Visible to the public Biblio

Found 784 results

Filters: First Letter Of Last Name is K  [Clear All Filters]
A B C D E F G H I J [K] L M N O P Q R S T U V W X Y Z   [Show ALL]
K
Karlsson, Linus, Paladi, Nicolae.  2019.  Privacy-Enabled Recommendations for Software Vulnerabilities. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :564–571.
New software vulnerabilities are published daily. Prioritizing vulnerabilities according to their relevance to the collection of software an organization uses is a costly and slow process. While recommender systems were earlier proposed to address this issue, they ignore the security of the vulnerability prioritization data. As a result, a malicious operator or a third party adversary can collect vulnerability prioritization data to identify the security assets in the enterprise deployments of client organizations. To address this, we propose a solution that leverages isolated execution to protect the privacy of vulnerability profiles without compromising data integrity. To validate an implementation of the proposed solution we integrated it with an existing recommender system for software vulnerabilities. The evaluation of our implementation shows that the proposed solution can effectively complement existing recommender systems for software vulnerabilities.
Karmakar, J., Mandal, M. K..  2020.  Chaos-based Image Encryption using Integer Wavelet Transform. 2020 7th International Conference on Signal Processing and Integrated Networks (SPIN). :756–760.
Since the last few decades, several chaotic encryption techniques are reported by different researchers. Although the cryptanalysis of some techniques shows the feebler resistance of those algorithms against any weaker attackers. However, different hyper-chaotic based and DNA-coding based encrypting methods are introduced recently. Though, these methods are efficient against several attacks, but, increase complexity as well. On account of these drawbacks, we have proposed a novel technique of chaotic encryption of an image using the integer wavelet transform (IWT) and global bit scrambling (GBS). Here, the image is transformed and decomposed by IWT. Thereafter, a chaotic map is used in the encryption algorithm. A key-dependent bit scrambling (GBS) is introduced rather than pixel scrambling to make the encryption stronger. It enhances key dependency along with the increased resistance against intruder attacks. To check the fragility and dependability of the algorithm, a sufficient number of tests are done, which have given reassuring results. Some tests are done to check the similarity between the original and decrypted image to ensure the excellent outcome of the decryption algorithm. The outcomes of the proposed algorithm are compared with some recent works' outputs to demonstrate its eligibility.
Karmakar, K. K., Varadharajan, V., Tupakula, U., Hitchens, M..  2020.  Towards a Dynamic Policy Enhanced Integrated Security Architecture for SDN Infrastructure. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—9.

Enterprise networks are increasingly moving towards Software Defined Networking, which is becoming a major trend in the networking arena. With the increased popularity of SDN, there is a greater need for security measures for protecting the enterprise networks. This paper focuses on the design and implementation of an integrated security architecture for SDN based enterprise networks. The integrated security architecture uses a policy-based approach to coordinate different security mechanisms to detect and counteract a range of security attacks in the SDN. A distinguishing characteristic of the proposed architecture is its ability to deal with dynamic changes in the security attacks as well as changes in trust associated with the network devices in the infrastructure. The adaptability of the proposed architecture to dynamic changes is achieved by having feedback between the various security components/mechanisms in the architecture and managing them using a dynamic policy framework. The paper describes the prototype implementation of the proposed architecture and presents security and performance analysis for different attack scenarios. We believe that the proposed integrated security architecture provides a significant step towards achieving a secure SDN for enterprises.

Karmakar, Kallol Krishna, Varadharajan, Vijay, Tupakula, Udaya, Hitchens, Michael.  2016.  Policy Based Security Architecture for Software Defined Networks. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :658–663.

Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this paper we proposed policy based security architecture for securing the SDN domains. Our architecture enables the administrator to enforce different types of policies such as based on the devices, users, location and path for securing the communication in SDN domain. Our architecture is developed as an application that can be run on any of the SDN Controllers. We have implemented our architecture using the POX Controller and Raspberry Pi 2 switches. We will present different case scenarios to demonstrate fine granular security policy enforcement with our architecture.

Karmakar, Kallol Krishna, Varadharajan, Vijay, Nepal, Surya, Tupakula, Uday.  2019.  SDN Enabled Secure IoT Architecture. {2019 IFIP/IEEE} Symposium on Integrated Network and Service Management (IM).

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

Karmakar, Kallol Krishna, Varadharajan, Vijay, Nepal, Surya, Tupakula, Uday.  2019.  SDN Enabled Secure IoT Architecture. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :581–585.
The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.
Karmakar, R., Jana, S. S., Chattopadhyay, S..  2019.  A Cellular Automata Guided Obfuscation Strategy For Finite-State-Machine Synthesis. 2019 56th ACM/IEEE Design Automation Conference (DAC). :1–6.
A popular countermeasure against IP piracy relies on obfuscating the Finite State Machine (FSM), which is assumed to be the heart of a digital system. In this paper, we propose to use a special class of non-group additive cellular automata (CA) called D1 * CA, and it's counterpart D1 * CAdual to obfuscate each state-transition of an FSM. The synthesized FSM exhibits correct state-transitions only for a correct key, which is a designer's secret. The proposed easily testable key-controlled FSM synthesis scheme can thwart reverse engineering attacks, thus offers IP protection.
Karmaker Santu, Shubhra Kanti, Bindschadler, Vincent, Zhai, ChengXiang, Gunter, Carl A..  2018.  NRF: A Naive Re-Identification Framework. Proceedings of the 2018 Workshop on Privacy in the Electronic Society. :121-132.

The promise of big data relies on the release and aggregation of data sets. When these data sets contain sensitive information about individuals, it has been scalable and convenient to protect the privacy of these individuals by de-identification. However, studies show that the combination of de-identified data sets with other data sets risks re-identification of some records. Some studies have shown how to measure this risk in specific contexts where certain types of public data sets (such as voter roles) are assumed to be available to attackers. To the extent that it can be accomplished, such analyses enable the threat of compromises to be balanced against the benefits of sharing data. For example, a study that might save lives by enabling medical research may be enabled in light of a sufficiently low probability of compromise from sharing de-identified data. In this paper, we introduce a general probabilistic re-identification framework that can be instantiated in specific contexts to estimate the probability of compromises based on explicit assumptions. We further propose a baseline of such assumptions that enable a first-cut estimate of risk for practical case studies. We refer to the framework with these assumptions as the Naive Re-identification Framework (NRF). As a case study, we show how we can apply NRF to analyze and quantify the risk of re-identification arising from releasing de-identified medical data in the context of publicly-available social media data. The results of this case study show that NRF can be used to obtain meaningful quantification of the re-identification risk, compare the risk of different social media, and assess risks of combinations of various demographic attributes and medical conditions that individuals may voluntarily disclose on social media.

Karpenko, V.I., Vasilev, S.P., Boltunov, A.P., Voloshin, E.A., Voloshin, A. A..  2019.  Intelligent Consumers Device and Cybersecurity of Load Management in Microgrids. 2019 2nd International Youth Scientific and Technical Conference on Relay Protection and Automation (RPA). :1–10.
The digitalization of the electric power industry and the development of territories isolated from the unified energy system are priorities in the development of the energy sector. Thanks to innovative solutions and digital technologies, it becomes possible to make more effective managing and monitoring. Such solution is IoT platform with intelligent control system implemented by software.
Karras, Panagiotis, Nikitin, Artyom, Saad, Muhammad, Bhatt, Rudrika, Antyukhov, Denis, Idreos, Stratos.  2016.  Adaptive Indexing over Encrypted Numeric Data. Proceedings of the 2016 International Conference on Management of Data. :171–183.

Today, outsourcing query processing tasks to remote cloud servers becomes a viable option; such outsourcing calls for encrypting data stored at the server so as to render it secure against eavesdropping adversaries and/or an honest-but-curious server itself. At the same time, to be efficiently managed, outsourced data should be indexed, and even adaptively so, as a side-effect of query processing. Computationally heavy encryption schemes render such outsourcing unattractive; an alternative, Order-Preserving Encryption Scheme (OPES), intentionally preserves and reveals the order in the data, hence is unattractive from the security viewpoint. In this paper, we propose and analyze a scheme for lightweight and indexable encryption, based on linear-algebra operations. Our scheme provides higher security than OPES and allows for range and point queries to be efficiently evaluated over encrypted numeric data, with decryption performed at the client side. We implement a prototype that performs incremental, query-triggered adaptive indexing over encrypted numeric data based on this scheme, without leaking order information in advance, and without prohibitive overhead, as our extensive experimental study demonstrates.

Karsai, Linus, Fekete, Alan, Kay, Judy, Missier, Paolo.  2016.  Clustering Provenance Facilitating Provenance Exploration Through Data Abstraction. Proceedings of the Workshop on Human-In-the-Loop Data Analytics. :6:1–6:5.

As digital objects become increasingly important in people's lives, people may need to understand the provenance, or lineage and history, of an important digital object, to understand how it was produced. This is particularly important for objects created from large, multi-source collections of personal data. As the metadata describing provenance, Provenance Data, is commonly represented as a labelled directed acyclic graph, the challenge is to create effective interfaces onto such graphs so that people can understand the provenance of key digital objects. This unsolved problem is especially challenging for the case of novice and intermittent users and complex provenance graphs. We tackle this by creating an interface based on a clustering approach. This was designed to enable users to view provenance graphs, and to simplify complex graphs by combining several nodes. Our core contribution is the design of a prototype interface that supports clustering and its analytic evaluation in terms of desirable properties of visualisation interfaces.

Karthiga, K., Balamurugan, G., Subashri, T..  2020.  Computational Analysis of Security Algorithm on 6LowPSec. 2020 International Conference on Communication and Signal Processing (ICCSP). :1437–1442.
In order to the development of IoT, IETF developed a standard named 6LoWPAN for increase the usage of IPv6 to the tiny and smart objects with low power. Generally, the 6LoWPAN radio link needs end to end (e2e) security for its IPv6 communication process. 6LoWPAN requires light weight variant of security solutions in IPSec. A new security approach of 6LoWPAN at adaptation layer to provide e2e security with light weight IPSec. The existing security protocol IPsec is not suitable for its 6LoWPAN IoT environment because it has heavy restrictions on memory, power, duty cycle, additional overhead transmission. The IPSec had packet overhead problem due to share the secret key between two communicating peers by IKE (Internet Key Exchange) protocol. Hence the existing security protocol IPSec solutions are not suitable for lightweight-based security need in 6LoWPAN IoT. This paper describes 6LowPSec protocol with AES-CCM (Cipher block chaining Message authentication code with Counter mode) cryptographic algorithm with key size of 128 bits with minimum power consumption and duty cycle.
Karthika, P., Babu, R. Ganesh, Nedumaran, A..  2019.  Machine Learning Security Allocation in IoT. 2019 International Conference on Intelligent Computing and Control Systems (ICCS). :474—478.

The progressed computational abilities of numerous asset compelled gadgets mobile phones have empowered different research zones including picture recovery from enormous information stores for various IoT applications. The real difficulties for picture recovery utilizing cell phones in an IoT situation are the computational intricacy and capacity. To manage enormous information in IoT condition for picture recovery a light-weighted profound learning base framework for vitality obliged gadgets. The framework initially recognizes and crop face areas from a picture utilizing Viola-Jones calculation with extra face classifier to take out the identification issue. Besides, the utilizes convolutional framework layers of a financially savvy pre-prepared CNN demonstrate with characterized highlights to speak to faces. Next, highlights of the huge information vault are listed to accomplish a quicker coordinating procedure for constant recovery. At long last, Euclidean separation is utilized to discover comparability among question and archive pictures. For exploratory assessment, we made a nearby facial pictures dataset it including equally single and gathering face pictures. In the dataset can be utilized by different specialists as a scale for examination with other ongoing facial picture recovery frameworks. The trial results demonstrate that our planned framework beats other cutting edge highlight extraction strategies as far as proficiency and recovery for IoT-helped vitality obliged stages.

Karthikeyan, S. Paramasivam, El-Razouk, H..  2020.  Horizontal Correlation Analysis of Elliptic Curve Diffie Hellman. 2020 3rd International Conference on Information and Computer Technologies (ICICT). :511–519.
The world is facing a new revolutionary technology transition, Internet of things (IoT). IoT systems requires secure connectivity of distributed entities, including in-field sensors. For such external devices, Side Channel Analysis poses a potential threat as it does not require complete knowledge about the crypto algorithm. In this work, we perform Horizontal Correlation Power Analysis (HCPA) which is a type of Side Channel Analysis (SCA) over the Elliptic Curve Diffie Hellman (ECDH) key exchange protocol. ChipWhisperer (CW) by NewAE Technologies is an open source toolchain which is utilized to perform the HCPA by using CW toolchain. To best of our knowledge, this is the first attempt to implemented ECDH on Artix-7 FPGA for HCPA. We compare our correlation results with the results from AES -128 bits provided by CW. Our point of attack is the Double and Add algorithm which is used to perform Scalar multiplication in ECC. We obtain a maximum correlation of 7% for the key guess using the HCPA. We also discuss about the possible cause for lower correlation and few potentials ways to improve it. In Addition to HCPA we also perform Simple Power Analysis (SPA) (visual) for ECDH, to guess the trailing zeros in the 128-bit secret key for different power traces.
Karumanchi, Sushama, Li, Jingwei, Squicciarini, Anna.  2016.  Efficient Network Path Verification for Policy-routedQueries. Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. :319–328.

Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.

Karunagaran, Surya, Mathew, Saji K., Lehner, Franz.  2017.  Privacy Protection Dashboard: A Study of Individual Cloud-Storage Users Information Privacy Protection Responses. Proceedings of the 2017 ACM SIGMIS Conference on Computers and People Research. :181–182.

Cloud computing services have gained a lot of attraction in the recent years, but the shift of data from user-owned desktops and laptops to cloud storage systems has led to serious data privacy implications for the users. Even though privacy notices supplied by the cloud vendors details the data practices and options to protect their privacy, the lengthy and free-flowing textual format of the notices are often difficult to comprehend by the users. Thus we propose a simplified presentation format for privacy practices and choices termed as "Privacy-Dashboard" based on Protection Motivation Theory (PMT) and we intend to test the effectiveness of presentation format using cognitive-fit theory. Also, we indirectly model the cloud privacy concerns using Item-Response Theory (IRT) model. We contribute to the information privacy literature by addressing the literature gap to develop privacy protection artifacts in order to improve the privacy protection behaviors of individual users. The proposed "privacy dashboard" would provide an easy-to-use choice mechanisms that allow consumers to control how their data is collected and used.

Karve, Shreya, Nagmal, Arati, Papalkar, Sahil, Deshpande, S. A..  2018.  Context Sensitive Conversational Agent Using DNN. 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA). :475–478.
We investigate a method of building a closed domain intelligent conversational agent using deep neural networks. A conversational agent is a dialog system intended to converse with a human, with a coherent structure. Our conversational agent uses a retrieval based model that identifies the intent of the input user query and maps it to a knowledge base to return appropriate results. Human conversations are based on context, but existing conversational agents are context insensitive. To overcome this limitation, our system uses a simple stack based context identification and storage system. The conversational agent generates responses according to the current context of conversation. allowing more human-like conversations.
Karvelas, Nikolaos P., Treiber, Amos, Katzenbeisser, Stefan.  2018.  Examining Leakage of Access Counts in ORAM Constructions. Proceedings of the 2018 Workshop on Privacy in the Electronic Society. :66-70.

Oblivious RAM is a cryptographic primitive that embodies one of the cornerstones of privacy-preserving technologies for database protection. While any Oblivious RAM (ORAM) construction offers access pattern hiding, there does not seem to be a construction that is safe against the potential leakage due to knowledge about the number of accesses performed by a client. Such leakage constitutes a privacy violation, as client data may be stored in a domain specific fashion. In this work, we examine this leakage by considering an adversary that can probe the server that stores an ORAM database, and who takes regular snapshots of it. We show that even against such a weak adversary, no major ORAM architecture is resilient, except for the trivial case, where the client scans the whole database in order to access a single element. In fact, we argue that constructing a non-trivial ORAM that is formally resilient seems impossible. Moreover, we quantify the leakage of different constructions to show which architecture offers the best privacy in practice.

Karvelas, Nikolaos P., Senftleben, Marius, Katzenbeisser, Stefan.  2017.  Microblogging in a Privacy-Preserving Way. Proceedings of the 12th International Conference on Availability, Reliability and Security. :48:1–48:6.

Microblogging is a popular activity within the spectrum of Online Social Networking (OSN), which allows users to quicky exchange short messages. Such systems can be based on mobile clients that exchange their group-encrypted messages utilizing local communications such as Bluetooth. Since however in such cases, users do not want to disclose their group memberships, and thus have to wait for other group members to appear in the proximity, the message spread can be slow to non-existent. In this paper, we solve this problem and facilitate a higher message spread by employing a server that stores the messages of multiple groups in an Oblivious RAM (ORAM) data structure. The server can be accessed by the clients on demand to read or write their group-encrypted messages. Thus our solution can be used to add access pattern privacy on top of existing microblogging peer-2-peer architectures, and using an ORAM is a promising candidate to use in the given application scenario.

Kasah, N. b H., Aman, A. H. b M., Attarbashi, Z. S. M., Fazea, Y..  2020.  Investigation on 6LoWPAN Data Security for Internet of Things. 2020 2nd International Conference on Computer and Information Sciences (ICCIS). :1–5.
Low-power wireless network technology is one of the main key characteristics in communication systems that are needed by the Internet of Things (IoT). Nowadays, the 6LoWPAN standard is one of the communication protocols which has been identified as an important protocol in IoT applications. Networking technology in 6LoWPAN transfer IPv6 packets efficiently in link-layer framework that is well-defined by IEEE 802.14.5 protocol. 6Lo WPAN development is still having problems such as threats and entrust crises. The most important part when developing this new technology is the challenge to secure the network. Data security is viewed as a major consideration in this network communications. Many researchers are working to secure 6LoWPAN communication by analyzing the architecture and network features. 6LoWPAN security weakness or vulnerability is exposed to various forms of network attack. In this paper, the security solutions for 6LoWPAN have been investigated. The requirements of safety in 6LoWPAN are also presented.
Kascheev, S., Olenchikova, T..  2020.  The Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods. 2020 Global Smart Industry Conference (GloSIC). :265—270.
This article discusses the problem of detecting cross-site scripting (XSS) using machine learning methods. XSS is an attack in which malicious code is embedded on a page to interact with an attacker’s web server. The XSS attack ranks third in the ranking of key web application risks according to Open Source Foundation for Application Security (OWASP). This attack has not been studied for a long time. It was considered harmless. However, this is fallacious: the page or HTTP Cookie may contain very vulnerable data, such as payment document numbers or the administrator session token. Machine learning is a tool that can be used to detect XSS attacks. This article describes an experiment. As a result the model for detecting XSS attacks was created. Following machine learning algorithms are considered: the support vector method, the decision tree, the Naive Bayes classifier, and Logistic Regression. The accuracy of the presented methods is made a comparison.
Kashyap, V., Wiedermann, B., Hardekopf, B..  2011.  Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach. Security and Privacy (SP), 2011 IEEE Symposium on. :413-428.

Secure information flow guarantees the secrecy and integrity of data, preventing an attacker from learning secret information (secrecy) or injecting untrusted information (integrity). Covert channels can be used to subvert these security guarantees, for example, timing and termination channels can, either intentionally or inadvertently, violate these guarantees by modifying the timing or termination behavior of a program based on secret or untrusted data. Attacks using these covert channels have been published and are known to work in practiceâ as techniques to prevent non-covert channels are becoming increasingly practical, covert channels are likely to become even more attractive for attackers to exploit. The goal of this paper is to understand the subtleties of timing and termination-sensitive noninterference, explore the space of possible strategies for enforcing noninterference guarantees, and formalize the exact guarantees that these strategies can enforce. As a result of this effort we create a novel strategy that provides stronger security guarantees than existing work, and we clarify claims in existing work about what guarantees can be made.

Kasma, Vira Septiyana, Sutikno, Sarwono, Surendro, Kridanto.  2019.  Design of e-Government Security Governance System Using COBIT 2019 : (Trial Implementation in Badan XYZ). 2019 International Conference on ICT for Smart Society (ICISS). 7:1—6.

e-Government is needed to actualize clean, effective, transparent and accountable governance as well as quality and reliable public services. The implementation of e-Government is currently constrained because there is no derivative regulation, one of which is the regulation for e-Government Security. To answer this need, this study aims to provide input on performance management and governance systems for e-Government Security with the hope that the control design for e-Government Security can be met. The results of this study are the e-Government Security Governance System taken from 28 core models of COBIT 2019. The 28 core models were taken using CSF and risk. Furthermore, performance management for this governance system consists of capability and maturity levels which is an extension of the evaluation process in the e-Government Evaluation Guidelines issued by the Ministry of PAN & RB. The evaluation of the design carried out by determining the current condition of capability and maturity level in Badan XYZ. The result of the evaluation shows that the design possible to be implemented and needed.

Kasodhan, Rashmi, Gupta, Neetesh.  2019.  A New Approach of Digital Signature Verification based on BioGamal Algorithm. 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). :10–15.
In recent times, online services are playing a crucial role in our day-to-day life applications. Inspite of their advantage, it also have certain security challenges in the communication network. Security aspects consists of authentication of users, confidentiality of data/information as well as integrity of data. In order to achieve all these parameters, the sensitive information must be digitally signed by the original sender and later verified by the intended recipient. Therefore, research on digital signatures should be further developed to improve the data security and authenticity of the transferred data. In this paper, a secured digital signature algorithm is designed. The design of secure digital signature uses the concept of hybridization of secure hash code, DNA encryption/decryption technique and elgamal encryption/decryption techniques. The use of SHA algorithm generates a secure hash code and hybridization of encryption algorithm reduces the computational complexity and this research method is then compared with existing PlayGamal algorithm with respect to encryption/decryption time complexity.
Kasraoui, M., Cabani, A., Chafouk, H..  2014.  Formal Verification of Wireless Sensor Key Exchange Protocol Using AVISPA. Computer, Consumer and Control (IS3C), 2014 International Symposium on. :387-390.

For efficient deployment of sensor nodes required in many logistic applications, it's necessary to build security mechanisms for a secure wireless communication. End-to-end security plays a crucial role for the communication in these networks. This provides the confidentiality, the authentication and mostly the prevention from many attacks at high level. In this paper, we propose a lightweight key exchange protocol WSKE (Wireless Sensor Key Exchange) for IP-based wireless sensor networks. This protocol proposes techniques that allows to adapt IKEv2 (Internet Key Exchange version 2) mechanisms of IPSEC/6LoWPAN networks. In order to check these security properties, we have used a formal verification tools called AVISPA.