Providing perfect forward secrecy for location-aware wireless sensor networks
© Chen et al.; licensee Springer. 2012
Received: 4 December 2011
Accepted: 6 July 2012
Published: 6 August 2012
Sensor nodes are resource-constrained, such as low battery life, computation, bandwidth and memory, so traditional public key schemes are impractical in wireless sensor networks. In the previous schemes, symmetric cryptography is the most common method used in sensor nodes. How to distribute keys into every sensor node is an important issue in many applications for hierarchical sensor networks. Once adversaries compromise a sensor node, they can obtain all information from the sensor’s memory, such as keying material. The revocation of compromised sensor nodes is also a necessary but troublesome operation. These compromised sensor nodes may lead to the compromise of the entire network. In this article, we present an efficient approach to establish security links between each sensor node/cluster head and its neighbor/member. Our scheme only requires small memory size for each cluster head and sensor node, and it can also ensure perfect forward secrecy via changing session key in every transmission.
In recent years, wireless sensor network is an important issue in many applications, such as military intrusion detection, habitat monitoring, and so on. Sensor nodes are often deployed in unattended environments, so the security design is vital in many sensitive applications. The security mechanisms for wireless sensor networks have to provide authentication, confidentiality, integrity, scalability, and flexibility. Sensor nodes can sense and forward the readings to the base station (or sink), so the secure communication among sensor nodes is one of many important security issues in the sensor networks for the purpose of avoiding being eavesdropped or injected bogus data by adversaries. Many studies in the previous researches have been in the security issues, and key management has been a popular research so far[1–8].
Traditional asymmetric schemes such as public-key techniques are not suitable for the resource-constrained sensor nodes, which are characterized by limited memory, computation, communication, and power. There are many variations of symmetric key schemes[9–11] used in the certificate authentication, and verification of a broadcast message. These variations are suitable for sensor nodes because they use the delay disclosure key that is actually used in a symmetric scheme for authentication and verification.
The pairwise key establishment between any two neighboring nodes is the main objective. Each sensor node can communicate with each neighboring sensor node using the pairwise key they shared. Eschenauer and Gligor proposed a well-known key management scheme called basic scheme. In the key predistribution phase, a large pool of P keys and their key identifiers are generated. Each sensor node randomly selects k keys from the key pool P without replacement. In the shared-key discovery phase, any two neighboring sensor nodes can find out if they share (at least) a common key via exchanging the list of key identifiers on their key rings or using a challenge-response protocol. If any two neighboring nodes can not find out a common key on their key rings, they can perform path-key establishment if the graph is connected. Chan et al. proposed three schemes called q-composite random key predistribution, multipath key reinforcement and random-pairwise keys scheme, respectively. The first and second schemes are the modifications of the basic scheme. The q-composite random key predistribution scheme requires that any two neighboring sensor nodes need to share at least q (q>1) keys for their link in order to increase the resilience against sensor node compromise. The multipath key reinforcement scheme can strengthen any link between any two neighboring sensor nodes that shared a single key via updating the communication key if enough routing information of them can be exchanged. The random-pairwise keys scheme offers the perfect resistance against node capture and node-to-node authentication. These schemes are all based on probabilistic shared keys.
Perrig et al. proposed two protocols called SNEP and μ TESLA, respectively. SNEP uses a counter to achieve semantic security without transmitting the counter value. μ TESLA employs a one-way key chain for the authentication of broadcast messages, and it is an important issue in wireless sensor networks. In, Liu and Ning proposed a variation of μ TESLA called Multilevel μ TESLA. This scheme improves the communication overhead, tolerance of message loss, scalability, resistance to replay attacks, and DOS attacks.
Heinzelman et al. proposed a self-organizing clustering protocol called LEACH. This scheme can average energy consumption in homogenous wireless sensor networks. Each sensor node decides whether or not to become a cluster head during different cluster rounds. Hsieh et al. proposed an adaptive security design based on LEACH, and they also used proposed intrusion detection module to detect the compromised cluster heads or sensor nodes by evaluating trust value. Oliveiraa et al. proposed a scheme called SecLEACH to add security to LEACH. They used a random key predistribution scheme proposed in to bootstrap security in LEACH.
Huan et al.[14, 15] proposed the access control protocols in wireless sensor networks. They used ECC-based cryptography for sensor node authentication and pairwise key establishment. Any two neighboring sensor nodes can establish a pairwise key if each one is authentic. Zhu et al. proposed a key management protocol called LEAP+ for sensor networks. They assumed that an adversary can not compromise a sensor node within a time interval. This scheme can also establish pairwise key between any two neighboring sensor nodes via exchanging their own identity. Suppose node x is a new deployed sensor node, and node y is a neighboring sensor node of node x, then they can establish pairwise key K xy after neighbor discovery. If adversaries compromise node x, they do not have method to establish pairwise key with other sensor nodes by manipulating node x.
In ID-based cryptography, a user’s ID is just like the user’s public key. An ID-based signature scheme called BNN-IBS can be found in. BNN-IBS is based on Schnorr signature, and this scheme can be efficiently used in wireless sensor networks without much computation overhead. Recently, Cao et al. proposed a variation of BNN-IBS called vBNN-IBS with a smaller signature size. The schemes in[21, 22] are the similar to ID-based cryptography.
In this article, we propose a secure communication scheme among nodes through preloading each node with a unique and private seed for a hierarchical (heterogeneous) sensor network. This scheme can achieve secure unicast, multicast, and local broadcast using the private seed which each sensor node possesses. When a cluster head is compromised by an adversary, we can redistribute the sensor nodes of this cluster into new cluster heads. Because each cluster head does not have the private seeds which its members posses, we can eliminate any compromised cluster head easily. Furthermore, our scheme can minimize the storage overhead of each sensor node by preloading each sensor node with one private seed only.
The rest of this article is organized as follows. In Section “Related works”, we introduce related work. We present the background knowledge used in this article in Section “Preliminaries”. In Section “The proposed method”, we present our proposed method. Section “Security analysis” is the security analysis. Section “Performance evaluations” is the performance evaluation. The conclusion is in Section “Conclusion”.
Du et al. proposed a key management scheme for heterogeneous or hierarchical sensor networks. A large key pool and the corresponding key IDs are generated at the beginning. Each L-sensor is loaded with l keys, and each H-sensor (e.g., cluster head) is loaded with M (M≫l) keys without replacement from the key pool. When the key predistribution phase is finished, the shared-key discovery phase is performed by each L-sensor and H-sensor for finding the pairwise key between any two nodes. In this article, we use the clustering method used in to form clusters in the sensor networks. Du et al.[3, 4] proposed a scalable and flexible pairwise key predistribution scheme. This scheme is more resilient against node capture than previous schemes.
In hierarchical sensor networks, exclusion basis system (EBS) applies a set of administrative keys to each sensor node. The key management scheme is defined as EBS (n k m), where n is the number of the sensor nodes in the EBS, k is the number of administrative keys assigned to each sensor node, and m is the number of administrative keys not assigned to each sensor node. The total number of administrative keys is k + m. Each sensor node holds a unique subset of administrative keys. Chorzempa et al. employed the EBS in their scheme, called SECK in hierarchical sensor networks. SECK is a cluster-based dynamic key management scheme. When one or more sensor nodes are compromised by adversaries, it has to rekey by AFN (i.e., cluster head). Once an AFN is lost or captured, each sensor node within the same cluster has to re-cluster, which is triggered by a trusted third party (TTP) (e.g., base station). SECK is resilient to sensor nodes and key captures. Our scheme is similar to SECK, each cluster is also controlled by the corresponding cluster head which stores some secret information, e.g., keys. Younis et al. proposed a novel key management scheme called SHELL based on EBS in clustered sensor networks. Command Node (e.g., sink or Base Station) designates for each cluster a number of key generating gateways (e.g., cluster head), so SHELL is more resilient against gateway compromise. They proposed a novel approach for administrative keys assignment in each cluster. The heuristic key assignment algorithm can efficiently resist the collusion attacks since each pair has the smallest Hamming distance between any two neighboring sensor nodes when assigning a subset of administrative keys to each sensor node.
In[21, 23, 24], the authors proposed several localization schemes. In this article, we assume that each sensor node can estimate its location by these localization schemes. We also assume that an adversary can not launch an efficient attack to affect the localization performance. In other words, each sensor node can estimate its location correctly.
Chang et al. proposed a dynamic multicast communications scheme. In this article, we use this scheme for a secure multicast communication between any two neighboring sensor nodes. We introduce our network model and the scheme in the next section.
In this section, we briefly introduce our network architecture and the scheme in called broadcast-encryption-based key management scheme as follows.
The network model
The broadcast-encryption-based key management scheme
Finally, u x is able to decrypt and get secret message M. Each sender can choose a random secret key K and random number X if they want to multicast secret messages in their group.
The adversary model and threat model
Adversaries are able to compromise (or capture) one or more sensor nodes (or cluster head) in wireless sensor networks. Then all the secret information (e.g., all key material, or data) held by the sensor node (or the cluster head) is known to the adversaries. Once adversaries obtain the secret keys from the compromised sensor nodes (or the cluster head), they may manipulate or attack the sensor network. We also assume that adversaries do not have any prior knowledge of what is stored in each sensor node. In the previous scheme[2, 5], once the adversaries compromise a cluster head, all the secret keys held by the cluster head in that cluster will be compromised. But our proposed scheme can prevent this situation from compromising all the keys in that cluster because each cluster head does not possess the private seeds held by its members. If an adversary compromises a cluster head, the sensor nodes in that cluster has to be re-clustered into new clusters and establish new security relationships among them. The adversary can also compromise a sensor node, and then the cluster head in that cluster has to revoke the compromised sensor node without the operation of rekeying. We assume that only the base station is trustworthy.
The proposed method
In this section, we describe our scheme designed for hierarchical sensor networks. Our scheme applies the location information to deploy the sensor nodes and cluster heads. The advantages of using location information are to prevent from replication attack, sybil attack, and wormhole attack. The detailed steps of our scheme are introduced in the following section.
The setup phase
Before sensor nodes and cluster heads are deployed, a TTP, e.g., the sensor networks controller or the base station, decides the system parameters such as a symmetric encryption algorithm E(∗) with a l-bit key, an one-way hash function H(∗) with a fixed l-bit output. We denote an ordinary sensor and a cluster head as N i and CH j , respectively. The base station preloads each sensor node N i with two parameters including a unique identity and a seed which is unique and private. For each cluster head CH j , the base station also preloads it with a unique identity I, a unique and private seed, and another seed, where; ∥ is the operation of concatenation. Note that the base station has all private seeds of each cluster head and sensor node, i.e.,,, and its own private seed SBSwhich is only known to itself.
The cluster head registration phase
If hold by cluster head CH j is correct, the base station is able to decrypt with, and transmits the seeds of other cluster heads encrypted with the key, e.g., (CH m represents other cluster heads,, and j ≠ m), to the cluster head CH j for communications among cluster heads.
The clustering phase
Each cluster head broadcasts a hello message that contains (I) to nearby sensor nodes using the maximum power with a random delay that can avoid the collision of hello messages, where represents the CH j ’s location. If two or more cluster heads are available for sensor node N i , it chooses the cluster head, denoted as ch i , whose hello message has the strongest signal to become a member of the cluster controlled by ch i . Note that we assume that a sufficient number of cluster heads are deployed, so most sensor nodes in the sensor network can receive the hello message(s) from at least one or more cluster heads. Finally, each cluster is controlled by a cluster head. This clustering scheme is similar to the schemes used in or.
The sensor node join phase
where After receiving this message from the base station, ch i can decrypt this message and obtain the seeds of its members, i.e., in this cluster controlled by ch i . Finally, ch i can tabulate each sensor node’s ID, location, and in this cluster. Note that is not the private seed possessed by N i .
The sensor node discovery phase
N i can decrypt this message and obtain the seeds of its neighbors, i.e.,. Each sensor node can use this method to obtain the seeds of its neighboring sensor nodes for securely communicating with them. Note that if N i do not send a join message to the corresponding cluster head ch i for becoming a member of the cluster in advance, ch i will reject its request message once N i wants to obtain the seeds of its neighbors.
The secure communication phase
After obtaining, N k can decrypt this message and obtain M. N i can communicate with one or more neighboring sensor nodes in the same manner.
Re-clustering after cluster head capture/compromise
where, and After receiving this message, CH j can decrypt it and knows which cluster head is compromised by adversaries. If CH j (one or more) is located around ch c , it will rebroadcast a re-clustering message that contains (< >) to nearby sensor nodes using the maximum power with a random delay for redistributing the sensor nodes that belong to ch c into new cluster heads. If a sensor node which receives many re-clustering messages belongs to ch c , it will need to choose a new cluster head whose re-clustering message has the strongest signal to join the cluster. The following steps are similar to the sensor node join phase and the sensor node discovery phase as mentioned before. Note that the list c stored in the base station can prevent the false or illegal sensor nodes from joining new clusters during the sensor node join phase. In our re-clustering scheme, ch c do not possess the private seeds which its members possess. The base station only needs to regenerate the corresponding seeds, i.e.,, and sends them to CH j that is located around ch c . The compromise of the cluster head ch c can not cause the entire compromise of its cluster.
Revocation after sensor node capture/compromise
where After receiving this message, the members of the cluster controlled by ch can decrypt it and know the compromised sensor node’s ID and location. If a sensor node is one of N c ’ neighbors, say N k , it has to remove the corresponding seed, i.e.,, and update the relation with the compromised sensor node N c . Note that the compromised sensor node N c does not possess the private seeds of its neighbors N k , i.e.,, and it only possesses the given seeds of its neighbors from ch, i.e.,. N k can revoke N c by memorizing the revoked only.
Adding new sensor nodes
Sensor nodes may be compromised or exhaust their batteries, so adding new sensor nodes is a critical issue after some running or operation time. Each new sensor node is preloaded with two parameters: (I DnewSnew), an encryption algorithm E(∗), and an one-way hash function H(∗). After new sensor nodes are randomly deployed, they have to be distributed into new cluster heads. The base station asks each cluster head to rebroadcast a hello message for clustering. The follow-up processes are similar to the clustering phase, the sensor node join phase, and the sensor node discovery phase. Note that old sensor nodes may receive hello message(s) from one or more cluster heads, they will ignore the message(s). We also assume, like the scheme, that the hello messages broadcast of sensor nodes is performed during the sensor node discovery phase wherein all sensor nodes are free from compromise. Each sensor node can finish the discovery phase successfully in the process.
Eavesdropping and injection attack
Our proposed method can prevent external adversaries from eavesdropping normal messages or injecting bogus data into the sensor network. Because adversaries do not have the corresponding seeds of sensor nodes, they can not decrypt messages or impersonate a legitimate sensor node to forge messages for disrupting the sensor network.
Sensor node replication attack
Adversaries can deploy malicious sensor nodes which are clones of a compromised sensor node, say A, into multiple locations in the sensor network. There are two scenarios. The first scenario is that a clone is deployed at one location distant from A’s original location in the same cluster as A. This will be detected by the corresponding cluster head if the clone sends a join message to the cluster head. The second scenario is that a clone is deployed in the different cluster from A. The base station can be aware of which cluster the clone wants to join during the sensor node join phase because it knows each member’s ID and the corresponding location of each cluster if A has joined a cluster at one location before. Once the base station knows that the clone of a compromised sensor node may be deployed in the vicinity of a certain cluster head, it can reject the clone’s join message. Therefore, the base station can make a judgment that A is a compromised sensor node and then takes the appropriate action in order to revoke A.
Newsome et al. and Zhou et al. were introduced the Sybil attack. In this attack, a malicious sensor node claims multiple IDs or locations. Suppose that a malicious sensor node, say A, impersonates a legitimate or illegitimate sensor node, say B. The malicious sensor node A looks like a new deployed sensor node B from the view of the sensor nodes in the vicinity of A. Sybil attack may lead to many serious effects in sensor network, e.g., inconsistence of the network routing information. Our scheme can defense against Sybil attack because the malicious sensor node A do not possess the corresponding private seed of B. Thus, the malicious sensor node can not successfully impersonate other nodes to inject forged data or routing information into the sensor network without the corresponding private seeds.
In the Wormhole attack, adversaries try to tunnel normal messages between two distinct locations by creating an out-of-band and low-latency channel[15, 21, 22, 27, 28]. This attack does not compromise any sensor node, but it may lead to many serious threats, e.g., the chaos of the routing operations. In our scheme, suppose that the channel between two far sensor nodes (they are not neighbors) C and D is created by adversaries in a cluster. A legitimate sensor node, say C, receives a reply message from another sensor node, say D, during the sensor node discovery phase, and it can check if the location of D is within its transmission range. If D is not within C’s transmission range, C will confirm that D is not one of its neighbors. In another situation, when C receives a message sent from D during The Secure Communication Phase, it can also check if the location of D is within its transmission. If D is not within C’s transmission range, C will reject the message sent from D. Assuming that adversaries forge the location of D to be within C’s transmission range, C can not decrypt the message sent from D because C will use the location of D to compute the corresponding seed, i.e., in order to obtain the session key K D via computing the equation. Because the location of D is fake, C can not decrypt the message sent from D correctly. Therefore, our scheme can defense against Wormhole attack according to locations. Note that if a malicious sensor node forges its location to communicate with other sensor nodes, in all probability, it will be detected by its neighboring sensor nodes (or cluster head) which have its ID and location. Once the neighbors of the malicious sensor node detect the abnormality of it, they will notify the corresponding cluster head of the event.
The authors in[21, 28] pointed out that the Sinkhole attack is a serious attack to wireless sensor network routing protocols. In this attack, compromised or malicious sensor nodes try to attract all the messages from their neighbors by tricking other sensor nodes. In other words, a compromised or malicious sensor node wants to become a relay node for attracting all the messages sent by legitimate sensor nodes. Under such attack, our scheme can withstand Sinkhole attack via checking whether the distance between two locations is within the reasonable transmission range or not. With our scheme, the location information advertisements of neighbors of each sensor node can be authenticated. Assuming that a compromised sensor node forges its own location to trick other sensor nodes, in all probability, this attack will be detected by its neighbors (or cluster head) as the mentioned before.
Perfect forward secrecy
Each cluster head has to store the seeds, IDs and locations of all its members in order to securely broadcast messages to its members. Because cluster heads are resource-rich, this storage overhead is acceptable for them. Each sensor node also has to store the seeds, IDs and locations of all its neighbors. Because the communication range of each sensor node is limited, the number of these neighbors is also restricted.
For simplicity, we only discuss the required keys for a sensor node in this section. In our proposed method, each sensor node N i has to store its own private seed, e.g., and the seeds of its neighboring sensor nodes, e.g.. The number of a sensor node’s neighbors depends on the network density. Suppose that a sensor node wants to communicate with its n neighbors, and then the sensor node has to store n seeds of its neighbors in order to securely broadcast/multicast messages. We make a comparison with the previous schemes[2, 5] used in a hierarchical sensor network in terms of the required keys.
Du et al. proposed an asymmetric predistribution key management scheme (AP). We recall that a large key pool and the corresponding key IDs are generated at the beginning, and each L-sensor is loaded with l keys, and each H-sensor (e.g., cluster head) is loaded with M(M≫l) keys without replacement from the key pool. Each sensor node also can set up broadcast keys in order to securely broadcast messages to its neighbors. Assuming that the number of neighbors of a sensor node is n, the sensor node will have to store n + 1 broadcast keys in its memory.
Mica2 motes are widely used in wireless sensor networks, and we use the following consumption rates: 16.25 and 12.25 μ J/byte for transmission and reception to Mica2 motes, respectively. We also assume that ID, location and X are 2, 2, and 8 bytes, respectively. The communication overhead of the sensor node discovery phase is evaluated using the assumptions mentioned above. This phase incurs the following communication cost. We recall that when a sensor node N i tries to find its one-hop neighbors within its transmission range, it broadcasts a hello message that contains its, which is 6 bytes, to its one-hop neighbors. The energy consumption of the payload for transmission and reception is 97.5 and 73.5 μ J, respectively. Assuming that a sensor node has n neighbors, its communication overhead is (97.5+73.5n) μ J. This time complexity of communication overhead is O(n) according to the number of neighbors of one sensor node.
In the following, we evaluate the communication overhead of one sensor node according to the number of a multicast group during the secure communication phase. This communication overhead of broadcasting/multicasting messages depends on the size of a multicast group U m . In our scheme, the additional communication cost of transmission and reception is acceptable for resource-constrained sensor nodes during the secure communication phase because the number of neighbors of every sensor node is limited by small transmission range. For example, assuming that sensor node N i wants to broadcast/multicast data M to its neighbors as the mentioned in Section “The proposed method”, it has to send the following message,, B,, and. The bigger the quantity of U m of sensor node N i is, the bigger the value of B is, e.g.,. The time complexity of B is O(n2) according to the number of neighbors of one sensor node.
In our scheme, we do not employ any public key technique for communications among nodes, instead we use symmetric cryptography, multiplication and mod operations to encrypt/decrypt data and compute B and K, respectively. These operations are not a big computation overhead used in resource-constrained sensor nodes. Assuming that sender N i transmits a message, in which B is computed by N i using multiplication operation, to receiver N k , and then the receiver N k can obtain from the message sent by sender N i using mod operation to compute the following equation. After obtaining, the receiver can use this key to decrypt the message via the symmetric cryptography which is suitable for resource-constrained sensor nodes. We evaluate energy cost of symmetric-key and hash algorithms using. We use the following assumption rates: 1.62/2.49 μ J/byte and 5.9 μ J/byte for AES with 128-bit keys for data encryption/decryption and SHA-1 for hashing, respectively. The energy cost of encrypting/decrypting a 20 bytes data and hashing a 136 bytes data are 32.4/49.8 μ J and 802.4 μ J, respectively. As reported in, the modular inverse computation and modular exponentiation operation are the most time-consuming operations. Therefore, our scheme do not use these two operations, and we only use the multiplication and mod operations for sensor nodes.
We propose a secure broadcast/multicast scheme for hierarchical sensor networks. Each node is only preloaded with one private seed prior to deploy, and the memory size can be minimal for resource-constrained sensor nodes. In our method, the revocation of compromised sensor nodes or cluster heads becomes easier than the previous schemes which need the operation of rekeying because each sensor node or cluster head does not possess the private seeds of its neighbors. The resource-rich cluster heads are responsible for the management and distribution of seeds for their members. Our scheme can defense against the common attacks of wireless networks. Changing the session key every time can also achieve perfect forward secrecy in our scheme. Adversaries can only intercept and collect the former messages of one cluster, but they can not decrypt these messages once a certain sensor node of the cluster is compromised.
This work was partially supported by the National Science Council, Taiwan, under contract no. NSC100-2410-H-005-046. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.
- Chan H, Perrig A, Song D: Random key predistribution schemes for sensor networks. Proceedings of the 2003 IEEE Symposium on, Security and Privacy 2003, 197-213. (The Claremont Resort Oakland, California, USA, 11-14 May 2003)Google Scholar
- Chorzempa M, Park JM, Eltoweissy M: Key management for long-lived sensor networks in hostile environments. Comput. Commun 2007, 30(9):1964-1979. 10.1016/j.comcom.2007.02.022View ArticleGoogle Scholar
- Du W, Deng J, Han YS, Varshney PK: A pairwise key predistribution scheme for wireless sensor networks. Proceedings of the 10th ACM Conference on Computer and Communications (SecurityCCS’03) 2003, 42-51. (Washington, DC, USA, 27-30 October 2003)Google Scholar
- Du W, Deng J, Han YS, Varshney PK, Khalili A: A pairwise key predistribution scheme for wireless sensor networks. ACM Trans. Inf. Syst. Secur 2005, 8(2):228-258. 10.1145/1065545.1065548View ArticleGoogle Scholar
- Du X, Xiao Y, Guizani M, Chen HH: An effective key management scheme for heterogeneous sensor networks. Ad Hoc Netw 2007, 5(1):24-34. 10.1016/j.adhoc.2006.05.012View ArticleGoogle Scholar
- Eltoweissy M, Heydari H, Morales L, Sudborough H: Combinatorial optimizations of group key management. J. Netw Syst. Manage 2004, 12(1):30-50.View ArticleGoogle Scholar
- Eschenauer L, Gligor VD: A key management scheme for distributed sensor networks. Proceedings of the 9th ACM Conference on Computer and Communication Security (CCS’02) 41-47. (New York, NY, USA, 2002)Google Scholar
- Younis MF, Ghumman K, Eltoweissy M: Location-aware combinatorial key management scheme for clustered sensor networks. IEEE Trans. Parallel Distrib. Syst 2006, 17(8):865-882.View ArticleGoogle Scholar
- Hsieh MY, Huang YM, Chao HC: Adaptive security design with malicious node detection in cluster-based sensor networks. Comput. Commun 2007, 30(11-12):2385-2400. 10.1016/j.comcom.2007.04.008View ArticleGoogle Scholar
- Liu D, Ning P: Multilevel μTESLA: broadcast authentication for distributed sensor networks. ACM Trans. Embed. Comput. Syst 2004, 3(4):800-836. 10.1145/1027794.1027800MathSciNetView ArticleGoogle Scholar
- Perrig A, Szewczyk R, Tygar JD, Wen V, Culler DE: SPINS: security protocols for sensor networks. Wirel. Netw 2002, 8(5):521-534. 10.1023/A:1016598314198View ArticleGoogle Scholar
- Heinzelman WR, Chandrakasan A, Balakrishnan H: Energy-efficient communication protocol for wireless microsensor networks. Proceedings of the 33rd Annual Hawaii International Conference on System Sciences (HICSS) 3005-3014. (Island of Maui,4–7January 2000)Google Scholar
- Oliveiraa LB, Ferreirac A, Vilaca MA, Wong HC, Bern M, Dahab R, Loureiro AAF: SecLEACH-On the security of clustered sensor networks. Signal Process 2007, 87(12):2882-2895. 10.1016/j.sigpro.2007.05.016View ArticleGoogle Scholar
- Huang HF: A novel access control protocol for secure sensor networks. Comput. Stand. Interfaces 2009, 31(2):272-276. 10.1016/j.csi.2008.05.014View ArticleGoogle Scholar
- Zhou Y, Zhang Y, Fang Y: Access control in wireless sensor networks. Ad Hoc Netw 2007, 5(1):3-13. 10.1016/j.adhoc.2006.05.014View ArticleGoogle Scholar
- Zhu S, Setia S, Jajodia S: LEAP+: efficient security mechanisms for large-scale distributed sensor networks. ACM Trans. Sens. Netw 2006, 2(4):500-528. 10.1145/1218556.1218559View ArticleGoogle Scholar
- Shamir A: Identity-based cryptosystems and signature schemes. Proceeding of the Cryptology-Crypto’84 47-53. (Santa Barbara, California, USA, 19-22 August 1984)Google Scholar
- Bellarea M, Namprempre C, Neven G: Security proofs for identity-based identification and signature schemes. Proceeding of the EUROCRYPT’04 268-286. (Interlaken, Switzerland,2–6May 2004)Google Scholar
- Schnorr CP: Efficient signature generation for smart card. J. Cryptol 1991, 4(3):161-174.MathSciNetView ArticleGoogle Scholar
- Cao Xi, Dang L, Kou W, Zhao B: IMBAS: identity-based multi-user broadcast authentication in wireless sensor networks. Comput. Commun 2008, 31(4):659-667. 10.1016/j.comcom.2007.10.017View ArticleGoogle Scholar
- Zhang Y, Liu W, Fang Y, Wu D: Secure localization and authentication in ultra-wideband sensor networks. IEEE J. Sel. Areas Commun 2006, 24(4):829-835.View ArticleGoogle Scholar
- Zhang Y, Liu W, Lou W, Fang Y: Location-based compromise-tolerant security mechanisms for wireless sensor networks. IEEE J. Sel. Areas Commun 2006, 24(2):247-260.View ArticleGoogle Scholar
- Capkun S, Hubaux J-P: Secure positioning of wireless devices with application to sensor networks. Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3 1917-1928. (Miami, FL, USA, 13-17 March 2005)Google Scholar
- Savvides A, Han C, Strivastava M: Dynamic fine-grained localization in ad hoc networks of sensors. Proceedings of the 7th Annual International Conference on Mobile Computing and Networking 166-179. (Rome, Italy, 2001)Google Scholar
- Chang CC, Su YW, Lin IC: A broadcast-encryption-based key management scheme for dynamic multicast communications. Proceedings of the 2nd International Conference on Scalable Information Systems (Suzhou, China,6–8June 2007)Google Scholar
- Newsome J, Shi E, Song D, Perrig A: The sybil attack in sensor networks: Analysis & defenses. Proceedings of The 3rd International Symposium on Information Processing in Sensor Networks (IPSN’04) 26-27. (Berkeley, California, USA, 2004)Google Scholar
- Hu Y, Perrig A, Johnson D: Packet leashes: a defense against wormhole attacks in wireless ad hoc networks. Proceedings of the 22th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3 1976-1986. (San Francisco, CA, 2003)Google Scholar
- Karlof C, Wagner D: Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Netw 2003, 1(2):293-315. 10.1016/S1570-8705(03)00008-8View ArticleGoogle Scholar
- Oliveira LB, Wang HC, Loureiro AA: LHA-SP: Secure protocols for hierarchical wireless sensor networks. Proceedings of 9th IFIP/IEEE International Symposium on Integrated Network Management 31-44. (Nice, France, 15-19 May 2005)Google Scholar
- Wander A, Gura N, Eberle H, Gupta V, Shantz S: Energy analysis of public-key cryptography for wireless sensor networks. Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications 324-328. (Kauai Island, HI, USA, 8-12 March 2005)Google Scholar
This article is published under license to BioMed Central Ltd. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.