Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks

SUMMARY ZigBee is a wireless network technology suitable for applications requiring lower bandwidth, low energy consumption and small packet size. Security has been one of the challenges in ZigBee networks. Public Key Infrastructure (PKI) provides a binding of entities with public keys through a Certifying Authority (CA). Public key cryptography using public–private key pairs can be used for ensuring secure transmission in a network. But large size of public and private keys and memory limitations in ZigBee devices pose a problem for using PKI to secure communication in ZigBee networks. In this paper, we propose a PKI enabled secure communication schema for ZigBee networks. Limited memory and power constraints of end devices restrict them from storing public keys of all other devices in the network. Large keys cannot be communicated due to limited power of the nodes and small transmission packet size. The proposed schema addresses these limitations. We propose two algorithms for sending and receiving the messages. The protocols for intercommunication between the network entities are also presented. Minor changes have been introduced in the capabilities of devices used in the ZigBee networks to suit our proposed scheme. Network adaptations depending on different scenarios are discussed. The approach adopted in this paper is to alter the communication flow so as to necessitate minimum memory and computational requirements at the resource starved end points. In the proposed PKI implementation, end devices store the public keys of only the coordinator which in turn holds public keys of all devices in the network. All communication in our scheme is through the coordinator, which in the event of failure is re-elected through an election mechanism. The performance of the proposed scheme was evaluated using a protocol analyzer in home automation and messenger applications. Results indicate that depending on the type of application, only a marginal increase in latency of 2 to 5 ms is introduced for the added security. Layer wise traffic and packets captured between devices were analyzed. Channel utilization, message length distribution and message types were also evaluated. The proposed protocol's performance was found to be satisfactory on the two tested applications. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  D. Begusic,et al.  Extracting secret key from channel measurements in wireless sensor networks , 2009, SoftCOM 2009 - 17th International Conference on Software, Telecommunications & Computer Networks.

[2]  Gianluca Dini,et al.  Considerations on Security in ZigBee Networks , 2010, 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing.

[3]  Mohammad S. Obaidat,et al.  A reactive Optimized Link State Routing protocol for Mobile ad hoc networks , 2010, 2010 17th IEEE International Conference on Electronics, Circuits and Systems.

[4]  Michael Schukat,et al.  Authentication Using Virtual Certificate Authorities: A New Security Paradigm for Wireless Sensor Networks , 2010, 2010 Ninth IEEE International Symposium on Network Computing and Applications.

[5]  Kefei Chen,et al.  Cryptanalysis and enhancements of efficient three‐party password‐based key exchange scheme , 2013, Int. J. Commun. Syst..

[6]  T. Lennvall,et al.  A comparison of WirelessHART and ZigBee for industrial applications , 2008, 2008 IEEE International Workshop on Factory Communication Systems.

[7]  Yun Liu,et al.  A fault-tolerant group key agreement protocol exploiting dynamic setting , 2013, Int. J. Commun. Syst..

[8]  Sudip Misra,et al.  Security Issues In Zigbee Networks , 2014 .

[9]  Bin Yang,et al.  Study on Security of Wireless Sensor Network Based on ZigBee Standard , 2009, 2009 International Conference on Computational Intelligence and Security.

[10]  Kim-Fung Man,et al.  The Generic Design of a High-Traffic Advanced Metering Infrastructure Using ZigBee , 2014, IEEE Transactions on Industrial Informatics.

[11]  Jung-Shian Li,et al.  Distributed key management scheme for peer-to-peer live streaming services , 2013, Int. J. Commun. Syst..

[12]  Lovepreet Kaur,et al.  Energy-Efficient Routing Protocols in Wireless Sensor Networks: A Survey , 2014 .

[13]  Der-Jiunn Deng,et al.  Recent issues in wireless sensor networks , 2013, Int. J. Commun. Syst..

[14]  Jisheng Sui,et al.  Study on ZigBee network architecture and routing algorithm , 2010, 2010 2nd International Conference on Signal Processing Systems.

[15]  Mohammad S. Obaidat,et al.  Energy aware wireless network protocols , 2012 .

[16]  Gianluca Dini,et al.  An efficient key revocation protocol for wireless sensor networks , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[17]  Daniel Cvrcek Security of Wireless Communication , 2008, FIDIS.

[18]  Olivier Hersent,et al.  M2M Communications: A Systems Approach , 2012 .

[19]  Shahin Farahani,et al.  ZigBee Wireless Networks and Transceivers , 2008 .

[20]  M. Valle,et al.  Wireless Sensor Networks Power-Aware Deployment , 2008, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008).

[21]  Jin-Shyan Lee,et al.  Performance evaluation of IEEE 802.15.4 for low-rate wireless personal area networks , 2006, IEEE Transactions on Consumer Electronics.

[22]  Jun Zheng,et al.  Energy-efficient network protocols and algorithms for wireless sensor networks: Guest Editorials , 2007 .

[23]  Kh Park Kyu Ho Park,et al.  An Interoperable Authentication System using ZigBee-enabled Tiny Portable Device and PKI , 2005 .

[24]  William T. Polk,et al.  Public Key Infrastructures that Satisfy Security Goals , 2003, IEEE Internet Comput..

[25]  Xinsong Liu,et al.  Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme , 2012, Int. J. Commun. Syst..

[26]  Gianluca Dini,et al.  S2RP: a Secure and Scalable Rekeying Protocol for Wireless Sensor Networks , 2006, 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[27]  Mohammad S. Obaidat,et al.  EEAODR: An energy-efficient ad hoc on-demand routing protocol for mobile ad hoc networks , 2009, Int. J. Commun. Syst..

[28]  Shuang-Hua Yang,et al.  A zigbee-based home automation system , 2009, IEEE Transactions on Consumer Electronics.

[29]  Domenico Cotroneo,et al.  Security requirements in service oriented architectures for ubiquitous computing , 2004, MPAC '04.

[30]  Carlisle Adams,et al.  Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[31]  Mohammad S. Obaidat,et al.  A high efficient node capture attack algorithm in wireless sensor network based on route minimum key set , 2013, Secur. Commun. Networks.

[32]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[33]  Chun Chen,et al.  A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks , 2013, Int. J. Commun. Syst..

[34]  Mohsen Guizani,et al.  An enhanced public key infrastructure to secure smart grid wireless communication networks , 2014, IEEE Network.

[35]  Bing Wu,et al.  Key management in mobile ad hoc networks , 2006 .

[36]  Mohammad S. Obaidat,et al.  EEAODR: An energy-efficient ad hoc on-demand routing protocol for mobile ad hoc networks , 2009 .

[37]  Adrian Perrig,et al.  On the distribution and revocation of cryptographic keys in sensor networks , 2005, IEEE Transactions on Dependable and Secure Computing.

[38]  Eun-Jun Yoon,et al.  Cryptanalysis of an e_cient three-party password-based key exchange scheme , 2012 .

[39]  Sudip Misra,et al.  Efficient detection of public key infrastructure-based revoked keys in mobile ad hoc networks , 2011, Wirel. Commun. Mob. Comput..

[40]  Miya Knight,et al.  Wireless security - How safe is Z-wave? , 2006 .

[41]  Chin-Chen Chang,et al.  An authenticated group key distribution protocol based on the generalized Chinese remainder theorem , 2014, Int. J. Commun. Syst..

[42]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[43]  D. Egan The emergence of ZigBee in building automation and industrial control , 2005 .

[44]  Robin Kravets,et al.  Composite key management for ad hoc networks , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[45]  Abbas Jamalipour,et al.  Energy-efficient network protocols and algorithms for wireless sensor networks , 2007, Int. J. Commun. Syst..

[46]  Sahadeo Padhye,et al.  A pairing‐free certificateless authenticated key agreement protocol , 2012, Int. J. Commun. Syst..

[47]  Hideki Imai,et al.  Security in Wireless Communication , 2002, Wirel. Pers. Commun..

[48]  Ki-Woong Park,et al.  pKASSO: Towards Seamless Authentication Providing Non-Repudiation on Resource-Constrained Devices , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[49]  Rolf Oppliger Certification Authorities Under Attack: A Plea for Certificate Legitimation , 2014, IEEE Internet Computing.