1 Introduction

Wireless Sensor Networks (WSNs) have been used in numerous fields like monitoring hostile environments, armed and civil domains in a short span of time. The sensor nodes are highly resource constrained in terms of energy, memory, transmission range, communication and computational capability. Compared to all these resources, energy is considered as an important factor to increase the lifetime of the network. The sensor nodes are deployed in hostile environment which are powered by battery and thus have limited energy. MICA2 mote [2,3,4,5] consists of microcontroller 8 bit AT Mega 128L, 250 Kbits/s data rate, 512Kbyte flash memory and 3.3 V on board battery with 2A-hr capacity. For MICA2 mote, size of battery is 3.3 V which should be used efficiently. A sensor node consists of both volatile and non-volatile memory with reduced memory size. The Sensor node information such as node Identity (ID), routing table information, security related data and program are stored in non-volatile memory. Due to the limited memory size, the program and application specific information must not be overloaded. The transceiver consumes more energy compared to all other operation of sensor nodes. While designing protocols for wireless sensor networks, the number of message transmission between the nodes should be minimized to attain the goal without negotiating the objectives of the WSNs.

With the rapid increase of IoT applications and their demands the cloud computing has been used to satisfy the needs of IoT. To addresses the challenges of using cloud computing for IoT, the edge computing has been introduced. The edge computing devices are installed near to the WSNs which usually one hops away. Edge computing for WSNs is a shows potential framework which supports low powered sensor networks to perform complex computational tasks. The general architecture of edge linked wireless sensor network architecture is shown in Fig. 1. As compared with traditional WSN system architectures, the proposed edge computing based architecture reduces the response time as well as bandwidth between the wireless sensor networks and cloud. The edge layer is physically close to WSNs.

Fig. 1
figure 1

General architecture of WSNs linked edge computing

Full size image

The edge device has less capacity than cloud servers; still it handles a significant function of IoT demands. The edge node improves response time, privacy and reduces consumption of bandwidth [6,7,8, 42]. Some function of sensor nodes are to be outsourced to edge servers in the edge architecture, the secure communication must be ensured between sensor nodes and edge node. The cloud servers are more powerful which spend high resources for security [9, 10, 43]. In recent years, the edge computing has proved an effective assistance for WSNs. Therefore the security solutions proposed for cloud servers are not suitable for edge and sensor networks.

The sensor nodes placed in an unfriendly location are prone to the node compromise attack [1,2,3,4,5]. As the sensor node communicates wirelessly, it is easy for an attacker to compromise the nodes' communication. To overcome the attacks of the WSNs, security must be integrated with the network. Providing security in WSNs is thought-provoking due to sensor nodes' resource constraint nature, but secure communication can play a significant role in avoiding different attacks. The security in WSN can be achieved with encryption and authenticating the communication among the sensor nodes. The limitations mentioned above can be avoided with the aid of a key management scheme. Secure communication is very important to endure the different types of malicious attacks. Security is achieved by means of encryption and authentication communication between the sensor nodes. Due to the resource constraint nature of sensor nodes, the traditional cryptographic methods are not appropriate for wireless sensor nodes. These problems are overcome by means of basic essential scheme called key management scheme.

A key management scheme can be widely utilized to secure communication between the sensor nodes within its range. The key management scheme is divided into 3 phases-key pre-distribution, shared key discovery, and key establishment [6,7,8,9,10]. Initially, the keys are pre-distributed into the sensor nodes (i.e., before node deployment).Once nodes are placed in the field, each node tries to determine a shared key within its communication range. During the second phase, the neighboring sensor nodes form a shared key for secure communications.

In recent times, numerous key management schemes have been suggested to establish secure communication among the sensor nodes during the network formation. Each of these schemes has its advantages and limitations. The suitable key management scheme should satisfy three important metrics [11,12,13]: security, efficiency, and flexibility. The main motivation of the proposed work is as follows: The rising need of new in-formation processing paradigm such as health monitoring, environment monitoring and surveillance tasks have led to massive active research in the fields of highly distributed sensor networks. This dissertation is especially useful in catastrophic or emergency situation where human intervention may be dangerous. The failures of WSNs are inevitable due to hostile environment and unattended deployment; therefore sensor nodes must operate potentially in large numbers and with greater security. The national border security and disaster management theme is the need for this research in secure key management and routing of secure data in wireless sensor networks. The sensor nodes are highly resource constrained; providing security for WSNs is still a challenging task. Secure end to end relationship does not scale well in large scale WSNs [14,15,16,17,18,19,20,21,22,23,24,25].

Traditional cryptographic techniques are not suitable for resource constrained WSNs. A viable alternative is to use key management scheme. Many key management schemes are developed to fulfill their requirements for key establishment in wireless sensor networks. Still, it faces many problems such as increased memory requirement, computational and communication cost.

The limitations of the existing key pre-distribution schemes depend on symmetric and asymmetric cryptographic techniques are as follows:

  • The major limitation of Elliptic Curve Cryptography (ECC) [18, 32] based key pre-distribution schemes is that the keys are generated directly using ECC and pre-distributed into the sensor node. This increases communication costs and the requirement of memory. The key establishment between the sensor nodes is not addressed in the existing ECC-based key pre-distribution scheme.

  • The Random Seed Distribution with Transitory Master Key scheme (RSDTM) [21, 22] is the Random Seed Distribution's major limitation because a node cannot establish a shared key after a certain time. If an adversary captures anode's master key, then the entire network can be compromised by an attacker.

  • In E–G scheme [19], the sensor nodes need to store a vast number of keys to increase sensor networks' connectivity. However, it provides neither authentication nor key revoking between sensor nodes. Moreover, the scheme requires more memory for key storage.

This paper's main contribution is to overcome the above limitations; the proposed key management Scheme for WSNs linked edge node to reduce memory requirement, computational and communication overhead. The edge node is used to generate a unique key seed key from elliptic curve and shared with sensor nodes. It integrates both the cryptography techniques to achieve a high level of security and improves a node-to-node authentication compared to the existing key management scheme such as E–G and RSDTM.

The structure of the paper is arranged as follows: Sect. 2 reviews the related works of existing security schemes for WSNs. Section 3 explains the proposed scheme by integrating the authentication and secure key establishment using a hybrid approach. Section 4 describes the theoretical investigation of the proposed scheme. Section 5 reviews the simulation result and analysis of the proposed method. Section 6 summarizes the proposed method.

2 Related Works

The advantage of combining IoT with Edge servers are discussed in [44]. The processing of large volume of real-time data poses significant challenges in large scale IoT system. The above challenges are addressed with the help of edge computing [45] in resource constrained IoT nodes. Zhiwei Zhao et al. [46], addressed the challenges of deploying edge node in large scale IoT.

Generally key management plays vital role to provide security in any network [46,47,48]. In edge computing infrastructure, the key management scheme allows the nodes to establish a pairwise key to perform secure communication. The key management scheme for edge computing is attracting the attention of many researchers in recent years.

Eschenaueret al. [19] proposed the key management scheme based on the probabilistic method for WSNs. E–G scheme is depending on a random graph structure. This scheme is specially offered for wireless sensor networks. Most of the research work for WSNs is a framework of E–G methods. The major limitation of E–G scheme is no authentication, poor connectivity and periodic key refreshing is not done. The key should be refreshed periodically in order to overcome node compromised attacks. It does not support clustering operations to minimize the consumption of energy. The Q-composite method is the extension of EG-Scheme. The sensor nodes' network resilience is improved by using more keys instead of a single key in the EG scheme. The main advantage of this scheme is improved the resilience of network against node compromise attack. However, this scheme is more susceptible to attack once more numbers of nodes are compromised.

The pair wise key is generated by Blom's scheme [20]. The pairwise key is established among neighboring nodes in the network. It uses the threshold property to attain high resilience. The attacker needs to capture more nodes (i.e., greater than the threshold value) to capture the whole network. When the threshold value increases, the storage space required to hoard the keys also increases. To secure the WSNs, several key management schemes have been suggested [21,22,23,24,25,26,27,28,29,30].

The symmetric pre-distribution scheme offers security efficiently but not appropriate for the unfriendly environment. Gandino et al. [21, 22] proposed a Random Seed Distribution with Transitory Master Key scheme (RSDTMK),in which the seed keys are stored inside the sensor nodes instead of plain keys. In the initialization phase, the node generates the pairwise key using the master key within the activated time period. The main limitation of this scheme is the key cannot be generated after the time-out period. If the attacker compromised the master key, eavesdrop on the entire key information within the initialization phase and discovers the entire pairwise key shared between the nodes.

Public key cryptography plays an important role in cryptographic techniques [31,32,33,34]. It has a private and public key. The key size of public-key cryptography needs to be high to offer a high level of security. The direct implementation of public-key techniques is not suitable for resource constraint sensor nodes.

Many research works have been carried out on resource constraint network using public-key cryptography. Asymmetric key cryptography techniques need to perform more computation for encryption and decryption operation. It needs more computational power and processing time for performing the operation. Rivest Shamir Adleman (RSA) algorithm uses 512 to 2048 bits as key size. Many research works [35,36,37,38,39] have been carried on Elliptic Curve Cryptography using 8-bit CPUs. As compared to RSA, the key size of ECC is small. TinyOS key pre-distribution method is depends on ECC. For the RSA algorithm, the key size is 1024 bits, whereas for ECC, the key size is 160 bits for secure communication.

The elliptic curve cryptography based key pre-distribution scheme [40, 41] is proposed for WSNs. The keys are generated by performing a point doubling operation. It offers high connectivity as well as resilience for the resource constraint nature of sensor nodes. This scheme's limitation is the plain keys (ECC points)are pre-distributed into the sensor node. The author did not address the issue of how the sensor nodes have established the key among the sensor nodes, and communication overhead is high. Du et al. [32] demonstrated routing-driven key management scheme using elliptic curve cryptography for WSN. This scheme's performance is carried out in heterogeneous sensor networks to achieve high-level security in WSNs. It establishes shared keys with neighbor nodes using ECC based digital signature.

One of the evolving techniques of cryptography is Hyper Elliptic Curve Cryptography(HECC). The security level of HECC is the same as RSA and ECC and the key size is 80 bits [31, 33, 34], whereas 1024 bit for RSA and 60 bits for ECC. Some recent studies can also be referred from [42,43,44,45,46,47,48,49,50,51,52].

The approaches above for WSNs emphasize the distribution of key between the sensor nodes and not on node-to-node authentication. Thus, in this paper, the hybrid key management scheme method is proposed by linking edge devices along with sensor nodes to provide authentication between nodes and reduce storage space, computational and communication overhead. The following are the limitations imposed by the existing key pre-distribution scheme based on symmetric and asymmetric cryptographic techniques:

  • The major limitation of ECC based key pre-distribution scheme [30] is the keys that are generated directly and pre-distributed into the sensor node. The key establishment between the sensors nodes are not addressed in existing ECC based key pre-distribution scheme. Due to direct implementation of ECC, it increases memory requirement and communication overhead during the key establishment between the sensor nodes.

  • The major limitation of Random Seed Distribution with Transitory Master Key scheme (RSDTM) [21, 22] is after the time out period a node cannot generate the shared key. If the adversary captured a master key of sensor node using the captured information entire network can be easily compromised by an attacker.

  • E–G scheme [19] needs more memory to achieve high connectivity and resilience. There is no authentication process and key revoking between the sensor nodes. The pre-distribution of secret key over the large scale network is not feasible due to more number of keys need to be stored in sensor nodes to achieve high connectivity.

To overcome the above limitations, Hybrid Key Management Scheme is proposed for WSNs by linking edge computing node which will reduce memory requirement, computational and communication overhead. Hybrid Key Management scheme is an integration of symmetric and asymmetric based cryptography techniques which provides a node-to-node authentication and higher level of security when compared to existing key management scheme such as E–G and RSDTM.

3 Proposed Key Management Algorithm for WSNs

In the proposed hybrid key management scheme, key pre-distribution depends on ECC and a hash function. Before deploying sensor nodes, three offline and one online phase are performed, namely parameter selection for the elliptic curve, generation of unique seed key, identity-based key ring generation, key establishment, and mutual authentication phase. The edge device generate a unique seed key from the elliptic curve equation, which is preloaded to each sensor node, and a hash function is used on the seed key to generate the private key. Then, the generated key-ring and their corresponding identities are loaded into the sensor nodes memory. Once nodes are placed in the field, sensor nodes disseminate their ID to form common keys with other nodes. The nodes are mutually authenticated using their own identity of nodes without a huge communication overhead.

3.1 Parameter Selection for Elliptic Curve

Before sensor nodes deployment, the edge node generates the key pool using the Elliptic Curve Cryptography equation over an integer finite field. The elliptic curve parameters selection is vital in wireless sensor networks to reduce the number of links compromised by an attacker and improve network connectivity. The elliptic curve parameters \(p,\) a, and \(b\) are chosen where the value of prime number p should be greater than the total nodes deployed in the field. For example, if the number of nodes deployed in an area is 50, the prime number's value should be greater than 50 to improve the connectivity at the same time to increase the resilience.

3.2 Generation of Unique Keys

Unique keys are generated by edge node before sensor nodes are deployed in the area. Once the ECC equation's coefficients are chosen, the unique seed keys are produced for sensor nodes.

3.2.1 Key Pool Generation using ECC

Let the prime number \(p=59\) and let the constants \(a=1\) and \(b=1\). The first step is to verify the quadratic residue that:

$$4{a}^{3}+27{b}^{2}modp\ne 04{a}^{3}+27{b}^{2}modp =4\times {1}^{3}+27\times {1}^{2 }modp$$
$$4{a}^{3}+27{b}^{2}modp =4+27mod 43=31 mod 43$$
$$4{a}^{3}+27{b}^{2}modp =12\ne 0$$

Then find the quadratic residues \({{\varvec{Q}}}_{59}\) from the reduced set of residues \({Z}_{59} =\left\{\mathrm{1,2},3,\dots \dots .,\mathrm{57,58}\right\}\) as shown in Table 1.

Table 1 Quadratic residues of \(Q_{59}\)
Full size table

Therefore, the group of \(\frac{p-1}{2} =28\), the quadratic residues are

$${Q}_{59}=\{\mathrm{1,3},\mathrm{4,5},\mathrm{7,9},\mathrm{12,15,16,17,19,20,21,22,25},26,\mathrm{ 27,28,29,35},\mathrm{ 36,41,45,46,48,49,51,53,57}\}$$

\({y}^{2 }={x}^{3}+x+1\;mod\;\;\;59\) is computed and find out, if \({y}^{2}\) is in the group of quadratic residues \({Q}_{59}\) as shown in Table 2.The elliptic curve points \(\left.{E}_{p}\left(a,b\right)= {E}_{59 }(\mathrm{1,1}\right)\) are shown in Table 3.

Table 2 Quadratic residues of \({\text{y}}^{2} \in { }Q_{59}\)
Full size table
Table 3 Seed keys for \(E_{59 } \left( {1,1} \right)\)
Full size table

For the prime number p = 59, approximately 62 points are generated. Each unique elliptic curve point is stored in sensor node before deployment. Once unique elliptic curve point is assigned to sensor nodes, the private key-ring is generated using point doubling and addition operation.

3.3 Identity Based Key Ring Generation

In this proposed scheme, the key-ring selection depends on the node's ID, unique seed key, and hash function. The identity-based key-ring selection has more advantages compared to the pseudo-random sequence [20, 22]. During the key establishment phase, the node has to interchange its identity for peer nodes to obtain the shared key. This also provides legitimacy of the entity. In the pre-deployment phase, the edge computing device assigns a unique identifier \({ID}_{i}\), hash function\({h}_{j}\), and seed key \([u, v]\) to each sensor node.

The edge node randomly chooses ‘ \(m\)' other sensor nodes to generate the unique key-ring using a simple hash function and store the keys and their corresponding identities into the sensor node memory. The following Eq. 1 generates the key Ki.

$${\text{K}}_{{\text{i}}} = {\text{h}}_{{\text{j}}} ({\text{u}}_{{\text{i}}} ,{\text{v}}_{{\text{i}}} )$$
(1)

Consider an example as presented in Fig. 2, the sensor mote \({S}_{1}\) randomly selects three sensor nodes \({S}_{2},{S}_{6}\) and \({S}_{8}\) from the network and generates the key-ring \({K}_{2}, {K}_{6}\) and \({K}_{8}\) using a hash function on their corresponding seed key and load the key indices and ID of the sensor nodes in key-pool. Similarly, it stores \(\prime {\rm M}\prime\) pairs of key and ID in the key-ring, where \(m\) is the key-ring size.

Fig. 2
figure 2

Key predistribution of hybrid key management scheme

Full size image

3.4 Key Establishment and Mutual Authentication Phase

Once the keys are distributed, the sensor nodes are randomly disseminated in the field. In the initialization step, each sensor node shares its \({ID}_{i}\) and receives neighborhood nodes' ID.

Consider the nodes \({ID}_{j}\), which is in the range of sensor mote \({ID}_{i}\), verifying that the received \({ID}_{i}\) belongs to the key-ringstored in the sensor node before the deployment. If it is in their key-ring, it chooses a timestamp to avoid replay attack and shares the joint request message to the corresponding node \({ID}_{i}\). Once the sensor node \({ID}_{i}\) receives the joint request message, it computes \({C}^{^{\prime}}\) and verifies that \(C={C}^{^{\prime}}\). If \(C={C}^{^{\prime}}\), the node is mutually authenticated and generated the session key by computing \({S}_{k}={K}_{i}+{K}_{j}.\) There are two cases in the key establishment phase, namely the direct and indirect key establishment phase. The algorithm is explained as follows,

figure f

3.5 Case: 1 Direct key Establishment Between the Nodes

After sensor nodes are disseminated in the area, it broadcasts the unique ID and timestamp to the neighboring nodes within the broadcasting range. The sensor node which receives the neighbor information validates the timestamp to avoid the replay attack and checks the received identity as to whether it belongs to the key-ring or not. If the sensor node's identities belong to the key-ring, then it transmits \(C=h({k}_{1},{ID}_{1})\) where \({k}_{1}=h(\mathrm{1,6},{u}_{1},{v}_{1})\) and timestamp to node 1.

Node 1 receives the authentication message from node 6; it checks the timestamp and verifies its key-ring. If \({ID}_{6}\) belongs to the key-ring, \({SN}_{1}\) calculates the \({C}^{^{\prime}}=h({k}_{1},{ID}_{1})\) and verifies if \(C={C}^{^{\prime}}\), then it authenticates node 6 and computes the session key \({S}_{k}={K}_{1}\oplus {K}_{6}.\) Fig.3 shows the direct establishment of keys among the sensor nodes.

Fig. 3
figure 3

Direct key establishment between the nodes

Full size image

3.6 Case: 2 Indirect Key Establishments Between the Nodes

If the identity of the \({SN}_{1}\) does not belong to the key-ring, then the sensor node 6 computes \(D\) where \(D = h\left( {K_{6} , ID_{1} } \right)\) and shares it to the sensor node 1. The sensor node 1 verifies the identity of sensor node 6, and if it belongs to the key-ring, it verifies \(D^{\prime} = D\) and authenticates node 6. Node 1 computes \(^{\prime}m^{\prime},\) where \(m = E_{{K_{6} }} \left( {K_{1} } \right)\) and transmits the value of \(^{\prime}m^{\prime}\) and its identity to node 6. Node 6 decrypts the message with the help of \(K_{6}\) and obtains the \(K_{1} .\) Then the session key is formed by \(S_{k} = K_{1} \oplus K_{6} .\) Figure 4 shows the operation of indirect key establishment between the sensor nodes.

Fig. 4
figure 4

Indirect key establishment between the nodes

Full size image

3.7 Path Key Establishment

If the common key is not shared among the two nodes, it tries to establish a path key through an intermediate node using the same handshake protocol.

4 Performance Analysis of the Proposed Hybrid Approach

The proposed system's effectiveness has been analyzed theoretically with the help of storage requirements and communication costs. The proposed scheme's performance is analyzed with the help of the parameters such as the number of nodes in the network, keys in the key pool, and hop count.

4.1 Memory Storage Requirement Analysis

The storage requirement has been analyzed to evaluate the efficiency of the protocol. The metrics that describe the efficiency of storage are key ring size \(\left( r \right)\), length of the seed key (\(l_{s} )\), key identifier (\(l_{kID} )\), length of the key (\(l_{UK} )\), and the number of neighbors \(\left( v \right)\).

Table 4 shows the storage space required to store the key material in sensor nodes. The following metrics can assess the memory capacity required for the proposed scheme, namely the key-size as 160 bits long, node ID 2 bytes, key-ring size of 10, the memory required to store the key information for the HKMS is 202 bytes, whereas in E–G scheme it is 220 bytes [19] and for the RSDTMK 316 bytes [21, 22]. The proposed scheme's storage capacity is 18 bytes less compared to the E–G and 114 bytes compared to the RSDTMK scheme.

Table 4 Memory storage space required for shared key
Full size table

4.2 Communication Efficiency

In this proposed scheme, finding the key among two nodes requires one-hop communication between nodes as in E–G and RSDTMK; but the message's size is different for each scheme. In HKMS, once nodes are disseminated in the field, it initiates the communication by sending a hello message containing the node and timestamp's identifiers. The acknowledged message contains the node's identifier, neighbor node identifier, and Message Authentication Code (MAC) of the message \(\left( c \right)\).

Table 5. shows the comparison of communication efficiency of EG, RSDTMK and HKMS.Considering the \(l_{k} \left( {MAC} \right) = 16 byte\), \(l_{ID} = 2 byte, l_{SID} = 2 byte\), \(r = 10\) and in E–G \(l_{kID} = 2 byte\) and RSDTMK \(l_{kID} = 3 byte\), RSDTMK needs 43 bytes to establish a pairwise key, whereas in E–G scheme, 42 bytes and HKMS requires only 26 bytes to establish a secure key establishment. From this theoretical analysis, it is inferred that the proposed HKMS requires a smaller number of bytes to form a secure communication between the sensor nodes (Table 6).

Table 5 Communication efficiency
Full size table
Table 6 Simulation parameters and its value
Full size table

5 Simulation Results and Discussion

To assess the performance of the HKMS protocol, the NS 2.35 simulator has been used. The analysis is emphasized on the formation of the keys in the network. The definition of simulated parameters is as follows:

  • Reduced Memory Requirement: The key management scheme should be designed in such a way that the node should occupy less amount of memory to store the secret keying information and identity of the sensor nodes [20].

  • Communication Efficiency: For key establishment or updating, the amount of information exchanged among the neighbor nodes should be reduced in order to minimize energy consumption [11].

  • Computation: The number of computation should be reduced during key establishment [11].

  • Energy Efficiency: The number of message exchanged between the sensor nodes during the key establishment phase is reduced to minimize the energy consumption [11].

  • Key Connectivity: The probability of secure link formed between the two sensor nodes. The probability of establishing the shared keys between the sensor nodes should be maximized [9].

  • Resilience: Resilience is the resistance of sensor nodes against node capture attack. If an attacker compromises the legitimate node, the secret key information stored in the node should be confident [9].

Generally, the key establishment schemes are focused only on the generation and establishment of keys which does not provide mutual authentication and key exchange among the sensor nodes. The proposed key management's performance is analyzed in terms of resilience, connectivity/channel existence of the network, network availability, broadcast delay, and energy consumption. The simulation parameters used to assess HKMS, E–G and RSDTMK are given in Table 3.

5.1 Connectivity Analysis for HKMS with E–G and RSDTMK

The connectivity is the establishment of a communication channel among two sensor nodes when they share a minimum of one key. The probability of secure link establishment among the two nodes [18] can be defined by Eq. 2,

$$P\left( {i,j} \right) = \left( {\left( {\left( {K_{s} - m} \right)/m} \right)/\left( {K_{s} /m} \right)} \right)$$
(2)

The probability of link established between the sensor nodes in the network depends on the value of \(K_{s}\) and m; where \(K_{s}\) is key size and m is key-ring size. The value of m is the same for all the sensor nodes. Figure 5 shows that the probability of the link exists between the nodes disseminated in the network. From the resulting output, it is inferred that 100% of connectivity is achieved by the proposed scheme for the key-ring size of 10 whereas in E–G and RSDTMK were 10% and 80%, respectively for key-ring size of 10. The simulated results indicate that the proposed HKMS scheme increases 80% and 10% of connectivity compared with E–G and RSDTMK.

Fig. 5
figure 5

Connectivity analysis of HKMS with E–G and RSDTMK

Full size image

5.2 Comparison of Resilience for HKMS with E–G and RSDTMK

The resilience is defined as the ability to reduce the compromising of secret key materials loaded in the sensor nodes. Assuming that the link between sensor \(i\) and \(j\) is under the attack, the attacker compromises the link form a union \(A = \left\{ {a_{1} , \ldots a_{n} } \right\}\) of \(a > 0\) means compromised sensor nodes.

The probability of key sharing among the node \(i\) and \(j\) is not present in the set \(A\) [22] is given by Eq. 3,

$$\overline{\Pr } \left( {S_{i,j} } \right) = \Pr \left[ {\left( {m^{1}_{i} \in m_{j} \wedge m^{1}_{i} \notin A} \right) \vee \ldots \ldots \ldots .\left( {m^{k}_{i} \in m_{j} \wedge m^{k}_{i} \notin A} \right)} \right]$$
(3)

The probability of the coalition of \(k\) trials can be given by Eq. 4,

$$\Pr \left( {S_{i,j} } \right) = 1 - \mathop \sum \limits_{s = 1}^{k} \left( { - 1} \right)^{s + 1} \left( {\begin{array}{*{20}c} k \\ s \\ \end{array} } \right)\left( {\left( {\begin{array}{*{20}c} {p - s} \\ {k - s} \\ \end{array} } \right)/\left( {\begin{array}{*{20}c} p \\ m \\ \end{array} } \right)} \right)\left( {\left( {\begin{array}{*{20}c} {p - s} \\ {k - s} \\ \end{array} } \right)/\left( {\begin{array}{*{20}c} p \\ m \\ \end{array} } \right)} \right)^{a}$$
(4)

Figure 6 shows the probability of compromising a linkage between the sensor nodes by an attacker for different values of \(p,a\) and \(m\) and the network secured by the proposed method compared to the basic E–G and RSDTMK schemes. The simulation results show that the proposed scheme decreases the probability of links compromised between sensor nodes by 39% compared to the existing schemes.

Fig. 6
figure 6

Resilience analysis of HKMS with E–G and RSDTMK

Full size image

In the E–G scheme, the attacker compromised 50% of a communication link in the network by capturing 10 sensor nodes that are minimal resistant to node capture attack. When the invader/attacker captures 50 to 60 nodes, the whole network is thoroughly compromised. In the proposed approach, the invader requires capturing more sensor nodes to compromise the link between the nodes. It provides more resistance against node capture attack even though the attacker knows the key-ring compromised node's key-ring. The key pool reconstruction is not possible because the key-rings are generated by one way hash function. In the initialization phase, the sensor node broadcasts its identity instead of sharing the seed key stored in the key-ring. The proposed HKMS abides against the node capture attack and provides mutual authentication between the sensor nodes.

5.3 Analysis of Energy Consumption for HKMS with E–G and RSDTMK

Energy consumption is referred to as the total quantities of energy drained by the nodes in the wireless sensor network to establish a common key by performing computation and broadcasting the key information related to the key establishment.

The decisive factor of communication consumption is the message's size being transmitted or broadcasted to form a key between sensor nodes. The energy consumed by each protocol to establish a shared key is shown in Fig. 7. The simulated results concluded that energy consumption for HKMS conserves30.67% of transmission energy compared to the existing E–G and RSDTMK scheme.

Fig. 7
figure 7

Comparison of transmission energy consumption of HKMS with existing schemes

Full size image

5.4 Comparison of Packet Broadcast Delay for HKMS with Existing Schemes

The broadcast delay is an important problem for critical event monitoring in WSNs. Figure 8 shows the broadcast delay of the sensor nodes in the network. The proposed protocol broadcast delay is 13.07% lesser than the existing scheme. It requires minimum time delay to establish a key between the neighbor nodes. Each node requires only broadcasting its identity during the key establishment phase. The proposed protocol reduces the time delay and the number of packets needed to communicate with neighboring sensor nodes for establishing a session key.

Fig. 8
figure 8

Packet broadcast delay analysis of HKMS with E–G and RSDTMK

Full size image

The proposed HKM scheme is compared with the E–G scheme [18] and RSDTMK Scheme [20] for the above-discussed metrics. The performance values are tabulated in Table 7. From Table 7, it is inferred that the performance of HKMS is better when compared to E–G and RSDTMK. The 100% of connectivity is achieved by proposed method as compared to the E–G and RSDTMK for key size of 10. The proposed Hybrid key management decreases the probability of link compromised between the sensor nodes by 9% than the existing scheme. The attacker has to capture more number of sensor nodes to compromise the link between the nodes. It provides more resilience against node capture attack even though the attacker knows the key-ring stored in the compromised node. The reconstruction of key pool is not possible because the key-rings are generated by one way hash function. The energy consumption for proposed hybrid key management is conserves 30.67% of transmission energy compared to the existing E–G and RSDTMK scheme due to less communication cost. The broadcast delay is 13.07% lesser than the existing scheme. It requires minimum time delay to establish a key between the neighbor nodes. Each node needs to broadcast only their identity during key establishment phase. The proposed protocol minimizes the time delay and number of packets need to communicate with neighbor sensor nodes to establish a session key.

Table 7 Comparison of different techniques with respect to various parameters
Full size table

6 Conclusions

In this paper, the edge nodes are deployed for key predistribution in Wireless sensor networks. The novel hybrid key management scheme for WSNs along with edge node to pre-distribute and establish the secure and authenticated communication link between the nodes using symmetric and asymmetric key cryptography has been proposed. The hybrid scheme incorporates the advantages of ECC based key pre-distribution scheme with a hash function and shared key between the nodes, which can be achieved by broadcasting the node's identity without sharing the key materials. The proposed Hybrid Key Management scheme conserves 30.67% of transmission energy and broadcast delay is 13.07% lesser than the existing scheme. The HKMS increases the connectivity and the probability of link compromise between the sensor nodes decreased by 39% than the existing methods. The performance study of the proposed key management scheme shows that the link formation between the nodes increases, provides mutual authentication among the nodes, and resists against node capture attack compared to the basic E–G and RSDTMK scheme. However, to effectively reduce the latency to determine the rekeying material present at locally at edge or in cloud as well as to increase the lifetime of WSNs with less energy consumption, the WSNs necessitates the federated learning mechanism. Another promising direction for further extending the proposed method is to by implementing federated learning algorithm at edge node to aggregate the data receives from each sensor node and updates the global data to cloud.