Binomial Tree based Key Establishment Schemes for Heterogeneous Wireless Sensor Networks

-Clustering is one of the techniques used in Wireless Sensor Networks (WSNs) to enhance the network lifetime. Network lifetime can further be improved by reducing the number of computations performed by cluster members and cluster head. This paper presents two low cost key establishment schemes for clustered sensor networks which use binomial trees for managing the clusters: BLKH (Binomial tree based Logical Key Hierarchy) scheme and BWLKH (Binomial tree based Wireless Logical Key Hierarchy) scheme. The proposed schemes avoid rebalancing of key trees during join/leave operations by replacing logical key tree by binomial key tree. In both schemes, the number of new keys generated and the number of encryptions performed during node addition/eviction are less compared to LKH++ and WLKH schemes and are quite efficient. The proposed schemes increase the performance of a sensor node by minimizing the computations at cluster members. Thus, the schemes are scalable and suitable for large scale sensor networks.

establishing a sensor network, the first step followed is the establishment of the cryptographic keys. The research has been conducted for a variety of protocols over many years. Key management techniques need to scale to large networks with thousands of nodes. The patterns of the communication networks vary between the existing techniques. The general wireless network consists of base station, cluster head and resource constrained nodes. The applications require the mobility of network nodes for the support. The network topology works more dynamically when the nodes move from one cluster to the next cluster. In this paper, we consider two schemes namely BLKH and BWLKH which are based on LKH++ and WLKH respectively. The proposed schemes make use of binomial trees instead of logical key trees which reduces the computational overhead at sensor nodes whenever there is a change in the membership. The remainder of the paper is organized in the following manner. The work carried out so far is explained in Section II. System model and assumptions made are discussed in Section III. In Section IV, we explain the LKH++ and WLKH Schemes. The proposed schemes are detailed in Section V and VI. We discuss the implementation results in Section VII and summarize the work in Section VIII.
II. RELATED WORK The recent works carried out by various researchers towards the security of the group communication in WSNs are discussed in this section. [10] presents a new key management framework which is based on the combinatorial formulation of the group multicast key management problem which helps in managing the general challenge of operating keys for any trusted group communication. The Exclusion Basis System existence is explained and thereby the framework separates key management from encrypted message transmission resulting in the more efficient implementation of key management. The advantages of the Exclusion Basis System is considerable over current systems which use binary tree logical data structure to store keys. [11] investigates the replacement of the public key cryptography operations with the symmetric key services which are more efficient. Public key authentication is used to verify the authenticity of another party's public key to make sure that the person owns the public key it is claimed to belong, an efficient alternativethat uses the one-way hash function only. The scheme uses all sensors' public keys to construct a forest of Merkle trees of different heights. By randomly selecting the height of each tree, the computation and communication costs are minimized. The results in this framework show that the public key cryptography in sensor networks is limited and optimized. The significant savings of the power consumption is evaluated. The future work focuses on the variety of security protocols based on the public key cryptography. [12] presents two optimizations for logical key tree organizations that utilize information about the characteristics of the group members to reduce the group rekeying further. The temporal patterns of group members have the partitioned key tree organizations which join and depart to decrease the overhead of rekeying. The results of this show that optimization can achieve up to 31.4% reduction in key server bandwidth overhead over the unoptimized scheme. The second approach is based on the loss probabilities of group members. The results of the latter approach show that the optimization reduces the rekeying overhead by 12.1%. [16] proposed a scheme based on the location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problems. The efficient and secure key initialization is achieved in the proposed scheme by nodes without any communications. The system enables dynamic setup and management of arbitrary safe group structures with dynamic group membership. [14] discusses the strengths and weaknesses of LEAP. The vulnerability of the protocol to various attack models is analysed. Its effectiveness in defending against many sophisticated attacks such as HELLO Flood attack, Sybil attack, and Wormhole attack is shown. [13] describes LEAP+ (Localised Encryption and Authentication Protocol), a key management protocol for sensor networks which is designed to support in-network processing while at the same time restricting the security impact of a node compromise to the next system of the compromised node. The performance analysis shows that the LEAP+ is very efficient regarding computational, communication and storage costs. A low cost authentication scheme is proposed in [18] which offers high level of security. The scheme proposed provides confidentiality as well as authenticity in WSN using symmetric encryption and HMAC. The work which is based on LKH schemes is explained by Dimitris et al [19]. It reduces the rekeying cost by dividing the network into clusters and by localizing rekeying operations. A key generation scheme proposed in [20] uses a set of equations to set up secret keys which can be used for secure communication among nodes. The method uses a set of linear equations of two variables over polynomial equations for key generation which enhances network security.

III. SYSTEM MODEL AND ASSUMPTIONS
Our cluster-based WSN consists of three types of nodes, namely Base Station (BS), Cluster Head (CH) and Cluster Member (CM). The BS is assumed to be rich in resources, trust worthy and cannot be compromised. The CHs are powerful in terms of computation, communication and storage and are small in number. The CMs are resource limited sensing nodes and are large in number. All the nodes can be compromised by an adversary except BS. The cluster and CMs are managed by CH and all CHs are under the control of Base Station. Every CM is assumed to be capable of reaching its CH. The CM is responsible for sensing the data in the deployment area and sending the sensed data to CH. The CH senses the data, performs aggregation on the data sensed and received from CMs and further sends aggregated data to the BS. The BSis connected to the outside world and communicates the data received from CHs. In this way, data flows from sensing nodes to BS in an hierarchical manner through CHs.
IV. LKH++ AND WLKH SCHEMES In this section, we explain LKH++ and WLKH group key management schemes proposed in [1], [2]. A. LKH++ Scheme A secure key management scheme based on Logical Key Hierarchy [3] has been proposed in [1]. This scheme uses a tree of keys to manage secure groups. The leaf nodes in the tree correspond to CMs. The intermediate nodes correspond to secondary keys which are known only to a subset of CMs and these keys are used to encrypt new cluster key. The root of the tree corresponds to a cluster key which is known to all the members in the cluster (both CM and CH). The key tree is maintained by a CH. Initially the CH is loaded with a unique identification number i and a key pair (pl i , pr i ) consisting a public key and a private key. CM is loaded with unique identification number i and a private key pk i which is used for confidential communication with CH. BS stores the IDs and the private keys of every sensing node. 1) Cluster Formation: After deployment, every CH broadcasts a hello message containing its ID and its public key pl i . In response to this hello message, each CM selects a CH whose hello message has best signal noise ratio as its CH and replies with a message containing its ID, its private key and ID of the selected CH encrypted with the public key of CH as shown below: 2) Key Tree Construction: After receiving the replies from the CMs, CH constructs a key tree containing three types of keys. The root key RK which is the cluster key used for confidential communication within a cluster. 1. Node keys NK 1 , NK 2 ,…….. which are used to distribute RK to each CM. 2. Leaf keythat represents the private key of each CM. Fig. 1 below shows a key tree for a cluster with 8 members. In this scheme, the keys along the path from the parent node to root node are always generated by the left most child in the tree using its private key and one-way hash function. Other child nodes receive the keys from its CH. For example, in Fig. 1 Key tree after CM 8 joins the cluster looks as shown in Fig. 3 below.

4) Member Eviction:
When an existing member is compromised it is expelled from the cluster and the key tree is reconstructed by CH. All the keys known to the evicted member must be changed. Referring to a key tree with 8 members (Fig.1), if CM 8 is evicted from the cluster, all the keys from its parent to root are to be changed. CH sends a temporary key K tmp to remaining 7 members. The resulting tree is shown in Fig. 4 below.
The existing members compute new node keys and root key by performing XOR of K tmp and old keys. CH computes new RK, NK 2 and NK 6

B. WLKH Scheme
A group key management scheme based on LKH++ [1] has been discussed in [2]. LKH++ scheme is vulnerable to CH compromise attack since the private keys of CMs are known to CH. WLKH scheme [2] overcomes this problem by storing the hash value of CMs'private keys themselves. The node keys and root key are calculated using the hash value of private keys. The scheme also minimizes the computation cost at CM by having CH calculate the node keys and root key, thus making it more appropriate for WSNs. 1) Cluster Formation: CH broadcasts a message containing its ID, public key as part of cluster formation process. The CH joining the cluster acknowledges with a message containing its ID, hash value of its private key and ID of the selected CH, encrypted with the public key of CH as shown below.
→ * ∶ , 2) Key Tree Construction: After collecting the replies from CM, CH constructs the key tree as explained in LKH++ scheme and calculates the root key and node keys using the hash value of private keys of CMs. The keys computation and distribution by CH are shown below for a cluster with 8 members (See Fig. 1 3) Member Join: Whenever a new member joins the cluster, the CH updates all the keys that will be disclosed to new member by performing XOR of old keys and K tmp and sends these keys to the joining member by encrypting them with hash value of private key of joining member. Similarly the existing members also update these keys by XORing them with K tmp .

4) Member Eviction:
When a node is exiting the cluster, all the keys held by existing member must be updated to preserve forward secrecy. The CH sends K tmp to existing members, encrypted using appropriate keys. The CMs then update the root key and node keys by XORing them with K tmp . For example, in a cluster with 8 members as in Fig. 1 V. BLKH SCHEME In this section, we explain our proposed scheme referred to as BLKH which is based on LKH++ scheme. Schemes based on LKH use hierarchical key tree to manage secure groups. BLKH scheme manages secure groups by maintaining Binomial Key Trees [BKTs] to store node information and key information [4]. Based on the number of members in the cluster, the BKT consists of multiple binomial subtrees that are rooted at different nodes. LKH++ scheme requires rebalancing of key tree if member join/eviction operations results in tree imbalance. BLKH scheme does not require tree rebalancing as the tree always remains balanced in case of join/eviction operations. These operations may require reconstruction of key tree to restore the properties of binomial trees. The scheme results in reduced computation and communication cost, making it more suitable for WSN.

A. Key Tree Construction
The CH constructs a BKT which consists of multiple binomial subtrees (BSTs) rooted at different nodes. Fig.5 below shows initial key tree with 8 members together with the keys stored at each member.With 8 members, we have one binomial tree S 3 of height 3 and total number of BSTs is 2 (3+1) -1=2 4 -1=15. Out of 15, we have 8 BSTs of height 0, 4 BSTs of height 1, 2 BSTs of height 2 and one BST of height 3.

B. Member Join
When a new member joins the cluster, all the keys from the joining point till the root are to be updated and Binomial Tree (BT) has to be reconstructed. Join operation causes less overhead than eviction since old cluster key can be used to communicate new keys to current CMs. CH uses the private key of the new member to communicate the new keys to it. Consider a BKT with 7 members as shown in Fig. 6 for a join operation. Suppose CM 8 wants to join the cluster. The BKT after CM 8 joins the cluster looks as shown in Fig. 5 In this way all the keys that will be sent to CM 8 after it joins the cluster will be changed before it joins.

C. Member Eviction
Consider a BKT with 8 members as in Fig. 5. Suppose CM 8 leaves the cluster. The remaining 7 members from CM 1 to CM 7 form a secure group and require a new cluster key. BKT after CM 8 leaves the cluster is shown in Fig. 6. The new BKT has 3 binomial subtrees: S 2 with CM 1 to CM 4 , S 1 with CM 5 , CM 6 and S o with CM 7 . The computation of new key is shown below. CH and CM 1 to CM 7 compute the new cluster key K 17 .
VI. BWLKH SCHEME Binomial Tree based WLKH scheme (BWLKH) improves WLKH scheme proposed in [2] by avoiding rebalancing of key tree during join / eviction operations. WLKH scheme requires tree rebalancing since join / eviction result in tree imbalance. BWLKH uses binomial trees to manage secure groups [4]. The binomial tree consists of several subtrees based on the number of members in the cluster.

A. Key Tree Construction
As a response to the hello message sent by CH, each sensor node sends a message containing its ID, hash value of its private key and ID of the selected CH. After collecting the responses from the CMs, CH constructs BKT in which nodes represent the CMs. CH then computes the sub cluster keys and cluster key and communicates them to all the members in the cluster. As an example consider a BKT representing a cluster of 8 members shown in Fig. 5. The keys held by CM are also shown at the nodes of the BKT, CH computes the cluster and sub cluster keys using the hash values of private keys of CMs as shown below: The keys computed by CH are sent to CMs by encrypting them with appropriate keys as follows:

B. Member Join
When a new member joins the cluster, CH sends K tmp to the current members using which the CMs update their keys by XORing them with K tmp . CH also updates the sub cluster keys and cluster key and sends them to joining CM. Consider BKT with 7 members as in Fig.6.
Suppose CM 8 joins the cluster, the BKT changes as shown in Fig. 5. After the construction of BKT, CH sends K tmp to existing CMs encrypting it with old cluster key. Each CM updates the keys it holds by XORing them with K tmp . The computation of new keys by CM and CH and their distribution in given below. CM 1 to CM 4 compute new cluster key K 18 , CM 5 and CM 6 Fig. 7a and ectively. WLK and BWLKH y initialization won and receiv 0 to log 2 n has s of CMs and utational over chemes is eva g 2 n) for BLKH TATION