KR100949809B1 - How to Manage Keys in a Wireless Sensor Network - Google Patents

Abstract

The present invention relates to a key management method of a wireless sensor network. The encryption key management method of the wireless sensor network uses a location-based group key structure to remove infected nodes and perform energy-efficient key update (rekeying). Existing unicast-based key updates are designed to address the shortcomings of failing to meet the security requirements of periodic key updates in long-lived wireless sensor networks, and provide low power key management and high resilience. Broadcast-based rekeying is supported. In addition, the key management method of the wireless sensor network provides a group management protocol for merging or dividing a local group for secure group communication.

Wireless Sensor Networks, Key Management, Security, Location Based, Energy Efficiency

Description

Method for key management of wireless sensor network

The present invention relates to a key management protocol of a wireless sensor network (WSN), and in particular, to provide an energy-efficient key management protocol, addition and removal of nodes, and group management protocol in a wireless sensor network environment. It relates to a key management method of a wireless sensor network that improves the castle.

The present invention is derived from the research conducted as part of the IT growth engine technology development project of the Ministry of Information and Communication and the Ministry of Information and Telecommunications Research and Development. [Task Management No .: 2006-S-085-01, Task name: Development of a compact operating system for automotive sensor nodes] Nano OS for Automobile Sensor Nodes].

Existing security key management protocols are complex to use directly in wireless sensor network environment and require many computer resources. Therefore, a study on a key management protocol suitable for a wireless sensor network environment is needed.

The representative key management protocol in the existing wireless sensor network uses LEAP and random key distribution. The existing method distributes the unicast-based key, so the energy consumption of the sensor node is high, especially the energy consumption of removing the infected sensor node and updating the key of other nodes and providing group management protocol. Did not do it.

As wireless sensor networks (WSNs) grow, so does the need for effective security structures.

The present invention has been proposed to solve the above problems, and provides a broadcast based energy efficient key management protocol, addition of sensor nodes and removal of infected nodes, and regional groups (RG) in a wireless sensor network (WSN). It is an object of the present invention to provide a key management protocol and a system of a wireless sensor network, which enhances the security of the wireless sensor network by supporting a group management protocol for merging and dividing.

In order to achieve the object of the present invention, the present invention provides a key management method of a wireless sensor network, comprising: (a) setting initial keys of the sensor network; (b) VG _i group in the sensor node area group i of the ID (RG _i), a secret area group i key (RK _i), Bundles imaginary group j ID (RVG _ij), RG _i group in the i of A group key setting step of generating the shared secret key RVK _ij ; And (c) a pairwise key establishment step in which the sensor node broadcasts to all neighboring nodes to generate respective pairwise keys.

In step (b), the sensor node receives GPS data, calculates coordinates of the sensor node using the measured location information, calculates a distance from a reference point of the wireless sensor network, and then calculates distance, coordinates, patterns, and sizes. The ID RG _i of the local group i of the sensor node is set using the information.

Preferably, the key management method of the wireless sensor network, (d) the newly added sensor node to the sensor network to set a pairwise key with each of the neighboring nodes, and the new node information and random variables from the base station to the neighboring node The method further includes adding a new node to broadcast to the network.

Preferably, the method for key management of a wireless sensor network comprises: (e) the base station (BS) of the sensor network broadcasts a discard message of a sensor node infected with all sensor nodes, and all sensor nodes are assured of the discard message. Verifying and removing the infected sensor node from the neighbor node list of each sensor node.

The base station BS of the sensor network is a sink node.

Preferably, the key management method of the wireless sensor network is (f) the base station (BS) of the sensor network broadcasts a leaking message for key update to prevent hacking using the rekeying protocol to all sensor nodes. Each sensor node further includes updating a pairwise key except for a K _SiBS shared by the BS and each sensor node.

The key updated in step (f) does not update the ID (RG _i ) of the local group i and the ID (RVG _ij ) of the virtual group j within the local group i, but with a new master key (IK ^{i +1} ). The generated pairwise key, the new local group key (RK ^{i +1} ), and the new local virtual group key (RVK ^{i +1} ) are generated and updated.

Preferably, the key management method of the wireless sensor network, (g) to merge the merge message from the base station (BS) of the sensor network to all nodes in order to merge the other regional group into one group of the local group of the sensor network. The method further includes broadcasting.

In step (g), the ID of the newly merged regional group i (RG ^{i +1} ), the newly merged regional group key (RK ^{i +1} ), and the ID of the virtual group j within the newly merged regional group i (RVG _ij ), and generate and update the newly merged local virtual group key (RVK ^{i +1} ).

Preferably, a key management method of a wireless sensor network comprises the steps of: (h) broadcasting a split message from the base station (BS) of the sensor network to all nodes in order to partition a specific regional group in the sensor network. It further includes.

In step (h), the ID (RG ^{i +1} ) of the newly divided region group i, the newly divided region group key (RK ^{i +1} ), and the ID of the virtual group j in the newly divided region group i (RVG _ij ), and generates and updates the newly divided local virtual group key RVK ^{i +1} .

As described above, the present invention incorporates a broadcast-based energy efficient key management protocol, the addition of sensor nodes and the removal of infected sensor nodes, and the regional group (RG) in a wireless sensor network (WSN) environment. By supporting segmentation group management protocol, it is effective to increase security of wireless sensor network.

First, the present invention can improve the energy efficiency of the sensor node in key distribution and management using a broadcast-based protocol in the sensor network environment.

Secondly, the present invention can update the keys of the sensor nodes efficiently and efficiently.

Third, the present invention can manage the group and the pattern of the group by dividing and merging the group of sensor nodes.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a configuration diagram of a sensor network composed of 200 arbitrary sensor nodes divided into four regional groups (RGs) and four virtual groups (VGs) configured as protocols according to an embodiment of the present invention. to be.

Table 1 defines the parameters used in the key management protocol of the wireless sensor network according to the present invention.

Mark Explanation BS ID of the base station of the sensor network S _i ID of node i VG _i ID of virtual group i RG _i ID of local group i RVG _ij Virtual group j within regional group i N Random number K _SiBS Secret key shared by BS and S _i MK Master secret key to generate a secret key for each node K _AB Secret key shared by nodes A and B (K _AB = K _BA ) IK Initial master key to generate a new key IKM Keying material for creating a new IK CK Common group key shared by BS and all nodes AK Authentication key for message verification VK _i Secret key of virtual group i RK _i Secret key of local group i RKM Key material for the creation of a new RK RVK _ij Secret key shared by the VG _j group within the RG _i group E (K, ...) Symmetric-Key Encryption Functions Using K-Keys || connect T Time stamp

The key management protocol of the wireless sensor network according to the present invention consists of the following steps. The initial key setup steps are as follows:

1. Initialization step

Generate private key K _SiBS for sensor node S _i : K _SiBS = F (MK, S _i )

Verification key AK ’Generate: AK '= F (AK, 0)

Generate network-wise key CK: CK = F (IK, 0)

Create virtual group key VK _i : VK _i = F (IK, VG _i )

Sensor node A sends GK encrypted data to group G as follows.

A → G: A, GID, E (GK _GID , message || N || T)

2. Group Key Setting Steps

Create RG _{i with} ID of region group i: RG _i = RGF (IK, ldata, pattern, size, cp)

Generate private key RK _{i for} region group i: RK _i = F (IK, RG _i )

Create RVG _{ij with} local virtual group ID: RVG _ij = F (IK, RG _i || VG _j )

Generate local virtual group key RVK _ij : RVK _ij = F (IK, RVG _ij ).

Algorithm-RGF-Local Group ID Generation Function

RGF (IK, ldata, pattern, size, cp)

{

// ldata: location information (GPS data)

Compute the coordinates of the node using ldata.

Compute the distance from the reference point in the WSN.

// Use local group's pattern, size, and cp parameters.

// If sensor nodes belong to the same local group, they have the same local group (RG) ID.

Calculate a local group ID number (id) of the sensor node using distance, coordinates, pattern, and size information;

// Create a local group ID using the local group ID number (id).

rgid = F (IK, id);

return rgid;

}

3. Setting up a pairwise key

Node A generates a pairwise key K _AB with Node B: K _AB = F (K _B , A), K _B = F (IK, B).

The message passing procedure is expressed as follows.

A → A's neighbors (broadcast): A

B → A: B, MAC (K _AB , A || B)

4. Add new node

Set up a pairwise key for a sensor node newly added to the sensor network.

BS → Existing Nodes:

BS, E (CK, F (N ¹ , 0) || N ² || N || T)

New node A → neighbors: A, N ¹

If the neighbor nodes are existing sensor nodes, the pairwise key setting step is expressed as follows.

Neighbor existing node B → new node A: B, N ²

New Node A → Neighbor Existing Node B:

A, E (K _B , K _A || N || T)

If the neighbor node is a new node, the pairwise key establishment step is the same as the initial pairwise key establishment step.

New node B → new node A: B, MAC (K _AB , A || B)

After the above steps, all sensor nodes form a pairwise key and the new node's IK is removed.

5. Removing Infected Nodes

The base station (BS) of the sensor network broadcasts the revocation message of the depleted node to all nodes. The base station BS of the sensor network represents a sink node. CNODE represents an infected node. {CNODE ₁ || CNODE ₂ || ...} represents a set of infected nodes.

BS → All Nodes: BS, AK ⁱ , F (AK ^{i +1} , 0), E (CK, {CNODE ₁ || CNODE ₂ || ...} || N || T)

All nodes use AK ⁱ and AK ^{i ,} = F (AK ⁱ , 0) to authenticate discard messages. The discard message contains AK ^{i +1,} = F (AK ^{i +1} , 0), which is an authentication key for authentication of the next message. All nodes verify the authenticity of the discard message and remove the infected node from each node's neighbor node list.

BS → All Nodes (broadcast):

BS || AK ^{i +1} , F (AK ^{i +2} , 0), {RG _a , E (RK _a , IK ^{i +1} || N || T)

|| RG _b , E (RK _b , IK ^{i +1} || N || T) || ...}

The group licking message is used to update the IK in all regional groups except the infected regional group. All nodes authenticate the message with All nodes AK ^{i +1} and store F (AK ^{i +2} , 0) for authentication of the next message.

If some nodes belonging to the VG _c and RG _c (RVG _cc ) groups are infected and the infected nodes belonging to the group are node C, the IK update message of the infected area is as follows.

BS → All Nodes (broadcast):

BS, AK ^{i +2} , F (AK ^{i +3} , 0), {RVG _ca , E (RVK _ca , IK ^{i +1} || N || T)

|| RVG _cb , E (RVK _cb , IK ^{i +1} || N || T)

|| RVG _cd , E (RVK _cd , IK ^{i +1} || N || T) || ...}

All RVG groups except RVG _cc receive a new IK. Node C is an uninfected node, a neighbor of D, not included in RVG _cc , and has a new IK ^{i + 1} . Node D can receive new IK ^{i + 1} from node C as follows:

D → C: D, MAC (K _CD , C || D || N || T)

C → D: C, E (K _CD , IK ^{i +1} || N || T)

The key update step is described as follows.

The rekeying protocol temporarily updates the initial master key (IK) to prevent hacking. All sensor nodes regenerate a pairwise key except for the base station (BS) and the K _SiBS shared by each sensor node. Perform key update with the following message.

BS → All Nodes (broadcast):

BS, AK ⁱ , F (AK ^{i +1} , 0), E (CK), IKM || N || T)

The new IK ^{i +1} is generated by F (IKM, 0). After the broadcast of the leaking message, each sensor node generates a pairwise key with a new IK ^{i + 1} .

In order to maintain the modified configuration of the groups, RG and RVG are not modified. RK and RVK use the following formula:

RK ^{i +1} = F (IK ^{i +1} , RK ⁱ )

RVK _ij ^{i +1} = F (IK ^{i +1} , RVK _ij ⁱ )

The update of the local group key is performed as follows.

BS → All Nodes (broadcast):

BS, AK ⁱ , F (AK ^{i +1} , 0), (RG _a , E (RK _a , RKM || N || T)

_{|| RG b, E (RK b} , RKM || N || T) || ...}

A new local group key, RK ^{i + 1} , is generated by F (RKM, RK ⁱ ). The new local virtual group key RVK ^{i +1} is generated by F (RKM, RVK ⁱ ).

The group management step merges and divides local groups in the sensor network.

(Group merger)

The merge message is sent to local groups that want to merge into one group.

BS → All Nodes (broadcast):

BS, AK ⁱ , F (AK ^{i +1} , 0), (RG _a , E (RK _a , RKM || N || T)

|| RG _b , E (RK _b , RKM || N || T) || ...}

The base station (BS) of the sensor network broadcasts a merge message to all neighboring nodes in order to consolidate the multiple regional groups into one group, and the ID (RG ^{i +1} ) of the newly merged regional group i, The merged region group key RK ^{i +1} , the ID (RVG _ij ) of the virtual group j in the newly merged region group i, and the newly merged region virtual group key RVK ^{i +1} are generated and updated.

The new local group ID RG ^{i + 1} is generated by F (RKM, 1). A new local group key, RK ^{i + 1} , is generated by F (RKM, RG ^{i +1} ). Nodes merged into one group have a new identical group key, RK ^{i + 1} .

RVG and RVK are generated by the following formula.

RVG _ij ^{i +1} = F (RKM, RG _i || VG _j ).

RVK _ij ^{i +1} = F (RKM, RVG _ij ^{i +1} )

(Group division)

The split message is sent to the local group that wants to split. Split messages are effective in limiting the impact of neighboring nodes on infected nodes.

BS → All Nodes (broadcast):

BS, AK ⁱ , F (AK ^{i +1} , 0), (RG _a , E (RK _a , RKM || pattern || size || cp || N || T)

                    || ...}

The base station (BS) of the sensor network broadcasts a split message to all nodes in order to split into the desired regional group, the ID of the newly divided regional group i (RG ^{i +1} ), the newly divided regional group The key RK ^{i +1} , the ID RVG _ij of the virtual group j in the newly divided local group i, and the newly divided local virtual group key RVK ^{i +1} are generated and updated.

The new local group ID, RG ^{i +1} , is generated by RGF (RKM, ldata, pattern, size, cp). The local virtual group ID RVG and the local virtual group key RVK are generated using the same formula as the merge message. Each node finds RG ^{i + 1} using the RGF function and its arguments.

2 illustrates the patterns of various regional groups of the sensor network.

Table 2 is a formula of key update cost of each protocol in the generalized sensor network of FIG.

protocol Rekeying Target Communication cost send reception Proposed Protocol Group, pairwise key 0 9 x P _receive (k) LEAP Group key 8 x P _send (k, r) 9 x P _receive (k) Random key scheme Fairwise Key 12 x 3 x P _send (k, r) 12 x 2 x P _receive (k)

3 is a generalized configuration diagram of a wireless sensor network (WSN).

4 shows that the values of the factors are r = 1, k = 8192, P _com = 50 nJ / bit, P _amp = 100 pJ / bit / m ² , respectively, in the generalized wireless sensor network of FIG. It is a graph comparing the energy usage of each protocol calculated by inputting the distance of a node, the number of k: bytes, P _com : energy calculated in a computer, and P _amp : energy required for wireless communication of a sensor node.

The energy usage of each protocol of the wireless sensor network increases as the number of key updates increases. The energy usage (pJ / nodes) of the wireless sensor network according to the present invention is the key management method of the wireless sensor network (WSN) according to the LEAP method and the random key. Compared to the method, the best energy efficiency can be seen.

Accordingly, the present invention provides a broadcast-based energy efficient key management protocol, the addition of sensor nodes and the removal of infected nodes, and the group management protocol that merges or divides local groups (RG) in a wireless sensor network (WSN). Increase the security of your wireless sensor network.

As described above, although described with reference to a preferred embodiment of the present invention, those skilled in the art without departing from the spirit and scope of the present invention described in the claims In the present invention can be carried out by various modifications or variations.

1 is a configuration diagram of a sensor network composed of 200 arbitrary sensor nodes divided into four regional groups (RGs) and four virtual groups (VGs) configured with a protocol according to an embodiment of the present invention.

2 illustrates a pattern of various regional groups of a sensor network.

3 is a generalized configuration diagram of a wireless sensor network (WSN).

4 shows each protocol calculated by inputting r = 1, k = 8192, P _com = 50 nJ / bit, and P _amp = 100 pJ / bit / m ² in the generalized wireless sensor network of FIG. Figure comparing the energy usage of.

Claims (11)

In the key management method of the wireless sensor network, (a) establishing initial keys of the sensor network; (b) VG _i group in the sensor node area group i of the ID (RG _i), a secret area group i key (RK _i), Bundles imaginary group j ID (RVG _ij), RG _i group in the i of A group key setting step of generating the shared secret key RVK _ij ; And (c) a pairwise key setting step in which the sensor node broadcasts to all neighbor nodes to generate respective pairwise keys. The method of claim 1, Step (b) is, After receiving the GPS data, the sensor node calculates the coordinates of the sensor node using the measured position information, calculates the distance from the reference point of the wireless sensor network, and then uses the distance, coordinate, pattern, and size information. And setting an ID RG _i of the local group i of the wireless sensor network. The method of claim 1, (d) The newly added sensor node in the sensor network further includes setting a pairwise key with all neighboring nodes, respectively, and adding a new node for broadcasting new node information and random variables from the base station to the neighboring nodes. How to manage keys in wireless sensor networks. The method of claim 1, (e) The base station (BS) of the sensor network broadcasts the discard message of the infected sensor node to all sensor nodes, all sensor nodes verify the authenticity of the discard message, and attach the infected sensor node to each sensor node's neighbor. The method for key management of a wireless sensor network further comprising the step of removing an infected sensor node from the node list. The method of claim 4, wherein And a base station (BS) of the sensor network is a sink node. The method of claim 1, (f) The base station (BS) of the sensor network broadcasts a leaking message for key update to prevent hacking using the rekeying protocol to all sensor nodes, each sensor node being the BS and each of the sensor nodes. Updating the pairwise key except for the K _SiBS shared by the; key management method of a wireless sensor network further comprising. The method of claim 6, The key updated in the step (f), Without updating the ID of region group i (RG _i ) and the ID of virtual group j within region group i (RVG _ij ), the pairwise key created with the new master key (IK ^{i +1} ), the new region group key ( RK ^{i +1} ), and generates and updates a new local virtual group key (RVK ^{i +1} ). The method of claim 1, (g) broadcasting a merge message from the base station (BS) of the sensor network to all nodes to merge the other regional groups into a regional group of the sensor network as a group. How to manage. The method of claim 8, Step (g) is, ID of newly merged region group i (RG ^{i +1} ), newly merged region group key (RK ^{i +1} ), ID of virtual group j within newly merged region group i (RVG _ij ), newly merged region A key management method of a wireless sensor network, characterized in that for generating and updating a virtual group key (RVK ^{i +1} ). The method of claim 1, (h) broadcasting a segmentation message from the base station (BS) of the sensor network to all nodes in order to segment a particular regional group in the sensor network. The method of claim 10, Step (h) is, ID of newly segmented region group i (RG ^{i +1} ), newly segmented region group key (RK ^{i +1} ), ID of virtual group j in newly segmented region group i (RVG _ij ), newly segmented region A key management method of a wireless sensor network, characterized in that for generating and updating a virtual group key (RVK ^{i +1} ).

Images