Key Management Building Blocks for Wireless Sensor Networks

Cryptography is the means to ensure data confidentiality, integrity and authentication in wireless sensor networks (WSNs). To use cryptography effectively however, the cryptographic keys need to be managed properly. First of all, the necessary keys need to be distributed to the nodes before the nodes are deployed in the field, in such a way that any two or more nodes that need to communicate securely can establish a session key. Then, the session keys need to be refreshed from time to time to prevent birthday attacks. Finally, in case any of the nodes is found to be compromised, the key ring of the compromised node needs to be revoked and some or all of the compromised keys might need to be replaced. These processes, together with the policies and techniques needed to support them, are called key management. The facts that WSNs (1) are generally not tamper-resistant; (2) operate unattended; (3) communicate in an open medium; (4) have no fixed infrastructure and pre-configured topology; (5) have severe hardware and resource constraints, present unique challenges to key management. In this article, we explore techniques for meeting these challenges. What distinguishes our approach from a routine literature survey is that, instead of comparing various known schemes, we set out to identify the basic cryptographic principles, or building blocks that will allow practitioners to set up their own key management framework using these building blocks

A highly resilient and zone-based key predistribution protocol for multiphase wireless sensor networks

Pairwise key distribution among the sensor nodes is an essential problem for providing security in Wireless Sensor Networks (WSNs). The common approach for this problem is random key predistribution, which suffers from resiliency issues in case of node captures by adversaries. In the literature, the resiliency problem is addressed by zone-based deployment models that use prior deployment knowledge. Another remedy in the literature, which is for multiphase WSNs, aims to provide self-healing property via periodic deployments of sensor nodes with fresh keys over the sensor field. However, to the best of our knowledge, these two approaches have never been combined before in the literature. In this paper, we propose a zone-based key predistribution approach for multiphase WSNs. Our approach combines the best parts of these approaches and provides self-healing property with up to 9-fold more resiliency as compared to an existing scheme. Moreover, our scheme ensures almost 100% secure connectivity, which means a sensor node shares at least one key with almost all of its neighbors

Multiphase deployment models for fast self healing in wireless sensor networks

The majority of studies on security in resource limited wireless sensor networks (WSN) focus on finding an efficient balance among energy consumption, computational speed and memory usage. Besides these resources, time is a relatively immature aspect that can be considered in system design and performance evaluations. In a recent study(Castelluccia and Spognardi, 2007), the time dimension is used to lower the ratio of compromised links, thus, improving resiliency in key distribution in WSNs. This is achieved by making the old and possibly compromised keys useful only for a limited amount of time. In this way, the effect of compromised keys diminish in time, so the WSN selfheals. In this study we further manipulate the time dimension and propose a deployment model that speeds up the resilience improvement process with a tradeoff between connectivity and resiliency. In our method, self healing speeds up by introducing nodes that belong to future generations in the time scale. In this way, the duration that the adversary can make use of compromised keys become smaller

MPKMS: a Matrix-based Pairwise Key Management Scheme for Wireless Sensor Networks

Due to the sensitivity of the Wireless Sensor Networks (WSN) applications and resource constraints, authentication and key management emerge as a challenging issue for WSN. In general, various approaches have been developed for the key management in WSN. This paper has come up with a new robust key pre-distribution scheme using random polynomial functions and matrix. This new proposed scheme significantly increases the storage efficiency and provides resilience to network against node capture by using random prime numbers, polynomial functions and matrix properties. The effectiveness of the scheme is demonstrated through a security analysis and comparison with the existing schemes

A unified approach to combinatorial key predistribution schemes for sensor networks

There have been numerous recent proposals for key predistribution schemes for wireless sensor networks based on various types of combinatorial structures such as designs and codes. Many of these schemes have very similar properties and are analysed in a similar manner. We seek to provide a unified framework to study these kinds of schemes. To do so, we define a new, general class of designs, termed “partially balanced t-designs”, that is sufficiently general that it encompasses almost all of the designs that have been proposed for combinatorial key predistribution schemes. However, this new class of designs still has sufficient structure that we are able to derive general formulas for the metrics of the resulting key predistribution schemes. These metrics can be evaluated for a particular scheme simply by substituting appropriate parameters of the underlying combinatorial structure into our general formulas. We also compare various classes of schemes based on different designs, and point out that some existing proposed schemes are in fact identical, even though their descriptions may seem different. We believe that our general framework should facilitate the analysis of proposals for combinatorial key predistribution schemes and their comparison with existing schemes, and also allow researchers to easily evaluate which scheme or schemes present the best combination of performance metrics for a given application scenario

KALwEN+: Practical Key Management Schemes for Gossip-Based Wireless Medical Sensor Networks

The constrained resources of sensors restrict the design of a key management scheme for wireless sensor networks (WSNs). In this work, we first formalize the security model of ALwEN, which is a gossip-based wireless medical sensor network (WMSN) for ambient assisted living. Our security model considers the node capture, the gossip-based network and the revocation problems, which should be valuable for ALwEN-like applications. Based on Shamir's secret sharing technique, we then propose two key management schemes for ALwEN, namely the KALwEN+ schemes, which are proven with the security properties defined in the security model. The KALwEN+ schemes not only fit ALwEN, but also can be tailored to other scalable wireless sensor networks based on gossiping

A Secure Key Management Scheme for Hierarchical WSN

Many applications require WSNs to exchange sensitive information with the applications having high reliability requirements and a high level of security to succeed. The WSN nodes are often placed in hostile or adverse environment and their security concerns become a challenging issue. WSNs nodes are resource constrained and hence incorporating traditional security methods involving large computation overheads are not feasible. Key management is a fundamental part for any secure communication in WSNs. The key management system should be substantially secure, robust and efficient for a secure communication protocol. Many key establishment techniques have come up to address the tradeoffs between limited memory and security but choosing an effective scheme is debatable. Here in this paper, a new key management scheme is put forward based on authentication and key sharing for WSN. Our protocol is suitable for managing keys in a hierarchical network consisting of clusters with the aim of ensuring the survivability of the network. Keywords: Authentication, Clusters, Key Management, Wireless Sensor Network