Data collection can be done in various forms, and one such way that is becoming increasingly more popular is through the use of Wireless Sensor Networks (WSN). These networks are comprised of various sensor nodes, tiny computers that individually collect data from their environment, and communicate this information with each other. One term often used by tech companies to describe WSNs is Internet of Things, painting the image of various interconnected machines within a region as small as the household or as large as a city. For a more detailed look at WSNs, check out my post here.

Regardless of the size of WSN, security of the collected data is crucial. As a WSN becomes larger, the risk of hacking a single node increases. As such, extensive security measures are applied to WSNs in the form of cryptography, ensuring that the data collected remains encrypted and unreadable until it leaves the system. In this article, I will define the two flavours of cryptography: symmetric and asymmetric. Furthermore, I will explore methods of applying these cryptographic protocols on WSNs given a finite communication radius of sensor nodes. 

Cryptographic Basics

Before diving in to cryptography in WSNs, let's define some key cryptographic terms. Cryptography refers to the study of secure communication in the presence of adversaries - those who may be trying to intercept the transferred information. Specifically, we are concerned with making our information private or unreadable to adversaries but readable to our target - two subsequent methods known as encryption and decryption. Encryption can be seen as the process of turning plaintext - our unchanged message - into ciphertext - an unreadable message - and finally back into plaintext. 

This encryption-decryption process can be done in a number of ways, but we will focus only on the two most common below.

Symmetric Cryptography

Also known as secret-key cryptography, symmetric cryptography uses a single symmetric key for both encryption and decryption. As we see in Figure 1, decrypting the encrypted message will garner us our original message [1]. Mathematically, if we look at the encryption process as a function K on a message t as K(t) and the decryption process on a message t as the inverse of K on t, we get the following properties.

Property (1) is the definition of encryption and decryption such that they "undo" each other. Property (2) and (3) are unique to symmetric cryptography: from (2), the symmetric encryption key is the same as the symmetric decryption key, and thus from (3), a single symmetric encryption key will decrypt itself.

In WSNs, we have a cryptographic tradeoff we must consider. Using a single key between all sensor nodes will make our WSN vulnerable - hacking a single node will make the whole network defenseless and the data susceptible to attack and retrieval by third parties. On the other hand, having a unique key for every pair of nodes is not possible given the small storage space of nodes - a network with n nodes would require each node to hold n-1 unique keys, and the whole network would need (n-1)n/2 keys. 

Keeping this in mind, we install as many keys on a single node as is reasonable given storage space, number of total network keys, number of neighbouring nodes, and how much data is to be collected for a given time frame. One such method of key-distribution using combinatorial design theory is found here.

Two nodes within a network that are within communication range will use a symmetric key K which is the product of all keys these two nodes have in common. More clearly, if node i and node j are neighbours, and out of n total network keys they share m keys, such that m < n, then the symmetric key i and j use is as follows:

Asymmetric Cryptography

Also known as public-key cryptography, asymmetric cryptography uses two separate keys for each of the encryption and decryption processes. For the encryption process, the sender uses a public key that is available to all senders in the system; for the decryption process, the receiver uses a private key that is only available to the receiver [1]. In Figure 2, we see the asymmetric key process.

In order to obtain two keys - a private-key that decrypts the encryption of the public-key - they are created together. These are known as public-private key pairs. Our keys that we obtain must follow a set of properties.

As we see in Figure 3, this key pair is created in the destination device; the private-key remains with the destination device, whereas the public-key is made available to all source devices. One example of this process is GitHub [4], where to use SSH Authentication users will create a key pair on their device and upload the public-key GitHub. This allows users to securely push or pull code from their GitHub repositories. 

In a WSN, a node would create a key pair, store the private-key locally and send out the public-key to neighbouring nodes. Once again, keeping in mind the tradeoff of storage vs. vulnerability, we may choose to create several key-pairs and send out multiple public-keys to different nodes.

Secure Node Hopping

Depending on the topology of your network, you may require multiple hops to reach your sink node [5] - a transfer of data between two devices, moving towards a target. An overview of different network topologies is available in my post here.  Suppose you have a path of nodes such as in Figure 4 where we need to transfer data from node p to node s - usually our sink node. One method to do this would be to fully encrypt and decrypt the data between every hop; this method requires each neighbouring pair of nodes to have a key-pair E and D. Here, we are not concerned with whether E and D are symmetric or asymetric. This may not be a scalable option. 

Another method is to take advantage of the fact that sink nodes normally have larger storage based on their function of sending data out of the system. In this case, we can have a single key-pair between p and our sink s such that our node p can send data to neighbouring nodes without the other nodes decrypting our data until we reach s. This keeps our data secure through each hop while not requiring our nodes to hold too many keys. This process is shown in Figure 5.

Conclusion

Organizations implementing WSNs for data collection take appropriate measures to ensure the data collected is not compromised, accessed, or stolen. Apart from physical security, cryptography is a natural step in data integrity and security. Understanding the different cryptographic protocols used in WSNs and their implementations helps organizations choose the best protocols and key distributions for their networks.

References

[1] Stallings, William Cryptography and Network Security - Principles and Practice, 4th ed., Prentice Hall, 2005, Chapter 2.1, 8.1

[2] K. M. Martin, On the Applicability of Combinatorial Designs to Key Predistribution for Wireless
Sensor Networks, In: Chee Y.M., Li C., Ling S., Wang H., Xing C. (eds) Coding and Cryptology.
IWCC 2009. Lecture Notes in Computer Science, vol 5557. Springer, Berlin, Heidelberg (2009).

[3] Gustavo S. Quirino, Admilson R. L. Ribeiro and Edward David Moreno (September 6th 2012). Asymmetric Encryption in Wireless Sensor Networks, Wireless Sensor Networks Mohammad A. Matin, IntechOpen, DOI: 10.5772/48464. Available from: https://www.intechopen.com/books/wireless-sensor-networks-technology-and-protocols/asymmetric-encryption-in-wireless-sensor-networks, Chapter 3.1.2

[4] GitHub 2018, accessed 1 September 2018 , <https://help.github.com/articles/connecting-to-github-with-ssh/>

[5] Elias Yaacoub and Adnan Abu-Dayya (September 6th 2012). Multihop Routing for Energy Efficiency in Wireless Sensor Networks, Wireless Sensor Networks Mohammad A. Matin, IntechOpen, DOI: 10.5772/39221. Available from: https://www.intechopen.com/books/wireless-sensor-networks-technology-and-protocols/multihop-routing-for-energy-efficiency-in-wireless-sensor-networks