Key Management Distribution Scheme in Wireless Sensor Network Based on Knapsack Algorithm

Key management in Wireless Sensor Network (WSN) is a complex task due to its nature of environment, limited resources and open communication channel. In addition, wireless communication poses additional threats to the critical information being sent and received over there. WSN are necessary to be protected from different attacks. But, the major problem to secure WSN is a key distribution after deploying the sensor nodes in specific area. This paper examines the design of an efficient key management distribution scheme for WSN. The proposed method based on knapsack algorithm that requires generating a series of vectors to encrypt the private keys only that will be sent to the cluster heads by base station. The same method is used by each cluster head to encrypt only the keys that will be sent to their members. The simulation results showed that the proposed key management method can offers efficient security prerequisites, suitable scalability, and connectivity to achieve authentication.


Introduction:
Recently, the tremendous development in the electronics technology "wireless communication" has enabled the development of low power, low-cost, small memory, multifunctional sensor nodes [1][2][3].WSNs are merely defined as a large collection of sensor nodes, each equipped with its own sensors, data processor, and short-range radio transceiver [1,2].Due to the characteristics of WSNs, they have many applications in battlefield environment, health, disaster, space, environmental threats, and other industries sectors [4], [5].As, indicated by numerous specialists, the use of WSNs is creating a revolution of the concepts of different day-to-day activities in near future [6].
One of the main problems in WSNs is ensuring communication security, particularly when they are deploying in critical domains where an attacker can be easily captured nodes and manipulate [7].One security aspect that obtains a great deal of importance in WSNs is the field of key management [2,8].Key management technique is the method in which keys are generated, protected, stored, transferred, used among the authorized node and can be canceled when they do not needed.Key management builds the keys necessary to afford security requirement that include integrity, confidentiality data, and authentication nodes.Yet, presenting best key management in WSNs is a difficult task due to the unknown network topology prior to deployment.The main aim of key management in WSNs is to distribute the keys by a secure method and creating secured links among the sensors in the formation phase network [1,7].
Moreover, there are two types of cryptography; the first type is symmetric key cryptography that use one key for encryption and decryption and it is faster to execute like Advanced Encryption Standard (AES) [6].The second type is known asymmetric cryptography or called private key system that use two keys one key for encryption it's called private its secure but the second its public key for decryption like Rivest-Shamir-Adleman algorithm (RSA), Elliptic Curve Cryptography (ECC), and Elliptic Curve Computational Diffie-Hellman (ECCDH) to provide best security [6,8].Nowadays, WSNs have attracted significant interest in the engineering community and among researchers.In fact, the wireless channels are not secure.In addition, Due to the depending on the keys to make a connection between the nodes in a radio channel (open environment), these keys are easily prone to attack.Thus, the main challenge in the WSNs is the security of the key distribution that is used for the connection.These encryption keys are the critical issue for getting a high security Section 2 explains literature survey for WSN.In section 3, discussion the knapsack process.
Describing the used network model is depicted in section 4. In section 5, credible preliminaries is explained.While, section 6 illuminates the network phases and including proposed method.The example of the proposed method is explained in section 7. Results and discussion are illustrated in section 8. Ultimately, in section 9, we present our concluding remarks.

Literature Survey:
Gianluca Dini and Ida Maria Savino in [11] suggested a key distribution protocol in WSNs based on the key chains by using symmetric ciphers and one-way functions on the next key in the chain.Prior the distribution, these nodes can be either exchanged or installed through a secure channel.During the applying of one-way hash functions, a key authentication can be obtained.
Song Ju in [8] suggested a combination of the Elliptic Curve Diffie-Hellmann with symmetric key cryptography and hash chain to establish a lightweight key protocol in WSNs.
It is built on the single-hop network that all the sensors nodes can be communicate with the other nodes.Before the distribution of the nodes in specific area, it is preload same initial key to all nodes as initial trust phase.From the research and analysis, it shows that protocol can less computation and communication complexity compared to other protocols.
Md. Ibrahim Abdullah in [12] suggested technique to the management of keys distribution within cluster nodes and avoid a node-capturing problem update the keys at the orderly interval.The key distribution is entirely local.The network key discards after they are distribute of keys.To prevent node capture their proposal a key update technology.When the keys are updated, the network key is re-formed.Here, technique authenticates a group of cluster nodes rather of each node.This technique has some communication overhead because receiving key update packets from the base station (BS) and it can prevent the common attacks of hierarchical sensor network and decrease the node capturing attacks.
Danyang Qin, Shuang Jia, Songxiang Yang, ErfuWang, and Qun Ding in [13] have proposed a lightweight authentication and key management protocol for WSNs.It solves the problem of wicked nodes happening through the process of networking and to provide high Web Site: www.uokirkuk.edu.iq/kujssE-mail: kujss@uokirkuk.edu.iq07 security beside low cost.The mobile sensor nodes need to be authenticated that is the important condition, where, the keys in proposed scheme will be dynamically created and adopted for security protection.When captured of the node or the keys are being compromised by the attackers cannot use the previous keys.The analysis shows that the proposed scheme offers high security with less energy consumption for wireless sensor networks, notably when applying it with mobile sensors.

Knapsack Process:
This section describes the knapsack process.Knapsack algorithm involves that we create a series of vectors called (a i ) over positive integers.There are many techniques of creating vectors.For the sake of explanation, we will take the first value as 1 and subsequent values as multiples of n. like Now, n may be supposed to be some random positive integer.
Then let us discover how the signed message is subjected to the knapsack procedure.Say, k i is converted as follows, which can be represented in its binary number format as such: According to the knapsack process, a compute a cumulative sum S .

∑
In the end, signed message form, k i value is swapped by its equivalent S. In the final that to send to the consignee.The consignee has all the relevant data for reversing the knapsack process and recovering the bit pattern of S. (For example, the consignee knows the (a i ) series.
The consignee reverses the received message S into k i .Let us discuss how to reverse the knapsack procedure, via using an example.Consider eq. ( 1) which is the knapsack representation of k i .The value of k i recovered in an iterative manner as the following:

S-n m
If the value is positive number i.e., S-n m > 0, then a binary bit 1 is allocated at the (m) th location.If, however, the value is negative number, then a 0 bit is allocated.Now subtract n m-1 from the current R. Depending on whether it its positive or negative, allocate 1 or 0 at the relevant bit location.This subtraction continue until the (a i ) series is exhausted.Details of the knapsack algorithm and the reverse knapsack procedure are presented in [10].

Network Model:
This section briefly presents hierarchical structure of sensor network as demonstrated in Fig. 1.In our network model. Cluster Heads CHs manage members" joining and disjoining procedures.Thus it is responsible for the management of the nodes in the cluster after formation and the data transmission from its cluster members to the base station.CHs can able connect directly to the base station through one hop.Moreover, CHs equipped with a widely higher amount of resources than sensor nodes in the network, such that high processing, high storage, and larger communication [1,7,14].
 The location of the sensor nodes is in the lowest level of the hierarchy.They are low-cost devices with limited computing, energy, storage, and power capabilities.The main task of a sensor node is to collect the information and transmission to the cluster head through one hop or more [1,7,14] as shown in Fig. 1, where, node location is random in sensor arena.It nodes remain fixed after deployment through the network process [14].

Preliminaries:
The credible presumptions are used as previously applied in most of the security schemes.
 The BS is known and in secured location, trusted by all members, and with sufficient resources.
 BS has authentication scheme for every node after deployment.
 The BS is qualified for creating the private key for all CHs, while each CH is qualified for creating the private key for all members in the network.
 Each CH can reach the BS and vice versa in the network.
 Every L-node and CHs are static and are randomly deployed in the area moreover are equipped with tamper-resistant hardware and Global Positioning System (GPS).Global Positioning System receivers, such as navigation devices, pick up the signals.It uses to calculate the position, time of and speed.

The Network Phases:
In this section the details of the proposed scheme are explained.It has the following 4 phases:

The Phase of the Key Pre-distribution:
BS has a list of sensors node ID, a share key between nodes and CHs.
 The CH and L-node are preloaded with procedures algorithm1 & 2.
 Every L-node includes its ID with the IDs of all CHs which are deployed in preload duration.
 Every L-node and CHs are pre-loaded with unique shared key with the BS before deploy.
 Every CH is preloaded with the ID of the BS prior deployment.

Nodes Distribution Phase:
This phase occurs directly after nodes distribution in the selected area that consists of 100 nodes.They have uniformly and randomly distributed exclusively in the area of size 100× 100 m 2 [15], [16] as shown in Fig. 2.

Cluster Establishing Phase:
The cluster formation is started after the sensors deployment in the specific area as depicted in the following steps:  Each CH-sensor broadcasts message called M which includes the ID and its location with a random delay.
 Each L-sensor may receive messages coming from more than one CH-sensor.Then, it chooses the CH-sensor whose M message has the best signal strength.
 Each L-sensor broadcasts message which includes the ID and its location and stores the information of neighboring nodes.Afterward, each L-sensor sends its ID and location information to the CH-sensor by GPSR [14,17].
 After receiving the information from L-sensors, each CH-sensor constructs different routes based on location information of L-sensors within its cluster (1, 2, or 3 hops).As shown in Fig. 3 a and b [14,17].

The proposed Key Creation and Distribution:
In this section, the BS generates a private key for each CH by using a random algorithm (only to choose the keys) and send them to the clusters.For the security issues, these keys must be encrypted before sending them by using Algorithm1 and decrypted them after receiving by using Algorithm 2. In addition, each CH is generating the private key for its members by the same procedures.This distribution is shown in Fig. 4.

Algorithm 1 (Key Generation and Encryption in BS, distribution to CH i )
1. Input: i , k , share key , are integer.Where a share key is common between CH i and BS.

Input: ID CH
Where ID CHi is integer.

a i =Series of vectors, where (a
) and m is the length of the binary bit string.

The Example of the Proposed Method:
Assume that the BS choose the integer (99) as a (Key) for one of the CH i by randomly algorithm.Take with the regard that the applying of Knapsack algorithm requires a series of vectors which are defined by a i .For illustration "1" represents the first value that is to be taken, and subsequent values are multiples of n such that: Suppose that n takes some random integer less than 5 like a i = n m = { 1, 5, 25, 125, 625, 3125, 15625 } Where: n = 5 and m as ( 7) is the length of the binary bit-string that"s meaning converting the chosen key to binary.
Therefore calculation is done by eq. ( 1), which yields the results in Table 1.(Where a share key is common between CHi and BS = 200).Then, compute Ks i according to eq. ( 2).
Next, append Ks i with ID BS and ID CHi .Finally, BS broadcasts message (M) by depicted by eq. (3).

BS→CH: Ks
Afterward, each CH i receives M from BS. CH i decrypts message (M) to recover the private key of the CH (99).Initially, separate message to three parts (Ks, ID CHi , and ID BS ).

Fig. 5:
The results when the value of the private key is 99 In addition, Table 3 shows the comparison between the proposed scheme with other schemes in terms of Security issues.Finally, the full connectivity is achieved when 100 and 200 nodes are distributed respectively while the number of clusters are remains the same in both cases in the area of size 100 × 100m 2 as shown in Fig. 6 and Fig. 7.This is proving that the network is scalability.

Fig. 4 :
Fig. 4: The BS sends private key to each CH i

Table 3 :
Comparison in terms of Security issues

Table 4
Indicates the node time consuming measured in milliseconds, show time consuming in each node for encryption and decryption message when sent.The proposed simulation using MATLAB R2013a program for MICAz with ZigBee / IEEE 802.15.4 protocols and transmit data rate 250 kbps.

Table 4 :
Time spent calculated in millisecond