key generation from other security services, namely authentication, integrity,
and nonrepudiation; thus, its flexible modular architecture allows for adoption of other encryption mechanisms if desired. The contributions of this paper are as follows:
A dynamic en route filtering mechanism that does not exchange explicit control messages for rekeying, provision of one-time keys for each packet transmitted to avoid stale keys, A modular and flexible security architecture with a simple technique for ensuring authenticity, integrity,and nonrepudiation of data without enlarging packets with MACs; and a robust secure communication framework that isoperational in dire communication situations and over unreliable medium access control layers.

IMPLEMENTATION

Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.

Algorithm:

1 .Source Node Algorithm

When an event is detected by a source node, the next step is for the report to be secured. The source node uses the local virtual energy value and an IV (or previous key value if not the first transmission) to construct the next key. As discussed earlier, this dynamic key generation process is primarily handled by the VEBEK module. The source sensor fetches the current value of the virtual energy from the VEBEK module. Then, the key is used as input into the RC4 algorithm inside the crypto module to create a permutation code for encoding the message. The encoded message and the clear text ID of the originating node are transmitted to the next hop (forwarding node or sink) constitutes encoding x with permutation code Pc. The local virtual energy value is updated and stored for use with the transmission of the next report

2. Forwarder Node Algorithm

Once the forwarding node receives the packet it will first check its watch-list to determine if the packet came from a node it is watching. If the node is not being watched by the current node, the packet is forwarded without modification or authentication. Although this node performed actions on the packet (received and forwarded the packet), its local virtual perceived energy value is not updated. This is done to maintain synchronization with nodes watching it further up the route.
If the node is being watched by the current node, the forwarding node checks the associated current virtual energy record stored for the sending node and extracts the energy value to derive the key. It then authenticates the message by decoding the message and comparing the plaintext node ID with the encoded node ID. If the packet is authentic, an updated virtual energy value is stored in the record associated with the sending node. If the packet is not authentic it is discarded. Again, the virtual energy value associated with the current sending node is only updated if this node has performed encoding on the packet.

Modules:

1. Virtual Energy-Based Keying Module:

The virtual energy-based keying module of the VEBEK framework is one of the primary contributions of this paper. It is essentially the method used for handling the keying process. It produces a dynamic key that is then fed into the crypto module. In VEBEK, each sensor node has a certain virtual energy value when it is first deployed in the network. The rationale for using virtual energy as opposed to real battery levels as in our earlier work, DEEF, is that in reality battery levels may fluctuate and the differences in battery levels across nodes may spur synchronization problems, which can cause packet drops. These concerns have been addressed in VEBEK and are discussed in detail in the performance evaluation. After deployment, sensor nodes traverse several functional states. The states mainly include node-stay-alive, packet reception, transmission, encoding, and decoding. As each of these actions occurs, the virtual energy in a sensor node is depleted. The current value of the virtual energy, in the node is used as the key to the key generation function, F. During the initial deployment, each sensor node will have the same energy level therefore, the initial key, K1, is a function of the initial virtual energy value and an initialization vector. The IV s is pre distributed to the sensors. Subsequent keys are a function of the current virtual energy, and the previous 1. Energy-based keying module ensures that each detected packet2 is associated with a new unique key generated based on the transient value of the virtual energy. After the dynamic key is generated, it is passed to the crypto module, where the desired security services are implemented. The process of key generation is initiated when data is sensed; thus, no explicit mechanism is needed to refresh or update keys.

2. Crypto Module:

Due to the resource constraints of WSNs, traditional digital signatures or encryption mechanisms requiring expensive cryptography is not viable. The scheme must be simple, yet effective. Thus, in this section, we introduce a simple encoding operation similar to that used. The encoding operation is essentially the process of permutation of the bits in the packet, according to the dynamically created permutation code via the RC4 encryption mechanism. The key to RC4 is created by the previous module (virtual energy-based keying module). The purpose of the crypto module is to provide simple confidentiality of the packet header and payload while ensuring the authenticity and integrity of sensed data without incurring transmission overhead of traditional schemes.

3. Forwarding Module

The final module in the VEBEK communication architecture is the forwarding module. The forwarding module is responsible for the sending of packets (reports) initiated at the current node (source node) or received packets from other sensors (forwarding nodes) along the path to the sink. The reports traverse the network through forwarding nodes and finally reach the terminating node, the sink.

Hardware Required:
System : Pentium IV 2.4 GHz
Hard Disk : 40 GB
Floppy Drive : 1.44 MB
Monitor : 15 VGA color
Mouse : Logitech.
Keyboard : 110 keys enhanced
RAM : 256 MB

Software Required:
O/S : Windows XP.
Language : ASP.NET
Data Base : SQL SERVER 2005

Comments are closed.