Proceedings of Third International Conference on Emerging Research in Computing, Information, Communication and Applications (ERCICA-15)
SABR: Secure Authentication-Based Routing in Large Scale Wireless Sensor Network Roopashree H.R.a, Dr.Anita Kanavallib a
Department of CSE, Research Scholar,Christ University,Bengaluru,560029,India Email id:
[email protected] b Department of CSE, Professor,MS Ramaiah Institue of Technology, Bengaluru,560054,India Email id:
[email protected]
Abstract It is highly difficult task to ensure proper authentication on the run for each nodes during data aggregation process of Wireless Sensor Network (WSN). This paper has presented a solution towards such issues by introducing a novel routing protocol called as SABR (Secured Authentication based Routing) algorithm. The algorithm discussed in this paper performs an effective authentication process for all the sensor nodes involved in communication process in WSN. The data packet is digitally signed and uniquely encrypted, which upon performing a secure handshaking mechanism authenticates both the node involved in routing process. The design principle of the proposed system is totally applicable on large scale WSN, where the outcome is found with fail-proof authentication system with efficient compliance of computational complexity.
Keywords: Authentication, Security, Secure Routing, Wireless Sensor Network. 1. Introduction A Wireless Sensor Network (WSN) consists of multiple numbers of sensor nodes deployed in the area to perform data aggregation of information of interest [1]. Various application of WSN includes environmental monitoring, healthcare moni-toring, industrial appliances, military etc. As the sensor nodes are smaller in size, it encounters various issues of limited computational capability, limited support of energy efficiency, bandwidth consumption, and lower memory size. Apart from various other issues in WSN, security is the utmost concern in the case of wireless sensor network. Although there are various literatures that has discussed about se-curity in routing protocols in WSN [2], still date security has not seen the most fail-proof and standard technique. Majority of research papers have adopted cryp-tography as a solution towards security [3][4], however, the nature of the solution has various flaws e.g. i) cryptographic implementation are usually complex, ii) ex-isting solution toward secure routing is focused on specific types of attacks only, iii) less work towards generating encryption scheme based on nature of attacks. Hence, the prime purpose of the proposed system is to introduce a novel routing algorithm called as SABR (Secure Authentication based Routing) for large scale WSN that adopts the most simplest and yet highly robust key conformity mechanism to ensure the secure authentication of node to nodes in WSN. Section 2 discusses about some of the significant related research work followed by dis-cussion of problem identification in Section 3. Section 4 discusses about Proposed system followed by Algorithm implementation in Section 5. Finally, Section 6 makes some concluding remarks.
2. RELATED WORK: Wireless Sensor network is exposed to one of the critical attacked namely node capture attack, where the few nodes are typically captured by the attacker and all the stored information related to communication are compromised. The key management is a complex task in wireless sensor network, as it lacks information about the deployment strategy along with hardware capabilities especially into large scale sensor network. Only the key management schemes, which ensure to mitigate the node capture attack consequences, is considered to be efficient which consumes minimal energy as the WSN is resources constraint network in terms of computational capacity, memory and power. Lalitha et al [5] illustrates simulation results of the technique proposed, which optimizes the QoS parameter packet delivery ratio in lower consumption of energy. Typical Public key cryptography (PKI) requires higher energy consumption and higher and complex computational capacity, thus pairwise key 1
management is recommended into wireless sensor network among two nodes. Tripathy et al [6] has proposed a shared key establishment technique (SKET) based on symmetric key cryptography, the TTP server is place off-line and need a very small amount of storage. The drastic growth of WSN based application is exposed to small indoor applications till critical large scale outdoor deployments. The vulnerability and security threats grow as these deployments are unattended and uncontrolled in nature. Sekhar et al [7] has worked on session key establishment for a protocol for external agent authentication. It is being compared with other public key based protocols and realizes an efficient and more secure one. The centralized security schemes are not feasible for WSN due to its unique characteristics. There are tremendous possibilities of attacks such as Sybil attack, wormholes, sink holes and black holes, due to hole formation in network topologies. The wormhole attack is performed without the node capture attack and it causes initiations of DoS and Sybil attack. Typical PKI based schemes cease its capacity to prevent or control wormhole attack. Sookhak et al. [8] , in their technique they modify the process of forwarding packet in order to choose the best suited neighbor node using hop count technique. They adopted modelling and simulation methodology and compared their results with two schemes namely 1) Authentication of Nodes Schemes(ANS) and 2) Reverse Routing scheme(RRS) and illustrated better as compared results towards the prevention and detection of wormhole attack. Key management and energy optimization has become collaborative requirement in WSN. A milestone work of LEACH ensures energy efficient and scalable routing, whereas only a deterministic key management scheme (DKS) could ensure storage optimization. DKS-Leach is the work towards secure WSN to provide essentials of security protocol such as authentication, confidentiality and integrity of sensed data, but still lacks desired energy optimization and toughness against node capture attack. A scheme by Barad et al [9] named DSIT-LEACH, uses distance based key management which deals with both inner as well as outer malicious nodes. It provides intact security as compared to existing schemes with negligible energy overhead. Further it has been experiences that existing clusterbased data aggregation and associated data security and transmission consumes more energy, so issues of data confidentiality and authentication is over looked. Bhasker et al. [10], has focused on these issues by introducing a genetically derived secured cluster-based data aggregation. In this scheme the data aggregator node is elected as a cluster head based on density of the neighbor nodes then the cluster is done using genetic algorithm. The cluster member sends data to aggregator node with authenticity, confidentiality and integrity. In less transmission overhead, data is communicated securely in minimal energy usages. The research focuses has synchronized the need of network life time, security in optimal energy consumption. Thus an effective key management and distribution schemes became an open research issue, which is being thoroughly surveyed by Reegan et al [11]. RSA limits its applicability due higher computational complexities in resource constraint networks. Elliptic curve cryptography (ECC) promises similar security y as of RSA but by using smaller key length. Some typical attacks such as man-in middle (MIM) poses threats of cracking the public key. Traditional ECC publish its generation points, which is being worked out by Kodali et al [12], by a hidden generation point in ECC, which helps to overcome the mitigation of MIM attack. In order to have track the security in dynamic and adhoc nature of WSN , Authentication is an essential requirement. Usage of Mobile WSN along with mobile network is a suggest mechanism for tracking the security aspects. Fulare et al [13] has addressed the issue of authentication in WSN, and proposed a scheme for authentication for mobile nodes using virtual certificate authority for key management and authentication process. As an active research problem many other researchers has studied the feasible and desired security from the wSN view point along with the issus of localization, authentication technique, modification and usage of Elliptic Curve Cryptography (ECC), one of such work is by Xiaowang Guo et al [14] 3. PROBLEM IDENTIFICATION:
The problems being identified for the proposed study are as follows:
The existing routing protocols majorly do not support multi-hop approach of communication in WSN that results in much less effective authentication mechanism in large scale networks. The sensor nodes in WSN are likely to act as selfish nodes if they are made to work under highly QoS constraint networks. The frequent adoption of public key cryptography results in computational complexity specifically for large scale WSN.
Hence, from the identified problems, the problem statement of the proposed study can be written as-“It is quite a challenging task to design a cost-effective security measures to ensure fail-proof authentication of the sensor nodes in large scale WSN using multi-hop approach.” 4. PROPOSED SYSTEM :
The projected aim of the proposed system is to ensure highly resilient security incorporations in large scale WSN for mitigating various lethal attacks in WSN. In this regards, the proposed system is coined a name SABR or Secure Authentication Based Routing in WSN. The proposed system will choose to use multi-hop approach to generate the routing policies keeping the dynamic behaviour of intruder’s attacking strategy in mind. The proposed system however doesn’t choose to consider a particular type of attack as in that case the proposed solution will have a narrow scope of applicability. Hence, we assume that attacks of any forms have a unique pattern that differs from each type. Like intrusion pattern of Sybil attack is quite different from wormhole attack. Hence, we choose to design the routing protocol in such a ways that it should have the potential to understand the routing patterns for both regular and malicious nodes in WSN. Usually, the malicious node wouldn’t invoke an attack in the preliminary stage as it will have fair chances of getting itself caught. Hence, in order to achieve this cooperation mode, the attacker will initially assist in forwarding the message from one to another regular node and thereby gaining trust. However, finding a vulnerable condition (like energy depletion or node death after some simulation rounds), the malicious nodes will attempt to drop certain packets as the initial step towards invoking attacks. Hence, the prime intention of SABR is to understand this strategy and 2
inspite of catching the malicious nodes, it should formulate the policy that tempts the malicious node not to drop packets. The system will also perform node-to-node authentication mechanism in order to identify such covert malicious node using a novel Key Conformity Mechanism (KCM) 5. ALGORITHM
IMPLEMENTATION & RESULTS: The algorithm of the SABR is implemented in Java on 32 bit machine. The SABR algorithm allows the sender node to broadcast request message for key conformity request, request id, and public key of sender node. After getting the reply message, the sender node randomize secret key and then encrypts it using its own public key. The pass key and encrypted key is broadcasted to neighbor node. The neighbor node upon getting the acknowledgement decrypts it using its own public key. The acknowledgement message containing pass key, request ID and hash value of sender key is sent back to sender node by neighbor node thereby attaining successful node by node authentication. Algorithm for Secure Authentication-Based Routing (SABR) Input: Sender Node (SN), Neighbor Node (NN), request message (msgreq), key conformity request (Kc_req), request id (req_id), address (add), Source Public Key (PKs), neighbor node public key (PK B) Output: authentication START 1. SNbroadcast (msgreq(NN)) || msgreq(Kc_req, req_id, add, PKS) 2. replymsgSN || replymsg(Kc_rep, req_id, add, PKS) 3. PRNG (Keys) 4. e = Enc(PKB(Keys)) 5. Broadcast (pass_key, e)NN 6. ACK(pass_key) NN 7. NN: Decrypt (PKB(Keys))shared key 8. NN (ACK(pass_key_ack, req_id, h(Keys(req_id))SN 9. Successful authentication 10. Iterate Step-1 to 9 till n-nodes END The next algorithm also performs validation of the data packet. In this case the sender node digitally signs the data packet and forward to neighbor node which performs validation. If the node Id, pass key from prior algorithm, and secret key is found invalid the neighbor node removes sender node considering it as suspected malicious node. Usually the time stamp of the new data packet should be smaller than the receiving time of the data packet and its holding time (in case of delay). Hence, if the time stamp is found smaller than the neighbor nodes, the data packet is forwarded to next neighbor node. The final validation is done for empty size of data packet, which invokes the system to set new status of data packet. Algorithm to validate the Data Packet Input: No. of data packet (DP), total nodes (N), velocity (v), transmission range (T X), status of data packet (DPstat), Time stamp (TS), Time to receive DP=Trec, Time to hold DP (Thold) Output: START 1. Initialize DP, N, v, Tx, DPstat. 2. get (Enc(DP))Bin(RouteArray). 3. SNsig(DP) 4. B: eval(sig(DP)) 5. If (node_id=F || pass_key=F|| Keys(req_id)=F) 6. B: remove (SN) 7. If (TS
