An Energy-efficient Cross-layer Framework for Security in Wireless Sensor

Networks
Nan Xu, Yamin Sun and Bo Huang Jiming Yu
School of Computer Science and Technology Department of Information Technology
Nanjing University of Science and Technology Jinling Institute of Techonlogy
Nanjing, 210094,China Nanjing, 211169,China
AbstractWireless Sensor Networks represent a promising
technological solution while the resources constrained and
exposure to external attacks could limit their employment. The
design and the implementation of an energy-efficient and
effective security framework is the scope of this paper. The
security framework use the information of inter-layers cross-
layer optimization and inter-nodes optimization. At the same
time, we present a key establishment scheme to enhance the
communication security. Through analysis, our framework can
resist the attacks of WSNs, and it doesnt cost much overhead.
Keywords-Wireless sensor networks, cross layer, security
framework, clustering, key management
I. INTRODUCTION
Wireless sensor networks(WSNs) are becoming viable
solution to many challenging domestic, commercial and
military applications. They collect and disseminate data
from the fields for various environmental and strategic
reasons. As sensor networks are physically accessible by
possible adversaries, they are more vulnerable to security
breaches risks. Sensor nodes share wireless medium, radio
channels are generally insecure. WSNs are subject to
security threats at every layer of the communication protocol
stack[1].
Sensor nodes are resources constrained and unique
characteristics, security techniques used in traditional
networks cannot be applied directly for WSNs [2]. Many
developments have been made in introducing
countermeasures to potential threats in WSNs; however, the
security framework of WSNs remains less addressed area. In
this paper we present an energy-efficient cross layer security
framework for WSNs to provide desired security
countermeasures against possible attacks. Our security
framework consists of three interacting phases: cross-layer
security framework, secure cluster formation and secure key
scheme.
Our main contributions in this paper are:
z
We discuss a cross-layer secure framework using
vertical and horizontal cross layer optimization whose goal
is security and energy-efficiency.
z
We present a secure cluster formation in a multi-
hop hierarchical cluster method to save energy and make
security.
z
We propose a secure key management scheme.
The rest of paper is organized as follows. Section II
provides summary of related work in cross-layer and
security framework and key management in WSNs. Section
III presents our security framework discussing cross-layer
optimization, the secure cluster formation process and
secure key management scheme. Section IV provides
analysis of our security framework, and finally in Section V
we conclude our paper providing the future research
directions.
II. RELATED WORKS
Researchers have addressed many areas of cross-layer
and security for WSNs. Cross-layer design can share
information among different protocol layers for adaptation
purposes and increase the inter-layer interactions. In [3], PJ
Marrn et al. proposed a cross-layer framework named
TinyCubus for TinyOS. The Tiny Cross-Layer Framework
acts as a mediator between components, and it provides a
generic interface to support parameterization of components
using cross-layer interactions.
Su et al proposed an OA-based cross-layer framework
[4]. This framework tries to use optimization agent to
provide the exchange and control of information between
the various protocol layers to improve the performance in
WSNs. In [5], a horizontal architecture was proposed. It
tries to better fit the limited resources available and to ease
the application by providing a low protocol stack, and
separate the networks basic tasks from the cross-layer
management entity. Zhang et al. present a cross-layer
hierarchical energy adaption framework [6]. It aims to save
energy.
In [7], a security management framework for WSNs is
presented. The objective is to extend network availability
and lifetime through the setting up of security services only
when it is necessary. Perrig et al. propose a security
protocols for sensor networks(SPINS)[8]. SPINS has two
secure building blocks: SNEP and TESLA. SNEP provides
data confidentiality, two-party data authentication, and data
Ireshness. TESLA provides authenticated broadcast Ior
severely resource-constrained environments.
In [9], Zhu et al. propose a key management protocol
for sensor networks called LEAP. It supports the
establishment of four types of keys for each sensor node
an individual key shared with the base station, a pair-wise
key shared with another sensor node, a cluster key shared
with multiple neighboring nodes, and a group key shared by
all the nodes in the network. Karlof et al. present a link-layer
security architecture called TinySec [10]. The link-layer
security architecture can detect unauthorized packets when
they are first injected into the network. Thamilarasu et al.
propose a cross-layer security framework with interactions
across layer boundaries as well as node boundaries [11]. The
XLSEC framework aims to solve the attackers to network.
III. THE SECURITY FRAMEWORK
Our energy efficient security framework consists of two
parts: energy-efficient cross layer framework for security
(ECFS), cluster-based secure key management (CSK).
A. Energy-efficient Cross-layer Framework Security
(ECFS)
If a cross-layer method only focus on interlayer
interactions within a node and adapt to the changes local to
the node, it may not be adaptive or reactive to changes in the
network condition. As WSNs nodes are resources
constrained and transmission range limited, its impossible
to monitor the entire network for anomalous behavior. This
necessitates the need to adaptively optimize cross-layer
interactions across node boundaries. In order to jointly
detect single or multiple security threats, information from
different protocol layers should be addressed as a cross-
layer optimization goal for security. The coordination
between various security measures can reduce functional
redundancy and overhead. This also can defend against
attacks that occur simultaneously at various layers, which
can be sufficient to protect the entire network.
Our energy-efficient cross-layer framework for security
(ECFS) is to optimize layers interdependencies and nodes
cooperation to achieve the effective security available in
energy-constrained WSNs (as shown in Fig. 1). The basis of
vertical cross-layer optimizations is formed by security
control and detection decisions based on interactions
between layers. Co-ordinating the cross-layer security
manager with every layer of the communication stack, thus
provides a multi-layer security architecture. The foundation
of horizontal cross-layer optimizations is to use interaction
among nodes in the form of sharing network information
such as traffic load, power loss, node failure, or reporting
information about nodes that cause anomalous behavior in
the network. The shared information can be in the form of a
neighbor table.
APPLICATION
NETWORK
LINK
PHYSICAL
A
pplications and
S
ecurity S
ervices
H
o
r
i
z
o
n
t
a
l
O
p
t
i
m
i
z
a
t
i
o
n
V
e
r
t
i
c
a
l
O
p
t
i
m
i
z
a
t
i
o
n
C
r
o
s
s
-
la
y
e
r
M
a
n
a
g
e
r
Fig. 1 ECFSSecurity Framework
In the framework, a cross-layer manager resides at
every node in WSNs. The parameters obtained from vertical
and horizontal optimization are managed by the cross-layer
manager. The application and security services build a
cross-layer feature set consisting of information from
multiple layers and various nodes, such as parameters from
link layers(previous hop and next hop, link state, etc), from
network layer (route availability, source and destination
address, etc), from physical layer(energy usage, available
bandwidth, etc.), from other nodes(traffic load, node failure,
nodes with anomalous behaviors, etc.). A rule-based
threshold mechanism can be used to detect and defend
attacks. Each node can detect attacks occurred local to the
node as well as attacks propagated through the whole
network. This is made possible through cross-layer
interactions among different protocol layers at a node as
well as adapting to network parameters based on the input
received from other nodes.
B. Cluster-based Secure Key management scheme (CSK)
The core idea of cluster-based WSNs (such as LEACH
[12]) is to reduce the number of nodes communicating
directly with the base station. Nodes organize several
clusters automatically, and communicate with cluster header
(CH). CH processes data aggregation and communicates
with base station or relays data of other CHs. CH performs
local data fusion to compress the amount of data being
sent from the cluster to the base station (BS), further
decreasing power consumption and enhancing system
lifetime. WSNs are vulnerable to enemy action for their
limited resources, hostile operational environment, and
wireless communication. Many key schemes for WSNs have
been proposed to enhanced WSNs security. In [13], Chan et
al. propose a random key pre-distribution schemes for
sensor networks.
The operation of cluster-based is broken up into rounds,
which begin with a set-up phase, the clusters are organized,
followed by a steady-state phase, data transfer to the BS
occur. We propose a cluster-based secure key management
scheme which can resist adversarial nodes join the WSN and
can authenticate nodes and data by using one-way function.
The operation of CSK is composed of four phases:
1) Pre-distribution Phase: In this phase, BS generates a
pool of one-way function (each has its own ID number, FID)
which are used to generate authentication key between CHs
and BS. One is only used to pre-distribute in each sensor
node as network one-way function (f
n
), which is used to
authenticate the node is the original node in the WSNs(not a
adversarial node) during cluster formation. Then each node
is pre-distributed with ID(NID) and a network key (k
n
) and a
pair-wise key with BS (k
s
) and a random number (N
A
, stored
in the form of f
s
(N
A
)) and one-way function (f
s
). BS
constructs a list which contains the following items: NID,
FID (the ID of f
s
), k
s
, current using authentication key, N
A
of
each sensor node. Table 1 provides the notation
description which will be used in this paper.
Table 1. Notation description
Notation Description
NID Node identifier;
FID One-way function identifier;
fs One-way function of a node
fn One-way function of the network
Ks Key of a sensor node shared with BS;
Kn Network shared key;
Ki i
th
key of a key chain generated by one-way function fs,
KC Cluster key of a sensor node, generated by CH;
KCA Pair-wire key a member node with its CH;
Kni i
th
key of a key chain generated by one-way function fn,
used in broadcast messages sent from a CH of the i
th
round, i=round mod L (L is the length of a key chain);
E(K,M),{M}K Message Mencrypted with key K;
M1M2 the concatenation of message M1 and M2;
NA A nonce generated by node A, which is a random
number
MAC(K,M) The message authentication code of message M using a
symmetric key K
2) Secure Cluster Set-up and Formation Phase: The
operation of cluster-based WSNs is based on the round.
Each node determines whether its a CH of the current round
through calculation. Once the node determines that its a CH
in the current round, it will advertise a broadcast message
NIDE(K
ni
, NID), a node may receive several such
message, it choose one as its CH according to the signal
strength of the broadcasting advertisement message. Then
the CH will generate a cluster key K
C
. Each sensor node in
the cluster will calculate the pair-wise key with CH using
K
CA
=f
n
(K
C
,NID
A
). Then the cluster member use the K
CA
of
its own to communication with the CH.
3) Schedule Creation Phase: CH with its members sets
up secure link through K
CA
=f
n
(K
C
,NID
A
). CHs will generate
a TDMA schedule according to the number of members and
broadcast it to the nodes. When a node transmit data to the
CH, other nodes in the CH can close their wireless devices
until their own time slot arrive to save energy.
4) Data transmission Phase: During the phase, the
member nodes send data to their CHs using
NIDE(K
CA
,MMAC(K
CA
,M)) and the CHs send data to
BS(if CH is directly connect to the BS) or CHs relay the
data of other CHs using {NIDE(K
s
,MMAC(K
i
,M))}.
CHs receive the data from their members and fuse the data.
Firstly, CH calculates the K
CA
of its member node according
the members NID and this can authenticate node not an
adversary, then use the K
CA
to decrypt the message and then
use MAC(K
CA
,M) to authenticate the message. Lastly, CH
integrates and compresses received data from its member
nodes to a new signal, and then sent it to BS or other CHs.
The message sent by a CH is NIDE(K
s
,[MMAC(K
i
,M)]).
BS will use the accordingly pair-wise key K
s
to decrypt the
data to validate whether the data is effective, and then use
f
s
(K
i
,M) to authenticate both the data and the node.
In our authentication key generation function, one-way
hash function defines as the following:
H
0
=IV (initial value)
H
i
=f(x
i
,H
i-
1) i=1,2,,L
h(X)=H
L
f(M
i
,K
i-1
): K
i
=E(K
i-1
,M
i
)M
i
In our key chain generation, the initial value is N
A
. Fig.
2 shows how the one way function constructed.
Mi
Ki
Ki-1
Encryption
Key
Fig. 2 one-way function construction
The procedure of secure data transmission is shown in Fig.
3.
M
fs
Ki
Ks
fs(Ki,M)
E
E(Ks ,[Mf(Ki,M])
D
Ks
M
D
Compare
Ki
Fig. 3 encryption (CH) and decryption(BS) procedure
IV. ANALYSIS OF PROPOSED FRAMEWORK
Practical WSN security is a balancing act that is
constantly in search of the highest level of protection that
can be squeezed out of the judicious use of limited
resources. Our secure framework can discern and resist DoS
attacks such as sybil attack, wormhole and sinkhole(or black
hole) attack, it also ensure the authenticity of origin and
authentication of data. Its an energy efficient security
design for WSNs.
A. Energy Efficient
Our cross layer framework use cluster to reduce the
number of nodes to communicate with BS directly, this can
result in less collisions, CHs use TDMA schedule and fuse
the data, all of them can reduce energy consumption. At the
same time, vertical and horizontal optimization can reduce
the redundant security provisioning which also can reduce
power depletion.
B. Detect and Resist DoS Attacks
WSNs are vulnerable to DoS attacks at various layers.
For example, flooding-type DoS attack causes abnormally
increased packets both in relay nodes of attack traffic and
the victim. In our framework, the increase can be statistically
detected and identified as abnormality. Vertical optimization
can obtain the parameters from network and MAC and
physical layer activity (e.g., number of packet, busy time in
MAC layer, energy usage etc.), it uses rule-based threshold
mechanismto detect according attacks.
C. Authenticity of Origin and Authentication of Data
During cluster formation, CH broadcast its ID using
{NIDE(K
ni
,NID)}. Its members receive the message, they
obtain the ID of CH, then use the f
n
to authenticate whether
its the original node. If it is true, the members then join the
CH using {E(K
ni
,NID)}, here the NID is ID of member
node. CH generates a K
C
, then broadcast to its members.
Member node receives the K
C
, then use f
n
(K
C
,NID) to
generate the pair-wise key K
CA
with its CH. Member node
collects and sends data to CH using {NIDE(K
CA
,M)}. CH
uses its own K
CA
to decrypt the message. If CH can decrypt
the message correctly, it means that its the original node.
CH then schedules and aggregates and fuses data from its
members. CHs send the data to BS or other CHs to relay
using { NIDE(K
s
,MMAC(K
i
,M))}. BS receives the data
from CH, it use K
s
to decrypt it. As K
s
is pair-wise key with
BS, no others know the key, if BS can decrypt the message,
then its not a fake node. BS then use MAC(K
i
,M) to
authentication the message.
V. CONCLUSION AND FUTURE WORKS
In this paper we have proposed an energy-efficient cross
layer security framework(ECFS) and a cluster-based secure
key scheme(SCK)that supports resistance attacks and
securing communication in wireless sensor networks while
has high energy efficiency. We analyzed the characteristics
and threats in WSNs. On the basis of these analyzed threats
we described the security requirements. We present an
energy efficient cross-layer security framework and a
cluster-based secure key scheme for WSNs. In the future, we
need to investigate about the security routing and plan to set
an experiment environment to test our framework. At the
security framework, we can use machine learning or support
vector machine(SVM) to build detect model from training
data automatically to secure WSNs.
ACKNOWLEDGMENT
We gratefully acknowledge the helpful comments from
the reviewers, which have improved the paper very
significantly.
REFERENCES
[1] A. D. Wood and J. A. Stankovic, Denial of Service in Sensor
Networks, IEEE Computer, vol. 35, pp. 5357, 2002.
[2] X. Du and H. Chen, Security in Wireless Sensor Networks, IEEE
Wireless Communications, pp. 60-66, August 2008.
[3] P. J. Marrn, D. Minder, A. Lachenmann and K. Rothermel,
TinyCubus: An Adaptive Cross-Layer Framework for Sensor
Networks, Information Technology, vol. 47, no. 2, pp. 87-97,
February 2005.
[4] W. Su and T. L. Lim, Cross-Layer Design and Optimization for
Wireless Sensor Networks, In Proc. of 7th ACIS International
Conference on Software Engineering, Artificial Intelligence,
Networking, and Parallel/Distributed Computing, SNPD 2006.
[5] I. Hakala and M. Tikkakoski, From vertical to horizontal
architecture - a cross-layer implementation in a sensor network
node, in Proc. of the 1st international conference on Integrated
internet ad hoc and sensor networks table of contents, Node
implementation and integration into internet table of contents, 2006.
[6] Z. Zhang, B.o Ryu, H. Zhu, Z. Huang and L. Ma, Robust Extreme
Energy Efficient Sensor Networks, Military Communications
Conference, MILCOM 2008, IEEE, pp. 1-7,.
[7] S. de Oliveira, T.R de Oliveira and J.M. Nogueira, A Security
Management Framework for Sensor Networks, Network Operations
and Management Symposium, NOMS 2008 IEEE, pp. 935938.
[8] A., R. Szewczyk, V.Wen, D. Culler, and J. D. Tygar, SPINS:
Security protocols for sensor networks, Wireless Networks, vol. 8,
no. 5, pp. 521534, 2002.
[9] S. Zhu, S. Setia and S. Jajodia, LEAP: Efficient Security
Mechanisms for Large-Scale Distributed Sensor Networks, In the
Proc. of the 10th ACM conference on Computer and
communications security, 2003.
[10] C. Karlof, N. Sastry, and D. Wagner, TinySec: A Link Layer
Security Architecture for Wireless Sensor Networks, In Proc. of the
2nd ACM Conference on Embedded Networked Sensor Systems,
SenSys 2004.
[11] G. Thamilarasu, and R. Sridhar, XLSEC - A Distributed Cross-layer
Framework for Security in Wireless Sensor Networks, Consumer
Communications and Networking Conference, 6th CCNC 2009,
IEEE pp.1-2.
[12] W. Heinzelman, A. Chandrakasan and H. Balakrishnan, Energy-
efficient communication protocol for WSNs, In Proc. of the Hawaii
International Conference System Sciences, January 2000.
[13] H. Chan, A. Perrig and D. Song, Random key predistribution
schemes for sensor networks, In Proc. of the 2003 IEEE Symp. on
Security and Privacy, 2003, pp. 197213.