Beruflich Dokumente
Kultur Dokumente
1 Introduction
2 Security Challenges
In WSN, sensor nodes come with a very limited memory and storage to store the
code, with less data processing capability, power source in order to make a node as
small as possible. All these constraints put limitation on implementation of security
solution, as security code, which has to be efficient, must be small as sensor nodes
come with very small memory. Following are the security challenges in WSN [1, 3].
Data Confidentiality As data is disseminated wireless between sensor nodes, keep-
ing the access of the data only to the authenticated user becomes very essential task.
So to keep eavesdroppers restricted from accessing the data encryption function is
used which works on a shared secrete key exchange for the communication between
two end users [3].
Data Integrity It ensures the data which is sent by sender is being received by the
end user as it is. It keeps the data form secure from being altered or tempered during
transition from sender to receiver. Data integrity also ensures the freshness of the
data by not delivering the old data packets again [3].
Authentication The process of authentication involves the identification of the origin
of data source. It also ensures the no unauthenticated user tempers the data during
the transition [3].
Key Management It includes the establishment and maintenance of the communi-
cation between two authorized parties by exchanging the key. There are two types
of the key algorithms. Symmetric consists of the two keys: one for sender and one
for receiver, which can be same or be computed by communicating nodes itself.
Asymmetric algorithms involve public key, which is known to everyone and private
key made available to only authorized parties [3].
Security issues also include availability, privacy, secure routing, secure group
management, intrusion detection and secure data aggregation which needs to be
addressed while designing the WSNs [1, 3].
Implementation of Authentication and Access Control Protocol … 3
MANETs are formed dynamically between the individual nodes as per requirement
of the communication. Ad hoc network is dynamic, infrastructure less, decentral-
ized, often communicates wireless medium. The application area of ad hoc is very
wide from house hold to military, flood area to earthquake hit areas, medical field as
it is created and maintained by the nodes involved in network itself. But the same
characteristic makes ad hoc a less secure, also deficient of power and memory, as
nodes are mobile, lightweight and heavily depends on other nodes for communica-
tion. Constraint resources put restriction on security algorithms for authentication
and data access. Security challenges of ad hoc networks are as follows [2].
Restricted Power Supply As MANET is a network of mobile nodes, which run
on small batteries, and possess less computational capacity, so heavy computational
security algorithms cannot be implemented as it requires intense computation.
Unreliability Some of the nodes of MANET may ‘misbehave’ due lack of sufficient
power supply.
Decentralized Node Management As MANET does not have any infrastructure,
communication between two nodes is done through other nodes which make MANET
more vulnerable to attacks.
Detection of Attack Due to mobility of nodes, detection of malicious attack in
MANET becomes very challenging especially in large-scale network.
Dynamic Network Topology Routing algorithms, key management, security algo-
rithms implemented for mobile nodes have to adapt to ever-changing conditions like
entering of new node, leaving of nodes in MANET [2].
Throughput is a measure of the date rate (bits per second) generated during com-
munication established between nodes.
Average Delay is time taken by the packets to reach destination once transmitted by
the source.
Packet Delivery Ratio is ratio of packets deliver to destination to packets sent from
source.
Energy Consumption is energy required by packet for its transmission from source
and reception of packet destination [1, 2, 4].
4 V. Ugale et al.
3 Background
The discrete logarithm problem states: Given a multiplicative group G and elements
g, h m G; find an integer n; if it exists, such that gn hn. This number n is the discrete
logarithm of h to the base g; written more concisely as n log g(h). In cryptographic
applications, the existence of such an integer n is naturally presumed. Consequently,
the problem is reduced to finding the number n [4].
Brief Review of ENABLE Scheme
ENABLE has been proposed by X. H. Le, S. Lee and et al. which eliminates the
issues concern with symmetric key management such as scalability, key storage, and
pre-distribution of key [5].
Protocol Description
Consider ‘A’ user node wants to access the data from particular node or group of
nodes, firstly sends the request for data access to the corresponding node (Fig. 1).
Upon receiving the request from the first user node, receiving node ‘B’, first
authenticates the identity of that node from key distribution center (KDC), after
confirming the identity of first user, node ‘B’ decides whether to accept or deny the
access [5].
Before starting of the actual data access, the user node, say Alice (A), generates
public key (QA) and private key (kA) using the same ECC parameters with KDC.
KDC generates a certificate of the user’s access list and public key by signing with
its private key (certA {acA, QA, sign KDC (acA||QA)}. The certificate is then sent
to the user. The user A and sensor S compute a secret key (xA) using ECDH key
exchange protocol [5] (Fig. 2).
Different types of medical sensors are deployed in hospital to monitor the patient’s
health information. The communication range of sensors is often small, so all the
data transmitted by sensor is stored at a central point, i.e., mobile terminal or local
servers. The central device aggregates all data from sensor and sends it to the server
at hospital for centralized storage which can be accessed by remote located servers
or users through Internet [6] (Fig. 3).
Network Model Network layer is defined consisting of three layers as shown in
figure, sensor network (SN) layer, coordination network (CN) layer, and data access
(DA) layer [6].
In SN layer, different types of medical sensors like ECG, blood pressure, electro-
cardiogram, heart rate, and oxygen level are deployed at hospitals. These sensors use
either ZigBee (IEEE 802.15.4) or Bluetooth (IEEE 802.15.1) wireless technology
(Fig. 4).
6 V. Ugale et al.
Every communication starts with the establishment of key between nodes. To meet
scalability requirements for a large number of sensor nodes, a public key management
Implementation of Authentication and Access Control Protocol … 7
scheme based on elliptic curve cryptography (ECC), i.e., MAACE, is used. ECC is
more easy to deploy and scalable than symmetric key.
Key Establishment The main architectural difference between MAACE and
ENABLE is KDC; here, it does not require to be online all the time. Using the
elliptical curve cryptography, KDC generates the public as well as private key for
each node in coordination and data access layer. Each node has ECC key pair which
is used to establish secure communication [6].
Authentication and Access Control For the application of in healthcare area,
MAACE is developed. Considering the medical practitioner at remote distance often
called as Alice node or A needs to access the data from sensor node or data stored
on the central server (Fig. 5).
MAACE includes following steps
1. Alice generates secrete key, i.e., L with the help of session key C and S. Alice
sends secrete key by encrypting it with random number r from KDC, along with
its certificate certA and current timestamp TA.
2. Coordination node C firstly verifies TA, SA, certA, if it authenticates ‘A’, then it
encrypts the secrete key M, TC, and MAC1. C node then sends all of these to S
node.
3. ‘S’ node checks the timestamp TC, MAC1. After authentication, S generates
secrete key M using which it builds MAC2 and then sends it to C.
4. Node C verifies MAC2. If valid, it generates sign SC and sends it to Alice. Node
A verifies the SC, if valid, then S and C are authentic to A [6].
8 V. Ugale et al.
4 Performance Analysis
This section presents the performance evaluation of MAACE and ENABLES pro-
tocol. For simulation of MAACE and ENABLE, network simulator 2 is used and
performance of two protocols is evaluated in terms of average energy, average delay,
throughput, and packet delivery ratio (Fig. 6).
For simulation, nodes of WSN and WLAN are randomly distributed in a 500 m ×
500 m area. The transmission range of nodes is 250 m as two-ray ground is used for
radio propagation model. Transmission and receiving power are 0.02 and 0.01 W,
respectively. Initial energy of the nodes is kept 100 J. Medium access control (MAC)
is used in link layer, and ad hoc distance vector (AODV) is used as routing protocol.
One key distribution center (KDC) is created for generating the keys. By taking
total 100, 200, 300 sensors and coordination nodes, simulation is done for 50, 100,
150, 200 s separately. For each scenario, energy consumption, delay, packet delivery
ratio, and throughput are calculated and then each parameter is averaged for different
scenario.
Implementation of Authentication and Access Control Protocol … 9
After comparing delay of ENABLE and MAACE, delay in MAACE protocol is 33.58,
9.83% less as compared to delay in ENABLE for 100, 200 nodes, respectively. But
delay increases by 2.40% in MAACE as compared to delay in ENABLE for 300
nodes (Fig. 8).
After comparing packet delivery ratio of ENABLE and MAACE for different sim-
ulation time, PDR in MAACE protocol is more than of ENABLE by 84, 60, 142%
for 100, 200, 300 nodes, respectively (Fig. 9).
So, if the number of nodes is 200, then MAACE PDR slightly drops as compared
to PDR if nodes are 100. But, overall PDR ratio of MAACE is almost double than
ENABLE which indicates the efficiency of MAACE.
Implementation of Authentication and Access Control Protocol … 11
After comparing throughput of ENABLE and MAACE for different simulation time,
throughput in MAACE protocol is 184.91, 160.80, and 242.78% of ENABLE for
100, 200, 300 nodes, respectively (Fig. 10).
12 V. Ugale et al.
5 Conclusion
MAACE and ENABLE for authentication between nodes of WSN and WLAN imple-
mented using ns-2 platform and performance evaluation is done by simulating 100,
200, 300 nodes separately for simulation time of 50, 100, 150, and 200 s (Table 1).
Results of simulation of MAACE on ns-2.3 showed 17–50% less energy con-
sumption to ENABLE as the number of nodes increases, energy consumption also
increases. Delay occurring in MAACE is 2–33% less as compared to ENABLE;
delay shows continual increment as the number of nodes increases. MAACE shows
far better efficiency to ENABLE, average 84–142% more packet deliver ratio and
throughput is achieved as compared to ENABLE.
MAACE proved to be a secure, lightweight, i.e., energy and delay efficient public
key-based security scheme which ensures the data confidentiality by allowing the
access to the database to the privileged person.
Implementation of Authentication and Access Control Protocol … 13
References
1. Stavroulakis, P., & Stamp, M. (2010). Handbook of information and communication security.
Berlin, Heidelberg: Springer. ISBN 978-3-642-04116-7.
2. Aldabbas, H., & Janicke, H. (2014). Review of security in VANETS and MANETS. Chapter
January 2014. http://www.Researchgate.Net/Publication/268219261.
3. Yang, S.-H. (2014). Wireless sensor networks, signals and communication technology. London:
Springer. https://doi.org/10.1007/978-1-4471-5505-8_9.
4. Xuan Hung, L., et al. (2009). An energy-efficient access control scheme for wireless sensor
networks based on elliptic curve cryptography. Journal of Communications and Networks, 11(6),
599–606.
5. Xuan Hung, L., et al. (2011). An efficient mutual authentication and access control scheme for
wireless sensor networks in healthcare. Journal of Networks, 6(3), 355–364.
6. Lee, Y. S., Alasaarela, E., & Lee, H. J. (2014). Secure key management scheme based on ECC
algorithm for patient’s medical information in healthcare system, ICOIN 2014, 978-1-4799-
3689-2/14/ IEEE.