Security in Wireless Actor & Sensor Networks (WASN): Towards A
Hierarchical Re-Keying Design
Fei Hu 1
1: {fei.hu@ieee.org}, Computer Engineering, RIT, 83 Lomb Memorial Dr, Rochester, NY USA
2: {cao@it.rit.edu}, Dept. of Information Technology, RIT, 102 Lomb Memorial Dr, Rochester, NY USA
Abstract – Our work aims to address the challenging security issues in
an important information infrastructure – large-scale and low-energy
Wireless Actuator and Sensor Networks (WASN). Since WASNs have
specific network constraints and data transmission requirements
compared to general ad hoc networks and other wireless/wired
networks, the security issues need to be tackled accordingly. We
propose to seamlessly integrate WASN security with a promising
routing architecture that is scalable and energy-efficient. To protect
from active attacks in mobile sensor networks, we propose two-level
re-keying/re-routing schemes that can not only adapt to a dynamic
network topology but also securely update keys for each data
transmission session. Moreover, to provide the security for the in-
networking processing such as data aggregation in WASNs, we define
a multiple-key management scheme in conjunction with the proposed
Tree-Ripple-Zone (TRZ) routing architecture.
Keywords – Homeland Security, Wireless Sensor and Actor networks
(WASN), Hierarchical Routing
A. Introduction
R
ecently Wireless Sensor Networks (WSN) have attracted
wide attentions in academia. A promising solution called
Wireless Sensor and Actuator Networks (WSANs) has
been proposed to accomplish microclimate contril in buildings,
battlefield surveillance, attack detection for homeland security,
environmental monitoring, and so on [3]. WSANs, which can
both detect and respond to intrusion and attacks promptly, have
emerged as one of the most important technologies to
implement the vision of a pervasive system that consists of
nomadic computing (through wireless networking protocols)
and smart spaces (through the coordination of sensors and
actuators). In WSANs, sensing the environment and acting on
the information gathered are the means by which the nodes
interact with the physical world. A civilian application example
is the wild fire handling: sensors relay the information about the
exact origin and fire intensity to water sprinkler actuators so that
the fire can be extinguished before spreading uncontrollably.
Similarly, motion and light sensors in a room can detect the
presence of people and then direct the appropriate actuators to
execute actions based on user pre-specified preferences.
WSANs have some unique characteristics compared to
WSNs (Wireless Sensor Networks), such as real-time sensing
/acting, sensor / actor heterogeneity, and actuator mobility [2].
WSANs typically consist of large-scale low-energy tiny sensors
and a small number of resource-rich actuators that are randomly
distributed among sensors. Sensors send data to local actuator(s)
Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE
Xiaojun Cao 2
instead of to a remote sink for real-time control. Compared to
tiny sensors, actuators typically have higher power, more
memory and stronger calculation capability in order to perform
more complicated tasks such as interacting with remote sink [3].
While WSNs are concerned mainly about sensor-to-sensor
interconnections, in WSANs four types of coordination need to
be considered in the same scenario: actuator-to-actuator (A-A),
sensor-to-sensor (S-S), actuator-to-sensor (A-S) (downlink), and
sensor-to-actuator (S-A) (uplink).
As pointed out in [3], even though a significant number of
work has been done in WSN, very little research work has been
conducted on WSANs that have the coexistence of actuators and
large-scale low-energy sensors. There exist many challenging
issues to be addressed in WSANs such as real-time A-S/S-A
routing, A-A mobility management, and so on [2], however, the
focus of this paper is to solve the issue of energy-efficient
security in WSANs.
In terms of WSN security issues, the pioneering work on
securing WSN end-to-end transmission is SPINS [4,5].
However, it requires time synchronization among sensors. A
key-pool scheme was suggested in [6] to guarantee that any two
nodes share at least one pairwise key with a certain probability.
Multiple pairwise keys may be found between nodes by the
schemes proposed in [7-9]. Key pre-distribution schemes
utilizing location information were described in [10-12]. Other
WSN security research works include Denial-of-Service (DOS)
attacks [13], routing security [14], group security [15], etc.
The common drawback of the current WSN security
schemes is that they do not integrate security with a hierarchical
low-energy routing architecture, which cannot be applied to
WSANs effectively. In this paper, we will propose a low-
energy, scalable WASN security scheme that has close
integration with a two-level ripple-zone-based WASN routing
architecture. Our goal is to ensure that data can be transmitted
among actuators and sensors with desired security (i.e.
overcoming network attacks such as eavesdropping and
intrusion). To the best of our knowledge, this is the first attempt
to solve the security issue that arises from the coordination of S-
S, A-A and A-S/S-A communication.
The rest of this paper is organized as follows. Section B
introduces a hierarchical scalable routing architecture. Section
C provides a detailed security implementation and cryptographic
procedure. We present performance analysis and simulation
results in Section D and E. Finally, Section F concludes the
paper with a summary of its major contribution.
 B. A Scalable Routing Architecture
As the prerequisite of security, we argue that it is very
important to design a hierarchical, energy-efficient routing
scheme compatible with the specific network characteristics of
WSAN since security key management needs such a low-energy
routing protocol. The design of security-oriented routing should
address the following concerns: (1) Suitability to unique WSAN
topology characteristics; e.g. how do we utilize the small
number of resource-rich actuators to do the most calculation-
intense security tasks while using the large number of resource-
constrained sensors for lighter tasks? (2) Scalability to high-
density WSANs; (3) Energy efficiency in terms of routing
overhead; (4) Favorability in terms of security implementation.
Accordingly, we propose a Ripple-zone-based algorithm to self-
organize sensors into different ‘ripples’ and introduce the
concept of a “Ripple key” to achieve asynchronous broadcast
authentication in our routing scheme (see discussion below).
Our proposed Ripple-zone-based WSAN routing scheme is
as follows [16]: To design a scalable, energy-efficient routing
scheme, we have created a Member Recognition Protocol
(MRP) to allow actuators and sensors to self-organize into
separate “domains” with each actuator as the domain center.
After running our MRP, each actuator will be aware of its
domain members. Within the domain of each actuator, we
further propose the concept of a Ripple-Zone (RZ) around each
actuator, in which sensors are assigned to different “ripples”
based on their distances, in number of hops, from their actuator,
and we further choose some sensors as “masters” based on our
self-organized Topology Discovery Algorithm (TDA). Each
“master” aggregates data from the sensors in its zone before it
transmits data to a “master” in a closer “ripple” to the actuator,
i.e. with a smaller number of hops to the actuator (see Figure 1).
Figure 1. Proposed security-oriented Ripple-zone-based Routing
The proposed RZ-based routing architecture is very
important in terms of WSAN security scalability and energy-
efficiency. Each actuator can aggregate the sensed data from its
domain sensors or send new query commands to some sensors
in its domain. It does NOT need to interact with sensors
belonging to other domains. To reduce data redundancy, a
“master” aggregates data from its zone sensors and then sends
data to next master in a nearby ripple. Unlike LEACH [17], our
“masters” use multi-hop communication (i.e. ripple-to-ripple) to
Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE
eventually reach an actuator instead of directly transmitting data
to an actuator.
C. Security Implementation
As described in Section B, the proposed WASN routing
protocol self-organizes the whole network into two levels: (1)
high-level actuators, and (2) low-level sensors that belong to a
domain of a actuator and self-organize themselves into a zone-
ripple architecture. In this section the security protocol used
among high-level nodes is discussed, including actuators and a
sink. A sink can execute all major sensor network management
tasks such as the distribution of keys to each actuator/sensor and
collection of sensed data from sensors. In the High Level MST
(Minimum Spanning Tree)-based backbone architecture, two
types of keys exist: (1) A Session-Key (SK) is used for the
encryption/decryption of data packets. (2) A Backbone Key
(BK) is used to secure control packets that include SK re-keying
information.
Figure 2 Two-level key management scheme
(Supernode means actuators)
Figure 2 shows the relationship between these two keys. Note
that SKs need to be re-keyed periodically to defeat active
attacks. However, the BK is refreshed in an event-triggered
way. Typical events include new actuator insertion, node death,
or node compromise. The sink can use any well-known group
communication protocol [18,19] to update the BK, i.e. BK-
rekeying. The rest of this section is focused on the re-keying of
SKs since frequent SK renewal during data packet transmission
is crucial to defend against keystream-reuse attacks 1.
A unique issue in WASN security is that the selection of
key sharing schemes should consider the impact on in-
networking processing [20]. For example, data aggregation is
necessary for reducing communication overhead from redundant
sensed data. If one simply adopts one type of key, i.e., pairwise
1
Keystream-reuse attack: To save energy, a WASN protocol should minimize
the amount of data transmitted. Thus the symmetric stream cipher is a good
choice for WASN security because the size of the ciphertext is the same as that
of the plaintext. A keystream is generated as a function of the message key and
the initialization vector, and is XORed with the plaintext to produce the
ciphertext. Stream ciphers usually encrypt packets with a per-packet
initialization vector (IV), but due to the limited IV space (only 24 bits in IEEE
802.11 WEP), it is vulnerable to practical attacks.
 key that is shared between only two nodes, memory limitations secret keys based on the current session key SKnow and a random
will prohibit a master from maintaining all the keys necessary to number x as follows: KEYNEW f SK now , x  , the
aggregate data from its member nodes. Simply building an end-
to-end secure channel between each sensor and the sink is generation of a x is based on the counter approach in [5].
inadvisable, because intermediate sensors / actuators may need
to decrypt and authenticate the data collected from multiple
sensors. Since different types of messages exchanged among
sensor nodes have different security requirements (such as data
aggregation security), a single keying mechanism may not be
suitable for all cases. Thus, multiple keys need to be introduced
in Low Level sensors. Again, one can integrate the key
management with the team’s routing architecture consisting of
zones and ripples. To save security overhead, our scheme
generates a new key based on a family of Pseudo Random
Functions (PRF) {f} as follows: K ' K , x f K ( x) , where K is
last key and x is a random number.
We have defined multiple types of keys for different
security purposes as follows: (1) Master-to-Actuator Key
(MAK): An MAK is shared between each master and its
Domain Actuator. It is used for direct Master-to-Actuator secure
communication. An MAK is generated based on a Level 1
Session Key (SK) as follows: MAK = fSK (Master-ID); (2) Inter-
Master Pairwise key (MPK): Occasionally secure channels need
to be established between two masters that belong to two
actuator domains; (3) Sensor-to-master Pairwise Key (SPK): A
sensor-to-master pairwise key is shared between a master and
each of the sensors in its zone; (4) Zone Key (ZK): Zone keys
are used for data aggregation and also for the propagation of a
query message to the whole zone. Each ZK is shared among all
sensors in the same zone; (5) Ripple Key (RK): A ripple key is
used for broadcast authentication in an actuator domain.
PTESLA [5] is not used in our broadcast authentication Figure 3. Cryptographic procedure
due to the following two reasons: (a) PTESLA needs loose time
synchronization that is not practical among a large number of D. JiST-based Performance Analysis
low-cost sensors; (b) the delayed release of the authentication
key needs a long-size data packet buffer in each sensor, which is JiST (Java in Simulation Time) [21] and SWANS [22]
a high requirement due to the very limited memory of a tiny provide a good starting point for the performance analysis of
sensor. These shortcomings are overcome by using a RK that is WASN security. JiST provides the core simulation engine, and
shared by all masters belonging to the same ripple. The RK is SWANS implements both an efficient Field for propagating
determined by the actuator, which sends different RKs for messages and a complete network stack. However certain design
different ripples through control packets encrypted by the MSK. limitations in the base distribution of SWANS create challenges
A actuator will send out a broadcast message that needs to be in developing a WASN simulator that need to be overcome.
authenticated multiple times. Each time the actuator uses a There are however, certain problems generated by the SWANS
different RK to encrypt it. Therefore, only the masters in the layer interface definitions. SWANS represents a full-fledged IP
corresponding ripple can decrypt it. stack, providing the application layer with sockets, allowing for
Security Implementation: A stream cipher RC4 has been multiple network interfaces (between the Network layer and one
used to implement encryption/decryption algorithm because the or more MAC layers). In a WASN, such a powerful, general-
stream cipher has a lower complexity of security algorithm purpose network stack is unnecessary. There are most likely
compared to a block cipher. To address the keystream reuse only one application, one routine protocol, and one pair of
problem, a sender includes its own sensor_ID into the generated MAC/Physical layers. Message priority and other parameters
keystream. For each message sent, the sender increments its are not a concern.
own per-packet initialization-vector (IV) by 1. Keystream In our WASN security simulation framework (see Figure
uniqueness can therefore be ensured. The cryptographic 4), the underlying SWANS code base was modified
procedure will follow the function components as shown in considerably to meet the demands of a wireless sensor network
Figure 3. Please notice that MAC is included for authentication simulator. The interfaces were modified heavily to allow for a
purposes. In addition, to generate multiple secret keys, the simpler network stack, more general address and message types,
Pseudo Random Functions (PRF) {f} are adopted to derive new

Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE
 and transmission power adjustment. The SWANS network and handle “control” packet losses issue. Figure 7 shows that other
routing layers were removed and replaced by the WASN routing security schemes that are based on ACQUIRE [23] (it simply
and encryption layer, which are implemented as a single layer uses cluster-to-cluster forwarding) or based on TAG (it uses a
because the encryption protocol is tightly bound to the routing. simple spanning tree WSN architecture [24]), have a much
The transport layer is removed completely, and the application higher control packet loss rate (i.e., key loss rate) than our
layer tied directly to the network (routing and encryption) layer. security scheme that is based on Ripple-zone architecture.
The MAC layer now implements an acknowledgement for each
packet sent on a hop-by-hop basis, reducing latency in the event
of a packet loss or collision. Finally, a Battery class was
implemented, and hooked into the network and radio layers, to
track the remaining battery energy, as well as the energy spent
on communication and computation (encryption/decryption).

Figure 5. Energy consumption for control / data packets

Number of nodes

Sensor density

Figure 6: Density vs. Zones per Actuator Domain

Figure 4. JiST-based security simulation

Based on our JiST-based security simulator, we have Control packet loss rate
investigated the energy-efficiency of our Ripple-zone-based
security scheme. Figure 5 shows the global network energy
consumption (the sum of all nodes) based on three different
routing schemes: our proposed one, LEACH 17], and general
flat topology. Because we use ripple-to-ripple relay instead of
the direct clusterhead-to-sink communication in LEACH, our
scheme can save much energy than other security
infrastructures.
In Figure 6, we show that our master-selection algorithm
has good scalability. Even the network density increases a lot,
No. of sensors
our algorithm can still select a low amount of sensors as
masters. This characteristic is very important from security
complexity viewpoint since too many masters can lead too many
ripples and large inter-zone communication overhead. Figure 7. Robustness to wireless transmission errors
Our security scheme uses “control” packets to send keying
information that is used to encrypt “data” packets. It is very
important to guarantee reliable transmission for all “control”
packets. We adopt ripple-to-ripple link recovery scheme to

Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE
 n
2.5  P0 ­ i ½
E Re keying ># _ of _ hash@
n 1
n ®
n x P0  (1  Pfailure ) x ¦ (i x P0 )¾,
2  P0 ¯ i 1 ¿
where P0 PLoss  PCorruption

Assuming PCorruption = 0.25, we vary PLoss from 0.0 to 0.5 and

compare the simulation and analytical results. Figure 9 clearly
shows the validity of our analytical model.

F. Conclusions

This work addressed some challenging security issues in an

important information infrastructure – large-scale and low-
energy Wireless Actuator and Sensor Networks (WASN). The
salient advantages of this work compared to other related ones
are as follows: (1) Instead of purely focusing on security
research itself as in most of the current literature, we argued that
Figure 8: Control Packet communication overhead
WASNs have specific network constraints and data transmission
requirements compared to general ad hoc networks and other
Figure 8 shows the low communication overhead of our wireless/wired networks. We proposed to seamlessly integrate
security scheme based on ripple-zone routing architecture WSN security with a promising routing architecture that proves
instead of other routing schemes such as LEACH [17] and to be scalable and energy-efficient; (2) To protect from active
flooding-based flat topology. attacks in mobile sensor networks, we proposed two-level re-
keying/re-routing schemes that can not only adapt to a dynamic
E. Analytical model on security overhead of Our network topology but also securely update keys for each data
Scheme transmission session; (3) Due to the importance of secure in-
networking processing such as data aggregation in WASNs, we
We used a first-order Markov Chain model to analyze the defined a multiple-key management scheme closely related to
calculation and communication overhead when incorporating the proposed Tree-Ripple-Zone (TRZ) routing architecture.
our security features into Level 1 actuator communications. In terms of our future work, it will be interesting to
investigate tighter integration of security with routing in
7 WASNs in our future work. For example, if there are no
6 predetermined supernodes, how can we use wireless backbone
5 construction algorithms to select actors or sensors that are
4 evenly distributed in a WSN in a way that guarantees maximum
Analytical model
3 connection with neighboring sensors?
Simulation results
2
1
0 References:
0 0.1 0.2 0.3 0.4 0.5
[1] James F. Kurose, Keith W. Ross, “Computer Networking, A
Fig.9 Analytical and Simulation Results top-down approach featuring the Internet,” Pp 74-75, ISBN: 0-
201-97699-4, publisher: Addison-Wesley, 2003.
In local sensor processing, calculations involving the one- [2] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A
way hash function consume the most energy [25]. We therefore Survey on Sensor Networks,” IEEE Communications Magazine,
focus on the cost of computing hash functions during each re- vol. 40, no. 8, August 2002.
keying session. An actuator may fail to receive a new session [3] Ian F. Akyildiz and Ismail H. Kasimoglu, “Wireless Sensor and
key, or it may receive an incorrect session key that cannot be Actor Networks: Research challenges,” Ad hoc Networks Journal
authenticated by using the hash function. Incorrect session keys (Elsevier), (to appear), 2004.
may come from opponents attempting Denial-of-service attacks. [4] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D.
If the key chain buffer length is n, the probability of key loss is Tygar, “SPINS: Security Protocols for Sensor Networks,”
Proceedings of Seventh Annual International Conference on
PLoss, and the probability of key corruption is PCorruption. We
Mobile Computing and Networks MOBICOM 2001, July 2001.
derive the expected times for hash function calculations in a re- [5] Adrian Perrig, Robert Szewczyk, Victor Wen, Alec Woo, “Security
keying cycle, Ere-keying [#_of_hash], as follows [26]: for Sensor Network,”
http://www.cs.berkeley.edu/~vwen/classes/f2000/cs261/project/se
nsor_security.html.
[6] Laurent Eschenauer, Virgil D. Gligor. “A key-management scheme
for distributed sensor networks.” Conference on Computer and
Communications Security”. Proceedings of the 9th ACM

Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE
 conference on Computer and communications security 2002 , Applications (SNPA), in conjunction with IEEE ICC 2003, May
Washington, DC, USA 2003, Anchorage, AK, USA.
[7] Haowen Chan, Adrian Perrig, and Dawn Song, “Random Key [24] S. Madden, M. J. Franklin, J. M. Hellerstein and W. Hong, “TAG:
Predistribution Schemes for Sensor Networks,” IEEE Symposium a tiny aggregation service for ad-hoc sensor networks”,
on Research in Security and Privacy, 2003. Proceedings of the Fifth Annual Symposium on Operating
[8] Roberto Di Pietro, Luigi V. Mancini, and Alessandro Mei, Systems Design and Implementation (OSDI), December 2002.
“Random Key Assignment for Secure Wireless Sensor Networks,” [25] Adrian Perrig, Robert Szewczyk, Victor Wen, Alec Woo,
2003 ACM Workshop on Security of Ad Hoc and Sensor “Security for SmartDust Sensor Network,” the whole paper is
Networks (SASN '03) October 31, 2003 George W. Johnson available from the following website:
Center at George Mason University, Fairfax, VA, USA. http://www.cs.berkeley.edu/~vwen/classes/f2000/cs261/project/se
[9] Wenliang Du, Jing Deng, Yunghsiang S. Han, and Pramod nsor_security.html.
Varshney, “A Pairwise Key Pre-distribution Scheme for Wireless [26] Fei Hu, Waqaas Siddiqui, “LESS: Light-wEight Security Solution
Sensor Networks,” Proceedings of the 10th ACM Conference on for Wireless Sensor Networks Based on a Scalable Tree-Ripple-
Computer and Communications Security (CCS), Washington DC, Zone Routing Scheme,” To appear in IEEE Transactions on
October 27-31, 2003. Mobile Computing (special monograph on sensor networks) ,
[10] Donggang Liu and Peng Ning, “Establishing Pairwise Keys in 2004.
Distributed Sensor Networks,” The 10th ACM Conference on
Computer and Communications Security (CCS '03), Washington
D.C., October, 2003
[11] Donggang Liu and Peng Ning, “Location-Based Pairwise Key
Establishments for Relatively Static Sensor Networks,” 2003
ACM Workshop on Security of Ad Hoc and Sensor Networks
(SASN '03) October 31, 2003 George W. Johnson Center at
George Mason University, Fairfax, VA, USA.
[12] Wenliang Du, Jing Deng, Yunghsiang S. Han, Shigang Chen and
Pramod Varshney, “A Key Management Scheme for Wireless
Sensor Networks Using Deployment Knowledge,” To appear in
IEEE INFOCOM'04, March 7-11, 2004, Hongkong.
[13] Anthony D. Wood, and John A. Stankovic, “Denial of Service in
Sensor Networks,” IEEE Computer, 35(10):54-62, 2002
[14] Chris Karlof and David Wagner, “Secure Routing in Wireless
Sensor Networks: Attacks and Countermeasures,” First IEEE
International Workshop on Sensor Network Protocols and
Applications, May 2003.
[15] Guiling Wang , Wensheng Zhang , Guohong Cao , and Tom La
Porta, “On Supporting Distributed Collaboration in Sensor
Networks,” MILCOM 2003, October, 2003.
[16] Fei Hu and Sunil Kumar, “Energy-efficient Multimedia
Telemedicine Data Transmission in an Integrated Mobile
Computing Environment,” IEEE Transactions on Mobile
Computing (Conditionally accepted), 2004.
[17] W.R. Heinzelman, A. Chandrakasan, and H. Balakrishnan,
“Energy-efficient communication protocol for wireless
microsensor networks,” IEEE Proceedings of the Hawaii
International Conference on System Sciences, January 2000, pp.
1–10.
[18] H. Harney and C. Muchenhirn, “Group Key Management Protocol
(GKMP) Architecture,” RFC 2094, July 1997.
[19] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam, “Batch
Rekeying for Secure Group Communications,” Proceedings of 10th
International Word Wide Web Conference, May 2001.
[20] S. Zhu, S. Setia and S. Jajodia. “LEAP: Efficient Security
Mechanisms for Large-Scale Distributed Sensor Networks.” 10th
ACM Conference on Computer and Communications Security
(CCS '03), Washington D.C., October, 2003.
[21] Barr, Rimon. "JiST - Java in Simulation Time Users Guide."
March 19, 2004 http://jist.ece.cornell.edu/docs/040319-jist-
user.pdf
[22] Barr, Rimon. "SWANS - Scalable Wireless Ad hoc Network
Simulator Users Guide." March 19, 2004
http://jist.ece.cornell.edu/docs/040319-swans-user.pdf
[23] N. Sadagopan, B. Krishnamachari, and A. Helmy, "The ACQUIRE
mechanism for efficient querying in sensor networks", First IEEE
International Workshop on Sensor Network Protocols and

Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
0-7695-2315-3/05 $ 20.00 IEEE