A unified approach to combinatorial key predistribution schemes for sensor networks

There have been numerous recent proposals for key predistribution schemes for wireless sensor networks based on various types of combinatorial structures such as designs and codes. Many of these schemes have very similar properties and are analysed in a similar manner. We seek to provide a unified framework to study these kinds of schemes. To do so, we define a new, general class of designs, termed “partially balanced t-designs”, that is sufficiently general that it encompasses almost all of the designs that have been proposed for combinatorial key predistribution schemes. However, this new class of designs still has sufficient structure that we are able to derive general formulas for the metrics of the resulting key predistribution schemes. These metrics can be evaluated for a particular scheme simply by substituting appropriate parameters of the underlying combinatorial structure into our general formulas. We also compare various classes of schemes based on different designs, and point out that some existing proposed schemes are in fact identical, even though their descriptions may seem different. We believe that our general framework should facilitate the analysis of proposals for combinatorial key predistribution schemes and their comparison with existing schemes, and also allow researchers to easily evaluate which scheme or schemes present the best combination of performance metrics for a given application scenario

Security in heterogeneous wireless networks

The proliferation of a range of wireless devices, from the cheap low power resource starved sensor nodes to the ubiquitous cell phones and PDA\u27s has resulted in their use in many applications. Due to their inherent broadcast nature Security and Privacy in wireless networks is harder than the wired networks. Along with the traditional security requirements like confidentiality, integrity and non-repudiation new requirements like privacy and anonymity are important in wireless networks. These factors combined with the fact that nodes in a wireless network may have different resource availabilities and trust levels makes security in wireless networks extremely challenging. The functional lifetime of sensor networks in general is longer than the operational lifetime of a single node, due to limited battery power. Therefore to keep the network working multiple deployments of sensor nodes are needed. In this thesis, we analyze the vulnerability of the existing key predistribution schemes arising out of the repeated use of fixed key information through multiple deployments. We also develop SCON, an approach for key management that provides a significant improvement in security using multiple key pools. SCON performs better in a heterogeneous environment. We present a key distribution scheme that allows mobile sensor nodes to connect with stationary nodes of several networks. We develop a key distribution scheme for a semi ad-hoc network of cell phones. This scheme ensures that cell phones are able to communicate securely with each other when the phones are unable to connect to the base station. It is different from the traditional ad hoc networks because the phones were part of a centralized network before the base station ceased to work. This allows efficient distribution of key material making the existing schemes for ad hoc networks ineffective. In this thesis we present a mechanism for implementing authenticated broadcasts which ensure non-repudiation using identity based cryptography. We also develop a reputation based mechanism for the distributed detection and revocation of malicious cell phones. Schemes which use the cell phone for secure spatial authentication have also been presented

TKP: Three level key pre-distribution with mobile sinks for wireless sensor networks

Wireless Sensor Networks are by its nature prone to various forms of security attacks. Authentication and secure communication have become the need of the day. Due to single point failure of a sink node or base station, mobile sinks are better in many wireless sensor networks applications for efficient data collection or aggregation, localized sensor reprogramming and for revoking compromised sensors. The existing sytems that make use of key predistribution schemes for pairwise key establishment between sensor nodes and mobile sinks, deploying mobile sinks for data collection has drawbacks. Here, an attacker can easily obtain many keys by capturing a few nodes and can gain control of the network by deploying a node preloaded with some compromised keys that will be the replica of compromised mobile sink. We propose an efficient three level key predistribution framework that uses any pairwise key predistribution in different levels. The new framework has two set of key pools one set of keys for the mobile sink nodes to access the sensor network and other set of keys for secure communication among the sensor nodes. It reduces the damage caused by mobile sink replication attack and stationary access node replication attack. To further reduce the communication time it uses a shortest distance to make pair between the nodes for comunication. Through results, we show that our security framework has a higher network resilience to a mobile sink replication attack as compared to the polynomial pool-based scheme with less communication tim

A Key Management Protocol for Multiphase Hierarchical Wireless Sensor Networks

The security of Wireless Sensor Networks (WSNs) has a direct reliance on secure and efficient key management. This leaves key management as a fundamental research topic in the field of WSNs security. Among the proposed key management schemes for WSNs security, LEAP (Localized Encryption and Authentication Protocol) has been regarded as an efficient protocol over the last years. LEAP supports the establishment of four types of keys. The security of these keys is under the assumption that the initial deployment phase is secure and the initial key is erased from sensor nodes after the initialization phase. However, the initial key is used again for node addition after the initialization phase whereas the new node can be compromised before erasing the key. A time-based key management scheme rethought the security of LEAP. We show the deficiency of the time-based key management scheme and proposed a key management scheme for multi-phase WSNs in this paper. The proposed scheme disperses the damage resulting from the disclosure of the initial key. We show it has better resilience and higher key connectivity probability through the analysis

A Survey of Key Management Schemes in Wireless Sensor Networks

Abstract

Broadcast-enhanced key predistribution schemes

We present a formalisation of a category of schemes that we refer to as broadcast-enhanced key predistribution schemes (BEKPSs). These schemes are suitable for networks with access to a trusted base station and an authenticated broadcast channel. We demonstrate that the access to these extra resources allows for the creation of BEKPSs with advantages over key predistribution schemes such as flexibility and more efficient revocation. There are many possible ways to implement BEKPSs, and we propose a framework for describing and analysing them. In their paper “From Key Predistribution to Key Redistribution,” Cichoń et al. [2010] propose a scheme for “redistributing” keys to a wireless sensor network using a broadcast channel after an initial key predistribution. We classify this as a BEKPS and analyse it in that context. We provide simpler proofs of some results from their paper, give a precise analysis of the resilience of their scheme, and discuss possible modifications. We then study two scenarios where BEKPSs may be particularly desirable and propose a suitable family of BEKPSs for each case. We demonstrate that they are practical and efficient to implement, and our analysis shows their effectiveness in achieving suitable trade-offs between the conflicting priorities in resource-constrained networks

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

A key management scheme for heterogeneous sensor networks using keyed-hash chain

We present a suite of key management scheme for heterogeneous sensor networks. In view of different types of communications, a single key can not satisfy various communication requirements. It is necessary to study the establishment and renewal of different types of keys in heterogeneous sensornetworks. In this paper, we propose a new key management scheme which can support five types of communications. Our basic scheme is based on a keyed-hash chain approach. A new cluster mechanism is used to improve the probability of key sharing between sensors and their cluster heads. Different from existing schemes where a node capture attack might lead to the disclosure of several key chains, our method can avoid this drawback through not storing network-wide generating keys inlow-cost sensors. Only pairwise keys involving the compromised node should be deleted in our scheme. It is motivated by the observation that all the information stored on a sensor may be disclosed once the sensor gets compromised. Through the analysis of both security and performance, we show the scheme meets the security requirements