Distributed Signature Scheme (DSS) Based on RSA

Distributed Signature Scheme (DSS) Based on RSA
Dr.MohitBansal Profile Pic
Published Date:26-10-2017
Your Website URL(Optional)
The Distributed Signature Scheme (DSS) Based on RSA The Distributed Signature Scheme (DSS) is another important security service. It enables sensor nodes to communicate securely with each other. The main problem is to establish a secure signature between communicating nodes. However some specialfeatures(i.e.resourceconstraint,impracticalnessofprotectingormonitoring each individual node physically as well as their applications which usually being supported by many components such as routing and localization) of sensor net- works make it particularly challenging to provide security services for sensor networks. This chapter describes a secret distribution scheme for sensor networks that achieves automatic secret redistribution. The goal is to support distributing the secret among new members joining a sensor network without involving a trusted agent or intervention from the user. Our analysis indicates that our new schemes have some nice features compared with the previous methods. In particular the system is efficient. Secondly, it guarantees automatic key distribution after initial- izations. Third it does not need urgent for key distribution and, finally, it auto- matically interact nodes coalition. WSNs have recently emerged as an important means to study and interact with the physical world. A sensor network typically consists of a large number of tiny sensor nodes and possibly a few powerful control nodes (also called base stations). Many protocols and algorithms (e.g. routing, localization) will not work in hostile environments without security protection 1. The use of aggregation in WSN allows to increase the efficiency and signifi- cantly survivability of sensor nodes. In this presentation many aspects of the WSN are being examined including security and efficient data aggregation 2–7. For example, we will use Base Station (BS) to define the integral characteristic of any part of WSN; and assign one of the nodes as aggregator for clear elaboration and understanding of our presentation. The node will gather the needed information from the area, calculate the aggregation functions (i.e. average, min, max) and66 5 The Distributed Signature Scheme (DSS) Based on RSA transfer this value to the BS. By so doing this will facilitate the cut down of total transmition cost rather than with the use of aggregator. But, all in all there are a need of special and reliable aggregation algorithms when it comes to node failing fulfilling their tasks. e.g., when the adversary can capture the nodes and change their functionality or the aggregator is compromised and brings total destruction to its function, i.e. when aggregator is compromised and sends the wrong information to the BS. For solving this kind of problems, special cryptography procedures can be used 8–13. Some of the solutions sited might allow to BS to define incorrect aggregation result with high probability. And in this case the aggregation might be called reliable. It’s clear, that it’s necessary to provide reliability requirements to transmit some extra data from aggregator to BS. In this case we argue that these data capacity (size) should be minimized with given reliability. In the existing reliability aggre- gation protocols at present, the size of extra data used is sufficiently high. This sets conditions and motivations for further interest in creating new reliable aggregation protocols, though it should be noted that creating special protocols for WSN also have some shortcomings; mainly being high number of keys to be kept by each sensor. However in providing reliable aggregation in WSN, the key management protocol issues should also be realized. The present solutions used for classical networks are unable to implement some of these options to WSN due to sensor’s limitations and unfeasibility of using sensor’s infrastructure. Talkless of lots of constraints when it comes to providing security services in sensor networks, it also turns out to be a very challenging task. With the same lane of creating reliability in data aggregation, we introduce our finding to solve the problem of scheme distribution for signing the accurate information within nodes participating in transmitting the final information to BS. Having this kind of mechanism will allow to substantially decreasing energy consumption by elimi- nating the transmition of fake packets within the sensor networks meanwhile enhance the accuracy of security. In this chapter we have presented distributed signature scheme design based on RSA (well-known encryption system using in a big amount of applications). Our scheme has three advantages. First, the mathematics presentations are provably secured. Secondly, the scheme is efficient, third together, we have proposed a secure, efficient proactive RSA based scheme with three security properties which did not exist in previously schemes. 5.2 RSA Based Secure Schemes Blakley and Shamir invented secret sharing schemes independently. In Blakley’s scheme 14, the intersection ofmofn vector spaces yields a one-dimensional vector that corresponds to the secret. Wong et al. scheme 15 is one of several to catch a dealer that attempts to distribute invalid shares. Desmedt et al. 16 also present protocol to perform non-interactive verifiable secret redistribution5.2 RSA Based Secure Schemes 67 (VSR) that mitigates these problems in static sensor networks. VSR divides the sensor field into control groups each with a control node. Data exchange between nodes within a control group happens through the mediation of the control head which provides the common key. The keys are refreshed periodically and the control nodes are changed periodically to enhance security. SECOS enhances the survivability of the network by handling compromise and failures of control nodes. Gennaro et al. present a verification of a signature using a regular public key and a standardverification procedure;hence theverifierofasignaturedoes notneedtobe aware of the form (centralized or distributed) in which the signature was generated, or who were the parties involved, nor does the signature increase in size as a function of the number of signers 17. Our DSS scheme differs from previous VSR schemes in that it achieves auto- matic secret redistribution without the useofagent’s.Also, unlikeinVSR schemes, with signature setting actions node members can associate independently in our DSS. However secret key distribution protocol is un-interactive and doesn’t require agent participation after scheme initialization. Kong, et al. proposed a proactive RSA scheme for large-scale ad hoc networks 18, 19. In their scheme, every node in ad hoc networks has a secret share of the secret key (the private key d). Nodes within one-hop distance jointly perform issuing certificates and refreshing their secret shares. The scheme is efficient. Unfortunately, the scheme has proved faulty 20, 21. All the previous schemes 8, 9, 22 can be considered as special instances in this framework. Also Rui-shan et al.23,havepresentedanew proactive RSA scheme for adhocnetworks,which includes four protocols, the initial key distribution protocol, the share refreshing protocol, the share distribution protocol, and the signature generation protocol. Their work mainly based on use of efficient proactive threshold RSA signature scheme. The initial key distribution protocol is used to distribute the initial secret sharesto2t+1Rnodes.Beforedistributingthesecretkey,theyassumethatasetup process has been carried out in which the RSA key generation took place and the RSA key pair has been computed where by in our work the agent is used to initialize the distributed signature’s scheme and hence, all the remaining process is independently operated. By instantiating the components in above frameworks, we further develop our DSS based on RSA with automatic signature setting procedure which provide coalition between (nodes) members, system with self-organizing property, i.e. the agent is not involved after initialization and during secret distribution process. 5.3 RSA Based Distributed Signature Scheme Using only symmetric algorithms with authentication of sending data from sensors to BS have some disadvantages as well. e.g., only BS might be able to authenticate final report sent by aggregator towards BS. This means, there is a chance of any compromised node to be sent into network and by chance this fake packets might68 5 The Distributed Signature Scheme (DSS) Based on RSA only be detected or thrown off by BS at the end point. With accomplishment of the all process the sensor node’s resources would have been consumed for sending the fake packets. Forsensornetworkswithmorepowerful nodes,solvingthiskindofproblemcan be based on the use of distributive asymmetric signature. This sort of signature assumes the distribution of “digital signature of asymmetric algorithm secret key” by threshold circuit (scheme) key distributed between the all scheme members. Also this scheme assumes the presence of protocol which allows coalition from a given number of members to compute digital signature for given message in dis- tributed manner. Regarding the fake packets filtering task in WSN the digital asymmetric signature algorithm can be used as follows. Agent chooses and distributes digital signature’s chosen algorithm secret key between all the sensors and hence, all the sensors are initialized by public key. For sending the aggregation result to BS, the results are signed by given number of sensors using signature distribution protocol. Furthermore each sensor, retrans- mitting data packet by using public key, can check the packet by itself and if the signature does not surpass the checking, it is automatically ejected from the network. 5.3.1 Distributed Signature Features For effective working of system, distributed signature protocols should have some features: � Independent work of the members during the initialization of signature. If the number of members is increased, this feature enables not to initialize this pro- tocol again. Also it reduces signature setting delay. � Self-organization, i.e. the system should be able to work automatically after initialization. � Distribution of the new projection of secret should be non-interactive. For the interactive protocol assuming the process of data exchange between working (nodes) members is an essential shortcoming due to limited trafficcapacity existing in today’s many WSN, additionally it increases energy consumption, whereas the synchronization in WSN is necessary. The schemes which can guar- antee security are suitable for WSN security at present. DSS with two features described above can easily be established based on El-Gammal or DSS digital signature 17, 24. Unlike these digital signatures, based on RSA digital signature, no existing work, to the best of our knowledge, has addressed the issue of developing distributed signatures schemes with above-listed features at the moment. However, RSA digital signature has one important feature which does not exist in El-Gammal and DSS schemes. For RSA signature, the signature checking procedure is substantially accelerated if public key value5.3 RSA Based Distributed Signature Scheme 69 is correctly chosen. This characteristic provides significant advantage for RSA distributed signature use in WSN. The Scheme Definition. The system model assumes that we have n nodes and one malicious node (note that for this example we will use only one malicious node though in really application our approach should be able to withstand up to t− 1 compromised nodes). Also the system has a trusted agent which initializes the scheme. For this case agent chooses RSA secret key and distribute this key safely between the nodes providing (t, n)—threshold scheme. After this initialization the participation of trusted agent is not needed. Assuming that malicious user can compromise s t of nodes and since malicious is able to break the multiple signature scheme, he could execute attack by chosen message (we call it chosen-message attack, CMA); therefore he could request any of n nodes members to invoke signature protocol for any chosen message. In this situation malicious user aim is either tamper message signature which he/she did sign or disrupt a wrong message signed by another member. 5.3.2 RSABasedSecretKeyDistributions MainApproaches In existing works based on distributed RSA signature there are three main approaches as far as RSA based secret key distribution is concerned. � In the first approach, the secret key d is distributed according to Shamir secret scheme distribution. The system working according to this approach is impos- sible without trusted agent participation. � In the second approach, the level in secret scheme distribution has been added. Firstly, the secret is distributed between n nodes additively, and then every received projection is distributed by threshold circuit. Such schemes are inter- active and are unable to work without agent. � In the third approach, there is secret key d distributed. But this kind of sepa- ration brings vulnerability to distributed scheme. Moreover this approach doesn’t assume independent working of members’ nodes coalition during sig- nature establishment. Thus each of these approaches noticed above have some functional limitation and do not employ at least one of the features formulated above. The scheme of secret distribution (sharing) is one of the DSS components. In particular, Shamir scheme can be used as scheme of secret distribution. In Shamir scheme there is polynomial function f(x) as:  t1 fðÞ x ¼ f þf xþþf x mod P ð5:1Þ 0 1 t1 in which f ¼ S—secret, i.e. secret key, f ;...;f —random values, t—number of 0 1 t1 secret’s projections (sub-keys) or number of coalition’s members and P—prime number. Each member of protocol gets the secret projection as ss¼ fðidÞ, where id70 5 The Distributed Signature Scheme (DSS) Based on RSA is member’s ID. Any coalition K of t members could restore (recover) the secret f ¼ fð0Þ using Lagrange interpolation 0 X fð0Þ¼ ss l ð0ÞðmodPÞð5:2Þ u u u2K where l ðxÞ are Lagrange coefficients. u For Shamir scheme to be used in distributed RSA signature, it’s necessary to choose the secret S and module P. For distributed RSA signature secret key d is the secret. Relatively tomodule P there are two ways, either make it public, e.g. P¼ N or make it secret, i.e. P¼/ðNÞ or P¼kðNÞ.IfP is known (e.g. RSA module N), that brings information leakage and interdependency of coalition members actions during the distribution of signature setting procedure running. If P is a secret value (e.g. P¼kðNÞ or P¼/ðNÞ), that gives the system possibility of being not self-organized according to the next statement. Statement 1 Incase ofusing module PandthisP module is unknowntomembers, then it’s necessary to have trusted agent for secure project distribution to new member. It is necessary to ignore the use of module P approach to eliminate disadvan- taged listed above. However, projection distribution procedure without agent remains interactive. In addition, abandonment of P increases projections size eventually to complexity of signature setting. It’s easy to get higher estimation of secret projection size (R) by using: R logðNÞþðt1Þkþ1 ð5:3Þ where N—RSA module, t—coalitionsize (number ofmembers), k—userIDlength. For example, for user ID length k = 48 bit and coalition size t = 10, projection size R will not be over logðNÞþ48ðt1Þþ1 1500 bit which means there is an increase of signature setting complexity of approximately 1.5 times. 5.4 Our Approach on Scheme Establishment We propose to modify secret distribution scheme by getting rid of interaction in distribution procedure of new projection without agent (statement 1) and reduce the size of secret projection. We put into consideration prime number QmaxðidÞ. i We estimate the secret projection f(x, y) as follow: t1 t1 XX i j fðx;yÞ¼ f ðx modQÞðy modQÞð5:4Þ i;j i¼0 j¼05.4 Our Approach on Scheme Establishment 71 It’s impossible to use LaGrange interpolation with such kind of secret distri- bution function. Instead, it’s essential to solve the combined linear equations. For secret recovering, each of coalition member node u calculate its function value with x = 0 getting t fðÞ 0;id¼ f þf ðy modQÞþþfðÞ y mod Q ð5:5Þ u 0 1 t with y¼ id . And f ¼ f . Having t values of given function, secret can be u 0 0;0 recovered by solving the following combined equations: 2 3 2 3 fxðÞ f i 0 1 6 7 6 7 fxðÞ f i 1 2 6 7 6 7 ¼ G ; 4 5 4 5 ... ... fxðÞ f i t1 t where 2 3 0 1 t1 ðÞ x modQxðÞ modQ ... ðÞ x modQ i i i 1 1 1 0 1 t1 6 7 ðÞ x modQxðÞ modQ ... ðÞ x modQ i i i 6 2 2 2 7 G¼ ð5:6Þ 4 5 ... 0 1 t1 ðÞ x modQxðÞ modQ ... ðÞ x modQ i i i t t t Each coalition member calculates its function value with x¼ id getting new t1 fðid ;idÞ¼ s ðidÞ¼ s þs ðymodQÞþþs ðy modQÞð5:7Þ new u new u 0 1 t1 with y¼ id for projection to be distributed to new members without agent. Secret u projection ðs ;s ;...;s Þ for new user can be calculated from the following 0 1 t1 combined equations: 2 3 2 3 s ðx Þ s new i 0 1 6 7 6 7 s ðx Þ s new i 1 2 6 7 6 7 ¼ ð5:8Þ 4 5 4 5 ... ... s ðx Þ s new i t1 t Thefollowingstatementistrueforproposedsecretdistributionschemeaccordingto statement number 2. Statement 2 For modified secret distribution scheme the following are true: (i) Scheme has threshold (t) and it is safe; (ii) The procedure of projection distribution in scheme is non-interactive and doesn’t request agent participation; (iii) The procedure of projection distribution is safe; (iv) Size of each projection is no larger than logðNÞþkþt. New RSA DSS based on proposed modified secret distribution scheme includes three steps:72 5 The Distributed Signature Scheme (DSS) Based on RSA 5.4.1 Scheme Initialization Agent generates the prime number QmaxðidÞ. i (a) Agent generates public RSA key N ¼ pq and eQ, where e—prime number, p and q are random prime numbers. Then agent generates secret key d as following: ed ¼ 1modUðNÞ. UðNÞ¼ðÞ p1ðÞ q1 , where e and d are public and closes parts of key. (N, e)—public key’s part, d—closed. (b) Agent generates function t1 t1 XX i j fðx;yÞ¼ f ðx modQÞðy modQÞð5:9Þ i;j i¼0 j¼0 where f ¼ d, and coefficients f 2 Z (Z is a set of prime numbers) was 0;0 i;j N N randomly chosen with f ¼ f condition. i;j j;i (c) Each node u gets the function s ðxÞ¼ fðx;id Þ as a secret key projection. u u 5.4.2 Generation of Distributive Signature (a) The coalition K of t members is chosen (cluster). Each node calculates partial s ð0Þ u signature by the equation S ðmÞ¼ m modN, where m is hash-function u value of signing message, u2 K. (b) After getting t partial signatures, signature’s collector makes the matrix G for coalition K members and reverses it over the rational number field. 0 1 (c) Signature collector calculates G ¼kG , where λ is the least common mul- 1 tiple of all elements of matrix G . Then signature collector calculates t Y  0 g 0 1j SðmÞ¼ SðÞ m mod N ð5:10Þ u j j¼1 (d) Using extended Euclid algorithm, collector finds x and y from xkþye¼ 1. (e) Calculating of the signature as 0 x y SðmÞ¼ððSðmÞÞ m ÞmodN: ð5:11Þ5.4 Our Approach on Scheme Establishment 73 5.4.3 Key Projection Distribution to New User (a) For getting secret key projection the new node u has to find coalition K from t as already initialized nodes and report them to its own id . new (b) Every coalition member u calculate its own function value with x¼ id , new getting t1 fðid ;idÞ¼ s ðidÞ¼ s þs ðymodQÞþþs ðy modQÞ new u new u 0 1 t1 ð5:12Þ With y¼ id . u (c) New node finds its secret projection ðs ;s ;...;s Þ from combined of linear 0 1 t1 equations: 2 3 2 3 s ðx Þ s new i 0 1 6 7 6 7 s ðx Þ s new i 1 2 6 7 6 7 ¼ G ð5:13Þ 4 5 4 5 : : s ðx Þ s new i t1 t Thus, secret key projection distribution to a new node does not request the agent participation and it is not interactive. For proposed scheme it can be seen that it allows generating correct RSA based signature, and the next statement is true. Statement3 Proposeddistributedsigningschemeprovideshigh securityguarantee and even safer as RSA. 5.5 Summary In this chapter we developed a RSA based distributed signature scheme with independent member nodes behavior, signature signing setting and un-interactive projection distribution protocol secret key with no agent participation. The pro- posed distributed signature scheme unlike existing schemes has the following advantages: � Nodes in cluster can associate independently during the signature distributing; � Secret key distribution protocol is non-interactive and doesn’t require agent participation after scheme initialization. As oneofthe possible future directions, we observedthat sensor nodes have low mobility in many applications. Thus it may be desirable to develop location- based schemes so that the nodes can directly establish a signature setting automatically.74 5 The Distributed Signature Scheme (DSS) Based on RSA References 1. Liu, D., Ning, P.: Security for wireless sensor networks. Advances in Information Security, p. 28. Springer Science and Business Media, Berlin (2007) 2. Zhu, H., Bao, F., Deng, R.H., Kim, K.: Computing of trust in wireless networks. In: Proceedings of 60th IEEE Vehicular Technology Conference, vol. 4, pp. 2621–2624 (2004) 3. Estrin, D., Govindan, R., Heidemann, J.S., Kumar, S.: Next century challenges: Scalable coordination in sensor networks. In: Proceedings of the 5th Annual ACM/IEEE International Conference on Mobile Computing and Networking, pp. 263–270 (1999) 4. Hu, L., Evans, D.: Secure aggregation for wireless networks. In: Proceedings of the 2003 Symposium on Applications and the Internet Workshops, pp. 384–391 (2003) 5. Madden, S., Franklin, M.J., Hellerstein, J.M., Hong, W.: Tag: A tiny aggregation service for ad-hoc sensor networks. ACM SIGOPS Oper. Syst. Rev. 36(SI), 131–146 6. Przydatek, B., Song, D., Perrig, A.: Sia: Secure information aggregation in sensor networks. In: Proceedings of the 1st International Conference on Embedded Networked Sensor Systems, pp. 255–265 (2003) 7. Shrivastava,N.,Buragohain,C.,Agrawal,D.,Suri,S.:Mediansandbeyond:Newaggregation techniques for sensor networks. In: SenSys ’04: Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, pp. 239–249 (2004) 8. Eschenauer, L., Gligor, V.D.: A key-management scheme for distributed sensor networks. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 41–47 (2002) 9. Chan, H., Perrig, A., Song, D.: Random key predistribution schemes for sensor networks. In: Proceedingsofthe2003IEEESymposiumonSecurityandPrivacy,vol.197(23),pp.197–213 (2003) 10. Hwang, J., Kim, Y.: Revisiting random key pre-distribution schemes for wireless sensor networks. In: Proceedings of the 2nd ACM Workshop on Security of Ad hoc and Sensor Networks (SASN ’04), pp. 43–52 (2004) 11. Liu, D., Ning, P., Li, R.: Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur. 8(1), 41–77 (2005) 12. Schneier,B.:AppliedCryptography:Protocols,Algorithms,andSourceCode(2nded).Wiley, New York, p. 758 (1996) 13. Gura, N.,Patel, A.,Wander, A., Eberle,H., Shantz,S.:Comparing elliptic curvecryptography and RSA on 8-bit cpus. In: 2004 Workshop on Cryptographic Hardware and Embedded Systems, pp. 119–132 (2004) 14. Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T.: Threshold RSA for dynamic and ad-hoc groups. In: Advances in Cryptology—EUROCRYPT 2008, 4965/2008, pp. 88–107. Springer, Berlin 15. Wong, T.M., Wang, C., Wing, J.M.: Verifiable secret redistribution for archive systems. In: Proceedings of the First International IEEE Security in Storage Workshop, pp. 94–105 (2002) 16. Desmedt, Y., Jajodia, S.: Redistributing secret shares to new access structures and its applications, Technical Report ISSE TR-97-01, George Mason University (1997) 17. National Institute of Standards and Technology.: Digital signature standard. JIST FIPS PUB 186, U.S. Department of Commerce (1994) 18. Jie-jun, K., Zerfos, P., Hai-yun, L., Song-wu, L., Li-xia, Z.: Providing robust and ubiquitous security support for MANET. In: IEEE 9th International Conference on Network Protocols (ICNP), p. 251 (2001) 19. Hai-yun, L., Jie-jun, K., Zerfos, P., Song-wu, L., Li-xia, Z.: URSA: Ubiquitous and robust access control for mobile ad hoc networks. In: IEEE/ACM Transactions on Networking (ToN), vol. 12(6), pp. 1049–1063 (2004) 20. Narasimha, M., Tsudik, G., Yi, J.H.: On the utility of distributed cryptography in P2P and MANETs: The case of membership control. In: IEEE 11th International Conference on Network Protocol (ICNP), pp. 336–345 (2003)References 75 21. Jarecki, S., Saxena, N., Yi, J.H.: Cryptanalyzing the proactive RSA signature scheme in the URSA ad hoc network access control protocol. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN) (2004) 22. Blakely, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, vol. 48 (1978) 23. Rui-shan, Z., Ke-fei, C.: An efficient proactive RSA scheme for large-scale ad hoc networks. J. Shanghai Univ. Engl. Ed. 11(1), 64–67 (2007) 24. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory. IT-31(4), 469–472 (1985)Reliable Data Aggregation Protocol for Wireless Sensor Networks Current routing protocols in WSNs or even in Wireless Ad hoc Networks are very susceptible to many attacks i.e. stealthy attack. The most simple among those is where the adversary injects malicious routing information into the network. This results in routing inconsistencies leading to high increase in end-to-end delays or evenpacketlossesinthenetwork.Inthischapter,first,weabstracttwofundamental routingprotocols,whichcanbegenerally groupedintwobroadcategoriesbasedon the intrinsic nature of WSN. We argue that none of previous proposed routing protocols satisfies all of them at the same time. The novelty of our protocol is building a general routing protocol based on two methods,whichtakesintoconsiderationtwofactors:additionofsensornodestothe aggregation process and by considering complex report interaction between base station and aggregator. Finally, to evaluate the efficiency of proposed protocol, we carry out comparison experiment of our proposed protocol to general known pro- tocols. Performance cost evaluation of our proposed protocol shows essential advantage over existing protocol. Routing protocols can be generally grouped in two broad categories: reactive and proactive protocols. Proactive routing protocols use some kind of periodic beaconing or coordination mechanisms between nodes to pro-actively maintain routing tables at each node. Conversely, reactive protocols don’t attempt to maintain routing tables continually; in-stead, they initiate route discovery only when the route is required for a packet transmission. Discovered routes are tem- porarily cached to be used for subsequent requests addressed to the same node, but will eventually expire after a period of inactivity. Attacks against the routing protocols generally involve the manipulation of malicious users of route messages and injection offalse or incomplete information. Routing table overflow, cache poisoning, and network flooding are also possible and relatively simple kinds of attacks.78 6 Reliable Data Aggregation Protocol for Wireless Sensor Networks An increasing number of advanced attacks at the routing layer includes, for instance, the creation of wormholes to tunnel traffic through an undisclosed hidden path without the knowledge of source or destination nodes, or blackhole attacks in which a malicious node falsifies route advertisements to misdirect the traffic addressed to a victim, consuming the traffic without forwarding it. Numerous proposed countermeasures aim to prevent routing attacks, ranging from encryption at the protocol level to information correlation between multiple nodes to packet leash protocols. However, significant opportunity remains for further work in the area. Nodeandmessageauthenticationarealsocriticalissuesthatspanmultiplelevels of the protocol stack. Authenticating nodes in Manets generally follow the same cryptographic strategies used for authentication in wired networks. The basic challenge lies in adapting key management protocols, which are the basic part of any security communications infrastructure. Although key management is still an open and active area of research, several researchers have proposed strategies for distributed key management, leveraging for instance, for threshold cryptography strategies 1, dynamic cluster-based certificate of authorities 2 and fully distrib- uted schemas based on certificate chaining for public key authentications. For mission-specific applications, tactical network nodes are often configured with time-sensitive pre-shared keys, built as a part of standard system images created for different missions. Often WSNs are developed in the open and readily available territory; therefore, it is always necessary to use special procedures to protect transferred information against possible casual or deliberate distortions. Protection of transferred infor- mation against deliberate distortions requires well-developed authentication meth- ods in the whole process of messages transportation. For this purpose, techniques like messages authenticity checking codes (MAC-codes) are used. There are two types of data aggregation protocols with saving of reliability: Thefirstoneisbasedondistributionofaggregationprocessbyinvolving additional sensor nodes. The second one is based on complex report interaction between base station and aggregator. According to thefirst type, aggregator should prove to base station a correctness of the presented result. As per the first approach, the scheme is based on a treelike routing, where the tree root is supposed to be the base station. The aggregation routing is supposed to be from twigs to root which according to our presentation is the base station (BS). Thus, modular function is calculated from values received from descendants in each unit, and the calculated value together with arguments values are transferred to the parent-node. In this case the parent-unit can check correctness of data aggregated in affiliated nodes. However, the given scheme does not possess sufficient reliability; in particular, the aggregation result sometimes can appear incorrect due to misoperationof two subsequently nodesin atree. Moreover these approach had some significant limitation i.e. the number of calculated aggregation functions are limited.6.1 Introduction 79 Another approach based on the use of so-called witness nodes that actually duplicate aggregator action. By matching the witness’s and received aggregation results thesigningisauthenticatedandaggregatorsendstheresultandthewitness’s signatures to BS. The disadvantage of the presented mechanism is that the volume of data transferred by control sensor increases linearly according to witness’s nodes number. Using this approach, there is a following protocol: aggregator collects the data from sensors, calculates the aggregated value, signs it and sends to BS. Subsequently, the interactive protocol of calculations proof carries out between aggregator and BS. The disadvantage of this approach is a huge data volume transferring between aggregator and BS. Toavoidtheproblemsmentioned aboveand toachievereliabledataaggregation in WSN we propose the new protocol bases on distributed verification of aggre- gation result. 6.2 Problem Statement Routing protocols are highly susceptible to node capture attacks. It is observed and analyzed that even asinglenode captureis sufficient for an attacker to take over the entire network. Unlike traditional networks, where physical security can prevent such conditions, WSN belongs to extremely hostile and unattended environments. Usually, a WSN consists of a large number of sensor nodes which are deployed in some area distant from the home server. These sensor nodes perform measure- ments and route the information towards the BS. However, in order to save the communication bandwidth, these readings are aggregated at intermediate points in the network which are called as aggregators. Some sensor networks have a single aggregator, which is usually the BS itself or as others 3 have several aggregators where each non-leaf node is an aggregator, as also shown in Fig. 6.1. Inthissetting,there aretwo majorattacksovertheinformation beingaggregated 4. First is the stealthy attack, where the attacker’s goal is to make the home server accept false aggregation results, which are very much different from the actual Fig. 6.1 Secure group a 0 management. Aggregators and base stations 1 3 2 Aggregator needs more security 4 5 6 7 880 6 Reliable Data Aggregation Protocol for Wireless Sensor Networks results determined by the measured values. Moreover, the attacker also wishes that the homing server is not able to detect these changes. So he does not launch a DoS attack by not responding with the aggregated values at all. 6.3 Existing Data Aggregation Protocols In typical WSN, sensor nodes are usually resource-constrained and battery-limited. In order to save resources and energy, data must be aggregated to avoid over- whelming amounts of traffic in the network. There has been extensive workon data aggregation schemes insensor networks 5–8.There aresome works9,10which investigates secure data aggregation schemes in the face of adversaries who try to tamper with nodes or steal the information. Also adependableand efficient data aggregation schemebasedon fault map that is constructed by estimated fault probability using Bayesian Belief Network (BBN) has been proposed 11, or, other authors presented two privacy-preserving data aggregation schemes, Cluster-based Private Data Aggregation (CPDA)– leverages clustering protocol and algebraic properties of polynomials and Slice-Mix-AggRegaTe (SMART)–builds on slicing techniques and the associative property of addition 12. Most research efforts in this area are directed to the development of new pro- tocols that promote efficient resources utilization, mainly with respect to the power consumption 13, 14. The protocol based on the concept of delayed aggregation peer monitoring and requiring local interactions only 15 proposes to provide both confidentiality and integrity of the aggregated data, to detect bogus data injection attempts, and to provide high resilience to sensor failures. The LEACH protocol 16 is a hierarchical self-organized cluster based approach for monitoring applications. Al-Karaki et al. 17 propose exact and approximate algorithms tofind the minimum number of aggregation points in order to maximize the network lifetime. This paper 17 does not justify that the optimal selection remains the same along the network lifetime. This proposal resolves the problems of routing and data aggregation as one joint problem. Patil et al. 18 use the ability of space-filling curves to index the sensor nodes and Krisnamachari et al. 19 examine the complexity of optimal data aggregation, showing that although it is an NPhard problem, there are useful polynomial-time special cases. Lindsey et al. propose PEGASIS 13, an extension of LEACH, where nodes can transmit to any other node of the system and to the BS. Nodes transmit to their nearest neighbor and messages are transmitted to the BS on rotation basis. They are organized to form a chain, which can be computed in a centralized way by the BS and can broadcast to all nodes or is controlled by the sensor nodes themselves using a greedy algorithm 19 which resolves both the problems of routing and data aggregation.6.4 Proposed Protocol 81 6.4 Proposed Protocol We assume that there are following participants in our proposed data aggregation protocol: base station (BS), aggregator (A), sensor nodes (S) and t—number of j verifier-nodes (V). Aggregator and verifier-nodes are the typical sensor nodes i chosen randomly by base station inside the clusters. Periodically, BS reassigns the aggregator and verifiers. The protocol consists of three stages: � aggregation result calculation, � checking the received result by t of nodes-verifiers, � sending aggregation result together with verifier’s signatures to the BS. At the first stage all sensors send their data to aggregator:   S A : data ; MAC K ; data ð6:1Þ j j S ;A j j where data is the data changed by sensor S, K is a common key of sensor S j j Sj, A j and aggregator A, MAC is a message authentication code. Aggregator collects all data, checks their authenticity, using corresponding MAC, and calculates aggre- gation result. At the second, there is a checking of aggregated result. This stage consists of two steps. Aggregator sends all the collected data to verifiers:    A Verifiers : D; MAC K ; D ;...;MAC K ; D ð6:2Þ V ;A V ;A 1 t where D¼fg data ;...;data ð6:3Þ 1 n and K is a common key of verifier V and aggregator A. Vi, A i  Each verifier V i¼ 1;t analyzes corresponding authentication code in the i received package. If MAC is correct, the verifier randomly chooses k sensors and requests data from them. Each sensor S, having received query from V, sends the j i answer:   S V : data ; MAC K ; data ð6:4Þ j i j S ;V j j i where K is acommon key of sensor nodeS and verifier V,data is adata ofS. Sj, Vi j i j j After verifier V has checked up an authenticity of MAC from sensor S,it i j compares the corresponding data received from aggregator and sensor. If these values differ, the verifier sends warning message to the base station. If, during82 6 Reliable Data Aggregation Protocol for Wireless Sensor Networks verification, node V does not find data inconsistency, it signs aggregation result i generally with the BS key:   V A : SN ; MAC K ; SN ð6:5Þ i V V ;A V i i i where  SN ¼ MAC K ; AR ð6:6Þ V V ;BS i i AR is aggregation result and K is a common key of verifier V and BS. Vi, BS i At the third stage aggregator collects signatures from all nodes-verifiers, forms the report, signs it and sends to the base station:   A BS : AR; SN  ...SN MAC K ; AR ð6:7Þ V V A;BS 1 t where K is a common key of aggregator A and BS. A, BS For checking received report the base station calculates all signatures, unites them, using operation XOR, and compares their calculated value with received value. If there are no differences, the result is accepted and considered as correct. For the given protocol it is possible to calculate receiving distortion probability of aggregation result by the BS. We calculate it as follows:   t k k C C nm nm P ¼ þ 1 p ð6:8Þ er k k C C n n where n—quantity of sensors in cluster, t—quantity of nodes-verifiers, k—quantity of queries from each node-verifier, m—quantity of the distortion reports in a package, given to verifiers for checking, P—probability of incorrect work of ver- ifier node. 6.5 Security Assumptions In the case of very low efficiency of the additional sensors, the limitations on possible security services are very significant. However, appropriate use of our secure protocol for sensor networks can provide such security services as: system availability,authorization ofsensors,confidentialityoftransmittedinformation, and freshness and integrity of the measured data. 6.6 Experiment Evaluation We usesimulation written inC++ to investigatethe effect ofthe various parameters on different Distributed Sensor Networks (DSN) sizes. Of particular interest are the efficiency and scalability of our scheme and also the determination of some6.6 Experiment Evaluation 83 Table 6.1 Comparison of communication costs of reliable aggregation in various protocols Costs type/protocol SIA Witnesses Our protocol Sensor transferring (byte) 22 42 36 Transferring out of cluster (byte) 922 22 22 Total amount of data transferred within cluster (byte) 2200 4230 3916 Total amount of data received within cluster (byte) 2200 16,830 4432 Maximum error of receiving aggregation result (%) 40 5 5 parameter values cannot be easily computed, such as the diameter of the resulting secure network. The simulations assume a network of 1000 nodes with an average density of 40 sensor nodes in a neighborhood. Each simulation is run 10 times with different seeds for the random generator, and the results represent the average values on the 10 runs, unless otherwise noted. In Table 6.1 we compare the communication costs of proposed protocol and existing known protocols. Our comparison was made based on hundred nodes cluster, with 0.1 probability of incorrect work of verifier node and with probability of aggregation distortion result received by base station, being less or equal to 0.05. In a package sent by a sensor node, data takes two bytes, and authentication code takes 10 bytes. Communication comparison cost shows essential advantage of our proposed pro- tocol compared to known protocol. 6.7 Summary Theresearchstreamhasevolvedbeyondtheoriginalconceptionofdatatransferring for routing protocol based on the data aggregation that can satisfy the communi- cation cost requirements which is one of the most fruitful research areas in thefield of WSN security, but most of the extensions have evolved the pre and initial acceptance phases. Our study extends understanding of inconsistencies in data aggregation which leads to high increase in end-to-end delays or even packet losses in the network especially in WSN. Results indicate that our proposed protocol is indeed having incomparable records in received and being transferred data amount, in and out of cluster, however it comprises minimal error aggregations upon receiving. Our future research avenue is to investigate our finding and incorporate our protocol to secret automatic scheme for sensor networks in order to achieve auto- matic secret redistribution.84 6 Reliable Data Aggregation Protocol for Wireless Sensor Networks References 1. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979) 2. Hahn, G.: Cluster-based certificate chain for mobile Ad Hoc networks. In: Proceedings of the Compter Science and Its Application, pp. 769–778 (2006) 3. Madden, S., Franklin, M.J., Hellerstein, J.M., Hong, W.: Tag: a tiny aggregation service for ad-hoc sensor networks. SIGOPS Oper. Syst. Rev. 36(SI), 131–146 (2002) 4. Przydatek,B.,Song,D.,Perrig,A.:Sia:secureinformationaggregationinsensornetworks.In: Proceedings of the 1st International Conference on Embedded Networked Sensor Systems, pp. 255–265 (2003) 5. Tang, X., Xu, J.: Extending network lifetime for precision constrained data aggregation in wireless sensor networks. INFOCOM, 1–12 (2006) 6. Goyeneche, M., Villadangos, J., Astrain, J.J., Prieto, M., Cordoba, A.: A distributed data gathering algorithm forwirelesssensornetworks withuniformarchitecture. In: Proceedingsof the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, pp. 373–380 (2007) 7. Al-Yasiri, A., Sunley, A.: Data aggregation in wireless sensor networks using the SOAP protocol. Sens. Appl. XIV, 1–6 (2007) 8. Hu, Y., Nuo, Y., Jia, X.: Energy efficient real-time data aggregation in wireless sensor networks. In: International Conference on Communications and Mobile Computing, pp. 803– 808 (2006) 9. Yang, Y., Wang, X., Zhu, S., Cao, G.: SDAP: a secure hop-by-hop data aggregation protocol for sensor networks. ACM Trans. Inf. Syst. Secur. (TISSEC) 11(4), 18 (2008) 10. Wagner, D.: Resilient aggregation in sensor networks. In: Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 78–87 (2005) 11. Chang,Y.S.,Huang,J.H.,Juang,T.Y.:Dependabledataaggregationoncluster-basedwireless sensor networks. In: Proceedings of the 11th WSEAS International Conference on Communications, vol. 11, pp. 300–305 (2007) 12. He, W., Liu, X., Nguyen, H., Nahrstedt, K., Abdelzaher, T.: PDA: privacy-preserving data aggregation in wireless sensor networks. In: 26th IEEE International Conference on Computer Communications, pp. 2045–2053 (2007) 13. Lindsey, S., Raghavendra, C.S.: PEGASIS: power efficient gathering in sensor information systems. In: Proceedings of the IEEE Aerospace Conference, vol. 3, pp. 1126–1130 (2002) 14. Younis, M., Youssef, M., Arisha, K.: Energy-aware routing in cluster-based sensor networks. In: Proceedings of the 10th IEEE/ACM International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 129–136 (2002) 15. Di Pietro, Roberto.: Confidentiality and integrity for data aggregation in WSN using peer monitoring. Wiley, New Jersey (2009). (To appear in Security and Communication Networks Journal) 16. Heinzelman, W., Chandrakasan, A., Balakrishnan, H.: Energy-efficient communication protocol for wireless microsensor networks. In: Hawaii International Conference on System Science, vol. 8, p. 8020 (2000) 17. Al-Karaki, J., Ul-Mustafa, R., Kamal, A.: Data aggregation in wireless sensor networks— exact and approximate algorithms. In: IEEE Workshop High Performance Switching and Routing, pp. 241–245 (2004) 18. Patil, S., Das, S.: Serial data aggregation using space-filling curves in wireless sensor networks.In:1stInternationalConferenceonEmbeddedNetworkedSensorSystems,pp.326– 327 (2003) 19. Krishnamachari, B., Estrin, D., Wicker, S.: Impact of data aggregation in wireless sensor networks. In: DEBS’02: International Workshop on Distributed Event-Based Systems, pp. 575–578 (2002)

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.