![]()
Chapter 1
Information Technology
![]()
An Access Control Protocol for Wireless Sensor Networks
X. Zheng*
College of Information Science and Technology, Gannan Medical University, Ganzhou Jiangxi
L.Z. Chen
College of Information Science and Technology, Gannan Medical University, Ganzhou Jiangxi
Z.B. Xie
College of Information Science and Technology, Gannan Medical University, Ganzhou Jiangxi*Email: [email protected] ABSTRACT: Nodes in a sensor networks may be lost because of power exhaustion or malicious attacks. Therefore it’s necessary for new nodes’ deployment. Using Bloom Filter, we propose an access control protocol including the mutual authentication procedure and common key generation. It’s efficient for the nodes’ addition, deletion and authentication. At last, the paper makes an analysis of the performance and safety about the proposed protocol.
KEYWORDS: Sensor network; Mutual authentication; Access control; Bloom Filter.
1.INTRODUCTION
Currently, wireless sensor networks are threatened by internal malicious nodes which inject illegal information, manipulate data, replicate nodes and forge nodes. Therefore, puts forward a kind of security, high efficiency, low energy consumption of the authentication protocol is a hot research in wireless sensor networks. Due to the nodes’ characteristics of limited storage capacity, computing power and limited battery power, it’s needed to consider the situation of the old nodes’ energy depletion and the new nodes addition in the safe authentication, etc.
In 2007, Yun Zhou et al. proposed an access control protocol based on ECC public key algorithm. During the authentication, by comparing the new nodes’ boot time of joining the network, and then verify the signature to realize a new node’ authentication, and can complete the establishment of shared keys between neighboring nodes at the same time. However, malicious nodes can use the short interval of new node starts time to implement a malicious attack. On the other hand, public key digital signature algorithm consumes a lot of energy. In this paper, using ideas from the article [3] by Bloom Filter and Counting Bloom Filter, Use symmetric encryption algorithm to achieve mutual authentication, and use Diffie-Hellman algorithm to establish a shared key between nodes. Without using the start time of the new node, this agreement also can complete the mutual authentication. During the authentication process, nodes only need to store the filter data generated by the base and use the Bloom Filter to verify each other's public key, without transmission of digital certificates and thus improves the authentication efficiency, reduces the communication cost.
2.PROPAEDEUTICS
2.1.Concepts of bloom filter
Bloom filter [
4] is a kind of random data structure of high spatial efficiency, it can be used to judge whether an element is belong to a collection. When the initial state, Bloom Filter is an array containing M digits, and each set to 0. Suppose there is a such set
S = {
s1,
s2, ···,
sn}, and
is
k mutually independent hash function, in which
hi :
S ↦ {0, ···,
m − 1}. In order to decide whether “s” is an elements of set “S” for each calculation, and calculate
hi using
hi(
sj). If all the position of
hi(
sj) is 1 (1≤i≤k), then
sj ∈
S, otherwise
sj ∉
S sj ∉
S. But sometimes it will mistakenly consider the elements belonging to this which accurately do not (false positive). The error rate can be estimated, now we assume that the
kn <
m and each hash function is completely random. When all the elements which are in this collection
S = {
s1,
s2, ···,
sn} are mapping to the m digits array
by k hash functions, the probability that one digit of this array is a zero is
, so the error rate
.
2.2.To minimize the error rate [4,5]
Since the Bloom Filter need multiple hash function which can map set to the array, so how many hash function should choose to reduce the error rate when it query elements? There are two mutually exclusive reason: If the number of hash function is a lot, the ratio of getting the result of 0 is grate for an element do not belong to the set; But on the other hand, if the number of hash function is a few, then there will be more 0 in the array. Note that, if
, then
f =
ek ln(1−e−kn/m). We define
g =
k ln(1 −
e−kn/m), as long as the
g get the minimum,
f will get the minimum. Due to
, when
,
g will get the minimum, in the same times of
. At this time,
.
3.THE ACCESS CONTROL PROTOCOL
The access control protocol contains three phases: system initialization, mutual authentication and key negotiation process and the addition and revocation of node. Based on the elliptic curve digital signature have the advantages of key short, fast processing speed, and low bandwidth requirements, in the key negotiation process we choose Diffie-Hellman algorithm.
Set F q is a finite field, q is a prime number. The base to choose the appropriate elliptic curve constructed the point set E(F q), G is the element with n steps of E(Fq), FR is one of the elements of F q. Select safe hash function h(·), and get the system parameters D = (q, E(Fq), FR, G, n, h).
3.1.System initialization
Proposed there are r nodes in a fixed region adjacent, denoted as {N1, N2, …, Nr}. Set a (pki, ski) s the public key and private key for node Ni. Install a Bloom Filter and a Counting Bloom Filter in the base station, which assign different key pair (pki, ski) for each node Ni [i ∈ r] and use a one-way hash function to calculate ski z times (z is the maximum number of nodes of the fixed network), generates a hash chain of length z + 1: h0(ski), h(ski), h2(ski), ···, hi (ski), ··· hz(ski), exist hm(ski) = h(hm−1(ski)). Then construct the set: ...
