An Identity Based Key Management Scheme in Wireless Sensor Networks

Pairwise key establishment is one of the fundamental security services in sensor networks which enables sensor nodes in a sensor network to communicate securely with each other using cryptographic techniques. It is not feasible to apply traditional public key management techniques in resource-constrained sensor nodes, and also because the sensor nodes are vulnerable to physical capture. In this paper, we introduce a new scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other key pre-distribution schemes. Our scheme can be easily adapted in mobile sensor networks. This scheme supports the addition of new sensor nodes after the initial deployment and also works for any deployment topology. In addition, we propose an improved version of our scheme to support large sensor networks.Comment: 7 pages, Published in Proceedings of 4th Asian International Mobile Computing Conference (AMOC 2006), Kolkata, India, pp. 70-76, January 4-7, 200

Dynamic resiliency analysis of key predistribution in wireless sensor networks

Wireless sensor networks have been analyzed for more than a decade from operational and security points of view. Several key predistribution schemes have been proposed in the literature. Although valuable and state-of-the-art proposals have been made, their corresponding security analyses have not been performed by considering the dynamic nature of networking behavior and the time dimension. The sole metric used for resiliency analysis of key predistribution schemes is "fraction of links compromised" which is roughly defined as the ratio of secure communication links that the adversary can compromise over all secure links. However, this metric does not consider the dynamic nature of the network; it just analyzes a snapshot of the network without considering the time dimension. For example, possible dead nodes may cause change of routes and some captured links become useless for the attacker as time goes by. Moreover, an attacker cannot perform sensor node capturing at once, but performs over time. That is why a methodology for dynamic security analysis is needed in order to analyze the change of resiliency in time a more realistic way. In this paper, we propose such a dynamic approach to measure the resiliency of key predistribution schemes in sensor networks. We take the time dimension into account with a new performance metric, "captured message fraction". This metric is defined as the percentage of the messages generated within the network to be forwarded to the base station (sink) that are captured and read by the attacker. Our results show that for the cases where the static fraction of links compromised metric indicates approximately 40% of the links are compromised, our proposed captured message fraction metric shows 80% of the messages are captured by the attacker. This clearly proves the limitations of the static resiliency analysis in the literature

Key Management Building Blocks for Wireless Sensor Networks

Cryptography is the means to ensure data confidentiality, integrity and authentication in wireless sensor networks (WSNs). To use cryptography effectively however, the cryptographic keys need to be managed properly. First of all, the necessary keys need to be distributed to the nodes before the nodes are deployed in the field, in such a way that any two or more nodes that need to communicate securely can establish a session key. Then, the session keys need to be refreshed from time to time to prevent birthday attacks. Finally, in case any of the nodes is found to be compromised, the key ring of the compromised node needs to be revoked and some or all of the compromised keys might need to be replaced. These processes, together with the policies and techniques needed to support them, are called key management. The facts that WSNs (1) are generally not tamper-resistant; (2) operate unattended; (3) communicate in an open medium; (4) have no fixed infrastructure and pre-configured topology; (5) have severe hardware and resource constraints, present unique challenges to key management. In this article, we explore techniques for meeting these challenges. What distinguishes our approach from a routine literature survey is that, instead of comparing various known schemes, we set out to identify the basic cryptographic principles, or building blocks that will allow practitioners to set up their own key management framework using these building blocks

Dynamic key ring update mechanism for mobile wireless sensor networks

Key distribution is an important issue to provide security in Wireless Sensor Networks (WSNs). Many of the key pre-distribution schemes proposed for static WSNs perform poorly when they are applied to Mobile Wireless Sensor Networks (MWSNs). In this paper, we propose Dynamic Key Ring Update (DKRU) mechanism for MWSNs. The aim of DKRU mechanism is to enable sensor nodes to update their key rings periodically during movement, by observing the frequent keys in their neighbors. Our mechanism can be used together with different key pre-distribution schemes and it helps to increase the performance of them. For the performance evaluation basis, we used our mechanism together with a location based key pre-distribution scheme. Our results show that DKRU mechanism increases the local and global connectivity when it is applied to MWSNs. Moreover, our mechanism does not cause a significant degradation in network resiliency

Efficient key management in wireless sensor network security

Wireless sensor network is a multi-hop ad hoc network formed by a large number of low-cost micro-sensor nodes which communicate through radio channels. It is widely used in many areas in modern society and attracts a lot of attention from researchers. This research is on wireless sensor network security and it focuses on key management in hierarchical wireless sensor networks. Through literature review, the drawback and weakness of existing key management schemes are analyzed from various aspects including key establishment, key distribution, key update, authentication and node operation mechanism. Assessment criteria for key management scheme are proposed under different requirements and constraints of wireless sensor networks. The security criteria cover keying model, key distribution, key update, node operation and resilience. For cluster based hierarchical wireless sensor networks, an assistant node is introduced in a cluster to deal with the situation of cluster head compromise and to keep the member nodes securely staying in the network. With introduction of assistant nodes, a complete secure efficient hierarchical key management scheme (SEHKM) for wireless sensor network is proposed. The scheme supports three types of keys and the big improvement over existing key management schemes is on group key update, which is based on pseudo-random numbers and group Diffie-Hellman. The analysis and evaluation have shown that that SEHKM offers strong security with efficient operation from energy consumption point of view

Polynomial Based Dynamic Key Management for Secure Cluster Communication in Wireless Mobile Sensor Network

For inter and intra cluster communication, member nodes jointly build a mutual session key called cluster key to allow secure communication. Most existing schemes for cluster key management use messages exchange among the member nodes within a cluster for the new cluster key establishment when a node leaves or joins a cluster. This causes significant communication and computation costs. Furthermore, the secure distribution of cluster keys among member nodes in frequently changing environments is a difficult task without encryption and decryption operations. For secure cluster key management, we utilized polynomial (P) to accomplish effective intra-cluster key management and produced polynomial for making an inter-cluster key distribution. The main contribution is to generate polynomials and broadcast to nodes whenever a change occurs in a network or demanding nodes for secure key management. The presented scheme supports scalability for an increasing number of nodes using polynomials. The proposed scheme increases the lifetime of the network by decreasing the key pool size

A resilient key predistribution scheme for multiphase wireless sensor networks

In wireless sensor networks, sensor nodes eventually die due to battery depletion. Wireless sensor networks (WSNs) in which new nodes are periodically redeployed with certain intervals, called generations, to replace the dead nodes are called multi-phase wireless sensor networks. In the literature, there are several key predistribution schemes proposed for secure operation of WSNs. However, these schemes are designed for single phase networks which are not resilient against continuous node capture attacks; even under temporary attacks on the network, the harm caused by the attacker does not heal in time. However, the periodic deployments in multi-phase sensor networks could be utilized to improve the resiliency of the WSNs by deploying nodes with fresh keys. In the literature, there is limited work done in this area. In this paper, we propose a key predistribution scheme for multi-phase wireless sensor networks which is highly resilient under node capture attacks. In our scheme, called RGM (random generation material) key predistribution scheme, each generation of deployment has its own random keying material and pairwise keys are established between node pairs of particular generations. These keys are specific to these generations. Therefore, a captured node cannot be abused to obtain keys of other generations. We compare the performance of our RGM scheme with a well-known multi-phase key predistribution scheme and showed that RGM achieves up to three-fold more resiliency. Even under heavy attacks, our scheme's resiliency performance is 50% better in steady state