wireless sensor network simulations
Supervisor’s signature:
Declaration
Hereby I declare, that this thesis proposal is my original
authorial work, which I have worked out by my own. All sources,
references and literature used or excerpted during elaboration of
this work are properly cited and listed in complete reference to
the due source.
Brno, January 14, 2013 Filip Jurnecka
ii
Acknowledgement
I would like to thank Vashek Matyas for his tolerant and pleasant
attitude and open-minded approach, my co-workers for their
discussions and guid- ance through the study, and my family for
their support and belief in me. Most of all, I want to thank Alenka
for her love and caring.
iii
Abstract
In this thesis proposal we examine the field of key management
schemes for wireless sensor networks. We investigate a large number
of schemes, their classifications and evaluation possibilities. We
identify several possibilities for improvement in both
classification and evaluation of these schemes. Af- terwards, we
present our results in this area. Last but not least, we outline
our future work proposal focusing mainly on enhancing current
methodol- ogy for key management scheme evaluation. In addition, we
will improve an already selected simulation tool for wireless
sensor network system de- sign and evaluation by adding the key
management functionality together with a set of selected
schemes.
iv
Keywords
Key establishment, key management, MiXiM, OMNeT++, protocol, simu-
lation, wireless sensor network
v
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 2 1.1 Wireless sensor network . . . . . . . . . . . . . .
. . . . . . . 2
2 State of the art . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 5 2.1 Key establishment schemes in WSN . . . . . . . .
. . . . . . 5
2.1.1 Key management schemes’ properties . . . . . . . . . 8 2.1.2
Existing taxonomies . . . . . . . . . . . . . . . . . . . 12
2.2 WSN evaluation tools . . . . . . . . . . . . . . . . . . . . .
. . 17 2.2.1 Simulators . . . . . . . . . . . . . . . . . . . . . .
. . . 18 2.2.2 Emulators . . . . . . . . . . . . . . . . . . . . .
. . . . 21 2.2.3 Testbeds . . . . . . . . . . . . . . . . . . . . .
. . . . . 21 2.2.4 Summary . . . . . . . . . . . . . . . . . . . .
. . . . . 22
3 Main research results . . . . . . . . . . . . . . . . . . . . . .
. . . 23 4 Future research . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 25 A Summary of study results . . . . . . . . . .
. . . . . . . . . . . . . 39
1
Introduction
Ubiquitous computing is a growing paradigm of information
processing in everyday objects and activities. Wireless sensor
networks (WSNs) are then a prominent example of technology able to
deliver ubiquitous computing. As with any network, WSNs are subject
to various security threats from com- munication eavesdropping to
node capture. In order to provide defences against these threats,
some scheme has to provide keys necessary for secure link
establishment, authentication verification and to pursue other
security objectives.
1.1 Wireless sensor network
Wireless sensor networks are distributed wireless multi-hop
networks of tiny low-cost and low-performance devices called nodes
or motes. They are used to monitor some physical phenomenon, such
as humidity, temper- ature, pressure, movement, light and so on,
and to communicate measured data. They are often deployed in
previously unknown and physically unse- cured environments.
In addition to nodes, one or more devices called base stations (BS)
are present in the network. Base stations work as a central point
managing the network and usually function as a sink for collected
data. Contrary to nodes, base stations are often considered
powerful, energy, computation- ally and memory unrestricted and
physically secure devices. An example of a base station is a laptop
plugged in the power grid.
Current publicly available nodes are mostly manufactured by Memsic,
Inc. [45] These include the MICA motes family [46, 47], TelosB mote
[76] or the currently most powerful Imote2 [48, 27].
To give an overview of a node, we present the main characteristics
of the TelosB mote:
• 16-bit Texas Instrument microcontroller MSP430 operating at 8
MHz;
• 10 kB RAM, 48 kB program flash, 1024 kB measurement serial
flash;
2
• Texas Instrument RF Transceiver CC2420;
• powered by two AA batteries.
Nodes like these are deployed in various applications. From area
moni- toring (e.g., building monitoring [65]) environmental (e.g.,
monitoring me- teorological data on glaciers [5] or wildfire
monitoring [17]), through health- care (e.g., fall and movement
detection [25] or medical status monitoring [67]) to industrial
(e.g., bridge structure monitoring [72]) and military ap-
plications (e.g., soldier-worn nodes [38]).
Depending on an application, nodes can store and transmit sensitive
in- formation. Due to their physical insecurity and possibly
hostile deployment environments, these data have to be protected
otherwise, e.g., by crypto- graphic solutions. The requirements on
processing speed, memory, com- munication, lifetime of a node and
security differ for each application and thus leave different
amount of resources to provide security with. However, most
cryptographic solutions, both symmetric and asymmetric, are based
on some secret keys. Consequently, these keys are established and
managed by a key management scheme (KMS). Based on the application,
specific re- strictions and relaxations are made on KMS.
It has been already shown how application requirements influence
re- quired KMS properties and designed an approach towards easier
selection of a suitable KMS for given application [63, 2]. This was
done by analytical evaluation of a set of existing schemes based on
their properties.
Besides analytical reviews of a protocol, most proposals for WSN
are evaluated via a simulator and/or on the real hardware. An
analytical re- view of KMSs for WSN has been done many times, e.g.,
by various WSN security surveys. On the other hand, KMSs are
usually evaluated by sim- ulators only by authors of the proposals.
Moreover, these simulations are mostly performed to evaluate only
performance of the proposals. An imple- mentation review could
reveal implementation issues that result in under- optimal
performance of the proposal in the real world environment.
Security evaluations of KMSs for WSNs on simulators have been paid
even less attention, [81, 52] being bright exceptions. With a
proper attacker model to perform the simulation against, security
of a proposal might be easily evaluated. Such an attacker model
should include parametrizable options such as network presence,
amount of communication overhearing, amount and strategy of node
capturing, jamming and so on.
Another present issue with practical KMS deployment in WSNs is the
lack of pre-installed KMSs in public distributions of simulators
and oper- ating systems for the real hardware, leading to absence
of this component
3
1. INTRODUCTION
during application design. Motivated by these facts, we present a
thesis proposal with the main
objective to improve the key management scheme evaluation
methodology together with a rigorous and simulated review of
selected existing schemes. We will present an automated environment
for evaluation, both perfor- mance and security, and introduce a
carefully selected set of KMSs, based on our proposed taxonomy,
into the distribution of a well-established sim- ulator.
4
State of the art
In this section we provide an overview of current state of the art
in the area of key establishment schemes for wireless sensor
networks. First and foremost, we present actual schemes developed
for and examined in the context of WSNs. We try to cover the entire
space of proposed schemes but focus mainly on the most famous
proposals and their derivatives.
In the second section, we describe the most important properties
for key management schemes in WSNs. These are the key properties in
evaluating quality of existing schemes.
The third section discusses the most important proposals for key
man- agement schemes taxonomies. This overview shows what
researchers are focused on while categorizing key management
schemes and pinpoints weaknesses of these proposals.
Finally, in order to evaluate arbitrary schemes and protocols,
evaluation tools such as simulators are used instead of actual
WSNs. These tools are briefly examined in the last section.
2.1 Key establishment schemes in WSN
Over the last decade, various schemes have been suggested. As
discussed farther, they can be categorized by many different
aspects. In the following text, we cover the most prominent schemes
and their improvements.
There are two schemes usually considered seminal for the field. The
pairwise key pre-distribution, where each node shares a unique
secret key with all other nodes and the master key
pre-distribution.
Pairwise key pre-distribution is the perfect solution from the
security point of view as each captured node reveals only keys to
links the node was part of. Unfortunately, due to restricted
resources of WSN nodes, it is usually considered too expensive and
unscalable. Indeed, for n nodes in the network, each node has to
store n − 1 keys. Furthermore, addition of new nodes to the network
requires an update on each node or pre-loading
5
2. STATE OF THE ART
additional keys for the future-coming nodes. The most basic and
perfect KMS from the efficiency point of view is
the single master key pre-distribution. In such a scheme, all nodes
share a single secret key. It uses minimal memory, no computation
and communi- cation is necessary and the scalability is perfect. On
the other hand, if an attacker captures a node, she can directly
read out the key and thus reveal all communication protected by
this key.
A master key based protocol called BROSK was proposed in 2002 [35].
This scheme pre-loads a master key to all nodes prior to node
deployment. After node deployment, nodes broadcast their IDs
together with a nonce protected by MAC using the pre-loaded key.
All nodes able to hear this message construct a shared key with
this node as a function of nonces re- ceived and broadcasted by
themselves. However, from the “Re-negotiate the key” section of
[35] it seems that the authors propose to store the mas- ter key
for the entire lifetime of the network and thus the scheme remains
vulnerable to the node capture attack.
In 2001, Perrig et al. [56] proposed the SPINS scheme, a suite of
protocols SNEP and µTesla providing security building blocks. In
this scheme, the base station shares a pairwise key with each node
in the network prior to deployment. When two nodes need a pairwise
key, they request one from the base station.
To address the scalability issues and single point of failure of
SPINS, Chan and Perrig [12] proposed the PIKE scheme that
distributes the load to a third node for each pair of nodes.
Additional schemes based on the master key pre-distribution have
been proposed. Most prominently the LEAP scheme [92, 93], where the
master key is used to generate pairwise keys with neighbours only
during the key initialization phase after deployment and then
erased. A similar idea was used in [31].
A seminal work by Eschenauer and Gligor (EG) [22] proposed the ran-
dom key pre-distribution, where each node is pre-loaded with a
subset of random keys from a large pool. After deployment, nodes
publish IDs of their keys and find matches with neighbours. Pairs
of nodes then generate a new shared key with neighbours based the
matching key.
This work was generalized and extended by the q-composite scheme in
[13] by Chan et al. by requiring q > 1 common keys to be shared
instead of just 1. This approach increases node capture resiliency
of the scheme.
BROSK was published again in [34] together with a new scheme called
Overlap-Key-Sharing (OKS) scheme. The OKS scheme is a variation of
the EG scheme, where instead of keys a bit string is used. From a
longer string,
6
2. STATE OF THE ART
substrings are distributed and neighbouring nodes establish a
shared key from the overlapping portion of their string. To combat
various lengths of overlaps, authors propose to add padding or to
use a hash or keyed hash function.
A way of increasing the key pool and key ring size on each node was
presented in [62]. Authors use pre-distributed secrets to generate
hash chains of keys instead of storing all the keys on a
node.
Additional improvement was presented in [79]. In this work, authors
present a group support for randomized pre-distribution schemes.
The idea is that once a node establishes a shared secret with a
neighbour, it can take advantage of the keys loaded with that
neighbour in order to effectively increase its key pool and thus
increase the node capture resiliency of the protocol. Similar
approach was investigated in [80] with the main objective to fight
large-scale node capture attacks (e.g., 40% of nodes
captured).
In 2004, another seminal work [4] presenting the Key infection
scheme was done by Anderson et al. Besides proposing key exchange
in the clear with additional key strengthening mechanism. Authors
argue for the “real world” attacker model that has been heavily
adopted in the field since.
Du et al. [18] proposed a pairwise key pre-distribution scheme
based on the Blom’s matrix-based key scheme [6] and random key
pre-distribution scheme. As WSNs can be seen as random graphs, this
scheme assigns keys only to connected graph links unlike Blom’s
complete graph links. Hence this scheme is scalable and more
resilient to node capture. Another category is the tree-based
pre-distribution.
In 2005 Lee and Stinson [37] presented deterministic schemes based
on combinatorial set systems. By weakening the connectivity of the
graph, they enhanced the resiliency and improved the results of
[18].
Camtepe and Yener proposed in [10, 11] key pre-distribution schemes
based on combinatorial designs.
An unification for combinatorial designs in key pre-distribution
schemes was recently proposed by Paterson and Stinson [54].
A substantial amount of protocols is designed specifically for a
hier- archical topology of the resulting network. Most prominently,
the cluster- based topology is distinguished [78] and many
protocols specifically for these networks have been proposed [29,
87, 93, 32]. Other specialized topolo- gies such as a hypercube
have been also considered [1]. Recently, [61] pre- sented a
hierarchical tree-based key management scheme that supports real-
time re-keying to provide resiliency to node capture attack.
A set of works proposes improvements to various schemes with the
knowledge of deployment location [19, 88, 89, 43].
7
2. STATE OF THE ART
Last but not least, we discuss the group, often recognized as
standalone, of public key cryptography solutions. This category is
usually considered perfect from the security point of view but
strongly impractical due to mem- ory, computational and
communicational requirements of PKI based solu- tions.
The most famous PKI solution, the RSA has been implemented by the
TinyPK project [84] on MICA2. While they conclude it is feasible to
per- form public key operations, the timings on exponent operations
of 14.5 s for 1024-bit key size and memory requirements seem
unsatisfactory for most applications.
In the same year, Gura et al. [24] published a study comparing RSA
and elliptic curve cryptography (ECC) on 8-bit CPUs. The work
mainly shows strong advantage in using ECC over RSA in such
restricted environments.
Many other research groups focus on PKI in WSNs [23, 82, 42]. How-
ever, the results are nearly the same. Public key cryptography is
feasible on sensor nodes but remains computationally, memory and
power excessive.
An interesting research direction came from the result of Boneh and
Franklin [7]. They have successfully designed an identity-based
encryption scheme, idea of which has been proposed by Shamir [66].
This approach mitigates necessity of certificates in a PKI scheme.
Additionally, arbitrary string can pose as a public key. This
string is mapped on a point on an el- liptic curve. Using bilinear
pairing functions, e.g., the Weil pairing [85], one can then
compute a shared key by combining the public key with its private
key.
Current best results in the field of PKI implementation, solely
focusing on ECC, are from [75, 41]. In the field of pairing-based
cryptography (PBC) on WSNs, these are from [74, 50], where
implementation of ηT pairing on the ATmega128L microcontroller
takes 1.9 s while requiring 0.5 KB of RAM memory for the
calculation and running code.
2.1.1 Key management schemes’ properties
As with any system, we can evaluate quality of a key management
scheme by evaluating its properties. In [63, 2], authors identify
nine such major properties. They map them to application
requirements, and by assigning one of predefined values to each
property they help developers to ease the selection process of the
most suitable key management scheme for their ap- plication. The
list and its mapping is based on empirical research of existing
operational requirements of sensor networks relevant to key
management.
8
2. STATE OF THE ART
1. Memory footprint – It is clear from the technical specification
of most wireless sensor nodes that their memory is significantly
constrained. Thus minimizing the amount of the stored data,
together with mini- mization of the actual infrastructure code,
also stored in the memory, is of importance.
This becomes even more apparent if we take into consideration the
actual application run by the node and other supporting mechanisms,
such as an intrusion detection system, where substantial amount of
data might be stored.
An ideal KMS from the memory footprint perspective should only
store keys with required parties, e.g., neighbours and/or base
station.
2. Processing speed – Similarly, most commonly used
microcontrollers are operating on such low frequencies that
performing a computa- tionally intensive operation, such as ECC
point multiplication, might take up to seconds [75, 50] and thus
delay any other computation from performing on the node for a
significant amount of time.
Furthermore, performing microcontroller computations can also no-
tably exhaust node’s battery [68, 55] thus reduce its
lifetime.
3. Communication overhead – The communication overhead is one of
the major focuses in current WSN protocol designs. Longer and more
frequent messages considerably affect both the latency of
information forwarding and the power consumption. In fact, it has
been shown [60, 68, 3] that message transmission and reception is
usually the node’s biggest node’s energy consumption factor.
Best KMSs for WSNs should transmit as little data as possible, ide-
ally be preloaded with all the shared secrets and no need for
further communication.
4. Network bootstrapping – Network bootstrapping is a phase usually
considered a couple of seconds long that occurs right after deploy-
ment. During this phase nodes find out their neighbours, establish
keys with them, examine the network’s topology for routing purposes
and perform other adjoined tasks.
An ideal KMS should require no bootstrapping phase as it is the
most vulnerable phase in the lifetime of a sensor node. That is the
time when there are all shared secrets stored and an attacker could
usually compromise large portions of the network by acquiring
these.
9
2. STATE OF THE ART
Also, having no bootstrapping (a.k.a. initialization) phase implies
al- ready established shared secrets and thus no need for further
expen- sive communication.
5. Network resilience – This property expresses what impact would
an attacker have on the network upon capturing a (set of) node(s).
As wireless sensor nodes are considered physically insecure, all of
their secret data can be easily accessed by an attacker who
captures a node.
By capturing a node with a good KMS, only links the node is
involved in should become compromised.
Additionally, this property might reflect the attacker model. That
is, whether the attacker captures nodes by random, from the outside
edge of the network, in a path and so on.
6. Connectivity – Connectivity works similarly as in the graph
theory. It describes the ability of two nodes (vertices) to
establish a shared secret (a connection).
More specialized connectivity properties are:
• Global connectivity – Describes the probability of a secure path
between any two nodes being established.
• Local connectivity – Describes the probability of any two neigh-
bouring nodes sharing a secret.
• Node connectivity – Describes the probability of any two nodes in
the network sharing a secret.
7. Scalability – A general network might be of arbitrary size.
Scalabil- ity expresses how much keying data does a node need to
store with regard to the size of network.
An optimal KMS is storing a small amount of keying material that is
either directly used as a shared key with other nodes or the key is
computed based on this material.
8. Extensibility – While scalability describes the ability to cope
with large number of nodes in the network, extensibility
characterizes its ability to add new nodes to the network and
establish shared secrets during its lifetime.
An ideal KMS should only store keys it might need and thus should
be able to establish keys with arbitrary amount of new-coming
nodes.
10
2. STATE OF THE ART
9. Energy – One of the most commonly stressed property of WSN is
its energy restriction. The same applies directly to KMS. The
energy property describes how much energy is necessary for a KMS to
estab- lish shared secrets.
An exemplary KMS should perform as little computation and trans-
mit as little data as possible in order to preserve the maximum
amount of energy on the node.
This property can be also seen as joined communication overhead and
processing speed properties.
The list is not exhaustive. There is still room for addition of new
impor- tant properties. Alternatively, a split of overly coarse
properties into several fine-grained properties is possible.
In an earlier work [70], authors identify following requirements
and metrics for key management solutions in wireless sensor
networks cate- gorized in three groups:
• Security metrics:
– node authentication,
– scalability.
11
2. STATE OF THE ART
While the categorization of metrics might be useful, there are
still some drawbacks with this proposal. Most significantly, the
property of extensibil- ity, as defined in the previous list, seems
to be missing from this particular set of metrics. An issue is also
the node revocation property. Although it is relevant to the
applicability of KMSs, node revocation is usually considered w.r.t.
intrusion detection systems [91, 64] as these are the decision
points w.r.t. the revocation.
We think that each key management proposal should be evaluated with
respect to each of these properties.
2.1.2 Existing taxonomies
Many taxonomies for KMSs have been presented [83, 36, 90, 70, 63].
How- ever, many proposals suffer from insufficient granularity or
overlapping classes so that many KMS proposals could actually fit
in multiple groups depending on the point of view.
In [83], authors propose two taxonomies. One based on the network
structure and another based on the probability of key sharing.
Based on network structure, authors further divide schemes to those
based on a cen- tralized key and on distributed key schemes.
An overview of the taxonomy is presented:
• Network structure:
– probabilistic key scheme,
– deterministic key scheme.
The centralized key management schemes are those based on a single
entity responsible for key generation and distribution, often
called the key distribution center (KDC). The only found
representative of this category at the time of publishing was the
logical key hierarchy scheme [16], while all the other considered
schemes fit to the distributed key schemes category.
This classification could be extended by assuming the hierarchical
net- work structure. Additional special structures such as the
hypercube might be considered as well.
12
2. STATE OF THE ART
The approach based on the probability of key sharing differentiates
the probabilistic key schemes and deterministic key schemes.
However, we be- lieve that a mixed category should be also
considered. Some proposals might combine these approaches (e.g.,
[31], proposal II), or use one for es- tablishment of a class of
keys and another for a different class of keys, and none of these
classes would fit.
In [36], authors classify KMSs for WSNs by the key establishment
mech- anism to:
• Pairwise key pre-distribution.
However, this classification is strongly oriented towards symmetric
key cryptography and neglects public key cryptography based
schemes. More- over, this classification is targeting a single
specific scheme in each category rather than defining general
classes.
However, authors of [36] use it just in order to define a novel
classifica- tion based on the attacker model. They define four
attacker models and map the previously defined key establishment
scheme classes to the strongest at- tacker model they are still
secure under.
The attacker models are defined as follows:
• Attacker Model 1:
– An adversary can monitor the communication after key estab-
lishment. No node capture attack is launched during the lifetime of
the network.
– Master key based pre-distribution is mapped to this level.
• Attacker Model 2:
– Active attacks such as node capture can happen after key setup.
During key setup, monitoring is a remote possibility.
– Key infection scheme, i.e., the “No key pre-distribution” class,
is considered secure under this attack model.
13
• Attacker Model 3:
– Communication monitoring is present right after deployment. On
the other hand, active attacks can only appear after key
setup.
– The LEAP protocol is a representative of schemes secure under
this class of attacker, albeit it is a member of the Master key
based pre-distribution class as well.
• Attacker Model 4:
– Both overhearing and active attacks are present right from the
node deployment.
– Base station participation, i.e., the SPINS protocol, and
pairwise key pre-distribution schemes are considered perfectly
secure and fit to this class. Additionally, probabilistic key
pre-distribution schemes, i.e., the EG scheme and its successors,
exhibit high node capture resilience and are put by the authors to
this class, too.
In [90], authors present a comprehensive survey of existing key
man- agement schemes and categorize them by proposed taxonomy based
on the encryption key mechanism used in the scheme. Further on,
each category is divided into subcategories based on the
pre-distribution and establishment mechanism.
The initial categorization is:
• Symmetric key management schemes.
• Asymmetric key management schemes.
• Hybrid schemes.
This division is all-covering and relates nicely to standard
cryptography. Additionally, some assumptions might be made on each
of these categories just by their names. To improve on the
granularity of the taxonomy, first two classes are divided into
eight and three categories, respectively. Sym- metric key
management schemes exhibit traditionally low processing cost and
small amount of memory necessary for storing a key. For these
reasons, schemes based on symmetric cryptography seem prevalent in
the literature. In [90], these are further divided into:
• Entity based or arbitrated schemes:
– Master key based pre-distribution scheme.
14
– Base station participation scheme.
• Pairwise key pre-distribution scheme.
• Polynomial-based jet pre-distribution schemes.
• Matrix-based key pre-distribution schemes.
• Tree-based key pre-distribution schemes:
• Exclusion basis system-based key pre-distribution schemes.
This approach relates to principles used throughout the literature
(see section 2.1). However, it also adds a considerable number of
classes that are inconvenient for remembering and practical use. On
the other hand, asymmetric key management schemes are divided by
authors into mere three, well defined classes:
• RSA-based asymmetric encryption system.
• ECC-based asymmetric encryption system.
• ID-based key agreement schemes.
In this instance, the approach to key establishment is apparent
from the class name and directly indicates some of the scheme
characteristics such as higher computational and memory
costs.
The hybrid category includes proposals, such as [26], where authors
try to capitalize on the more powerful entities in the network such
as the base station or cluster head.
An issue with this taxonomy is where to put the well known unkeyed
key infection scheme [4]. Additionally, some mixed solutions such
as [31], proposal II, are overlapping several of these classes.
Finally, we do not agree with the master key based pre-distribution
being considered as entity based or arbitrated scheme as in that
case, any other scheme could be, since some entity has to pre-load
all the data to nodes.
15
2. STATE OF THE ART
In [70], authors employ a taxonomy adopted from [9]. They
categorize key management schemes to classes based on the principle
of the scheme to:
• Self-enforcing schemes.
• Pre-distribution schemes.
Self-enforcing schemes mainly cover asymmetric solutions,
arbitrated keying schemes rely on a trusted third party such as the
base station and pre-distribution schemes stand for the EG scheme
and its improvements.
Additionally, in the original technical report [9], authors divide
each of these categories further. However, this additional division
was not adopted in [70]. This was probably due to the fact that
this additional division can be considered outdated now as many
proposals have been made since.
The [70] focuses on reviewing the state of the art of
pre-distribution schemes. It further categorizes these into:
• Network-wide key based schemes.
• Full pairwise probabilistic schemes.
• Combinatorial design based schemes.
• Deployment knowledge based schemes.
Although authors of [70] mention the key infection paper [4], it is
only with respect to the multipath key reinforcement. Thus it is
again unclear whether they classify the key infection protocol
under the pre-distribution category and if so, what subcategory.
Additionally, subcategories of self- enforcing schemes and
arbitrated keying schemes are not discussed.
Finally, in [63] authors propose a similar principle-based taxonomy
that was deduced by analysing previous surveys. The proposed four
categories are:
• Key pool framework.
• Negotiation framework.
• Public key framework.
The key pool framework includes those based on a global key pool
idea such as in the EG scheme [22]. The mathematical framework
includes the polynomial, matrix and combinatorial designs. The
negotiation framework accommodates approaches such as the key
infection [4] or [31].
We believe a hybrid category should be considered for solutions
such as [26] or [31], proposal II. Additionally, a category for
specific network structure and/or deployment knowledge proposals
might be considered, too.
2.2 WSN evaluation tools
In the field of wireless sensor networks, not many schemes are
tested on real hardware. Simulations are often preferred or at
least are preceding real deployments. The advantages of simulations
are a) preparation and exe- cution require significantly less time;
b) allow for large scale testing; c) are repeatable; d) real
hardware and its management is expensive.
Due to these factors, an overwhelming number of simulators and
other tools have been designed [28]. These performance evaluation
tools can be classified into three different categories.
1. Simulators:
2. Emulators.
3. Testbeds.
These evaluation tools are often used for performance evaluation,
but frequently neglect security, especially key management
evaluation. This is partly due to the fact that these tools do not
come with integrated models and protocols for pursuing security
objectives. A consequence of the lack of security models and
protocols in these tools is that designers and devel- opers tend to
ignore security focused schemes during application develop- ment.
These schemes are not part of the application design and developers
are not reminded by the presence of these schemes in the tool.
Thus, re- sulting application does not include incidental memory,
battery persistence and other characteristics in their
evaluation.
17
2.2.1 Simulators
In this section we briefly discuss three main general-purpose
simulators, the ns-2, OMNeT++ and MATLAB, followed by a deeper
investigation of several WSN specific simulators.
ns-2: One of the oldest and most used simulators is the ns-2 [49].
It dates back to 1989 as a general-purpose network simulator. Like
every other sim- ulator examined in this thesis proposal, it is a
discrete event-driven sim- ulator. Although it is an extensible
simulator, its main drawbacks are its limited scalability, packet
formats, MAC protocols and energy model that differ from those used
on WSNs. Finally, ns-2 lacks a sensing and applica- tion
model.
Many of these drawbacks have been made up for with add-ons such as
Mannasim [8] adding sensing, application, MICA2 physical and other
models as well as several WSN protocols, or SensorSim [53] adding
sensing and energy model and others. However, SensorSim has never
been finished and the public release was withdrawn.
OMNeT++: Another very popular general-purpose simulation platform,
OMNeT++ [77] has been been started in 1993 as OMNeT [59]. OMNeT++
is written in C++ and is an extensible discrete event simulator.
One of its main advantages and reasons for its popularity is a
powerful graphical user interface that visualizes all the details
of the simulation. Additionally, OM- NeT++ includes integrated
development environment for effective simula- tion
development.
Actual simulators are developed as module packages on top of OM-
NeT++. For WSNs, main representatives are the MiXiM [33] and
Castalia [57] simulators. More details on these are provided in
their respective sec- tions.
The only effort to our knowledge, with an exception for [81], to
simulate key establishment protocols and perform security
evaluation of these [52] is based on OMNeT++. Authors used it to
evaluate performance and security of several basic schemes.
However, it is not clear whether they used some of the WSN specific
simulators built on top of OMNeT++ or OMNeT++ on its own as the
source codes were not made public.
MATLAB: Conceived in the 1980s, MATLAB [44] evolved into a power-
ful environment. On its own it serves mainly as a numerical
computing environment, however, with additionally integrated
environments such as
18
2. STATE OF THE ART
SIMULINK [71] it provides graphical editor, libraries and modelling
for system simulating. The main disadvantage of MATLAB is its
proprietary licensing.
Additional WSN simulators are built on top of MATLAB such as
Prowler [69] or JProwler [30].
Castalia: Castalia was introduced in 2007 [57] as a module package
for OMNeT++ for simulating WSNs with the main emphasis on the
wireless channel and radio model accuracy. From our own study [73]
it shows that their model is indeed more parametrizable than the
concurrent ones. Ad- ditionally, Castalia provides a decent set of
mainly MAC protocols, sensing and mobility modules.
MiXiM: Another OMNeT++ based simulator for wireless sensor
networks, MiXiM [33] was created as a merge of multiple OMNeT++
projects. It pro- vides detailed wireless channel model, a high
number of networking pro- tocols, both MAC and routing, physical
models for multiple radio chips, energy and mobility models and
others.
Although the set of capabilities is not complete and many improve-
ments can be made, it is the richest WSN focused simulator to our
knowl- edge. For example, by default it lacks a sensing model, but
we have added one for our project purposes easily.
Based on our previous work [73], we established MiXiM as the
simula- tor of choice for our laboratory and a lot of functionality
has already been added.
Cooja: Cooja was developed as part of the Contiki OS [20], an
alterna- tive to the mainstream TinyOS [40], and is distributed
along with it. Cooja is designed as multiple-level of abstraction
simulator. That mean it allows for networking level of abstraction
via its Java implementation, source code level of abstraction via
simply connecting actual Contiki code to the simu- lator through
JNI and even instruction level emulation of the code on hard- ware
via another simulator, MSPSim [21] that can be connected to
Cooja.
However, in the networking level of abstraction, Cooja provides
almost no models and protocols ready to use. At the source code
level of abstrac- tions, it offers only Contiki specific set of
protocols, i.e., those present in the Contiki distribution. On the
other hand, it allows for TinyOS code simula- tion as well.
However, during our previous work [73], we have discovered several
issues with this level of abstraction simulation mainly related
to
19
2. STATE OF THE ART
performance, lack of timings and energy model. Finally, Cooja
offers a set of additional utilities, e.g., signal ray
tracing,
concurrent simulation on three levels of abstraction and a rich
GUI. How- ever, due to the aforementioned problems we decided not
to use it for our future work.
WSNet: Another, networking level event-driven simulator for
wireless sensor network offering an interesting set of
functionality is the WSNet [14]. As with other simulators, it
allows for detailed node modelling, but adds an environment
simulation for wildfire spread simulation together with nodes birth
and death support. Additionally, it also offers mobility and
battery models as well as a substantial set of networking
protocols.
It is a command line based simulator that does include a set of
utilities to visualize the topology of the network, a set of MATLAB
scripts to visualize the results and a graphical tool to replay the
simulation offline.
TOSSIM: Similar to Cooja, TOSSIM [39] is developed as a code level
sim- ulator for TinyOS. While sometimes called an emulator for
running the ac- tual code, it does not emulate the
microcontroller’s instructions.
In order to provide scalability, authors used the probabilistic bit
error model for wireless channel. This in turn reduces usability of
the simula- tor for low-level protocols. Additionally, there is no
mobility and energy model. While some projects for these existed
[68], their development and support has been suspended.
Tuan: All previously mentioned and indeed all simulators
investigated provide more or less good set of capabilities with
possibility for extensions. However, none of them directly supports
security modelling. In fact, the only simulator focused on security
is the Tuan (named here after its main author as authors have not
named it) [81].
This simulation environment enables simulation of several
randomized key pre-distribution schemes on WSNs. It offers a set of
tools to evaluate the effectiveness of four implemented schemes and
a helpful GUI to visualize the results. It also offers attacker
models that allow for detailed security evaluation of key
management schemes.
The source code is not made public, therefore extensibility is an
issue, however it is available upon contacting authors.
Unfortunately, this simulator does not focus on the networking,
compu- tational or energy aspect of the simulation and is therefore
not suitable for
20
general-purpose protocol evaluation.
2.2.2 Emulators
The term emulation is currently referring to mimicking the
underlying hard- ware. The emulator should completely imitate the
execution of the binary code on the underlying hardware, while
simulation can work on abstract models. This fact also implies
slower performance of emulators and thus limits the scalability of
such systems.
MSPSim: MSPSim [21] is a firmware level simulator for the Texas
Instru- ments MSP430 microcontroller. Additionally, it contains a
sensor board sim- ulator that enables simulation of sensors, LEDs,
communication ports and other hardware peripherals. MSPSim has a
powerful GUI and offers de- bugging fucntionality such as
breakpoints or single stepping. It can be in- tegrated into Cooja,
thus forming Cooja/MSPSim allowing for cross-level simulation [51]
even on the instruction level.
ATEMU: The ATmel EMUlator (ATEMU) [58] provides low-level emula-
tion of operation of Atmel microcontroller based sensor nodes. It
runs code directly runnable on MICA platform. In addition, authors
implemented a GUI debugged for ATEMU called XATDB.
2.2.3 Testbeds
Simulation and emulation reliability depends strongly on the
underlying models. To overcome this issue, various testbeds were
formed, where au- thors can try out their applications on real
hardware. These testbeds pro- vide tools for remote configuration
and monitoring of experiments. On the other hand, experiments on
testbeds are slow in comparison to simulations, they are not easily
repeatable, most of them are paid for and with the free ones one
has to wait for allocated time on the platform.
MoteLab: At Harvard, a public web-based sensor network testbed [86]
has been formed. Initially, 26 MICA2 motes have been deployed,
which were soon replaced by 30 MICAZ motes. Recent report [28]
indicates a testbed of 190 Tmote Sky motes. However, the reported
web interface was offline at the time of writing this thesis
proposal as the lead researcher in the WSN field left Harvard for
industry and his projects seem to be dropped.
21
2. STATE OF THE ART
SensorScope: Originally reported in [65], SensorScope started as a
long- running experiment for building monitoring. Later on, the
nature of the project shifted to large-scale environmental
monitoring [5]. Multiple de- ployments have been performed
measuring unique meteorological data. While an interesting project
with even more interesting results, it is not a publicly accessible
testbed for application testing.
2.2.4 Summary
In our previous work [73], we compared evaluation results of a
simple IDS on a set of WSN simulators. Our research revealed
in-depth inconsistencies between various models defined in all
simulators and identified numerous bugs and issues with each
examined simulator.
We believe that the best way of improving results from simulators
and simulators themselves is for authors of various projects to
cooperate. Ide- ally, a small set of competing projects should be
contributed to by large groups of authors. This approach would not
only improve quality of vari- ous models implementations but also
significantly improve functionality of various simulators.
Based on that and adjoined research on WSN evaluation tools that
has been briefly summarized above, we have decided to use the
OMNeT++ based MiXiM simulator for our future work. MiXiM is a
project formed as a merger of multiple smaller projects and we
intend to continue in the trend by extending it further.
22
Main research results
I am (co-)author of the following papers from the areas of wireless
sensor network security, simulation and evaluation.
In the most recent paper [31], we showed that a previously
published paper [15] proposing both key establishment and node
authentication pro- tocols actually fails to provide the much
needed security. In particular, we showed a number of ways to
compromise these protocols. Most signifi- cantly, we showed that
established and stored keys are in fact not pairwise. Therefore an
attacker capturing a node could reveal keys to links that the
captured node is not part of. Additionally, we showed that
authentication of messages is not provided in these protocols and
thus e.g. exhaustion at- tacks are a threat.
To overcome flaws of these protocols, we proposed two novel
protocols that remedy all the found security problems of the
previous ones. Our first proposal was based on [15] and reduces
both amount of memory neces- sary for storing the keying material
as well as length of messages transmit- ted during the protocol
execution. Additionally, it provides actual pairwise keys and all
important messages are authenticated. The second proposal was a
combination of master-key based scheme with the EG scheme. This
protocol behaves like the usual randomized pre-distribution scheme
with the advantage of the master key that can be used to establish
keys between unsuccessful neighbours and other tasks. While memory
and communi- cation efficiency varies based on selected parameters,
the security of the proposal is well examined by reviews on the
building blocks.
In our second major paper [73], we presented a practical research
on four open-source simulators, i.e., Castalia, Cooja, MiXiM and
WSNet. A di- rect benefit of this work is a comparison of
simulators that has never been done before in this
combination.
Previously, using a simple test case, we demonstrated that usage of
dif- ferent simulators results into different evaluation outcomes
even though the simulators were set in the same way, and the same
evaluation metrics were used. We compared a number of received
packets across the simula-
23
3. MAIN RESEARCH RESULTS
tors. We hypothesized possible factors causing the different
outputs, but we did not thoroughly examine them.
For the purposes of [73], we implemented more complex system – an
in- trusion detection system. We rigorously examined the simulators
and pre- sented our findings regarding the possible sources of the
differences. We found numerous differences in models between used
simulators, such as different sets of physical models and supported
MAC protocols, as well as bugs resulting in major bias in the
results. Finally, we evaluated their im- pact on the evaluation of
the intrusion detection system.
Based on this research, we also selected the primary simulator for
eval- uation of our proposals in our laboratory. This decision was
done based on the set of functions provided by the simulator, the
set of implemented pro- tocols in the distribution, ease of use and
amount of bugs and drawbacks found.
A comprehensive summary of my study results is provided in the Ap-
pendix A, p 39.
24
Chapter 4
Future research
Our primary objective is to improve evaluation of key management
sys- tems for WSNs from both performance and security perspectives.
In order to do so, we will implement and evaluate a representative
set of key man- agement schemes into a selected simulator. In our
case it will be OMNeT++ based MiXiM simulator. However, our
implementation should be MiXiM independent.
In order to select such a representative set we expect to take a
represen- tative of each (major) category from a key management
taxonomy. We ex- amined current key management scheme taxonomies
and it turns out that each taxonomy has its pros and cons.
Therefore, we will design a unifying taxonomy, presumably
hierarchical or multidimensional in nature, that will serve as our
starting point.
Following the selection of schemes to implement, we will add appro-
priate models to support key management in OMNeT++ and implement
selected schemes themselves. An additional benefit of this and the
follow- ing step is a thorough review of selected schemes. As our
previous work [31] hinted at, not all published schemes actually
work as presented.
In order to evaluate security of implemented proposals, we will add
an attacker model to the simulator. We intend to examine currently
used attacker models in the field of WSNs, to find a suitable
generalization and to propose a new parametrizable attacker
model.
Optionally, in order to evaluate memory requirements of selected
pro- tocols, mainly with respect to their associated
infrastructure, we will imple- ment selected proposals into the
TinyOS.
Optionally, and especially if our analysis reveals unexplored areas
in the key management taxonomy space and/or errors in existing
schemes, we might design new and/or improve existing key management
schemes, such as in [31].
25
The time schedule of our future work:
1. In-depth examination of existing key management scheme
taxonomies and proposal of a unifying key management scheme
taxonomy. (Tar- get date: Spring 2013.)
2. Selection of suitable set of protocols and implementation of
support infrastructure in OMNeT++. (Target date: Summer
2013.)
3. Implementation of selected protocols in OMNeT++. (Target date:
End of 2013.)
4. Introduction of a generalized attacker model and its
implementation in OMNeT++. (Target date: Spring 2014.)
5. Security and performance evaluation of selected protocols.
(Target date: End of 2014.)
6. Optional implementation of selected proposals in TinyOS and
their evaluation mainly from their infrastructure implementation
memory requirements point of view. (Target date: Winter
2014/2015.)
7. Optional proposal and evaluation of new key management
scheme(s). (No specific target date set.)
• We have already designed one scheme in [31].
Expected submission of the dissertation: Winter 2014/2015.
26
Bibliography
[1] Abdullah Al-Dhelaan. Pairwise key establishment scheme for
hypercube-based wireless sensor networks. In Proceedings of the
15th WSEAS international conference on Computers, pages 104–110,
Stevens Point, Wisconsin, USA, 2011. World Scientific and Engineer-
ing Academy and Society (WSEAS).
[2] Cristina Alcaraz, Javier Lopez, Rodrigo Roman, and Hsiao-Hwa
Chen. Selecting key management schemes for wsn applications.
Computers & Security, 31(8):956 – 966, 2012.
[3] Giuseppe Anastasi, Marco Conti, Mario Di Francesco, and Andrea
Pas- sarella. Energy conservation in wireless sensor networks: A
survey. Ad Hoc Networks, 7(3):537 – 568, 2009.
[4] Ross Anderson, Haowen Chan, and Adrian Perrig. Key infection:
Smart trust for smart dust. In Proceedings of the 12th IEEE
Interna- tional Conference on Network Protocols, pages 206–215,
Washington, DC, USA, 2004. IEEE Computer Society.
[5] Guillermo Barrenetxea, Francois Ingelrest, Gunnar Schaefer,
Martin Vetterli, Olivier Couach, and Marc Parlange. Sensorscope:
Out-of-the- box environmental monitoring. In Proceedings of the 7th
international conference on Information processing in sensor
networks, IPSN ’08, pages 332–343, Washington, DC, USA, 2008. IEEE
Computer Society.
[6] Rolf Blom. An optimal class of symmetric key generation
systems. In Thomas Beth, Norbert Cot, and Ingemar Ingemarsson,
editors, Ad- vances in Cryptology, volume 209 of Lecture Notes in
Computer Sci- ence, pages 335–338. Springer Berlin / Heidelberg,
1985.
[7] Dan Boneh and Matt Franklin. Identity-based encryption from the
weil pairing. In Joe Kilian, editor, Advances in Cryptology –
CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science,
pages 213–229. Springer Berlin / Heidelberg, 2001.
27
[8] Thais R. M. Braga, Fabrcio Silva, Linnyer B. Ruiz, and Jose
Marcos S. Nogueira. MannaSim: a framework to the simulation of
wireless sen- sors networks (in portuguese). Electronics Magazine
of Undergrad- uate Scientific Research of the Brazilian Computer
Science Society (REIC), September 2004.
[9] David W. Carman, Peter S. Kruus, and Brian J. Matt. Constraints
and approaches for distributed sensor network security (final).
DARPA Project report,(Cryptographic Technologies Group, Trusted
Informa- tion System, NAI Labs), 1:1, 2000.
[10] Seyit A. Camtepe and Bulent Yener. Combinatorial design of key
dis- tribution mechanisms for wireless sensor networks. In
Pierangela Samarati, Peter Ryan, Dieter Gollmann, and Refik Molva,
editors, Computer Security – ESORICS 2004, volume 3193 of Lecture
Notes in Computer Science, pages 293–308. Springer Berlin
Heidelberg, 2004.
[11] Seyit A. Camtepe and Bulent Yener. Combinatorial design of key
dis- tribution mechanisms for wireless sensor networks. IEEE/ACM
Trans. Netw., 15(2):346–358, April 2007.
[12] Haowen Chan and Adrian Perrig. Pike: peer intermediaries for
key establishment in sensor networks. In INFOCOM 2005: Proceedings
of 24th Annual Joint Conference of the IEEE Computer and Communica-
tions Societies, volume 1, pages 524 – 535, March 2005.
[13] Haowen Chan, Adrian Perrig, and Dawn Song. Random key
predistri- bution schemes for sensor networks. In 2003 Symposium on
Security and Privacy, pages 197 – 213, May 2003.
[14] Guillaume Chelius, Antoine Fraboulet, and Eric Fleury.
Worldsens: a fast and accurate development framework for sensor
network appli- cations. In ACM symposium on Applied computing, SAC
’07, pages 222–226, New York, NY, USA, 2007. ACM.
[15] Oscar Delgado-Mohatar, Jose Sierra, Ljiljana Brankovic, and
Amparo Fuster-Sabater. An energy-efficient symmetric cryptography
based au- thentication scheme for wireless sensor networks. In
Pierangela Sama- rati et al., editors, Information Security Theory
and Practices. Security and Privacy of Pervasive Systems and Smart
Devices, volume 6033 of Lecture Notes in Computer Science, pages
332–339. Springer Berlin / Heidelberg, 2010.
28
[16] Roberto Di Pietro, Luigi V. Mancini, Yee Wei Law, Sandro
Etalle, and Paul Havinga. LKHW: a directed diffusion-based secure
multicast scheme for wireless sensor networks. In Parallel
Processing Work- shops, 2003. Proceedings. 2003 International
Conference on, pages 397–406, October 2003.
[17] David M. Doolin and Nicholas Sitar. Wireless sensors for
wildfire mon- itoring. In Smart Structures and Materials, pages
477–484. Interna- tional Society for Optics and Photonics,
2005.
[18] Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney,
Jonathan Katz, and Aram Khalili. A pairwise key predistribution
scheme for wireless sensor networks. ACM Trans. Inf. Syst. Secur.,
8:228–258, May 2005.
[19] Wenliang Du, Jing Deng, Yunghsidng S. Han, Shigang Chen, and
Pramod K. Varshney. A key management scheme for wireless sensor
networks using deployment knowledge. In INFOCOM 2004. Twenty- third
Annual Joint Conference of the IEEE Computer and Communi- cations
Societies, volume 1, March 2004.
[20] A. Dunkels, B. Gronvall, and T. Voigt. Contiki – a lightweight
and flexible operating system for tiny networked sensors. In IEEE
Interna- tional Conference on Local Computer Networks, pages
455–462, Los Alamitos, CA, USA, 2004. IEEE Computer Society.
[21] Joakim Eriksson, Adam Dunkels, Niclas Finne, Fredrik
Osterlind, and Thiemo Voigt. Mspsim – an extensible simulator for
msp430-equipped sensor boards. In Proceedings of the European
Conference on Wireless Sensor Networks (EWSN), Poster/Demo session,
Delft, The Nether- lands, January 2007.
[22] Laurent Eschenauer and Virgil D. Gligor. A key-management
scheme for distributed sensor networks. In Proceedings of the 9th
ACM con- ference on Computer and communications security, CCS ’02,
pages 41–47, New York, NY, USA, 2002. ACM.
[23] Gunnar Gaubatz, Jens-Peter Kaps, and Berk Sunar. Public key
cryptog- raphy in sensor networks – revisited. In Proceedings of
the First Euro- pean conference on Security in Ad-hoc and Sensor
Networks, ESAS’04, pages 2–18, Berlin, Heidelberg, 2005.
Springer-Verlag.
29
[24] Nils Gura, Arun Patel, Arvinderpal Wander, Hans Eberle, and
Sheuel- ingChang Shantz. Comparing elliptic curve cryptography and
rsa on 8-bit cpus. In Marc Joye and Jean-Jacques Quisquater,
editors, Crypto- graphic Hardware and Embedded Systems - CHES 2004,
volume 3156 of Lecture Notes in Computer Science, pages 119–132.
Springer Berlin Heidelberg, 2004.
[25] Thomas Riisgaard Hansen, J. Mikael Eklund, Jonathan Sprinkle,
Ruzena Bajcsy, and Shankar Sastry. Using smart sensors and a cam-
era phone to detect and verify the fall of elderly persons. In
European Medicine, Biology and Engineering Conference, 2005.
[26] Qiang Huang, Johnas Cukier, Hisashi Kobayashi, Bede Liu, and
Jinyun Zhang. Fast authenticated key establishment protocols for
self- organizing sensor networks. In Proceedings of the 2nd ACM
inter- national conference on Wireless sensor networks and
applications, WSNA ’03, pages 141–150, New York, NY, USA, 2003.
ACM.
[27] Imote2 Datasheet, 2013. [Online; accessed 1/10/2013]. URL:
http://bullseye.xbow.com:81/Products/Product_pdf_
files/Wireless_pdf/Imote2_Datasheet.pdf.
[28] Muhammad Imran, Abas Md Said, and Halabi Hasbullah. A survey
of simulators, emulators and testbeds for wireless sensor networks.
In International Symposium in Information Technology (ITSim 2010),
volume 2, pages 897–902. IEEE, 2010.
[29] Gaurav Jolly, Mustafa C. Kuscu, Pallavi Kokate, and Mohamed
Younis. A low-energy key management protocol for wireless sensor
networks. In Proceedings of the Eighth IEEE International Symposium
on Com- puters and Communications, ISCC ’03, pages 335–340,
Washington, DC, USA, 2003. IEEE Computer Society.
[30] JProwler, 2013. [Online; accessed 1/10/2013]. URL: http://w3.
isis.vanderbilt.edu/projects/nest/jprowler/.
[31] Filip Jurnecka and Vashek Matyas. A better way towards key
estab- lishment and authentication in wireless sensor networks. In
Proceed- ings of the 8th international conference on Mathematical
and Engi- neering Methods in Computer Science, MEMICS’12, pages
131–142, Berlin, Heidelberg, 2013. Springer-Verlag.
[32] Elisavet Konstantinou. Efficient cluster-based group key
agreement protocols for wireless ad hoc networks. Journal of
Network and Com- puter Applications, 34(1):384 – 393, 2011.
[33] A. Kopke, M. Swigulski, K. Wessel, D. Willkomm, P. T. Klein
Haneveld, T. E. V. Parker, O. W. Visser, H. S. Lichte, and S.
Valentin. Simulating wireless and mobile networks in omnet++ the
mixim vision. In Con- ference on Simulation tools and techniques
for communications, net- works and systems & workshops,
Simutools ’08, pages 71:1–71:8, ICST, Brussels, Belgium, 2008.
ICST.
[34] Bo-Cheng Charles Lai, David D. Hwang, Sungha Pete Kim, and
Ingrid Verbauwhede. Reducing radio energy consumption of key
manage- ment protocols for wireless sensor networks. In Proceedings
of the 2004 international symposium on low power electronics and
design, ISLPED ’04, pages 351–356, New York, NY, USA, 2004.
ACM.
[35] Bocheng Lai, Sungha Kim, and Ingrid Verbauwhede. Scalable
session key construction protocol for wireless sensor networks. In
In IEEE Workshop on Large Scale RealTime and Embedded Systems
(LARTES, page 7, 2002.
[36] Hwaseong Lee, Yong Ho Kim, Dong Hoon Lee, and Jongin Lim.
Clas- sification of key management schemes for wireless sensor
networks. In Proceedings of the APWeb/WAIM 2007 DBMAN, WebETrends,
PAIS and ASWAN international workshops on Advances in Web and
Network Technologies, and Information Management, pages 664–673,
Berlin, Heidelberg, 2007. Springer-Verlag.
[37] Jooyoung Lee and Douglas Stinson. Deterministic key
predistribution schemes for distributed sensor networks. In Helena
Handschuh and M. Hasan, editors, Selected Areas in Cryptography,
volume 3357 of Lecture Notes in Computer Science, pages 294–307.
Springer Berlin / Heidelberg, 2005.
[38] Sang Hyuk Lee, Soobin Lee, Heecheol Song, and Hwang Soo Lee.
Wireless sensor network design for tactical military applications:
re- mote large-scale environments. In Proceedings of the 28th IEEE
con- ference on Military communications, MILCOM’09, pages 911–917,
Pis- cataway, NJ, USA, 2009. IEEE Press.
[39] Philip Levis, Nelson Lee, Matt Welsh, and David Culler.
Tossim: ac- curate and scalable simulation of entire tinyos
applications. In Pro-
31
ceedings of the 1st international conference on Embedded networked
sensor systems, SenSys ’03, pages 126–137, New York, NY, USA, 2003.
ACM.
[40] Philip Levis, Samuel Madden, Joseph Polastre, Robert Szewczyk,
Kamin Whitehouse, Alec Woo, David Gay, Jason Hill, Matt Welsh, Eric
Brewer, and David Culler. Tinyos: An operating system for sensor
net- works. In Werner Weber, JanM. Rabaey, and Emile Aarts,
editors, Am- bient Intelligence, pages 115–148. Springer Berlin
Heidelberg, 2005.
[41] An Liu and Peng Ning. Tinyecc: A configurable library for
elliptic curve cryptography in wireless sensor networks. In
Proceedings of the 7th international conference on Information
processing in sensor networks, IPSN ’08, pages 245–256, Washington,
DC, USA, 2008. IEEE Computer Society.
[42] David J. Malan, Matt Welsh, and Michael D. Smith. Implementing
public-key infrastructure for sensor networks. ACM Trans. Sen.
Netw., 4(4):22:1–22:23, September 2008.
[43] Keith M. Martin, Maura B. Paterson, and Douglas R. Stinson.
Key pre- distribution for homogeneous wireless sensor networks with
group deployment of nodes. ACM Trans. Sen. Netw., 7(2):11:1–11:27,
Septem- ber 2010.
[44] MATLAB, 2013. [Online; accessed 1/10/2013]. URL: http://www.
mathworks.com/products/matlab/.
[45] Memsic, inc., 2013. [Online; accessed 1/10/2013]. URL:
http://www. memsic.com/.
[46] MICA2 Datasheet, 2013. [Online; accessed 1/10/2013]. URL:
http://bullseye.xbow.com:81/Products/Product_pdf_
files/Wireless_pdf/MICA2_Datasheet.pdf.
[47] MICAz Datasheet, 2013. [Online; accessed 1/10/2013]. URL:
http://bullseye.xbow.com:81/Products/Product_pdf_
files/Wireless_pdf/MICAz_Datasheet.pdf.
[48] L. Nachman, J. Huang, J. Shahabdeen, R. Adler, and R. Kling.
IMOTE2: Serious Computation at the Edge. In IWCMC ’08: 2008
International Wireless Communications and Mobile Computing
Conference, pages 1118 –1123, August 2008.
[50] Leonardo B. Oliveira, Diego F. Aranha, Conrado P. L. Gouvea,
Michael Scott, Danilo F. Cmara, Julio Lopez, and Ricardo Dahab.
TinyPBC: Pairings for authenticated identity-based non-interactive
key distribu- tion in sensor networks. Computer Communications,
34(3):485–493, March 2011.
[51] Fredrik Osterlind, Adam Dunkels, Joakim Eriksson, Niclas
Finne, and Thiemo Voigt. Cross-level sensor network simulation with
cooja. In Proceedings of the First IEEE International Workshop on
Practi- cal Issues in Building Sensor Network Applications
(SenseApp 2006), Tampa, Florida, USA, November 2006.
[52] S. Ozdemir and O. Khalil. Performance evaluation of key
manage- ment schemes in wireless sensor networks. Gazi University
Journal of Science, 25(2):465–476, 2012.
[53] Sung Park, Andreas Savvides, and Mani B. Srivastava.
Sensorsim: a simulation framework for sensor networks. In
Proceedings of the 3rd ACM international workshop on Modeling,
analysis and simulation of wireless and mobile systems, MSWIM ’00,
pages 104–111, New York, NY, USA, 2000. ACM.
[54] Maura B. Paterson and Douglas R. Stinson. A unified approach
to com- binatorial key predistribution schemes for sensor networks.
Designs, Codes and Cryptography, pages 1–25, 2012.
[55] Enrico Perla, Art O Cathain, Ricardo Simon Carbajo, Meriel
Huggard, and Ciaran Mc Goldrick. Powertossim z: realistic energy
modelling for wireless sensor network environments. In Proceedings
of the 3nd ACM workshop on Performance monitoring and measurement
of het- erogeneous wireless and wired networks, PM2HW2N ’08, pages
35– 42, New York, NY, USA, 2008. ACM.
[56] Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, and
David E. Culler. Spins: security protocols for sensor networks.
Wireless Net- works, 8:521–534, September 2002.
[57] Hai N Pham, Dimosthenis Pediaditakis, and Athanassios Boulis.
From simulation to real deployments in WSN and back. In IEEE
Symposium
on World of Wireless, Mobile and Multimedia Networks, WoWMoM ’07,
pages 1–6. IEEE, 2007.
[58] J. Polley, D. Blazakis, J. McGee, D. Rusk, and J.S. Baras.
Atemu: A fine-grained sensor network simulator. In First Annual
IEEE Commu- nications Society Conference on Sensor and Ad Hoc
Communications and Networks, 2004. IEEE SECON 2004, pages 145–152.
IEEE, 2004.
[59] Gyorgy Pongor. Omnet: Objective modular network testbed. In
MAS- COTS ’93: Proceedings of the International Workshop on
Modeling, Analysis, and Simulation On Computer and
Telecommunication Sys- tems, pages 323–326, San Diego, CA, USA,
1993. The Society for Com- puter Simulation, International.
[60] Gregory J. Pottie and William J. Kaiser. Wireless integrated
network sensors. Commun. ACM, 43(5):51–58, May 2000.
[61] Khadija Rasul, Nujhat Nuerie, and Al-Sakib Khan Pathan. An en-
hanced tree-based key management scheme for secure communication in
wireless sensor network. In Proceedings of the 2010 IEEE 12th
Inter- national Conference on High Performance Computing and
Communi- cations, HPCC ’10, pages 671–676, Washington, DC, USA,
2010. IEEE Computer Society.
[62] Kui Ren, Kai Zeng, and Wenjing Lou. A new approach for random
key pre-distribution in large-scale wireless sensor networks.
Wireless Communications and Mobile Computing, 6(3):307–318,
2006.
[63] Rodrigo Roman, Javier Lopez, Cristina Alcaraz, and Hsiao-Hwa
Chen. Sensekey – simplifying the selection of key management
schemes for sensor networks. In Proceedings of the 2011 IEEE
Workshops of Inter- national Conference on Advanced Information
Networking and Ap- plications, WAINA ’11, pages 789–794,
Washington, DC, USA, 2011. IEEE Computer Society.
[64] Rodrigo Roman, Jianying Zhou, and Javier Lopez. Applying
intru- sion detection systems to wireless sensor networks. In IEEE
Consumer Communications & Networking Conference (CCNC 2006),
pages 640– 644, Las Vegas (USA), January 2006. IEEE, IEEE.
[65] Thomas Schmid, Henri Dubois-ferriere, and Martin Vetterli.
Sen- sorscope: Experiences with a wireless building monitoring
sensor net- work. In First Workshop on Real-World Wireless Sensor
Networks (REALWSN’05), 2005.
34
[66] Adi Shamir. Identity-based cryptosystems and signature
schemes. In Proceedings of CRYPTO’84 on Advances in cryptology,
pages 47–53, New York, NY, USA, 1985. Springer-Verlag New York,
Inc.
[67] V. Shnayder, B. Chen, K. Lorincz, T.R.F.F. Jones, and M.
Welsh. Sensor networks for medical care. In Conference On Embedded
Networked Sensor Systems: Proceedings of the 3rd international
conference on Embedded networked sensor systems, volume 2, pages
314–314, 2005.
[68] Victor Shnayder, Mark Hempstead, Bor-rong Chen, Geoff Werner
Allen, and Matt Welsh. Simulating the power consumption of large-
scale sensor network applications. In Proceedings of the 2nd inter-
national conference on Embedded networked sensor systems, SenSys
’04, pages 188–200, New York, NY, USA, 2004. ACM.
[69] Gyula Simon, Peter Volgyesi, Miklos Maroti, and Akos Ledeczi.
Simulation-based optimization of communication protocols for large-
scale wireless sensor networks. In 2003 IEEE Aerospace Conference,
volume 3, pages 1339 – 1346, March 2003.
[70] Marcos A. Simplcio, Jr., Paulo S. L. M. Barreto, Cintia B.
Margi, and Tereza C. M. B. Carvalho. A survey on key management
mechanisms for distributed wireless sensor networks. Comput. Netw.,
54(15):2591– 2612, October 2010.
[71] SIMULINK, 2013. [Online; accessed 1/10/2013]. URL: http://www.
mathworks.com/products/simulink/.
[72] Frank Stajano, Dan Cvrcek, and Matt Lewis. Steel, cast iron
and con- crete: security engineering for real world wireless sensor
networks. In Proceedings of the 6th international conference on
Applied cryptog- raphy and network security, ACNS’08, pages
460–478, Berlin, Heidel- berg, 2008. Springer-Verlag.
[73] Andriy Stetsko, Tobias Smolka, Vashek Matyas, and Filip
Jurnecka. On the credibility of wireless sensor network
simulations: evaluation of intrusion detection system. In
Proceedings of the 5th International ICST Conference on Simulation
Tools and Techniques, SIMUTOOLS ’12, pages 75–84, ICST, Brussels,
Belgium, Belgium, 2012. ICST (In- stitute for Computer Sciences,
Social-Informatics and Telecommuni- cations Engineering).
[74] Piotr Szczechowiak, Anton Kargl, Michael Scott, and Martin
Collier. On the application of pairing based cryptography to
wireless sensor networks. In Proceedings of the second ACM
conference on Wireless network security, WiSec ’09, pages 1–12, New
York, NY, USA, 2009. ACM.
[75] Piotr Szczechowiak, Leonardo B. Oliveira, Michael Scott,
Martin Col- lier, and Ricardo Dahab. Nanoecc: Testing the limits of
elliptic curve cryptography in sensor networks. In Roberto Verdone,
editor, Wireless Sensor Networks, volume 4913 of Lecture Notes in
Computer Science, pages 305–320. Springer Berlin Heidelberg,
2008.
[76] TelosB Datasheet, 2013. [Online; accessed 1/10/2013]. URL:
http://bullseye.xbow.com:81/Products/Product_pdf_
files/Wireless_pdf/TelosB_Datasheet.pdf.
[77] Andras Varga. Using the omnet++ discrete event simulation
system in education. volume 42, page 372, 1999.
[78] Natalija J. Vlajic and Dawei Xia. Wireless sensor networks: To
cluster or not to cluster? In Proceedings of the 2006 International
Symposium on on World of Wireless, Mobile and Multimedia Networks,
WOW- MOM ’06, pages 258–268, Washington, DC, USA, 2006. IEEE
Computer Society.
[79] Petr Svenda and Vashek Matyas. Authenticated key exchange with
group support for wireless sensor networks. In Mobile Adhoc and
Sensor Systems, 2007. MASS 2007. IEEE Internatonal Conference on,
pages 1 –6, 2007.
[80] Tuan Manh Vu, Reihaneh Safavi-Naini, and Carey Williamson. Se-
curing wireless sensor networks against large-scale node capture
at- tacks. In Proceedings of the 5th ACM Symposium on Information,
Computer and Communications Security, ASIACCS ’10, pages 112– 123,
New York, NY, USA, 2010. ACM.
[81] Tuan Manh Vu, Carey Williamson, and Reihaneh Safavi-Naini.
Sim- ulation modeling of secure wireless sensor networks. In
Proceedings of the Fourth International ICST Conference on
Performance Evalu- ation Methodologies and Tools, VALUETOOLS ’09,
pages 30:1–30:10, ICST, Brussels, Belgium, Belgium, 2009. ICST
(Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering).
[82] Arvinderpal S. Wander, Nils Gura, Hans Eberle, Vipul Gupta,
and Sheueling Chang Shantz. Energy analysis of public-key
cryptogra- phy for wireless sensor networks. In Proceedings of the
Third IEEE International Conference on Pervasive Computing and
Communica- tions, PERCOM ’05, pages 324–328, Washington, DC, USA,
2005. IEEE Computer Society.
[83] Yong Wang, Garhan Attebury, and Byrav Ramamurthy. A survey of
security issues in wireless sensor networks. Commun. Surveys Tuts.,
8(2):2–23, April 2006.
[84] Ronald Watro, Derrick Kong, Sue-fen Cuti, Charles Gardiner,
Charles Lynn, and Peter Kruus. Tinypk: securing sensor networks
with public key technology. In Proceedings of the 2nd ACM workshop
on Security of ad hoc and sensor networks, SASN ’04, pages 59–64,
New York, NY, USA, 2004. ACM.
[85] Andre Weil. Sur les fonctions algebriques a corps de
constantes finis. Les Comptes rendus de l’Academie des sciences,
210:592–594, 1940.
[86] Geoffrey Werner-Allen, Patrick Swieskowski, and Matt Welsh.
Mote- lab: a wireless sensor network testbed. In Proceedings of the
4th inter- national symposium on Information processing in sensor
networks, IPSN ’05, Piscataway, NJ, USA, 2005. IEEE Press.
[87] Mohamed F. Younis, Kajaldeep Ghumman, and Mohamed Eltoweissy.
Location-aware combinatorial key management scheme for clustered
sensor networks. IEEE Trans. Parallel Distrib. Syst.,
17(8):865–882, Au- gust 2006.
[88] Zhen Yu and Yong Guan. A key pre-distribution scheme using de-
ployment knowledge for wireless sensor networks. In Proceedings of
the 4th international symposium on Information processing in sensor
networks, IPSN ’05, Piscataway, NJ, USA, 2005. IEEE Press.
[89] Zhen Yu and Yong Guan. A key management scheme using deploy-
ment knowledge for wireless sensor networks. IEEE Trans. Parallel
Distrib. Syst., 19(10):1411–1425, October 2008.
[90] Junqi Zhang and Vijay Varadharajan. Wireless sensor network
key management survey and taxonomy. Journal of Network and Com-
puter Applications, 33(2):63 – 75, 2010.
37
[91] Yongguang Zhang and Wenke Lee. Intrusion detection in wireless
ad- hoc networks. In Proceedings of the 6th annual international
confer- ence on Mobile computing and networking, MobiCom ’00, pages
275– 283, New York, NY, USA, 2000. ACM.
[92] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap: efficient
security mechanisms for large-scale distributed sensor networks. In
Proceed- ings of the 10th ACM conference on Computer and
communications security, CCS ’03, pages 62–72, New York, NY, USA,
2003. ACM.
[93] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap+:
Efficient security mechanisms for large-scale distributed sensor
networks. ACM Trans. Sen. Netw., 2(4):500–528, November 2006.
38
Summary of study results
I am the main author of the following article for a Czech journal
focusing on possible frauds in web-based applications:
• Filip Jurnecka and Vashek Matyas. 2011. Loterie pres webove
rozhran (in English: Lottery via the web interface). DSM – data
security man- agement, Volume 2011, Issue 3, pages 34-38. TATE
International, Prague.
Additionally, I have contributed to the following papers by
implemen- tations and discussions:
• Jir Kur, Vashek Matyas, Andriy Stetsko, and Petr Svenda. 2011.
At- tack detection vs. privacy — how to find the link or how to
hide it?. In Proceedings of the 19th International Workshop on
Security Proto- cols (SP’11). Springer-Verlag, Berlin, Heidelberg,
189-199.
• Andriy Stetsko, Martin Stehlk, and Vashek Matyas. 2011.
Calibrating and Comparing Simulators for Wireless Sensor Networks.
In Proceed- ings of the 2011 IEEE Eighth International Conference
on Mobile Ad- Hoc and Sensor Systems (MASS ’11). IEEE Computer
Society, Wash- ington, DC, USA, 733-738.
• Jan Bouda, Jan Krhovjak, Vashek Matyas, and Petr Svenda. 2009.
To- wards True Random Number Generation in Mobile Environments. In
Proceedings of the 14th Nordic Conference on Secure IT Systems:
Identity and Privacy in the Internet Age (NordSec ’09).
Springer-Ver- lag, Berlin, Heidelberg, 179-189.
I am involved in wireless sensor networks security research
projects for the Czech Ministry of the Interior and Czech Science
Foundation. I am a co-author of multiple reports, implementations
and proposals for these projects.
39
A. SUMMARY OF STUDY RESULTS
As part of my study, I also participated in the following
events:
• Conference “MKB’10, ’11, ’12 – Santa’s Crypto Get-Together”,
Praha, 2010, 11, 12. (Member of the organizing committee)
• Conference “MEMICS’12 – Eighth Doctoral Workshop on Mathemat-
ical and Engineering Methods in Computer Science”, Znojmo, Czech
Republic, 10/2012. (With own presentation “A Better Way towards Key
Establishment and Authentication in Wireless Sensor
Networks”)
• Conference “EurOpen.CZ”, Zeliv, 2011.
I helped with preparations, lectures, seminars and exercises of
Intro- duction to Development in C#/.NET (PV178) in 2011 and 2012,
exercises of Applied Cryptography (PV079) in 2011 and 2012,
seminars and exercises of Seminar on Design of Algorithm (PB164) in
2012, lectures of Laboratory of security and applied cryptography I
(PV181) in 2012 and Laboratory of security and applied cryptography
II (PV204) in 2012. I have also helped with Authentication and
Access Control (PV157) and Data Protection and Information Privacy
(PV080). Finally, I supervised two bachelor theses and currently am
supervising two more.
I successfully passed all attended courses focused mainly on IT
secu- rity and presentation skills: Postgraduate seminar on IT
security and cryp- tography (PA168), Advanced Topics in Information
Technology Security (PA018), Laboratory of security and applied
cryptography I (PV181), Se- curity analysis of network traffic
(PV210), English for Academic Purposes (post-graduate) (VV041) and
Academic Writing in English (VV043).
40
Introduction
Key management schemes' properties