wireless sensor network simulations
Supervisor’s signature:
Declaration
Hereby I declare, that this thesis proposal is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source.
Brno, January 14, 2013 Filip Jurnecka
ii
Acknowledgement
I would like to thank Vashek Matyas for his tolerant and pleasant attitude and open-minded approach, my co-workers for their discussions and guid- ance through the study, and my family for their support and belief in me. Most of all, I want to thank Alenka for her love and caring.
iii
Abstract
In this thesis proposal we examine the field of key management schemes for wireless sensor networks. We investigate a large number of schemes, their classifications and evaluation possibilities. We identify several possibilities for improvement in both classification and evaluation of these schemes. Af- terwards, we present our results in this area. Last but not least, we outline our future work proposal focusing mainly on enhancing current methodol- ogy for key management scheme evaluation. In addition, we will improve an already selected simulation tool for wireless sensor network system de- sign and evaluation by adding the key management functionality together with a set of selected schemes.
iv
Keywords
Key establishment, key management, MiXiM, OMNeT++, protocol, simu- lation, wireless sensor network
v
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1 Wireless sensor network . . . . . . . . . . . . . . . . . . . . . 2
2 State of the art . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 Key establishment schemes in WSN . . . . . . . . . . . . . . 5
2.1.1 Key management schemes’ properties . . . . . . . . . 8 2.1.2 Existing taxonomies . . . . . . . . . . . . . . . . . . . 12
2.2 WSN evaluation tools . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.1 Simulators . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2.2 Emulators . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.3 Testbeds . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.2.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . 22
3 Main research results . . . . . . . . . . . . . . . . . . . . . . . . . 23 4 Future research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 A Summary of study results . . . . . . . . . . . . . . . . . . . . . . . 39
1
Introduction
Ubiquitous computing is a growing paradigm of information processing in everyday objects and activities. Wireless sensor networks (WSNs) are then a prominent example of technology able to deliver ubiquitous computing. As with any network, WSNs are subject to various security threats from com- munication eavesdropping to node capture. In order to provide defences against these threats, some scheme has to provide keys necessary for secure link establishment, authentication verification and to pursue other security objectives.
1.1 Wireless sensor network
Wireless sensor networks are distributed wireless multi-hop networks of tiny low-cost and low-performance devices called nodes or motes. They are used to monitor some physical phenomenon, such as humidity, temper- ature, pressure, movement, light and so on, and to communicate measured data. They are often deployed in previously unknown and physically unse- cured environments.
In addition to nodes, one or more devices called base stations (BS) are present in the network. Base stations work as a central point managing the network and usually function as a sink for collected data. Contrary to nodes, base stations are often considered powerful, energy, computation- ally and memory unrestricted and physically secure devices. An example of a base station is a laptop plugged in the power grid.
Current publicly available nodes are mostly manufactured by Memsic, Inc. [45] These include the MICA motes family [46, 47], TelosB mote [76] or the currently most powerful Imote2 [48, 27].
To give an overview of a node, we present the main characteristics of the TelosB mote:
• 16-bit Texas Instrument microcontroller MSP430 operating at 8 MHz;
• 10 kB RAM, 48 kB program flash, 1024 kB measurement serial flash;
2
• Texas Instrument RF Transceiver CC2420;
• powered by two AA batteries.
Nodes like these are deployed in various applications. From area moni- toring (e.g., building monitoring [65]) environmental (e.g., monitoring me- teorological data on glaciers [5] or wildfire monitoring [17]), through health- care (e.g., fall and movement detection [25] or medical status monitoring [67]) to industrial (e.g., bridge structure monitoring [72]) and military ap- plications (e.g., soldier-worn nodes [38]).
Depending on an application, nodes can store and transmit sensitive in- formation. Due to their physical insecurity and possibly hostile deployment environments, these data have to be protected otherwise, e.g., by crypto- graphic solutions. The requirements on processing speed, memory, com- munication, lifetime of a node and security differ for each application and thus leave different amount of resources to provide security with. However, most cryptographic solutions, both symmetric and asymmetric, are based on some secret keys. Consequently, these keys are established and managed by a key management scheme (KMS). Based on the application, specific re- strictions and relaxations are made on KMS.
It has been already shown how application requirements influence re- quired KMS properties and designed an approach towards easier selection of a suitable KMS for given application [63, 2]. This was done by analytical evaluation of a set of existing schemes based on their properties.
Besides analytical reviews of a protocol, most proposals for WSN are evaluated via a simulator and/or on the real hardware. An analytical re- view of KMSs for WSN has been done many times, e.g., by various WSN security surveys. On the other hand, KMSs are usually evaluated by sim- ulators only by authors of the proposals. Moreover, these simulations are mostly performed to evaluate only performance of the proposals. An imple- mentation review could reveal implementation issues that result in under- optimal performance of the proposal in the real world environment.
Security evaluations of KMSs for WSNs on simulators have been paid even less attention, [81, 52] being bright exceptions. With a proper attacker model to perform the simulation against, security of a proposal might be easily evaluated. Such an attacker model should include parametrizable options such as network presence, amount of communication overhearing, amount and strategy of node capturing, jamming and so on.
Another present issue with practical KMS deployment in WSNs is the lack of pre-installed KMSs in public distributions of simulators and oper- ating systems for the real hardware, leading to absence of this component
3
1. INTRODUCTION
during application design. Motivated by these facts, we present a thesis proposal with the main
objective to improve the key management scheme evaluation methodology together with a rigorous and simulated review of selected existing schemes. We will present an automated environment for evaluation, both perfor- mance and security, and introduce a carefully selected set of KMSs, based on our proposed taxonomy, into the distribution of a well-established sim- ulator.
4
State of the art
In this section we provide an overview of current state of the art in the area of key establishment schemes for wireless sensor networks. First and foremost, we present actual schemes developed for and examined in the context of WSNs. We try to cover the entire space of proposed schemes but focus mainly on the most famous proposals and their derivatives.
In the second section, we describe the most important properties for key management schemes in WSNs. These are the key properties in evaluating quality of existing schemes.
The third section discusses the most important proposals for key man- agement schemes taxonomies. This overview shows what researchers are focused on while categorizing key management schemes and pinpoints weaknesses of these proposals.
Finally, in order to evaluate arbitrary schemes and protocols, evaluation tools such as simulators are used instead of actual WSNs. These tools are briefly examined in the last section.
2.1 Key establishment schemes in WSN
Over the last decade, various schemes have been suggested. As discussed farther, they can be categorized by many different aspects. In the following text, we cover the most prominent schemes and their improvements.
There are two schemes usually considered seminal for the field. The pairwise key pre-distribution, where each node shares a unique secret key with all other nodes and the master key pre-distribution.
Pairwise key pre-distribution is the perfect solution from the security point of view as each captured node reveals only keys to links the node was part of. Unfortunately, due to restricted resources of WSN nodes, it is usually considered too expensive and unscalable. Indeed, for n nodes in the network, each node has to store n − 1 keys. Furthermore, addition of new nodes to the network requires an update on each node or pre-loading
5
2. STATE OF THE ART
additional keys for the future-coming nodes. The most basic and perfect KMS from the efficiency point of view is
the single master key pre-distribution. In such a scheme, all nodes share a single secret key. It uses minimal memory, no computation and communi- cation is necessary and the scalability is perfect. On the other hand, if an attacker captures a node, she can directly read out the key and thus reveal all communication protected by this key.
A master key based protocol called BROSK was proposed in 2002 [35]. This scheme pre-loads a master key to all nodes prior to node deployment. After node deployment, nodes broadcast their IDs together with a nonce protected by MAC using the pre-loaded key. All nodes able to hear this message construct a shared key with this node as a function of nonces re- ceived and broadcasted by themselves. However, from the “Re-negotiate the key” section of [35] it seems that the authors propose to store the mas- ter key for the entire lifetime of the network and thus the scheme remains vulnerable to the node capture attack.
In 2001, Perrig et al. [56] proposed the SPINS scheme, a suite of protocols SNEP and µTesla providing security building blocks. In this scheme, the base station shares a pairwise key with each node in the network prior to deployment. When two nodes need a pairwise key, they request one from the base station.
To address the scalability issues and single point of failure of SPINS, Chan and Perrig [12] proposed the PIKE scheme that distributes the load to a third node for each pair of nodes.
Additional schemes based on the master key pre-distribution have been proposed. Most prominently the LEAP scheme [92, 93], where the master key is used to generate pairwise keys with neighbours only during the key initialization phase after deployment and then erased. A similar idea was used in [31].
A seminal work by Eschenauer and Gligor (EG) [22] proposed the ran- dom key pre-distribution, where each node is pre-loaded with a subset of random keys from a large pool. After deployment, nodes publish IDs of their keys and find matches with neighbours. Pairs of nodes then generate a new shared key with neighbours based the matching key.
This work was generalized and extended by the q-composite scheme in [13] by Chan et al. by requiring q > 1 common keys to be shared instead of just 1. This approach increases node capture resiliency of the scheme.
BROSK was published again in [34] together with a new scheme called Overlap-Key-Sharing (OKS) scheme. The OKS scheme is a variation of the EG scheme, where instead of keys a bit string is used. From a longer string,
6
2. STATE OF THE ART
substrings are distributed and neighbouring nodes establish a shared key from the overlapping portion of their string. To combat various lengths of overlaps, authors propose to add padding or to use a hash or keyed hash function.
A way of increasing the key pool and key ring size on each node was presented in [62]. Authors use pre-distributed secrets to generate hash chains of keys instead of storing all the keys on a node.
Additional improvement was presented in [79]. In this work, authors present a group support for randomized pre-distribution schemes. The idea is that once a node establishes a shared secret with a neighbour, it can take advantage of the keys loaded with that neighbour in order to effectively increase its key pool and thus increase the node capture resiliency of the protocol. Similar approach was investigated in [80] with the main objective to fight large-scale node capture attacks (e.g., 40% of nodes captured).
In 2004, another seminal work [4] presenting the Key infection scheme was done by Anderson et al. Besides proposing key exchange in the clear with additional key strengthening mechanism. Authors argue for the “real world” attacker model that has been heavily adopted in the field since.
Du et al. [18] proposed a pairwise key pre-distribution scheme based on the Blom’s matrix-based key scheme [6] and random key pre-distribution scheme. As WSNs can be seen as random graphs, this scheme assigns keys only to connected graph links unlike Blom’s complete graph links. Hence this scheme is scalable and more resilient to node capture. Another category is the tree-based pre-distribution.
In 2005 Lee and Stinson [37] presented deterministic schemes based on combinatorial set systems. By weakening the connectivity of the graph, they enhanced the resiliency and improved the results of [18].
Camtepe and Yener proposed in [10, 11] key pre-distribution schemes based on combinatorial designs.
An unification for combinatorial designs in key pre-distribution schemes was recently proposed by Paterson and Stinson [54].
A substantial amount of protocols is designed specifically for a hier- archical topology of the resulting network. Most prominently, the cluster- based topology is distinguished [78] and many protocols specifically for these networks have been proposed [29, 87, 93, 32]. Other specialized topolo- gies such as a hypercube have been also considered [1]. Recently, [61] pre- sented a hierarchical tree-based key management scheme that supports real- time re-keying to provide resiliency to node capture attack.
A set of works proposes improvements to various schemes with the knowledge of deployment location [19, 88, 89, 43].
7
2. STATE OF THE ART
Last but not least, we discuss the group, often recognized as standalone, of public key cryptography solutions. This category is usually considered perfect from the security point of view but strongly impractical due to mem- ory, computational and communicational requirements of PKI based solu- tions.
The most famous PKI solution, the RSA has been implemented by the TinyPK project [84] on MICA2. While they conclude it is feasible to per- form public key operations, the timings on exponent operations of 14.5 s for 1024-bit key size and memory requirements seem unsatisfactory for most applications.
In the same year, Gura et al. [24] published a study comparing RSA and elliptic curve cryptography (ECC) on 8-bit CPUs. The work mainly shows strong advantage in using ECC over RSA in such restricted environments.
Many other research groups focus on PKI in WSNs [23, 82, 42]. How- ever, the results are nearly the same. Public key cryptography is feasible on sensor nodes but remains computationally, memory and power excessive.
An interesting research direction came from the result of Boneh and Franklin [7]. They have successfully designed an identity-based encryption scheme, idea of which has been proposed by Shamir [66]. This approach mitigates necessity of certificates in a PKI scheme. Additionally, arbitrary string can pose as a public key. This string is mapped on a point on an el- liptic curve. Using bilinear pairing functions, e.g., the Weil pairing [85], one can then compute a shared key by combining the public key with its private key.
Current best results in the field of PKI implementation, solely focusing on ECC, are from [75, 41]. In the field of pairing-based cryptography (PBC) on WSNs, these are from [74, 50], where implementation of ηT pairing on the ATmega128L microcontroller takes 1.9 s while requiring 0.5 KB of RAM memory for the calculation and running code.
2.1.1 Key management schemes’ properties
As with any system, we can evaluate quality of a key management scheme by evaluating its properties. In [63, 2], authors identify nine such major properties. They map them to application requirements, and by assigning one of predefined values to each property they help developers to ease the selection process of the most suitable key management scheme for their ap- plication. The list and its mapping is based on empirical research of existing operational requirements of sensor networks relevant to key management.
8
2. STATE OF THE ART
1. Memory footprint – It is clear from the technical specification of most wireless sensor nodes that their memory is significantly constrained. Thus minimizing the amount of the stored data, together with mini- mization of the actual infrastructure code, also stored in the memory, is of importance.
This becomes even more apparent if we take into consideration the actual application run by the node and other supporting mechanisms, such as an intrusion detection system, where substantial amount of data might be stored.
An ideal KMS from the memory footprint perspective should only store keys with required parties, e.g., neighbours and/or base station.
2. Processing speed – Similarly, most commonly used microcontrollers are operating on such low frequencies that performing a computa- tionally intensive operation, such as ECC point multiplication, might take up to seconds [75, 50] and thus delay any other computation from performing on the node for a significant amount of time.
Furthermore, performing microcontroller computations can also no- tably exhaust node’s battery [68, 55] thus reduce its lifetime.
3. Communication overhead – The communication overhead is one of the major focuses in current WSN protocol designs. Longer and more frequent messages considerably affect both the latency of information forwarding and the power consumption. In fact, it has been shown [60, 68, 3] that message transmission and reception is usually the node’s biggest node’s energy consumption factor.
Best KMSs for WSNs should transmit as little data as possible, ide- ally be preloaded with all the shared secrets and no need for further communication.
4. Network bootstrapping – Network bootstrapping is a phase usually considered a couple of seconds long that occurs right after deploy- ment. During this phase nodes find out their neighbours, establish keys with them, examine the network’s topology for routing purposes and perform other adjoined tasks.
An ideal KMS should require no bootstrapping phase as it is the most vulnerable phase in the lifetime of a sensor node. That is the time when there are all shared secrets stored and an attacker could usually compromise large portions of the network by acquiring these.
9
2. STATE OF THE ART
Also, having no bootstrapping (a.k.a. initialization) phase implies al- ready established shared secrets and thus no need for further expen- sive communication.
5. Network resilience – This property expresses what impact would an attacker have on the network upon capturing a (set of) node(s). As wireless sensor nodes are considered physically insecure, all of their secret data can be easily accessed by an attacker who captures a node.
By capturing a node with a good KMS, only links the node is involved in should become compromised.
Additionally, this property might reflect the attacker model. That is, whether the attacker captures nodes by random, from the outside edge of the network, in a path and so on.
6. Connectivity – Connectivity works similarly as in the graph theory. It describes the ability of two nodes (vertices) to establish a shared secret (a connection).
More specialized connectivity properties are:
• Global connectivity – Describes the probability of a secure path between any two nodes being established.
• Local connectivity – Describes the probability of any two neigh- bouring nodes sharing a secret.
• Node connectivity – Describes the probability of any two nodes in the network sharing a secret.
7. Scalability – A general network might be of arbitrary size. Scalabil- ity expresses how much keying data does a node need to store with regard to the size of network.
An optimal KMS is storing a small amount of keying material that is either directly used as a shared key with other nodes or the key is computed based on this material.
8. Extensibility – While scalability describes the ability to cope with large number of nodes in the network, extensibility characterizes its ability to add new nodes to the network and establish shared secrets during its lifetime.
An ideal KMS should only store keys it might need and thus should be able to establish keys with arbitrary amount of new-coming nodes.
10
2. STATE OF THE ART
9. Energy – One of the most commonly stressed property of WSN is its energy restriction. The same applies directly to KMS. The energy property describes how much energy is necessary for a KMS to estab- lish shared secrets.
An exemplary KMS should perform as little computation and trans- mit as little data as possible in order to preserve the maximum amount of energy on the node.
This property can be also seen as joined communication overhead and processing speed properties.
The list is not exhaustive. There is still room for addition of new impor- tant properties. Alternatively, a split of overly coarse properties into several fine-grained properties is possible.
In an earlier work [70], authors identify following requirements and metrics for key management solutions in wireless sensor networks cate- gorized in three groups:
• Security metrics:
– node authentication,
– scalability.
11
2. STATE OF THE ART
While the categorization of metrics might be useful, there are still some drawbacks with this proposal. Most significantly, the property of extensibil- ity, as defined in the previous list, seems to be missing from this particular set of metrics. An issue is also the node revocation property. Although it is relevant to the applicability of KMSs, node revocation is usually considered w.r.t. intrusion detection systems [91, 64] as these are the decision points w.r.t. the revocation.
We think that each key management proposal should be evaluated with respect to each of these properties.
2.1.2 Existing taxonomies
Many taxonomies for KMSs have been presented [83, 36, 90, 70, 63]. How- ever, many proposals suffer from insufficient granularity or overlapping classes so that many KMS proposals could actually fit in multiple groups depending on the point of view.
In [83], authors propose two taxonomies. One based on the network structure and another based on the probability of key sharing. Based on network structure, authors further divide schemes to those based on a cen- tralized key and on distributed key schemes.
An overview of the taxonomy is presented:
• Network structure:
– probabilistic key scheme,
– deterministic key scheme.
The centralized key management schemes are those based on a single entity responsible for key generation and distribution, often called the key distribution center (KDC). The only found representative of this category at the time of publishing was the logical key hierarchy scheme [16], while all the other considered schemes fit to the distributed key schemes category.
This classification could be extended by assuming the hierarchical net- work structure. Additional special structures such as the hypercube might be considered as well.
12
2. STATE OF THE ART
The approach based on the probability of key sharing differentiates the probabilistic key schemes and deterministic key schemes. However, we be- lieve that a mixed category should be also considered. Some proposals might combine these approaches (e.g., [31], proposal II), or use one for es- tablishment of a class of keys and another for a different class of keys, and none of these classes would fit.
In [36], authors classify KMSs for WSNs by the key establishment mech- anism to:
• Pairwise key pre-distribution.
However, this classification is strongly oriented towards symmetric key cryptography and neglects public key cryptography based schemes. More- over, this classification is targeting a single specific scheme in each category rather than defining general classes.
However, authors of [36] use it just in order to define a novel classifica- tion based on the attacker model. They define four attacker models and map the previously defined key establishment scheme classes to the strongest at- tacker model they are still secure under.
The attacker models are defined as follows:
• Attacker Model 1:
– An adversary can monitor the communication after key estab- lishment. No node capture attack is launched during the lifetime of the network.
– Master key based pre-distribution is mapped to this level.
• Attacker Model 2:
– Active attacks such as node capture can happen after key setup. During key setup, monitoring is a remote possibility.
– Key infection scheme, i.e., the “No key pre-distribution” class, is considered secure under this attack model.
13
• Attacker Model 3:
– Communication monitoring is present right after deployment. On the other hand, active attacks can only appear after key setup.
– The LEAP protocol is a representative of schemes secure under this class of attacker, albeit it is a member of the Master key based pre-distribution class as well.
• Attacker Model 4:
– Both overhearing and active attacks are present right from the node deployment.
– Base station participation, i.e., the SPINS protocol, and pairwise key pre-distribution schemes are considered perfectly secure and fit to this class. Additionally, probabilistic key pre-distribution schemes, i.e., the EG scheme and its successors, exhibit high node capture resilience and are put by the authors to this class, too.
In [90], authors present a comprehensive survey of existing key man- agement schemes and categorize them by proposed taxonomy based on the encryption key mechanism used in the scheme. Further on, each category is divided into subcategories based on the pre-distribution and establishment mechanism.
The initial categorization is:
• Symmetric key management schemes.
• Asymmetric key management schemes.
• Hybrid schemes.
This division is all-covering and relates nicely to standard cryptography. Additionally, some assumptions might be made on each of these categories just by their names. To improve on the granularity of the taxonomy, first two classes are divided into eight and three categories, respectively. Sym- metric key management schemes exhibit traditionally low processing cost and small amount of memory necessary for storing a key. For these reasons, schemes based on symmetric cryptography seem prevalent in the literature. In [90], these are further divided into:
• Entity based or arbitrated schemes:
– Master key based pre-distribution scheme.
14
– Base station participation scheme.
• Pairwise key pre-distribution scheme.
• Polynomial-based jet pre-distribution schemes.
• Matrix-based key pre-distribution schemes.
• Tree-based key pre-distribution schemes:
• Exclusion basis system-based key pre-distribution schemes.
This approach relates to principles used throughout the literature (see section 2.1). However, it also adds a considerable number of classes that are inconvenient for remembering and practical use. On the other hand, asymmetric key management schemes are divided by authors into mere three, well defined classes:
• RSA-based asymmetric encryption system.
• ECC-based asymmetric encryption system.
• ID-based key agreement schemes.
In this instance, the approach to key establishment is apparent from the class name and directly indicates some of the scheme characteristics such as higher computational and memory costs.
The hybrid category includes proposals, such as [26], where authors try to capitalize on the more powerful entities in the network such as the base station or cluster head.
An issue with this taxonomy is where to put the well known unkeyed key infection scheme [4]. Additionally, some mixed solutions such as [31], proposal II, are overlapping several of these classes. Finally, we do not agree with the master key based pre-distribution being considered as entity based or arbitrated scheme as in that case, any other scheme could be, since some entity has to pre-load all the data to nodes.
15
2. STATE OF THE ART
In [70], authors employ a taxonomy adopted from [9]. They categorize key management schemes to classes based on the principle of the scheme to:
• Self-enforcing schemes.
• Pre-distribution schemes.
Self-enforcing schemes mainly cover asymmetric solutions, arbitrated keying schemes rely on a trusted third party such as the base station and pre-distribution schemes stand for the EG scheme and its improvements.
Additionally, in the original technical report [9], authors divide each of these categories further. However, this additional division was not adopted in [70]. This was probably due to the fact that this additional division can be considered outdated now as many proposals have been made since.
The [70] focuses on reviewing the state of the art of pre-distribution schemes. It further categorizes these into:
• Network-wide key based schemes.
• Full pairwise probabilistic schemes.
• Combinatorial design based schemes.
• Deployment knowledge based schemes.
Although authors of [70] mention the key infection paper [4], it is only with respect to the multipath key reinforcement. Thus it is again unclear whether they classify the key infection protocol under the pre-distribution category and if so, what subcategory. Additionally, subcategories of self- enforcing schemes and arbitrated keying schemes are not discussed.
Finally, in [63] authors propose a similar principle-based taxonomy that was deduced by analysing previous surveys. The proposed four categories are:
• Key pool framework.
• Negotiation framework.
• Public key framework.
The key pool framework includes those based on a global key pool idea such as in the EG scheme [22]. The mathematical framework includes the polynomial, matrix and combinatorial designs. The negotiation framework accommodates approaches such as the key infection [4] or [31].
We believe a hybrid category should be considered for solutions such as [26] or [31], proposal II. Additionally, a category for specific network structure and/or deployment knowledge proposals might be considered, too.
2.2 WSN evaluation tools
In the field of wireless sensor networks, not many schemes are tested on real hardware. Simulations are often preferred or at least are preceding real deployments. The advantages of simulations are a) preparation and exe- cution require significantly less time; b) allow for large scale testing; c) are repeatable; d) real hardware and its management is expensive.
Due to these factors, an overwhelming number of simulators and other tools have been designed [28]. These performance evaluation tools can be classified into three different categories.
1. Simulators:
2. Emulators.
3. Testbeds.
These evaluation tools are often used for performance evaluation, but frequently neglect security, especially key management evaluation. This is partly due to the fact that these tools do not come with integrated models and protocols for pursuing security objectives. A consequence of the lack of security models and protocols in these tools is that designers and devel- opers tend to ignore security focused schemes during application develop- ment. These schemes are not part of the application design and developers are not reminded by the presence of these schemes in the tool. Thus, re- sulting application does not include incidental memory, battery persistence and other characteristics in their evaluation.
17
2.2.1 Simulators
In this section we briefly discuss three main general-purpose simulators, the ns-2, OMNeT++ and MATLAB, followed by a deeper investigation of several WSN specific simulators.
ns-2: One of the oldest and most used simulators is the ns-2 [49]. It dates back to 1989 as a general-purpose network simulator. Like every other sim- ulator examined in this thesis proposal, it is a discrete event-driven sim- ulator. Although it is an extensible simulator, its main drawbacks are its limited scalability, packet formats, MAC protocols and energy model that differ from those used on WSNs. Finally, ns-2 lacks a sensing and applica- tion model.
Many of these drawbacks have been made up for with add-ons such as Mannasim [8] adding sensing, application, MICA2 physical and other models as well as several WSN protocols, or SensorSim [53] adding sensing and energy model and others. However, SensorSim has never been finished and the public release was withdrawn.
OMNeT++: Another very popular general-purpose simulation platform, OMNeT++ [77] has been been started in 1993 as OMNeT [59]. OMNeT++ is written in C++ and is an extensible discrete event simulator. One of its main advantages and reasons for its popularity is a powerful graphical user interface that visualizes all the details of the simulation. Additionally, OM- NeT++ includes integrated development environment for effective simula- tion development.
Actual simulators are developed as module packages on top of OM- NeT++. For WSNs, main representatives are the MiXiM [33] and Castalia [57] simulators. More details on these are provided in their respective sec- tions.
The only effort to our knowledge, with an exception for [81], to simulate key establishment protocols and perform security evaluation of these [52] is based on OMNeT++. Authors used it to evaluate performance and security of several basic schemes. However, it is not clear whether they used some of the WSN specific simulators built on top of OMNeT++ or OMNeT++ on its own as the source codes were not made public.
MATLAB: Conceived in the 1980s, MATLAB [44] evolved into a power- ful environment. On its own it serves mainly as a numerical computing environment, however, with additionally integrated environments such as
18
2. STATE OF THE ART
SIMULINK [71] it provides graphical editor, libraries and modelling for system simulating. The main disadvantage of MATLAB is its proprietary licensing.
Additional WSN simulators are built on top of MATLAB such as Prowler [69] or JProwler [30].
Castalia: Castalia was introduced in 2007 [57] as a module package for OMNeT++ for simulating WSNs with the main emphasis on the wireless channel and radio model accuracy. From our own study [73] it shows that their model is indeed more parametrizable than the concurrent ones. Ad- ditionally, Castalia provides a decent set of mainly MAC protocols, sensing and mobility modules.
MiXiM: Another OMNeT++ based simulator for wireless sensor networks, MiXiM [33] was created as a merge of multiple OMNeT++ projects. It pro- vides detailed wireless channel model, a high number of networking pro- tocols, both MAC and routing, physical models for multiple radio chips, energy and mobility models and others.
Although the set of capabilities is not complete and many improve- ments can be made, it is the richest WSN focused simulator to our knowl- edge. For example, by default it lacks a sensing model, but we have added one for our project purposes easily.
Based on our previous work [73], we established MiXiM as the simula- tor of choice for our laboratory and a lot of functionality has already been added.
Cooja: Cooja was developed as part of the Contiki OS [20], an alterna- tive to the mainstream TinyOS [40], and is distributed along with it. Cooja is designed as multiple-level of abstraction simulator. That mean it allows for networking level of abstraction via its Java implementation, source code level of abstraction via simply connecting actual Contiki code to the simu- lator through JNI and even instruction level emulation of the code on hard- ware via another simulator, MSPSim [21] that can be connected to Cooja.
However, in the networking level of abstraction, Cooja provides almost no models and protocols ready to use. At the source code level of abstrac- tions, it offers only Contiki specific set of protocols, i.e., those present in the Contiki distribution. On the other hand, it allows for TinyOS code simula- tion as well. However, during our previous work [73], we have discovered several issues with this level of abstraction simulation mainly related to
19
2. STATE OF THE ART
performance, lack of timings and energy model. Finally, Cooja offers a set of additional utilities, e.g., signal ray tracing,
concurrent simulation on three levels of abstraction and a rich GUI. How- ever, due to the aforementioned problems we decided not to use it for our future work.
WSNet: Another, networking level event-driven simulator for wireless sensor network offering an interesting set of functionality is the WSNet [14]. As with other simulators, it allows for detailed node modelling, but adds an environment simulation for wildfire spread simulation together with nodes birth and death support. Additionally, it also offers mobility and battery models as well as a substantial set of networking protocols.
It is a command line based simulator that does include a set of utilities to visualize the topology of the network, a set of MATLAB scripts to visualize the results and a graphical tool to replay the simulation offline.
TOSSIM: Similar to Cooja, TOSSIM [39] is developed as a code level sim- ulator for TinyOS. While sometimes called an emulator for running the ac- tual code, it does not emulate the microcontroller’s instructions.
In order to provide scalability, authors used the probabilistic bit error model for wireless channel. This in turn reduces usability of the simula- tor for low-level protocols. Additionally, there is no mobility and energy model. While some projects for these existed [68], their development and support has been suspended.
Tuan: All previously mentioned and indeed all simulators investigated provide more or less good set of capabilities with possibility for extensions. However, none of them directly supports security modelling. In fact, the only simulator focused on security is the Tuan (named here after its main author as authors have not named it) [81].
This simulation environment enables simulation of several randomized key pre-distribution schemes on WSNs. It offers a set of tools to evaluate the effectiveness of four implemented schemes and a helpful GUI to visualize the results. It also offers attacker models that allow for detailed security evaluation of key management schemes.
The source code is not made public, therefore extensibility is an issue, however it is available upon contacting authors.
Unfortunately, this simulator does not focus on the networking, compu- tational or energy aspect of the simulation and is therefore not suitable for
20
general-purpose protocol evaluation.
2.2.2 Emulators
The term emulation is currently referring to mimicking the underlying hard- ware. The emulator should completely imitate the execution of the binary code on the underlying hardware, while simulation can work on abstract models. This fact also implies slower performance of emulators and thus limits the scalability of such systems.
MSPSim: MSPSim [21] is a firmware level simulator for the Texas Instru- ments MSP430 microcontroller. Additionally, it contains a sensor board sim- ulator that enables simulation of sensors, LEDs, communication ports and other hardware peripherals. MSPSim has a powerful GUI and offers de- bugging fucntionality such as breakpoints or single stepping. It can be in- tegrated into Cooja, thus forming Cooja/MSPSim allowing for cross-level simulation [51] even on the instruction level.
ATEMU: The ATmel EMUlator (ATEMU) [58] provides low-level emula- tion of operation of Atmel microcontroller based sensor nodes. It runs code directly runnable on MICA platform. In addition, authors implemented a GUI debugged for ATEMU called XATDB.
2.2.3 Testbeds
Simulation and emulation reliability depends strongly on the underlying models. To overcome this issue, various testbeds were formed, where au- thors can try out their applications on real hardware. These testbeds pro- vide tools for remote configuration and monitoring of experiments. On the other hand, experiments on testbeds are slow in comparison to simulations, they are not easily repeatable, most of them are paid for and with the free ones one has to wait for allocated time on the platform.
MoteLab: At Harvard, a public web-based sensor network testbed [86] has been formed. Initially, 26 MICA2 motes have been deployed, which were soon replaced by 30 MICAZ motes. Recent report [28] indicates a testbed of 190 Tmote Sky motes. However, the reported web interface was offline at the time of writing this thesis proposal as the lead researcher in the WSN field left Harvard for industry and his projects seem to be dropped.
21
2. STATE OF THE ART
SensorScope: Originally reported in [65], SensorScope started as a long- running experiment for building monitoring. Later on, the nature of the project shifted to large-scale environmental monitoring [5]. Multiple de- ployments have been performed measuring unique meteorological data. While an interesting project with even more interesting results, it is not a publicly accessible testbed for application testing.
2.2.4 Summary
In our previous work [73], we compared evaluation results of a simple IDS on a set of WSN simulators. Our research revealed in-depth inconsistencies between various models defined in all simulators and identified numerous bugs and issues with each examined simulator.
We believe that the best way of improving results from simulators and simulators themselves is for authors of various projects to cooperate. Ide- ally, a small set of competing projects should be contributed to by large groups of authors. This approach would not only improve quality of vari- ous models implementations but also significantly improve functionality of various simulators.
Based on that and adjoined research on WSN evaluation tools that has been briefly summarized above, we have decided to use the OMNeT++ based MiXiM simulator for our future work. MiXiM is a project formed as a merger of multiple smaller projects and we intend to continue in the trend by extending it further.
22
Main research results
I am (co-)author of the following papers from the areas of wireless sensor network security, simulation and evaluation.
In the most recent paper [31], we showed that a previously published paper [15] proposing both key establishment and node authentication pro- tocols actually fails to provide the much needed security. In particular, we showed a number of ways to compromise these protocols. Most signifi- cantly, we showed that established and stored keys are in fact not pairwise. Therefore an attacker capturing a node could reveal keys to links that the captured node is not part of. Additionally, we showed that authentication of messages is not provided in these protocols and thus e.g. exhaustion at- tacks are a threat.
To overcome flaws of these protocols, we proposed two novel protocols that remedy all the found security problems of the previous ones. Our first proposal was based on [15] and reduces both amount of memory neces- sary for storing the keying material as well as length of messages transmit- ted during the protocol execution. Additionally, it provides actual pairwise keys and all important messages are authenticated. The second proposal was a combination of master-key based scheme with the EG scheme. This protocol behaves like the usual randomized pre-distribution scheme with the advantage of the master key that can be used to establish keys between unsuccessful neighbours and other tasks. While memory and communi- cation efficiency varies based on selected parameters, the security of the proposal is well examined by reviews on the building blocks.
In our second major paper [73], we presented a practical research on four open-source simulators, i.e., Castalia, Cooja, MiXiM and WSNet. A di- rect benefit of this work is a comparison of simulators that has never been done before in this combination.
Previously, using a simple test case, we demonstrated that usage of dif- ferent simulators results into different evaluation outcomes even though the simulators were set in the same way, and the same evaluation metrics were used. We compared a number of received packets across the simula-
23
3. MAIN RESEARCH RESULTS
tors. We hypothesized possible factors causing the different outputs, but we did not thoroughly examine them.
For the purposes of [73], we implemented more complex system – an in- trusion detection system. We rigorously examined the simulators and pre- sented our findings regarding the possible sources of the differences. We found numerous differences in models between used simulators, such as different sets of physical models and supported MAC protocols, as well as bugs resulting in major bias in the results. Finally, we evaluated their im- pact on the evaluation of the intrusion detection system.
Based on this research, we also selected the primary simulator for eval- uation of our proposals in our laboratory. This decision was done based on the set of functions provided by the simulator, the set of implemented pro- tocols in the distribution, ease of use and amount of bugs and drawbacks found.
A comprehensive summary of my study results is provided in the Ap- pendix A, p 39.
24
Chapter 4
Future research
Our primary objective is to improve evaluation of key management sys- tems for WSNs from both performance and security perspectives. In order to do so, we will implement and evaluate a representative set of key man- agement schemes into a selected simulator. In our case it will be OMNeT++ based MiXiM simulator. However, our implementation should be MiXiM independent.
In order to select such a representative set we expect to take a represen- tative of each (major) category from a key management taxonomy. We ex- amined current key management scheme taxonomies and it turns out that each taxonomy has its pros and cons. Therefore, we will design a unifying taxonomy, presumably hierarchical or multidimensional in nature, that will serve as our starting point.
Following the selection of schemes to implement, we will add appro- priate models to support key management in OMNeT++ and implement selected schemes themselves. An additional benefit of this and the follow- ing step is a thorough review of selected schemes. As our previous work [31] hinted at, not all published schemes actually work as presented.
In order to evaluate security of implemented proposals, we will add an attacker model to the simulator. We intend to examine currently used attacker models in the field of WSNs, to find a suitable generalization and to propose a new parametrizable attacker model.
Optionally, in order to evaluate memory requirements of selected pro- tocols, mainly with respect to their associated infrastructure, we will imple- ment selected proposals into the TinyOS.
Optionally, and especially if our analysis reveals unexplored areas in the key management taxonomy space and/or errors in existing schemes, we might design new and/or improve existing key management schemes, such as in [31].
25
The time schedule of our future work:
1. In-depth examination of existing key management scheme taxonomies and proposal of a unifying key management scheme taxonomy. (Tar- get date: Spring 2013.)
2. Selection of suitable set of protocols and implementation of support infrastructure in OMNeT++. (Target date: Summer 2013.)
3. Implementation of selected protocols in OMNeT++. (Target date: End of 2013.)
4. Introduction of a generalized attacker model and its implementation in OMNeT++. (Target date: Spring 2014.)
5. Security and performance evaluation of selected protocols. (Target date: End of 2014.)
6. Optional implementation of selected proposals in TinyOS and their evaluation mainly from their infrastructure implementation memory requirements point of view. (Target date: Winter 2014/2015.)
7. Optional proposal and evaluation of new key management scheme(s). (No specific target date set.)
• We have already designed one scheme in [31].
Expected submission of the dissertation: Winter 2014/2015.
26
Bibliography
[1] Abdullah Al-Dhelaan. Pairwise key establishment scheme for hypercube-based wireless sensor networks. In Proceedings of the 15th WSEAS international conference on Computers, pages 104–110, Stevens Point, Wisconsin, USA, 2011. World Scientific and Engineer- ing Academy and Society (WSEAS).
[2] Cristina Alcaraz, Javier Lopez, Rodrigo Roman, and Hsiao-Hwa Chen. Selecting key management schemes for wsn applications. Computers & Security, 31(8):956 – 966, 2012.
[3] Giuseppe Anastasi, Marco Conti, Mario Di Francesco, and Andrea Pas- sarella. Energy conservation in wireless sensor networks: A survey. Ad Hoc Networks, 7(3):537 – 568, 2009.
[4] Ross Anderson, Haowen Chan, and Adrian Perrig. Key infection: Smart trust for smart dust. In Proceedings of the 12th IEEE Interna- tional Conference on Network Protocols, pages 206–215, Washington, DC, USA, 2004. IEEE Computer Society.
[5] Guillermo Barrenetxea, Francois Ingelrest, Gunnar Schaefer, Martin Vetterli, Olivier Couach, and Marc Parlange. Sensorscope: Out-of-the- box environmental monitoring. In Proceedings of the 7th international conference on Information processing in sensor networks, IPSN ’08, pages 332–343, Washington, DC, USA, 2008. IEEE Computer Society.
[6] Rolf Blom. An optimal class of symmetric key generation systems. In Thomas Beth, Norbert Cot, and Ingemar Ingemarsson, editors, Ad- vances in Cryptology, volume 209 of Lecture Notes in Computer Sci- ence, pages 335–338. Springer Berlin / Heidelberg, 1985.
[7] Dan Boneh and Matt Franklin. Identity-based encryption from the weil pairing. In Joe Kilian, editor, Advances in Cryptology – CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 213–229. Springer Berlin / Heidelberg, 2001.
27
[8] Thais R. M. Braga, Fabrcio Silva, Linnyer B. Ruiz, and Jose Marcos S. Nogueira. MannaSim: a framework to the simulation of wireless sen- sors networks (in portuguese). Electronics Magazine of Undergrad- uate Scientific Research of the Brazilian Computer Science Society (REIC), September 2004.
[9] David W. Carman, Peter S. Kruus, and Brian J. Matt. Constraints and approaches for distributed sensor network security (final). DARPA Project report,(Cryptographic Technologies Group, Trusted Informa- tion System, NAI Labs), 1:1, 2000.
[10] Seyit A. Camtepe and Bulent Yener. Combinatorial design of key dis- tribution mechanisms for wireless sensor networks. In Pierangela Samarati, Peter Ryan, Dieter Gollmann, and Refik Molva, editors, Computer Security – ESORICS 2004, volume 3193 of Lecture Notes in Computer Science, pages 293–308. Springer Berlin Heidelberg, 2004.
[11] Seyit A. Camtepe and Bulent Yener. Combinatorial design of key dis- tribution mechanisms for wireless sensor networks. IEEE/ACM Trans. Netw., 15(2):346–358, April 2007.
[12] Haowen Chan and Adrian Perrig. Pike: peer intermediaries for key establishment in sensor networks. In INFOCOM 2005: Proceedings of 24th Annual Joint Conference of the IEEE Computer and Communica- tions Societies, volume 1, pages 524 – 535, March 2005.
[13] Haowen Chan, Adrian Perrig, and Dawn Song. Random key predistri- bution schemes for sensor networks. In 2003 Symposium on Security and Privacy, pages 197 – 213, May 2003.
[14] Guillaume Chelius, Antoine Fraboulet, and Eric Fleury. Worldsens: a fast and accurate development framework for sensor network appli- cations. In ACM symposium on Applied computing, SAC ’07, pages 222–226, New York, NY, USA, 2007. ACM.
[15] Oscar Delgado-Mohatar, Jose Sierra, Ljiljana Brankovic, and Amparo Fuster-Sabater. An energy-efficient symmetric cryptography based au- thentication scheme for wireless sensor networks. In Pierangela Sama- rati et al., editors, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices, volume 6033 of Lecture Notes in Computer Science, pages 332–339. Springer Berlin / Heidelberg, 2010.
28
[16] Roberto Di Pietro, Luigi V. Mancini, Yee Wei Law, Sandro Etalle, and Paul Havinga. LKHW: a directed diffusion-based secure multicast scheme for wireless sensor networks. In Parallel Processing Work- shops, 2003. Proceedings. 2003 International Conference on, pages 397–406, October 2003.
[17] David M. Doolin and Nicholas Sitar. Wireless sensors for wildfire mon- itoring. In Smart Structures and Materials, pages 477–484. Interna- tional Society for Optics and Photonics, 2005.
[18] Wenliang Du, Jing Deng, Yunghsiang S. Han, Pramod K. Varshney, Jonathan Katz, and Aram Khalili. A pairwise key predistribution scheme for wireless sensor networks. ACM Trans. Inf. Syst. Secur., 8:228–258, May 2005.
[19] Wenliang Du, Jing Deng, Yunghsidng S. Han, Shigang Chen, and Pramod K. Varshney. A key management scheme for wireless sensor networks using deployment knowledge. In INFOCOM 2004. Twenty- third Annual Joint Conference of the IEEE Computer and Communi- cations Societies, volume 1, March 2004.
[20] A. Dunkels, B. Gronvall, and T. Voigt. Contiki – a lightweight and flexible operating system for tiny networked sensors. In IEEE Interna- tional Conference on Local Computer Networks, pages 455–462, Los Alamitos, CA, USA, 2004. IEEE Computer Society.
[21] Joakim Eriksson, Adam Dunkels, Niclas Finne, Fredrik Osterlind, and Thiemo Voigt. Mspsim – an extensible simulator for msp430-equipped sensor boards. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), Poster/Demo session, Delft, The Nether- lands, January 2007.
[22] Laurent Eschenauer and Virgil D. Gligor. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM con- ference on Computer and communications security, CCS ’02, pages 41–47, New York, NY, USA, 2002. ACM.
[23] Gunnar Gaubatz, Jens-Peter Kaps, and Berk Sunar. Public key cryptog- raphy in sensor networks – revisited. In Proceedings of the First Euro- pean conference on Security in Ad-hoc and Sensor Networks, ESAS’04, pages 2–18, Berlin, Heidelberg, 2005. Springer-Verlag.
29
[24] Nils Gura, Arun Patel, Arvinderpal Wander, Hans Eberle, and Sheuel- ingChang Shantz. Comparing elliptic curve cryptography and rsa on 8-bit cpus. In Marc Joye and Jean-Jacques Quisquater, editors, Crypto- graphic Hardware and Embedded Systems - CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages 119–132. Springer Berlin Heidelberg, 2004.
[25] Thomas Riisgaard Hansen, J. Mikael Eklund, Jonathan Sprinkle, Ruzena Bajcsy, and Shankar Sastry. Using smart sensors and a cam- era phone to detect and verify the fall of elderly persons. In European Medicine, Biology and Engineering Conference, 2005.
[26] Qiang Huang, Johnas Cukier, Hisashi Kobayashi, Bede Liu, and Jinyun Zhang. Fast authenticated key establishment protocols for self- organizing sensor networks. In Proceedings of the 2nd ACM inter- national conference on Wireless sensor networks and applications, WSNA ’03, pages 141–150, New York, NY, USA, 2003. ACM.
[27] Imote2 Datasheet, 2013. [Online; accessed 1/10/2013]. URL: http://bullseye.xbow.com:81/Products/Product_pdf_ files/Wireless_pdf/Imote2_Datasheet.pdf.
[28] Muhammad Imran, Abas Md Said, and Halabi Hasbullah. A survey of simulators, emulators and testbeds for wireless sensor networks. In International Symposium in Information Technology (ITSim 2010), volume 2, pages 897–902. IEEE, 2010.
[29] Gaurav Jolly, Mustafa C. Kuscu, Pallavi Kokate, and Mohamed Younis. A low-energy key management protocol for wireless sensor networks. In Proceedings of the Eighth IEEE International Symposium on Com- puters and Communications, ISCC ’03, pages 335–340, Washington, DC, USA, 2003. IEEE Computer Society.
[30] JProwler, 2013. [Online; accessed 1/10/2013]. URL: http://w3. isis.vanderbilt.edu/projects/nest/jprowler/.
[31] Filip Jurnecka and Vashek Matyas. A better way towards key estab- lishment and authentication in wireless sensor networks. In Proceed- ings of the 8th international conference on Mathematical and Engi- neering Methods in Computer Science, MEMICS’12, pages 131–142, Berlin, Heidelberg, 2013. Springer-Verlag.
[32] Elisavet Konstantinou. Efficient cluster-based group key agreement protocols for wireless ad hoc networks. Journal of Network and Com- puter Applications, 34(1):384 – 393, 2011.
[33] A. Kopke, M. Swigulski, K. Wessel, D. Willkomm, P. T. Klein Haneveld, T. E. V. Parker, O. W. Visser, H. S. Lichte, and S. Valentin. Simulating wireless and mobile networks in omnet++ the mixim vision. In Con- ference on Simulation tools and techniques for communications, net- works and systems & workshops, Simutools ’08, pages 71:1–71:8, ICST, Brussels, Belgium, 2008. ICST.
[34] Bo-Cheng Charles Lai, David D. Hwang, Sungha Pete Kim, and Ingrid Verbauwhede. Reducing radio energy consumption of key manage- ment protocols for wireless sensor networks. In Proceedings of the 2004 international symposium on low power electronics and design, ISLPED ’04, pages 351–356, New York, NY, USA, 2004. ACM.
[35] Bocheng Lai, Sungha Kim, and Ingrid Verbauwhede. Scalable session key construction protocol for wireless sensor networks. In In IEEE Workshop on Large Scale RealTime and Embedded Systems (LARTES, page 7, 2002.
[36] Hwaseong Lee, Yong Ho Kim, Dong Hoon Lee, and Jongin Lim. Clas- sification of key management schemes for wireless sensor networks. In Proceedings of the APWeb/WAIM 2007 DBMAN, WebETrends, PAIS and ASWAN international workshops on Advances in Web and Network Technologies, and Information Management, pages 664–673, Berlin, Heidelberg, 2007. Springer-Verlag.
[37] Jooyoung Lee and Douglas Stinson. Deterministic key predistribution schemes for distributed sensor networks. In Helena Handschuh and M. Hasan, editors, Selected Areas in Cryptography, volume 3357 of Lecture Notes in Computer Science, pages 294–307. Springer Berlin / Heidelberg, 2005.
[38] Sang Hyuk Lee, Soobin Lee, Heecheol Song, and Hwang Soo Lee. Wireless sensor network design for tactical military applications: re- mote large-scale environments. In Proceedings of the 28th IEEE con- ference on Military communications, MILCOM’09, pages 911–917, Pis- cataway, NJ, USA, 2009. IEEE Press.
[39] Philip Levis, Nelson Lee, Matt Welsh, and David Culler. Tossim: ac- curate and scalable simulation of entire tinyos applications. In Pro-
31
ceedings of the 1st international conference on Embedded networked sensor systems, SenSys ’03, pages 126–137, New York, NY, USA, 2003. ACM.
[40] Philip Levis, Samuel Madden, Joseph Polastre, Robert Szewczyk, Kamin Whitehouse, Alec Woo, David Gay, Jason Hill, Matt Welsh, Eric Brewer, and David Culler. Tinyos: An operating system for sensor net- works. In Werner Weber, JanM. Rabaey, and Emile Aarts, editors, Am- bient Intelligence, pages 115–148. Springer Berlin Heidelberg, 2005.
[41] An Liu and Peng Ning. Tinyecc: A configurable library for elliptic curve cryptography in wireless sensor networks. In Proceedings of the 7th international conference on Information processing in sensor networks, IPSN ’08, pages 245–256, Washington, DC, USA, 2008. IEEE Computer Society.
[42] David J. Malan, Matt Welsh, and Michael D. Smith. Implementing public-key infrastructure for sensor networks. ACM Trans. Sen. Netw., 4(4):22:1–22:23, September 2008.
[43] Keith M. Martin, Maura B. Paterson, and Douglas R. Stinson. Key pre- distribution for homogeneous wireless sensor networks with group deployment of nodes. ACM Trans. Sen. Netw., 7(2):11:1–11:27, Septem- ber 2010.
[44] MATLAB, 2013. [Online; accessed 1/10/2013]. URL: http://www. mathworks.com/products/matlab/.
[45] Memsic, inc., 2013. [Online; accessed 1/10/2013]. URL: http://www. memsic.com/.
[46] MICA2 Datasheet, 2013. [Online; accessed 1/10/2013]. URL: http://bullseye.xbow.com:81/Products/Product_pdf_ files/Wireless_pdf/MICA2_Datasheet.pdf.
[47] MICAz Datasheet, 2013. [Online; accessed 1/10/2013]. URL: http://bullseye.xbow.com:81/Products/Product_pdf_ files/Wireless_pdf/MICAz_Datasheet.pdf.
[48] L. Nachman, J. Huang, J. Shahabdeen, R. Adler, and R. Kling. IMOTE2: Serious Computation at the Edge. In IWCMC ’08: 2008 International Wireless Communications and Mobile Computing Conference, pages 1118 –1123, August 2008.
[50] Leonardo B. Oliveira, Diego F. Aranha, Conrado P. L. Gouvea, Michael Scott, Danilo F. Cmara, Julio Lopez, and Ricardo Dahab. TinyPBC: Pairings for authenticated identity-based non-interactive key distribu- tion in sensor networks. Computer Communications, 34(3):485–493, March 2011.
[51] Fredrik Osterlind, Adam Dunkels, Joakim Eriksson, Niclas Finne, and Thiemo Voigt. Cross-level sensor network simulation with cooja. In Proceedings of the First IEEE International Workshop on Practi- cal Issues in Building Sensor Network Applications (SenseApp 2006), Tampa, Florida, USA, November 2006.
[52] S. Ozdemir and O. Khalil. Performance evaluation of key manage- ment schemes in wireless sensor networks. Gazi University Journal of Science, 25(2):465–476, 2012.
[53] Sung Park, Andreas Savvides, and Mani B. Srivastava. Sensorsim: a simulation framework for sensor networks. In Proceedings of the 3rd ACM international workshop on Modeling, analysis and simulation of wireless and mobile systems, MSWIM ’00, pages 104–111, New York, NY, USA, 2000. ACM.
[54] Maura B. Paterson and Douglas R. Stinson. A unified approach to com- binatorial key predistribution schemes for sensor networks. Designs, Codes and Cryptography, pages 1–25, 2012.
[55] Enrico Perla, Art O Cathain, Ricardo Simon Carbajo, Meriel Huggard, and Ciaran Mc Goldrick. Powertossim z: realistic energy modelling for wireless sensor network environments. In Proceedings of the 3nd ACM workshop on Performance monitoring and measurement of het- erogeneous wireless and wired networks, PM2HW2N ’08, pages 35– 42, New York, NY, USA, 2008. ACM.
[56] Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, and David E. Culler. Spins: security protocols for sensor networks. Wireless Net- works, 8:521–534, September 2002.
[57] Hai N Pham, Dimosthenis Pediaditakis, and Athanassios Boulis. From simulation to real deployments in WSN and back. In IEEE Symposium
on World of Wireless, Mobile and Multimedia Networks, WoWMoM ’07, pages 1–6. IEEE, 2007.
[58] J. Polley, D. Blazakis, J. McGee, D. Rusk, and J.S. Baras. Atemu: A fine-grained sensor network simulator. In First Annual IEEE Commu- nications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004, pages 145–152. IEEE, 2004.
[59] Gyorgy Pongor. Omnet: Objective modular network testbed. In MAS- COTS ’93: Proceedings of the International Workshop on Modeling, Analysis, and Simulation On Computer and Telecommunication Sys- tems, pages 323–326, San Diego, CA, USA, 1993. The Society for Com- puter Simulation, International.
[60] Gregory J. Pottie and William J. Kaiser. Wireless integrated network sensors. Commun. ACM, 43(5):51–58, May 2000.
[61] Khadija Rasul, Nujhat Nuerie, and Al-Sakib Khan Pathan. An en- hanced tree-based key management scheme for secure communication in wireless sensor network. In Proceedings of the 2010 IEEE 12th Inter- national Conference on High Performance Computing and Communi- cations, HPCC ’10, pages 671–676, Washington, DC, USA, 2010. IEEE Computer Society.
[62] Kui Ren, Kai Zeng, and Wenjing Lou. A new approach for random key pre-distribution in large-scale wireless sensor networks. Wireless Communications and Mobile Computing, 6(3):307–318, 2006.
[63] Rodrigo Roman, Javier Lopez, Cristina Alcaraz, and Hsiao-Hwa Chen. Sensekey – simplifying the selection of key management schemes for sensor networks. In Proceedings of the 2011 IEEE Workshops of Inter- national Conference on Advanced Information Networking and Ap- plications, WAINA ’11, pages 789–794, Washington, DC, USA, 2011. IEEE Computer Society.
[64] Rodrigo Roman, Jianying Zhou, and Javier Lopez. Applying intru- sion detection systems to wireless sensor networks. In IEEE Consumer Communications & Networking Conference (CCNC 2006), pages 640– 644, Las Vegas (USA), January 2006. IEEE, IEEE.
[65] Thomas Schmid, Henri Dubois-ferriere, and Martin Vetterli. Sen- sorscope: Experiences with a wireless building monitoring sensor net- work. In First Workshop on Real-World Wireless Sensor Networks (REALWSN’05), 2005.
34
[66] Adi Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO’84 on Advances in cryptology, pages 47–53, New York, NY, USA, 1985. Springer-Verlag New York, Inc.
[67] V. Shnayder, B. Chen, K. Lorincz, T.R.F.F. Jones, and M. Welsh. Sensor networks for medical care. In Conference On Embedded Networked Sensor Systems: Proceedings of the 3rd international conference on Embedded networked sensor systems, volume 2, pages 314–314, 2005.
[68] Victor Shnayder, Mark Hempstead, Bor-rong Chen, Geoff Werner Allen, and Matt Welsh. Simulating the power consumption of large- scale sensor network applications. In Proceedings of the 2nd inter- national conference on Embedded networked sensor systems, SenSys ’04, pages 188–200, New York, NY, USA, 2004. ACM.
[69] Gyula Simon, Peter Volgyesi, Miklos Maroti, and Akos Ledeczi. Simulation-based optimization of communication protocols for large- scale wireless sensor networks. In 2003 IEEE Aerospace Conference, volume 3, pages 1339 – 1346, March 2003.
[70] Marcos A. Simplcio, Jr., Paulo S. L. M. Barreto, Cintia B. Margi, and Tereza C. M. B. Carvalho. A survey on key management mechanisms for distributed wireless sensor networks. Comput. Netw., 54(15):2591– 2612, October 2010.
[71] SIMULINK, 2013. [Online; accessed 1/10/2013]. URL: http://www. mathworks.com/products/simulink/.
[72] Frank Stajano, Dan Cvrcek, and Matt Lewis. Steel, cast iron and con- crete: security engineering for real world wireless sensor networks. In Proceedings of the 6th international conference on Applied cryptog- raphy and network security, ACNS’08, pages 460–478, Berlin, Heidel- berg, 2008. Springer-Verlag.
[73] Andriy Stetsko, Tobias Smolka, Vashek Matyas, and Filip Jurnecka. On the credibility of wireless sensor network simulations: evaluation of intrusion detection system. In Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques, SIMUTOOLS ’12, pages 75–84, ICST, Brussels, Belgium, Belgium, 2012. ICST (In- stitute for Computer Sciences, Social-Informatics and Telecommuni- cations Engineering).
[74] Piotr Szczechowiak, Anton Kargl, Michael Scott, and Martin Collier. On the application of pairing based cryptography to wireless sensor networks. In Proceedings of the second ACM conference on Wireless network security, WiSec ’09, pages 1–12, New York, NY, USA, 2009. ACM.
[75] Piotr Szczechowiak, Leonardo B. Oliveira, Michael Scott, Martin Col- lier, and Ricardo Dahab. Nanoecc: Testing the limits of elliptic curve cryptography in sensor networks. In Roberto Verdone, editor, Wireless Sensor Networks, volume 4913 of Lecture Notes in Computer Science, pages 305–320. Springer Berlin Heidelberg, 2008.
[76] TelosB Datasheet, 2013. [Online; accessed 1/10/2013]. URL: http://bullseye.xbow.com:81/Products/Product_pdf_ files/Wireless_pdf/TelosB_Datasheet.pdf.
[77] Andras Varga. Using the omnet++ discrete event simulation system in education. volume 42, page 372, 1999.
[78] Natalija J. Vlajic and Dawei Xia. Wireless sensor networks: To cluster or not to cluster? In Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, WOW- MOM ’06, pages 258–268, Washington, DC, USA, 2006. IEEE Computer Society.
[79] Petr Svenda and Vashek Matyas. Authenticated key exchange with group support for wireless sensor networks. In Mobile Adhoc and Sensor Systems, 2007. MASS 2007. IEEE Internatonal Conference on, pages 1 –6, 2007.
[80] Tuan Manh Vu, Reihaneh Safavi-Naini, and Carey Williamson. Se- curing wireless sensor networks against large-scale node capture at- tacks. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’10, pages 112– 123, New York, NY, USA, 2010. ACM.
[81] Tuan Manh Vu, Carey Williamson, and Reihaneh Safavi-Naini. Sim- ulation modeling of secure wireless sensor networks. In Proceedings of the Fourth International ICST Conference on Performance Evalu- ation Methodologies and Tools, VALUETOOLS ’09, pages 30:1–30:10, ICST, Brussels, Belgium, Belgium, 2009. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).
[82] Arvinderpal S. Wander, Nils Gura, Hans Eberle, Vipul Gupta, and Sheueling Chang Shantz. Energy analysis of public-key cryptogra- phy for wireless sensor networks. In Proceedings of the Third IEEE International Conference on Pervasive Computing and Communica- tions, PERCOM ’05, pages 324–328, Washington, DC, USA, 2005. IEEE Computer Society.
[83] Yong Wang, Garhan Attebury, and Byrav Ramamurthy. A survey of security issues in wireless sensor networks. Commun. Surveys Tuts., 8(2):2–23, April 2006.
[84] Ronald Watro, Derrick Kong, Sue-fen Cuti, Charles Gardiner, Charles Lynn, and Peter Kruus. Tinypk: securing sensor networks with public key technology. In Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, SASN ’04, pages 59–64, New York, NY, USA, 2004. ACM.
[85] Andre Weil. Sur les fonctions algebriques a corps de constantes finis. Les Comptes rendus de l’Academie des sciences, 210:592–594, 1940.
[86] Geoffrey Werner-Allen, Patrick Swieskowski, and Matt Welsh. Mote- lab: a wireless sensor network testbed. In Proceedings of the 4th inter- national symposium on Information processing in sensor networks, IPSN ’05, Piscataway, NJ, USA, 2005. IEEE Press.
[87] Mohamed F. Younis, Kajaldeep Ghumman, and Mohamed Eltoweissy. Location-aware combinatorial key management scheme for clustered sensor networks. IEEE Trans. Parallel Distrib. Syst., 17(8):865–882, Au- gust 2006.
[88] Zhen Yu and Yong Guan. A key pre-distribution scheme using de- ployment knowledge for wireless sensor networks. In Proceedings of the 4th international symposium on Information processing in sensor networks, IPSN ’05, Piscataway, NJ, USA, 2005. IEEE Press.
[89] Zhen Yu and Yong Guan. A key management scheme using deploy- ment knowledge for wireless sensor networks. IEEE Trans. Parallel Distrib. Syst., 19(10):1411–1425, October 2008.
[90] Junqi Zhang and Vijay Varadharajan. Wireless sensor network key management survey and taxonomy. Journal of Network and Com- puter Applications, 33(2):63 – 75, 2010.
37
[91] Yongguang Zhang and Wenke Lee. Intrusion detection in wireless ad- hoc networks. In Proceedings of the 6th annual international confer- ence on Mobile computing and networking, MobiCom ’00, pages 275– 283, New York, NY, USA, 2000. ACM.
[92] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap: efficient security mechanisms for large-scale distributed sensor networks. In Proceed- ings of the 10th ACM conference on Computer and communications security, CCS ’03, pages 62–72, New York, NY, USA, 2003. ACM.
[93] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap+: Efficient security mechanisms for large-scale distributed sensor networks. ACM Trans. Sen. Netw., 2(4):500–528, November 2006.
38
Summary of study results
I am the main author of the following article for a Czech journal focusing on possible frauds in web-based applications:
• Filip Jurnecka and Vashek Matyas. 2011. Loterie pres webove rozhran (in English: Lottery via the web interface). DSM – data security man- agement, Volume 2011, Issue 3, pages 34-38. TATE International, Prague.
Additionally, I have contributed to the following papers by implemen- tations and discussions:
• Jir Kur, Vashek Matyas, Andriy Stetsko, and Petr Svenda. 2011. At- tack detection vs. privacy — how to find the link or how to hide it?. In Proceedings of the 19th International Workshop on Security Proto- cols (SP’11). Springer-Verlag, Berlin, Heidelberg, 189-199.
• Andriy Stetsko, Martin Stehlk, and Vashek Matyas. 2011. Calibrating and Comparing Simulators for Wireless Sensor Networks. In Proceed- ings of the 2011 IEEE Eighth International Conference on Mobile Ad- Hoc and Sensor Systems (MASS ’11). IEEE Computer Society, Wash- ington, DC, USA, 733-738.
• Jan Bouda, Jan Krhovjak, Vashek Matyas, and Petr Svenda. 2009. To- wards True Random Number Generation in Mobile Environments. In Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age (NordSec ’09). Springer-Ver- lag, Berlin, Heidelberg, 179-189.
I am involved in wireless sensor networks security research projects for the Czech Ministry of the Interior and Czech Science Foundation. I am a co-author of multiple reports, implementations and proposals for these projects.
39
A. SUMMARY OF STUDY RESULTS
As part of my study, I also participated in the following events:
• Conference “MKB’10, ’11, ’12 – Santa’s Crypto Get-Together”, Praha, 2010, 11, 12. (Member of the organizing committee)
• Conference “MEMICS’12 – Eighth Doctoral Workshop on Mathemat- ical and Engineering Methods in Computer Science”, Znojmo, Czech Republic, 10/2012. (With own presentation “A Better Way towards Key Establishment and Authentication in Wireless Sensor Networks”)
• Conference “EurOpen.CZ”, Zeliv, 2011.
I helped with preparations, lectures, seminars and exercises of Intro- duction to Development in C#/.NET (PV178) in 2011 and 2012, exercises of Applied Cryptography (PV079) in 2011 and 2012, seminars and exercises of Seminar on Design of Algorithm (PB164) in 2012, lectures of Laboratory of security and applied cryptography I (PV181) in 2012 and Laboratory of security and applied cryptography II (PV204) in 2012. I have also helped with Authentication and Access Control (PV157) and Data Protection and Information Privacy (PV080). Finally, I supervised two bachelor theses and currently am supervising two more.
I successfully passed all attended courses focused mainly on IT secu- rity and presentation skills: Postgraduate seminar on IT security and cryp- tography (PA168), Advanced Topics in Information Technology Security (PA018), Laboratory of security and applied cryptography I (PV181), Se- curity analysis of network traffic (PV210), English for Academic Purposes (post-graduate) (VV041) and Academic Writing in English (VV043).
40
Introduction
Key management schemes' properties