Research Article | Open Access

Chin-Ling Chen, Tzay-Farn Shih, Yu-Ting Tsai, De-Kui Li, "A Bilinear Pairing-Based Dynamic Key Management and Authentication for Wireless Sensor Networks", *Journal of Sensors*, vol. 2015, Article ID 534657, 14 pages, 2015. https://doi.org/10.1155/2015/534657

# A Bilinear Pairing-Based Dynamic Key Management and Authentication for Wireless Sensor Networks

**Academic Editor:**Gyuhae Park

#### Abstract

In recent years, wireless sensor networks have been used in a variety of environments; a wireless network infrastructure, established to communicate and exchange information in a monitoring area, has also been applied in different environments. However, for sensitive applications, security is the paramount issue. In this paper, we propose using bilinear pairing to design dynamic key management and authentication scheme of the hierarchical sensor network. We use the dynamic key management and the pairing-based cryptography (PBC) to establish the session key and the hash message authentication code (HMAC) to support the mutual authentication between the sensors and the base station. In addition, we also embed the capability of the Global Positioning System (GPS) to cluster nodes to find the best path of the sensor network. The proposed scheme can also provide the requisite security of the dynamic key management, mutual authentication, and session key protection. Our scheme can defend against impersonation attack, replay attack, wormhole attack, and message manipulation attack.

#### 1. Introduction

In recent years, wireless sensor networks have been used in a variety of environments; a wireless network infrastructure, established to communicate and exchange information in a monitoring area, has also been applied in different environments, including disaster relief operations, seismic data collecting, monitoring wildlife, and collecting battlefield information.

Due to their small size, the sensors can be spatially scattered to form an ad hoc network. The sensors have an inherent limitation. The wireless sensor network requires an appropriate encryption or decryption system to protect the collected information [1]. The high cost of an encryption/decryption mechanism (e.g., Diffie and Hellman key management [2] or Rivest et al. encryption [3]) is unsuitable for use in a wireless sensor network.

In addition, the topology of the network environment is another important issue. The hierarchical predistribution protocol [4] allows some of the cluster nodes to aggregate the events of the sensor nodes to communicate with the base station. The hierarchical predistribution protocol includes several cluster nodes, sensor nodes, and base station; the most common hierarchical networks are two-level, and the two classes of sensor are sensor node and cluster node. The advantage of this scheme is the easy management of the data aggregation [5–7]. The process of aggregating the data from multiple nodes involves eliminating redundant transmission and providing fused data to the base station. It is also considered as an effectual technique for wireless sensor networks to save energy [8]. The most popular data aggregation algorithms are cluster-based data aggregation algorithms, in which the nodes are grouped into clusters: each cluster consists of a cluster node and some sensors; each sensor transmits data to its cluster node; and each cluster node aggregates the collected data; it then transmits the fused data to the base station.

The key management scheme is divided into four types: the Random Key Predistribution Protocol (RKP), the Group-Based Key Predistribution Protocol (GKP), the Hierarchical Key Predistribution Protocol (HKP), and the Pairing-Based Protocol (PBC). In 2003, Chan et al. proposed a Random Key Predistribution scheme [9]. Since each node randomly picks keys from a large key pool such that any two sensor nodes share at least one common key, ensuring adequate storage space and the range of the network is a challenge. The PIKE scheme [10] addressed the problem of high density deployment requirements in RKP. But in this scheme the session key is segmented into many key fragments. Therefore, the combination of the session key is complex. However, the PIKE solved the storage problem of RKP. Cheng and Agrawal proposed an improved key distribution mechanism [11]. The IKDM established a session key which used the exchange information between sensors; it can easily generate a session key by the polynomial function. In recent years, the pairing-based cryptography [12], TinyPBC, is a tiny pairing-based protocol and its computation cost is lower than other corresponding bilinear pairing-based schemes. The pairing-based mechanism was used in the sensor network to accomplish the key management of the sensor’s session key. It can use the sensors’ identity for sensors to send data to each other via the sensor network. After the identity exchange, the sensors key can easily compute the session key via the bilinear pairing. In such design, the security can also be enhanced.

In this paper, we propose using bilinear pairing to design dynamic key management and authentication scheme of the hierarchical sensor network. We use the dynamic key management mechanism [13, 14] and the pairing-based cryptography (PBC) [12, 15, 16] to establish the session key. We also use the hash message authentication code (HMAC) [15, 17] to offer mutual authentication between the sensors and the base station. Moreover, we also involve the capability of the Global Positioning System (GPS) [18, 19] to cluster nodes, in order to find the best path of the sensor network.

The remainder of this paper is organized as follows. The preliminaries are presented in Section 2. The proposed scheme is described in Section 3. The security analysis of our scheme is given in Section 4. And the discussions are offered in Section 5. Finally, conclusions are presented in the last section.

#### 2. Preliminaries

##### 2.1. Sensor Network Architecture

Categories of sensor networks significantly affect key establishment design [4]. The relative capabilities of different sensors are divided into the following two classes:(1)homogeneity: all sensors have the same capabilities;(2)heterogeneity: there is an inherent hierarchy of sensors with respect to their capabilities (with fewer sensors at higher, more “powerful” levels). The most common hierarchical networks are two-level, where there are two classes of sensors.

We choose the hierarchical sensors network’s model, and the architecture is described as follows: a small number high class sensors (cluster node), large number low class sensors (sensor node), and a sink node (base station). High class sensors have more powerful ability, they have been equipped with tamper-resistant hardware and GPS capability, the cluster node with powerful ability can plan routing table and achieve more security of sensor network, and the low class sensors have not been equipped with tamper-resistant hardware and GPS capability.

##### 2.2. Bilinear Pairing

The bilinear map can be constructed on elliptic curves. Each operation for computing is a pairing operation [8]. Let be a cyclic additive group, and let be a cyclic multiplicative group. Both groups and have the same prime order . Groups and are called bilinear groups. The security of the bilinear pairing-based scheme relies on the difficulty of the Discrete Logarithm Problem (DLP); that is, given the point , no efficient algorithm exists to obtain given and . The mapping is called a bilinear map if it satisfies the following properties:(1)bilinear: , , , ,(2)nondegenerate: exists such that ,(3)computable: an efficient algorithm exists to compute for any .

##### 2.3. Hash Massage Authentication Code (HMAC)

We combine the message authentication code [20, 21] and the bilinear pairing key to accomplish the hash-based message authentication code (HMAC); this is a specific construction for computing a message authentication code (MAC) using a cryptographic hash function in combination with a secret key. Both data integrity and authenticity of a message can be achieved by using a hash-based message authentication code in such a technique. We note HMAC (i.e., is a HMAC which signifies a one-way hash function with pairing key ).

##### 2.4. Pairing-Based Cryptography (PBC)

Since pairing-based cryptography (PBC), based on the identity-based cryptography (IBC) [22, 23], is used in many environments of cryptographic protocols and applications [12], the IBC has some drawbacks; this method needs a private key generator (PKG); it is a trusted entity in charge of generating and escrowing user’s private keys. In wireless sensor networks, if the sensors need to be deployed in an unattended environment, a sensor node should be a PKG, and this is difficult in a wireless sensor network. If we can easily generate a session key via a simple mechanism, it can reduce the complexity. PBC technology does not need a PKG and the sensors can authenticate themselves in the wireless sensor network. Therefore, the PBC is the best technology for key management.

#### 3. The Proposed Scheme

In this paper, we propose a bilinear pairing-based scheme to design a dynamic key management for wireless sensor network. We first introduce the proposed protocol architecture as in Figure 1.(1)Base station broadcasts the starting message to cluster nodes.(2)Cluster nodes respond the message authentication code to the base station.(3)After authentication, the base station sends a response message to allow cluster nodes to rule its group members of the sensor nodes.(4)Cluster node broadcasts the request message to find the members from the neighboring sensor nodes.(5)Sensor nodes reply the request and respond the message authentication code to the cluster node.(6)In order to get the sensor nodes’ session key, if the cluster node can transmit to the base station, enter into Step 6.1; else if the cluster node needs to transmit the collected information via the next neighboring, enter into Step 6.2.(7)After authentication, the base station sends the corresponding session key of sensor nodes to the cluster nodes.(8)After receiving the session keys, the cluster nodes can verify the message authentication code from Step 5. After that, the cluster nodes send the updated identities to the sensor nodes.

##### 3.1. Initialization Phase

In this phase, the base station computes the parameters to predistribute into the sensor nodes and the cluster node. The overview of the initialization phase is shown in Figure 2.

*Step 1. *First, the base station selects a random number and computes the sensor node identity :

Then, the base station randomly selects a secret parameter and uses the secret parameter and sensor node identity to compute the secret parameter :

The base station randomly computes a key pool , where , and distributes a session key to the th sensor node. It then stores the sensor node identity and the in the key list :

After that, the base station sends the parameters (, , ) to the corresponding sensor node.

*Step 2. *The base station selects a random number and computes the cluster node identity :

Then the base station randomly selects a secret parameter and uses the random secret parameters to compute the secret parameters (), respectively:

The base station randomly computes a key pool , where , and distributes a session key to the th cluster node. It then stores the cluster node identity and the in the key list :

The base station sends the parameters (, , , ) to the cluster node.

##### 3.2. Location-Based Routing Determination Phase

###### 3.2.1. The Starting Cluster Node Process

After the sensors are deployed, we must start the cluster node and get the path routing. In Figure 3, we authenticate the cluster node to confirm the legality of the cluster node. Next, the cluster node can rely on the location-based routing to find the best routing path.

*Step 1. *First, the base station selects a random number and broadcasts the message to the sensor network.

*Step 2. *When the cluster node receives the message, it can select a random number and compute the message authentication code with key :

The cluster node then sends the message to the base station.

*Step 3. *Upon receiving the message, the base station can use identity to find key from the :

It then computes the message authentication code and checks if it is equal to :

##### 3.3. Location-Based Routing Phase

The cluster nodes can establish the best route on the basis of receiving the broadcast location message in a monitoring area.

*Step 1. *After the initialization phase, the sensor nodes and cluster nodes store the operating parameters and then distribute the associated messages within their monitoring environment.

*Step 2. *The base station broadcasts the starting message to the cluster nodes.

*Step 3. *Upon receiving the starting message, the cluster node (equipped with a GPS receiver) broadcasts the message concerning its location to the neighbor cluster nodes.

*Step 4. *After receiving the message , the cluster nodes know the location of the source of the neighboring cluster such that it can transmit the monitoring data to the cluster node which is the nearest node to the base station.

For example, in Figure 4, cluster nodes , , , , , , , and can receive the nearest distance message to the base station from the neighbor cluster nodes , , , , , , , , and . It can compare the received location messages to select the nearest node from the base station and establish the multihop routing path to the cluster node . The cluster node will be used to relay communications to the base station, so the best path of the cluster node will be established as follows: . On the basis of the shortest distance between the cluster node and the base station, each cluster node will establish the best routing path.

In Figure 5, the cluster node can determine that the neighbor cluster node on the best path is , and the cluster node can determine the and , respectively. The best path for the cluster node can be established as follows: . In the same way, the cluster node can determine the best path: . Every pair of nodes along the resulting multihop path can establish a pairwise key for encrypted communication in such a way that each intermediate node can relay data towards the base station in a totally secure way. Location awareness also increases the probability that the geographically closest node pairs establish a pairwise session key along the best path to the BS, with the effect of saving energy on all the nodes involved in multihop routing.

##### 3.4. The Authentication Phase of the Cluster Node and the Sensor Node

The base station sends the broadcast message to the cluster nodes; when the cluster node receives the message, it will broadcast the request message to find the neighboring sensor node to join the group. The overview of the authentication phase of the cluster node and the sensor node is shown in Figure 6.

*Step 1. *When the cluster node receives the starting message , the cluster node selects a nonce and sends to the neighboring sensor nodes.

*Step 2. *Upon receiving the message, the sensor node selects a nonce and uses to compute the message authentication code :

The sensor node sends to the th cluster node .

*Step 3. *The cluster node adds the sensor node’s identity into the identity list :

It then sends the cluster node’s identity and the sensor node’s identity list to the base station. If the cluster node is the nearest base station, then it directly enters into Section 3.4, the Authentication Phase of the Base Station and the Cluster Node. Otherwise, the cluster node needs to transmit the collected information via the next neighboring cluster node and enters into Section 3.5, the Authentication Phase of the Cluster Node and the Cluster Node.

After the authentication and obtaining the session key of the sensor node, the cluster node computes the message authentication code and checks if it is equal to or not:

Then the cluster node selects a random integer number , computes the new parameter , and updates into , respectively:

The cluster node uses the session key to encrypt the new parameter of the sensor node :

The cluster node randomly selects a nonce and computes the message authentication code :

Then the cluster node sends the message (, , , ) to the sensor nodes.

*Step 4. *The sensor node computes the message authentication code and checks if it is equal to :

After authentication, the sensor node decrypts the encrypted message :

Then the sensor node updates parameter :

##### 3.5. The Authentication Phase of the Base Station and the Cluster Node

In this phase, the cluster node sends the message to the base station to find the corresponding sensor node’s session key. The overview of the authentication phase of the base station and the cluster node is shown in Figure 7.

*Step 1. *First, the cluster node collects the sensor nodes identity into the identity list :

Then the cluster node uses the pairing function to compute the pairing session key :

It computes the message authentication code :

Then the cluster node sends the message to the base station.

*Step 2. *After receiving, the base station uses the pairing function to compute the pairing session key :

The base station computes the message authentication code :

It checks if it is equal to :

After authentication, the base station uses the identity list to find the corresponding session key , makes the key list , and enters it into :

The base station randomly selects a nonce and computes the message authentication code :

Then, the base station uses the pairing session key to encrypt the sensor node’s session key list :

The base station sends the message (, , , ) to the corresponding cluster node .

*Step 3. *When the cluster node receives the message, it computes the message authentication code :

It checks if it is equal to :

Then, the cluster node decrypts the encrypted message :

In this phase, the cluster node obtains the sensor node’s session key and finishes the mutual authentication with the base station.

##### 3.6. The Authentication Phase of the th Cluster Node and the th Cluster Node

When the cluster cannot directly transmit the message to the base station, it will enter into this phase. The overview of the authentication of the cluster node and the cluster node is shown in Figure 8.

*Step 1. *The cluster node computes the pairing session key and randomly selects a nonce to compute the message authentication code :

Then, the cluster node sends the message to the cluster node .

*Step 2. *When receiving the message, the cluster node computes the pairing session key :

Then, the cluster node uses the pairing session key to compute the message authentication code and checks if it is equal to :

The cluster node randomly selects a nonce and computes the message authentication code :

The cluster node sends the message to the cluster node .

*Step 3. *After receiving the message (, , ) the cluster node computes the message authentication code and checks if it is equal to as follows:

#### 4. Security Analysis

##### 4.1. Mutual Authentication

###### 4.1.1. The Authentication between the Cluster Node and the Sensor Node

*(1) The Cluster Node Authenticates Sensor Node*. In the authentication phase of the cluster node and the sensor node, when the sensor node receives the message , the sensor node selects a nonce and uses to compute the message authentication code :

After the authentication of the base station and cluster node, the cluster node obtains the session key of the sensor nodes. The cluster node computes the message authentication code and checks if it is equal to :*(2) The Sensor Node Authenticates the Cluster Node*. The cluster node uses the session key to encrypt the new parameter of the sensor node :

The cluster node randomly selects a nonce and computes the message authentication code :

Then the cluster node sends the message to the sensor nodes.

When the sensor node receives the message, it computes the message authentication code and checks if it is equal to :

Therefore, our schemes achieve the mutual authentication between the cluster node and sensor node.

###### 4.1.2. The Authentication between the th Cluster Node and the th Cluster Node

*(1) The **th Cluster Node Authenticates the **th Cluster Node.* In the authentication phase of the cluster node and the cluster node, the cluster node computes the pairing session key and randomly selects a nonce to compute the message authentication code as follows:

Then it sends the message (, , , ) to the sensor nodes.

Upon receiving the message (, , , ), the cluster node computes the pairing session key :

Then, the cluster node uses the pairing session key to compute the message authentication code and checks if it is equal to or not:*(2) The **th Cluster Node Authenticates the **th Cluster Node*. Upon receiving the message (, , , ), the cluster node randomly selects a nonce and computes the message authentication code :

Then it sends the message (, , ) to the cluster node .

When the cluster node receives the message, it computes the message authentication code and checks if it is equal to :

Therefore, our scheme achieves mutual authentication among the cluster nodes.

###### 4.1.3. The Authentication between the Base Station and the Cluster Node

*(1) The Base Station Authenticates the Cluster Node*. In the authentication phase of the base station and the cluster node, when the cluster node receives the message , the cluster node uses the pairing function to compute the pairing session key :

It computes the message authentication code :

Then it sends the message to the base station.

When the base station receives the message, the base station uses the pairing function to compute the pairing session key :

The base station computes the message authentication code :

It checks if it is equal to :*(2) The Cluster Node Authenticates the Base Station*. When the base station receives the message , the base station randomly selects a nonce and computes the message authentication code :

Then it sends the message to the base station.

Then, the cluster node receives the message and computes the message authentication code :

It checks if it is equal to :

Therefore, we complete the mutual authentication.

##### 4.2. Dynamic Key Management

Our scheme offers random pairwise keys predistribution. After completing the information transmission, the cluster nodes and the sensor nodes update the session key for each session. It can prevent the replay attack. We divide it into two parts to analyze this process: the cluster node to sensor node and the cluster node to cluster node.

*(1) The Cluster Node to Sensor Node*. For example, if the sensor node wants to communicate with the cluster node , it computes the dynamic key :

Then, it encrypts the collected data with the key and sends the encrypted message to the cluster node .

Upon receiving the message, the cluster node computes the session key :

Then, it decrypts the message and gets the collected data.

After the transaction, the cluster node computes a new integer parameter to update the identity of the cluster node and sensor nodes:

So, our scheme updates a new session key in each section.

*(2) The Base Station to Cluster Nodes*. If the base station wants to update the session key, it can compute a new integer to generate a new secret parameter :

Then, it encrypts the new secret parameter with key and sends to the corresponding cluster node . This mechanism can prevent the cluster node be captured. If a perceptible attacker gets the cluster node and intercepts the secret parameters in the sensor network, we can change the secret parameter via the base station.

##### 4.3. Providing Session Key Protection (Elliptic Curve Discrete Logarithm Problem)

The security of our scheme relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP) concerning bilinear groups. We compute parameter ; given the point , it is difficult to obtain the secret parameter by giving the secret parameter and the . If an attacker steals the transferred traffic information, the attacker cannot crack the session key to decrypt the ciphertext.

##### 4.4. Impersonation Attack

In the impersonation attack, if the attacker tries to steal the information between the sensors’ communications, our scheme can defend against the information being used to conduct falsification, modification, replacement, and retransmission. In order to prevent the impersonation attack, the session key is generated by using mutual authentication. In the mutual authentication phase, we use and a one-way hash function with key to implement message authentication; the key is difficult to crack and calculate. The related information is shown as follows:

So, the attacker cannot accomplish the impersonation attack.

##### 4.5. Replay Attack

For the reply attack, we use dynamic key management to update the session key in each transaction, and we change the message authentication code in each section as follows. If an attacker tries to steal information to resend the same information to the target sensor node, it is impossible to pass the authentication.

For example, in each section, the sensor node uses , , and to compute the new message authentication code ; the cluster node uses , , and to compute a new message authentication code :

If the attacker uses the message authentication code, the verifiers can verify the legality as follows:

Therefore, the attacker cannot successfully achieve the replay attack.

##### 4.6. Wormhole Attack

In a wormhole attack, an attacker records a packet in one location of the network and sends it to another location, creating a tunnel between the attacker’s nodes. The packet is retransmitted to the network under the attacker’s control [24, 25]. In the location-based routing determination phase of our scheme, the cluster nodes can establish the best route on the basis of the received broadcast location message in a monitoring area.

In Figure 9, if an attacker deploys a malicious cluster node , it can collect the message from the sensor nodes , , and successfully intercept the messages. But, in our schemes, we involve the starting cluster node process in the location-based routing determination phase to build the communication connections initially. Afterward, we also involve the mutual authentication between the cluster nodes and sensor nodes. So, the attacker cannot successfully complete the wormhole attack.

##### 4.7. Message Manipulation Attack

In a message manipulation attack, an attacker may drop, modify, or even forge exchanged messages in order to interrupt the communication process [15].

In Figure 10, an attacker deploys a malicious cluster node and forges a fake cluster node; the malicious node can receive messages from the cluster nodes, and the attacker may drop, modify, or even forge exchanged messages in order to interfere with the normal communication process. If a malicious cluster node wants to interfere with a path among , , , the cluster node communicates with the malicious cluster node , and it cannot pass the mutual authentication successfully, because it is difficult to compute the HMAC’s key. Moreover, the routing path is established in the location-based routing determination phase. It is impossible for an attacker to interfere with the routing path and message.

#### 5. Discussions

In Table 1, our scheme can prevent more attacks than other related schemes. In Table 2, the cluster node only needs to store 1 session key and 2 identity parameters; we can use the bilinear pairing function to calculate the session key between the clusters or the session key between the cluster and the base station. We use the GPS to support the path planning agreements and use the location-based routing determination to build the network routing path. The dynamic key management protocol can update the session key to enhance the security.

| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

SK: the session key. ID: the identity. |

The proposed scheme provides complete authentication. In Table 3, we make the computation cost of the session key agreement according to four stages.

| ||||||||||||||||||||||||||||||||||||||||

: the time cost of a pairing operation. : the time cost of an additive group . : the time cost of a hash operation. : the time cost of an encryption. : the time cost of a decryption. : the time cost of generating a nonce. : the time cost of the polynomial function. : the time cost of the combining key fragment degree. : the time cost of the authentication. |

*(1) Sensor Node to Sensor Node*. TinyPBC is a tiny pairing-based protocol and the computation cost is lower than the bilinear pairing-based protocol. In this stage, the scheme TinyPBC can use the cost to generate a session key. We have more cost than the TinyPBC scheme does. Our scheme inherits the advantage of the TinyPBC: we use the sensor level to build the hierarchical sensor network; that is, we use TinyPBC’s topology (sensor node to sensor node) to our scheme (cluster node to cluster node), and it provides more powerful key management in WSN. It can also easily carry out message data aggregation and generate the session key between the cluster node and sensor nodes. So, our scheme can prevent more attacks, such as wormhole and message manipulation attacks. The computation cost of the pairing-based cryptography is the same as the TinyPBC scheme, but our scheme has better performance and security.

*(2) Cluster Node to Sensor Node*. According to the comparison of the KMTD, the sensor network is more convenient, complete, and secure. In order to achieve more security and easy key management, we use the bilinear pairing to generate the session key. We need not use the encryption and decryption to generate the session key or the base station’s help. The computation cost is reduced and and are added to help the session key generation. This method can defend against more attacks and also has the path planning agreement.

*(3) Cluster Node to Cluster Node*. According to the comparison of the IKDM, the computation cost is reduced to and added the bilinear pairing cost . The polynomial function easily generates the session key between the cluster nodes. However, the IKDM generates a session key which is unsuitable for large scale sensor network.

The construction methods of the session key need more key material of the cluster node to combine, so we chose the bilinear pairing to generate the session key in the cluster nodes and enhance security. It can more easily complete the session key.

*(4) Cluster Node to Base Station*. According to the comparison of the KMTD, the computation cost is reduced to and is added. We combine the message authentication code and the bilinear pairing key to accomplish the HMAC. The security of our scheme relies on ECDLP; the attacker cannot compute the secret key, and this increases the security between the base station and the cluster node. The session key and the mutual authentication are generated by the bilinear pairing function. It has the characteristic of ECDLP; the attacker cannot compute the secret key and pass verification.

Based on these concepts, we use the hierarchical topology which has more power and can easily implement key management. We combine the message authentication code and the bilinear pairing key to accomplish the message authentication.

#### 6. Conclusion

We used bilinear pairing to design a dynamic key management and authentication of the hierarchical sensor network. We used the dynamic key management, pairing-based cryptography, hash message authentication code, and the GPS capability’s cluster nodes to establish the secure agreement of the wireless sensor network. Our scheme achieves the following goals:(1)proposing the dynamic key management to update the session key;(2)overcoming the sensor node inherent limitations. We use the hierarchical network protocol in the wireless sensor network. It is more suitable for the large monitoring range in a wireless sensor network;(3)providing the mutual authentication among the sensor nodes, cluster nodes, and the base station;(4)using the characteristics of the Discrete Logarithm Problem to generate the session key, so that its security could be enhanced.

#### Notations

: | The th sensor node |

: | The th cluster node |

: | The base station |

: | A cyclic additive group which has the same prime order |

: | A cyclic multiplicative which has the same prime order |

: | Pairing operation |

: | The identity of the th sensor node |

: | The identity of the th cluster node |

: | The identity of the base station |

: | An integer number of secret parameters generated by the base station |

: | A public parameter, |

, : | A secret parameter using a secret number to compute the secret parameter for the th sensor node and cluster node, respectively |

, : | A secret parameter using a secret number to compute the secret parameter for the th cluster node and the th cluster node, respectively |

, : | An integer of the secret parameter generated by the cluster node and the base station, respectively |

: | A session key of the th sensor node |

: | A key pool generated by the base station, |

: | A key pool generated by the base station, |

: | A key list, , for to |

: | A key list, , for to |

: | The cluster node collects the sensor’s identity to send to the base station |

: | A nonce generated by |

: | The message authentication code |

: | determine if is equal to |

: | A one-way hash function |

: | A one-way hash function with key |

: | Using an asymmetric key to encrypt message |

: | Using an asymmetric key to decrypt message |

: | The th encrypted message |

: | The starting message which is used to start the cluster node which is dominated by the base station |

: | The location message |

: | The request message generated by the cluster node to find the sensor node |

: | The response message generated by the sensor node to respond to the cluster node request |

: | The finished message |

: | A secure channel |

: | An insecure channel. |

#### Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

#### Acknowledgments

This research was supported by the Ministry of Science and Technology, Taiwan, under Contracts nos. MOST 103-2221-E-324-023, MOST 103-2632-E-324-001-MY3 and MOST 103-2622-E-212-009-CC2 and Collaborative Innovation Center for Modern Logistics and Business of Hubei (Cultivation).

#### References

- F. Xia, X. Yang, H. Liu, D. Zhang, and W. Zhao, “Energy-efficient opportunistic localization with indoor wireless sensor networks,”
*Computer Science and Information Systems*, vol. 8, no. 4, pp. 973–990, 2011. View at: Google Scholar - W. Diffie and M. E. Hellman, “New directions in cryptography,”
*IEEE Transactions on Information Theory*, vol. 22, no. 6, pp. 644–654, 1976. View at: Google Scholar | MathSciNet - R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,”
*Communications of the Association for Computing Machinery*, vol. 21, no. 2, pp. 120–126, 1978. View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet - K. M. Martin and M. Paterson, “An application-oriented framework for wireless sensor network key establishment,”
*Electronic Notes in Theoretical Computer Science*, vol. 192, no. 2, pp. 31–41, 2008. View at: Publisher Site | Google Scholar - M. Ye, C. F. Li, G. H. Chen, and J. Wu, “EECS: an energy efficient clustering scheme in wireless sensor networks 10a.2,” in
*Proceedings of the 24th IEEE International Performance, Computing, and Communications Conference (IPCCC '05)*, pp. 535–540, April 2005. View at: Google Scholar - Z. X. Liu, Q. C. Zheng, L. Xue, and X. P. Guan, “A distributed energy-efficient clustering algorithm with improved coverage in wireless sensor networks,”
*Future Generation Computer Systems*, vol. 28, no. 5, pp. 780–790, 2012. View at: Publisher Site | Google Scholar - J. Yue, W. M. Zhang, W. D. Xiao, D. Q. Tang, and J. Y. Tang, “Energy efficient and balanced cluster-based data aggregation algorithm for wireless sensor networks,”
*Procedia Engineering*, vol. 29, pp. 2009–2015, 2012. View at: Google Scholar - O. Younis and S. Fahmy, “HEED: a hybrid, energy-efficient, distributed clustering approach for ad hoc sensor networks,”
*IEEE Transactions on Mobile Computing*, vol. 3, no. 4, pp. 366–379, 2004. View at: Publisher Site | Google Scholar - H. Chan, A. Perrig, and D. Song, “Random key predistribution schemes for sensor networks,” in
*Proceedings of the IEEE Symposium on Security And Privacy*, pp. 197–213, Washington, DC, USA, May 2003. View at: Google Scholar - J.-P. Sheu and J.-C. Cheng, “Pair-wise path key establishment in wireless sensor networks,”
*Computer Communications*, vol. 30, no. 11-12, pp. 2365–2374, 2007. View at: Publisher Site | Google Scholar - Y. Cheng and D. P. Agrawal, “An improved key distribution mechanism for large-scale hierarchical wireless sensor networks,”
*Ad Hoc Networks*, vol. 5, no. 1, pp. 35–48, 2007. View at: Publisher Site | Google Scholar - L. B. Oliveira, D. F. Aranha, C. P. L. Gouvêa et al., “TinyPBC: pairings for authenticated identity-based non-interactive key distribution in sensor networks,”
*Computer Communications*, vol. 34, no. 3, pp. 485–493, 2011. View at: Publisher Site | Google Scholar - C.-L. Chen, Y.-T. Tsai, and T.-F. Shih, “A novel key management of two-tier dissemination for wireless sensor network,” in
*Proceedings of the 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS '12)*, pp. 576–579, Palermo, Italy, July 2012. View at: Publisher Site | Google Scholar - C. Blundo, A. de Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly secure key distribution for dynamic conferences,”
*Information and Computation*, vol. 146, no. 1, pp. 1–23, 1998. View at: Publisher Site | Google Scholar | MathSciNet - S. M. Mizanur Rahman and K. El-Khatib, “Private key agreement and secure communication for heterogeneous sensor networks,”
*Journal of Parallel and Distributed Computing*, vol. 70, no. 8, pp. 858–870, 2010. View at: Publisher Site | Google Scholar - K.-A. Shim, Y.-R. Lee, and C.-M. Park, “EIBAS: an efficient identity-based broadcast authentication scheme in wireless sensor networks,”
*Ad Hoc Networks*, vol. 11, no. 1, pp. 182–189, 2013. View at: Publisher Site | Google Scholar - T. W. Chim, S. M. Yiu, L. C. K. Hui, and V. O. K. Li, “MLAS: multiple level authentication scheme for VANETs,”
*Ad Hoc Networks*, vol. 10, no. 7, pp. 1445–1456, 2012. View at: Publisher Site | Google Scholar - Q. Qian, X. Shen, and H. Chen, “An improved node localization algorithm based on DV-hop for wireless sensor networks,”
*Computer Science and Information Systems*, vol. 8, no. 4, pp. 953–972, 2011. View at: Google Scholar - X. Wang, J. Ma, S. Wang, and D. Bi, “Distributed energy optimization for target tracking in wireless sensor networks,”
*IEEE Transactions on Mobile Computing*, vol. 9, no. 1, pp. 73–86, 2010. View at: Publisher Site | Google Scholar - N. Komninos, D. D. Vergados, and C. Douligeris, “Authentication in a layered security approach for mobile ad hoc networks,”
*Computers and Security*, vol. 26, no. 5, pp. 373–380, 2007. View at: Publisher Site | Google Scholar - N. Komninos, D. D. Vergados, and C. Douligeris, “Authentication in a layered security approach for mobile ad hoc networks,”
*Computers & Security*, vol. 26, no. 5, pp. 373–380, 2007. View at: Publisher Site | Google Scholar - K.-A. Shim, “An ID-based aggregate signature scheme with constant pairing computations,”
*Journal of Systems and Software*, vol. 83, no. 10, pp. 1873–1880, 2010. View at: Publisher Site | Google Scholar - T.-Y. Chang, “An ID-based group-oriented decryption scheme secure against adaptive chosen-ciphertext attacks,”
*Computer Communications*, vol. 32, no. 17, pp. 1829–1836, 2009. View at: Publisher Site | Google Scholar - M.-Y. Su, “WARP: a wormhole-avoidance routing protocol by anomaly detection in mobile ad hoc networks,”
*Computers & Security*, vol. 29, no. 2, pp. 208–224, 2010. View at: Publisher Site | Google Scholar - R. Stoleru, H. Wu, and H. Chenji, “Secure neighbor discovery and wormhole localization in mobile ad hoc networks,”
*Ad Hoc Networks*, vol. 10, no. 7, pp. 1179–1190, 2012. View at: Publisher Site | Google Scholar

#### Copyright

Copyright © 2015 Chin-Ling Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.