This research develops a rank-based energy-efficient key management framework for WSN IoMT sensors (EEG, ECG, TEMPERATURE, MOISTURE, EMG, and HEARTBEAT) to establish efficient communication, computation PDR, and throughput and energy consumption. The limitations of the sensor network make the routing process a challenging task. Most of the routing protocols used in WSN are vulnerable to node compromise attacks. Since it is designed to optimize the limited resources and focuses on enhancing node-level security. The rank-based decision approach with EEKM - Energy Efficient KEY Management scheme focuses on two key phases: 1) Link Stability and Mobility Prediction 2) Group Key Management.
The decision agent uses the predicted sensor values and node properties to decide whether a node can join a node group. The time and energy are saved during the frequent sensor.
In a group key management scheme, a group key is generated to restrict the reading access of sensor collected data from non-group members. It avoids certification and third-party involvement issues. It reduces the exchanging certification issues and key hacking issues by frequent updating methods.
The routing protocols are executed along with the proposed RBEEKM and simulated using ns-3 to find evaluation metrics for PDR, throughput and energy consumption by the health wireless sensor network.
Most of the centralized key management protocols emphasize data security during group communication. However, the proposed Rank-based Energy Efficient key management protocol focuses on improving the lifetime of the nodes in the WSN network and linking stability with minimum energy consumption. This approach uses a decentralized key management scheme to establish and verify the group key. This protocol divides a node's group into subgroups by ranking. In this, the order is assigned based on the emergency interrupt signal. The subgrouping strategies are performed to enhance the scalability and efficiency of the key management scheme to provide secure group communication. The proposed method initially establishes a standard group key called the session key among the group members. The system parameter (public parameter) and private keys are generated from a master secret key, and they only help establish the shared session key among the group. The intended receiver set of the group is appended to it by the broadcaster and broadcasted.
The RBEEKM scheme follows some techniques such as Domain-specific system users’ initialization, keying material formation, key dissemination, installation, keying material’s unauthorized access restrictions, and frequent keying materials updating.
Figure 2 depicts the fundamental operations performed by the RBEEK management approaches. Nodes registering with the group center, ranking key processes, and secure data transfer are the main functions of the RBEEK management method.
The key information of the key pre-distribution phase is embedded with the sensor nodes earlier in deployed step. It uses the following assumptions:
- Initially, \(the \text{'}n\text{'}\) number of initial nodes (health sensor) was created. Then based on the requirement, the size of 'n’ is added later.
- Limited memory and power are assigned to each sensor node.
- Each sensor nodes are unaware of its neighbors (nodes).
- Each sensor nodes are unaware of node connection establishment.
- Each node in a network can connect with another node.
- Whenever a sensor node doesn't transmit any data, then the node is considered the trustworthy node.
The RBEEKM scheme regulates the shared keys for active sensor nodes in the Transmitting Node Group (TNG). The TNG takes part in the serial communication by the state of the sensor node. The RBEEKM scheme gives an efficient keying mechanism to broadcast keys without acknowledgments or retransmission. The security scheme in the RBEEKM is executed along with routing protocols.
The RBEEKM scheme ensures confidentiality and authentication. This section describes the functionalities of the RBEEKM scheme. The RBEEKM scheme consists of the following key management phases:
- Initial setup phase
- Pre-distribution phase
- Shared Key discovery phase
- Path key establishment phase
- Ranking Key Phase.
Initial Setup
It uses two keys as Node key (K) and the Network key (NK). The server node’s key uses unicast the node keys to the sensor nodes. At the same time, the former node is used by the individual sensor node for encryption and decryption.
Key Pre-Distribution Phase
Before the deployment of sensor nodes, this phase is completed offline. The group key pools (\({G}_{i})\) are formed primarily with the global key pool\(\left(K\right)\). After that, a keyring from a group key pool \({G}_{i}\) is assigned to each sensor node in the group. The purpose of the \({G}_{i}\) is to permit e the neighbor’s TNG to share additional keys for times. Once, each sensor (\(j\)) in the TNG arbitrarily is preferred, keyring \(i,j\) and R from its corresponding\({G}_{i}\). It is loaded into the sensor’s memory.
Shared-Key Discovery
Each sensor node must broadcast the key index information of its keyring(\({R}_{i}\)) to reveal its key information to neighbor nodes during the network bootstrapping phase. As a result, each node is responsive to the neighbor node’s keys. The keys that each node shares with its neighbors are calculated and identified by a key index of its keyring.
Path-key establishment phase
Suppose the CTN doesn’t share a standard key directly, then the path-key formation technique generates a pair-wise key between the node's groups. Whenever the key-sharing group is connected, the node’s path is established from one source node to CTN and Upcoming Transmitting Node (UTN) sensor nodes.
Ranking-Key Phase
In this phase, initialization (INIT) and update (UPD) are the two control packets used to perform this ranking key.
$$INIT: (L , {K}_{i} , Trankkey ) , mac (L , {K}_{i} , Trankkey)$$
$$UPD: (L , {K}_{i+1} , Trankkey ) , mac (L , {K}_{i+1} , Trankkey)$$
Where the notations \(L\) indicates the length of the key, \({K}_{i}\) indicates the initial key, \(Trankkey\) indicates Rank keying interval of \({K}_{i}\), \(mac\) - message authentication code. Network Key is used to encrypt all control packet nodes and send other nodes in a group. Suppose a node is identified as an Updated packet, but it does not belong to its server. In such a case, the specified node is discarded from the path. Otherwise, the Updated packet is broadcast to all neighboring nodes.
Figure 4 depicts the various stages of the security establishment’s scheme in the proposed approach for routing each data packet from source to destination. In the node setup stage, sensor nodes and adversary nodes are initiated. Next, initially shared keys are distributed to all the nodes except the adversary node. In the path key establishment phase, each node and its neighbor node's shared keys are identified and verified to establish the path. Each node's key is ranked based on its data range and length in the ranking key phase. In the shared key discovery phase, each node's shared key is searched among their neighboring node's shared key. Whenever the shared key pair is found, then the path is updated for a node to transmit packets to the destination.
The step by step procedure for the proposed Ranking key-based secure routing path establishment scheme is given as follows,
RBEEKM Algorithm
Step 1: Initialize \(‘n’\) sensor nodes in the network
Step2: Pre-distribution phase for global shared group key
Step 3(i): Find a one-hop neighbor for all sensor nodes based on a discovered shared key
Step 3(ii): Assign data to generate rate 'D' to all nodes using randomly generated value with Path key establishment.
Step 4: Sort nodes using data rate (high data rate nodes first)
While (\(List ai==0\))
RPi = sort (List\(ai \left[nn\right]\)), //nn- n number of nodes with select node with high data rate, RPi
Remove \({RP}_{i}\) and its neighbor from\(List ai\)
End while
Step 5: Sink scheduling of path for selected RPs (Sink).
Step 6: Call TSp(RPs) //Path Formulation based on Ranking-Key
Step 7: Each SN communicates with the nearest RP and moves to the following location.
Several sensor nodes and their adversaries are initialized to perform this simulation. The group key pools are formed primarily with the global key pool in the key pre-distribution phase. After that, a keyring from a group key pool is assigned to each sensor node in the group. The purpose of the group key pools is permitted for time neighbor’s TNG to share additional keys. Once each TNG sensor is arbitrarily preferred, keyring \(i,j\) and R from its corresponding group key pools. It is loaded into the sensor’s memory. In the third phase, the one-hop neighbor is found for all sensor nodes based on a discovered shared key. The transmission path is formed from a source to CTN and UTN sensor nodes whenever the key-sharing graph is connected. In the fourth phase, data generate rate 'D' is assigned to all nodes using randomly generated values with Path key establishment. In the fourth step, nodes are sorted to find rendezvous points by a node with the highest data rate. The node with the highest data rate and neighbor nodes are removed from the List. In the fifth step, sink scheduling is performed for all the selected RPs. The control packet is encrypted and sent to all sensor nodes using the generated network Key in the sixth step. When the node discovers that the updated package is not from its server, it is discarded. Otherwise, the updated packet is broadcast to all neighbors. In this, the ranking is performed by verifying the length of the initial key, the Rank keying interval of \({K}_{i}\), and the message authentication code of the specific node. Finally, if the key authentication phase succeeds in the previous step, each sensor node from the group communicates with its RP.
In this research, the ranking key-based routing path establishment scheme is suggested to resolve the routing complexities in the AODV routing protocol. The performance of the RBE-EKM based routing method is analyzed in the subsequent section in detail.