Abstract
Wireless sensor networks (WSNs) are made up of large groups of sensor nodes that usually perform distributed monitoring services. These services are often cooperative and interchange sensitive data, so communications within the group of sensor nodes must be secured. Group key management (GKM) protocols appeared, and were broadly studied, in order to ensure the privacy and authentication throughout the group life. However, GKM for WSNs is already challenging due to the exposed nature of wireless media, the constrained resources of sensor nodes, and the need of ad-hoc self-organization in many scenarios. In this chapter we present the basis of GKM and its state-of-the art for WSNs. We analyze the current non-resolved topics and we present a GKM proposal that solves some of these topics: it minimizes both the rekeying costs when the group membership changes and the routing cost within the group.
TopIntroduction
Wireless sensor networks (WSN) comprise a wide range of devices that autonomously intercommunicate offering a wide variety of services: fire detection, fleet management, health monitoring, etc. Very often, WSNs are deployed in hostile environments, like battlefields, where there is a presence of enemies or potential attackers and hence there is a necessity for providing them with security. And not only military networks have strong security requirements. Unfortunately, there is an increasing risk of terrorist attacks against civil and crowded places that may have a WSN deployed, such as hotels, hospitals or train stations.
Under the circumstances, ensuring the security in WSN becomes critical. However, the “special” nature of the WSNs makes this task specially challenging. First of all, sensor nodes are often “low-end” devices with constrained resources and hence the use of well-known but expensive security algorithms (e.g. asymmetric cryptography) is not feasible or it must be minimized. Second, WSNs are in many cases unattended self-organized ad-hoc networks and so the security management must be assumed within the group of sensors without the presence of a fixed powerful infrastructure which could lead the security. And third, the wireless media makes the physical layer very accessible for an attacker, which can jam, inject or modify link layer packets without difficulty and which can easily compromise and spoof a sensor node.
In short, the widespread use of such networks produces new security challenges: there is a necessity for securing the communications within the group of sensors and it must be tackled in a self-configuration manner with active cooperation of the sensor nodes. If in addition we take into account the constrained resources of sensor nodes, we can also assert that the cost of security management must be minimized and thus shared out by the group members. That is to say, securing group communications becomes mandatory and its implementation must be distributed tackled and with an overall low cost per sensor node.
The rest of this chapter is organized as follows. First, we present the necessary background on group security and then we, second, continue with its particularization to WSNs. Within this section we analyze the current issues on developing group security for WSNs and we present state-of-the art solutions. Next, we detail an own proposal of distributed group security for WSNs and we propose future directions in order to enhance the current group security systems. Finally, we present our concluding remarks.
TopBackground On Group Security
In cooperation frameworks, such as WSNs, data is shared by incumbents and, in many cases, carries sensible information. Therefore, data must be protected, but just against non group members and not within the group membership, and this is what is called group security. Group security is, thus, targeted to provide group privacy and group authentication: data is protected from outsiders and the only sources of communication are the members of the group. As a result, it is merely based on the use of a common shared secret called the session key or group key. This key allows every group member to: 1) send encrypted data; 2) decrypt received data, and 3) authenticate itself as a group member since the knowledge of the session key guarantees that it belongs to the group. As only the current group members ought to know the session key, such key must be updated every time the membership of the group changes. Group key management (GKM) is the branch of knowledge that studies the generation and updating of the keying material used for securing the group during its whole life (Wallner, Harder & Agee, 1998).
Traditionally the update of keying material or rekeying is performed by a centralized trusted third party called the key server (KS). Within the simplest approach, the KS delivers updated keys through individual secure channels with every member (Wallner et al., 1998). This method is both non-scalable and infeasible for large groups since a single peer-to-peer connection is needed for each of the group members. Therefore, the rekeying complexity problem is O(N), with N the number of group members, and the KS has to wait for the delivery of N messages to actually change the session key. To mitigate this scalability problem two main branches of GKM have been studied: delegation and tree-based approaches; although combination of both is possible.
Key Terms in this Chapter
GKM: Group Key Management. Branch of knowledge closely related to securing group communications that studies how to generate the group keying material and how to update it when necessary (rekeying) with focus on efficiency and cost reduction.
Siblings: The sibling nodes of a member in a logical tree of KEKs are the direct underlying nodes from every node in its path to the root that are not actually in this path. The set of sibling nodes is denoted as the sibling path. Thus, the sibling trees of a member are the trees hanging from the nodes of its sibling path.
KS: Key Server. In centralized GKM approaches it refers to the entity that is in charge of managing the group security.
Centralized: Within this chapter a protocol is centralized when there is an only top level entity in charge of its management. This is the case of traditional approaches to GKM that rely on a fixed infrastructure which is the KS.
Rekeying: The rekeying is the process of updating the keying material. In centralized GKM approaches is carried out by the Key Server (KS).
Cross-layer: Within the context of this chapter, cross-layer refers to useful data that break the boundaries of the OSI layer model with the purpose of reducing costs.
Distributed: In a distributed network the management is shared by several entities. When these entities are not a subset but all the network entities then we talk about fully-distributed networks. Fully-distributed networks are often based on peer-to-peer (P2P) relations where users communicate in an ad-hoc manner.