ACEEE Int. J. on Network Security , Vol. 02, No.

04, Oct 2011

Pairwise Keys Generation Using Prime Number Function in Wireless Sensor Networks
Nayan1 , Swapnil Singh2, Mahesh Kumar Bhandari3 and Sanjay Kumar4
1 ,2,3 ,4 I cf ai U niversity, Department of C omputer Science, Dehradun , I ndia, Email: 1nayan366, 2swapnilsingh17, 3mahesh.kamtess, 4sanju2077@gmail.com

Abstract Providing security in wireless sensor networks is a very crucial task. Because of its dynamic nature (no fixed topology) and resource constraint devices. Which has limited computational abilities, memory storage and physical restrictions. Advancement in the field of intrusion and evaesdroping has increased challenges for a secure communication between nodes. So, establishments of pair wise keys in a wireless network becomes a vital issue. Hence, securely distributing keys among sensor nodes is a fundamental challenge for providing seamless transmission and security services. Having little resources in our hand, it is always a tough task to design and implement protocols. But this paper proposes a new robust key pre-distribution scheme which resolves this issue without compromising security. This paper presents a new mechanism to achieve pair wise keys between two sensor nodes by using the algebraic, exponential, logarithm functions and prime numbers. The resilience method under this scheme is based on discontinuous functions which is hard to be spoofed.

I. INTRODUCTION The advancement of computer literacy in world is very much dependent upon internet and various types of information. Wireless sensor networks acts as a bridge in between the development and computer literacy. Wsns consist of small nodes which is a paradigm of small computers. It consist of memory space, a small processor and lifelong battery. Since another source of energy is solar power. These sensor nodes are deployed in hostile environments of military areas and forest. Where nothing can be handled manually nor updation of resources is possible. These sensor nodes has a special type of sensor installed with them which works on heat ,light and pressure e.t.c. a light sensor communicate with another light sensor and in same fashion heat and pressure nodes works. The basic topology consist of large number of sensor nodes and a sink node. A sink node is like a base station where all the data are organized and processed which is gathered by different sensor nodes. Sink node has a large memory space, more powerful processing units and robust security techniques. The most important part in wireless sensor network re- volves round a crucial juncture i.e. The way of communica- tion between different sensor nodes. Secure establishment of pair wise keys between two sensor nodes is very impor- tant. Because it deals with various security aspects like authentication, data integrity, nonrepudation e.t.c.. Vari- ous techniques have been discovered and implemented, few examples are Difflie-hellman, RSA 2011 ACEEE DOI: 01.IJNS.02.04.537 10

algorithm, public key cryptography and digital signature methods. The public key and digital signature method is not suitable for small sensor because of two reasons Economically large amount of energy is used in signature methods The other methods became fragile due to advancement in intrusion and eavesdroping techniques. Recently a new method of LDU decomposition method of numerical analysis is been designed by Park, Choi, and Youn [5] which is one of the best method for generation of pair wise keys in sensor networks. but prediction of element of diagonal matrix make it vulnerable to attacker. Our technique which is based on two fundamental principle of number system. We have used prime number concept and various types of algebraic, logarithmic, exponential and some discontinuous function. By using the prime numbers we have immaterialize the prediction aspects because it is not easy to predict prime numbers .It has only two factors 1 and number itself. We are not taking 1 into account for our calculation. The rest of the paper is organized as follows. Next section contains literature survey and motivation for our work. In Section 3, we propose the key distribution scheme for two nodes and individual nodes between a node and a sink node. Section 4 provides resilience and contains methods of improvement in our scheme. Section 6,7 ends the paper with conclusions and Acknowledgement. II. RELATED WORK There are various key distribution schemes are avail- able. But Ecliptic curve schemes[1] are the basis of modern key distribution schemes. As the science progressed various Ref[7]Deterministic key distribution schemes are launched. Other methods include public key cryptography and digital Signature methods which not suitable for tiny wireless Sensors. Deterministic key methods include SNEP, TESLA,SPIN Which has their advantages and disadvantages. Neither of them has holistic approach to deal with wireless network. Recently Park, Choi and Youn proposed a new scheme called Ref[5]A noble key pre-distribution scheme with LU matrix for secure wireless sensor networks. According to this scheme, the base station creates a large pool of elements and selects randomly some numbers elements from the pool to construct a symmetric matrix . After constructing this symmetric matrix, the base station applies LU decomposition

ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011 for calculating and matrices by using some formula. III. NEW PROPOSED KEY DISTRIBUTION SCHEME We start with a brief description of various concepts and definitions used in this paper. A. Definition: Definition 1 : prime number :-a number which has only 2 factors 1 and number itself. Definition 2 : A hash function (H)is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer that may serve as an index to an array. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes. Definition 3: Discontinuous function: a function is said to be discontinuous at a point where neither its lower value exist nor upper value. At that point the function is not defined. Definition 4: A reverse function (R) is a function that rearranges the entries of a tuple in a reverse order ex:R((m,n,p,q))=(q,p,n,m) Definition 5: If a square matrix A has the property AT = A, where transpose of matrix A is denoted by AT B. Node to Node Pair wise Key establishment Generation of functions to deploy in nodes All the functions which are used in pairwise generation of keys is pre-deployed with the help of large square matrix. lets say a network has 1000 nodes then a matrix of n n is used. n will basically half of total number of nodes. The matrix has 20 functions 5 each of from 4 different groups (Algebraic ,Logarithmic, Exponential, discontinuous ).From matrix functions are deployed as node(a) will have a first row of matrix and node(b) will have first column of matrix. This distribution will create at least a common function between them. Same distribution with alternate row and column is followed with every node. Separate matrixes of 20 20 is used to deploy functions. Each matrices have some common rows and columns. This will create common functions between different nodes and will reduce the formation of path keys. Each matrixes have some common rows,common column and common functions.This improves probability of common functions between two nodes and time taken for connection establishment. if x is a prime number greater than 3.If that x contains 5 in units place then it should be removed because that number will be divisible by 5 and it will not be a prime number The given equation check values for positive integer. Step1.2:- each node is deployed with different types functions like: (group1 ) Algebraic (group 2 ) Logarithmic (group 3 ) Exponential (group4 ) Discontinuous Sensitiveness of function depends upon environment where it is employed. Like for house hold works algebraic functions with low degrees are used. Places where high security is required then exponential and logarithm functions are used. Functions are taken from square matrix for sensor nodes. During the selection of functions to each node is done in such a way that there must be at least one common function is pre deployed in nodes. If this does not happen then node will able to make connection with other node , with the help of common functions which is shared between any other sensor nodes(i.e. generation of path key).In case of logarithmic and exponential functions approximation is done so that actual prime values are calculated. Phase 2:-( connection between two nodes) step 1. For pair wise establishment between two sensor nodes only three group functions is used. Group4 functions will only used in resilience which will be discussed in later chapter. First node say (nodea ) sends number of values for (nodeb).These values are calculated by a on a function say f (x) = (x2 + 2).Node takes values as(13,17,19) because these values are prime numbers. After taking these values, these values are calculated over any algebraic function. Let say f (x) = (x2 + 2) Values are (171,291,363) and (nodea ) has applied hash functions. H (171, 291, 363) = (h1 , h2 , h3 ) R(h1 , h2 , h3 ) = (h3 , h2 , h1 ) Step 2: when (nodeb ) receives these data it decrypts using reverse function and applying hash function in same manner as it is been encrypted. It calculates the value of x by using different functions which is already deployed in node. After calculating these values it checks whether the x is a prime number or not. if x is a prime number then it sends another copy of numbers for node a Using same function, hash function and reverse function. The values are different than the previous data. Step 3: when (nodea ) receives the values it again calculates and check the function type .if same function type is there then in that case the pair wise key establishment is generated between two nodes. Step 4: After establishment of a secure connection between two nodes ,all the data which have been send for connection establishment is deleted. There are two advantages of this 1) Memory usage is reduced because there is no need to store that values. 2) It has improved security between two nodes.

phase 1: First phase: (pre-deployment work) Step 1.1:- Each sensor nodes have a particular func-tion Remainder((x2-1)/24)) = 0 (1) 2011 ACEEE DOI: 01.IJNS.02.04.537 11

ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011 B.1 Advantages of proposed protocol By using prime number concept we are minimizing the prediction values which is send for connection establishment. since there are only two factors of prime number 1 and number itself. an eavesdropper cannot able to take value because formula is only applicable for number greater than 3. And there are no multiples of prime number. prime number has only two factors one and number itself and we are not considering one. so ultimately she has to discover correct prime number. Which is not an easy task because after that she have to find the function which we are using for generation of pair wise keys. By using this algorithm a node can be connected with other sensor nodes with same function with different sets of values and also different functions which improves security threat and a challenging task for eavesdropper. C. Number of keys using the above protocol Ref[9]For dense sensor field (suppose there are average k neighbors per node). Every sensor node has different functions which is grouped (m). N is the size of the wireless network (i.e.) number of nodes. Each group has n = (N/m) keys to communicate with different neighboring nodes. Each sensor node is pre deployed with 15 functions which is grouped in 3 parts .These 15 keys constitute number of pair wise keys and log(n)group keys are there. keys(q) = k + log(n) = k + log(N/m) (2) For example:- N=1000, m=3, k=15 Number of keys = 15+ log (1000/3)=15+2.52=17.52 For N=2000, m=3 k=15 Number of keys= 15+ log (2000/3)=15+2.82=17.82 So by increasing the network size there is little increment of keys on the network. An additional group of function is deployed in every sensor nodes. these group consist of discontinuous functions like:f (x) = 1/(1-x2 ) which is discontinuous at x=+-1these group are only used in the case attack on sensor nodes. After attack if these malicious sensor nodes is deployed in network then these special types of function is multiplied with any normal group of functions . And whole of the process is repeated for establishment of connection between that node and sink node (base station).after connection is established between that malicious node and sink node then this node is free to connect with any node in that particular network. In that situation the number of keys in particular node will be increased such that. N=1000,m=4,k=20 Number of keys= 20 + log (1000/4) = 22.39 N=2000, m=4, k= 20 Number of keys = 20+ log (2000/4) = 22.69. Number of neighboring nodes: Ref[8]The upper range or maximum number of neighboring nodes in a network can be calculated with the help of ((N modulus10) + 1) (3) N = total number of nodes inside a network For N=1000 total number of neighboring nodes= 101 N= 2000 total number of neighboring nodes=201 IV. RESILENCE IN
PROPOSED ALGROITHM

Ref[2] It is defined as the number of the secure links that are compromised after a certain number of nodes are captured by adversaries. We need to find the additional communication among uncaptured nodes that an adversary can compromise based on the information retrieved from captured nodes. Using Gilgor and Eschenaur scheme probability of compromising the shared key between any two non captured notes. P compromised = (1 - (1 - (q/N ))x ) (4) Where q= total number of keys in network, N=total number of nodes, x=number of compromised nodes. Case:1 If adversary did not get any information from compromised nodes about non compromised nodes. we can say that x=0. For N=1000 ,x=0 P compromised = (1 - (1 - (q/N ))0) = 0. Case2: if there are compromised nodes. For N=1000 assumed x=1 P compromised = (1 - (1 - ((15.72/1000))1) =.0152 For x=4 P compromised = (1 - (1 - (15.72/1000))4) =(1-.9385) =.061 We can see that as the number of compromised nodes are increasing probability of compromised is increasing. But keys is not only a sole criteria through which a network will be compromised. It depends upon the information which is retrieved through a particular node. In our scheme an attacker can get information only about the functions which are stored in that node. but the sets of values over any function still remains an area which is hard to crack. Because it is the values which is essential for pair wise generation of keys not functions.

2011 ACEEE DOI: 01.IJNS.02.04.537

12

ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011
TABLE I. NODE TO NODE PAIR WISE KEY
ESTABLISHMENT

A. Methods to improve resilience Suppose a situation comes in which a node is captured. After some modification that compromised node is again deployed in same environment. Then in that case it has to establish connection with sink node for further transmission .without successful establishment of individual keys it will not be able to perform its transmission with other neighboring nodes. Every node has a unique initialization vector(iv) or called ids .These ids are stored in the base station. if any node is deployed after eavesdrop then it has to send its id to base station checks that id with the stored value , if it matches then it is able to function as previously. Otherwise it will be discarded from the network and no transmission line is generated either with sink node or neighboring nodes. This method will not increase the burden of sink node because nothing stored. This topic is more elaborated in next section. B. Method to evaluate a malicious node in the network by sink node Transmission between a node and sink node(base station) is always a vital transmission in wireless sensor networks. Because all the information which is gathered is transmitted to sink node for further processing. so an additional security is needed with above pair wise keys. It 2011 ACEEE DOI: 01.IJNS.02.04. 537 13

is also called individual key which is generated between sink node and node. A new implementation is done with pair wise keys. Functions having point of discontinuity is introduced with normal functions. We have grouped four type of functions, in one group we will deploy functions like f (x) = 1/(1 -x2 ). which is discontinuous at x = + (1).When a node want to set up individual keys with sink node with the functions values it can also send values evaluated on this new type discontinuous function. it is done on the same way as previous one only a new step is introduced. Ex:- suppose node (b) is captured after modifications it is again deployed in network. Step 1: it has to connect with sink node before normal functioning. It has to generate pair wise keys using the deployed functions with special type of discontinuous functions. Step2 : it has to transmit computational time(Ctm ) and node(ids)(Nid ) with values which is calculated over particular function say= f (x) = ex/(1 -x2). Step3 : sink node computes the value to find the function on which the value is calculated and it stores the computational time. It matches computational time with the send values. If value matches then node is allowed from

ACEEE Int. J. on Network Security , Vol. 02, No. 04, Oct 2011 transmission otherwise it is discarded and that node(id) is transmitted all over the network to all nodes. That particular node is not used for carrying data in future use. V. ALGORITHM TO
CHECK MALICIOUS NODE IN NETWORK

VII. ACKNOWLEDGMENT The author wants to thank Mr. Gaurav Srivastava, Mr. Nishi Mani and Mr. Amit Kumar for there motivational support throughout this paper. REFERENCES
[1] ( Whitfield Diffie and Martin E. Hellman), New Directions in Cryptography, year 1976 [2] Laurent Eschenauer and Virgil D. Gligor,A key-management scheme for distributed sensor networks, ACM Conference on Computer and Communications Security, (year 2002, pages 41-47), {http : / / doi . acm . org / 10 . 1145 / 586110 . 586117} , DBLP , http : / / dblp . uni-trier . de [3] Sencun Zhu and Shouhuai Xu and Sanjeev Setia and Sushil Jajodia, Establishing Pair wise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach, (year2003,pages326-335,http : / / csdl . computer . org / comp / proceedings / icnp / 2003 / 2024 / 00 / 20240326abs . htm, bibsource = DBLP, http://dblp.uni-trier.de [4] Perrig, Adrian and Szewczyk, Robert and Wen, Victor and Culler, David and Tygar, J. D.,SPINS: security protocols for sensor networks, MobiCom 01:Proceedings of the 7th annual international conference on Mo- bile computing and networking,year2001,pages = 189199, http : / / doi . acm . org / 10 . 1145 / 381677 . 381696 [5] Chang-Won Park and Sung Jin Choi and Hee Yong Youn,A Noble Key Pre-distribution Scheme with LU Matrix for Secure Wireless Sensor Networks, year2005,pages = 494499,http : / / dx . doi . org / 10 . 1007 / 11596981 _ 73, [6] Adrian Perrig and Robert Szewczyk and Victor Wen and David E. Culler and J. D. Tygar, SPINS : security protocols for sensor networks, Mobile Computing and Networking, pages 189-199,year2001", [7] Lee J. and Stinson D., Deterministic key predistribution schemes for distributed sensor networks, http : / / www . cacr . math . uwaterloo . ca / dstinson / pubs . html, year 2004 [8] Mary Mathews, Min Song, Sachin Shetty, Rick McKenzie Detecting Compromised Nodes in Wireless Sensor Networks Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/ Distributed Computing [9] Eric Ke Wang, Lucas C.K.Hui and S.M.Yiu A New Key Establishment Scheme For Wireless Sensor Networks journal International Journal of Network Security and Its Applications (IJNSA), Vol 1, No 2, July 2009

Suppose Nodeb is captured by an intruder and some modifications is done. After that these are steps which have to be followed by that malicious node before functioning as usual. 1: N odeb has to set up pair wise key with sink node using discontinuous function. 2: it has to send evaluated values on which computation is done along with computational time and own nodeid 3: after receiving that value sink node will find that function on which evaluation is done. 4: Sink node will evaluate same data set on same function and calculate computation time. 5: Sink node will compare computational time which is send by malicious node with the time which is calcu- lated by itself 6: if computational time is correct then that node is allowed to communicate with network. 7: otherwise that particular nodei d is transmitted over whole network and that node is discarded from normal functioning. 8: End. VI. CONCLUSIONS The proposed algorithm is suitable for all type of network places. The randomness of functions make it almost impossible for eavesdropper to predict which function is working and corresponding values which are used in connection. values and function provide a two way security. Because for a same function two sets of values are different from each other. After the node capture also node i d and computational time over particular discontinuous function make aware of malicious node to entire network. The future work will revolve around to decrease the time which is used for connection establishment and to minimize energy consumption. One technique is used when the nodes are only active when packets of data is arriving otherwise rest of time it is in sleep mode this will save energy.

2011 ACEEE DOI: 01.IJNS.02.04. 537

14