Abstract
Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Supported by the surprisingly large successful attack probabilities (SAPs) computed in this chapter, we show that the probabilistic approaches have only limited performance advantages over deterministic ones. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [9], where any node capture happens after the establishment of all pairwise links. In this scenario, we show that the deterministic approach can achieve a performance as good as the probabilistic one. In a mobile network scenario, however, the probabilistic key management as described in [9] can lead to a SAP of one order of magnitude larger than the one in a static network due to node fabrication attacks.
The above analysis motivates us to propose two low-cost secure-architecture-based techniques to improve the security against such attacks. Our new architectures, specifically targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can significantly decrease the SAP and increase the security level of key management for mobile ad hoc networks.
Finally, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, the REM resilience vector, to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any on-demand key establishment scheme. This bound that characterizes the optimal security performance analytically is shown to be tight, as we propose a REM-resilient key establishment scheme which achieves any vector within this bound. In addition, we develop a class of low-complexity key establishment schemes which achieve nearly optimal REM attack resilience.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example, the probabilistic scheme in [9] requires preloading each node with 83 keys out of a key pool size of 10,000 and achieves a local direct connectivity of 50%.
- 2.
In the simulation, the smart attack with incentive is approximated as setting the cost of the links adjacent to the compromised nodes as 0.9999 instead of as 1 unit (hop) for other authorized nodes.
- 3.
When the network is static, an adversary captures h nodes, then its successful attack probability on a link is \(1-\left(1-\dfrac{k}{m}\right)^h \approx \dfrac{hk}{m}\). if \(\dfrac{k}{m}\) is small
References
R. Blom. An optimal class of symmetric key generation system. In Advanced in Cryptology—Eurocrypt’84, LNCS, vol. 209, pages, 335–338, 1984.
S. Çamtepe and B. Yener. Combinatorial design of key distribution mechanisms for wireless sensor networks. In: European Symposium On Research in Computer Security (ESORICS’04), Sophia Antipolis, France, 2004.
S. A. Çamtepe and B. Yener. Key distribution mechanisms for wireless sensor networks: a survey. Technical Report TR-05-07, Rensselaer Polytechnic Institute, Computer Science Department, 2005. Available at http://www.cs.rpi.edu/research/pdf/05-07.pdf. Accessed in 2006
H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks. In IEEE Symposium on Security and Privacy, pages 197–213, Oakland, CA, 2003.
W. Du, J. Deng, Y. Han, S. Chen, and P. Varshney. A key management scheme for wireless sensor networks using deployment knowledge. In: INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, Hong Kong, 2004.
W. Du, J. Deng, Y. S. Han, and P. K. Varshney. A pairwise key pre-distribution scheme for wireless sensor networks. In: CCS’03: ACM conference on Computer and communications security, New York, NY, pages. 42–51, 2003.
J. Dwoskin and R. Lee. Hardware-rooted trust for secure key management and transient trust. In: CCS’07: ACM conference on Computer and communications security, Alexandria, VA, pages 389–400, 2007.
J. Dwoskin, D. Xu, J. Huang, M. Chiang, and R. Lee. Secure key management architecture against sensor-node fabrication attacks. In: IEEE GlobeCom, Washington, D.C., pages 166–171, 2007.
L. Eschenauer and V. D. Gligor. A key-management scheme for distributed sensor networks. In: CCS’02: ACM conference on Computer and communications security, New York, NY, pages, 41–47, 2002.
P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In: IEEE Symposium on Foundations of Computer Science, Los Angeles, CA, Pages 427–438, 1987.
M. Fitzi, J. Garay, S. Gollakota, C. Rangan, and K. Srinathan. Round-optimal and efficient verifiable secret sharing. In: Third Theory of Cryptography Conference, Volume 3876 of Lecture Notes in Computer Science, pages 329–342, 2006.
Z. Haas and M. Pearlman. The performance of query control schemes for the zone routing protocol. In: IEEE/ACM Transactions on Networking, 9(4): 427–438, 2001.
A. Howard, M. J. Mataric, and G. S. Sukhatme. Mobile sensor network deployment using potential fields: A distributed, scalable solution to the area coverage problem. In: Distributed Autonomous Robotic Systems, Fukuoka, Japan, pages 299–308, 2002.
D. Huang and D. Medhi. A byzantine resilient multi-path key establishment scheme and its robustness analysis for sensor networks. In: 19th IEEE International Parallel and Distributed Processing Symposium, Washington, DC, pages, 4–8, 2005.
D. Huang and D. Medhi. Secure pairwise key establishment in large-scale sensor networks: An area partitioning and multigroup key predistribution approach. ACM Transactions on Sensor Networks 16:1–34, 2007.
D. Huang, M. Mehta, D. Medhi, and L. Harn. Location-aware key management scheme for wireless sensor networks. In: Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, ACM New York, NY, pp. 29–42, 2004.
J. Hwang and Y. Kim. Revisiting random key pre-distribution schemes for wireless sensor networks. In; ACM workshop on Security of ad hoc and sensor networks, Washington, DC, USA, pages, 43–52, 2004.
T. Lan, M. Chiang, and R. Lee. Multi-path key establishment against REM attacks in wireless ad hoc networks. In: IEEE Globecom, Honolulu, HI, 2009.
J. Lee and D. Stinson. Deterministic key predistribution schemes for distributed sensor networks. 11th Annual Workshop on Selected Areas in Cryptography, Waterloo, Ontario, Canada, 2004.
R. Lee et al. Architecture for protecting critical secrets in microprocessors. In: International Symposium on Computer Architecture (ISCA 2005), pages, 2–13, 2005.
S. Lin and D. Costello. Error Control Coding: Fundamentals and Applications. Prentice Hall, NJ, USA, 1983.
D. Liu and P. Ning. Establishing pairwise keys in distributed sensor networks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ’03), Washington, DC, pages, 52–61, 2003.
D. Liu and P. Ning. Location-based pairwise key establishments for static sensor networks. In: Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, ACM New York, NY, pages. 72–82, 2003.
T. Matsumoto and H. Imai. On the key predistribution systems: a practical solution to the key distribution problem. In: Advances in Sryptology–Crypto’87, Santa Barbara, CA, 1987.
C. S. R. Murthy and B. S. Manoj. Ad Hoc Wireless Networks: Architectures and Protocols. Prentice Hall Communications Engineering and Emerging Technologies Series, NJ, USA, 2004.
B. Parno, A. Perrig, and V. Gligor. Distributed detection of node replication attacks in sensor networks. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 49–63, California, USA, 2005.
R. D. Pietro, L. V. Mancini, and A. Mei. Random key-assignment for secure wireless sensor networks. In: SASN’03: ACM workshop on Security of ad hoc and sensor networks, New York, NY, pages. 62–71, 2003.
S. Seys and B. Preneel. The wandering nodes: Key management for lower-power mobile ad hoc netowrks. In: IEEE International Conference on Distributed Computing Systems Workshops, ICDCSW’05, 2005.
A. Shamir. How to share a secret. In: Communications of the ACM, 1979.
S. Zhu, S. Setia, and S. Jajodia. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In: CCS’03: ACM conference on Computer and communications security, New York, NY, pages. 62–72,, 2003.
S. Zhu, S. Setia, S. Jajodia, and P. Ning. An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks. Security and Privacy, 2004. In: Proceedings. IEEE Symposium, pages, 259–271, California, USA, 2004.
S. Zhu, S. Xu, S. Setia, and S. Jajodia. Establishing pairwise keys for secure communication in ad hoc networks: A probabilistic approach. In: Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP’03), pp. 326–335, 2003.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Xu, D., Dwoskin, J., Huang, J., Lan, T., Lee, R., Chiang, M. (2011). Key Management in Sensor Networks. In: Nikoletseas, S., Rolim, J. (eds) Theoretical Aspects of Distributed Computing in Sensor Networks. Monographs in Theoretical Computer Science. An EATCS Series. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14849-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-14849-1_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14848-4
Online ISBN: 978-3-642-14849-1
eBook Packages: Computer ScienceComputer Science (R0)