Digital Incontrovertible Multi Level Key Set Based Node Authentication Model for Malicious Node Detection for Secure Data Transmission in WSN

Wireless sensor networks (WSNs) are comprised of a multitude of autonomous nodes, each a cost-effective and compact sensor [1]. These networked nodes are dispersed across extensive areas to monitor environmental parameters such as temperature, pressure, and humidity, serving an array of applications from habitat monitoring to advanced scientific exploration. It has been posited that to distill valuable insights from the voluminous raw data, significant processing and computational capabilities must be embedded within the nodes [2]. Communication within these networks is facilitated wirelessly among randomly placed sensor nodes, which are constrained by their limited energy, storage, and computational capacities [3]. A sensor node, designed as a small, low-power device, is tasked with data acquisition. The inherent limitations of their batteries render the nodes with finite storage, memory, and processing capabilities, thereby increasing their susceptibility to security breaches [4]. Energy conservation within WSNs is paramount, as the network lifetime — the duration from deployment until the depletion of the first node's energy - directly impacts the effectiveness and longevity of the network [5]. Hierarchical clustering has emerged as a prominent strategy to mitigate energy consumption and prolong the operational span of WSNs [6]. This technique involves segmenting expansive sensor networks into more manageable sub-units.

These nodes find utility in a spectrum of fields, including military surveillance, environmental monitoring, transport systems, smart home technologies, and disaster management. Each sensor node is equipped with an array of sensors, potentially including mechanical, biological, and magnetic types, along with a low-power battery, processor, radio, memory, and an actuator [7]. The remote and often hostile deployment environments elevate the risk of unauthorized access and attacks, presenting a significant security challenge [8].

1.1 Malicious actions in WSN

Despite the development of numerous security protocols and strategies designed to thwart attacks and malicious node activities within WSNs, these networks remain susceptible to an array of security threats and weaknesses [9]. It has been observed that nodes which act selfishly or maliciously, contravening the established protocol norms, can disrupt the routing process. WSN attacks can be categorized broadly into internal and external types [9]. External attacks often target authentication and key management systems [10], and although cryptographic measures, authorization, and encryption are employed to counter these threats, their efficacy is compromised in the face of internal attacks. Such attacks include scenarios where an adversary compromises a node, inducing abnormal behavior and facilitating attacks such as black holes and sinkholes [11]. When dealing with network intrusions from within, conventional methods are useless. The malicious node detection in WSN is shown in Figure 1.

1.png

Figure 1. WSN malicious node detection

The ongoing quest for secure WSNs has yielded a plethora of strategies to protect against malicious nodes and other attacks. Predominantly, these strategies have centered on cryptographic and authentication measures, yet the absence of centralized management in WSNs presents a significant challenge to their implementation [12]. Cryptographic solutions demand substantial resources, and once a node is compromised, its credentials, including secret keys and memory contents, can be exploited [13]. The present study proposes a novel and practical key distribution method to secure communications within WSNs. It has been proposed that the operation frequency of a node correlates with its transaction volume, with nodes decelerating in dense network segments to facilitate universal connectivity, and accelerating in sparser areas to compensate for decreased key exchange demands [14]. WSNs maintain communication continuity even when mobile nodes are transiently outside the communication range of others. This continuity hinges on the trustworthiness of the keys exchanged among sensor nodes for the duration of a session [15]. The integrity of communication is preserved as long as it occurs within the designated temporal confines of the session, regardless of the node's immediate presence [16].

1.2 Cryptography in WSN

In wireless sensor networks, the deployment of a robust encryption mechanism constitutes a critical facet of secure information handling. Cryptography is generally bifurcated into symmetric and asymmetric categories [17]. Initiatives for key generation have encompassed the use of random number generators and key derivation functions. The strength of the key is a pivotal factor at this juncture, necessitating the elimination of weak keys from the pool. Although it is acknowledged that lengthier keys typically confer enhanced security, they also impose a greater computational burden [18]. Subsequent to key generation, the dissemination of the key to all relevant entities is imperative. It must be transmitted with safeguards against interception, as exposure through plaintext transmission could precipitate key compromise [19]. Distinct from cryptography, there exists a gamut of systems for the detection of defects, abnormalities, and outliers within WSNs. Predicated on the assumption that the majority of sensor nodes function accurately, these systems predominantly focus on singling out malfunctioning sensor nodes or excising anomalous sensor data in a distributed framework [20].

Some studies have capitalized on the premise that measurement discrepancies arising from faults are likely to manifest as uncorrelated, whereas observations within a targeted region exhibit spatial correlation. This concept has been leveraged to distinguish between events and faults [21]. To demarcate event boundaries under adversarial conditions, a secure detection methodology has been proposed within this paradigm. Despite the ubiquity of malicious nodes within WSNs, their impact is frequently underestimated or insufficiently addressed [22]. Should malicious nodes generate spurious measurements that deviate from the prescribed fault model, the realized performance may be compromised. Moreover, if these nodes demonstrate sophisticated behavioral patterns, the challenge of discerning between genuine events and false alarms induced by such nodes is exacerbated. Conventional models tend to yield high false alarm rates, while existing cryptographic models lack robustness, thereby degrading network performance. This study introduces a novel approach: the Digital Incontrovertible Multi-Level Key Set based Node Authentication Model. Employing cryptography, this model is aimed at the detection of malicious nodes, thereby facilitating secure data transmission within WSNs.

A method for identifying malicious nodes in wireless sensor networks based on their proximity to other nodes is performed in this research. By monitoring for faults and events, malicious nodes can be identified without compromising healthy ones. They are represented as malfunctioning nodes with the ability to manipulate sensor data and engage in deceptive behaviour to avoid detection [23]. During typical operations, the reliability of sensor nodes is estimated using confidence levels. Each sensor node takes these into account while making a judgement. As long as their behaviour is distinct from that of regular nodes, two parameters for updating the confidence levels are used to identify malicious nodes [24]. In order to eventually isolate malicious nodes, despite their slightly different behaviour from normal nodes, the ratio between them must be carefully chosen [25]. In the presence of faults and events, the detection rate is kept high while the false positive rate is kept low. As a result, false alarm rates are maintained to a minimum without sacrificing precision while detecting events [26]. The reliable and secure key distribution center in this system is the base for key generation and distribution. In order for two sensor nodes to successfully interact, a key set is generated for both the nodes that must be kept in the memory of both nodes. The benefit is that the sensor node's key set can't expose the entire network; it's just accessible to a specific node [27].

Previous studies on both traditional wired networks and ad hoc wireless networks have determined that cryptographic protection of messages sent between nodes is necessary for securing the operations of communication. They typically necessitate authentication at the source, security of message integrity, and private communication. There have been various attempts to develop key cryptography systems despite the constrained resources available in WSNs [28]. Different communication keys, such as unicast, broadcast, multicast, etc., are needed for different WSN application types. When sending data to the sink node, a unicast key is necessary, whereas a broadcast key is needed for intermediate routing nodes and for sending control packets to all nodes. Many recent studies have looked into preloading keys, but they have been found to have poor scalability for big networks and high overhead. It has trouble accommodating new nodes that join the system since the existing nodes can't tell the difference between malicious and lawful additions.

Unattended sensor networks are more vulnerable to attacks, which can introduce malicious nodes into the network. Many assaults have been demonstrated that can be launched against a sensor network. Most studies have focused on head-on assaults on the networks themselves, proposing various methods for detecting and thwarting such attacks. In this paper, zero in on indirect attacks, in which malicious nodes appear to be acting normally but are actually sending out false sensor readings to their neighbours is considered in an effort to trick the network into making a bad choice with potentially disastrous results or to waste resources by generating unnecessary computation and communication. Noise, malfunctions, and unexpected occurrences can potentially affect sensor readings in unexpected ways. Given the prevalence of faults and events, it is imperative that malicious nodes be identified. The malevolent nodes are handled by considering them defective nodes with the ability to arbitrarily alter their readings. If no fault-tolerance mechanisms are adopted, users reporting their own readings might swiftly bring the network to a halt. Each sensor node is presumed to be familiar with the typical range of measurements and to be able to ascertain whether or not the measured values fall within that range. In this context, normal range refers to the interval throughout which no events would cause a deviation from the expected sensor data. The proposed model framework is shown in Figure 2.

In the proposed model, initially node information is consideres and to each node a immutable token allocation is performed. The proposed model generates incontrovertible multi level key set that is distributes to all the nodes in the network and these keys are used for node authentication. The node which needs to transmit the data has to provide the authentication key to complete the node authentication process. The nodes after successful authentication only will allow for communication. The node actions are considered and the malicious nodes can be detected.

2.png

Figure 2. Proposed model framework

In order for nodes in a WSN to communicate with one another wirelessly, a system for managing keys is required. WSNs are more susceptible to assaults from malicious nodes than wired networks. This research presents a digital incontrovertible multilevel key management system to address the limitations of current key management systems by allowing keys to be produced on the fly and distributed among wireless network nodes for strong node authentication and malicious nodes detection. The proposed method uses a unique digital token system for key management, which allows for easy differentiation between potential attackers. Node capture attacks have been successfully tested against the proposed scheme. Security in communications relies heavily on authentication. This feature guarantees that information has been gathered from reliable resources. When two nodes exchange information, the sending node wants to verify that it is a valid network node and that the information it is sending is accurate. Other nodes can check to see if the source of a message or data is reliable. In this research, Digital Incontrovertible Multi Level Key Set based Node Authentication Model for Malicious Node Detection (DIMLKS-NA-MND) using cryptography is proposed for secure data transmission in WSN.

Algorithm DIMLKS-NA-MND​

{

Step-1: The nodes information in the network is maintained for monitoring the nodes behavior in the network. The node information is gathered as:

$\begin{aligned} \operatorname{NInfo}[M]= & \sum_{i=1}^M \lim _{i \rightarrow M}\left(\operatorname{maxNetsize}(M)+\frac{\operatorname{getNode}(i)}{\operatorname{netLimit}(M)}\right)+\operatorname{TiIns}(i)+\operatorname{nodeAddr}(i)+\mu\end{aligned}$

Here µ is the node transmission range capability, node address is considered for maintain the node information and network limit is considered to store the network size. TiIns() is the time instant of the node during registration. maxNetsize() model considers the maximum limit of the network size,nodeArr() model considers each node address, netLimit() model considers the network limit of nodes.

Step-2: The nodes in the network will be allotted with the Digital Incontrovertible Token that is used to identify the nodes during data transmission. The Digital Incontrovertible Token is a security number that is used by nodes for authentication and recognition. The Digital Incontrovertible Token allocation is performed as:

$\begin{gathered}\operatorname{DigT}(\operatorname{NInfo}[M])=\prod_{i=1}^M \frac{\text { NodeAddr }(i)}{\mu}+ \operatorname{getRand}(\operatorname{node}(i))+\max (\operatorname{NInfo}(i))+T h\end{gathered}$

Here getRand() is used generate a random value in calculation of digital token. Th is the threshold value considered in digital token calculation. The digital token is a secret value generated for every node that is used for node authentication to enter into network.

Step-3: The proposed model generates Incontrovertible Multi Level Key Set that is used for node authentication during data transmission. The sender node and receiver node has to provide the keys from the key set to complete the authentication process. The Incontrovertible Multi Level Key Set generation is performed as:

IntValM $=\sum_{i=1}^M \frac{\operatorname{getPrime}(i)}{T h}+\operatorname{getRand}(i)$

$\operatorname{IntValN}=\sum_{i=1}^M \operatorname{getRand}(i)+\operatorname{nodeAddr}(i)\,\,\operatorname{getRand}(i)<\operatorname{IntVal}(i)$

$\operatorname{Key} M=\prod_{i=1}^M \frac{\operatorname{IntValM}(i) \oplus \operatorname{IntValN}}{T h} \ll 2$

$\begin{gathered}\operatorname{PriKey}[M]=\sum_{i=1}^M\left(\frac{(\text { KeyM } \| \text { IntValM })}{\text { getRand }(i)} \oplus\right. (\text { IntValN&&IntValM })) \ll 4\end{gathered}$

$\operatorname{IKset}[M]=\sum_{i=1}^M\left[\frac{\operatorname{KeyM}(i) \oplus \operatorname{PriKey}(\mathrm{i})}{\operatorname{IntValN}(i)}: \frac{\operatorname{PriKey}(i) \& \& \operatorname{IntValN}(i)}{\operatorname{KeyM}(i)}\right]$

The IKset is a key set that contains two keys that are represented as K1 and K2. Here IntValM, IntValN are the intermediate key generation values, Key M is the model key that is generated from the intermediate values. PriKey is the private key generated and IKset is the key set generated for all the nodes.

Step-4: A malicious network node is one that intentionally interferes with other network nodes. The malicious node impedes communication between the sender and the recipient, replaying older information. The estimated locations of the unidentified nodes are inaccurate because they are based on historical information. To bring down a whole network, all a replay attack needs is access to a single node. The node authentication to enter into the network is performed as

$\begin{gathered}\text { NodeAuth }[M]=\sum_{i=1}^M \operatorname{getDigT}(\operatorname{Node}(i))+ \operatorname{getTime}(i)\left\{\begin{array}{rr}1 & \text { if getDigT }(i)==\text { NInfo }(\operatorname{DigT}(i)) \\ 0 & \text { otherwise }\end{array}\right.\end{gathered}$

The node if successfully authenticated, allocated with a label 1, and 0 if not authenticated in case of malicious node. The node labeling helps in consideration of nodes into network.g  models retrieves the digital token of each node during authentication process.

Step-5: The sender and the receiver in the network, before data transmission into the network and before receiving the data, the nodes need to get authenticated using the key set keys. The malicious nodes can be easily detection with the strong authentication scheme. The sender and receiver node authentication process is performed as

$\begin{aligned} & \text { SourceAuth }[M]=\coprod_{i=1}^M \lim _{i \rightarrow M}\left(\operatorname{NodeAuth}(i)+\frac{\operatorname{getNode}(i)}{\text { nodeAddr }(i)}\right)+ \\ & \operatorname{getIKset}(K 1)+ \\ & \operatorname{getTime}(i)\left\{\begin{array}{lr}1 & \text { if } \operatorname{getIKset}(K 1)==I K \operatorname{set}(\operatorname{Node}(K 1(i))) \\ 0 & \text { otherwise }\end{array}\right. \\ & \end{aligned}$

$\begin{gathered}\operatorname{DestAuth}[M]=\coprod_{i=1}^M \lim _{i \rightarrow M}\left(\operatorname{NodeAuth}(i)+\frac{\operatorname{getNode}(i)}{\text { nodeAddr }(i)}\right)+ \operatorname{getIKset}(K 2)+ \operatorname{getTime}(i)\left\{\begin{array}{rr}1 & \text { if getIKset }(K 2)==\operatorname{IKset}(\operatorname{Node}(K 2(i))) \\ 0 & \text { otherwise }\end{array}\right.\end{gathered}$

Here 1 represents authenticated and 0 represents not authenticated.

Step-6: Any network node with the intent to disrupt operations to other nodes is considered malevolent or malicious. The malicious actions in the network degrade the network performance. The proposed model accurately detects the malicious nodes in the network and the process is performed as

$\begin{aligned} & \text { MaliciousN }[M]=\frac{\sum_{i=1}^M \text { getSourceAuth }(i)+\text { getDestAuth }(i)}{\text { NodeAuth }(i)} \\ & \left\{\begin{array}{lr}1 & \text { if }(\text { SourceAuth }(i) \& \& \text { and DestAuth }(i)) !=1 \\ 0 & \text { otherwise }\end{array}\right.\end{aligned}$

Here 1 is allocated to the nodes that has malicious properties and such nodes will be removed from the network and 0 is allocated for the nodes that are normal and can be involved in communication.

}