Post on 19-Dec-2015
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K.
VarshneyDepartment of EECSSyracuse University
Overview Wireless Sensor Networks (WSN). Key management problem in WSN. Existing solutions. Our solution. Security and performance analysis. Conclusion and future work.
Wireless Sensor Networks
DeploySensors
Securing WSN
DeploySensors
Secure Channels
Problem Description How can each pair of neighboring
nodes find a secret key? Pairwise: secret keys are unique
for each pair. Can be used for authentication.
Approaches Trusted-Server Schemes
Finding trusted servers is difficult. Public-Key Schemes
Expensive and infeasible for sensors. Key Pre-distribution Schemes
Goal: Loading Keys into sensor nodes prior to deployment, s.t. any two nodes can find a secret key between them after deployment
Challenges Security: nodes can be compromised Scalability: new nodes might be added later Memory/Energy efficiency Authentication: pairwise keys
Key Pre-distribution
Naïve Solutions Master-Key Approach
Memory efficient, but low security. Needs Tamper-Resistant Hardware.
Pair-wise Key Approach N-1 keys for each node (e.g.
N=10,000). Security is perfect. Need a lot of memory and cannot add
new nodes.
Eschenauer-Gligor Scheme
m keys (random)
m
AB
E
D
CKey Pool S
m
mm
• E.g., when |S| = 10,000, m=75, the local connectivity p = 0.50
• This scheme is further improved by Chan, Perrig, and Song (IEEE S&P 2003).
Our Goal Pairwise key pre-distribution
scheme. Use Blom Scheme.
Further improvement on performance and resilience. Use random key pre-distribution
scheme.
Blom Scheme Public matrix G Private matrix D (symmetric).
D G
+1 N
+1
+1
A G = (D G)T G = GT DT G = GT D G = (A G)T
Let A = (D G)T
Blom Scheme
X=
A = (D G)T G (D G)T G
i
j
i j
Kji
Kij
N
+1 NN
Node i carries:
Node j carries:
G Matrix
To achieve -secure:Any +1 columns of G must be linearly independent.Vandermonde matrix has such a property.
1 1 1 1
s s2 s3 sN
s2 (s2)2 (s3)2 (sN)2
s (s2) (s3) (sN)
G =
Properties of Blom Scheme Blom’s Scheme
Network size is N Any pair of nodes can directly find a
secret key Tolerate compromise up to nodes Need to store +2 keys
Our next goal: increase without increasing the storage usage.
Multiple Space Scheme
(D2, G)
(D1, G)
(D, G)
Key-Space Pool
spaces
spaces
spaces
Two nodes can find a pairwiseKey if they carry a commonKey space!
How to select and ? If the memory usage is m, the
security threshold (probablistic) m is
To improve the security, we need to increase /2.
However, such an increase affects the connectivity.
2 mm
Measure Local Connectivity
plocal = the probability that two neighboring nodescan find a common key.
!)!2())!((
)(
))(( 2
21
localp
Plocal for different and
Security Analysis Network Resilience:
When x nodes are compromised, how many other secure links are affected?
jxjx
j
xj
xc
)1())((
d)compromise are nodes |broken is Pr(
1
Resilience (p = 0.33, m=200)
Blom
Resilience (p = 0.50, m =200)
Blom
Other Analysis Communication overhead Computation overhead
Improvement:Using Two-hop Neighbors
= 7 = 2
= 31 = 2
Conclusion We have proposed a pairwise key
pre-distribution scheme for WSN. We analyzed security,
computational overhead, communication overhead.
Our scheme substantially improves the network resilience.
Independent Discoveries The similar scheme is
independently discovered by two other groups: Liu and Ning from NC State (next
talk). Katz and his group from University of
Maryland.