Two-tier, location-aware and highly resilient key predistribution scheme for wireless sensor networks /

Sensor nodes are low power, tiny, and computationally restricted microelectromechanical devices that usually run on battery. They are capable of communicating over short distances and of sensing information for specific purposes. In sensor networks, large amount of sensor nodes are deployed over a wide region. For secure communication among sensor nodes, secure links must be established via key agreement. Due to resource constraints, achieving such key agreement in wireless sensor networks is non-trivial. Many key establishment schemes, like Diffie-Hellman and public-key cryptography based protocols, proposed for general networks are not so suitable for sensor networks due to resource constraints. Since one cannot generally assume a trusted infrastructure, keys and/or keying materials must be distributed to sensor nodes before deployment of them. Such key distribution schemes are called key predistribution schemes. After deployment, sensor nodes use predistributed keys and/or keying materials to establish secure links using various techniques. In this thesis, we propose a probabilistic key predistribution scheme, in which we assume that certain deployment knowledge is available prior to deployment of sensor nodes. We use a two-tier approach in which there are two types of nodes: regular nodes and agent nodes. Agent nodes, which constitute a small percentage of all nodes, are more capable than regular nodes. Most of the regular nodes can establish shared keys among themselves without the help of agent nodes, whereas some other regular nodes make use of agent nodes as intermediaries for key establishment. We give a comparative analysis of our scheme through simulations and show that our scheme provides good connectivity for the sensor network. Moreover, our scheme exhibits substantially strong node-capture resiliency against small-scale attacks, while the resiliency of the network degrades gracefully as the number of captured nodes increases. In addition, the proposed scheme is scalable such that increasing the number of nodes in the network does not degrade the performance and does not increase the complexity. Another good characteristic of our scheme is that it is resistant against node fabrication and partially resistant against wormhole attacks

A Survey of Key Management Schemes in Wireless Sensor Networks

Abstract

Resilient and highly connected key predistribution schemes for wireless sensor networks

Wireless sensor networks are composed of small, battery-powered devices called sensor nodes with restricted data processing, storage capabilities. Sensor nodes collect environmental data, such as temperature, humidity, light conditions, and transmit them using their integrated radio communication interface. In real life scenarios, the exact position of a node is not determined prior to deployment because their deployment methods are arbitrary. Wireless sensor networks may be used for critical operations such as military tracking, scientific and medical experiments. Sensor nodes may carry sensitive information. In such cases, securing communication between sensor nodes becomes an essential problem. Sensor nodes may easily be impersonated and compromised by malicious parties. In order to prevent this, there is a need for some cryptographic infrastructure. Public key cryptography is infeasible for sensor nodes with limited computation power. Hence symmetric key cryptography mechanisms are applied in order to provide security foundations. Due to resource constraints in sensor nodes, best solution seems to be symmetric key distribution prior to deployment. For each node, a number of keys are drawn uniformly random without replacement from a pool of symmetric keys and loaded in the node’s memory. After deployment, neighboring sensor nodes may share a key with a certain probability since all the keys are drawn from the same key pool. This is the basic idea of key predistribution schemes in wireless sensor networks. Also there are more advanced deployment models that take the change of network in time into consideration. The nodes are powered by batteries and the batteries eventually deplete in time. However the network needs to operate longer than the lifetime of a single node. In order to provide continuity, nodes are deployed and integrated in the network at different times along the operation of the network. These networks are called multiphase wireless sensor networks. The main challenge of these networks is to provide connectivity between node pairs deployed at different times. In this thesis, we proposed three different key predistribution schemes. In the first scheme, we introduce the concept of XORed key, which is the bitwise XOR of two regular (a.k.a single) keys. Sensor nodes are preloaded with a mixture of single and XORed keys. Nodes establish secure links by shared XORed keys if they can. If no shared XORed key exists between two neighboring nodes, they try single keys loaded in their memory. If node pairs do not have any shared XORed or single keys, they transfer keys from their secure neighbors in a couple of ways, and use them to match with their XORed keys. In this scheme, we aim to have a more resilient network to malicious activities by using XORed keys since an attacker has to know either both single key operands or the XORed key itself. We performed several simulations of our scheme and compared it with basic scheme [4]. Our scheme is up to 50% more connected as compared to basic scheme. Also it has better resilience performance at the beginning of a node capture attack and when it starts to deteriorate the difference between the resilience of our proposed scheme and basic scheme is not greater than 5%. The second scheme that we proposed is actually an extension that can be applied to most of the schemes. We propose an additional phase that is performed right after shared keys between neighboring nodes are discovered. As mentioned above, neighboring node pairs share a common key with a certain probability. Obviously some neighboring node pairs fail to find any shared key. In our proposed new phase, keys preloaded in memories of secure neighbors of a node a are transferred to a, if necessary, in order for a to establish new links with its neighboring nodes that they do not share any key. In this way, we achieve the same connectivity with traditional schemes with significantly fewer keys. We compared the performance of our scheme with basic scheme [4] after shared-key discovery phase and our results showed that our scheme achieved the same local connectivity performance with basic scheme, moreover while doing that, nodes in our scheme are loaded with three fourth of keys fewer than the keys loaded in nodes in basic scheme. In addition to that, our scheme is up to 50% more resilient than basic scheme with shared-key discovery phase under node capture attacks. The last scheme that we proposed is designed to be used for multi-phase wireless sensor networks. In our model, nodes are deployed at the beginning of some time epochs, called generations, in order to replace the dead nodes. Each generation has completely different key pool. Nodes are predistributed keys drawn uniformly random from key pools of different generations in order to have secure communication with nodes deployed at those generations. In other words, in our scheme keys are specific to generation pairs. This makes the job of attacker more difficult and improves the resiliency of our scheme. We compared our scheme to another key predistribution scheme designed for multi-phase wireless sensor networks. Our results showed that our scheme is up to 35% resilient in steady state even under heavy attacks

Hash graph based key predistribution scheme for mobile and multiphase wireless sensor networks

Wireless Sensor Networks (WSN) consist of small sensor nodes which operate until their energy reserve is depleted. These nodes are generally deployed to the environments where network lifespan is much longer than the lifetime of a node. Therefore, WSN are typically operated in a multiphase fashion, where new nodes are periodically deployed to the environment to ensure constant local and global network connectivity. Besides, significant amount of the research in the literature studies only static WSN and there is very limited work considering mobility of the sensor nodes. In this thesis, we present a key predistribution scheme for mobile and multiphase WSN which is resilient against eager and temporary node capture attacks. In our Hash Graph based (HaG) scheme, every generation has its own key pool which is generated using the key pool of the previous generation. This allows nodes deployed at different generations to have the ability to establish secure channels. Likewise, a captured node can only be used to obtain keys for a limited amount of successive generations. We also consider sensor nodes as mobile and use different mobility models to show its effects on the performance. We compare the connectivity and resiliency performance of our scheme with a well-known multiphase key predistribution scheme and show that our scheme performs better when the attack rate is low. When the attack rate increases, our scheme still has better resiliency performance considering that it requires less key ring size compared to a state-of-the-art multiphase scheme