An efficient collusion resistant security mechanism for heterogeneous sensor networks

An efficient collusion resistantsecurity mechanism for

heterogeneous sensor networksSajid Hussain

Jodrey School of Computer Science, Acadia University, Wolfville, Canada

Firdous Kausar and Ashraf MasoodDepartment of Information Security, College of Signals, NUST, Rawalpindi,

Pakistan, and

Jong Hyuk ParkDepartment of Computer Science and Engineering, Kyungnam University,

Masan, South Korea

AbstractPurpose – As large-scale homogeneous networks suffer from high costs of communication,computation, and storage requirements, the heterogeneous sensor networks (HSN) are preferredbecause they provide better performance and security solutions for scalable applications in dynamicenvironments. Random key pre-distribution schemes are vulnerable to collusion attacks. The purposeof this paper is to propose an efficient collusion resistant security mechanism for heterogeneous sensornetworks.

Design/methodology/approach – The authors consider a heterogeneous sensor network (HSN)consists of a small number of powerful high-end H-sensors and a large number of ordinary low-endL-sensors. However, homogeneous sensor network (MSN) consists of only L-sensors. Since thecollusion attack on key pre-distribution scheme mainly takes advantage of the globally applicablekeys, which are selected from the same key pool, they update the key ring after initial deployment andgenerate new key rings by using one-way hash function on nodes’ IDs and initial key rings. Further, inthe proposed scheme, every node is authenticated by the BS in order to join the network.

Findings – The analysis of the proposed scheme shows that even if a large number of nodes arecompromised, an adversary can only exploit a small number of keys near the compromised nodes,while other keys in the network remain safe.

Originality/value – The proposed key management scheme described in the paper outperforms theprevious random key pre-distribution schemes by: considerably reducing the storage requirement, andproviding more resiliency against node capture and collusion attacks.

Keywords Computer networks, Sensors, Cryptography, Data security

Paper type Research paper

1. IntroductionWireless sensor networks are formed by a large number of sensor nodes. Each sensornode contains a battery-powered embedded processor and a radio, which enables thenodes to self-organize into a network, communicate with each other and exchange dataover wireless links. Wireless sensor networks are ideal candidates for a wide range ofapplications, such as nuclear, biological and chemical attack detection and protection,home automation, battlefield surveillance and environmental monitoring (Akyildizet al., 2002).

The current issue and full text archive of this journal is available at

www.emeraldinsight.com/1066-2243.htm

An efficientsecurity

mechanism

227

Internet ResearchVol. 19 No. 2, 2009

pp. 227-245q Emerald Group Publishing Limited

1066-2243DOI 10.1108/10662240910952364

An important area of research interest is a general architecture for wide-area sensornetworks that seamlessly integrates homogeneous and heterogeneous sensornetworks. Heterogeneous sensor networks have different types of sensors, with alarge number of ordinary sensors in addition to a few powerful sensors. Further, assensor devices are typically vulnerable to physical compromise and they have verylimited power and processing resources, it is unacceptable to completely trust theresults reported from sensor networks, which are deployed outside of controlledenvironments without proper security.

In order to provide secret communication in a sensor network, shared secret keysare used between communicating nodes to encrypt data. Traditionally, security isprovided through public-key based protocols. However, these protocols require largememory, bandwidth and complex algorithms. The limited resources of WSNs makethis type of security scheme unsuitable for implementation. Hence, asymmetriccryptography such as RSA or elliptic curve cryptography (ECC) is unsuitable for mostsensor architectures due to high-energy consumption and increased code storagerequirements. Several alternative approaches have been developed to perform keymanagement on resource constrained sensor networks without involving the use ofasymmetric cryptography such as single network-wide key, pairwise keyestablishment, trusted base station, and random key pre-distribution schemes (Xiaoet al. 2007).

Key management schemes can also be classified into homogeneous orheterogeneous schemes with regard to the role of network nodes in the keymanagement process. All nodes in a homogeneous scheme perform the samefunctionality; on the other hand, nodes in a heterogeneous scheme are assigneddifferent roles. Homogeneous schemes generally assume a flat network model, whileheterogeneous schemes are intended for both flat and clustered networks.

In random key pre-distribution (RKP) schemes, a large key pool of randomsymmetric keys is generated along with the key identifiers. All nodes are given a fixednumber of keys randomly selected from a key pool. In order to determine whether ornot a key is shared, each node broadcasts its keys’ identifiers. The neighbors sharing akey associated with one of those identifiers issue a challenge/response to the source. Iftwo nodes do not share keys directly, they can establish a session key with the help ofneighbors with which a key is already shared. It is highly likely that all nodes in thenetwork will share at least one key if the following are carefully considered:

. the network density;

. the size of the key pool; and

. the number of keys pre-configured in each sensor node.

While pre-distributing pairwise keys does protect confidentiality, it still loads nodeswith a large number of globally-applicable secrets. By eliminating the eavesdroppingattack, the pairwise scheme makes another type of malicious behavior more attractive.As several nodes possess the same keys, any node can make use of them by simplycombining the keys obtained from a few nodes, which greatly increases the attacker’schances of sharing keys with other nodes. A collusive attacker can share its pairwisekeys between compromised nodes by enabling each node to present multiple“authenticated” identities to neighboring nodes while escaping detection (Moore, 2006).Colluding nodes can grow their knowledge about the network security measures.Therefore, it is conceivable that few compromised nodes can collude and reveal all the

INTR19,2

228

keys employed in the network to an adversary. Such a scenario is considered ascapturing the entire network since the adversary would be capable of revealing allencrypted communications in the network.

An adversary who obtains compromised nodes’ keys can inject malicious sensornodes elsewhere in the network since the pool keys that were obtained are always validand are used to authenticate each node. As a result, RKP is unable to protect the sensornetwork against collusion attack. In order to counter the collusion attacks, nodes shoulddiscard unused keys from the node’s memory after the initialization phase; however, itmeans that new nodes can no longer join the system after the initial networkdeployment. The other possible way to prevent collusion attacks is updating thepreloaded keys in order to prevent the compromised and revoked nodes from launchinga collusive attack in which they pool together their keys with the goal of jeopardizing thesecure channels between other nodes. Without key updating, both the performance andsecurity of the system will degrade greatly with the number of compromised nodes.

To address this issue, we present an efficient key management scheme based onrandom key pre-distribution for heterogeneous sensor networks. We focus to addressthe collusion problem in key management schemes that use RKP as an efficient meansfor key management. The goal of our key distribution approach is to update the initialkey rings in such a way, that even though compromised nodes may collude and sharetheir key rings, an adversary would not be able to access all the keys of the network.

A good security practice is to use different keys for different cryptographicoperations; this prevents potential interactions between the operations that mightintroduce weaknesses in a security protocol. Therefore we are using different keys forencryption and authentication. The rest of the paper is organized as follows. Section 2provides the related work and section 3 describes the network and threat model. Insection 4, the proposed scheme is described in detail. Section 6 gives the results andperformance evaluation. Finally, section 7 concludes the paper.

2. Related workThere are many key management protocols that are proposed for WSN. The simplestmethod of key distribution is to pre-load a single network-wide key onto all nodesbefore deployment. After deployment, nodes establish communications with anyneighboring nodes that also possess the shared network key. This method requiresminimal memory storage because only a single cryptographic key is needed to bestored in memory. The main drawback of the network-wide key approach is that thecompromise of a single node causes the compromise of the entire network, since thenetwork-wide key is now known to the adversary. Basagni et al. (2001) use thisapproach to design a secure routing protocol. No new nodes are ever added to thesystem after deployment. In this case, the sensor nodes use the network wide key toencrypt unique link keys that are exchanged with each of their neighbors.

Zhu and Jajodia (2003) follow this approach and set up all keys from a singlenetwork-wide key during a short, initial phase after deployment, assuming that nonodes are compromised during this phase, and later all nodes erase the single networkkey. This approach, however, is vulnerable to compromise of a single node that missesthe key setup period, and does not erase its key.

Another common approach for key distribution uses a trusted, secure base stationas an arbiter to provide link keys to sensor nodes, e.g. similar to Kerberos (Miller et al.,1987; Kohl and Neuman, 1993). The sensor nodes authenticate themselves to the basestation, after which the base station generates a link key and sends it securely to both


mechanism

229

parties. An example of such a protocol is part of the SPINS (Perrig et al., 2001), asecurity infrastructure specifically designed for sensor networks. In SPINS, eachsensor node shares a secret key with the base station. Two sensor nodes cannotdirectly establish a secret key. However, they can use the base station as a trustedthird-party to set up the secret key. Small memory is required in this approach becausefor every node, a single secret symmetric key shared with the base station is needed, aswell as one unique link key for each one of its neighbors. This approach is not scalableand has significant communication overhead. If any two nodes wish to establish asecure communication, they must first communicate directly with the base station. In alarge network, the base station may be many hops away, thus incurring a significantcost in communication. The base station can become a target for compromise.

Eschenauer and Gligor (2002) propose a probabilistic key pre-distribution techniqueto bootstrap the initial trust between sensor nodes. The main idea is to have eachsensor randomly pick a set of keys from a key pool before deployment. Then, in orderto establish a pairwise key, two sensor nodes only need to identify the common keysthat they share. Chan et al. (2003) further extended this idea and propose theq-composite key pre-distribution.

Chan et al. (2003) propose the q-composite key pre-distribution, which allows twosensors to setup a pairwise key only when they share at least q common keys. Theq-composite keys scheme is a modification to the basic scheme (Eschenauer and Gligor,2002), where q common keys (q . 1) are needed, instead of just one. By increasing theamount of key overlap required for key-setup, the scheme increases the resilience of thenetwork against node capture. Chan et al. (2003) also develop a random pairwise keysscheme and multipath key reinforcement to defeat node capture attacks.

Zhu et al. (2003) adopted the similar mechanism that uses threshold secret sharingfor key reinforcement. SA generates a secret key Kg

A;B; j 2 1 random shares ski, andskj ¼ Kg

A;B%sk1%. . .%skj2iSA sends the shares through j disjoint secure paths. SB can

recover KgA,B upon receiving all shares.

Pietro et al. (2003) provide further improvements to basic scheme (Eschenauer andGligor, 2002). Keys are assigned to a node according to the output of a pseudorandomgenerator with a public seed and the node’s ID as inputs. Liu and Ning (2003) proposethe polynomial pool based key predistribution scheme that offers several efficientfeatures the other key predistribution schemes lack, including:

. Any two sensors can definitely establish a pair-wise key when there are nocompromised sensors.

. Even with some nodes compromised, the others in the network can still establishpairwise keys

. A node can find the common keys to determine whether or not it can establish apairwise key and thereby help reduce communication overhead.

Advantages of this scheme include that it allows the network to grow to a larger sizeafter deployment. Disadvantages of this scheme include t-collision resistance(compromising more than t polynomials leads to network compromise).

Oliveira et al. (2006) show how random key predistribution, widely studied in thecontext of flat networks, can be used to secure communication in hierarchical(cluster-based) protocols such as LEACH (Heinzelman et al., 2000). They presentedSecLEACH, a protocol for securing node-to-node communication in LEACH-basednetworks. These and some others (Chan et al., 2003; Zhu et al., 2003; Pietro et al., 2003;

INTR19,2

230

Cheng and Agrawal, 2005; Ren et al., 2006) efforts have assumed a deployment ofhomogeneous nodes, and have therefore suggested a balanced distribution of randomkeys to each of the nodes to achieve security. Most of these schemes suffer from highcommunication and computation overhead, and/or high storage requirement.

Zhu and Jajodia (2003) localized encryption and authentication protocol (LEAP) is acomplete key management framework for static WSNs. For key deployment each nodehas to store four kinds of keys:

(1) An individual key.

(2) A group key.

(3) Cluster keys.

(4) Pair-wise shared keys.

In addition to these keys: a node also has to store a one-way key chain it creates, thecommitments of the key chains its neighbors create, and the commitment of the basestation’s key chain.

Blundo et al. (1993) propose several schemes that allow any group of t parties tocompute a common key, while being secure against collusion between some of them.These schemes focus on saving communication costs, while memory constraints arenot placed on group members. When t ¼ 2, one of these schemes is actually a specialcase of Blom’s (1985) scheme.

Availability of some information on the sensors deployment in the field assists toimprove the security of the key pre-distribution schemes. Some location aware schemesare proposed in Liu and Ning (2003) and Wadaa et al. (2004). These techniques dividethe target field into non-overlapping square areas and randomly deploy the sensors inevery area. The exact location of a sensor in any area is unknown, but there isknowledge about the identity of sensors in every area. This information helps toeliminate the dependency of keys between nonadjacent cells.

Du et al. (2007) propose the asymmetric pre-distribution (AP) scheme forheterogeneous sensor networks. They consider a small number of powerful high-endsensors and a large number of ordinary low-end sensors. The basic idea of the AP keymanagement scheme is to pre-load a large number of keys in each H-sensor whereasonly a small number of keys are pre-loaded in each L-sensor, in order to provide bettersecurity with low complexity and significant reduction in storage requirement.Traynor et al. (2006) demonstrate that a probabilistic unbalanced distribution of keysthroughout the network that leverages the existence of a small percentage of morecapable sensor nodes can not only provide an equal level of security but also reducesthe consequences of node compromise.

Lu et al. (2006) propose a framework for key management schemes in distributedwireless sensor networks with heterogeneous sensor nodes. Kausar et al. (2008) present akey management scheme for heterogeneous sensor networks. They reduce the storagerequirements by incorporating a key generation process, where instead of generating alarge pool of random keys, a key pool is represented by a small number of generationkeys. For a given generation key and a publicly known seed value, a keyed-hash functiongenerates a key chain; these key chains collectively make a key pool.

3. Network modelWe consider a heterogeneous sensor network (HSN) consisting of a small number ofhigh end (H-node) sensors and a large number low end (L-node) sensors. L-nodes are


mechanism

231

ordinary sensor nodes with limited computation, communication, and storagecapability. H-nodes, however, are more powerful nodes and have higher computation,communication, energy supply and storage capability than L-nodes. The HSN includesa base station (BS) that is globally trusted and it receives data from all the nodes; theBS has unlimited resources.

We consider the hierarchical structure, where H-nodes act as cluster heads (CHs)and L-nodes act as cluster members. The clustering of sensors enables local dataprocessing, which reduces communication overhead in the network for scalablesolutions.

Most traffic in HSN can be classified into one of three categories:

(1) Many-to-one. Multiple H-nodes and L-nodes send sensor readings to a BS oraggregation point in the network.

(2) One-to-many. A single node (either a BS or H-nodes) multicasts or floods aquery or control information to several L-nodes.

(3) Local communication. Neighboring L-nodes and H-nodes send localizedmessages to discover and coordinate with each other. A node may broadcastsmessages intended to be received by all neighboring nodes or unicast messagesintended for a only single neighbor.

3.1 Threat modelSensor networks are often deployed in hostile environments, yet nodes cannot affordexpensive tamper-resistant hardware. The threat model is assumed to be an adversarythat tries to capture and compromise a number of nodes in the network. Also, there isno unconditional trust on any sensor node. An adversary may try to eavesdrop on themessages exchanged in the system, intercept these messages as well as inject falsemessages. If an adversary compromises a node, the memory of that node is known tothe adversary; CHs can also be compromised. The goal of the adversary is to uncoverthe keys used in the network for secure communication. The nodes can collude witheach other by sharing their keys with other attacker nodes. The main objective of nodecollusion is to incrementally aggregate the uncovered keys of individual nodes to alevel that allows revealing all encrypting traffic in the network.

3.2 Collusion attackIn collusion attacks two or more nodes cooperate with each other by sharing theirknowledge of pre-deployed secrets and thus increasing their capabilities in overcomingthe network security measures. In RKP a collusion attack can be possible in thescenarios: when compromised nodes are in the transmission range of one another;when compromised nodes are not in the transmission range of one another.

In the latter case, for example, consider two compromised nodes n1 and n2 which arenot in the transmission range of each other. Suppose n1’s neighbors are n3, n5 and n6

and it shares key with n5 and n9. Similarly n2’s neighbors are n4, n7 and n9 and it shareskeys with n3, n6, n7 as shown in Table I.

Nodes Neighbors Key share Without collusion With collusion

n1 n3; n5; n6 n5; n9 (n1; n5) (n1; n5),(n2; n3),(n2; n6)n2 n4; n7; n9 n3; n6; n7 (n2; n7) (n2; n7),(n1; n9)

Table I.Collusion attack

INTR19,2

232

Accordingly, n1 can communicate securely with n5 and n2 can communicate securelywith n7. If n1 colludes with n2 the resultant keys known to both of them would beKeys(n1)<Keys(n2). As a result, n1 can communicate with n6 and n3 masquerading asn2 and similarly n2 can communicate with n9 masquerading as n1. It can be seen thatcompromised nodes not in the communication range of each other can collude to launchan attack to uncover a large number of employed keys.

Definition 1. A pseudo-random function is an efficient (deterministic) algorithmwhich given an h-bit seed, y, and an h-bit argument, x, returns an h-bit string, denotedfyðxÞ, so that it is infeasible to distinguish the responses of fy, for a uniformly chosen y,from the responses of a truly random function.

Definition 2. A cryptographically secure one-way hash function H has the followingproperty: for y ¼ Hðk; xÞ, 1) given x, it is computationally infeasible to find y withoutknowing the value of k; 2) given y and k, it is computationally infeasible to find x.

Definition 3. (Key graph) let V represent all the nodes in the sensor network. Akey-sharing graph GðV;EÞ is constructed in the following manner: for any two nodes iand j in V, there exists an edge between them if and only if nodes i and j have at leastone common key in their key ring. Note that jVj ¼ n for a WSN of size n, the key graphGðV;EÞ is connected if and only if any two nodes i and j belonging to V can reach eachother via edge set E only.

For convenience, a summary of notations and symbols used in the paper are givenin Table II.

4. ProtocolIn this section we present a key management algorithm that increases the networkresilience to collusion.

4.1 Initial deploymentGenerate a large key pool P consisting of S number of random symmetric keys andtheir ids prior to network deployment. Before deploying the nodes, each node is loadedwith its assigned key ring R as follows: each L-node is pre-loaded with g number ofkeys and each H-node is pre-loaded with r number of keys, randomly selected from the

Notation Definition

BS Base stationCH Cluster headidLi

Identity of L-node iidHi

Identity of H-node iN A random number stringRLi

Set of the keys in L-node i initial key ringRHi

Set of the keys in H-node i initial key ringR0

LiSet of the keys in L-node i new/update key ring

R0Hi

Set of the keys in H-node i new/update key ringCKi Cluster key of i-th clusterAKX Authentication key of node XKX;Y A shared key between X and YMACKðmÞ A MAC of message m calculated using key K, m .K An encryption of message m with key K

Table II.Symbol definition


mechanism

233

key pool without replacement, where r . .g. As given in (Pietro et al., 2006), theassigning rules are as follows.

4.1.1 L-node.

for every key ki [ P;where P ¼ ðk1; k2; . . . ; kSÞ

compute z ¼ fkiidLX

� �ifz ; 0 mod S

g

� �then

put ki into RLX; the key ring of L 2 node:

In addition to that every L-node is pre-loaded with an authentication key AKLX sharedwith BS and public key of BS.

4.1.2 H-node.

for every key ki [ P;where P ¼ ðk1; k2; . . . ; kSÞ

compute z ¼ fkiidHX

� �if z ; 0 mod S

r

� �then

put ki into RHX; the key ring of H 2 node:

In addition to that every H-node is pre-loaded with an authentication key AKHXshared

with BS.

4.2 Cluster heads authenticationBefore entering into the cluster organization phase each H-node need to be authenticatedby BS. Let H-node Ha sends a request to BS consisting of its id, a random number nonce,and MAC is calculated on all these values using it authentication key AKHa as shown inmessage 1 of the list below. BS authenticates Ha by verifying the MAC. If authentication issuccessful, BS randomly selects a key, suppose km from the key ring of Ha. BS then sendsmessage 2, shown in the list below, consisting of the id of km, nonce, and idHa

encryptingwith AKHa

. Ha gets all these values by decrypting the message 2 and then generates theshared secret key KBS:Ha

between BS and Ha by applying one-way hash function on idBS,idHa

, and 0 using km as shown in message 3. We use different keys for date encryptionand message authentication, therefore Ha generate the MAC key K0

BS;Haby applying

one-way hash function on idBS, idHa, and 1 using km as shown in message 4. After joining

the network, Ha deletes AKHafrom its memory.

(1) Ha ! BS : idHa; nonce; MACAKHa

ðidHajnonceÞ

(2) BS ! Ha : idkm; nonce; idHa

� �AKHa

(3) KBS;Ha¼ Hðkm; idBSjidHa

j0Þ

(4) K0BS;Ha

¼ Hðkm; idBSjidHaj1Þ

4.3 Cluster organization phaseAfter authentication by BS, H-nodes enter into the cluster organization phase LetH-node Ha broadcasts an advertisement message adv, consisting of its id (idHa

) andnonce as shown in message 1 of the list below. The nearby L-nodes, suppose Lb upon

INTR19,2

234

receiving the adv message, determines whether it shares a common key with Ha asfollows: for every key kj [ RLb

, Lb computes z ¼ f kjðidHaÞ. If z ; 0 modðS

rÞ, it means

that Ha also has a key kj in its key ring, i.e. RHa> RLb

¼ kj.As Lb could receive adv broadcast messages from several H-nodes, it would be

possible that Lb shares a common key with more than one H-node. From these H-nodes,it will choose the H-node as its CH with whom it has the best received signal strengthand link quality.

Lb sends the join request to the selected CH (say Ha) protected by MAC, using kj andinclude the nonce from CH broadcast (to prevent replay attack), as well as the id ofshared key (idkj ) chosen to protect this link (so that the receiving CH knows which keyto use to verify the MAC) as shown in message 2 of the list below.

Ha upon receiving the join request from Lb, authenticates the Lb by verifying the MACusing kj. Ha generate the shared pairwise key (KHa;Lb

) with Lb by applying one-way hashfunction on idHa

; idLb, and 0 using kj as shown in message 3. Ha generate the MAC key

(K0Ha;Lb

) with Lb by applying one-way hash function on idHa; idLb and 1 using kj as shown

in message 4 and sends message 5 to Lb consisting of cluster key CKa encrypted withKHa;Lb

along with MAC on idHa; idLb

, nonce, and CKa calculated using K0Ha;Lb

.Lb gets the cluster key CKa by decrypting the message using KHa;Lb

, verifies the MACby using K 0

Ha;Lbto ensure the message authenticity and integrity and hence join the

cluster.Each L-node also records other H-nodes from which it receives the adv messages

and it has common key with them, as these H-nodes will serve as backup cluster headsin case the CH (Ha) fails.

(1) Ha!* : idHa; nonce

(2) Lb ! Ha : idLb; idHa

; idkj; nonce; MACkj

ðidLb; idHa

; idkj; nonceÞ

(3) KHa;Lb¼ Hðkj; idHa

jidLbj0Þ

(4) K0Ha;Lb

¼ Hðkj; idHajidLb

j1Þ

(5) Ha ! Lb :, CKa .KHa;Lb;MACK0

HA;LbðidHa

; idLb; nonce; CKaÞ

4.3.1 Unsupervised nodes. At the end of cluster organization phase, it is expected that afraction of the L-nodes will not be matched with a CH because of key sharingconstraints; these nodes are called unsupervised nodes. Suppose the unsupervisednode Lx have best RSSI with Ha. Lx sends request to Ha consisting of its id, id of Ha,nonce and MAC is calculated on all these values using AKLx

shown in message 1 of thelist below. Ha forwards the message to BS. BS authenticate the Lx by verifying theMAC and select key kj from the key ring of Lx. BS sends kj and idkj

to Ha encryptingwith the key KBS;Ha

along with MAC on kj, idkj, and nonce using key K0

BS;Haas shown in

message 3. Ha generates the shared pairwise key with Lx by applying one-way hashfunction on idHa

, idLx, and 0 by using kj as shown in message 4. Ha generates the MAC

key with Lx by applying one-way hash function on idHa, idLx

, and 1 by using kj asshown in message 5. Ha sends message 6 to Lx consisting of its idHa

, idLx, id of the key

kj to be used as common shared key, and cluster key encrypted with KHa;Lxand MAC

on all these values using K0Ha;Lx

. Lx receives this message and calculate the KHa;Lxand

K0Ha;Lx

by using kj and use it to get cluster key and hence join the network.

(1) LX ! Ha : idLx; idHa

; nonce;MACAKLxðidLx

; idHa; nonceÞ

(2) Ha l BS: forward message 1 to BS

(3) BS ! Ha : idkj;, kj .KBS;Ha


mechanism

235

(4) KHa;Lx¼ Hðkj; idHa

jidLxj0Þ

(5) K0Ha;Lx

¼ Hðkj; idHajidLx

j1Þ

(6) Ha ! Lx : idLX; idHa

; idkj; nonce;, CKa .KHa;Lx

;MACK0Ha;Lx

ðidLXjidHa

jidkjjnoncejCKaÞ

There may be some L-nodes, suppose Ly in the network that may have common keyshared with a CH Ha but have better RSSI with Hb then Ha. However, Ly do not havecommon key shared with Hb. In that case Ly can contact with Hb as unsupervised nodeto request key as explained above.

4.3.2 Direct key discovery phase. After cluster organization phase, L-nodes learntheir neighbors through the exchange of hello messages, and then attempt to establishkeys with them. To accomplish this, L-nodes broadcasts hello messages.

Consider an L-node, La, it broadcasts a hello message consisting of its id idLa. Then,

it waits for hello messages from its neighboring L-nodes. Suppose, it receive hellomessage from one of its neighbor Lb, it extracts the node id from message, i.e. idLb

. Forevery key kj [ RLa

, La computes z ¼ fkjðidLb

Þ. If z ; 0 modðs=gÞ, it means that node Lb

also has a key kj in its key ring, i.e. RLa> RLb

¼ kj. After discovering the common keyin their key rings, they will generate the shared pairwise key by applying one-wayhash function on idLa

and idLbby using kj.

KLa;Lb¼ Hðkj; idLa

jidLbj0Þ

If La and Lb share more than one common keys in their key rings, the key with the leastid would be used to generate the shared pairwise key.

4.3.3 Indirect key discovery phase. L-nodes gather information about both types ofneighbors: nodes with which they share a key, and nodes with which they do not sharekeys. When the direct key discovery phase ends, the nodes would have discovered thecommon keys, if any, with their neighbors. L-nodes use the CH with which keys arealready shared to assist it in establishing secure connections with the neighboringL-nodes with which common keys are not found.

Let L-nodes Lx and Ly are neighboring nodes in the same cluster; however, they donot share a common key in their key rings, RLx

> RLy¼ f. The L-node Lx, having

already established a link with its CH (Ha), transmits a message to Ha, as shown in thelist below, requesting to transmit a key with L-node Ly encrypted with key KHa;Lx

.Ha generates a key ki and unicasts the message 2 to Lx and message 3 to Ly shown

in the list below. When Lx (or Ly) receives its message from Ha, it decrypts the messageusing key KHa;Lx

to get key ki. Similarly, Ly uses key KHa;Lyfor decrypting the message.

Now, Lx and Ly generate the shared pairwise by applying one-way hash function onidLx

and idLyby using ki, as shown in message 4.

(1) Lx ! Ha : idLx; idLy

; nonce;MACKHa;LxðidLx

jidLyjnonceÞ

(2) Ha ! Lx : idLx; idLy

; nonce;, ki .KHa;Lx

(3) Ha ! Ly : idLX; idLY

; nonce;, ki .KHa;Ly

(4) KLX;LY¼ Hðki; idLX

jidLYÞ

4.4 Key ring updateAfter indirect key-discovery phase, all L-nodes and H-nodes destroy their initial keyrings. Because these key rings have globally applicable secrets that can be used byadversary to launch a collusion attack, we delete these initial key rings.

INTR19,2

236

First, before a node (say Lx) destroys its initial key ring, it generates a new key ringas shown in the list below. For every key ki [ RLx

, it generates a new key k0i by

applying one-way hash function on its id (idLX) and ki. In this way, it generates a set of

new keys from keys in its initial key ring. Further, in order to keep record of the keys inits initial key ring, these newly generated keys are assigned the same ids as those of theoriginal keys. Then, Lx deletes ki from its key ring RLX

. The keyRingUpdate()procedure:

(1) for ;ki [ RLXdo

(2) k0i ¼ Hðki; idLX

Þ

(3) idk0i¼ idki

(4) delete(ki)

(5) end for

Further, the above procedure is also applied for H-nodes to update their key rings.

5. Other security issues in HSNIn this section, we discuss other security issues in HSN, including setting up keys fornewly deployed sensor nodes, node revocation, and periodic re-keying.

5.1 Addition of a new nodeThe common key pre-disribution schemes are unable to add new nodes in the networkif the initial key rings are deleted from node’s memory. As a result, we develop a newsolution capable of handling addition of new legitimate L-nodes beyond the initialdeployment, even after the deletion of initial key rings from node’s memory.

Suppose new L-node Lx wants to join a network, it broadcasts a join requestconsisting of its id (idLX

) and a random number nonce, as shown in message 1 of the listbelow. Then, it waits for reply from nearby CHs. Let Lx receives a reply message fromCH (say Ha). For every key kj [ RLx

, Lx computes z ¼ fkjðidHa

Þ. If for any kj,z ; 0 modðs=rÞ, it means that kj [ RHa

, but it is no longer available now because RHa

has been deleted. So, Lx computes the corresponding key, i.e. k0j of Ha’s new key ring

R0Ha

by applying one-way hash function on idHaand kj, i.e. k0

j ¼ Hðkj; idHaÞ. Then, Lx

sends a message to Ha consisting of its id idLX, id of kj (idkj

¼ idk0j), nonce and MAC is

calculated on all these values using k0j as shown in message 3 of the list below. Now, Lx

and Ha generate the shared pairwise key by applying one-way hash function on idHa,

idLXand 0 by using k0

j, as shown in message 4. Both Lx and Ha generate MAC key byapplying one-way hash function on idHa

, idLXand 1 by using k0

j, as shown in message 5.

(1) Lx!* : idLx; nonce

(2) Ha ! Lx : idHa; nonce

(3) Lx ! Ha : idLx;MACk0

jðidLX

jidkjjnonceÞ

(4) KLX;Ha¼ Hðk0

j; idHajidLX

j0Þ

(5) K0LX;Ha

¼ Hðk0j; idHa

jidLXj1Þ

Then, Lx discovers the shared key with its neighboring L-nodes by using either director indirect key discovery phase, as given above.


mechanism

237

5.2 Node revocationIn the proposed scheme there is no need to revoke the key rings of compromised nodesbecause the initial key rings of all the nodes in the network has been updated and notwo nodes in the network has any key common in their key rings after initialdeployments. If a node is compromised only the links those are directly associated withthat node will be compromise. Therefore, our scheme does not need the revocation ofkey rings of compromised nodes.

5.3 Fault toleranceOur approach should support the ability to allow L-nodes to change the cluster even afterthe initial key rings have been updated. As the above described scheme will not allow thenodes to change cluster once their initial key ring has been updated. As a result, it isimperative that we develop a new solution capable of handling the change in networktopology beyond the initial deployment. Suppose an L-nodeLx moves from cluster a tocluster b. So it needs to find a cluster key CKb, shared pairwise key with CH Hb and alsothe shared pairwise keys with its new neighboring L-nodes. As Lx has updated its initialkey ring, it will not have any common key with Hb or any of neighboring L-nodes.

There are three problems that we need to solve:

(1) How can Hb who no longer has the initial key rings authenticate Lx?

(2) How can Hb and Lx setup a pairwise key between each other?

(3) How can Lx setup a pairwise key with its neighboring L-nodes?

In that case Lx contacts the BS for joining the Hb as CH, as described above in section4.3.1 Lx will setup the pairwise key with neighboring L-nodes by using the indirect keydiscovery phase described in section 4.3.3.

5.4 Periodic re-keyingPeriodic re-keying has to be performed if any node finishes 22k/3 number of encryptionsusing the same key, where k is the number of bits in the key. The cluster key re-keyingis initiated by CH by generating the new cluster key, encrypting it with the old clusterkey and distributing to the cluster members.

Re-keying of cluster key is also necessary, when a cluster member leaves the clusterbecause of either its battery power gets exhausted or when it is being compromised byan adversary. In that case CH needs to distribute the new cluster key by unicast it toL-nodes encrypting with the shared pair-wise keys so the nodes that have leave clusterdo not receive new cluster key.

6. Performance analysisThis section analyzes the proposed scheme and explains its features that make thisscheme feasible to implement and a better alternative option as compared to the otherkey pre-distribution schemes.

For any pair of nodes to find a secret key between them, the key sharing graph G(V, E)needs to be connected. Given the size and the density of a network, the objective is todetermine the key pool size S, the number of keys assigned to L-nodes g, and the numberof keys assigned to H-nodes r such that, the graph G is connected with high probability.Chan et al. (2003) propose the q-composite keys scheme that allows two sensors to setup apairwise key only when they share at least q common keys. The q-composite keys schemeprovides better security for sensor networks. The key management schemes proposed in

INTR19,2

238

this paper can be easily extended to require at least q shared keys. We want to find thelargest key pool size such that the probability of an L-node and an H-node sharing at leastq keys is no less than a threshold p.

Let p(j) be the probability that an L-node and an H-node have exactly j keys incommon. Recall that an L-node and an H-node are pre-loaded with g and r keys,respectively.

An L-node hasS

g

!different ways of picking g keys from a key pool with the size

S, and an H-node hasS

r

!different ways of picking r keys from the key pool. Thus,

the total number of ways for an L-node and an H-node to pick g and r keys,

respectively, isS

g

!S

r

!. Suppose that the two nodes have j keys in common. There

areS

j

!ways to pick j common keys.

After the j common keys are picked, there remain rþ g2 2j, distinct keys in thetwo key rings that are to be picked from the remaining pool of S-j keys. The number of

ways to do so isS 2 j

rþ g2 2j

!. The rþ g2 2j distinct keys must then be partitioned

between the L-node and the H-node. The number of such partitions isrþ g2 2j

g2 j

!.

Hence the total number of ways to choose two key rings with j keys in common is

the product of the three terms, i.e.S

j

!S 2 j

rþ g2 2j

!rþ g2 2j

g2 j

!. Thus the probability

of sharing at least j keys in common is given in equation (1):

pðjÞ ¼

S

j

!S 2 j

rþ g2 2j

!rþ g2 2j

g2 j

!

S

g

!S

r

! ð1Þ

Let pc be the probability that an L-node and an H-node share sufficient keys to form asecure connection. If q shared-keys are required, we have:pc ¼ 1 2 ðpð0Þ þ pð1Þ þ · · · þ pðq 2 1ÞÞ. For given key ring size g and r, keyoverlap q, and minimum connection probability p, the largest key pool size S can becomputed such that pc $ p.


mechanism

239

The probability of an L-node and H-node with key rings sizes g and r sharing atleast one key with each other is given in equation (2):

pSK ¼ 1 2

S

r

!S 2 r

g

!

S

r

!S

g

! ¼ 1 2ðS 2 gÞ!ðS 2 rÞ!

S!ðS 2 g2 rÞ!ð2Þ

Similarly the probability of sharing at least one key between two L-node is given inequation (3):

pSK ¼ 1 2

S

g

!S 2 g

g

!

S

g

!2¼ 1 2

ðS 2 gÞ!2

S!ðS 2 2gÞ!ð3Þ

Figure 1 shows the probability of key sharing among H-node and L-node with respectto key pool size. Further, a fixed number of pre-loaded keys are used in H-nodes,r ¼ 500; whereas pre-loaded keys for L-nodes vary as g ¼ 10, 20, 30. The graphs showthat the pre-loaded keys in L-nodes can be significantly reduced with acceptableprobability of key sharing.In our scheme, only a fraction of CHs is probabilistically accessible by an ordinarynode. Probability of key sharing between H-node and L-node and the number of CHs b

Figure 1.The key sharingprobability

INTR19,2

240

in the network can also determine the expected number of unsupervised nodes, i.e. theprobability that an ordinary node will be unsupervised. Given p and b, the probabilityof the number of unsupervised nodes is given in equation (4):

pus ¼ 1 2 1 2S 2 g� �

! S 2 r� �

!

S! S 2 g2 r� �

!

! !b

ð4Þ

In a network with N number L-nodes, it is then expected that N £ pus nodes will beunsupervised. Figure 2 shows fraction of unsupervised nodes as function of b underdifferent value of p. As b increases, the number of unsupervised nodes decreasesrapidly. Further, as p increases, the number of unsupervised nodes also increases.

6.1 Security analysisWe evaluate our key pre-distribution scheme in terms of its resilience against nodecapture and collusion attack. We would like to investigate when a number of nodes arecaptured, what fraction of the additional communication (i.e. communication amonguncaptured nodes) would be compromised?

To compute this fraction, we first compute the probabilities that any one of theadditional communication links is compromised after a node are captured. In ouranalysis, we are considering the links that are secured using a pairwise key computedfrom the common key shared by the two nodes of this link. We should also notice thatduring shared key discovery process, two neighboring nodes find the common key intheir key rings and use this key to agree upon another random key to secure theircommunication. Because this new key is generated by applying one-way hash functionon common shared key and node ids, the security of this new random key does notdirectly depend on whether the key rings are broken. Further, the nodes’ initial keyrings are also deleted from their memory, after setting up shared pairwise keys with

Figure 2.Unsupervised nodes


mechanism

241

neighbors. As a result, the fraction of communications compromised when a number ofnodes being compromised can be given as:

number of links ina compromised nodes

Total number of links in the network

which means that only those links will be affected which are directly connected with acompromised nodes, while the other links in the network will remain safe. Figure 3shows the graphs of number of compromised communication links with respect to thenumber of compromised nodes. We compare our proposed scheme (PS) with basicscheme (EG) (Eschenauer and Gligor, 2002) and q-composite scheme (Chan et al., 2003).The graphs show that as the number of compromised nodes increases, the traditionalschemes are severely a affected as compared to PS.

Further, in collusion attacks, the adversary takes advantage of the pairwise secretkeys stored by each sensor node as these keys are globally applicable secrets and canbe used throughout the network, yet ordinary sensors can only communicate with thesmall fraction of nodes within radio range. So, the adversary can launch a collusionattack by exploiting this lack of communication between nodes and can now share itspairwise keys between compromised nodes, enabling each node to present multiple“authenticated” identities to neighboring nodes, while escaping detection. In proposedscheme, we delete the initial key rings from nodes memory after setting up sharedpairwise keys with neighbors. However, nodes generate new key rings from initial keyrings by applying one-way hash function on node ids and keys in their initial key rings.

Consider two arbitrary L-nodes, La and Lb, where RLa¼ {k1; k2; . . . ; kg},

RLb¼ {k1; k2; . . . ; kg}, and RLa

> RLb¼ ki. As La and Lb are not within the

communication range of each other, they do not use ki. After setting up shared pairwisekeys with neighbors, both La and Lb delete the initial key rings (RLa

and RLb) and

generate the new key rings (say R0La

and R0Lb

) by applying one-way hash function on all

Figure 3.The compromisingprobability

INTR19,2

242

the keys in their initial key rings and node ids. As a result, R0Lb> R0

Lb¼ f. Similarly, in

a number of compromised nodes, there will be no common key in their new key rings,i.e R0

L1> R0

L2> . . .. . .> R0

La¼ f. As no more globally applicable secrets remain in the

node’s memory, it is not possible by an adversary to launch a collusion attack.

7. ConclusionKey establishment is a fundamental prerequisite for secure communication in wirelesssensor networks. A key pre-distribution scheme is one of the common solutions forestablishing secure communication in sensor networks. Random key pre-distributionschemes are vulnerable to collusion attacks because preloading global secrets ontoexposed devices can be used in these attacks. This work present a new efficient keydistribution scheme for heterogeneous sensor networks which is secure againstcollusion attack. The analysis shows that the proposed scheme provide more resiliencyagainst node capture and collusion attack by deleting the initial key rings from theirmemory after generating the shared pairwise key with neighbors. It also allow newnodes to join the system once initialization is completed and initial key ring has beendestroyed from node’s memory.

References

Akyildiz, I.F., Su, W., Sankarasubramaniam, Y. and Cayirci, E. (2002), “A survey on sensornetworks”, IEEE Communications Magazine, Vol. 40 No. 8, pp. 102-14.

Basagni, E.R.S., Herrin, K. and Bruschi, D. (2001), “Secure pebblenets”, in InternationalSymposium on Mobile Ad Hoc Networking and Computing (MobiHoc), ACM Press, NewYork, NY, pp. 156-63.

Blom, R. (1985), “An optimal class of symmetric key generation systems”, Proc. Of theEUROCRYPT 84 Workshop on Advances in Cryptology: Theory and Application ofCryptographic Techniques, Springer-Verlag, New York, NY, pp. 335-8.

Blundo, C., Santis, A.D., Herzberg, A., Kutten, S., Vaccaro, U. and Yung, M. (1993),“Perfectly-secure key distribution for dynamic conferences”, in CRYPTO’92: Proceedingsof the 12th Annual International Cryptology Conference on Advances in Cryptology,Springer-Verlag, London, pp. 471-86.

Chan, H., Perrig, A. and Song, D. (2003), “Random key pre-distribution schemes for sensornetworks”, in IEEE Symposium on Security and Privacy, pp. 197-213.

Cheng, Y. and Agrawal, D.P. (2005), “Efficient pairwise key establishment and management instatic wireless sensor networks”, Second IEEE International Conference on Mobile ad hocand Sensor Systems.

Du, X., Xiao, Y., Guizani, M. and Chen, H.-H. (2007), “An effective key management scheme forheterogeneous sensor networks”, Ad Hoc Networks, Vol. 5 No. 1, pp. 24-34.

Eschenauer, L. and Gligor, V.D. (2002), “A key management scheme for distributed sensornetworks”, in ACM CCS.

Heinzelman, W.R., Chandrakasan, A. and Balakrishnan, H. (2000), “Energy-efficientcommunication protocol for wireless microsensor networks”, IEEE Hawaii Int. Conf. onSystem Sciences, pp. 4-7.

Kausar, F., Hussain, S., Yang, L.T. and Masood, A. (2008), “Scalable and efficient keymanagement for heterogeneous sensor networks”, The Journal of Supercomputing, Vol. 45No. 1, pp. 44-65.

Kohl, J. and Neuman, B.C. (1993), “The Kerberos network authentication service (V5)”, RFC 1510.


mechanism

243

Liu, D. and Ning, P. (2003), “Location-based pairwise key establishments for static sensornetworks”, SASN ’03: Proceedings of the 1st ACM workshop on Security of ad hoc andsensor networks, ACM Press, New York, NY, pp. 72-82.

Lu, K., Qian, Y. and Hu, J. (2006), “A framework for distributed key management schemes inheterogeneous wireless sensor networks”, IEEE International Performance Computingand Communications Conference, pp. 513-9.

Miller, S.P., Neuman, C., Schiller, J.I. and Saltzer, J.H. (1987), “Kerberos authentication andauthorization system”, Project Athena Technical Plan, Section E.2.1.

Moore, T. (2006), “A collusion attack on pairwise key predistribution schemes for distributedsensor networks”, PERCOMW’06: Proceedings of the 4th Annual IEEE InternationalConference on Pervasive Computing and Communications Workshops, IEEE ComputerSociety, Washington, DC, p. 251.

Oliveira, L.B., Wong, H.C., Bern, M., Dahab, R. and Loureiro, A.A.F. (2006), “Sec LEACH: arandom key distribution solution for securing clustered sensor networks”, 5th IEEEInternational Symposium on Network Computing and Applications, pp. 145-54.

Perrig, A., Szewczyk, R., Tygar, J., Wen, V. and Culler, D.E. (2001), “Spins: security protocols forsensor networks”, paper presentes at Seventh Annual Int’l Conf. on Mobile Computing andNetworks.

Pietro, R.D., Mancini, L.V. and Mei, A. (2003), “Random key assignment secure wireless sensornetworks”, paper presented at 1st ACM workshop on Security of Ad Hoc and SensorNetworks.

Pietro, R.D., Mancini, L.V. and Mei, A. (2006), “Energy efficient node-to-node authentication andcommunication confidentiality in wireless sensor networks”, Wirel. Netw., Vol. 12 No. 6,pp. 709-21.

Ren, K., Zeng, K. and Lou, W. (2006), “A new approach for random key pre-distribution in largescale wireless sensor networks”, Wireless Communication and Mobile Computing, Vol. 6No. 3, pp. 307-18.

Traynor, P., Kumar, R., Saad, H.B., Cao, G. and Porta, T.L. (2006), “Establishing pair-wise keys inheterogeneous sensor networks”, INFOCOM 2006. 25th IEEE International Conferenceon Computer Communications, Proceedings, pp. 1-12.

Wadaa, A., Olariu, S., Wilson, L. and Eltoweissy, M. (2004), “Scalable cryptographic keymanagement in wireless sensor networks”, ICDCSW 04: Proceedings of the 24thInternational Conference on Distributed Computing Systems Workshops – W7: EC(ICDCSW’04), IEEE Computer Society, Washington, DC, pp. 796-802.

Xiao, X., Rayi, V.K., Sun, B., Du, X., Hu, F. and Galloway, M. (2007), “A survey of keymanagement schemes in wireless sensor networks”, Computer Communications, Vol. 30Nos 11/12, pp. 2314-41.

Zhu, S., Xu, S., Setia, S. and Jajodia, S. (2003), “Establishing pairwise keys for securecommunication in ad hoc networks: a probabilistic approach”, paper presented at 11thIEEE International Conference on Network Protocols (ICNP’03).

Zhu, S.S.S. and Jajodia, S. (2003), “LEAP: Efficient security mechanisms for large-scaledistributed sensor networks”, in CCS, ACM, pp. 62-72.

About the authorsSajid Hussain is an Assistant Professor in the Jodrey School of Computer Science, AcadiaUniversity, Canada. He received PhD in Electrical Engineering from the University of Manitoba,Canada. Dr Hussain is investigating sensor networks, communication protocols, security,database management, intelligent techniques and architectures for ubiquitous and pervasiveapplications such as smart homes and petroleum offshore facilities. He has published more than

INTR19,2

244

35 refereed journals, conference and workshop papers. The research is financially supported byseveral grants and contracts, such as Natural Sciences and Engineering Research Council(NSERC) Canada, National Research Council (NRC) Canada, Atlantic Innovation Fund (AIF), andNova Scotia Health Research Foundation (NSHRF). Dr Hussain has co-organized severalInternational workshops and conferences, served on many technical program committees, andreviewed papers for several journals, conferences and workshops. Further, he has reviewed grantproposals for NSERCs Discovery Grants, Strategic Project Grants (SPG), and Research Tools andInstrument (RTI) Grants. He is a member of IEEE and ACM societies. Sajid Hussain is thecorresponding author and can be contacted at: [email protected]

Firdous Kausar is a PhD candidate in Department of Information Security, College of Signals,National University of Science and Technology, Pakistan. She has authored more than tenpapers including a book chapter and journal papers. Her research interests are in network anddata security, key management and authentication protocols, sensor networks, mobile and adhoc networks. She is a member of IEEE and IACR (International Association of CryptologicResearch).

Ashraf Masood is a Head of Research and Development Establishment, College of Signals,National University of Science and Technology, Pakistan. He received PhD in ElectricalEngineering from the Michigan State University, USA. Dr Masood has published many researchpapers in international journals and conferences. He has been served as Chairs, programcommittee or organizing committee chair for many international conferences and workshops; Hisresearch interests are in cryptography, network security, sensor networks, cryptanalysis, streamciphers, algebraic attack. He is a member of the IEEE.

Jong Hyuk Park received his PhD degree in Graduate School of Information Security fromKorea University, Korea. Before August, 2007, Dr Park had been a research scientist of R&DInstitute, Hanwha Sand C. Co., Ltd., Korea. He is now a professor at the Department of ComputerScience and Engineering, Kyungnam University, Korea. Dr Park has published many researchpapers in international journals and conferences. Dr Park has been served as Chairs, programcommittee or organizing committee chair for many international conferences and workshops;Chair of SH06/07/08, MUE07/08, IPC07/07, FGCN07/08, TRUST’07/08, SMPE07/08, UASS’07/08,SSDU’07/08, UIC07/08, Mobility08, SUTC08, WPS08, SecUbiq’07, ISM’07, and PC member ofPerCom’08, AINA’07/08, MOBIQUITOUS07/08, ATC08, EUC07 and so on. Dr Park is the founderof International Conference on International Conference on Multimedia and UbiquitousEngineering (MUE), International Conference on Intelligent Pervasive Computing (IPC), andInternational Symposium on Smart Home (SH). Dr Park is editor-in-chief of the InternationalJournal of Multimedia and Ubiquitous Engineering (IJMUE), the managing editor of theInternational Journal of Smart Home (IJSH), and Associate Editor of Security andCommunication Networks (SCN). In addition, he has served as a Guest Editor for internationaljournals by some publishers: Oxford, Emerald, Hindawi, Springer, Elsevier, Inder science,SERSC. Moreover, he is a member of the Task Force in the IEEE IUC. Dr Park’s researchinterests include digital forensics, security, ubiquitous and pervasive computing, contextawareness, multimedia service, etc. He is a member of the KICS, KIISC, KMS, and IEICE.


mechanism

245

To purchase reprints of this article please e-mail: [email protected] visit our web site for further details: www.emeraldinsight.com/reprints

An efficient collusion resistant security mechanism for heterogeneous sensor networks

Documents

Transcript of An efficient collusion resistant security mechanism for heterogeneous sensor networks