FSDA: Framework for Secure Data Aggregation in Wireless Sensor Network for Enhancing Key Management

ABSTRACT


INTRODUCTION
A wireless network is always shrouded by different forms of networking challenges that not only affects communication process about also equally affects the security features [1]. From different forms of wireless networks, Wireless Sensor Network (WSN) is one of the most successful deployments in commercial market. A sensory node assists in performing data aggregation from the environment where it is completely exposed to swarm of attackers. Till last decade, there has been various studied associated with attacks [2] and security solutions [3], [4] but none of them are claimed to be 100% resilient against all the attacks. Majority of the existing approaches towards security in WSN are mainly cryptographic in nature whereas there also exists studies that are non-cryptographic in nature e.g. [5], [6]. The cryptographic approaches mainly deals with key management system followed by iterative encryptions using either symmetric or asymmetric keys while non-cryptographic approaches deals with observation of certain form of significant behaviour of nodes followed by formulation of rule set to offer inference to such behaviour in terms of malicious or regular pattern.
In last 5 years, there has been various forms of improvement in WSN where heterogeneity is further studied in order to make it well prepared to be used in reconfigurable networks like Internet-of-Things (IoT) [7]. IoT is complete a new concept to design a smart city and calls for mainly integrating WSN with pervasive environment like cloud computing [8]. However, the biggest security concern in this regards are i) the attacks studied in WSN are very different from that in cloud environment, which has most potential to induce collateral network damage, ii) the translation mechanism of control message (generated from query system) is quite challenging to be realized if heterogeneous WSN is integrated with cloud (at present IoT is implemented either in low scale network or in homogenous network), iii) identification of attacks from either side is quite difficult and has good chance of bypassing any firewall system if the security protocols doesn't have wide consideration of its environmental parameters, and iv) cost effectiveness is not emphasized in IoT nodes as majority of the IoT nodes do have fair possibilities of resources when demanded (unlike conventional WSN). There are also various studies on IoT that discuses about security improvement but very less work has been actually carried out till date owing to the novelty of the technology [9], [10]. With new levels of features being incorporated within IoT there is one thing that is going to be always there and that is data aggregation. Unlike conventional WSN, IoT offers data aggregation from only registered nodes but with new proliferation of mobile nodes it is very likely that adoption of mobile nodes will be leveraged for performing dynamic data aggregation. Hence, an effective key management scheme is highly demands in this. Normally, the biggest challenge in forming a novel key management technique is to select the process of generation of key, which has to be motivated from certain existing encryption scheme. Unfortunately, existing encryption schemes are too specific of attacks and hence their applicability is quite narrowed [11]- [13]. There is a need of such design principle that can be equally applicable for resisting intrusions in WSN. Hence, we introduce one such solution by harnessing the potential features of public key encryption system in order to generate a lightweight ciphering policy that can be claimed for secure key management scheme in WSN. We also show that it is feasible for contruct a robust encryption scheme that is less iterative and more progressive without much demands of resources for its execution. Section 1.1 discusses about the existing literatures where different techniques are discussed for detection schemes used in power transmission lines followed by discussion of research problems in Section 1.2 and proposed solution in 1.3. Section 2 discusses about algorithm implementation followed by discussion of result analysis in Section 3. Finally, the conclusive remarks are provided in Section 4.

Background
This section updates research approaches towards strengthing key management followed by our prior investigation [14]. The work carried out by Wang et al. has presented a clustering approach for improving security in WSN using a verification of message [15]. Porambage et al. have introduced an authentication scheme for improving key management on certificates [16]. Study on mobile networks with an emphasis of key management was carried out by Kang et al. [17]. The authors have used key sharing approach as well as rekeying approach that is claimed to maintained better forward-backward secrecy. Lee et al. have presented a typical encryption scheme meant for securing ubiquitous devices [18]. Chen et al. have presented their key management scheme using symmetric encryption approach applicable on heterogeneous network [19]. Pereira et al. have investigated the security strength of different encryption techniques on Internet-of-Things (IoT) [20].
Adoption of Elliptical Curve Cryptography has been seen in work of Ibrahim and Dalkilic for secure transmission of node tags ID using mutual authentication process [21]. Sarkar and Mukherjee have discussed their key Predistribution scheme which has been repeatedly used even in past with few evidences of benchmarking [22]. Qi et al. have implemented a compressive sensing along with block encryption of 8-bit integer on sensor data [23]. Wu et al. have presented a framework design that performs identification of attacks using virtualization and software defined networks [24]. Deng et al. have used a stochastic approach for securing physical layers in WSN using multiple sink approach [25]. Umar et al. have used a cross-layer based approach that allows the trust factor to be used along with fuzzy logic implementation in order to offer resource security in WSN [26].
Nearly similar approach on physical layer as well as trus-based approach of security has also been carried out by Zhu et al. [27] as well as Qin et al. [28]. Shin et al. have presented a route optimization-based approach using trust factor for fault tolerant implementation of communication security in IoT [29]. Guan and Ge have used a random modeling approach using probability scheme for resising jamming attack in WSN [30]. Dai et al. have presented a verification method on its encoding system for minimizing the cost involved in secure query process [31]. The mechanism uses hashing and symmetric encryption. Al-Turjman et al. have presented a key aggrement strategy hat offers secure communication using mobile sinks with an aid of elliptical curve cryptography [32]. A framework for investigating the security strength of harvester node is designed by Vo et al. [33].
The authors have also presented a scheduling approach for improving the security upon physical layer. Lu et al. have presented a discussion of various conventional encryption schemes used in WSN [34]. There is various scale of security approaches used in improving key management techniques in recent times with more dominancy of usng elliptical curve cryptosystem, Secured Hash Algorithm (SHA), Advanced Encryption Standard (AES), etc. However, all of these approaches are also featured by pitfalls that are required to be addressed in order to obtain supreme security. The next section briefs about such pitfall followed by proposed solution for addressing such pitfalls.

Identification of Issues
The unaddressed issues explored after reviewing existing approaches are: a. Usage of complex and highly iterative cryptographic approaches ensures higher degree of security but doesn't emphasize on its applicability on sensors with constraints of resources. b. Elliptical Curve Cryptography offers lightweight encryption by controlling the minimum key size but on the other hand it also increases the ciphered message size that results in complexity. c. Existing approaches of digital signatures doesn't discuss the cost of certificate revocation which is not only expensive affair but also offer insecurity of its private keys. d. Usage of digital signatures has higher involvement of computational time that could introduce significant amount of network delay and hence not much supportive for emergency application. Therefore, the statement of the problem is "Constructing a unique encryption scheme using public key cryptography that could offer lightweight features with maximum coverage of security standards in wireless environment of sensory application." The next section outlines proposed solution.

Proposed Solution
This paper presents an extended version of our previous investigation [35] towards a novel key deployment strategy. This paper further optimizes the security feature by hybridizing the potentials of elliptical curve cryptography and digital signature. Figure 1 highlights the adopted scheme of proposed system. The above shown scheme is mainly intended for higher degree of privacy, confidentiality, as well as data integrity by hybridizing approach. The proposed system considers the potentials of generating higher degree of private keys by elliptical curve cryptography however they are higher in number that could introduce significant amount of computational complexity in low powered sensors. Hence, the proposed system considers the reference point derived from the order of elliptical curve in order to ensure that only the best value of private could be considered in each passes. The next contribution of proposed system is that it doesn't use conventional digital signature as it is expensive in terms of large scale deployment over the sensors.
Hence, the proposed system hybridizes both of them and generates two algorithms ie. 1 st algorithm uses random approaches in order to generate a security token which will be used for ciphering the message by the transmitting node in order to forward it to the receiver. On the other hand, the receiver node will use public key cryptography as well as second algorithm in order to perform validation of the received security token. A successful identification of security token allows authorization on the received message. Any form of man-in-middle attacks will not be able to decrypt the content of the message eventually having possessin of same public key. Hence, the novel contribution of proposed system is that it offers better security coverage

ALGORITHM IMPLEMENTATION
The proposed algorithm presents a novel design of digital signature that is constructed by enhancing the structure of elliptical curve cryptography. The construction of this novel algorithm results in generation of a security token that will be further subjected to validation process. This section will discuss about the mechanism adopted in order to enhance the operations undertaken by elliptical curve cryptography with a prime intention of leveraging data integrity, privacy, as well as confidentiality. Following are the description of implemented algorithm.

Algorithm for Generating Security Token
In order to maintain a better form of confidentiality of the data as well as node's identity it is essential that proposed system should develop such a mechanism that could dynamically perform secure generation of digital signature. Hence, the prime responsibility of the proposed algorithm is to generate a highly dynamic and secure token that consistently alters in every communication process as well as is also lightweight in nature. The algorithm takes the input of O u (upper limit of order), a (arbitrary value of integer type) that after processing results in generation of s tok (security token). The steps of the algorithm are as follows: Algorithm for Generating Security Token Input: O u (upper limit of order), a (arbitrary value of integer type) Output: s tok (security token) Start 1. init O u , 2. Choose a 1 3. Compute θ=p 1 | O u | 4. If θ=0 5. Go to Step-2 6. Else 7. Compute σ 1  σ(b, θ) 8. Estimate α=β+a 1 |O u | 9. If α=0 10. Go to Step-3 11. Else 12. Obtain s tok (θ, α) End The algorithm starts by initiating upper limit of order O u captured from the elliptical curve (Line-1). The execution of the algorithm begins by transmitting sensor node initiating a communication with receiving sensor node. In this process, the first step is to perform an arbitrary selection of a 1 whose value ranges between 1 and (O u -1) (Line-2). This is the first novelty which reduces computational complexities associated with elliptical curve cryptgraphy by selecting one point within its order scope and not all the infinite number of points in its curve. The next step of implementation is to compute θ that will be required in generation of security token at the end (Line-3).The computation of θ is carried out by scalar product of positional information p 1 and upper limit of order in elliptical curve O u (Line-3).
It should be known that (p1, q1) represents the positional information of a node whose empirical value is considered to be equivalent to arbitrary integer value a1 and function of reference point f(p f , q f ). The function of reference point is considered to lie within the elliptical curve and its order is considered is maximum score of O u . This mechanism contributes to novel amalgamation of new digital signature as well as ellipitical curve cryptography. The next part of implementation is to compute an encryption attribute σ applied on beacon (or control message) b and computed variable θ (Line-7). It can be also noted that under any circumstances, the value of this variable θ is considered as non-zero number (Line-4 and Line-5). This process is followed by generation of preliminary security token α by adding up a new variable β and scalar product of arbitrary integer value a 1 with upper limit of order O u in eliptical curve cryptography.
We perform the evaluation of new variable β as product of i) variable θ obtained from Line-3, ii) an arbitrary integer [1 (O u -1)] that is always considered to be its private key, and iii) σ 1 obtained from Line-8. We also ensure that the empirical value of the preliminary security token α is always non-zero and finally the algorithm leads to selection of final set of security token s tok acquired from variable θ obtained from Line-3 and variable α obtained from Line-8. A closer look into the above algorithmic steps will show that it hybrids the elliptical curve cryptography with typical signature in order to generate a light weight and dynamic security token that is required to maintiain higher degree of privacy as well as confidentiality. At the same time, the algorithm also contributes to minimization of the computational overhead as well.

Algorithm for Validating the Security Token
The execution of this algorithm could only begin after successful generation of security token by the transmitting sensor node. This generation security token is then forwarded to receiving sensor node where the the latter performs validation. The input to this algorithm is s tok (secure token) and k pub (public key) that results in outcome of V+ / V-(Successful/failed validation). The important steps of the algorithm are as follows: Algorithm for Validating the Security Token Input: s tok (secure token), k pub (public key) Output: If θ=p 1 |O u | 10.
V + flag s tok as valid 11. else 12.
V -flag s tok as invalid 13. else If 14.
V -flag s tok as invalid 15.

End End
Before trying to understand the implementation scheme of the above validation algorithm, it is essentialto understand one important assumption that a receiving sensor node must have a replica or access of public key k pub of transmitting sensor node. Otherwise, this validation cannot be performed. The complete process of validation of the received security token by the receiving sensor node is carried out in two stages viz. primary stage and secondary stage. In the primary stage, the algorithm checks if there is presence of nonzero public key (Line-1). In case of non-availability of non-zero public key, the communication is aborted instantly stating that its external attack scenario. However, if it is valid than it checks if the numerical value of this public key k pub actually resides within the ranges of elliptical curve (Line-2).
This completes the primary validation stage. The next step of the algorithm targets to perform secondary validation of obtained security token s tok . For this purpose, it ensures that both the variables θ and α should be of integer type as well as their scope has to be mandatorily reside within lower limit of 1 and higher limit of (O u -1) (Line-6). In case of exploration of non-integer value type, the algorithm considers it equivalent to eavesdropping or message tamepering and thereby it flags the obtained security token as invalid (Line-14). Upon confirming that they (θ and α) areof integer type than the algorithm performs computation of encryption attribute σ 1 by applying any form of cryptographic function on the control message b and θ. It should be noted that the implemented function σ (Line-7) is similar to that used in previous algorithm of security token generation.
The next validation step of the algorithm calls for computing the a single communication vector of positional information i.e. P, whereP =(p 1 , p 2 ). It should be noted that position information of transmitting and receiving nodes are (p 1 q 1 ) and (p 2 q 2 ) respectively. This computation of single communication vector of positional information P is empirically formed to be corresponding to αf-β|O u | (Line-8). A closer look into this empirical formulation wil show that first component is a scalar product of preliminary security token α and function of reference point f(p f q f ) while the second component corresponds to β and upper limit of order i.e.O u . The empirical value of β is considered same as product of variable θ and an arbitrary integer [1 (O u -1)] that is always considered to be its private key. The final step of validation of security token is carried out by checking of value of the variable θ is equivalent to p 1 |O u | (Line-9). If the left hand side of expression exhibited in Line-9 is not found equivalent to right hand size than the algorithm confirms that obtained security token is highly invalid.
An interesting fact about this algorithm construction is that their false statement precisely corresponds to the attack scenario which could begenerated from any node. Hence, the algorithm doesn't allow the routing to be confirm and aborts the connection once the first stage of validation itself fails. Hence, in a smart manner, the algorithm offers security to its neighboring nodes also. Moreover, owing to utilization of non-recursive approach, the algorithm offers significant advantage in terms of communication efficiency with reduced computational burden apart from its security capablity.

RESULT ANALYSIS
This section outlines the outcomes obtained after implementing the proposed FSDA using MATLAB. For this purpose, we perform simulation study with 1000 sensors bearing configurations of MEMSIC nodes. The simulation area is considered to be 1100x1300m 2 with 10 meters of transmission range. As the proposed study introduces a hybrid approach with elliptical curve cryptography as well as digital signature hence it is anticipated to offer lightweight encryption scheme for claiming an effective key management scheme. This lightweight feature can be only proven if the algorithm offers less computational burden and equivalently maintains optimal communication performance. Therefore, we choose to consider algorithm processing time, end-to-end delay, energy consumption, and packet delivery ratio as the performance parameter. The study also performs comparative analysis with the most frequently implemented encryption schemes of key management.
The outcomes clearly indicates that proposed system offers significantly better outcomes in comparison to existing AES or SHA. From the Table 1, it can be seen that proposed system offers approximately 64.67%, 63.12%, 4.94%, and 60.02% of improvement with respect to overall energy consumption, overall delay, packet delivery ratio, and algorithm processing time. Owing to non-recursive based operation, FSDA exhibits lower algorithm processing time Figure 2 and it offers enhanced security with faster response time with increasing iterations. This also offers complimentary benefits to delay factor, which is found to be extremely less Figure 3.  Figure 2. Comparative evaluation of algorithm processing time The proposed system also make use of first order radio energy model that essentially computes energy dissipation in order to find that FSDA consumes less energy and hence offers network longevity  Figure 4. Finally, the number of encryption steps are not massive for which reason more number of resources are available for longer duration resulting in an effective resource allocation. This causes significant improvement in exploring better communication channel with utmost security Figure 5. The trend of increasing pattern of packet delivery ratio over increasing number of neighboring nodes not only show its better scalability performance but also exhibits that FSDA offers non-repudiation along with data integrity,privacy and confidentiality. Hence, applicability of FDSA is more for any sensory application that demands longer term of security surveillance over uncertain communication as it offers equal resistivity performance to maximum attacks.

CONCLUSION
Security is one of the most challenging problems in WSN irrespective of massive amount of research work beng carried out till date. We observed that existing approaches of key management emphasizes on specific form of attacks which narrows down the applicability of key management when the attack scenario is changed. At the same time, we find that there are much potential of using elliptical curve cryptosystem in order to generate private keys but the process is too much recursive and leads to increased message size. At the same time, usage of digital signature is not too cost effective owing to its dependencies on certificates. Hence, we hybridize both elliptical curve cryptosystem as well as signature in order to construct a novel algorithm. The study outcome shows that proposed algorithm offers significant data integrity, confidentiality, and privacy in its process and is found to offer suitable balance between such security demands and communication performance.