1. Field of the Invention
The present invention relates generally to a sensor network, and more particularly, to a method and apparatus for authenticating a sensor node when connecting to a sink node.
2. Description of the Related Art
A sensor network is a wireless network for ubiquitous computing, which includes a plurality of ultra-light, low-power sensors. With the introduction of a ubiquitous computing concept, a method which is capable of applying the ubiquitous computing to real life is actively being studied and sensor networks, which will be able to provide realistic ubiquitous environments have been raised as a main issue.
Sensor networks are being widely used in a field, which has limitations in arrangement. For example, a few thousand sensor networks are widely used for real-time traffic monitoring, building safety monitoring (e.g., structure, fire and physical safety monitoring), military sensing and detection, earthquake activity measurement, real-time pollution monitoring, wildlife monitoring, wild fire detection, etc.
A sensor network includes many sensor nodes and performs many functions to sense information through the sensors and to process the sensed information. Although the sensor network can acquire and process a variety of information using the sensors, the sensor network should be able to ensure information integrity and personal privacy from a large amount of sensed information. Namely, for a more realistic and smooth ubiquitous computing environment, the development of security mechanism in the sensor network, which can safely process and manage the sensed information, should be studied and applied, together with the utilization of the sensor network and the development of sensor techniques. Accordingly, a variety of methods for authenticating sensor nodes by a sink node have been proposed.
For example, there is a scheme in which information necessary to authenticate all sink nodes is dispersed in consideration of the mobility of the sink nodes and all the sink nodes participate in an authentication process of any sink node. See R. Fantacci, F. Chiti, and L. Maccari, Fast Distributed Bi-directional Authentication for Wireless Sensor Networks, John Wiley & Sons, Security and Communication Networks, vol. 1, pp 17-24, 2008 (hereinafter FCM08).
In the FCM08 scheme, respective sink nodes of a sensor network have the same performance and include parts of information, which they can use to authenticate each other. A first sink node, which newly participates in the sensor network, makes a request to a second sink node, which has already participated in the sensor network, to perform authentication. The second sink node receives the authentication information about the first sink node from a third sink node, a fourth sink node, etc. which have already participated in the sensor network and performs the authentication process.
As another authentication method, lower cluster headers are assigned an authentication function to efficiently perform a process of authenticating a node in a topology formation step of the sensor network, thereby dispersing overhead in the authentication process of the node. Each cluster header previously has a list for partial information about nodes and requests a Base Station (BS) node to transmit the other information about connected nodes to confirm the other authentication information. See J. Ibriq and Imad Mahgoub, A Hierarchical Key Establishment Scheme for Wireless Sensor Networks, Proceedings of 21st International Conference on Advanced Networking and Applications (AINA '07), pp. 210-219, 2007 (hereinafter IM07).
In another authentication method, there is a scheme using a secret key. To allocate a secret key to a sensor node, a sink node serving as a BS generates the pool of keys, divides the generated keys into a plurality of matrixes to distribute rows and columns, and allocates the keys to the sensor node. The rows and columns distributed to the sensor node are used to search for a common secret key necessary for security authentication.
In the authentication method using the secret key, a distributed sensor network may be constructed to have a common key pool, which is previously allocated to each node, and accordingly to have rings of keys, and a shared key, which is commonly present, may be detected by comparing the rings of keys.
Existing sensor networks have focused on an application field of a static environment, but a sensor network of a dynamic environment using mobile nodes is also being gradually established. Accordingly, an authentication process suitable for such a dynamic environment is needed.
In a sensor network, sink nodes generally have a static construction, but sensor nodes may move to other locations. After moving, the sensor nodes are switched from one sink node to another sink node and, thus, reauthentication may be requested. However, because a conventional authentication method does not consider reauthentication, the same authentication procedure is performed at every authentication. However, it is inefficient for an adjacent sink node to perform reauthentication using the same process, because a previously connected sink node has already performed authentication for a sensor node.
For example, in the above FCM08 scheme, because each node participates in the authentication process, there is some overhead. If the same process is performed at every node authentication, the number of authentication processes will increase during node authentication according to the network arrangement state of each node and communication overhead will increase.
In the IM07 scheme, because partial information of nodes should be previously distributed to a cluster header to perform authentication for nodes, information about all the nodes on a network should be previously stored. Moreover, the above-described scheme is not suitable when mobility of nodes including new participation and elimination of nodes is considered.
Further, there are few considerations for node reauthentication according to a topology change of a node, after a sensor network topology is formed.
The previous distribution method of keys of the sensor network does not consider reauthentication like the IM07 scheme.