Yanfei Zheng

A key management protocol with robust continuity for sensor networks

Robust continuity should be paid much more attention in sensor network key management protocols, especially in privacy-vital environment. However, to our best of knowledge, few papers on key management have addressed the robust continuity in sensor networks. Therefore, in this paper, we present a new key management protocol with robust continuity for sensor networks. The purpose is to minimize the key management redesign effort as well as to make the node flexible and adaptable to many different applications. Compared to existing key management protocols, our proposed protocol has the following merits: First, our protocol addresses the continuity between the pairwise key and group key, it can establish the pairwise key and group key with the same pre-distributed secrets. Second, our protocol can deal with the continuity of the pairwise key and the group key themselves; it can update both of them to support the changes in the size of the network.

A secure time synchronization protocol for sensor network

Clock synchronization is a critical issue in most wireless sensor network applications. Although the synchronization is well studied in last few years. Most of these synchronization protocols assume benign environments, but cannot survive malicious attacks in hostile environments, especially when there are compromised nodes. In this paper, we propose a secure synchronization protocol for sensor network. Our protocol combine the sender-receiver model and receiver-receiver model to verify the synchronization process between each synchronizing pair. The approach guarantees that normal nodes can synchronize their clocks to global clock even if each normal node has up to t colluding malicious neighbor nodes during synchronization phase.

Building Representative-Based Data Aggregation Tree in Wireless Sensor Networks

Data aggregation is an essential operation to reduce energy consumption in large-scale wireless sensor networks (WSNs). A compromised node may forge an aggregation result and mislead base station into trusting a false reading. Efficient and secure aggregation scheme is critical in WSN applications due to the stringent resource constraints. In this paper, we propose a method to build up the representative-based aggregation tree in the WSNs such that the sensing data are aggregated along the route from the leaf cell to the root of the tree. In the cinema of large-scale and high-density sensor nodes, representative-based aggregation tree can reduce the data transmission overhead greatly by directed aggregation and cell-by-cell communications. It also provides security services including the integrity, freshness, and authentication, via detection mechanism in the cells.

Key-Insulated Encryption Based Key Pre-distribution Scheme for WSN

In wireless sensor network (WSN) security is as important as performance and energy efficiency for many applications. Key pre-distribution is a good approach to solve the key agreement problem in the WSN. Based on the Key-Insulated Encryption, a new key pre-distribution scheme, KIE-WSN scheme, is proposed in this paper. The proposed scheme has two important security properties: semantically security and optimal KIE-(N-1, N) safety, which means that even if N-1 nodes are compromised, there are no security threatens to the left network. Compared with the existed schemes, the proposed KIE-WSN scheme has better performance in the storage and communication cost.

A hierarchical composition of LU matrix-based key distribution scheme for sensor networks

Key pre-distribution techniques for sensing data security provision of wireless sensor networks (WSNs) have attracted much more attention and been studied extensively. But most of these schemes are not scalable due to their linearly increased communication and key storage overhead. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose a hierarchical composition of LU matrix-based key distribution scheme for sensor networks. Our scheme guarantees that two communicating parties can establish a unique pairwise key between them and allows mutual authentication. Compared with existing protocols, our scheme has better performance in terms of network resilience, associated overhead and scalability.

Protocol Engineering Principles for Cryptographic Protocols Design

Design of cryptographic protocols especially authentication protocols remains error-prone, even for experts in this area. Protocol engineering is a new notion introduced in this paper for cryptographic protocol design, which is derived from software engineering idea. We present and illustrate protocol engineering principles in three groups: cryptographic protocol security requirements analysis principles, detailed protocol design principles and provable security principles. Furthermore, we illustrate that some of the well-known Abadi and Needhams principles are ambiguous. This paper is useful in that it regards cryptographic protocol design as system engineering, hence it can efficiently indicate implicit assumptions behind cryptographic protocol design, and present operational principles on uncovering these subtleties. Although our principles are informal, but they are practical, and we believe that they will benefit other researchers.

How to break LU matrix based key predistribution schemes for Wireless Sensor Networks

A key predistribution scheme for Wireless Sensor Networks was proposed by Choi and Youn in 2005, which is based on LU decomposition of symmetric matrix. After that, several key predistribution schemes were designed on the basis of Choi and Youns original scheme. In this paper, we carefully investigate a mathematical theorem about symmetric matrix, by following which adversaries could easily obtain the secret keys deployed via Choi and Youns scheme. We also analyze all the schemes derived from Choi and Youns and point out their vulnerabilities. In addition, we propose a revised scheme avoiding the security flaw.