Hash Chains Sensornet: A Key Predistribution Scheme for Distributed Sensor Networks Using Nets and Hash Chains

Key management is an essential functionality for a security protocol; particularly for implementations to low cost devices of a distributed sensor networks (DSN)–a prototype of Internet of Things (IoT). Constraints in resources of the constituent devices of a low cost IoT (sensors of DSN) restricts implementations of computationally heavy public key cryptosystems. This led to adaptation of the novel key predistribution technique in symmetric key platform to efficiently tackle the problem of key management for these resource starved networks. Initial proposals use random graphs, later key predistribution schemes (KPS) exploit combinatorial approaches to assure essential design properties. Combinatorial designs like a (v, b, r, k)– configuration which forms a µ–CID are effective schemes to design KPS. A net in a vector space is a set of cosets of certain kind of subspaces called partial spread. A µ(v, b, r, k)–CID can be formed from a net. In this paper, we propose a key predistribution scheme for DSN, named as Sensornet, using a net. We observe that any deterministic KPS suffer from “smart attack” and hence devise a generic method to eliminate it. Resilience of a KPS can be improved by clever Hash Chains technique introduced by Bechkit et al. We improve our Sensornet to achieve Hash Chains Sensornet (HC(Sensornet)) by the applications of these two generic methods. Effectiveness of Sensornet and HC(Sensornet) in term of crucial metrics in comparison to other prominent schemes has been theoretically established

Practical Approaches to Varying Network Size in Combinatorial Key Predistribution Schemes

Combinatorial key predistribution schemes can provide a practical solution to the problem of distributing symmetric keys to the nodes of a wireless sensor network. Such schemes often inherently suit networks in which the number of nodes belongs to some restricted set of values (such as powers of primes). In a recent paper, Bose, Dey and Mukerjee have suggested that this might pose a problem, since discarding keyrings to suit a smaller network might adversely affect the properties of the scheme. In this paper we explore this issue, with specific reference to classes of key predistribution schemes based on transversal designs. We demonstrate through experiments that, for a wide range of parameters, randomly removing keyrings in fact has a negligible and largely predictable effect on the parameters of the scheme. In order to facilitate these computations, we provide a new, efficient, generally applicable approach to computing important properties of combinatorial key predistribution schemes. We also show that the structure of a resolvable transversal design can be exploited to give a deterministic method of removing keyrings to adjust the network size, in such a way that the properties of the resulting scheme are easy to analyse. We show that these schemes have the same asymptotic properties as the transversal design schemes on which they are based, and that for most parameter choices their behaviour is very similar

Secure Protocols for Key Pre-distribution, Network Discovery, and Aggregation in Wireless Sensor Networks

The term sensor network is used to refer to a broad class of networks where several small devices, called sensors, are deployed in order to gather data and report back to one or more base stations. Traditionally, sensors are assumed to be small, low-cost, battery-powered, wireless, computationally constrained, and memory constrained devices equipped with some sort of specialized sensing equipment. In many settings, these sensors must be resilient to individual node failure and malicious attacks by an adversary, despite their constrained nature. This thesis is concerned with security during all phases of a sensor network's lifetime: pre-deployment, deployment, operation, and maintenance. This is accomplished by pre-loading nodes with symmetric keys according to a new family of combinatorial key pre-distribution schemes to facilitate secure communication between nodes using minimal storage overhead, and without requiring expensive public-key operations. This key pre-distribution technique is then utilized to construct a secure network discovery protocol, which allows a node to correctly learn the local network topology, even in the presence of active malicious nodes. Finally, a family of secure aggregation protocols are presented that allow for data to be efficiently collected from the entire network at a much lower cost than collecting readings individually, even if an active adversary is present. The key pre-distribution schemes are built from a family of combinatorial designs that allow for a concise mathematical analysis of their performance, but unlike previous approaches, do not suffer from strict constraints on the network size or number of keys per node. The network discovery protocol is focused on providing nodes with an accurate view of the complete topology so that multiple node-disjoint paths can be established to a destination, even if an adversary is present at the time of deployment. This property allows for the use of many existing multi-path protocols that rely on the existence of such node-disjoint paths. The aggregation protocols are the first designed for simple linear networks, but generalize naturally to other classes of networks. Proofs of security are provided for all protocols