Localized Encryption Authentication Protocol and The issues resolved

             Localized Encryption And Authentication Protocol

   We describe LEAP (Localized Encryption and Authentication Protocol), a key management protocol for sensor net- works that is designed to support in-network processing while at the same time restricting thesecurity impact of a node compromise to the immediate network neighborhood of the compromised     node. The design of the protocol is motivated by the observation that different types of mes-sages   exchanged between sensor nodes have different secu- rity requirements, and that a single keying mechanism is not suitable for meeting these different security requirements LEAP supports the establishment of four types of keys for  each sensor node – an individual key shared with the base station, a pairwise key sharwith another sensor node, acluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network The protocol used for establishing and updating these keys is communication- and energy-efficient, and minimizes theinvolvement of the base station. LEAP also includes an efficient protocol for local broadcast authentication basedon the use of one-way key chains. A salient feature of

the authentication protocol is that it supports source authentication without precluding in-network processing. Ourperformance analysis shows that LEAP is very efficient incomputation, communication, and storage. We analyze the security of LEAP under various attack models and show that LEAP is very effective in defending against many sophisticated attacks such as HELLO Flood attack, Sybil attack, and Wormhole attack. 

Design Goal :

LEAP is designed to support secure communications in sensor networks; therefore, it provides the basic security services such as confidentiality and authentication. In addition, LEAP is to meet several security and performance requirements that are considerably more challenging to sensor net-

works.

Supporting Various Communication Patterns:

There are typically three types of communication patterns in sensor networks: unicast (addressing a mes-

sage to a single node), local broadcast (addressing a message to all the nodes in the neighborhood), and

global broadcast (addressing a message to all the nodes in the network). Different security mechanisms pro-

viding confidentiality and authentication are needed to support all these communication patterns.

 Survivability :-

Due to the unattended nature of sensor networks, an attacker could launch various security attacks and even compromise sensor nodes without beng detected. Therefore, a sensor network should be robust against security attacks, and if an attack succeeds, its impact should be minimized. For example, the compromise a single sensor node should not break the security of the entire network.

Energy Efficiency:-

 Due to the limited battery lifetime, security mechanisms for sensor networks must be energy efficient. Especially, the number of message transmissions and the number of expensive computa-

tions should be as few as possible. Moreover, the size of a sensor network should not be limited by the per-

node storage and energy resources.

Avoiding Message Fragmentation :-

A unique challenge in sensor networks is due to small packet size. InTinyOS [20], the operating system for Mica series sensors , the default supported packet size is only 36 bytes for increasing the reliability of packet delivery.Thus, messages in a security protocol have to be small enough to fit in one packet to avoid message fragmentation. Message fragmentation is very undesirable for sensor networks because it increases the implementation complexity and difficulty. High packet loss in a sensor network and limited buffer space of a sensor node also contribute to this difficulty.

LEAP:LOCALIZEDENCRYPTIONAND AUTHENTICATION PROTOCOL:-

LEAP provides multiple keying mechanisms for providing confidentiality and authentication in sensor networks. We first motivate and present an overview of the different key-

ing mechanisms  before describing the schemes used by LEAP for establishing these keys. 

The packets exchanged by nodes in a sensor network can be classified into several categories based on different criteria, e.g. control packets vs data packets, broadcast packets vs unicast packets, queries or commands vs sensor readings, etc. The security requirements for a packet will typically depend on the category it falls in. Authentication is required for all types of packets, whereas confidentiality may only be

required for some types of packets. For example, routing control information usually does not require confidentiality, whereas (aggregated) readings reported by a sensor node and the queries sent by the base station may require confidentiality.

We argue that no single keying mechanism is appropriate for all the secure communications that are needed in sensor networks. As such, LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. We now discuss each of these keys in turn and describe our reasons for including it in our protocol.

Individual Key :-

 Every node has a unique key that it shares with the base station. This key is used for secure com-

munication between the node and the base station. For example, a node can use its individual key to compute message authentication codes (MACs) for its sensed readings if the readings are to be verified by the base . Individual Key Every node has a unique key that it share  with the base station. This key is used for secure communication between the node and the base station. For example, a node can use its individual key to compute message authentication codes (MACs) for its sensed readings if the readings are to be verified by the base.

Group Key :-

 This is a globally shared key that is used by the base station for encrypting messages that are broadcast to the whole group. For example, the base station issues missions, sends queries and interests. Note that

from the confidentiality point of view there is no advantage to separately encrypting a broadcast message

using the individual key of each node. However, since the group key is shared among all the nodes in the net-

work, an efficient rekeying mechanism is necessary for updating this key after a compromised node is revoked.

Cluster Key :-

A cluster key is a key shared by a node and all its neighbors, and it is mainly used for securing

locally broadcast messages, e.g., routing control information, or securing sensor messages which can benefit

from passive participation. Researchers have shown that in-network processing techniques, including data

aggregation and passive participation are very important for saving energy consumption in sensor networks

. For example, a node that overhears a neighboring sensor node transmitting the same read-

ing as its own current reading can elect to not transmit the same. In responding to aggregation operations

such as MAX, a node can also suppress its own reading if its reading is not larger than an overheard one.

Clearly, for passive participation to be feasible, sensor nodes should be able to decrypt or verify some

classes of messages, e.g., sensor readings, transmitted by their neighbors. This requires that such messages

be encrypted or authenticated by a locally shared key. As such, LEAP provides each node a unique cluster

key shared with all its neighbors for securing its messages. Its neighbors use the same key for decrypting

or verifying its messages.

Pairwise Shared Key :

Every node shares a pairwise key with each of its immediate neighbors. In LEAP, pair-

wise keys are used for securing communications that require privacy or source authentication. For example,

a node can use its pairwise keys to secure the distribution of its cluster key to its neighbors, or to secure the

transmission of its sensor readings to an aggregation node. Note that the use of pairwise keys precludes

passive participation.

In the following subsections, we describe the schemes provided by LEAP to establish and update individual keys,pairwise shared keys, cluster keys, and group keys for each node. The key establishment (and re-keying) protocol for the group key uses cluster keys, whereas cluster keys are established (and re-keyed) using pairwise shared keys.



Key Pre-distribution

 The controller generates an initial key KI and loads each node with this key. Each node
u derives a master key
                                   
                                                         Ku = fKI (u).

Neighbor Discovery 

When it is deployed, node u first initializes a timer to fire after time Tmin. It then tries to
discover its neighbors. It broadcasts a HELLO message which contains its id, and waits for each neighbor
v to respond with an ACK message including the identity of node v. The ACK from every neighbor v is au-
thenticated using the master key Kv of node v, which was derived as Kv = fKI (v). Since node u knows KI ,
it can derive Kv and then verify node v’s identity.
    u −→ ∗ : u.
    v −→ u : v,MAC(Kv, u|v).

Security Analysis :

A critical assumption made by our scheme is that the actual time Test to complete the neighbor discovery phase is smaller than Tmin. We believe that this is a reasonable assumption for many sensor networks and adversaries. The current generation of sensor nodes can transmit at the rate of 19.2 Kbps [10] whereas the size of an ACK message is very small (12 bytes if the size of an id is 4 bytes and the MAC size is 8 bytes). Packet losses, due to unreliable channel and collision, do impose a challenge to our scheme (as well as to any other practical protocols for sensor networks). In Section 6 we discuss several techniques to reduce packet losses so that a sensor node can establish pairwise keys with most of its neighbors, if not all, within Tmin.

 Local Broadcast Authentication

A mandatory requirement for a secure sensor network is that every message in the network must be authenticated before it is forwarded or processed; otherwise, an adversary can simply deplete the energy of the sensor nodes by injecting spurious packets into the network, even without compromising a single node. Moreover, the authentication scheme must be very lightweight in computation; otherwise,
a sensor node may be engaged in verifying the false packets injected by an adversary. Previous work [36] has studied unicast authentication (used when a node authenticates a packet to another node) and
global broadcast authentication (used when the base station authenticates a packet to all the nodes in the network).A missing link is local broadcast authentication, which is needed for authenticating local broadcast messages (e.g.,routing control packets) or supporting passive participation.
We note that locally broadcast messages are usually event- or time-driven; for example, a node generates and broadcasts routing control messages periodically, or broadcasts aggregated sensor readings. Often, a node does not know in advance what is the next packet to transmit.

Communication Analysis:

The analysis of communication cost for a group rekeying event is similar to that of computational cost. For updating cluster keys due to a node revocation, the average number of keys a node transmits and receives is equal to (d−1)2/(N−1)for a network of degree d and size N. During the secure distribution of a group key, the average number of keys a node transmits and receives is equal to one. For example, for a
network of size N = 1000 and connection degree d = 20, the average transmission and receiving costs are both 1.4keys per node per revocation. The average communicationcost increases with the connection degree of a sensor network, but decrease with the network size N. Note that ina group rekeying scheme based on logical key tree such as LKH [41], the communication cost of a group rekeying is O(logN). Thus, our scheme is more scalable than LKH if LKH is used for group rekeying in sensor networks.

PROPOSED SOLUTION: IMPROVED LEAP PROTOCOL 

In literature, the majority of the key management protocols usually focus on the aspect that only a singular base station or sink node is used in a WSN and these protocols assume that it is  trustworthy. For some systems, however, several sink nodes are used . In these systems, two  important things must be considered: cost and security.   In the leap protocol, several efforts are made through the use of the keying mechanisms to  ensure that a compromised node is revoked or at least prevent it from slowing the network  operations. A base station, on the other hand, will be treated the same as any compromised node  and the idea is to apply the same mechanisms used to overcome a compromised node to also  prevent a hacked base station node.

With a lot of excessive research, the literature usually covers WSN functionalities in terms of  one base station participating in one system. It is important to remember that with an increase in  a sensor network there’s an increase in the distance separating the base station and its related  sensor nodes and the increase in the distance may alter the following:

• With a long distance for packets to propagate through, they may get lost on the way resulting in network performance degradation.   
• Data transmissions between sensor nodes and a single base station in a large network require high energy consumptions giving the need to reduce the lifetime of nodes. 
• For the nodes that are situated nearby a base station, their energy is worn out rapidly, which in turn shortens the network life time very drastically.    

To overcome these problems, a network employing several base stations shows potential in  bettering the performance. However, there is of course the tradeoff between performance and  cost.  By deploying more than one sink node in a network may be costly, but the distance  between the sink nodes and its associated sensor nodes will be reduced providing more  successful paths for data transmission as well as eliminating the disadvantage of the high energy  consumptions otherwise faced.

For this research, a WSN with several base stations will be considered. Under the circumstances  that a base station and a sensor node are compromised, an evaluation of the network  performance will be analyzed.

Wireless sensor networks provide the advantage of using a large number of nodes (from a  hundred up to thousands of nodes) communicating with each other inexpensively. One or more  base stations process all of the network functions. Should there be a need to increase the number  of sink nodes, one has to consider enhancement in expenses. The LEAP protocol offers much  security to a system with the establishment of the four keys, mentioned previously. The protocol  consists of key revocation and refreshing mechanisms in the attempts to successfully avoid or  deal with compromised sensor nodes.

RESULTS AND CONCLUSIONS :

To evaluate the proposed solution, an algorithm has been developed to simulate a sensor  network using the MATLAB program. The whole idea was to implement a system whereby  multiple base stations have been employed for the soul purposes of improving the data  transmissions amongst nodes and to come up with a solution for a base station, should it be  compromised.

The LEAP protocol was implemented and simulated using one base station and fifty sensor  nodes situated randomly. Initially, an individual key was generated for each node from a  randomly generated master key. Then a cluster key was generated by each node and published  to their neighboring nodes using the pair-wise keys. Finally, the global key was generated in  order to enable public broadcasts.

It shows an ideal case for the LEAP protocol. It simply represents a base station  surrounded by fifty sensor nodes. In this scenario, none of the nodes are compromised.  However, even though it is an ideal case, we still face the problem of data loss. For arguments  sake, let’s assume that node z wants to communicate with the base station. Having a singular  base station means that no matter how far the distance, the sensor node and the base station will  commune with each other. The longer the distance, however, the more nodes they have to  transmit through, the more bandwidth will be used and the higher the possibility of loss of data.