Content uploaded by Gaurav Indra
Author content
All content in this area was uploaded by Gaurav Indra on Nov 16, 2014
Content may be subject to copyright.
An ECC-Time Stamp based Mutual Authentication
and Key Management Scheme for WSNs
Gaurav Indra@ Renu Taneja#
@ Department of Software Engineering, # Department of Information Technology,
Delhi Technological University Bharati Vidyapeeth’s College of Engineering,
New Delhi, India New Delhi, India
gaurav.indra.dtu@gmail.com renu.taneja.bvcoe@gmail.com
Abstract – Although the security in WSNs is currently being
provided through mostly Symmetric Key Cryptography but still
Public Key Cryptography plays a vital role in providing security
in secure communication in a Wireless Sensor Netw ork. Due to
the memory constraints in wireless sensor nodes, the proposed
protocols in the literature are based on the idea of pre-distribution
of keys before the deployment of the WSNs but are not able to
achieve perfect secrecy and also face the key management
problem in large scale WSNs. Whereas Asymmetric Key
Cryptography offers a flexible but clean interface for the security
component in the WSNs. This paper proposes a new mutual
authentication and key management sche me for a particular
session between any two corresponding nodes of a WSN based on
Elliptic Curve Cryptography with a novel time stamp mechanism.
Keywords – Public Key Cryptography, Symmetric Key Cryptography,
Asymmetric Key Cryptography, Ad-hoc Networks, Elliptic Curve
Cryptography, Wireless Sensor Networks, Time Stamp Mechanism,
Key Management Scheme
I. INTRODUCTION
A Wireless Sensor Network (WSN) consists of spatially
dispersed and dedicated autonomous wireless sensors to
cooperatively monitor the physical or environmental conditions
in a habitat such as temperature, sound, vibration, pressure,
motion or pollutants [3][6][7]. A sensor network normally
constitutes a wireless ad-hoc network, meaning that each
sensor supports a multi-hop routing algorithm where the
autonomous sensor nodes function as forwarders, relaying
information in the form of data packets to a central location
termed as a base station [4].
A secure and efficient authenticated group key agreement
protocol for WSNs had already been suggested in the literature,
using node-ID and bilinear pairings which are immune against
the passive, active and node compromised attacks, ensuring the
backward and forward security with improved network
computing complexity [10] but the proposed scheme added a
little but significant communication burden, so there was a
need to work on a new authentication and key management
scheme that could provide efficient security at the cost of little
resources. WSNs are complex network structures with the
constrained memory and computational resources and security
benchmarks in a spatially distributed Wireless Sensor Network
includes the vital factors such as energy efficiency, an efficient
Public Key Cryptosystem, tamper resistance and multilayer
defence for Sensor Network Protocol Stack [4][6][8].
This paper proposes a novel Mutual Authentication and
Key Management Scheme based on Elliptic Curve
Cryptography and a unique Session Time Stamp Mechanism
for a particular communication session established between
two corresponding sensor nodes in a spatially dispersed WSN
ensuring communication confidentiality for the respective
session transactions such as Session IDs, Node Signature,
Identity Signature and Common Session Key, thus efficiently
optimizing the usage of constrained memory resources and
hence improves the computational performance. The proposed
scheme efficiently resists many attacks from both attackers
(internal or external) and intruders while keeping low
computational and communicational overhead by making the
use of an efficient but a significantly smaller 160-bit ECC key.
Characteristic Modules of the Proposed Scheme:
1. Mutual Agreed Key Generation & Exchange
2. Time Stamp Generation
3. Identity Signature Generation
4. Identity Exchange & Signature Verification
5. Password Generation
6. Node Signature Generation
7. Node Signature Verification
8. Common Session Key Generation
9. Elliptic Curve Data Encryption Scheme
10. Elliptic Curve Data Authentication Scheme
The rest of the paper is organized as follows:
Section II: Benefits of ECC & Time Stamp Mechanism,
Section III: Notation Used, Section IV: Proposed Work,
Section V: Security Analysis, Section VI: Performance
Analysis, Section VII: Conclusion &Section VIII: Future Work
II. BENEFITS OF ECC & TIME STAMP MECHANISM
Implementation of Public Key Cryptography Schemes
poses numerous challenges in the domain of WSNs because of
the constrained memory and limited computing resources
which in turn play a pivot role in an efficient but unique
Session Random Key Generation. Elliptic Curve Arithmetic in
Public Key Cryptography is one of the best techniques because
of its highly secure but significantly smaller key size [1] and
can be very efficiently implemented in an available EEPROM
with minimum utilization of available ROM, and as a
consequence of it no additional hardware component in the
form of neither extra ROM/RAM nor any Arithmetic
Coprocessor is required to speed up the generation of an unique
Session Key Pair and unique Sensor Node IDs provided an
efficient Random Number Generator is available and employed
within the same [6][7].
Time Stamp Mechanism is introduced in the proposed
scheme in order to make the scheme independent of the
Synchronous or Asynchronous behaviour of the local clocks
deployed in the Wireless Sensor Nodes in a hostile
environment thus improving the scalability, security and
flexibility of those Sensor Nodes [9]. This mechanism also
2013 27th International Conference on Advanced Information Networking and Applications Workshops
978-0-7695-4952-1/13 $26.00 © 2013 IEEE
DOI 10.1109/WAINA.2013.52
883
provides the option of Dynamic Counter Allocation with
variable counter size which means less memory utilization and
improved performance.
Figure 1: Asynchronized Local Clocks of A, B & C, A’s Local
Clock Faster than B’s, C’s Local Clock Slower th an B’s
III. NOTATION USED
The proposed scheme uses the following notation of ECC
Domain Parameters over F2
m and is summarized as below:
D = (q, F2
m, a, b, P, n, h, TS) , where
¾ q : prime power, that is q = p or q = 2m, where p is a
prime.
¾ F2
m : field representation of the method used for
representing field elements ∈ Fq.
¾ a, b : field elements, they specify the equation of the
elliptic curve E over Fq,
y2 = x3 + ax + b.
¾ P : Random Base Point represented by P = (xp, yp) on
E (F2
m).
¾ n : Order of point P, where n is the smallest positive
integer such that nP = O also satisfying the condition
that n is a large prime number.
¾ h : Cofactor, and is respectively equal to the ratio
#E(F2
m)/n, where #E(F2
m) is the curve order.
¾ TS: Threshold Session Time Interval for a particular
session between two participants’ viz. node A & B.
The proposed work, to describe the Mutual Authentication
and Key Management Scheme which includes notations for
time stamping parameters and parameters used for Elliptic
Curve Cryptographic operations, uses the following notations:
A, B: participants, i.e. communicating nodes in a
particular session.
Kab : secret mutual agreed key, shared between the
participating nodes A and B in a particular session for
the purpose of sharing unique identities and the time
stamps during the initial key exchange process where
Kab = (Kx,Ky) is a base point representation on the
elliptic curve E (F2
m).
Km : secret mutual agreed key, shared between the
participating nodes A and B in a particular session for
the purpose of authenticating each other mutually
where Km = (K’
x,Ky
’) is a base point representation on
the elliptic curve E (F2
m).
KS : common session key generated for the purpose of
transmitting and receiving the encrypted data packets
and the message blocks during the authentication
encryption phase of the proposed scheme where KS =
(K’’
x,Ky
’’) is a base point representation on the elliptic
curve E (F2
m).
QK: common and intermediate mutually agreed
parameter where QK = da d
b P.
ka , kb and da , db : pairs of random numbers generated
by participating nodes A and B respectively at their
ends and da , db and ka , kb ∈ [1, n – 1].
KDF ( ): Key Derivation Function which derives
cryptographic keys from a shared key.
B: bit variable which denotes “0” or “1” packet that
means even or odd packet.
Ti: current time stamp, Ti = T0 + i.T
T0: starting time of a time interval of a particular
session established between two participating nodes.
t: maximum local clock error in a participating node.
i: variable, such that i {- …..-2, -1 ,0, 1, 2,……+ }
T: time interval of a particular session
Tdelay : time delay in arrival of packet from one
participating node to another during communication in
a particular session.
Cab: counter maintained by node A when a session is
established between node A & B.
Cba: counter maintained by a node B when a session is
established between node B & A.
IDA and IDB: corresponding unique identities
generated by the corresponding nodes A and B for
secure communication in a session.
x: secret unique password generated simultaneously
by nodes A and B for secure communication in a
session.
ENC(k, M) and DEC(k, M) : private key encryption
and decryption respectively of the message block M
with the private key k.
MACK (Message M): Message Authentication Code of
the Message Block M with key K.
Ti || Ca : concatenation of the current time stamp of
participating nodes and counter maintained by node A
itself.
SHA_1 (Message M): 160 bit hash function for the
Message Block M.
884
IV. PROPOSED SCHEME
Consider a scenario where a Cluster Manager is responsible
for collecting information from the sensor nodes within its
cluster and forwarding it to a Sink Node. It also distributes the
unique IDs to its cluster nodes and maintains the database of
those IDs.
Figure 2: Clustered Architecture of a WSN
Consider the Nth Cluster of such a WSN where two sensor
nodes viz. Node A and Node B want to communicate and
exchange some critical information among them. Before the
establishment of session between the two, the Cluster Manager
of that cluster securely distributes the unique IDs to the
respective sensor nodes. After the distribution of IDs, the
participating Sensor Node A generates the ECC domain
parameters D = (q, F2
m, a, b, P, n, h, TS) over F2
m and then
make these parameters public by transmitting these parameters
to another Sensor Node B in a secure manner. Once the ECC
domain parameters are made public, the session among the
respective participating nodes A & B is created and then the
following characteristic phases are followed in a sequential
manner and are described as follows:
Phase I: Mutual Agreed Key Generation & Exchange
Checkpoint: It should be noted that the public key generated in
the subsequent steps at both the ends needs to be validated in
order to ensure that it satisfies the arithmetic requirement of the
elliptic curve public key.
A public key K = (Kx,Ky) associated with the domain
parameters D = (q, F2
m, a, b, P, n, h, TS) is validated using the
following procedure:
1. Check that K ≠ O.
2. Check that Kx and Ky are properly represented
elements of Fq.
3. Check if K lies on the elliptic curve defined by a and b.
4. Check that np.K = O.
Phase II: Time Stamp Generation
Phase III: Identity Signature Generation & Exchange
Phase IV: Identity Signature Verification
Explanation: Assume that Node B received a packet in time
interval (T0 - t, T0). If the packet is labelled as a “1” packet
then it’s obvious that it came from (T0 - T, T0) time interval
and if that is labelled as a “0” packet then it might came from
(T0,T0+T) time interval that too if Node B’s local clock is
885
slower than Node A’s or it might came from the time interval
(T0-2*T, T0-T) if Node B’s local clock is faster than Node
A’s and hence Tdelay < T where delay is computed as:
Tdelay = (T0 – 2*t + ) - (T0 – t - ) = (T - 2*t + 2*).
Now if the data packet is received at the time interval
(T0, T0 + T - t) at Node B, then “0” packet comes from time
interval (T0, T0+T) and “1” packet comes from the time
interval (T0 - T, T0). Now if Tdelay > (T - 2*t), it will be
considered as a data packet from another time interval. As a
consequence of which a wrong Ti will be used by the Node B
to calculate the MAC value and as a consequence of which the
recently computed MAC value will not match the received
MAC value. Finally due to the mismatch the data packet is
discarded.
Phase V: Password Generation
Phase VI: Node Signature Generation
Phase VII: Node Signature Verification
Phase VIII: Common Session Key Generation
Phase IX: Elliptic Curve Data Encryption Scheme
886
Phase X: Elliptic Curve Data Authentication Scheme
Note: Lastly the Sensor Node at the receiving end i.e. Node B
checks the current time TC from its local clock and also the
starting time T0 & calculates total session time. If TC - T0 <= TS,
where TS is the threshold time interval, then that session is
termed as a valid one and the received message block in the
form of data packet is accepted, else that established session is
terminated and the corresponding communication link is
discarded along with corresponding data packet.
V. SECURITY ANALYSIS
The Proposed Scheme would be considered to be a secure
Authenticated Key Establishment Scheme, if it can resist the
following attacks on WSNs as mentioned in [2]:
Passive Information Gathering: To ensure the security
and authenticity of the privately encrypted Message Block
besides the use of strong ECC based Encryption and
Decryption scheme, a private key, K1
’ is derived by
applying key derivation function on the subsequent
common session key, KS and a Message Authentication
Code for verification purpose is used to counter this attack.
Sleep Deprivation Attack: The mutual authentication of
participants’ viz. Node A & Node B is performed twice,
firstly using the current time stamp Ti in Phase IV and
secondly using SHA_1( ) on the unique IDs of Sensor
Nodes which generates the unique passwords for mutual
authentication of Sensor Nodes in Phase VII. In this
manner the proposed scheme resists the Sleep Deprivation
Attack by preventing the attacker to pretend as a valid
Sensor Node in a WSN and is secure against it.
Sinkhole Attack: An ECC based Sensor Node identity
verification scheme, proposed in Phase VII ensures that
for every new session a new random password is created
with the help of Sensor Node IDs and the current Time
Stamp Ti where password is computed as x = SHA_1
(IDA||IDB||Ti) which in turn ensures perfect secrecy and
security during the mutual verification of corresponding
Sensor Nodes in an established communication session.
The mutual authentication of participants’ viz. Node
A & Node B performed twice, firstly using the current
time stamp Ti in Phase IV and secondly using SHA_1( )
on the unique IDs of Sensor Nodes in Phase VII , makes
the proposed scheme resistant towards Sinkhole Attack
and enables it to nullify the drawbacks of loosely
synchronised local clocks in Phase IV.
Wormhole Attack: In the proposed Time Stamping
Mechanism in Phases II, III & IV, a current Time Stamp
Ti along with a bit B ensures that the transmission range
of the sender Sensor Node does not exceeds and if it does
then the authentication process ensures that the received
data packet along with the established communication
channel is discarded and the session is terminated
immediately. In this manner the proposed scheme resists
Wormhole Attack in a safe and secure way.
Sybil Attack: The proposed scheme ensures that in a
WSN, an entity always has a single unique identification
and its identity and vicinity in terms of transmission range
is securely authenticated and verified. Further, every
Sensor Node’s location within a Sensor Network is
indirectly verified with the help of Current Time Stamp Ti
and the associated communication delay Tdelay in
transmission of data packet thereby resisting Sybil Attack.
HELLO Flood Attack: The proposed scheme uses an
ECC based secure authentication mechanism and also
tends to cross verify the bidirectional behaviour of a
communication link before the session establishment
during the Phase III and Phase IV.
Jamming Attack: The proposed scheme defends this
attack by accepting an established session as a valid one if
and only if TC - T0 <= TS where TC and T0 are Current and
Starting Time Stamp and TS is Threshold Session Time
respectively in order to avoid jamming in any subsection
of a WSN deployed in a hostile environment. The scheme
prevents the Sensor Nodes beyond the defined vicinity to
participate in any session establishment process and also
doesn’t allow any established session to go beyond TS
and thus helps in managing traffic and prevents jamming
in any section or subsection of the deployed sensor
network in a dynamic environment.
VI.
PERFORMANCE ANALYSIS
In the proposed work, the scheme based on ECC arithmetic
uses Binary Curves, GF(2k) as it offers significant advantages
in performance over Prime Curves, GF(p) in the domain of
WSNs. A Koblitz Curve over GF(2163) was selected and used in
implementing the proposed scheme using Java SE 6.
The proposed scheme has been mainly implemented for
measuring performance of 163-bit ECC-Time Stamp based
Mutual Authentication and Key Management Scheme. The
estimated cryptographic computational cost for an established
session between the two corresponding Nodes A & B is found
to be 6408.1 ms for a single session as compared to 352302 ms
for 1024-bit RSA Implementation (e=3) of the same scheme.
Thus the proposed scheme manages to reduce the processing
time of the cryptographic loads, associated with the mutual
authentication and key management, in the specific domain of
WSNs. The simulation or implementation of the proposed
scheme for the respective n-bit ECC-Time Stamp based
protocol and corresponding 1024-bit RSA-Time Stamp based
protocol has been performed on the 2.13 GHz Intel Core i3
887
CPU installed with 1 GB of RAM running Windows 7 and the
performance timings have been recorded in milliseconds (ms).
All these detailed statistical analysis are summarized as:
Figure 3: Comparison of Performance Timings of 163-bit ECC-Timestamp
and 1024-bit RSA Timesta mp based Mutual Authentica tion & Key Mgt.
Scheme.
Figure 4: Performance Timings of 163-bi t ECC-Timestamp based Mutual
Authentication & Key Mgt. Scheme in Milliseconds (ms).
VII. CONCLUSION
In order to overcome the limitations of memory constraints
and higher processing overhead, the paper proposes an ECC
based Mutual Authentication and Key Management Scheme for
WSNs, which in turn secures and protects the integrity of
exchanged mutual agreed and unique session key in different
phases along with provision of secure Session Password
generation. The proposed scheme based on the Elliptic Curve
Arithmetic, offers the highest cryptographic strength per bit
among all existing public key cryptosystems. A 160-bit ECC
system seems to offer the same level of cryptographic security
as standard DSA or RSA based cryptographic System with
1024-bit modulus and 224-bit ECC System is equivalent to
2048-bit RSA based Cryptographic System. In simulation
environment, ECC based smaller and efficient Sensor Node
parameters such as Session Keys, Public Key Signatures and
Passwords resulted in faster execution of the implemented
scheme with lower power and memory requirements, thus
saving the corresponding session bandwidth. The proposed
scheme has been able to counter and resist the very popular
attacks on the WSNs to a great extent. It also overcomes the
drawbacks of the loosely synchronised local clocks of the
corresponding Sensor Nodes in an established session.
VIII. FUTURE WORK
Although ECC has a good potential for defining security in
WSNs due to its smaller key size and strength; there is still
scope to reduce key calculation time to meet the potential
applications. Scalar multiplication in ECC takes 80 % of key
calculation time on WSN motes. Various research proposals in
the literature suggest an algorithm based on 1’s complement
subtraction to represent scalar in scalar multiplication, which
offers less Hamming weight and will remarkably improve the
computational efficiency of scalar multiplication [5]. The
positive integer in point multiplication employed in the scheme
may be recoded with 1’s complement subtraction to reduce the
computational cost involved in this heavy mathematical
operation for WSN platforms. The window size may be a
subject of trade-off between the available RAM and ROM at
that particular instance on Sensor Node. NAF method involves
modular inversion operation to get the NAF of binary number;
the one’s complement subtraction provides a very simple way
of recoding integer. Apart from this, modular multiplication
can be used in place of scalar point multiplication thereby
reducing the processing and memory overheads.
However, the proposed mutual authentication and key
management scheme can be extended efficiently for a multi-
session scenario in domain of WSNs or in the Wired or
Wireless Ad-hoc Networks.
REFERENCES
[1]. Chatterjee, K.; Gupta, D; “Secure access of Smart Cards using
elliptic curve cryptosystems.”Wireless Communications, Networking
and Mobile Computing, 2009. WiCom '09. 5th International
Conference. Publication Year: 2009, Page(s): 1 – 4
[2]. Hasan Tahir, Syed Asim Ali Shah; “Wireless Sensor Networks- A
Security Perspective.”2008. Proceedings of the 12th IEEE International
Multitopiv Conference, December 23-24, 2008.
[3]. IAN F. AKYILDIZ, W. SU, Y. SANKAR ASUBRAMAN IAM, AND E.
CAYIRCI, "WIRELESS SENSOR NETWORKS: A SURVEY," COMPUTER
NETWORKS ELSEVIER JOURNAL, VOL. 38, NO. 4, PP. 393-422, MARCH
2002.
[4]. Pradnya Gajbhiye, Anjali Mahajan ;” A survey of architecture and
node deployment in wireless sensor network “; Applications of Digital
Information and Web Technologies, 2008. ICADIWT 2008. First
International Conference; Publication Year: 2008 , Page(s): 426 – 430.
[5]. Pritam Gajkumar Shah, Xu Huang, Dharmendra Sharma ;
“Algorithm based on one’s complement for fast scalar multiplication
in ECC for Wireless Sensor Network”; 2010 IEEE 24th International
Conference on Advanced Information Networking and Applications
Workshops.
[6]. Römer, Kay; Friedemann Mattern (December 2004), "The design
space of wireless sensor networks", IEEE Wireless
Communications11(6):54–61, doi:10.1109/MWC.2004.1368897
[7]. Thomas Haenselmann (2006-04-05), Sensornetworks, GFDL
Wireless Sensor Network textbook, http://pi4.informatik.uni-
mannheim.de/~haensel/sn_book, retrieved 2006-08-29.
[8]. Tiwari, Ankit et. al, “Energy-efficient wireless sensor network
design and implementation for condition-based maintenance”, ACM
Transactions on Sensor Networks (TOSN).
[9]. Zhan Liu and Mi Lu; “Time stamp counter mechanism and
application on sensor networks.” Systems, Applications and
Technology Conference, 2006. LISAT 2006. IEEE Long Island;
Publication Year: 2006 , Page(s): 1 – 6
[10]. Zhang Li-Ping; Wang Yi; Li Gui-Ling; “A novel group key
agreement protocol for wireless sensor networks”; Wireless
Communications & Signal Processing, 2009. WCSP2009.
International Conference; Publication Year: 2009, Page(s): 1 – 4.
888
