Secure Key Management and Mutual Authentication Protocol for Wireless Sensor Network by Linking Edge Devices using Hybrid Approach

Wireless Sensor Networks (WSNs) play a crucial role in developing the Internet of Things (IoT) by collecting data from hostile environments like military and civil domains with limited resources. IoT devices need edge devices to perform real-time processing without compromising the security with the help of key management and authentication schemes. The above applications are prone to eavesdropper due to cryptographic algorithms' weaknesses for providing security in WSNs. The security protocols for WSNs are different from the traditional networks because of the limited resource of sensor nodes. Existing key management schemes require large key sizes to provide high-security levels, increasing the computational and communication cost for key establishment. This paper proposes a Hybrid Key Management Scheme for WSNs linking edge devices which use Elliptic Curve Cryptography (ECC) and a hash function to generate key pre-distribution keys. The Key establishment is carried out by merely broadcasting the node identity. The main reason for incorporating a hybrid approach in the key pre-distribution method is to achieve mutual authentication between the sensor nodes during the establishment phase. The proposed method reduces computational complexity with greater security and the proposed scheme can be competently applied into resource constraint sensor nodes.


Introduction
Wireless Sensor Networks (WSNs) have been used in numerous fields like monitoring hostile environments, armed and civil domains in a short span of time. The sensor nodes are highly resource constrained in terms of energy, memory, transmission range, communication and computational capability. Compared to all these resources, energy is considered as an important factor to increase the lifetime of the network. The sensor nodes are deployed in hostile environment which are powered by battery and thus have limited energy.

3
MICA2 mote [2][3][4][5] consists of microcontroller 8 bit AT Mega 128L, 250 Kbits/s data rate, 512Kbyte flash memory and 3.3 V on board battery with 2A-hr capacity. For MICA2 mote, size of battery is 3.3 V which should be used efficiently. A sensor node consists of both volatile and non-volatile memory with reduced memory size. The Sensor node information such as node Identity (ID), routing table information, security related data and program are stored in non-volatile memory. Due to the limited memory size, the program and application specific information must not be overloaded. The transceiver consumes more energy compared to all other operation of sensor nodes. While designing protocols for wireless sensor networks, the number of message transmission between the nodes should be minimized to attain the goal without negotiating the objectives of the WSNs.
With the rapid increase of IoT applications and their demands the cloud computing has been used to satisfy the needs of IoT. To addresses the challenges of using cloud computing for IoT, the edge computing has been introduced. The edge computing devices are installed near to the WSNs which usually one hops away. Edge computing for WSNs is a shows potential framework which supports low powered sensor networks to perform complex computational tasks. The general architecture of edge linked wireless sensor network architecture is shown in Fig. 1. As compared with traditional WSN system architectures, the proposed edge computing based architecture reduces the response time as well as bandwidth between the wireless sensor networks and cloud. The edge layer is physically close to WSNs.
The edge device has less capacity than cloud servers; still it handles a significant function of IoT demands. The edge node improves response time, privacy and reduces consumption of bandwidth [6][7][8]42]. Some function of sensor nodes are to be outsourced to edge servers in the edge architecture, the secure communication must be ensured between sensor nodes and edge node. The cloud servers are more powerful which spend high resources for security [9,10,43]. In recent years, the edge computing has proved an effective assistance for WSNs. Therefore the security solutions proposed for cloud servers are not suitable for edge and sensor networks.  [18,32] based key predistribution schemes is that the keys are generated directly using ECC and pre-distributed into the sensor node. This increases communication costs and the requirement of memory. The key establishment between the sensor nodes is not addressed in the existing ECC-based key pre-distribution scheme.
• The Random Seed Distribution with Transitory Master Key scheme (RSDTM) [21,22] is the Random Seed Distribution's major limitation because a node cannot establish a shared key after a certain time. If an adversary captures anode's master key, then the entire network can be compromised by an attacker. • In E-G scheme [19], the sensor nodes need to store a vast number of keys to increase sensor networks' connectivity. However, it provides neither authentication nor key revoking between sensor nodes. Moreover, the scheme requires more memory for key storage.
This paper's main contribution is to overcome the above limitations; the proposed key management Scheme for WSNs linked edge node to reduce memory requirement, computational and communication overhead. The edge node is used to generate a unique key seed key from elliptic curve and shared with sensor nodes. It integrates both the cryptography techniques to achieve a high level of security and improves a node-to-node authentication compared to the existing key management scheme such as E-G and RSDTM.
The structure of the paper is arranged as follows: Sect. 2 reviews the related works of existing security schemes for WSNs. Section 3 explains the proposed scheme by integrating the authentication and secure key establishment using a hybrid approach. Section 4 describes the theoretical investigation of the proposed scheme. Section 5 reviews the simulation result and analysis of the proposed method. Section 6 summarizes the proposed method.

Related Works
The advantage of combining IoT with Edge servers are discussed in [44]. The processing of large volume of real-time data poses significant challenges in large scale IoT system. The above challenges are addressed with the help of edge computing [45] in resource constrained IoT nodes. Zhiwei Zhao et al. [46], addressed the challenges of deploying edge node in large scale IoT.
Generally key management plays vital role to provide security in any network [46][47][48]. In edge computing infrastructure, the key management scheme allows the nodes to establish a pairwise key to perform secure communication. The key management scheme for edge computing is attracting the attention of many researchers in recent years.
Eschenaueret al. [19] proposed the key management scheme based on the probabilistic method for WSNs. E-G scheme is depending on a random graph structure. This scheme is specially offered for wireless sensor networks. Most of the research work for WSNs is a framework of E-G methods. The major limitation of E-G scheme is no authentication, poor connectivity and periodic key refreshing is not done. The key should be refreshed periodically in order to overcome node compromised attacks. It does not support clustering operations to minimize the consumption of energy. The Q-composite method is the extension of EG-Scheme. The sensor nodes' network resilience is improved by using more keys instead of a single key in the EG scheme. The main advantage of this scheme is improved the resilience of network against node compromise attack. However, this scheme is more susceptible to attack once more numbers of nodes are compromised.
The pair wise key is generated by Blom's scheme [20]. The pairwise key is established among neighboring nodes in the network. It uses the threshold property to attain high resilience. The attacker needs to capture more nodes (i.e., greater than the threshold value) to capture the whole network. When the threshold value increases, the storage space required to hoard the keys also increases. To secure the WSNs, several key management schemes have been suggested [21][22][23][24][25][26][27][28][29][30].
The symmetric pre-distribution scheme offers security efficiently but not appropriate for the unfriendly environment. Gandino et al. [21,22] proposed a Random Seed Distribution with Transitory Master Key scheme (RSDTMK),in which the seed keys are stored inside the sensor nodes instead of plain keys. In the initialization phase, the node generates the pairwise key using the master key within the activated time period. The main limitation of this scheme is the key cannot be generated after the time-out period. If the attacker compromised the master key, eavesdrop on the entire key information within the initialization phase and discovers the entire pairwise key shared between the nodes.
Public key cryptography plays an important role in cryptographic techniques [31][32][33][34]. It has a private and public key. The key size of public-key cryptography needs to be high to offer a high level of security. The direct implementation of public-key techniques is not suitable for resource constraint sensor nodes.
Many research works have been carried out on resource constraint network using publickey cryptography. Asymmetric key cryptography techniques need to perform more computation for encryption and decryption operation. It needs more computational power and processing time for performing the operation. Rivest Shamir Adleman (RSA) algorithm uses 512 to 2048 bits as key size. Many research works [35][36][37][38][39] have been carried on Elliptic Curve Cryptography using 8-bit CPUs. As compared to RSA, the key size of ECC is small. TinyOS key pre-distribution method is depends on ECC. For the RSA algorithm, the key size is 1024 bits, whereas for ECC, the key size is 160 bits for secure communication.
The elliptic curve cryptography based key pre-distribution scheme [40,41] is proposed for WSNs. The keys are generated by performing a point doubling operation. It offers high connectivity as well as resilience for the resource constraint nature of sensor nodes. This scheme's limitation is the plain keys (ECC points)are pre-distributed into the sensor node. The author did not address the issue of how the sensor nodes have established the key among the sensor nodes, and communication overhead is high. Du et al. [32] demonstrated routing-driven key management scheme using elliptic curve cryptography for WSN. This scheme's performance is carried out in heterogeneous sensor networks to achieve highlevel security in WSNs. It establishes shared keys with neighbor nodes using ECC based digital signature.
The approaches above for WSNs emphasize the distribution of key between the sensor nodes and not on node-to-node authentication. Thus, in this paper, the hybrid key management scheme method is proposed by linking edge devices along with sensor nodes to provide authentication between nodes and reduce storage space, computational and communication overhead. The following are the limitations imposed by the existing key predistribution scheme based on symmetric and asymmetric cryptographic techniques: • The major limitation of ECC based key pre-distribution scheme [30] is the keys that are generated directly and pre-distributed into the sensor node. The key establishment between the sensors nodes are not addressed in existing ECC based key pre-distribution scheme. Due to direct implementation of ECC, it increases memory requirement and communication overhead during the key establishment between the sensor nodes.

3
• The major limitation of Random Seed Distribution with Transitory Master Key scheme (RSDTM) [21,22] is after the time out period a node cannot generate the shared key.
If the adversary captured a master key of sensor node using the captured information entire network can be easily compromised by an attacker. • E-G scheme [19] needs more memory to achieve high connectivity and resilience.
There is no authentication process and key revoking between the sensor nodes. The pre-distribution of secret key over the large scale network is not feasible due to more number of keys need to be stored in sensor nodes to achieve high connectivity.
To overcome the above limitations, Hybrid Key Management Scheme is proposed for WSNs by linking edge computing node which will reduce memory requirement, computational and communication overhead. Hybrid Key Management scheme is an integration of symmetric and asymmetric based cryptography techniques which provides a node-to-node authentication and higher level of security when compared to existing key management scheme such as E-G and RSDTM.

Proposed Key Management Algorithm for WSNs
In the proposed hybrid key management scheme, key pre-distribution depends on ECC and a hash function. Before deploying sensor nodes, three offline and one online phase are performed, namely parameter selection for the elliptic curve, generation of unique seed key, identity-based key ring generation, key establishment, and mutual authentication phase. The edge device generate a unique seed key from the elliptic curve equation, which is preloaded to each sensor node, and a hash function is used on the seed key to generate the private key. Then, the generated key-ring and their corresponding identities are loaded into the sensor nodes memory. Once nodes are placed in the field, sensor nodes disseminate their ID to form common keys with other nodes. The nodes are mutually authenticated using their own identity of nodes without a huge communication overhead.

Parameter Selection for Elliptic Curve
Before sensor nodes deployment, the edge node generates the key pool using the Elliptic Curve Cryptography equation over an integer finite field. The elliptic curve parameters selection is vital in wireless sensor networks to reduce the number of links compromised by an attacker and improve network connectivity. The elliptic curve parameters p, a, and b are chosen where the value of prime number p should be greater than the total nodes deployed in the field. For example, if the number of nodes deployed in an area is 50, the prime number's value should be greater than 50 to improve the connectivity at the same time to increase the resilience.

Generation of Unique Keys
Unique keys are generated by edge node before sensor nodes are deployed in the area. Once the ECC equation's coefficients are chosen, the unique seed keys are produced for sensor nodes.

Key Pool Generation using ECC
Let the prime number p = 59 and let the constants a = 1 and b = 1 . The first step is to verify the quadratic residue that: Then find the quadratic residues Q 59 from the reduced set of residues Z 59 = {1, 2, 3, … … ., 57, 58} as shown in Table 1.
Therefore, the group of p−1 2 = 28 , the quadratic residues are is computed and find out, if y 2 is in the group of quadratic residues Q 59 as shown in Table 2.The elliptic curve points E p (a, b) = E 59 (1, 1 are shown in Table 3.
For the prime number p = 59, approximately 62 points are generated. Each unique elliptic curve point is stored in sensor node before deployment. Once unique elliptic curve point is assigned to sensor nodes, the private key-ring is generated using point doubling and addition operation.

Identity Based Key Ring Generation
In this proposed scheme, the key-ring selection depends on the node's ID, unique seed key, and hash function. The identity-based key-ring selection has more advantages compared to the pseudo-random sequence [20,22]. During the key establishment phase, the node has to interchange its identity for peer nodes to obtain the shared key. This also provides legitimacy of the entity. In the pre-deployment phase, the edge computing device assigns a unique identifier ID i , hash functionh j , and seed key [u, v] to each sensor node.  The edge node randomly chooses ' m ' other sensor nodes to generate the unique keyring using a simple hash function and store the keys and their corresponding identities into the sensor node memory. The following Eq. 1 generates the key Ki.
Consider an example as presented in Fig. 2, the sensor mote S 1 randomly selects three sensor nodes S 2 , S 6 and S 8 from the network and generates the key-ring K 2 , K 6 and K 8 using a hash function on their corresponding seed key and load the key indices and ID of the sensor nodes in key-pool. Similarly, it stores ′M′ pairs of key and ID in the keyring, where m is the key-ring size.

Key Establishment and Mutual Authentication Phase
Once the keys are distributed, the sensor nodes are randomly disseminated in the field. In the initialization step, each sensor node shares its ID i and receives neighborhood nodes' ID.
Consider the nodes ID j , which is in the range of sensor mote ID i , verifying that the received ID i belongs to the key-ringstored in the sensor node before the deployment. If it is in their key-ring, it chooses a timestamp to avoid replay attack and shares the joint request message to the corresponding node ID i . Once the sensor node ID i receives the joint request message, it computes C ′ and verifies that C = C � . If C = C � , the node is mutually authenticated and generated the session key by computing S k = K i + K j . There are two cases in the key establishment phase, namely the direct and indirect key establishment phase. The algorithm is explained as follows,

Case: 1 Direct key Establishment Between the Nodes
After sensor nodes are disseminated in the area, it broadcasts the unique ID and timestamp to the neighboring nodes within the broadcasting range. The sensor node which receives the neighbor information validates the timestamp to avoid the replay attack and checks the received identity as to whether it belongs to the key-ring or not. If the sensor node's identities belong to the key-ring, then it transmits C = h(k 1 , ID 1 ) where k 1 = h(1, 6, u 1 , v 1 ) and timestamp to node 1.
Node 1 receives the authentication message from node 6; it checks the timestamp and verifies its key-ring. If ID 6 belongs to the key-ring, SN 1 calculates the C � = h(k 1 , ID 1 ) and verifies if C = C � , then it authenticates node 6 and computes the session key S k = K 1 ⊕ K 6 . Fig.3 shows the direct establishment of keys among the sensor nodes.

Case: 2 Indirect Key Establishments Between the Nodes
If the identity of the SN 1 does not belong to the key-ring, then the sensor node 6 computes D where D = h K 6 , ID 1 and shares it to the sensor node 1. The sensor node 1 verifies the identity of sensor node 6, and if it belongs to the key-ring, it verifies D � = D and authenticates node 6. Node 1 computes ′ m ′ , where m = E K 6 K 1 and transmits the value of ′ m ′ and its identity to node 6. Node 6 decrypts the message with the help of K 6 and obtains the K 1 . Then the session key is formed by S k = K 1 ⊕ K 6 . Figure 4 shows the operation of indirect key establishment between the sensor nodes.

Path Key Establishment
If the common key is not shared among the two nodes, it tries to establish a path key through an intermediate node using the same handshake protocol.

Performance Analysis of the Proposed Hybrid Approach
The proposed system's effectiveness has been analyzed theoretically with the help of storage requirements and communication costs. The proposed scheme's performance is analyzed with the help of the parameters such as the number of nodes in the network, keys in the key pool, and hop count.

Memory Storage Requirement Analysis
The storage requirement has been analyzed to evaluate the efficiency of the protocol. The metrics that describe the efficiency of storage are key ring size (r) , length of the seed key ( l s ) , key identifier ( l kID ) , length of the key ( l UK ) , and the number of neighbors (v). Table 4 shows the storage space required to store the key material in sensor nodes. The following metrics can assess the memory capacity required for the proposed scheme, namely the key-size as 160 bits long, node ID 2 bytes, key-ring size of 10, the memory required to store the key information for the HKMS is 202 bytes, whereas in E-G scheme it is 220 bytes [19] and for the RSDTMK 316 bytes [21,22]. The proposed scheme's storage capacity is 18 bytes less compared to the E-G and 114 bytes compared to the RSDTMK scheme.

Communication Efficiency
In this proposed scheme, finding the key among two nodes requires one-hop communication between nodes as in E-G and RSDTMK; but the message's size is different for each scheme. In HKMS, once nodes are disseminated in the field, it initiates the communication by sending a hello message containing the node and timestamp's identifiers. The acknowledged message contains the node's identifier, neighbor node identifier, and Message Authentication Code (MAC) of the message (c).   Table 5. shows the comparison of communication efficiency of EG, RSDTMK and HKMS.Considering the l k (MAC) = 16byte , l ID = 2byte, l SID = 2byte , r = 10 and in E-G l kID = 2byte and RSDTMK l kID = 3byte , RSDTMK needs 43 bytes to establish a pairwise key, whereas in E-G scheme, 42 bytes and HKMS requires only 26 bytes to establish a secure key establishment. From this theoretical analysis, it is inferred that the proposed HKMS requires a smaller number of bytes to form a secure communication between the sensor nodes (Table 6).

Simulation Results and Discussion
To assess the performance of the HKMS protocol, the NS 2.35 simulator has been used. The analysis is emphasized on the formation of the keys in the network. The definition of simulated parameters is as follows: • Reduced Memory Requirement: The key management scheme should be designed in such a way that the node should occupy less amount of memory to store the secret keying information and identity of the sensor nodes [20]. • Communication Efficiency: For key establishment or updating, the amount of information exchanged among the neighbor nodes should be reduced in order to minimize energy consumption [11]. • Computation: The number of computation should be reduced during key establishment [11]. • Energy Efficiency: The number of message exchanged between the sensor nodes during the key establishment phase is reduced to minimize the energy consumption [11]. • Key Connectivity: The probability of secure link formed between the two sensor nodes.
The probability of establishing the shared keys between the sensor nodes should be maximized [9]. • Resilience: Resilience is the resistance of sensor nodes against node capture attack. If an attacker compromises the legitimate node, the secret key information stored in the node should be confident [9].
Generally, the key establishment schemes are focused only on the generation and establishment of keys which does not provide mutual authentication and key exchange among the sensor nodes. The proposed key management's performance is analyzed in terms of resilience, connectivity/channel existence of the network, network availability, broadcast delay, and energy consumption. The simulation parameters used to assess HKMS, E-G and RSDTMK are given in Table 3.

Connectivity Analysis for HKMS with E-G and RSDTMK
The connectivity is the establishment of a communication channel among two sensor nodes when they share a minimum of one key. The probability of secure link establishment among the two nodes [18] can be defined by Eq. 2, The probability of link established between the sensor nodes in the network depends on the value of K s and m; where K s is key size and m is key-ring size. The value of m is the same for all the sensor nodes. Figure 5 shows that the probability of the link exists between the nodes disseminated in the network. From the resulting output, it is inferred that 100% of connectivity is achieved by the proposed scheme for the key-ring size of 10 whereas in E-G and RSDTMK were 10% and 80%, respectively for key-ring size of 10. The simulated results indicate that the proposed HKMS scheme increases 80% and 10% of connectivity compared with E-G and RSDTMK.

Comparison of Resilience for HKMS with E-G and RSDTMK
The resilience is defined as the ability to reduce the compromising of secret key materials loaded in the sensor nodes. Assuming that the link between sensor i and j is under the attack, the attacker compromises the link form a union A = a 1 , … a n of a > 0 means compromised sensor nodes. The probability of key sharing among the node i and j is not present in the set A [22] is given by Eq. 3, The probability of the coalition of k trials can be given by Eq. 4, Figure 6 shows the probability of compromising a linkage between the sensor nodes by an attacker for different values of p, a and m and the network secured by the proposed method compared to the basic E-G and RSDTMK schemes. The simulation results show that the proposed scheme decreases the probability of links compromised between sensor nodes by 39% compared to the existing schemes.
In the E-G scheme, the attacker compromised 50% of a communication link in the network by capturing 10 sensor nodes that are minimal resistant to node capture attack. When the invader/attacker captures 50 to 60 nodes, the whole network is thoroughly compromised. In the proposed approach, the invader requires capturing more sensor nodes to compromise the link between the nodes. It provides more resistance against node capture attack even though the attacker knows the key-ring compromised node's key-ring. The key pool reconstruction is not possible because the key-rings are generated by one way hash function. In the initialization phase, the sensor node broadcasts its identity instead of sharing the seed key stored in the key-ring. The proposed HKMS abides against the node capture attack and provides mutual authentication between the sensor nodes. Fig. 6 Resilience analysis of HKMS with E-G and RSDTMK 1 3

Analysis of Energy Consumption for HKMS with E-G and RSDTMK
Energy consumption is referred to as the total quantities of energy drained by the nodes in the wireless sensor network to establish a common key by performing computation and broadcasting the key information related to the key establishment. The decisive factor of communication consumption is the message's size being transmitted or broadcasted to form a key between sensor nodes. The energy consumed by each protocol to establish a shared key is shown in Fig. 7. The simulated results concluded that energy consumption for HKMS conserves30.67% of transmission energy compared to the existing E-G and RSDTMK scheme.

Comparison of Packet Broadcast Delay for HKMS with Existing Schemes
The broadcast delay is an important problem for critical event monitoring in WSNs. Figure 8 shows the broadcast delay of the sensor nodes in the network. The proposed protocol broadcast delay is 13.07% lesser than the existing scheme. It requires minimum time delay to establish a key between the neighbor nodes. Each node requires only broadcasting its identity during the key establishment phase. The proposed protocol reduces the time delay and the number of packets needed to communicate with neighboring sensor nodes for establishing a session key.
The proposed HKM scheme is compared with the E-G scheme [18] and RSDTMK Scheme [20] for the above-discussed metrics. The performance values are tabulated in Table 7. From Table 7, it is inferred that the performance of HKMS is better when compared to E-G and RSDTMK. The 100% of connectivity is achieved by proposed method as compared to the E-G and RSDTMK for key size of 10. The proposed Hybrid key management decreases the probability of link compromised between the sensor nodes by 9% than the existing scheme. The attacker has to capture more number of sensor nodes to compromise the link between the nodes. It provides more resilience against node capture attack even though the attacker knows the key-ring stored in the compromised node. The reconstruction of key pool is not possible because the key-rings are generated by one way Fig. 7 Comparison of transmission energy consumption of HKMS with existing schemes hash function. The energy consumption for proposed hybrid key management is conserves 30.67% of transmission energy compared to the existing E-G and RSDTMK scheme due to less communication cost. The broadcast delay is 13.07% lesser than the existing scheme. It requires minimum time delay to establish a key between the neighbor nodes. Each node needs to broadcast only their identity during key establishment phase. The proposed protocol minimizes the time delay and number of packets need to communicate with neighbor sensor nodes to establish a session key.

Conclusions
In this paper, the edge nodes are deployed for key predistribution in Wireless sensor networks. The novel hybrid key management scheme for WSNs along with edge node to pre-distribute and establish the secure and authenticated communication link between the nodes using symmetric and asymmetric key cryptography has been proposed. The hybrid scheme incorporates the advantages of ECC based key pre-distribution scheme with a hash function and shared key between the nodes, which can be achieved by broadcasting the node's identity without sharing the key materials. The proposed Hybrid Key Management scheme conserves 30.67% of transmission energy and broadcast delay is 13.07% lesser than the existing scheme. The HKMS increases the connectivity and the probability of link compromise between the sensor nodes decreased by 39% than  the existing methods. The performance study of the proposed key management scheme shows that the link formation between the nodes increases, provides mutual authentication among the nodes, and resists against node capture attack compared to the basic E-G and RSDTMK scheme. However, to effectively reduce the latency to determine the rekeying material present at locally at edge or in cloud as well as to increase the lifetime of WSNs with less energy consumption, the WSNs necessitates the federated learning mechanism. Another promising direction for further extending the proposed method is to by implementing federated learning algorithm at edge node to aggregate the data receives from each sensor node and updates the global data to cloud. Dr. Shashi Bhushan is an Assistant Professor in University of Petroleum and Energy Studies. He received the B.E. from University of Rajasthan, India and M. Tech degree in computer science from the Amity University Rajasthan in 2013 and the Ph.D. degree in computer science and engineering from in 2020. He has held a 9 years of university level teaching experience in computer science. He has several patents in the area of IoT. He has had many published articles in IEEE, Springer. He has organized, technical member and publicity chair of several international conferences. Area of research include wireless sensor network, internet of things.