Pinaki 158 is Pa 2012
-
Upload
aritra-dhar -
Category
Documents
-
view
221 -
download
0
Transcript of Pinaki 158 is Pa 2012
-
8/2/2019 Pinaki 158 is Pa 2012
1/8
Full Communication In Transversal Design Based
Key Predistribution Schemes Using Deterministic
Merging Block Strategy
Pinaki SarkarDepartment of Mathematics,
Jadavpur University, Kolkata, India.
Telephone: (+91) 9433531020
Email: [email protected]
AbstractConstraints in resources of the constituent sensors ofany Wireless Sensor Network (WSN) are most challenging aspectswhile designing security models for such networks. Naturallyone prefers less expensive symmetric key cryptography overpublic key techniques during communication among nodes. In
such cryptosystems, both the communicating parties must possessthe same cryptographic key prior to message exchange. Thisis normally achieved by key predistribution (KPD). One suchscheme based on Transversal Design was proposed by Lee andStinson in 2005. However the mentioned scheme is devoid offull communication among the nodes. The aforesaid weaknessgives rise to multi-hop communication involving other node(s)which reduces efficiency of such communication. Deterministi-cally merging nodes results in a smaller network having biggerblocks result in full communication between the blocks. The de-terministic merging block strategy can be thought as preassigningdeterministic paths for any pair of non communicating nodes ofthe original KPD which lags full communication.
Index TermsSecurity, Key predistribution, Transversal De-signs, Deterministic Merging Blocks, Communication Probability.
I. INTRODUCTION
Wireless sensor networks (WSN) are one of the most popu-
lar ad-hoc mobile networks in recent times. Such networks typ-
ically constitute of a Key Distribution Server (KDS) or Base
Station (BS) and identical ordinary sensors (or nodes or sensor
nodes or motes). As such there is no structure to networks
comprising only of these two types of nodes. Such networks
are known as Distributed Sensor Network (DWSN). However
sometimes provisions are made for some special nodes termed
as Cluster Heads (CHs) having certain extra capabilities which
are normally used to provide a sort ofhierarchy to a network
by subdividing it into (small) clusters. Naturally such networks
are called Hierarchical Wireless Sensor Networks (HWSN).Each entity constituting a WSN typically consists of a
(battery) power unit, a processing unit, a storage unit and
a wireless transceiver. Capacities of each such unit in any
ordinary node is quite limited for any WSN. For HWSN, the
capacities and power of the CHs may vary while the KDS of
any WSN is usually quite powerful. As the name suggests,
communication in wireless sensor networks is achieved using
radio frequencies. Resource constrained nodes can communi-
cate with each other only within a limited range having center
as the node and small radius termed as Radio Frequency range
or radius of communication or physical layer of [12]. This
range or radius is generally same for ordinary sensors and may
be varied for CHs. While the KDS has quite a large radius of
communication.In spite of all the weaknesses in the basic building blocks of
WSNs, these networks have several military applications like
monitoring enemy movements, etc. Besides they are utilized
for other scientific purposes like smoke detection, wild fire
detection, seismic activity monitoring etc.
A. Related Works
In all it applications, a WSN once deployed works unat-
tended for long duration of time while its constituent nodes
deals with lot of sensory information. So during exchange
of message among the nodes, though suitable cryptographic
techniques need to be used, one needs to avoid heavy or costly
computations due to constraints in resources in them. Thesefacts restricts the use of existing costly public key security
protocols like [5], [10], [15] for message exchange. Thus we
are forced to revert to symmetric key encryption where both
the communicating parties must possess the same key prior
to message exchange. Using standard online key exchange
technique involving public parameters has to be avoided as
heavy and costly computations are involved. Treating a node
as Trusted Authority (T.A) is highly risky as capture of that
node will make the entire system vulnerable. Hence schemes
like Kerberos [16] can not be implemented for security in
WSN. This leads one to adopt various Key Predistribution
(KPD) techniques.
Eschenauer & Gligor in their work [9] suggested the pio-neering idea ofpredistribution of keys into the sensors. Their
idea can broadly be divided into two steps:
Keys are (randomly) preloaded into the sensors prior to
deployment.
Key establishment: this phase consists of:
Shared key discovery: establishing shared common
key among the nodes and
Path key establishment: establishing path via other
node(s) between a given pair of nodes that do not
-
8/2/2019 Pinaki 158 is Pa 2012
2/8
share any common key.
Random preloading of keys meant that the key rings or key
chains were formed randomly. Key establishment was done
using challenge and response technique. Schemes that follow
similar random strategy are called random key predistribution
schemes. Some more examples of such schemes are [4], [6],
[14]. Camptepe & Yener presents an excellent survey of such
schemes in their technical report [2].On the other hand there exists KPD schemes based on
deterministic approach involving Mathematical tools. Most
of such schemes are mainly based on different types of
combinatorial designs like Transversal Designs (TD(k,n)). Any
standard book of Combinatorial Design Theory like [20], [19]
provides detailed study of all such combinatorial designs.
For a brief outline, one may refer to [12]. For the sake of
completeness, discussion on combinatorial designs will be
presented in section III.
Camptepe & Yener [1] were first to propose a deterministic
KPD scheme where keys are preloaded and later established
based on generalized quadrangles & symmetric BIBDs. Lee
& Stinson [11], [12], [13] demonstrated that deterministicdesigns have better shared key discovery and path key estab-
lishment than their random counterparts. Following the initial
work of Camptepe & Yener [1], numerous deterministic KPD
schemes based on combinatorial designs have been proposed.
Some such schemes can be found in [7], [11], [12], [13], [17],
[18].
Some existing deterministic KPDs should be viewed differ-
ently for better understanding like the scheme in [17] proposed
recently by Sarkar & Chowdhury . This scheme is designed on
the basis of unique factorization of polynomials over a Finite
Field. It also addresses the problem of selective node attack
(refer [12], [8]) by adapting a novel technique suggested first
by Sarkar et al. [18].
B. Contributions in this paper
Proposed KPD scheme by Lee & Stinson in [12] lacks full
communication among nodes. So when two nodes does not
share a common key wants to communicate, a path has to
be sought. This leads to increased cost of communication and
trusting other (intermediate) nodes, which affects networks
security. Thus one is prompted to think of remedial strategy
to this problem. In this direction, one of the pioneering
contribution is due to Chakrabarti et al. [3] who for the first
time proposed the idea of merging nodes. Their strategy was
to randomly merge z nodes of Lee & Stinsons design [12]
to end up with a network reduced z times with increased,though not full communication among the blocks.
Motivated by Chakrabarti et al.s idea, the current work
presents a deterministic merging technique where exactly two
(2) nodes of Lee & Stinsons KPD scheme in [12] are merged.Corollary 2 of theorem 1 in section V proves that merging two
nodes of Lee & Stinsons scheme [12] with certain property re-
sults in full communication among the newly formed (merged)
blocks. The deterministic merging concept can be thought of
as preassigning communication paths for nodes not sharing
any common key in the original scheme. Thus, though the
size of network is halved, efficiency is bound to improve.
II. TERMINOLOGIES NOTATIONS AN D PRELIMINARIES
Some standard notations, terminologies and preliminaries
that shall be followed throughout the paper are being briefed
here. Unless otherwise stated in a section, these notation and
symbols are reserved for the terms mentioned here.
A. Terminologies and Notations to be used in this paper
The term Uncompromised nodes means nodes that are
not compromised. The word communication is sometimes
abbreviated to com.. Communication model/scheme and
Key predistribution (KPD) model/scheme mean the same &
denoted by KPD. Some commonly used notations are:
N denotes total number of nodes.
q: a prime or prime power which is the index of the finite
field (Fq) over which the Transversal Design proposed by
Lee & Stinson [12] is defined.
k: number of keys in the key ring of each node. This is
inherited from the original KPD of [12].
Other than these, some notations related to combinatorial
designs and resiliency will be defined before their use in
sections II-B and VII respectively.
B. Basics of Combinatorial Design
This section briefly describes some basic notion ofcombina-
torial design necessary for understanding Lee & Stinson [12]
scheme. Elaborate discussions can be found in any standard
book on Combinatorics like Stinsons [19] or [20].
Consider a finite set X. Then a set system or design is a
pair (X, A) where A is a set of subsets of X called blocks.Elements of X are called varieties. A (v,b,r,k) 1 designbased on X satisfies the following conditions:
|X | = v, |A| = b. Each subset in A contains exactly k elements (rank). Each variety in X occurs in r many blocks (degree).
Further a (v,b,r,k) 1 design is called a configurations ifany two of its blocks intersect in at most one point.
Group-divisible design of type gu and block size k is a
triple (X, H,A), where
1) X is a finite set with |X | = gu.2) H is a partition of X into u parts, that is, H =
{H1, H2,H3, . . . , H u} with X = H1 H2 H3 . . . Hu, |Hi| = g 1 i u and Hi Hj = 1 i =j u.
3) A is the collection of blocks of X having the follow-ing properties: |H A| 1 H H, A A,given any pair of varieties x Hi, y Hj withi = j unique A A such that x, y A.
Transversal Designs TD(k,n) are special type of group-
divisible designs with g = n, u = k, and k = k as wellas (nk,n2,n ,k) configuration. Relation between BIBDs,group-divisible designs and transversal designs can be found
in books on Combinatorial Designs like [20], [19] while [12,
section III] briefs the topic nicely.
-
8/2/2019 Pinaki 158 is Pa 2012
3/8
Common Intersection Design (CID): maximal CID
Suppose that X, A is a v,b,r,kconfiguration. X, A is saidto be a common intersection design (CID) if:
|{A A : Ai A = and Aj A = }|
wheneverAiAj = . For the sake of consistency, one defines = whenever Ai Aj = , i, j.
For any given set of parametric values ofv,b,r,k
, suchthat a configuration can be obtained with them, one would
like to construct a configuration with maximum possible .
This maximal value of will be denoted . Theorem 14. of
[12, section IV] basically establishes such TD(k, n) designsare k(k 1) CID
III. KEY PRED ISTRIBUTION SCHEME BASED ON
TRANSVERSAL DESIGN OF [12]
Suppose that p is prime and 2 k p. Then one canconstruct a TD(k, p) in the following manner:
Define X = {0, 1, 2, . . . , k 1} Zp For 0 x k 1, define Hx = x Zp
Now define H = {H
x : 0 x k 1}. NodeNi,j are assigned with the key identifiers {(x, (ix+j)mod p) : 0 x k1} for every ordered pair (i, j) Zp Zp.
Finally let N = {Ni,j : (i, j) Zp Zp}. Then (X, H,N) forms a TD(k, p) as has been proved
in Theorem 6. of [12, section IIIA].
Without loss of generality, this KPD scheme can be
extended to q = pr, where pprime & rany positiveinteger by simply replacing p by q in the above steps.
The following Tables I and II have been constructed for
a sample network having q = 4 = 22 nodes by taking thevalues of k = q and k = q 1 respectively. The tables
gives alternative groupdivisible form of presentation of theirequivalent transversal forms for the same parametric values
based on Lee & Stinson [12] scheme. N0 to N15 denotes
the nodes with ids ranging from 0 to 15 whose polynomialsare represented in the column immediately below it. Key ids
contained in the nodes are presented in the columns below
each node. V C denoted the distinct Variety ClassesH1, H2, H3, where Hd = {(i, d) : 0 i 3} for d = 1, 2, 3.One notes that the scheme under consideration is a q(q 1)CID or (q 1)(q 2)CID according to k = q or k = q 1(see CID discussion in section II-B). Thus for nodes not
sharing any key, there are enough nodes which can play the
role of the intermediate node in multi-hop (2-hop) process.
This encourages one to search for a deterministic design with
exactly two merged nodes per big (new) block yielding full
communication among the blocks.
IV. WEAKNESS OF THE KPD IN [12]
Apart from other possible weaknesses, the Transversal De-
sign based KPD presented in [12] lacks full communication
among nodes as has been exhibited in section III. As for
example, Ni, Ni+1,Ni+2 and Ni+3,i = 0, 2, 3, . . . q 1can not communicate directly as they do not ever share any
common key in the original KPD of [12]. This results in
multi-hop communications among the nodes which increases
cost of communication and makes the system more prone to
adversarial attacks. Thus the efficiency and security of message
exchange of the network can be grossly affected.
V. DETERMINISTIC MERGING BLOCK STRATEGY
Lack of direct communication for any arbitrarily chosen
pair of nodes can be tackled by merging certain number of
nodes yielding a network with fewer blocks, each possessing
larger key rings. With this increased number of keys per block,
one may expect improved communication between any given
pair of blocks. Chakrabarti et al. [3] suggested the novel
idea of random merging z nodes of a TD(k,n) based KPD
proposed by Lee & Stinson [12] having similar weakness.
Though communication probability of the resultant model was
much improved, full communication was not assured. Other
than this, the authors of [3] have not thoroughly explained
many aspects of the design, like the heuristic in [3, section 4].
Moreover merging blocks concept is best thought as ensuring
some path between nodes which are not connected. This can
not ever be guaranteed by a random strategy.
These observations prompted the current author to think of
deterministic merging of nodes of the scheme in [12] for the
case k = q and k = q 1. Deterministic merging of nodesensures all the bigger blocks of merged design have full
communication amidst themselves. Thus a definite path can be
ensured between non communicating nodes of original KPD
in [12].
To explain the merging strategy, it is easier to understand
the exact key sharing picture for sample network of size
N = q2 for q = 4, 5 with k = q and q 1. Table I
and II corresponds to a network having q2 = 42 = 16nodes. From the tables, it is evident can be partitioned into
q = 4 classes each containing q = 4 nodes on the basisof their key sharing. The former Table I corresponds to the
case when k = q = 4 and the later Table IIis for thecase k = q 1 = 3. The separation of these classes areindicated by double column partitioning lines after each set of
4 nodes: N0, N1,N2, N3; N4, N5,N6, N7; N8, N9,N10, N11;& N12,N13, N14, N15. Every class has the property that the
coefficient ofy in their respective polynomials is same. Thus
they equate each others polynomials i+ ly with 0 i 3 forsome fixed l = 0, 1, 2 or 3 resulting in no common solution,hence no common key. This motivates one to visualize the key
sharing of the 16 nodes, N0 to N15, like a square-grid aspresented in Figure 1. Any pair of nodes, other than the ones
lying in the same row shares exactly 1 key for the case k = qas equating any 2 nodes polynomial in here implies solvingfor (j j)y = (i i) over F4 with 0 i = i, j = j 3which is feasible. As for the case k = q1, each nodes sharesa common key with all other expect for its own row and the
nodes its preceding column. For example, N0 does not share
common keys with N1, N2, N3 and N7,N11, N15 (N3 counted
once).
-
8/2/2019 Pinaki 158 is Pa 2012
4/8
-
8/2/2019 Pinaki 158 is Pa 2012
5/8
0 0
0 0
1 1
1 1
0 01 1 0 01 1 0 01 1
0 0
0 0
1 1
1 1
01
0
0
1
1
0 01 1
0 01 1
0 0
0 0
1 1
1 1
0 01 1
0 0
0 0
1 1
1 1
01
0 01 1
0 0
0 0
1 1
1 1
01
0
0
1
1
0 01 1
0 0
0 0
1 1
1 1
0 0
0 0
1 1
1 1
0 0
0 0
1 1
1 1
0 0
0 0
1 1
1 1
0 01 1
0 01 1 01 01 0 01 101
0
0
1
1
0
0
1
1
0 01 10101
0
0
1
1
0
0
1
1
0 0
0 0
1 1
1 1
0
0
1
1
0
0
1
1
0
0
1
1
0
0
1
1
0
0
1
1
0
0
1
1
0
0
1
1
01
0
0
1
1
0
0
1
1
01 0 01 1
0 0
0 0
1 1
1 1
0
0
1
1
01
01
0
0
1
1
0 0
0 0
1 1
1 1
01
0
0
1
1
0
0
1
1
01 01 0 01 1
0
0
1
1
0 0
0 0
1 1
1 1
0 0
0 0
1 1
1 1
0
0
1
1
0
0
1
1
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 01 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 01 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Fig. 4. Deterministic Merging strategy: general case with N = q = pr
nodes of scheme in [12].
is a direct generalization of the case q = 22 = as explainedabove through Figure 1 For qodd, taking combination of
two row would have left out one row, so top three row are
combined separately. As such Figure 4 explains the merging
for this case.
A. Assured full communication: theoretical results
Equating the polynomials of the 4 nodes constituting anytwo merged blocks, one readily sees that:
Theorem 1. The proposed deterministic Merging Block Strat-
egy where two nodes of the Transversal Design based KPD
scheme in [12] are clubbed to form the merged blocks results
in full communication among the merged blocks.
Proof: Consider any two arbitrary blocks A and B. It is
evident from the construction that at least node from blockA
will never lie in the horizontal line as well as the vertical line
of either of the two nodes the other blockB (refer figures 1,3 2 and 4 for q = 4, 2r, 5 and for general case respectively).This implies that these two nodes will have a common key and
hence the blocks A and B can communicate through this key.
As the two blocks were arbitrarily chosen, one is assured of
full communication in the new network consisting of blocks
constructed by merging two nodes in the manner explained
above (again refer figures 1, 3 2 and 4 for q = 4, 2r, 5 and forgeneral case respectively).
Theorem 2. The resulting Merged Block Design has a min-
imum of one (1) to a maximum of four (4) common keysbetween any two given pair of (merged) blocks.
Proof: Any two nodes can share at most one key in
original Transversal Design based KPD in [12]. So there are
at most 4 keys common between two blocks. This situationoccurs only if both nodes of the 1st block shares two (2)distinct keys with each node of the 2nd block.
Remark 1. Some of the important features of the merging
block design are as follows:
Thus the resultant merged block design (as suggested
here) has full communication among the blocks through
at least one common keys between any two given pair of
(merged) blocks.
Full communication can not be assured when nodes are
merged randomly to form larger blocks. Probably this
is the main reason why authors of [3] could not justify
several issues in their random merging model.
The current authors feel that it is mandatory to have
inter nodal communication otherwise the entire concept
to achieving full communication by this technique is
lost. The essence of the merging concept is that any
communication is always received by either of the two
constituent nodes of a block. Now if required it can pass
it down to the other node comprising that its block and
make it connected. As such while proposing the merged
block design, this idea was given importance.
It should be highlighted that merging does not mean that
the nodes physically combine to become one. Just that
they are to be treated as one unit.
Therefore the total number links in the merged scheme
is same as that of the original Transversal Design based
KPD of Lee & Stinson in [12]. This fact will be recalledlater while discussing E(S) and V(s) / resiliency.
VI. KEY ESTABLISHMENT PROTOCOL
Nodes are deployed with following preloaded data which
may be utilized for key establishment according to the protocol
that follows:
their key rings containing the cryptographic keys.
key ids corresponding to each key in their.
their respective node identifiers (i, j).
Establishing keys for nodes automatically establishes com-
mon keys between the merged blocks. The algorithm for key
establishment is presented in algorithm 1.
Each node send their node ids immediately after1
deployment.;
On receiving each others ids (i, j), the nodes form2the polynomial ix +j corresponding to the node ids. ;These polynomials are equated for common key ids3
in much the same way as was to be done by nodes in
Lee and Stinsons model [12].;
Since nodes are equipped with the knowledge of the4
merging technique, establishing shared keys between
nodes automatically establishes shared keys between
any pair of blocks.;
Theorem 1 and and its corollary 2 of section V-A5ensures all merged blocks have shared keys. ;
The shared keys thus established can be used for6
message exchange.;
Algorithm 1: Algorithm for Key Establishment.
VII. NETWORK PARAMETERS
Theoretical analysis of some important aspects of the merg-
ing scheme will be present here. Main topics of interests
-
8/2/2019 Pinaki 158 is Pa 2012
6/8
-
8/2/2019 Pinaki 158 is Pa 2012
7/8
-
8/2/2019 Pinaki 158 is Pa 2012
8/8
Amrita Saha of IIT, Bombay, Mr. Sumit Kumar Pandey of ISI,
Kolkata and Sabyasachi Datta of CU for their active support
in preparation of this paper.
REFERENCES
[1] S. A. Camtepe and B. Yener, Combinatorial design of key distributionmechanisms for wireless sensor networks, In: ESORICS 2004, Samarati,P., Ryan, P.Y.A., Gollmann, D., Molva, R.(eds.), LNCS, vol. 3193, pp.293308. Springer, Heidelberg, 2004.
[2] S. A. Camtepe and B. Yener, Key distribution mechanisms for wirelesssensor networks: A survey 2005. Technical Report, TR-05-07 RensselaerPolytechnic Institute, Computer Science Department, March 2005.
[3] D. Chakrabarti, S. Maitra, and B. Roy, A key pre-distribution schemefor wireless sensor networks: merging blocks in combinatorial design,
International Journal of Information Security, vol. 5, no. 2, pp.105114,2006.
[4] H. Chan, A. Perrig and D. X. Song. Random key predistribution schemes for sensor networks, IEEE Symposium on Security and Privacy, pp.197. IEEE Computer Society, Los Alamitos, 2003.
[5] W. Diffie and M. E. Hellman, New directions in cryptography, IEEETransactions on Information Theory, vol. IT-22, no. 6, pp. 644654, 1976.Available at http://citeseer.ist.psu.edu/diffie76new.html.
[6] W. Du, J., Deng, Y. S. Han and P. K. Varshney. A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks, ACM Trans. Inform.Syst. Secur., vol. 8, pp: 228258, 2005.
[7] W. Du, J., Deng, Y. S. Han and P. K. Varshney. A key predistributionscheme for sensor networks using deployment knowledge, IEEE Trans.
Dependable Sec. Comput., vol. 3, No. 1, pp. 6277, 2006.[8] R. Di Pietro, L. V. Mancini and A. Mei, Energy efficient node-to-
node authentication and communication confidentiality in wireless sensornetworks, Wireless Networks vol. 12, No. 6, pp. 709-721, 2006.
[9] L. Eschenauer and V. D. Gligor, A key-management scheme fordistributed sensor networks, ACM Conference on Computer and Com-munications Security, pp. 4147., 2002
[10] N. Gura., A. Patel, A. Wonder, H. Eberle, and S. C. Shantz, ComparingElliptic Curve Cryptography and RSA on 8-BIT CPUs. CHES 2004.
LNCS, vol 3156, pp. 119-132. Springer, Heidelberg, 2004.[11] J. Y. Lee and D. R. Stinson, Deterministic key predistribution schemes
for distributed sensor networks, Selected Areas in Cryptography, ser.Lecture Notes in Computer Science, pp. 294307, Springer, 2004.
[12] J. Y. Lee and D. R. Stinson, A combinatorial approach to key predistri-bution for distributed sensor networks. IEEE Wireless Communicationsand Networking Conference, WCNC 2005, New Orleans, LA, USA, 2005.
[13] J. Y. Lee and D. R. Stinson. On the construction of practical key pre-distribution schemes for distributed sensor networks using combinatorialdesigns. ACM Trans. Inf. Syst. Secur., vol. 11 No. 2, pp. 5:15:35, 2008.
[14] D. Liu and P. Ning, Establishing pairwise keys in distributed sensornetworks. ACM Conference on Computer and Communications Security,pp. 5261. ACM, New York, 2003.
[15] R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtainingdigital signatures and public-key cryptosystems, Commun. ACM, vol. 21,no. 2, pp. 120126, 1978.
[16] J. G. Steiner, B. C. Neuman, and J. I. Schiller, Kerberos: An authenti-cation service for open network systems, USENIX Winter, pp.0 191202.1988.
[17] P. Sarkar, M. U. Chowdhury. Key Predistribution Scheme Using FiniteFields And Reed Muller Codes. SNPD 2011, Studies in Computational
Intelligence, vol. 368, pp: 6779, Springer, 2011.[18] P. Sarkar, A. Saha, M. U. Chowdhury, Secure Connectivity Model in
Wireless Sensor Networks Using First Order Reed-Muller Codes. MASS
2010. pp. 507512, 2010.[19] D. R. Stinson, Combinatorial Designs: Construction and Analysis,
Springer, New York, 2004.[20] Street, Anne Penfold and Street, Deborah J. Combinatorics of Ex-
perimental Design Clarendon Press (Oxford and New York) ISBN0198532555
[21] D. Xu, J. Huang, J. Dwoskin, M. Chiang, and R. Lee, Re-examiningprobabilistic versus deterministic key management, Proceedings of the2007 IEEE International Symposium on Information Theory(ISIT), pp.25862590, 2007.