KEY MANAGEMENT SCHEME BASED ON IDENTITY AND

DUAL CLUSTER HEADS FOR WSN

1

Yi Liu1, Jinkou Ding1, Qiaoyan Wen2

School of Science, Beijing University of Posts and Telecommunications, Beijing; 2State Key Laboratory of Networking
and Switching Technology, Beijing University of Posts and Telecommunications, Beijing
[email protected], [email protected], [email protected]

Keywords: WSN, Key management, Identity-based encryption, dual cluster heads.

Abstract
For improving the current existing problems in wireless
sensor networks, reducing the amount of the node key
storage and key generation overhead, a new key management scheme based on ECC and the traditional clustering structure is proposed, which combines the identity-based encryption using the one-way hash function
and the dual cluster head nodes structure. Under the
coordination and management of the vice cluster head
node, the cluster nodes could join and leave networks
dynamically. In this way, this scheme could effectively
prevent the nodes being out of work because of the cluster head node death, and support rekeying, cluster heads
update, and addition of new nodes. Compared with the
existing schemes, the performance analysis shows that
this scheme has some obvious advantages in resilience
to nodes compromise, storage overhead and scalability.
INTRODUCTION
In a wireless sensor network (WSN) [1], many tiny sensor nodes are deployed in the monitored area for the
purpose of sensing some date and transmitting the data
to base station. Nowadays, WSNs are increasingly used
in the national defence, environmental monitoring, traffic management, health care and other fields, which
have attracted significant attention in the industry and
academic on account of their potential applications.
However, due to sensor nodes wireless nature and resource constraints, WSNs are vulnerable to various
types of attacks and the existing security mechanisms
cant be well applied in WSNs. Therefore, the security
problems should be taken into consideration, especially,
the key management security [2].
Most of the existing works in the literature are based on
symmetric key schemes. The inherent limitations of
symmetric cryptography, however, lead these schemes
to the suffering from the low connectivity, scalability,
resilience to node compromise and high overheads for
rekeying. To address this problem, some researchers
began to investigate the feasibility of using efficient
asymmetric key technology on sensor platforms. Recently, elliptic curve cryptography (ECC) [3, 4] has
been widely considered as the best choice due to its

smaller key size and faster computation. Both TinyECC

[5] and TinyPBC [6] are the applicable implementations
in typical sensor nodes platform.
Combining the identity-based encryption [7] with the
dual cluster heads structure [8], this paper proposes a
new cluster structure key management for wireless sensor network. This scheme pre-distributes key seed pairs
by using ECC and nodes ID, and nodes use the one-way
function to generate their public and private key pair.
Under the management of vice cluster heads, nodes in
the cluster can dynamically join and leave. The rest of
this paper is organized as follows. Section 2 reviews the
schemes and points out their weakness. Then, we present a new key management scheme based on the identity encryption and dual cluster heads structure in Section
3, whose security and performance are analysed in Section 4. Section 5 concludes.
RELATED WORKS
In 2002, Eshenauer and Gligor [9] proposed the basic
random key pre-distribution scheme called E-G scheme,
in which each node is assigned a set of keys randomly
selected from key pool established by the base station
(BS). The communication links are established through
the same session keys held by nodes. This scheme has
low computation complexity, connectivity decided by
the size of key pool and sub-set key and poor resilience
to part nodes compromise. Chan et al. [10] proposed the
q-composite random key pre-distribution scheme. This
scheme requires at least q same keys between nodes to
establish the session key, which improves the resilience
by increasing the value of q. It also has a poor scalability. Shen et al. [11] proposed a cluster-based key predistribution scheme, in which the monitoring area is
divided into several smaller hexagonal districts and the
nodes are deployed into distinct clusters. In the accordance with the clustering, the key pool is divided into
corresponding subset and each node picks up the subsets marked with the cluster number. This scheme has
good connectivity and resilience, lower communication
overhead, but high overhead for rekeying. Reza et al.
[12] presented cluster-based key management using
ECC and symmetric cryptosystem, in which the session
keys are established by gateway nodes with the ECC
algorithm. This scheme has low communication and
storage overhead, and good security. But, the gateway
node compromise will affect the security of network.
Liu et al. [13] put forward a threshold key sharing mod-

el, which picks up virtual and physical cluster heads for

key negotiation between cluster heads and nodes. This
scheme has good resilience, connectivity, and lower
energy overhead. Nevertheless, when the session keys
are established between cluster heads and nodes, the
cluster heads compromise will disclose all keys in the
cluster. In addition, this scheme has poor scalability and
supports no rekeying.
OUR PROPOSED SCHEME
SCHEME ASSUMPTIONS
It is assumed that the number of clusters in the network
is less than M, and at most N sensor nodes will be deployed in one cluster. To considerate the overheads and
safety, this scheme based on traditional cluster structure
picks up dual cluster heads and different performance
nodes in each cluster. The assumptions are as follows:

Fig. 1 The structure of WSNs

1) Only one BS is fixed in one side of the deployment
area. BS is not constrained in computing power, storage
space and other aspects of resources. We believe that
BS is absolutely safe, credible and responsible for the
management of all network nodes and data transmission,
as well as information exchange with the outside world.
2) After the deployment is completed, all the sensor
nodes are fixed and immovable.
3) Sink nodes own high energy, strong computation,
communication capability and large storage space. The
monitoring mechanism is set up in sink nodes to detect
the status of nodes (such as the compromise, the energy
status, etc.).
4) Cluster heads are picked up among the sink nodes.
Main cluster heads are responsible for data fusion, aggregation and transmission. Vice cluster heads are in
charge of cluster nodes management and emergency
communications with BS, cluster heads election and the
rekeying.
5) The ordinary nodes with constraint resource, has ability to data collection and transmission, but free communication between nodes is not approved.
6) All nodes can obtain their accurate position information and current time (installed GPS module). They
can also directly send message or data by adjusting their
transmission power and calculate the approximate dis-

tance between nodes based on the intensity of the received message.

7) For convenience, the notations used throughout in
this paper are summarized as follows:
BS: the base station
ACH: vice cluster head
MCH: main cluster head
A/B: node A or B
H2: one-way hash function
PKA (): public key encryption from node A

TPA: node type of node A

LCA: location of node A
Ti: the i-th time
STA: status of node A
TKi: the i-th token
KP: key parameter

Table 1: The notations

IDENTITY-BASED ENCRYPTION SCHEME
System initialization
Before nodes are deployed, BS uses private key generation (PKG) to initialize the system parameters. The specific steps are in the following:
Step-1 BS chooses one secure elliptic curve E over the
finite field GF(p), where p is a prime number. A specific point on the E is chosen as the base point Q and its
order is prime number q.
Step-2 According to the corresponding random algorithm, BS selects xij GF ( p ) , where 1 d i d m ,
m Z  , n Z  . Then, BS constructs the private key
seed matrix X PR , namely:
x11 x12 " x1n

x21 x22 " x2 n

(1)
#
# % #

xm1 xm 2 " xmn

Step-3 BS generates the public key seed matrix YPK ,
where yij xij Q , 1 d i d m , 1 d j d n , namely:
y11 y12 " y1n

y21 y22 " y2 n

#
# % #

ym1 ym 2 " ymn

Step-4 BS selects two one-way hash functions:
H1 : {0,1}* o {0,1}l u n , l log 2 m ;

(2)

H 2 : {0,1}* o {0,1}n .
Step-5
BS
saves
the
system
parameters
( E , Q, p, q, H1 , H 2 , X PR , YPK ) , and initiates sensor nodes
by ( E , Q, p, q, H 2 ) .

Key seed pairs pre-distribution

BS assigns a unique ID for each node and creates the ID
list to store all information on nodes. The node seed key
pairs will be generated through the ways as follows:
Step-1
BS
computes
the
hash
value
H1 ( ID) h1 " hi " hn , where the binary bit string hi is

the length of l and its value is ai in decimal. We easily

obtain i [1, n] , ai [0, m) .
Step-2 BS chooses the node private key seed
SeedX ID {xa1 1 ," , xai i ," , xan n } , where xai i is the value
of the ai -th row and the i-th column in the X PR .
Step-3 BS chooses the node public key seed
SeedYID { ya1 1 ," , ya j j ," , yan n } , where ya j j is the value of the a j -th row and the j-th column in the YPK .
Step-4 The key seed pair ( SeedX ID , SeedYID ) is stored
in the corresponding node. BS distributes its own public
key PK BS to all sink nodes, and ends the predistribution key seed phase.
Node key pair generation
BS randomly picks up two sink nodes as ACH and
MCH in each cluster. BS stores the cluster heads ID to
the cluster head list, and broadcasts their IDs. All sink
nodes check the broadcast message and change the node
types, if they are cluster heads. Meanwhile, all nodes
begin to generate their key pairs according to the following steps.
Step-1 Nodes obtain its site information and the current
time
to
generate
the
key
parameter
KP (TPID || LCID || T ) .
Step-2
Nodes
compute
the
hash
value
H 2 ( KP ) kp1 " kpi " kpn , where kpi is the i-th bit in
the H 2 ( KP ) .
Step-3
Nodes
obtain
the
private
key
n

PRID

kp x
i 1

i ai i

PK ID

kp
j 1

mod q

and

the

public

key

ya j j mod q , where kpi , kp j H 2 ( KP ) ,

xai i SeedX ID , ya j j SeedYID .

KEY MANAGEMENT SCHEME BASED ON DUAL

CLUSTER HEADS
Node registration and cluster establishment
Although the deployed area has been divided into several sub-regions, ACH will coordinate the node registration following the detailed process below:
Step-1 ACH broadcasts message Public ACH 1 through a
low energy.
Step-2 Node A chooses to reply the ACH by comparing
the strength of received broadcast message, and sends
the join-into-cluster request Request A .
Step-3 ACH decrypts Request A and checks whether
T2  T1  'T , where 'T is the delay that ACH can
accept. If satisfied, ACH stores the node information
into the node registration list and places the trust in the
highest level; If not, ACH directly sends a welcome
message to the node again, but drops the node trust. If it
happens again, ACH will put the node into the blacklist
and broadcast its ID in the cluster.
Step-4 When receiving the request from MCH, ACH
will immediately send a verification request
Request ACH 1 to BS.
Step-5 BS decrypts Request ACH 1 and finds the predistribution cluster heads in the cluster heads list. If
matched, BS stores the public keys and replies the verification result ResultBS 1 to ACH; If not, BS ignores the
request and sends a warning message to the ACH.
Step-6 ACH decrypts the message from BS and checks
the result in the TK 4 . If verified, ACH broadcasts
PublicACH  2 in the cluster. If not, ACH puts the sink
node into the blacklist and broadcasts its ID. Then ACH
starts MCH election.
Step-7 ACH encrypts and sends the nodes registration
list to MCH and BS. Finally, ACH begins to monitor the
cluster nodes status.

Step-4 Nodes save the key pair ( PRID , PK ID ) and ends

the key pair generation phase.
Node encryption method
When node A wants to send the message MS to cluster
head CH, node A obeys the following steps.
Step-1 Node A codes the message MS to a point P on E
and computes H1 (CH ) h .
Step-2 Node A obtains the encrypted message
C P  h x PK CH , then sends to CH.
Step-3 CH decrypts the encrypted message C:
C  H1 (CH ) x PRCH x Q

P  h x PK CH  h x kpi yai i

i 1

Step-4 CH decodes the point P to obtain the message

MS, and informs node A. Finally, CH ends the secure
communication.

Figure 2 The flow diagram of nodes registration

Key update
According to the monitoring results, ACH starts rekeying.
Step-1 ACH completes the rekeying firstly and broadcasts the rekeying order OrderACH :
{TK 6 , IDACH , PK ACH , T6 } .

Step-2 Node A follows the OrderACH , and updates time

T in the key parameter KP (TPA || LC A || T ) . Then
node A completes the rekeying and obtains the new key
pair following the steps in the node key pair generation
phase. After that, node A replies ACH and sends the
message Result A : PK ACH (TK 7 || IDA || PK A || STA || T7 ) .
Step-3 ACH decrypts the Result A , and checks
T7  T6  'T , where 'T is the acceptant delay. If satisfied, ACH updates the node information in the node
registration list. If not, ACH considers that node A has
been captured. Then ACH puts node A into the blacklist
and broadcasts its ID.
Step-4 ACH encrypts and sends nodes registration list to
MCH and BS, then ends the rekeying phase.
Cluster heads update
If the cluster heads are found unusually, BS will inform
the corresponding ACH with the order OrderBS :
PK ACH (TK8 || IDBS || T8 ) . Then ACH follows the
OrderBS to start the cluster head update. Firstly, ACH
compares the status of sink nodes in the list, such as
residual energy, trust value, etc. Secondly, ACH picks
up new ACH and MCH, and then sends the result
'
'
Result A : PK BS (TK 9 || IDACH || IDACH
|| IDMCH
|| T9 ) . BS
verifies the message and replies with ResultBS  2 :
PK ACH (TK10 || IDBS || T10 ) . If the result meets the requirement, BS begins to update the cluster head list. If
not, BS appoints cluster heads directly as before. Finally,
old ACH broadcasts the new cluster heads information
PublicACH  2 :
'
'
'
'
{TK11 , IDACH , IDACH
, PK ACH
, IDMCH
, PK MCH
, T11} . After

receiving PublicACH  2 , nodes store the new cluster head

ID and public key, while new ACH starts rekeying. If
ACH has been captured, BS orders MCH to start the
cluster head update.
New node addition
New node B obtains its ID, key pair seed, initial system
parameters, node verification information TK B and BS
public key from BS. After deployed, node B generates
public-private key pair ( PK B , PRB ) , and awaits the detection. ACH sends HelloACH :
{TK12 , IDACH , PK ACH , T12 } to node B, then node B replies ACH with the join request Request B :
PK BS (TK B || TPB || IDB || PK B || STB || TB ) . When receiving the Request B , ACH sends the new node verification
request Request ACH  2 :
{PK BS (TK13 || IDACH || T13 ), Request B } to BS. Then BS
decrypts Request ACH  2 and verifies ACH and node B
through the verification information TK B . If node B is
authorized, BS sends the verification result Result BS  3 :

PK ACH (TK14 || IDBS || IDB || PK B || T14 ) to ACH. ACH

decrypts Result BS  3 and add node B to cluster node registration list. Then ACH sends welcome message to
node B, and starts rekeying in the cluster. Finally, ACH
encrypts and sends the new node registration list to
MCH and BS. If not, node B will be ignored and put
into the blacklist. If node B is a sink node, ACH starts
cluster heads update.

Node quit
After the network has operated for a long time, some
nodes may be out of work because of their energy exhaustion or compromise. At this time, the nodes must be
forced to quit. If they are ordinary nodes, ACH adds
them to the blacklist and deletes the information in the
node registration list, then broadcasts their ID and starts
rekeying. If the node is MCH, ACH starts cluster heads
update. If ACH compromises, BS will broadcast message and authorize MCH to start cluster head update.
PERFORMANCE ANALYSIS
SECURITY ANALYSIS
Resilience
In E-G scheme [9], when the key pool is fixed and one
node stores the fewer keys, the less information will be
disclosed and the resilience will be higher. Similarly,
the bigger the key pool is, the resilience will be higher.
In the scheme [13], the ordinary nodes compromise will
not affect the security of other nodes because of no
communication between ordinary nodes. However,
when the session keys have been established between
cluster head and nodes, the cluster head compromise
will affect the security of cluster. In the scheme [11],
any node comprise will lead to rekey, which is proved
to have good resilience. In our proposed scheme, each
node stores own private-public key pair based on ECC
cryptography. When nodes compromise happens, the
attacker has no chance to get the one-way hash function
h1 to restore the key seeds matrixes to get the keys of
other nodes. The sink nodes are picked up as the cluster
heads, which can monitor the nodes in the cluster and
check node registration status information to discover
the disguise. When monitoring node compromise, ACH
puts it into blacklist and broadcasts its ID. The fake
nodes will be isolated and marked. Immediately, ACH
starts rekeying to ensure the backward security. Thanks
to the dual cluster heads and BS, when one cluster head
is compromising, the other cluster heads will start the
cluster head update and rekeying, which leads to maintain the stability in the cluster. Therefore, our proposed
scheme has a good resilience.
Scalability
In the scheme [11], with the addition of nodes, nodes
still store the key subspace of the cluster, which is

proved to have good scalability. We assume that the

number of clusters in the network is less than M, while
at most N nodes will be deployed in one cluster. According to the deployment or the network condition, BS
adds new nodes into clusters that have little nodes or
many nodes compromise. When ACHs receive the request of new nodes, they will ask BS for node verification and start the rekeying, which ensure the forward
security. This scheme picks up ECC encryption mechanism, so nodes just need to store their own key pairs and
public keys of cluster heads, and the addition of nodes
will not affect the number of keys stored in other nodes.
Thus, our proposed scheme has a good scalability.
EFFICIENCY ANALYSIS
Communication overhead
At the key generation phase, each node has obtained the
key seed pair and can generate public and private key
pair alone, which needs a single communication with
ACH. For one ACH, it just needs to broadcast twice and
receives all requests from nodes. The node registration
list will be sent to the main cluster head and BS. At this
phase, the communication overhead is as the same as
the scheme [11]. At the rekeying phase, the communication overhead is the same as at the key generation phase.
Thus, communication overheads are mostly concentrated in high performance sink nodes, which can satisfy
the communication requirements. We pick up dual cluster heads to reduce the communication overhead of
MCHs and ordinary nodes, which keeps the communication quality, prolongs nodes service time and enhances the stability of the network.
Storage overhead

wireless sensor networks for higher security requirements.

ACKNOWLEDGMENTS
Thanks to NSFC (Grant Nos. 61272057, 61202434,
61170270, 61100203, 61003286, 61121061), the Fundamental Research Funds for the Central Universities
(Grant No. 2012RC0612, 2011YB01).
REFERENCES
[1] I. F. Akyildiz, W. Su, E. Cayirci, et al. Wireless
sensor networks: a survey [J]. Computer Networks,
vol. 38, 2002, pp. 393-422.
[2] Xiaobing He, Michael Niedermeier, Hermann de
Meer. Dynamic key management in wireless sensor networks: A survey [J]. Journal of Network
and Computer Application, vol. 36, 2013, pp. 611622.
[3] MILLER V. Use of elliptic curves in cryptography
[C] / / Advances In Cryptofogy-Proc of
CRYPTO85, LNCS218. Berlin: Springer-Verlag,
1985: 417- 426.
[4] N.Koblitz. Elliptic Curve Cryptosystems [J].
Mathematics of Computation, vol. 48, 1987, pp.
203-209.
[5] A. Liu, P. Ning, TinyECC: A configurable library
for elliptic curve cryptography in wireless sensor
networks, in: International Conference on Information Processing in Sensor Networks, April 2008,
pp. 245256.

Firstly, each node needs to store the configuration about

ECC environment, dual one-way hash function algorithms and key seed pair. After deployment, nodes have
to store the key parameter and the key pair. When ordinary nodes join into one cluster, they must store the
public key of ACH and MCH, while the ACH and MCH
should keep the node registration list, blacklist and the
public key of BS. Its clear that our proposed scheme
has much less storage overheads than the scheme [11].

[6] L.B. Oliveira, M. Scott, J. Lopez, R. Dahab. TinyPBC: Pairings for authenticated identity-based
non-interactive key distribution in sensor networks,
in: 5th International Conference on Networked
Sensing Systems, 2008, pp. 173180.

CONCLUSIONS

[8] Xue Bingbing. Wireless sensor networks based on

hybrid key management mechanism [D]. Heilongjiang University, 2012.

This paper combines the dual cluster heads structure and

identity-based encryption to propose a new key management scheme based on ECC for wireless sensor networks. In our proposed scheme, BS uses PKG and node
identifier ID to pre-distribute key seed pairs, and the
one-way hash function is used for generating the public
key pair. Under the coordination and management of
ACHs, this scheme supports rekeying, cluster heads
update, and addition of new nodes. Performance analysis shows that this scheme has good robustness, resilience to cluster compromise, scalability and lower overhead of rekeying, which meets medium and large scale

[7] Han Lei. Research on Several Key Management

Schemes and Applications for Moblie Ad Hoc
Networks [D]. Beijing Jiaotong University, 2012.

[9] Eschenauer L, Gligor V. A key management

scheme for distributed sensor networks [C]. Proceedings of the 9th ACM Conference on Computer
and Communications Security, Washington, DC,
2002: 41-47.
[10] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networksC]. Proceedings of the 2003 IEEE Symp on Security and Privacy, Washington, 2003: 197-213.

[11] Shen Jinbo, Xu Li. Cluster-Based Key PreDistribution Scheme for Wireless Sensor Networks[C]. // Proceedings of the 3rd Trusted Computing and Information Security Conference. 2008:
117-120.
[12] REZA A, ARASH R-M, ZINE-EDDINE A. A key
management scheme for cluster based wireless
sensor networks[C]. Proceedings of the 2008
IEEE/IFIP International Conference on Embedded
and Ubiquitous Computing. Washington, DC:
IEEE Computer Society, 2008: 222-227.
[13] Liu Yanan, Wang Jian, Du He. Threshold Key
Sharing Model in Wireless Sensor Networks[J].
Journal of Electronics & Information Technology,
2011, 33(8): 1913-1918.