Key Pre-distribution Approach in Wireless Sensor Networks Using LU Matrix

Authors: Hangyang Dai and Hongbing Xu Source: IEEE Sensor Journal, vol.10, no.8, pp.1399-1409, 2010. Presenter: Yung-Chih Lu (呂勇志 )Date: 2010/11/05

1

OutlineIntroductionPolynomial-based schemeProposed SchemePerformance EvaluationConclusionComment

2

Introduction (1/3)

Goal◦Key agreement◦Against attack

node capture attack

◦Saving resource storage overhead

◦Extra service node to node authentication

3

Introduction (2/3)

Wireless Sensor Network

:Base station

:Low-end Sensor

:High-end Sensor

Introduction (3/3)

The Aspect of Key Predistribution◦Keys are distributed to all sensor

nodes prior to deployment.

◦Random key predistribution Polynomial-based scheme

◦Deterministic key predistribution Combinatorial design

5

Key pool={1,2,3,4}

Key pool={1,2,3,4}

SensorA

SensorB

drawing

Ex:

{2,4}

{1,4}

L. Eschenauer and V. Gligor. “A Key-Management Schemefor Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov. 2002.

Theorem ◦ Setup server randomly generates a

symmetric bivariate t-degree polynomial　　　　　　　　　　　　　

Ex: f(x,y) = 4x2y2 + x3y1 + x1y3 + 5

It’s a symmetric bivariate 3-degree polynomial

Polynomial-based scheme (1/2) C. Blundo, A.D. Santis, A. Herzberg, S. Kutten, U. Vaccaro, M. Yung.

"Perfectly-secure Key Distribution for DynamicConferences." Lecture Notes in Computer Science,471–486 , 1993.

[ ] 5　０　０　００　０　０　１０　０　４　００　１　０　０

6

Key Agreement

Polynomial-based scheme (2/2)

L-sensor: Low-end sensor s: Step

:Lv-sensor

5 1 4 1y0 y1 y2 y3 :Cluster head

step1: computes 1: Cluster Head ID 2: Lv-sensor ID f(1,y) = 4y2 + y1 + y3 + 5

f(2,y) = 16y2 + 8y1 + 2y3 + 5

step2: The Setup server loads the sensor node with coefficients

step3: Each sensor node broadcasts its own ID

step4: Receiver use ID to compute a shared secret keyKuv = f(u,v) = f(v,u) = Kvu

K12 = f(1,2) = 31 = f(2,1) = K21

5 8 16

2y0 y1 y2 y3

7

s3

s4

s4

LU Decomposition

　　　

K12=K21

Proposed Scheme (1/5)

8

L: Lower Triangular Matrix U: Upper Triangular MatrixK: Symmetric Matrix

LU Decomposition

　　　

9

Proposed Scheme (2/5)

9

Assuming that u11=1, u22=2, u33=3

K: Symmetric Matrix

Proposed Scheme (3/5)

Polynomial pre-distribution phase

10

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

drawing

1: A symmetric bivariate polynomialS: Sensor

Ex:

Sa Sb

Proposed Scheme (4/5)

Shared key establishment phase

11

1 3 0

1 0 0s1

s2

s22 0 01/2

2 0

Lr2

Lr1

Uc2

Uc1

step1: Each sensor node broadcasts its L array

step2: Sensors use L array to compute a shared secret Polynomial

K21 = Lr2×Uc1 = 1 = Lr1×Uc2 = K12

1: f(x,y) = 4x2y2 + x3y1 + x1y3 + 5

1: Shared secret polynomialS: Sensor

[ ] 5　０　０　００　０　０　１０　０　４　００　１　０　０

Proposed Scheme (5/5)

Shared key establishment phase

12

Sa SbLr

K21 = Lr2×Uc1

EK21[ Sb_ID ]

Lr1×Uc2 = K12

DK12 [EK12[ Sb_ID ]]

= Sb_ID

EK12[ CLR ]

MAC(K12, Sb_ID || CLR)

EK21[ Sb_ID ]

EK12[ CLR ]

MAC(K12,SB || CLR)

DK21 [EK21[ CLR ]]

= CLR

Verify

MAC(K12, Sb_ID || CLR) ?=

MAC(K21, Sb_ID || CLR)K: Shared secret polynomial CLR: Confirmation message S: Sensor

Performance EvaluationNetwork Connectivity

13

L. Eschenauer and V. Gligor. “A Key-Management Schemefor Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov. 2002.

S:The key pool size

S. A. Camtepe and B. Yener, “Combinatorial design of key Distribution mechanisms for wireless sensor network,” in Proc. Comput. Secur.-ESORICSpp. 293–308 , 2004.

Performance EvaluationResilience Against Node Capture

14

k: the storage per node τ:the number of polynomials in each nodet': the degree of the polynomial in the Blundo schemeN: the number of nodes in the networkt: the degree of a polynomial in our scheme ω :the polynomial pool size

K=400

Performance EvaluationResilience Against Node Capture

15

k: the storage per node τ:the number of polynomials in each nodeN: the number of nodes in the networkt: the degree of a polynomial in our scheme ω :the polynomial pool sizeS:the key pool size q:a prime power

K=400

Performance EvaluationMemory Overhead

16

N: the number of nodes in the networkt: the degree of a polynomial in our schemeh: nonzero-element parts2z: number of zeros

N t Our scheme memory(bit)

MemorySaving (bit)

Saving ratio

50 5 0.3×105 1.1×105 78.57%

50 10 0.6×105 1.9×105 76%

100 5 1.25×105

3.8×105 75.25%

100 10 2.25×105

7.2×105 76.19%

ConclusionHigh network connectivityStrong resilience against node

captureNode to node mutual

authenticationOptimize the memory overhead

17

Comment

1 2 9 5

2 7 4 6

9 4 2 3

5 6 3 1

18

LU=

1 2 9 5

2 7 5 6

9 5 2 3

5 6 3 1

=LU

K12=K21=

[ ]9　 55　 6

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

drawing

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

Polynomialpool =

{1,2,3,4,5,6,7,8,9,10}

drawing