A Fine-Grained Data Access Control System in Wireless Sensor Network

The evolving realities of Wireless Sensor Network (WSN) deployed to various terrain of life require serving multiple applications. As large amount of sensed data are distributed and stored in individual sensors nodes, the illegal access to these sensitive data can be devastating. Consequently, data insecurity becomes a big concern. This study, therefore, proposes a fine-grained access control system which only requires the right set of users to access a particular data, based on their access privileges in the sensor networks. It is designed using Priccess Protocol with Access policy formulation adopting the principle of Bell Lapadula model as well as Attribute-Based Encryption (ABE) to control access to sensor data. The functionality of the proposed system is simulated using Netbeans. The performance analysis of the proposed system using execution time and size of the key show that the higher the key size, the harder it becomes for the attacker to hack the system. Additionally, the time taken for the proposed work is lesser which makes the work faster than the existing work. Consequently, a well secure interactive web-based application that could facilitates the field officers access to stored data in safe and secure manner is developed.


Introduction
A wireless sensor network (WSN) can be generally described as a network of nodes that cooperatively sense and may control the environment enabling interaction between persons or computers and the surrounding environment.WSNs usually consist of a large number of sensor nodes that can be easily deployed to various terrains of interest to sense the environment.WSNs can be used in wide range of applications, such as military, health and weather forecast.While the main purpose of deploying wireless sensor network (WSN) is to monitor the physical world and provide observations for various applications.As WSNs are usually deployed in an environment that is vulnerable to many security attacks, it is crucial to control the access to the sensor nodes (e.g.reading the sensor data), especially when there are many users in the system.Moreover, different users may have different access privileges, in the case of WSN deployed in the battlefield, a soldier only need to access the data related to his mission, but higher rank officer often requires information gathering for overall monitoring and therefore should have more information access privilege than a soldier, (Buratti et al, 2009;Tubaishat, Madria, 2003, Hac, 2003).
The emerging reality of WSNs developed as long-lived infrastructure required to serve multiple applications necessitates the development of fine-grained security support.Sensor nodes participation in multiple concurrent applications requires access control per-application basis (Matthys et al, 2010).According to Lou et al, (2006), data security naturally becomes a big concern due to very large amount of sensed data distributed and stored in the individual sensor nodes.Moreover, in mission-critical application scenarios various types of data generated by all kind of sensors may belong to different security levels, and thus are meant to be accessed only by selected users.The application is compromised if the access control is not properly enforced.Varieties of security solutions of deployed WSNs have been proposed in literatures, these provide some levels of access control by using different types of authentication schemes comprising digital signatures, hash functions and symmetric keying.However, each of these approaches operates at a coarse-grained level, as they provide a level of entity authentication which considers complete nodes as endpoint, meaning that it consist of fewer, larger components than fine-grained system.(Matthys et al, 2010).Object composition based on Object references is coarse grained while object composition is based on attributes is fine-grained (Yu et al, 2010, Lou et al, 2006).Some common security aspects such as confidentiality and integrity are also desired in any other WSNs security scheme.With respect to data access control in WSNs to provide finegrained data access control, the system provides a strategy that is able to precisely specify the capability of different kind of users to access sensor data of different types of security level, collision resistance, sensor compromised resistance and backward secrecy.
In a very large scale WSN, transmitted data in sensors is via wireless communication, mechanisms to prevent unauthorized users from interfering on the transmitted information or introducing data into the network have to put in place since the main aim is only to protect the sensitive nodes data been hack by the hackers.Sushmita et al, (2011) identify most popular threat which includes: insider and outsider threat, passive and active threat, and user might collude and try to gain access to unauthorized data.In view of these, access control is put in place to curb the unauthorized users and which must satisfied these requirements: user authentication, node compromised tolerance, limit access privileges, efficiency, and integrity.

Literature review
In WSN, nodes monitored given field (an area or a volume) are through wireless links.The data is forwarded, possibly via multiple hops, to a sink (controller or monitor) that can use it locally or is connected to other networks (the Internet) through a gateway.The nodes can be stationary or moving; and can be aware of their locations or not.They can also be homogenous or not, (Buratti et al, 2009).Each individual nodes must be designed to provide the set of primitives necessary to synthesize the interconnected web that emerges as they are deployed, while meeting strict requirements of sizes, cost and power consumption, (Jason, 1998;Lewis, 2004;Cook and Das, 2004).Fig. 1 shows a typical WSN scenario.(Lewis, 2004) The three categories of sensor nodes are: (i) Passive, Omni Directional Sensors (ii) Passive, narrow-beam sensors; and (iii) Active Sensors.WSNs are vary depending on the environment, such types can be the following: Terrestrial, Underground, Underwater, Multimedia and Mobile.The applications of WSNs are innumerable (Sohraby et al, 2007).The expansion and arrangement of WSN have taken traditional network topologies in new directions.Thus, many of today's sensor applications require networking alternatives that reduce the cost and complexity while improving the overall reliability.Early sensor networks used simple twisted shielded-pair (TSP) implementations for each sensor.Recently, the industry adopted multidrop buses (an example is Ethernet).Now there is true web-based networks (e.g., the World Wide Web) implemented on the factory floor (Wayne, 2000).Some topology existing in WSN are: Point-to-Point Networks, Multidrop Networks and Web Network.

Wireless Sensor Network Protocols
Data are routed from one node to other using different routing protocols (Bhattacharyya, Kim, Pal, 2010).Research and industry trends revealed that routing protocols are majorly classified into three categories, namely, Data-centric protocols: are query based and use concept of naming of desired data to eliminate many redundancy transmission within the network.Hierarchical protocols: it clusters the nodes so that cluster heads can be aggregate and reduce the data to save energy.Location based protocols: use position information to send the data to only desired regions rather than to the whole network.Low Energy Adaptive Clustering Hierarchy (LEACH), Threshold Sensitive Energy Efficient Sensor Network (TEEN), Adaptive Threshold Teen (APTEEN), Power Efficient Gathering Sensor Information System (PEGASIS), Sensor Protocol for Information Via Negotiation (SPIN), Diffusion Direct (DD), Rumors Routing (RR), Geography and Energy-Aware Routing (GEAR) and Geographic Adaptive Fidelity (GAF) are all other WSNs protocol.Nanda (2003) discussed some features in detail.The author described building a secure application authentication system using contexts and Fine-Grained access control (FGAC) system.The research is solely based on database applications.Lou et al (2006) proposed a fine-grained distributed data access control in wireless sensor network.Their scheme is solely based on FGAC in which each sensor node is assigned a set of attributes, and each user is assigned an access structure which designates the access capability of the user.Thus, overload in FGAC is reasonable in practical scenarios but the efficient update of data encryption keys for sensor nodes as well as distribution of keys to the legitimate users as well as fine-grained data access control is hard to realize due to the complexity introduced by its management technique.However, strong attacks on WSN are still possible, this is a major limitation of their work.Buratti et al (2009), discussed the relevant issues of WSNs from the application to design and technology viewpoints.They also stressed further that, there is need to use the communication protocols such as topology and signal processing strategies.Matthys et al (2010) proposed a Fine-Grained and application centric access control for WSNs.The approach is to realize fine-grained access control in WSNs based on three elements, a loosely-coupled WSN component model named LooCI which allows easy inspection of data flows between the components that compose application, second, a flexible and extensible policy engine which also allows fine-grained control of data flows and ensures that these policies cannot be avoided and thirdly, a secure policy distribution channel ensures that only authorized actors, may deploy security policies.Since it is run-time application, it reconfigures itself after the main work has been done on each node.That is, it follows single event condition action.

Related Works
Jin et al ( 2010) proposed an efficient attribute-based access control system in cloud computing.In their system, two CSPs namely KG-CSP and D-CSP are introduced as employees to finish outsource the heavy tasks for users' management and file access respectively.A challenging issue in the proposed system is how outsources computational task to CSPs without any private information leakage would be achieved.
Sushmita et al ( 2011), discussed a fully distributed fine grained access control schemes for distributed networks.The scheme is well secured against collusion of users and supports user join, revocation and access structure modifications.The communication costs are the same as that of Yu et al (2006) scheme which contained only one Trust Authority (TA); hence, it is prone to breaking down on the event that the TA is compromised.The computation costs incurred by the sensors are also the same making the schemes highly practical for distributed sensor networks.

Attribute Policy: Subjects and Objects
Pirretti et al ( 2006) defined an attribute policy (same as policy) as a specification of cryptographic operations carried out on a plaintext in the attribute-based system.Hence, through encryption, a party is able to insert expressive policies into objects, allowing the decentralized enforcement of such policies.There are two components central to policies characterization: the attributes and the objects.An attributes consists of a uniquely identifying string and names.Objects refer to all encrypted or discovered data.For example, objects in a distributed file system would be the file that it stores.The attribute policy is a specification of the attribute and threshold used to encrypt an object.For example, consider a policy p that mandate encryption using a single attribute a under a threshold of 1. P = t1 (a) while the application of attribute place of objects (Obj) is denoted by E(Obj, p) equivalent to E(Obj, t1(a)) meaning that Obj has been encrypted under attribute a using 1-out-of-1 threshold encryption function.This object can only be encrypted by a user with right attribute.

System Design
Bilinear map, pairing-base is employed in the design.Consider two cyclic groups   and   of prime order  generated by   and   respectively.Let   be a group of order  , we consider mapping  as follows: e:   ×   →  .KP-ABE is used for achieving fine-grained data access control.KP-ABE is a type of attribute Based encryption in which each ciphertext is associated with a set of descriptive attributes.Each private key is associated with an access structure or policy that specifies which type of cyphertext the key can decrypt.Thus, a user is able to decrypt a cyphertext if and only if the attributes associated with a cyphertext satisfy the key's access structure or policy.The KP-Attribute Based Encryption scheme consists SETUP, KEY GENERATION, ENCRYPTION and DECRYPTION algorithms.a. SETUP: In the setup phase, the system parameters are chosen by the key attribute authority.b.KEY GENERATION: The server generates secret keys for the users, depending on the set of attributes it has and its group.It takes groups   and   , the threshold parameter , set of attributes that a user has as input and outputs the secret keys.The algorithm chooses a  -1 degree polynomial () at random, such that (0) = .
For i-th attribute, SKi =  ()/ , (3.3) then the secret key is output as SK = (  ,   , ⋯, SKn-1) (3.4) c.ENCRYPTION: The server generates public keys and encrypts the message using its public keys.The sender  runs the encryption algorithm, the inputs of which are the message  , the set of attribute  j it has, and the public parameters.It outputs a ciphertext  ′ for the message .The algorithm randomly chooses a value  ∈   .The ciphertext is calculated as d. DECRYPTION: This algorithm enables a user with valid set of attributes to decrypt the message.The decryption process is performed at each node.It takes as input the ciphertext , the group   and the parameters that a receiving user has and outputs the message .

Network Architecture and Assumptions
In this work, we consider military WSN to be the network consisting network server or trusted Authority, several sensor nodes and many users.We denote the network server as , user or subjects as   and node or objects as   respectively.Both users and nodes have their unique IDs.The  can always be online for easy detection of intruders or threat.It is in charge of issuing, revoking and updating attribute keys for users.The proposed architecture is divided into six phases which are: system initialization phase, user query generation phase, sensor node verification, establishing secure channel between the network users and the sensor nodes, new user and the user revocation.Conventionally, we assume that Subject (Subj) have sufficient computational resources to execute some expensive cryptography operations and also assume that there is loose time synchronization among the sensor nodes.
In this scheme, each sensor node is preloaded with a set of attributes-the detected military operations which has been classified as security levels, (TOP SECRET , SECRET, CONFIDENTIAL AND UNCLASSIFIED) as well as public key (PK) depending on a set of attributes that a sensor possess.Each user (Subj) is assigned an access policy with the corresponding secret key (SK).A user (Subj) is able to decrypt the information from the sensor node (Obj), provided it has the matching set of attribute and access policy.Some of the architecture algorithms are: USER QUERY GENERATION: After the system initialization, subjects can enter the network to access the nodes base on their access privilege.(3.9) Signature validity is checked.Then response is sent to the user Uj; otherwise, the message {Que, } is rejected.

SECURE CHANNELS ESTABLISHMENT BETWEEN NETWORK USER AND SENSOR NODES:
During the user query generation phase, user Uj randomly chooses c ∈   and compute cP.cP is added to the query command Que for sensor node to confirm the validity of the query command.It takes the following steps to achieve it i.The node randomly choose d∈   and generate dP ii.Compute sk = d(cP) as the session key between itself and the user Uj.Thus the node can uses the key sk to encrypt require sensor data of Uj.Subsequently, it uses SK to encrypt sensor data with symmetry encryption.At the same time, it encrypts SK using public key encryption with Uj's public key cP.Then, the node send the encrypted sensor data to Uj with the private key c, only user is capable of decrypting the session key SK and therefore recovering the original sensor data.

USER REVOCATION:
The revocation takes the following steps.Let the value of Y be (Y)old 1. TA broadcast Y 1 = e(g1, g2) ∆a 2. Each TA can calculate new value of Y as (Y) new = (Y) old Y 1 = e (g1, g2) ∑ a∑      .
The public parameter (Y) old is change to new (Y) new.3. A new polynomial p[j]a(x)new is calculated for user Uj TA P[j]a (x) old -pa+p 1 a = p[j]a (x) old +∆a Therefore, p[j]a (0 (3.10) 4. Each TA a∑   IS selectively broadcast the value of   ∆  / , = g1 p[j] a (i) +∆a, while i ∈ B[a] j, to each non revoke authorized users Uj.The secret key is (SKa,i)new = (SKa,i)old  ∆  / , for each attribute i ∈ B[a] j, and given to users.

Classification or Users' Grouping
The principle of Bell Lapudala model (Ogundele, 2011) which requires subject be given access to the objects (an entity that contained information that is protected.)is adopted.The groups are classified into two distinct classes: the subjects and the object.

Subjects Class:
The ranking start from OF -10 (top most rank) and goes towards OF -1 which is the least.The category notations are: The subjects categories can be grouped together to form a general class given as: S= {  ,   ,   ,  4 , } in which   ,>   , >   , >   .This shows that group S1 is the highest ranking in the classes of subjects, follow by the   down to the least.
Object Class: They are encrypted information or data pre-deployed to all the nodes which can be categories as follow O= {  ,   ,   ,   ,} where O stand for the object and the subscripts are the security classification level ranging from top secret to the least i.e Top secret (ts), Secret (s), Confidential (c) and Unclassified (uc).

Access Policy:
The access policies are formed from the subject and the object class.Let the O be a universal set and L1 to L4 be the level at which each subjects can operate in the network as represented below: , this means that for a subject to be able to encrypt an object, the subject must belong to the group list pool that had register with the network administrator based on their attribute possess.
Let Sn denotes all subjects class where (n ∈ {1, … , 4}) and Oy denotes all the object class Oy where (y ∈ {ts, s, c, uc}).A direct mapping between the members of  and , this implies that every member of  takes a corresponding value of .Where A is an access, S =subject, Sn = subject Class, Oy = Objects class

User Authentication
The system was able to authenticate both the administration and the users using the back end (Database) user authentication system.The authentication is done by comparing the user input in the front end, process it at the middle layer, and then authenticate it in the database.If the matching is correct by entering the right username and password, the system grants access.
Else access is denied.

Creating Account
Users enter their Username, e-mail, phone number, Password, Re-enter password, Full name and Rank which generates access level automatically.In most cases the username might be part of the user's full name and in some cases it might be different from the user's full name.
The essence of re-entering password is to ascertain the correctness of the password given.
In most cases the full name might be more than two names depending on the choice of the user.Also, the ranking order assigned to users is different from one another depending on the cadre of the personnel.These rank orders ranges from highest to the lowest in the military.Each user is expected to have an accessible e-mail address that could be used to contact personnel in case of any information that needs prompt action.An access level of each user differs from one another as this could be used to differentiate a user that is assigned access level from those that do not have.Another security measure is the user's phone number which is a unique identifier; these can as well be used to distinguish a user from others.

Uploading a File
On this part, Admin specifies or gives a description or the name of the locality where the data is generated and also the type of officer or personnel that can view it.Access level is selected which generates or assigns secret key to the file.The essence of these is to secure the uploaded file from unauthorized user such that without the rightful secret key coupled with an assigned access level, such user will not be able to deploy a file (confidentiality).

Accessing an Uploaded Files
Accessing an already uploaded file, a user needs to enter assigned secret key before download of any files.Once the secret key is entered correctly, it compared with the stored secret keys in the database, which will determine maybe access will be granted or not in order to download any file.This security measure; secret key prevents unauthorized users from accessing files in the database.

Performance Analysis
The performance analysis is evaluated using the following standard metrics namely: execution time, energy consumption, and size of the key.
The execution time measures the duration of the operations performed by users during the decryption and while querying a sensor data.The energy consumption estimates the energy consume during the process and also considers eave-dropping because the propose system work on a wireless network environment and it is necessary to consider intruders who may want to hijack information transmitted on the wireless network and compromise its privacy.The energy consumption is different from conventional wired and wireless networks, wireless sensor networks have a major energy issue because most wireless sensors cannot be charged after being deployed, and energy loss causes node failure and finally leads to entire network failure.The energy problem is very complex.Many researchers proposed different ways to reduce energy consumption as much as possible.However, an accurate measurement of energy consumption remains a challenge to the work.Tab. 1, shows the chosen users from a group of sensor network during decryption period and their response time being recorded.The size of a given key (ABE) is set to be 260 and 292 which is considered enough to secure the sensor data.The response time and the size of the key (ABE) vary in length during decryption process.

Conclusion
In this work, a fine grained data access control that enforces security controls and ensures data accessibility only to authorized entity has been developed.The architecture address the security challenges often encounters in a WSN especially in a mission-critical application.Technology is a dynamic concept which is constantly changing and as it is changing, the security measures should also change to keep up the standard.This system is easy to use, secure and has an interactive user interface and can also be used for purpose of authentication, limit of access privilege and user revocation for secure access into the system.It is therefore; recommended that this research work should be adapted to different terrain of life such as health institutions and government.The main challenge is the power consumption for effective data delivery and also improve the bandwidth of WSN.

Fig 2 .
Fig 2. Execution time for Decryption in a Sensor Node.Source Authors.
The threshold parameter  is decided, such that if a user   has at least  attributes in common with the sender , it can decrypt the message.Let  be a prime power.  and   are two groups of order  and Let  be the generator of the group   .e:   ×   →   (3.1)Let W be the total number of attributes. 1 ,  2 , ⋯,.   and  are chosen at random from   .  Set of integers {0,1, ⋯, q − 1} The following public parameter are published [  =  1 ,   =   , … ,   ,  =  (, )  ] (3.2)Where ( 1 ,  2 , ⋯,   , ) is a master secret key,   ∈   .
Let assume that group member's Public keys consists of   ,   ⋯ ,   With Que, subjects compute   (Que) p.To sign   (Que) p will takes the following step i.For all i∈ { ⋯ , } and   ≠   ,   randomly choose   ∈   and for which the   are pairwise different.Compute   =   p (i≠ j) ii.Choose a random number  ∈   iii.Compute Rj where  or Rj = Ri for some i≠ , then go to (ii).The signature of Que made by the subgroup s from the group { ,   … . .  } is given by  = {  , … ,   ,   , …   , }.After that, Uj sends the message {Que, } to the sensor nodes.
SENSOR NODE VERIFICATION:Upon receiving the message {Que, } , each node firstly checks whether the time stamp   included in Que is within a given period of time.Then verification of signature  on the query Que is: i. Compute h1, where hi = H2 (H1(Que)P, Ri)∀ ≤  ≤  ii.Check the equation  = ∑ (  +     )  = Thus, Sn combined with Oy gives: Sn: Oy → S 1 O L1 , Sn: Oy → S 2 O L2 , Sn: Oy → S 3 O L3 , Sn: Oy → S 4 O L4 Response time for decryption.Source Authors.