A Mutual Broadcast Authentication Protocol for Wireless Sensor ...

Hindawi Publishing Corporation International Journal of Distributed Sensor Networks Volume 2015, Article ID 397130, 10 pages http://dx.doi.org/10.1155/2015/397130

Research Article A Mutual Broadcast Authentication Protocol for Wireless Sensor Networks Based on Fourier Series Xiaogang Wang and Weiren Shi College of Automation, Chongqing University, Chongqing 40044, China Correspondence should be addressed to Xiaogang Wang; wxg [email protected] Received 15 July 2015; Accepted 11 October 2015 Academic Editor: Antonino Staiano Copyright © 2015 X. Wang and W. Shi. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. This thesis presents a mural broadcast authentication protocol (MBAP) for wireless sensor networks based on Fourier series according to the issues of the main broadcast authentication protocol 𝜇TESLA being limited in authentication delay, more initial parameters, limited time, large key chain, and network congestion. Firstly, achieving the forward authentication work for common sensor nodes to base station is based on the characteristic of continuous-integrability function 𝑓(𝑥) in [−𝜋, 𝜋] which could be expanded into Fourier series, including entity authentication and source attestation. Secondly, assume that 𝑓(𝑥) is the quadratic form function, and achieve the reverse authentication work for base station to common sensor nodes by detecting the security of 𝑓(𝑥). The analysis results of safety performance in MBAP show that the captured nodes in WSN will not affect the security of broadcast authentication protocol and have low computation and communication cost, the base station can make broadcast randomly, and common sensor nodes can authenticate messages instantly, which solves the problem of network congestion well. The most important thing of MBAP is the mutual broadcast authentication method which ensures the security of the network greatly.

1. Introduction In wireless sensor networks (WSN), in order to save the network bandwidth and the communication time, the base station and the cluster heads generally send messages to the common sensor nodes by broadcasting. And broadcast communication plays a very important role in WSN, and its security has a direct impact on the security of the entire network [1–5]. Therefore, it must be able to authenticate the source, the accuracy, and the integrity of the broadcast packets when the receiving nodes get the broadcast packets; it is also known as broadcast authentication. The broadcast authentication includes two parts: entity authentication and source attestation. Entity authentication is the process for confirming the identity of the sending nodes based on some authentication protocol, which insures the security for network access. And source attestation is mainly to ensure the integrity of the messages and prevent unauthorized nodes sending, forging, and tampering messages. These two parts’ authentication can be achieved by the generation and verification of message authentication code

(MAC). If the broadcast authentication takes the symmetric encryption mechanism, each captured node can modify or forge the messages and threaten the whole network security. So, it is necessary to use asymmetric encryption technique for broadcast authentication. There are many efficient broadcast protocols that have been proposed, such as broadcast transmission capacity (BTC) of heterogeneous wireless ad hoc networks with secrecy outage constraints [6], a qos-based broadcast protocol (QBBP) for multihop cognitive radio ad hoc networks under blind information [7], and a reliable and total order tree-based (RTOT) broadcast in wireless sensor network [8]. But it is hard to design broadcast authentication protocols for WSN because of the limitations of WSN. There are two kinds of WSN broadcast authentication protocols: one is the signature authentication [9–11], but it is hard to be applied because of the disadvantage of using public key cryptography and large cost, and the other one is the message authentication code (MAC) [12–15], such as the 𝜇TESLA which is proposed as the broadcast authentication protocol by Perrig based on the security protocols for sensor networks in [15],

2 which realizes the asymmetry of broadcast authentication by using the symmetric encryption mechanism, and including three key parts: key establishment, disclosing authentication key, and authenticating broadcast data. In addition, multilevel LTESLA, a broadcast authentication system for distributed sensor networks, is proposed in [16], which divides authentication into multiple levels, where the high level key chain authenticates the low level key chain, and the low layer key chain authenticates the broadcast data packets, but it is suitable for the single base station network. This thesis presents a mutual broadcast authentication protocol (MBAP) for wireless sensor networks based on Fourier series according to the problems of the main broadcast authentication protocol 𝜇TESLA being limited in authentication delay, more initial parameters, limited time, large key chain, and network congestion. And the mutual authentication between nodes and base station is achieved according to the characteristic of continuous-integrability function 𝑓(𝑥) in [−𝜋, 𝜋] which could be expanded into Fourier series. Firstly one has pre-distributing 𝑓(𝑥) for each node upon network initializing, calculating the current Fourier series coefficients, establishing authentication key 𝐾󸀠 , verifying the correctness of the broadcast authentication information, achieving entity authentication and source attestation. Secondly, assuming that 𝑓(𝑥) is the quadratic form function and achieving the reverse authentication work for base station to common sensor nodes by detecting the security of 𝑓(𝑥), it also means that the MBAP protocol can achieve mutual security authentication. The analysis results of safety performance in MBAP show that the captured nodes in WSN will not affect the security of broadcast authentication protocol and have low computation and communication cost, the base station can make broadcast randomly, and common sensor nodes can authenticate messages instantly, which solves the problem of network congestion well. The most important thing of MBAP is the mutual broadcast authentication method which ensures the security of the network greatly. The paper is organized as follows. In Section 2, we analyze the related work, such as 𝜇TESLA protocol principle and its issues. In Section 3, we discuss the specific principle of MBAP, including network model assumptions, Fourier series’ characteristics analysis and MBAP authentication principle. Section 4 analyzes the security of MBAP compared with MBAP. And summary is made in Section 5.

2. Related Work 2.1. 𝜇TESLA Protocol. In 𝜇TESLA, the asymmetric characteristic of broadcast authentication is realized by using the symmetric encryption mechanism on condition of the loose time synchronization of sending nodes and receiving nodes. The key points of 𝜇TESLA protocol are using hash key chain and publishing key delayed, as showed in Figure 1, a oneway function key chain is established by the sending node, where the length of key chain is 𝑛 + 1, and the first key 𝐾𝑛 of the key chain is generated randomly by the sending node, but the next keys are all generated by the one-way function ℎ𝑎𝑠ℎ acting on the last key repeatedly, such as 𝐾𝑗 = 𝐻(𝐾𝑗+1 ).

International Journal of Distributed Sensor Networks The sending node divides the communication time into equal time slices, where the length of each time slice is 𝐷, and each time slice is assigned a key in order, but the order of the assigned keys is the opposite order of the key chain, and each message 𝑃𝑖 of time slice 𝑗 is encrypted by 𝐾𝑗 , such as MAC𝐾𝑗 (𝑃𝑖 ). The sending node determines the key delay time 𝛿 based on the time slice length, and the key 𝐾𝑗 on time slice 𝑗 will be published after 𝛿, such as 𝛿 = 2 in Figure 1. To avoid the additional communication cost, the published key is sent to the receiving nodes by being attached with the data packet. If there is no data packet on some time slice, the key attached with the data packet will not be published, and this key can be calculated by the next keys in one-way function ℎ𝑎𝑠ℎ. More importantly, the initial parameters 𝐾0 , 𝛿, and 𝐷 and starting time 𝑇0 should be sent to receiving nodes before authentication. 2.2. 𝜇TESLA Protocol Issues 2.2.1. Computation Cost. The 𝜇TESLA protocol has higher authentication efficiency in the case of sending data packets frequently, but it has a very low sending frequency in some applications, such as fire alarm and other event-driven applications, where the transmission interval of the adjacent data packets may be far greater than the time slice 𝐷 of 𝜇TESLA and causes lots of keys not to be used for the data packets authentication, and the distance between adjacent keys on the key chain is also increased and causes a large computation cost and authentication delay. Increasing 𝐷 can alleviate this problem, but it also causes a lot of authentication delay, and the receiving nodes also need more memory space for buffering packets. 2.2.2. Delay. In 𝜇TESLA, the time interval of sending message {MAC𝐾𝑖 (𝑃𝑖 ) ‖ 𝐾𝑖−2 ‖ 𝑃𝑖 ‖ 𝑖(𝑡)} will be increased gradually, and the time for buffering data packets is also increased because of the authentication delay, which also makes the protocol more vulnerable to be attacked by DoS. Therefore, the authentication mechanism of 𝜇TESLA is not suitable for the situation of large sending time interval. 2.2.3. Problem of Initialization Parameters. The most important problem of 𝜇TESLA is the distribution of initialization parameters. Each sending node has an independent authentication key chain for encrypting its own data packets, and each receiving node makes authentication for {MAC𝐾𝑖 (𝑃𝑖 ) ‖ 𝐾𝑖−2 ‖ 𝑃𝑖 ‖ 𝑖(𝑡)} after receiving the initialization parameters 𝐾0 , 𝛿, and 𝐷 and starting time 𝑇0 . If the nodes send the initialization parameters {𝐾0 , 𝛿, 𝐷, 𝑇0 } in unicast way, it will cause much resource consumption, because the sending node needs to encrypt the {𝐾0 , 𝛿, 𝐷, 𝑇0 } in different keys shared with the receiving node, which will cause the delay for data packet transmission and authentication, and the delay may lead to DoS attacks. 2.2.4. Authentication Aging Problem. There are some applications that require real-time authentication for broadcasting, such as real-time audio frequency, video stream, and alarm

International Journal of Distributed Sensor Networks H

K0

H

H

K1

3

T1 P0

P1

Kj

Kj−1

···

H

Kj+1

Tj−1

Tj−2

Pj

Kj−3

Kj−2 Publish

Publish

Kn

···

··· Tj+1

Tj

Pj−1

H

t

Time slice j

··· T0

H

H

Tn−1

Tn

Pn Kn−2 Publish

Figure 1: 𝜇TESLA protocol.

information. Obviously, 𝜇TESLA is not suitable for high ageing applications because of the authentication delay. SN

2.2.5. Fixed Key Chain Length. In 𝜇TESLA, the authentication key of each time slice is predistributed upon network initialization. On the one hand, if the work time is too long, it means that the length of key chain is too large, which will cause a large computation cost and storage cost. On the other hand, if the work time is too short, it cannot meet the requirement of frequent data exchange and long-term work. Therefore, in order to meet the characteristics of lower delay, better aging, less key storage, computing fast, and better flexibility for the general broadcast authentication in WSN, this paper introduces the mathematical theory of Fourier series, which simplifies the practical issues based on characteristic of Fourier series coefficients and makes a simple and efficient broadcast authentication.

3. MBAP 3.1. Network Model Assumptions. In WSN, either the base station or the sensor node is the broadcaster (as shown in Figure 2). According to the topology of the network, it can broadcast directly when the base station is the broadcaster which can send the information to the prerecipient without intermediate nodes or can send the information to the prerecipient layer by layer, such that the base station will send the information to each cluster head first of all, and the cluster head will send the information to each common sensor node after authentication. When the sensor nodes are the broadcasters, they can only send the information to their neighbor nodes directly without intermediate nodes. In order to facilitate the description of MBAP, the network is assumed as follows: (1) Assume that the network is isomorphic and static and each of the sensor nodes has been uniformly deployed in the target area and has same configuration in software and hardware and will not move any more once they are deployed, where the network size is

BS

Figure 2: Broadcasting communication in centralized network.

𝑁, including 2 types of nodes, base station (BS) and sensor node (SN), as shown in Figure 2. (2) Assume that base station (BS) is equipped with abundant software and hardware resources and can cover the entire network deployment area by means of a high power radio signal, and it is responsible for storing the basic information of all the nodes in network and has the ability to detect compromised or captured nodes. (3) Common sensor node is responsible for collecting environmental data. The ability to process data of sensor node is limited by storage space, energy reserves, and communication distance. Since the communication radius of the common sensor node is limited, the communication between nodes which are not in the communication radius should be transferred by neighbor node. The main symbols in the text are shown as follows: BS: base station,

4

International Journal of Distributed Sensor Networks SN: sensor node,

∫

𝑐+2𝜋

𝑐

ℎ(𝑥): ℎ𝑎𝑠ℎ function,

2𝜋

cos2 𝑘𝑥 𝑑𝑥 = ∫ cos2 𝑘𝑥 𝑑𝑥 0

=∫

2𝜋

0

𝐾: authentication key, ∫

ID𝑖 : identity symbol of node 𝑖,

𝑐+2𝜋

𝑐

1 + cos 2𝑘𝑥 𝑑𝑥 = 𝜋, 2

(4)

sin2 𝑘𝑥 𝑑𝑥 = 𝜋, (𝑘 = 1, 2, . . .)

𝑓(𝑥): continuous-integrability function, 𝐷: time slice length,

∫

𝑐+2𝜋

𝑐

𝑃: plaintext,

12 𝑑𝑥 = 2𝜋.

3.2.2. Fourier Series Coefficient Analysis

𝐿(𝑖): authentication message of time slice 𝑖.

Deduction 1. Assume that function 𝑓(𝑥) has been expanded to a uniformly convergent trigonometric series:

3.2. Analyzing Characteristics of Fourier Series 𝑓 (𝑥) =

Definition 1. If the function 𝑓(𝑥) period is 𝑇, it is satisfied on the following conditions:

𝑎0 ∞ + ∑ (𝑎 cos 𝑘𝑥 + 𝑏𝑘 sin 𝑘𝑥) . 2 𝑘=1 𝑘

(5)

Then ∞

𝑓 (𝑥) = 𝐴 0 + ∑ 𝐴 𝑛 sin (𝑛𝜔𝑥 + 𝜑𝑛 ) 𝑛=1

(1)

∞

= 𝐴 0 + ∑ (𝑎𝑛 cos 𝑛𝜔𝑥 + 𝑏𝑛 sin 𝑛𝜔𝑥) .

𝑎0 =

1 𝜋 ∫ 𝑓 (𝑥) 𝑑𝑥, 𝜋 −𝜋

𝑎𝑘 =

1 𝜋 ∫ 𝑓 (𝑥) cos 𝑘𝑥 𝑑𝑥, 𝜋 −𝜋

(𝑘 = 0, 1, 2, . . .) ,

𝑏𝑘 =

1 𝜋 ∫ 𝑓 (𝑥) sin 𝑘𝑥 𝑑𝑥, 𝜋 −𝜋

(𝑘 = 0, 1, 2, . . .) .

𝑛=1

And claim that formula (1) is the Fourier series determined by 𝑓(𝑥). 3.2.1. Orthogonal Analysis of Trigonometric Function. Assume that 𝑐 is a real number and cos 𝑘𝑥 and sin 𝑘𝑥 are the periodic function in [𝑐, 𝑐 + 2𝜋], where the period is 2𝜋, and then 𝑐+2𝜋

∫

𝑐

∫

𝑐

𝜋

∫ 𝑓 (𝑥) 𝑑𝑥 = −𝜋

2𝜋

0

𝑐+2𝜋

Proof. Assume that 𝑓(𝑥) is an integrable function in [−𝜋, 𝜋], where the right side of (5) can be integrable term by term. So we can get (7) by (2). Consider

𝑎0 =

cos 𝑘𝑥 𝑑𝑥 = ∫ cos 𝑘𝑥 𝑑𝑥 = 0, 2𝜋

(2)

sin 𝑘𝑥 𝑑𝑥 = ∫ sin 𝑘𝑥 𝑑𝑥 = 0, 0

∫ 𝑓 (𝑥) cos 𝑛𝑥 𝑑𝑥 = −𝜋

And it is easy to prove with product and difference ∫

𝑐+2𝜋

𝑐

∫

𝑐+2𝜋

𝑐

∫

𝑐+2𝜋

𝑐

𝑎0 ⋅ 2𝜋 = 𝑎0 𝜋, 2 1 𝜋 ∫ 𝑓 (𝑥) 𝑑𝑥. 𝜋 −𝜋

∞

𝜋

𝑘=1

−𝜋

𝑎0 𝜋 ∫ cos 𝑛𝑥 𝑑𝑥 2 −𝜋

+ ∑ (𝑎𝑘 ∫ cos 𝑘𝑥 cos 𝑛𝑥 𝑑𝑥

sin 𝑘𝑥 cos 𝑙𝑥 𝑑𝑥 = 0,

(7)

Set that 𝑛 is a positive integer and multiplying by both sides with cos 𝑛𝑥 for 𝑓(𝑥) and integration in [−𝜋, 𝜋] then we can get (8) by (2), (3), and (4): 𝜋

(𝑘 = 1, 2, . . .) .

(6)

(8)

𝜋

𝜋

−𝜋

−𝜋

+ 𝑏𝑘 ∫ sin 𝑘𝑥 cos 𝑛𝑥 𝑑𝑥) = ∫ 𝑎𝑛 cos2 𝑛𝑥 𝑑𝑥

sin 𝑘𝑥 sin 𝑙𝑥 𝑑𝑥 = 0,

(3)

= 𝑎𝑛 𝜋. Therefore

cos 𝑘𝑥 cos 𝑙𝑥 𝑑𝑥 = 0 (𝑘 ≠ 𝑙; 𝑘, 𝑙 = 1, 2, . . .)

𝑎𝑛 =

1 𝜋 ∫ 𝑓 (𝑥) cos 𝑛𝑥 𝑑𝑥. 𝜋 −𝜋

(9)

International Journal of Distributed Sensor Networks

5 the first step is to abandon 𝐿(𝑖) on time 𝑖(𝑡), and the second step is to verify the legitimacy of 𝐿(𝑖) on time 𝑖(𝑡) by BS.

Similarly 𝑏𝑛 =

1 𝜋 ∫ 𝑓 (𝑥) sin 𝑛𝑥 𝑑𝑥. 𝜋 −𝜋

(10)

Conversely, if 𝑖(𝑡) is the latest time, it is showed that 𝐿(𝑖) is the authentication information which needs to be authenticated currently, and go to Step 4.

3.3. MBAP Authentication Principle. We assume that 𝑓(𝑥) is a continuous-integrability function in [−𝜋, 𝜋] which is predistributed for each node upon initializing. So, the MBAP authentication principle is as follows.

Step 4 (entity authentication). Because 𝑓(𝑥) is predistributed for each sensor node, according to the Definition 1 and Deduction 1, set

Thus Deduction 1 is proved.

Step 1 (establishing authentication key). The base station divides the communication time into equal time slices, where the length of each time slice is 𝐷, and each time slice is assigned a key in order. Set 𝐾(𝑖) to be the authentication key distributed for the time slice 𝑖, and set 𝐾 (𝑖) =

𝑖 𝑎0 + ∑ (𝑎𝑘 cos 𝑘𝑥 + 𝑏𝑘 sin 𝑘𝑥) . 2 𝑘=1

(11)

It is obvious that the keys for each time slice are different based on Deduction 1, and 𝐾 (𝑖 + 1) =

𝑖+1

𝑎0 + ∑ (𝑎 cos 𝑘𝑥 + 𝑏𝑘 sin 𝑘𝑥) 2 𝑘=1 𝑘

(12)

= 𝐾 (𝑖) + (𝑎𝑖+1 cos (𝑖 + 1) 𝑥 + 𝑏𝑖+1 sin (𝑖 + 1) 𝑥) .

It is showed in (12) that the authentication key 𝐾(𝑖 + 1) on time slice 𝑖 + 1 can be calculated by 𝐾(𝑖) and Fourier series coefficients 𝑎𝑖+1 and 𝑏𝑖+1 . Step 2 (building broadcast authentication information). We assume that 𝐿(𝑖) is the broadcast authentication information of the time 𝑖(𝑡) on time slice 𝑖, where 𝑡 is a certain time on time slice 𝑖, and set 𝐿 (𝑖) = {𝑃𝑖(𝑡) ‖ ℎ (𝑎𝑖 ) ‖ ℎ (𝑏𝑖 ) ‖ MAC

(13)

= ℎ (𝐾 (𝑖) , 𝑃𝑖(𝑡) , 𝑖 (𝑡)) ‖ 𝑖 (𝑡)} , where 𝑎𝑖 𝜋

=

𝜋

(1/𝜋) ∫−𝜋 𝑓(𝑥) cos 𝑖𝑥 𝑑𝑥 and 𝑏𝑖

=

(1/

𝜋) ∫−𝜋 𝑓(𝑥) sin 𝑖𝑥 𝑑𝑥 are last two Fourier series coefficients of 𝐾(𝑖), 𝑃𝑖(𝑡) is the plaintext message of time 𝑖(𝑡), and MAC = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) makes sure that 𝐾(𝑖) is undisclosed which ensures the security of the key in the process of message communication. Then there are base station broadcasts 𝐿(𝑖). Step 3 (application verification). The common sensor node gets the authentication information 𝐿(𝑖) and time 𝑖(𝑡). If the common sensor node has received the authentication information 𝐿(𝑖) on time 𝑖(𝑡 + 1), it is showed that the authentication information 𝐿(𝑖) is outdated, and it is likely to be caused by network congestion or may be an enemy in disguise after being captured. For this unusual situation,

𝑎𝑖󸀠 = 𝑏𝑖󸀠

1 𝜋 ∫ 𝑓 (𝑥) cos 𝑖𝑥 𝑑𝑥 𝜋 −𝜋

1 𝜋 = ∫ 𝑓 (𝑥) sin 𝑖𝑥 𝑑𝑥. 𝜋 −𝜋

(14)

If ℎ(𝑎𝑖󸀠 ) = ℎ(𝑎𝑖 ) and ℎ(𝑏𝑖󸀠 ) = ℎ(𝑏𝑖 ), it is showed that 𝐿(𝑖) is the authentication information sent by BS on the time slice 𝑖, and entity authentication is completed by now. Conversely, if ℎ(𝑎𝑖󸀠 ) ≠ ℎ(𝑎𝑖 ) or ℎ(𝑏𝑖󸀠 ) ≠ ℎ(𝑏𝑖 ), abandon 𝐿(𝑖) and check the legitimacy of 𝐿(𝑖) by BS. Step 5 (source attestation). After the completion of entity authentication, it is necessary to determine whether the plaintext message 𝑃𝑖(𝑡) has been tampered by enemy, and set 𝐾󸀠 (𝑖) =

𝑖 𝑎0󸀠 + ∑ (𝑎𝑘󸀠 cos 𝑘𝑥 + 𝑏𝑘󸀠 sin 𝑘𝑥) 2 𝑘=1

Or 𝐾󸀠 (𝑖) = 𝐾 (𝑖 − 1) + (𝑎𝑖󸀠 cos 𝑖𝑥 + 𝑏𝑖󸀠 sin 𝑖𝑥) ,

(15) (16)

where 𝐾(𝑖 − 1) is the authentication key on time slice 𝑖 − 1 which has been authenticated on last time slice and ℎ(𝑎𝑖󸀠 ) = ℎ(𝑎𝑖 ) and ℎ(𝑏𝑖󸀠 ) = ℎ(𝑏𝑖 ) have been authenticated in Step 4, so 𝐾󸀠 (𝑖) = 𝐾(𝑖) based on (12), where 𝐾(𝑖) encrypted by hash function cannot be got by enemy. It is showed in (16) that the calculation of 𝐾󸀠 (𝑖) avoids amounts of the calculation of Fourier series coefficients each time and reduces the computation cost greatly. And if ℎ (𝐾󸀠 (𝑖) , 𝑃𝑖(𝑡) , 𝑖 (𝑡)) = ℎ (𝐾 (𝑖) , 𝑃𝑖(𝑡) , 𝑖 (𝑡)) = MAC,

(17)

it is showed that the plaintext message 𝑃𝑖(𝑡) is integrity and not tampered by enemy, and source attestation is completed by now. Conversely, if ℎ(𝐾󸀠 (𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) ≠ ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)), it is showed that the plaintext message 𝑃𝑖(𝑡) is captured by enemy and checking the legitimacy of 𝐿(𝑖) by BS. The forward authentication work for common sensor nodes to base station is completed from now on, and the forward flow chart of MBAP protocol is showed in Figure 3. Step 6 (reverse authentication) Deduction 2. In order to detect the security of 𝑓(𝑥), assume that 𝑓(𝑥) is a quadratic polynomial and a continuousintegrability function for some variable in [−𝜋, 𝜋]. And

6

International Journal of Distributed Sensor Networks where, assuming 𝑓𝑤𝑖 (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ) is the quadratic polynomial of node 𝑖, 𝜆 𝑖1 , 𝜆 𝑖2 , . . . , 𝜆 𝑖𝑛 are the eigenvalues of 𝑓𝑤𝑖 (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ), {𝜉𝑖1 , 𝜉𝑖2 , . . . , 𝜉𝑖𝑛 } are the eigenvectors of 𝑓𝑤𝑖 (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ), and assume that

Initialization Predistribution f(x)

Establishing authentication key

[ [ [ C𝑖 = [ [ [

K(i)

Building broadcast authentication information

Abandon

New package No

Application verification

No

Application verification

Yes h(ai󳰀 ) = h(ai ), h(bi󳰀 ) = h(bi ) Source attestation Yes h(Ki󳰀 , Pi(t) , i(t)) = h(Ki , Pi(t) , i(t)) Finish

Figure 3: Forward flow chart of MBAP protocol.

the reverse authentication work for the base station to the common sensor nodes can be completed by detecting the security of 𝑓(𝑥), and it also means that the MBAP protocol can achieve mutual security authentication. Proof. Assume that 𝑓(𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ) is a multiple asymmetric quadratic form polynomial in field 𝑃: 𝑓 (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ) = 𝑎11 𝑥12 + 𝑎12 𝑥1 𝑥2 + ⋅ ⋅ ⋅ + 𝑎1𝑛 𝑥1 𝑥𝑛 + 𝑎21 𝑥2 𝑥1 +

(19)

0 ⋅ ⋅ ⋅ 𝜆 𝑖𝑛 ]

D𝑖 = [𝜉𝑖1 , 𝜉𝑖2 , . . . , 𝜉𝑖𝑛 ] .

Application verification Old package

Entity authentication

0 ⋅⋅⋅ 0

0 𝜆 𝑖2 ⋅ ⋅ ⋅ 0 ] ] ] , .. .. .. .. ] ] . . . . ]

[0

Broadcast L(i)

𝑎22 𝑥22

𝜆 𝑖1

= ℎ (𝐾 (𝑖) , 𝑃𝑖(𝑡) , 𝑖 (𝑡)) ‖ 𝐾𝑖 (𝑓 (𝑥)new ) ‖ ℎ (𝑓 (𝑥)new ) ‖ (20)

+ 𝑎𝑛2 𝑥𝑛 𝑥2 + ⋅ ⋅ ⋅ + 𝑎𝑛𝑛 𝑥𝑛2 𝑥1

Step 7 (update 𝑓(𝑥)). For the network security, 𝑓(𝑥) should be updated periodically, so we modify the broadcast authentication information 𝐿(𝑖) by the base station and set 𝐿 (𝑖)󸀠 = {𝑃𝑖(𝑡) ‖ ℎ (𝑎𝑖 ) ‖ ℎ (𝑏𝑖 ) ‖ MAC

+ ⋅ ⋅ ⋅ + 𝑎2𝑛 𝑥2 𝑥𝑛 + ⋅ ⋅ ⋅ + 𝑎𝑛1 𝑥𝑛 𝑥1

𝑎11 𝑎12 ⋅ ⋅ ⋅ 𝑎1𝑛

We can assume that node 𝑛𝑖 has achieved forward authentication work for base station and responded to the base station with a message 𝑀 = {𝑓(𝑥) ‖ ℎ(C𝑖 ) ‖ ℎ(D𝑖 ) ‖ ID𝑖 } and the base station will make reverse authentication upon receiving the message 𝑀 = {𝑓(𝑥) ‖ ℎ(C𝑖 ) ‖ ℎ(D𝑖 ) ‖ ID𝑖 }. Based on [17], we can get that the eigenvalues 𝜆 𝑖1 , 𝜆 𝑖2 , . . . , 𝜆 𝑖𝑛 of quadratic polynomial 𝑓𝑤𝑖 (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ) in different sequence or incorrectness will affect the accuracy of eigenvectors {𝜉𝑖1 , 𝜉𝑖2 , . . . , 𝜉𝑖𝑛 } or D𝑖 , and the eigenvectors in different sequence that belonged to the same eigenvalue also can affect the accuracy of D𝑖 . For this reason, we can assume that the sequence of eigenvalues and eigenvectors of each sensor node are predistributed by base station, which can avoid the same response information by different nodes and ensure the independence of the reverse authentication work. For example, 𝑀 = {𝑓(𝑥) ‖ ℎ(C𝑖 ) ‖ ℎ(D𝑖 ) ‖ ID𝑖 } is the response information of node 𝑛𝑖 , and the base station can get C󸀠𝑖 and D󸀠𝑖 based on the sequence of eigenvalues and eigenvectors of node 𝑛𝑖 . If ℎ(C𝑖 ) ≠ ℎ(C󸀠𝑖 ) or ℎ(D𝑖 ) ≠ ℎ(D󸀠𝑖 ), it is showed that node 𝑛𝑖 is captured by enemy and removed by base station. If ℎ(C𝑖 ) = ℎ(C󸀠𝑖 ) and ℎ(D𝑖 ) = ℎ(D󸀠𝑖 ), it is showed that identity of node 𝑛𝑖 is authenticated base station. Therefore, a mutual broadcasting authentication work is achieved by now and Deduction 2 is proved.

(18)

[𝑎 𝑎 ⋅ ⋅ ⋅ 𝑎 ] [𝑥 ] [ 21 22 2𝑛 ] [ 2 ] ][ ] [ = (𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ) [ . [ ] . . .. ] ][ . ] [ . . . . . . ] [ .. ] [ . [𝑎𝑛1 𝑎𝑛2 ⋅ ⋅ ⋅ 𝑎𝑛𝑛 ] [𝑥𝑛 ] = 𝑋𝑇 𝐴𝑋, where 𝐴 is the quadratic matrix of 𝑓(𝑥1 , 𝑥2 , . . . , 𝑥𝑛 ), 𝑎𝑖𝑗 = 𝑎𝑗𝑖 , 𝑖, 𝑗 = 1, . . . , 𝑛, 𝐴 = 𝐴𝑇 . A key management scheme based on quadratic for WSN is proposed in [17] by the author Xiaogang Wang,

𝑖 (𝑡)} ,

where the first part {𝑃𝑖(𝑡) ‖ ℎ(𝑎𝑖 ) ‖ ℎ(𝑏𝑖 ) ‖ MAC = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡))} of 𝐿(𝑖)󸀠 is still the broadcast authentication information 𝐿(𝑖), so the common sensor nodes can still make forward authentication work. After forward authentication, each sensor node can get 𝑓(𝑥)new by 𝐾𝑖 and verify 𝑓(𝑥)new by ℎ(𝑓(𝑥)new ), removing the old 𝑓(𝑥) at last. And the updating for 𝑓(𝑥) is completed by now.

4. Security Analysis Because of the limited resource in WSN, it should meet 3 basic requirements for designing efficient broadcast authentication

International Journal of Distributed Sensor Networks

4.1. Anticapture. In MBAP, we know that 𝑓(𝑥) is the key point of authentication, and the network will not be safe once 𝑓(𝑥) leaked, so the selection of 𝑓(𝑥) is very important. On the basis of [17], we assume that 𝑓(𝑥) is 𝑛-variate quadratic polynomial in field 𝑃, which has a high anticapture. For example, a key management scheme for distributed sensor networks is proposed by Eschenauer and Gligor in [18], and the main idea of this scheme is based on the binary 𝑡th symmetric polynomials, if the enemy captures some nodes which all include the same binary 𝑡th symmetric polynomial, and the nodes’ number is more than 𝑡, such that the communication key will be decrypted by enemy, it is also called 𝑡-collusion attack. In MBAP, if the enemy wants to get the communication keys, it should decrypt the binary 𝑡th symmetric polynomial 𝑓(𝑥) or the matrix 𝐴 in formula (18), but 𝐴 is a symmetric matrix, it means that there are 𝑛(𝑛+1)/2 different elements in matrix 𝐴 needed to be decrypted, and the difficulty of decrypting 𝐴 will be multiplied when the dimension 𝑛 of matrix 𝐴 is slightly changed (as shown in Figure 4). So it shows that it is very difficult to capture the binary 𝑡th symmetric polynomial𝑓(𝑥). In addition to this, we assume that the size of the network in WSN is 𝑁, and if 𝑁 < 𝑛(𝑛+1)/2, it shows that the enemy is unable to decrypt matrix 𝐴 and also unable to decrypt 𝑓(𝑥). Therefore, for the small or middle size network, the network is absolutely safe as long as 𝑁 < 𝑛(𝑛 + 1)/2. And, for the large network, it also can guarantee the network security as long as there is reasonable network structure, such as increasing the number of clusters space and limiting the number of cluster members. It shows that MBAP in this paper has good anticapture performance. 4.2. Low Cost. In this paper, the computation cost and communication cost of MBAP protocol are relatively low, which can meet the requirements of low cost. Firstly, the broadcast authentication information 𝐿(𝑖) = {𝑃𝑖(𝑡) ‖ ℎ(𝑎𝑖 ) ‖ ℎ(𝑏𝑖 ) ‖ MAC = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) ‖ 𝑖(𝑡)} is verified by single hash operation, while the 𝜇TESLA is operated by key chain. Secondly, we can get 𝐾󸀠 (𝑖) = 𝐾(𝑖 − 1) + (𝑎𝑖󸀠 cos 𝑖𝑥 + 𝑏𝑖󸀠 sin 𝑖𝑥) in (16), where 𝐾(𝑖−1) is the authentication key on time slice 𝑖−1 which has been authenticated on last time slice, so we can get 𝐾󸀠 (𝑖) = 𝐾(𝑖) by verifying ℎ(𝑎𝑖󸀠 ) = ℎ(𝑎𝑖 ) and ℎ(𝑏𝑖󸀠 ) = ℎ(𝑏𝑖 ) in Step 4 of Section 3.3, which shows that the calculation of 𝐾(𝑖) avoids amounts of the calculation for Fourier series coefficients each time and reduces the computation cost greatly. 4.3. Instant Authentication. In MBAP, we can make authentication immediately based on the characteristics of Fourier series coefficients when the authentication information 𝐿(𝑖) is broadcasted by the base station. But the 𝜇TESLA protocol needs to make the authentication after the delay time 𝛿, which may cause a communication blocking.

1400 1200 Captured nodes, n

protocol: Firstly, insure the lower computation and communication cost. Secondly, the base station can make authentication randomly. Thirdly, the sensor nodes can make a real-time authentication. In this paper, the TWBAP protocol has some own security features besides the above the 3 conditions.

7

1000 800 600 400 200 0

0

10 20 30 40 Space dimension of quadratic polynomial, d

50

Anticapture performance of MBAP

Figure 4: Anticapture performance of MBAP.

4.4. Delay. In 𝜇TESLA, we know that the time interval of sending message {MAC𝐾𝑖 (𝑃𝑖 ) ‖ 𝐾𝑖−2 ‖ 𝑃𝑖 ‖ 𝑖(𝑡)} will be increased gradually, and the time for buffering data packets is also increased because of the authentication delay, which also makes the protocol more vulnerable to be attacked by DoS. In MBAP, the authentication information 𝐿(𝑖) = {𝑃𝑖(𝑡) ‖ ℎ(𝑎𝑖 ) ‖ ℎ(𝑏𝑖 ) ‖ MAC = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) ‖ 𝑖(𝑡)} and we get that the plaintext message 𝑃𝑖(𝑡) and authentication key 𝐾(𝑖) are sent together in 𝐿(𝑖), and there is no such problem that the time interval of sending message is increased gradually. We know that authentication delay includes the transmission cost and the computation cost, where the transmission cost is the necessary cost which cannot be avoided. For 𝜇TESLA, the authentication delay should also include delay time 𝛿. In order to analyze the delay problems between MBAP and 𝜇TESLA by simulation, we assume that 𝑇 is the authentication delay and 𝐷 is the length of time slice, which can be set to 1 in here, and assume delay time 𝛿 = 2, 𝐾0 is the initial key, and 𝑡 is the computation time of a hash calculation. In 𝜇TESLA, {MAC𝐾𝑖 (𝑃𝑖 ) ‖ 𝐾𝑖−2 ‖ 𝑃𝑖 ‖ 𝑖(𝑡)} is the message authentication code on time slice 𝑖, we can judge the correctness of 𝐾𝑖−2 by 𝐾0 = 𝐻𝑖−2 (𝐾𝑖−2 ), it shows that the entity authentication is completed by 𝑖 − 2 times hash calculation, and we can verify the integrity of 𝑃𝑖−2 by MAC𝐾𝑖−2 (𝑃𝑖−2 ), and it shows that the source attestation is completed by a hash calculation. So, we assume that 𝑇1 is the authentication cost on time slice 𝑖 in 𝜇TESLA, and 𝑇1 = (𝑖 − 2) 𝑡 + 𝑡 + 𝛿 = (𝑖 − 1) 𝑡 + 𝛿 = (𝑖 − 1) 𝑡 + 2.

(21)

In MBAP, 𝐿(𝑖) = {𝑃𝑖(𝑡) ‖ ℎ(𝑎𝑖 ) ‖ ℎ(𝑏𝑖 ) ‖ MAC = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) ‖ 𝑖(𝑡)} is the message authentication code on time slice 𝑖, for the entity authentication, we should calculate 𝑎𝑖󸀠 = 𝜋 𝜋 (1/𝜋) ∫−𝜋 𝑓(𝑥) cos 𝑖𝑥 𝑑𝑥 and 𝑏𝑖󸀠 = (1/𝜋) ∫−𝜋 𝑓(𝑥) sin 𝑖𝑥 𝑑𝑥 by two conventional operation and calculate ℎ(𝑎𝑖󸀠 ) = ℎ(𝑎𝑖 ) and ℎ(𝑏𝑖󸀠 ) = ℎ(𝑏𝑖 ) by two times hash calculation, for the source attestation, and we should calculate 𝐾𝑖󸀠 = 𝑎0󸀠 /2 +

8

International Journal of Distributed Sensor Networks 4 Authentication delay, T (s)

Authentication delay, T (s)

2.5 2 1.5 1 0.5 0

2

4

6

8

10

12

14

16

18

3.5

3

2.5

2

20

2

4

6

8

Time slice, i (s) T1 T2

10 12 14 Time slice, i (s)

16

18

20

18

20

18

20

T1 T3

Figure 5: 𝑇 changes.

Figure 6: 𝑇 changes of 𝜇TESLA protocol.

(22)

And the authentication cost of 𝑇1 and 𝑇2 is showed in Figure 5, where 𝑡 = 0.01 s. It is obvious that 𝑇1 is increased gradually with the time change, which also shows that the 𝜇TESLA needs more authentication cost with the time change, while the authentication cost of MBAP is not changed all the time. It shows the cost changes of once authentication calculation on different time slices in Figure 5, but there will be amounts of authentication calculation happening on each time slice actually, which can cause some time delay for each authentication calculation. So, the authentication delay is increased with the time changes. For this reason, we assume that there will be 𝑛 times authentication calculation happening on each time slice, and we assume that 𝑇3 is the authentication cost on time slice 𝑖 by 𝑛 times authentication calculation in 𝜇TESLA, and 𝑇3 = 𝑛 ((𝑖 − 2) 𝑡 + 𝑡) + 𝛿 = 𝑛 (𝑖 − 1) 𝑡 + 𝛿 = 𝑛 (𝑖 − 1) 𝑡 + 2.

(23)

Similarly, we assume that 𝑇4 is the authentication cost on time slice 𝑖 by 𝑛 times authentication calculation in MBAP, and 𝑇4 = 𝑛 (4𝑡) = 4𝑛𝑡.

(24)

For ease of calculating, we assume 𝑛 = 10, and the authentication cost of these two protocols is showed in Figures 6, 7, and 8. It is indicated in Figures 6 and 7 that the authentication delays of these two protocols are all increased with the time

0.35 Authentication delay, T (s)

𝑇2 = 4𝑡.

0.4

0.3 0.25 0.2 0.15 0.1 0.05 0 2

4

6


14

16

T2 T4

Figure 7: 𝑇 changes of MBAP protocol.

4 Authentication delay, T (s)

∑𝑖𝑘=1 (𝑎𝑘󸀠 cos 𝑘𝑥 + 𝑏𝑘󸀠 sin 𝑘𝑥) by a conventional operation and calculate ℎ(𝐾󸀠 (𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) = ℎ(𝐾(𝑖), 𝑃𝑖(𝑡) , 𝑖(𝑡)) by a hash calculation. For ease of calculation, we assume that a conventional operation cost also is 𝑡 and 𝑇2 is the authentication cost on time slice 𝑖 in MBAP, and

3.5 3 2.5 2 1.5 1 0.5 0 2

4 T1 T2

6

8


16

T3 T4

Figure 8: 𝑇 changes between two protocols.

International Journal of Distributed Sensor Networks changes, but the authentication delays of 𝜇TESLA are increased much faster with the authentication calculation increasing, while the authentication delay of MBAP is changed stably. It is indicated in Figure 8 that there will be some messages abandoned on some slices with the authentication delay increasing in 𝜇TESLA; it is one of the issues in 𝜇TESLA analyzed in Section 2. 4.5. Initialization Parameter. In MBAP, the only predistributed initialization parameter is 𝑓(𝑥), and if 𝑓(𝑥) is a quadratic polynomial, this can make a mutual authentication. While in 𝜇TESLA the initialization parameters are {𝐾0 , 𝛿, 𝐷, 𝑇0 } and if the nodes send the initialization parameters {𝐾0 , 𝛿, 𝐷, 𝑇0 } in unicast way upon network initialization, that will cause much resource consumption, because the sending node needs to encrypt {𝐾0 , 𝛿, 𝐷, 𝑇0 } in different keys shared with the receiving node, which will cause the delay for data packet transmission and authentication, and the delay may lead to DoS attacks. 4.6. Length of the Key Chain. In 𝜇TESLA, when the sensor nodes receive the published key 𝐾𝑗 , we can verify the correctness of 𝐾𝑗 by 𝐾0 = 𝐻𝑗 (𝐾𝑗 ) or 𝐾𝑖 = 𝐻(𝑗−𝑖) (𝐾𝑗 ), where 𝐾𝑖 is the verified key before 𝐾𝑗 and 𝐾0 is the initial key. So in order to complete the authentication task in 𝜇TESLA, it needs to save a long secret key chain and needs to reconstruct the key chain sometimes, which makes a large network load. In MBAP, the authentication key 𝐾(𝑖) is Fourier series, and we can get 𝐾󸀠 (𝑖) = 𝐾(𝑖 − 1) + (𝑎𝑖󸀠 cos 𝑖𝑥 + 𝑏𝑖󸀠 sin 𝑖𝑥) in (16), where 𝐾(𝑖 − 1) is the authentication key on time slice 𝑖 − 1 which has been authenticated on last time slice, so we can get 𝐾󸀠 (𝑖) = 𝐾(𝑖) by verifying ℎ(𝑎𝑖󸀠 ) = ℎ(𝑎𝑖 ) and ℎ(𝑏𝑖󸀠 ) = ℎ(𝑏𝑖 ) in Step 4 of Section 3.3, which shows that the calculation of 𝐾(𝑖) avoids amounts of the calculation of Fourier series coefficients each time and reduces the computation cost greatly.

5. Summary This thesis presents a mutual broadcast authentication protocol (MBAP) for wireless sensor networks based on Fourier series according to the problems of the main broadcasting authentication protocol 𝜇TESLA being limited in authentication delay, more initial parameters, limited time, large key chain, and network congestion. And the mutual authentication between nodes and base station is achieved according to the characteristic of continuous-integrability function 𝑓(𝑥) in [−𝜋, 𝜋] which could be expanded into Fourier series. Firstly, one has predistributing 𝑓(𝑥) for each node upon network initializing, calculating the current Fourier series coefficients, establishing authentication key 𝐾󸀠 , verifying the correctness of the broadcast authentication information, achieving entity authentication, and source attestation. Secondly, assuming that 𝑓(𝑥) is the quadratic form function and achieving the reverse authentication work for base station to common sensor nodes by detecting the security of 𝑓(𝑥), it also means that the MBAP protocol can achieve

9 mutual security authentication. The analysis results of safety performance in MBAP show that the captured nodes in WSN will not affect the security of broadcast authentication protocol and have a low computation and communication cost, the base station can make broadcast randomly, and common sensor nodes can authenticate messages instantly, which solves the problem of network congestion well. The most important thing of MBAP is the mutual broadcast authentication method which ensures the security of the network greatly.

Conflict of Interests The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments This work is funded by the National Nature Science Foundation of China (no. 61473050), National Science and Technology Planning of China (2011BAJ03B13-2), and National Basic Research Program of China (2013CB328903).

References [1] R. Q. Zhao, X. H. Shen, X. M. Zhang, and J. P. Hou, “Maximum life-time broadcast protocol for wireless sensor networks,” in Proceedings of the International Conference on Computer Application and System Modeling (ICCASM ’10), vol. 11, pp. 440– 444, Taiyuan, China, October 2010. [2] X. Ma, J. Zhang, X. Yin, and K. S. Trivedi, “Design and analysis of a robust broadcast scheme for VANET safety-related services,” IEEE Transactions on Vehicular Technology, vol. 61, no. 1, pp. 46–61, 2012. [3] K. C. Ramalingam, V. Subramanian, A. S. Uluagac, and R. Beyah, “SIMAGE: secure and link-quality cognizant image distribution for wireless sensor networks,” in Proceedings of the IEEE Global Communications Conference (GLOBECOM ’12), pp. 616–621, Piscataway, NJ, USA, December 2012. [4] X.-F. Liu, Y.-Q. Zhang, H. Wang, and G.-H. Zhang, “An efficient anonymity message authentication with backward secure revocation for vehicular ad hoc networks,” Journal of Electronics and Information Technology, vol. 36, no. 1, pp. 94–100, 2014. [5] R. Xie, C.-X. Xu, W.-J. Chen, and W.-P. Li, “An RFID authentication protocol anonymous against readers,” Journal of Electrical Systems & Information Technology, vol. 37, no. 5, pp. 1241–1247, 2015. [6] W. C. Ao and K. C. Chen, “Broadcast transmission capacity of heterogeneous wireless ad hoc networks with secrecy outage constraints,” in Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM ’11), pp. 1–5, IEEE Press, Houston, Tex, USA, December 2011. [7] Y. Song and J. Xie, “A QoS-based broadcast protocol for multihop cognitive radio ad hoc networks under blind information,” in Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM ’11), pp. 1–5, Houston, Tex, USA, December 2011. [8] S. Chakraborty, S. Chakraborty, S. Nandi, and S. Karmakar, “A reliable and total order tree based broadcast in wireless sensor

10

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

International Journal of Distributed Sensor Networks network,” in Proceedings of the 2nd IEEE International Conference on Computer & Communication Technology (ICCCT ’11), pp. 618–623, IEEE, Allahabad, India, September 2011. J. Yu, F. Y. Kong, X. G. Cheng, R. Hao, and G. Li, “One forward-secure signature scheme using bilinear maps and its applications,” Information Sciences, vol. 279, pp. 60–76, 2014. J. Yu, R. Hao, F. Y. Kong, X. G. Cheng, J. Fan, and Y. Chen, “Forward-secure identity-based signature: security notions and construction,” Information Sciences, vol. 181, no. 3, pp. 648–660, 2011. J. Yu, F. Kong, X. Cheng, R. Hao, and J. Fan, “Intrusion-resilient identity-based signature: security definition and construction,” Journal of Systems and Software, vol. 85, no. 2, pp. 382–391, 2012. T. Kwon and J. Hong, “Secure and efficient broadcast authentication in wireless sensor networks,” IEEE Transactions on Computers, vol. 59, no. 8, pp. 1120–1133, 2010. J. Zhang, W. Yu, and X. Liu, “CRTBA: Chinese remainder theorem-based broadcast authentication in wireless sensor networks,” in Proceedings of the International Symposium on Computer Network and Multimedia Technology (CNMT ’09), pp. 1–5, Wuhan, China, January 2009. K. Ren, W. Lou, K. Zeng, and P. J. Moran, “On broadcast authentication in wireless sensor networks,” IEEE Transactions on Wireless Communications, vol. 6, no. 11, pp. 4136–4144, 2007. A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler, “SPINS: security protocols for sensor networks,” Wireless Networks, vol. 8, no. 5, pp. 521–534, 2002. L. Dong-Gang and P. Ning, “Multi-level 𝜇TESLA: a broadcast authentication system for distributed sensor networks,” ACM Transactions on Embedded Computing Systems, vol. 3, no. 4, pp. 800–836, 2004. X.-G. Wang, W.-R. Shi, W. Zhou, P. Gao, and Y.-S. Jiang, “A key management scheme based on quadratic form for wireless sensor network,” Acta Electronica Sinica, vol. 41, no. 2, pp. 214– 219, 2013. L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,” in Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS ’02), pp. 41–47, ACM, Washington, DC, USA, November 2002.

International Journal of

Rotating Machinery

Engineering Journal of

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

The Scientific World Journal Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014


Distributed Sensor Networks

Journal of

Sensors Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014


Volume 2014


Volume 2014

Journal of

Control Science and Engineering

Advances in

Civil Engineering Hindawi Publishing Corporation http://www.hindawi.com


Volume 2014

Volume 2014

Submit your manuscripts at http://www.hindawi.com Journal of

Journal of

Electrical and Computer Engineering

Robotics Hindawi Publishing Corporation http://www.hindawi.com


Volume 2014

Volume 2014

VLSI Design Advances in OptoElectronics


Navigation and Observation Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014



Chemical Engineering Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Volume 2014

Active and Passive Electronic Components

Antennas and Propagation Hindawi Publishing Corporation http://www.hindawi.com

Aerospace Engineering


Volume 2014


Volume 2014

Volume 2014




Modelling & Simulation in Engineering

Volume 2014


Volume 2014

Shock and Vibration Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Advances in

Acoustics and Vibration Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014