WSN - Copy

8/10/2019 WSN - Copy

1/109

Security in Wireless Sensor

Networks:Key Management Approaches

Vasyl A. Radzevych and Sunu Mathew

8/10/2019 WSN - Copy

2/109

Overview

Wireless Sensor Networks (WSN)

Security issues in WSN

Key management approaches in WSN: Overview

Pre-Deployed Keying

Key pre-deployment Key derivation information pre-deployment

Location aware pre-deployed keying Random Key Pre-deployment (P-RKP)

Key derivation information pre-deployment

Autonomous protocols Pairwise asymmetric (public key)

Arbitrated protocols Identity based group keying

Conclusions

8/10/2019 WSN - Copy

3/109

Sensor Networks

Sensor network is composed of a

large number of sensor nodes

Sensor nodes are small, low-cost,

low-power devices that have following

functionality:

communicate on short distances

sense environmental data

perform limited data processing

Network usually also contains sinknode which connects it to the outside

world

8/10/2019 WSN - Copy

4/109

Applications WSN can be used to monitor the conditions of various

objects / processes. Some examples:

Military: friendly forces monitoring, battlefield surveillance,biological attack detection, targeting, battle damageassessment

Ecological: fire detection, flood detection, agricultural uses Health related: human physiological data monitoring

Miscellaneous: car theft detection, inventory control,habitat monitoring, home applications

Sensors are densely deployed either inside or very close

to the monitored object / process

8/10/2019 WSN - Copy

5/109

8/10/2019 WSN - Copy

6/109

Attacks on WSN

Main types of attacks on WSN are:

spoofed, altered, or replayed routing information

selective forwarding

sinkhole attack

sybil attack

wormholes

HELLO flood attacks

acknowledgment spoofing

8/10/2019 WSN - Copy

7/109

False routing information

Injecting fake routing

control packets into the

network, examples:

attract / repeal traffic,

generate false errormessages

Consequences: routing

loops, increased latency,

decreased lifetime of thenetwork, low reliability

BA1

A3

A2

A4

Example: captured node attracts

traffic by advertising shortest path

to sink, high battery power, etc

8/10/2019 WSN - Copy

8/109

Selective forwarding

Multi hop paradigm is prevalent in WSN

It is assumed that nodes faithfully forward received

messages

Compromised node might refuse to forward packets,however neighbors might start using another route

More dangerous: compromised node forwards selected

packets

8/10/2019 WSN - Copy

9/109

Sinkhole and Sybil attacks Sinkhole attack:

Idea: attacker creates metaphorical sinkhole by advertising for

example high quality route to a base station

Laptop class attacker can actually provide this kind of route

connecting all nodes to real sink and then selectively drop

packets Almost all traffic is directed to the fake sinkhole

WSN are highly susceptible to this kind of attack because of

the communication pattern: most of the traffic is directed

towards sinksingle point of failure

Sybil attack:

Idea: a single node pretends to be present in different parts of

the network.

Mostly affects geographical routing protocols

8/10/2019 WSN - Copy

10/109

Wormholes

Idea: tunnel packetsreceived on one part ofthe network to another

Well placed wormhole can

completely disorderrouting

Wormholes may convincedistant nodes that theyare close to sink. This

may lead to sinkhole ifnode on the other endadvertises high-qualityroute to sink

8/10/2019 WSN - Copy

11/109

Wormholes (cont.)

Wormholes can exploit routing race conditions which happenswhen node takes routing decisions based on the first routeadvertisement

Attacker may influence network topology by delivering routing

information to the nodes before it would really reach them bymulti hop routing

Even encryption can not prevent this attack

Wormholes may convince two nodes that they are neighborswhen on fact they are far away from each other

Wormholes may be used in conjunction with sybil attack

8/10/2019 WSN - Copy

12/109

8/10/2019 WSN - Copy

13/109

8/10/2019 WSN - Copy

14/109

Overview of Countermeasures

Link layer encryption prevents majority of attacks: bogus routing

information, Sybil attacks, acknowledgment spoofing, etc.

This makes the development of an appropriate key management

architecture a task of a great importance

Wormhole attack, HELLO flood attacks and some others are still

possible: attacker can tunnel legitimate packets to the other part

of the network or broadcast large number of HELLO packets

Multi path routing, bidirectional link verification can also be used

to prevent particular types of attacks like selective forwarding,

HELLO flood

8/10/2019 WSN - Copy

15/109

Key management: goals

The protocol must establish a key between all sensor nodes

that must exchange data securely

Node addition / deletion should be supported

It should work in undefined deployment environment

Unauthorized nodes should not be allowed to establish

communication with network nodes

8/10/2019 WSN - Copy

16/109

Key management: constraints

Sensor node constraints:

Battery power

Computational energy consumption

Communication energy consumption

Transmission range

Memory

Temper protection

Sleep pattern

Network constraints: Ad-hoc network nature

Packet size

8/10/2019 WSN - Copy

17/109

Key management:

evaluation/comparison metrics

Resilience against node capture: how many node are to becompromised in order to affect traffic of not compromisednodes?

Addition: how complicated is dynamic node addition?

Revocation: how complicated is dynamically node revocation?

Supported network size: what is the maximum possible size ofthe network?

Note: since WSN can be used in a lot of different ways it isnot reasonable to look for one key management approach tosuite all needs: 20 000 node network deployed from the

airplane over a battle field has quite different requirementsfrom 10 node network installed to guard the perimeter of thehouse

8/10/2019 WSN - Copy

18/109

Key management approaches

classification

8/10/2019 WSN - Copy

19/109

Approaches to be discussed Pre-deployed keying:

Key pre-deployment

Straightforward approaches

Eschenauer / Gligor random key pre-deployment

Chan / Perrig q-composite approach

Zhu / Xu approach DiPietro smart attacker model and PRK protocol

Key derivation information pre-deployment

Liu / Ning polynomial pre-deployment

Self-enforcing autonomous approaches

Pairwise asymmetric (public key) Arbitrated protocols

Identity based hierarchical keying

8/10/2019 WSN - Copy

20/109

Straight forward approaches

Single mission key is obviously unacceptable

Pairwise private key sharing between every two nodes is

impractical because of the following reasons:

it requires pre-distribution and storage of n-1 keys in each node

which is n(n-1)/2 per WSN. most of the keys would be unusable since direct communication

is possible only in the nodes neighborhood

addition / deletion of the node and re-keying are complex

8/10/2019 WSN - Copy

21/109

Basic probabilistic approach

Due to Eschenauer and Gligor

Relies on probabilistic key sharing among nodes of WSN

Uses simple shared-key discovery protocol for key

distribution, revocation and node re-keying

Three phases are involved: key pre-distribution, shared-key

discovery, path-key establishment

8/10/2019 WSN - Copy

22/109

Key pre-distribution

Generate a large key pool P (217-220keys) and corresponding

key identifiers

Create n key rings by randomly selecting k keys from P

Load key rings into nodes memory

Save key identifiers of a key ring and associated node

identifier on a controller

For each node load a key which it shares with a base station

8/10/2019 WSN - Copy

23/109

Shared-key discovery

Takes place during initialization phase after WSN deployment.Each node discovers its neighbor in communication rangewith which it shares at least one key

Nodes can exchange ids of keys that they poses and in this

way discover a common key A more secure approach would involve broadcasting a

challenge for each key in the key ring such that eachchallenge is encrypted with some particular key. Thedecryption of a challenge is possible only if a shared key

exists

8/10/2019 WSN - Copy

24/109

Path-key establishment

During the path-key establishment phase path-keys areassigned to selected pairs of sensor nodes that are withincommunication range of each other, but do not share a key

Node may broadcast the message with its id, id of intended

node and some key that it posses but not currently uses, to allnodes with which it currently has an established link. Thosenodes rebroadcast the message to their neighbors

Once this message reaches the intended node (possiblethrough a long path) this node contacts the initiator of path

key establishment Analysis shows that after the shared-key discovery phase a

number of keys on a key ring are left unused

8/10/2019 WSN - Copy

25/109

Simulation results

Path length to neighbors

1000 nodes, 40 nodes neighborhood, P=10000

number of hops

8/10/2019 WSN - Copy

26/109

8/10/2019 WSN - Copy

27/109

Resiliency to node capture

More robust then approaches that use single mission key

In case node is captured k

8/10/2019 WSN - Copy

28/109

WSN connectivity

Two nodes are connected if they share a key

Full connectivity of WSN is not required because of the limited

communication capabilities of the sensor nodes

Two important questions:

What should be the expected degree of a node so that WSN is

connected?

Given expected degree of a node what values should the key

ring size, k, and pool, P, have for a network of size n so that

WSN is connected? Random-graph theory helps in answering the first question

8/10/2019 WSN - Copy

29/109

Random graphs A random graph G(n,p) is a graph of n nodes for which the

probability that a link between any two nodes exists is p

Question: what value should p have so that it is almost

certainly true that graph G(p,n) is connected?

Pcis a desired probability for the graph connectivity

Based on the formulas above p and d=p(n-1) can be found

(d-expected degree of a node)

n

c

n

np

where

econnectedispnGPce

nc

)ln(

]_),(Pr[liminf

(1)

(2)

Erdos-Renyi formula:

8/10/2019 WSN - Copy

30/109

Random-graphs (cont.)

Expected degree of node vs. number of nodes, where

Pc=Pr[G(n,p) is connected]

8/10/2019 WSN - Copy

31/109

8/10/2019 WSN - Copy

32/109

Key ring and key pool size (cont.)

Probability of sharing at least one key when two nodes

choose k keys from a pool of size P

8/10/2019 WSN - Copy

33/109

Key ring and key pool size: example

WSN contains n=10000 nodes, desired probability of networkconnectivity is Pc=0.99999, communication range supports 40nodes neighborhoods

According to the formula (1) c=11.5, therefore p=2*10-3

d=2*10-3*9999=20 This means that if each node can communicate with on

average 20 other nodes the network will be connected

p=20/(40-1)=0.5

According to formula (3) k can be set to 250 and P can be setto 100000

8/10/2019 WSN - Copy

34/109

q-composite approach

Enhancement of the basic probabilistic approach

Idea: nodes should share q keys instead of only one

Approach:

Key pool P is an ordered set

During initialization phase nodes broadcast ids of keys that

they have

After discovery each nodes identifies the neighbor with which it

share at least q keys

Communication key is computed as a hash of all shared keys Keys appear in hash in the same order as in key pool

8/10/2019 WSN - Copy

35/109

Benefits of q-composite approach

q-composite approach has greater resiliency to node capturethan the basic approach if small number of nodes werecaptured

Simulations show that for q=2, the amount of additionalcommunications compromised when 50 nodes (out of 10000)

have been compromised is 4.74%, as opposed to 9.52% inthe basic scheme

However if large number of nodes have been compromised q-composite scheme exposes larger portion of network than thebasic approach

The larger q is the harder it is to obtain initial information Parameter q can be customized to achieve required balance

for a particular network

8/10/2019 WSN - Copy

36/109

Zhu / Xu approach

Another modification of the basic probabilistic approach

Major enhancement:

Pseudorandom number generator is used to improve security of

key discovery algorithm

Also uses secret sharing which jointly with logical paths allows

nodes toestablish a pairwise key that is exclusively known to thetwo nodes (in contrast to basic probabilistic approach, where

other nodes might also know some particular key)

8/10/2019 WSN - Copy

37/109

Zhu / Xu approach: key pre-

distribution

Background: a pseudo-random number generator, orPRNG, is a random number generator that produces asequence of values based on a seed and a current state.Given the same seed, a PRNGwill always output the samesequence of values.

Key pool P of size l is generated For each node u, pseudorandom number generator is used to

generate the set of m distinct integers between 1 and l (keyids). Nodes unique id u is used as a seed for the generator

Each node is loaded with key ring of size m

Keys for the key rings are selected from key pool P incorrespondence with integers (key ids) generated for aparticular node by pseudorandom number generator

This allows any node u that knows another nodes v id todetermine the set of ids of keys that v poses

/

8/10/2019 WSN - Copy

38/109

Zhu / Xu approach: Logical

path establishment

The established on previous step keys are not exclusive andconsequently not secure enough, however they can be usedto establish exclusive key

During the network initialization phase, nodes discover socalled logical paths

Nodes can establish a direct path in case they share acommon key on their key rings

This can easily be accomplished as was described in theprevious slide by discovering common key id

In case nodes do not share a key authors propose a path-key

establishment algorithm similar to one in basic probabilisticapproach, the difference is that nodes try to establish severallogical paths, which later should help in establishing apairwise key

Zh / X i i k

8/10/2019 WSN - Copy

39/109

Zhu / Xu: pairwise key

establishment

The next step of network initialization is pairwise keyestablishment

A sender node randomly generates a secret key ks

Then derives n-1 random strings sk1, sk2,, skn-1

sknis computed as follows: skn= ks XOR sk1XOR sk2 XOR,,XOR skn-1 This way a recipient has to receive all n shares in order to

derive a secret key ks

After secret shares are computed, each of them is send to therecipient using different logical path

Once all shares are received the recipient can confirm theestablishment of pairwise key by sending a HELLO messageencoded with a new key

Authors provide a framework according to which number ofshares and the way they are send is decided

8/10/2019 WSN - Copy

40/109

Further enhancements

So far all the discussed approaches have used one of the

following algorithms for shared-key discovery:

Key id notification

Challenge response

Pseudorandom key id generation

Those algorithms work well against so called oblivious

attacker, the one that randomly selects next sensor to

compromise

What if attacker selects nodes that will allow him tocompromise the network faster, based on already obtained

information (key ids)?

This is the case of so called smart attacker

8/10/2019 WSN - Copy

41/109

Smart attacker

More precisely smart attacker can be defined as follows:

at each step of the attack sequence, the next sensor to tamper is

sensor s, where s maximizes E[G(s)| I(s)], the expectation of the

key information gain G(s) given the information I(s) the attacker

knows on sensor s key-ring

Simulations show that Key id notification and pseudorandom

key id generationcan be easily beaten by the smart attacker

Challenge response performs better

8/10/2019 WSN - Copy

42/109

Simulation results

Experimental results on id notification and pseudorandom key id generation:

Number of sensors to corrupt in order to compromise an arbitrary channel.

8/10/2019 WSN - Copy

43/109

Simulation results

Experimental results on challenge response:

Number of sensors to corrupt in order to compromise an arbitrary channel.

8/10/2019 WSN - Copy

44/109

PRK algorithm

Why not using challenge response? Inefficient

The goal is to define a key pre-deployment scheme thatsupports an efficient and secure key discovery phase, asefficient as pseudorandom key id generation (no messageexchange) and as secure as challenge response

DiPietro et al. suggested a new algorithm that achieves theabove described requirements

8/10/2019 WSN - Copy

45/109

8/10/2019 WSN - Copy

46/109

8/10/2019 WSN - Copy

47/109

PRK algorithm: simulations

Experimental results on PRK algorithm: number of sensors to corrupt in order

to compromise an arbitrary channel. The PRK algorithm is as secure as

challenge response and in the same time as efficient as pseudorandom key id

generation

8/10/2019 WSN - Copy

48/109

Background: polynomial based

key pre-distribution

Polynomial based key pre-distribution scheme reduces the

amount of pre-distributed information still allowing each pair of

nodes to compute a shared key

Polynomial based key pre-distribution is -collusion resistant,

meaning that as long as or less nodes are compromised therest of the network is secure

Utilizes polynomial shares

8/10/2019 WSN - Copy

49/109

Polynomial based key pre-

distribution : initialization

Special case: =1

Each node has an id rUwhich is unique and is a member of

finite field Zp

Three elements a, b, c are chosen from Zp

Polynomial f(x,y) = (a + b(x + y) + cxy) mod p is generated

For each node polynomial share gu(x) = (an+ bnx) mod p

where an= (a + brU) mod p and bn= (b + crU) mod p is formed

and pre-distributed

8/10/2019 WSN - Copy

50/109


distribution : key discovery

In order for node U to be able to communicate with node V

the following computations have to be performed:

Ku,v= Kv,u= f(ru,rv) = (a + b(ru+rv) + crurv)mod p

U computes Ku,v= gu(rv)

V computes Kv,u= gv(ru)

8/10/2019 WSN - Copy

51/109


distribution : example

Example:

3 nodes: U, V, W, with the following ids 12, 7, 1respectively

p=17 (chosen parameter)

a=8, b=7, c=2 (chosen parameters) Polynomial f(x,y) = 8+7(x+y)+2xy

g polynomials are gu(x) = 7 + 14x, gv(x) = 6 + 4x,

gw(x) = 15+9x

Keys are Ku,v=3, Ku,v=4, Ku,v=10 U computes Ku,v= gu(rv) = 7+14*7mod17 = 3

V computes Kv,u= gv(ru) = 6+4*12mod17 = 3

P l i l b d k

8/10/2019 WSN - Copy

52/109


distribution : generalization

Polynomial based key pre-distribution scheme can begeneralized to any by changing polynomials in the followingway:

is a randomly generated, bivariate -degree, symmetricpolynomial over finite field Zp, pn is prime

0

,

0 0,

mod),()(

),(),(;mod),(

i

i

iuuu

i

i

j

j

ji

ji

xaprxfxg

xyfyxfpyxayxf

),( yxf

8/10/2019 WSN - Copy

53/109

Liu-Ning approach

Combination of polynomial-based key pre-distribution and thekey pool idea discussed above

Increases network resilience to node capture

Can tolerate no more than compromised nodes, where isconstrained by the size of memory of a node

Idea: use a pool of randomly generated polynomials

When pool contains only one polynomial the approachdegenerates to basic polynomial based key pre-distributionscheme

When all polynomials are of degree 0 the approach

degenerates to key pool approach Three phases are involved: setup, direct key establishment,

path key establishment

8/10/2019 WSN - Copy

54/109

Setup phase

Set F of bivariate -degree polynomials over finite field Fq is

generated

Each polynomial is assigned a unique id

For each sensor node a subset of s polynomial is randomly

chosen from F

For each polynomial in the chosen subset a polynomial share

is loaded into nodes memory

Direct key establishment

8/10/2019 WSN - Copy

55/109

Direct key establishment

phase

During this phase all possible direct links are established

A node can establish a direct link with another node if theyboth share a polynomial share of a particular polynomial

How to find common polynomial? Use above discussedapproaches

8/10/2019 WSN - Copy

56/109

Path key establishment phase

If direct connection establishment fails nodes have to startpath key establishment phase

Nodes need to find a path such that each intermediate nodesshare a common key

Node may broadcast the message with polynomials ids that itposses to all nodes with which it currently has an establishedlink

Once this message reaches the intended node (possiblethrough a long path) this node computes a key and contacts

the initiator of path key establishment Drawback: may introduce considerable communication

overhead

8/10/2019 WSN - Copy

57/109

Simulation results

The probability p that 2 sensors share a polynomial vs

size s of the polynomial pool (s number of polynomial

shares in each sensor)

Simulation results: comparison

8/10/2019 WSN - Copy

58/109

Simulation results: comparison

with already discussed

approaches

Fraction of compromised links between non compromised nodes

vs number of compromised nodes

(20000 nodes, nodes can store equivalent of 200 keys)

Grid based key pre

8/10/2019 WSN - Copy

59/109

Grid-based key pre-

distribution

Instance of general framework discussed above

Benefits:

Guarantees that any two nodes can establish a pairwise

key, if no nodes were compromised

Allows sensors to directly determine whether it can

establish a pairwise key with another node and which

polynomial to use in case of positive answer

8/10/2019 WSN - Copy

60/109

Subset assignment

2m -degree polynomials are generated

, where

and N is the size of the network

Each row of the grid is associated with polynomial

and each column is associated with polynomial

For each sensor an unoccupied intersection (i, j) of the grid

is selected and assigned to the node

Nm 1,..,0)},(),,({ mir

i

c

i yxfyxfF

),( yxf r

i

),( yxf ci

8/10/2019 WSN - Copy

61/109

Subset assignment (cont.)

The id of the node is created by concatenation of binary

representations of i and j. ID=< ib:: jb >

Intersections should be densely selected within a rectangle

area of the grid

Polynomial shares of corresponding (row / column)polynomials together with id are pre-distributed to each node

8/10/2019 WSN - Copy

62/109

Node assignment in the grid

Node assignment in the grid

8/10/2019 WSN - Copy

63/109

Polynomial share discovery

To establish a pairwise key with node j, node i checks

whether ci=cjor ri=rj

If either of conditions hold, nodes have a polynomial share of

the same polynomial, consequently they can compute a

common key directly Otherwise nodes have to go through path discovery

8/10/2019 WSN - Copy

64/109

Path discovery

Idea: nodes can use intermediate nodes to help inestablishing a common key

The intermediate node should be located in either the samerow / column as first node or same column / row as a secondnode

This way intermediate node definitely share a polynomial withboth nodes

Note: there are only two of such intermediate nodes for eachpair of nodes

What if both if them are compromised / unreachable?

The path through the grid should be established Authors developed an efficient protocol to accomplish this

The main idea of the protocol is that intermediate nodes try toforward the request to the node that is located in the samerow / column as a destination

8/10/2019 WSN - Copy

65/109

Path discovery: example

Establishing a path through the grid

8/10/2019 WSN - Copy

66/109

Public key infrastructure

The limited computation and power resources of sensor

nodes often makes it undesirable to use existing public-

key algorithms, such as Diffie-Hellman key agreement or

RSA signatures

8/10/2019 WSN - Copy

67/109

P bli k h f WSN

8/10/2019 WSN - Copy

68/109

Public key scheme for WSN

Is it possible to develop a public key infrastructure suitable forwireless sensor networks?

Recent studies show that it is still possible to utilize public keyideas for the purposes of securing WSN

Gaubatz et al. developed an ultra low power implementationof Rabin's Scheme and NtruEncrypt Algorithm

Authors have demonstrated that it is possible to design publickey encryption architectures with power consumption of lessthan 20 mW using the right selection of algorithms andassociated parameters, optimization and low power

techniques The details of solutions will not be discussed, since it mainly

involves VLSI / circuit design

Arbitrated keying protocols:

8/10/2019 WSN - Copy

69/109


system model

According to the model, network consists of three types of

nodes: command node, gateways and regular sensor nodes

Gateways partition the network into distinct clusters as follows


8/10/2019 WSN - Copy

70/109


node requirements

Sensor nodes

Are equipped with GPS modules and can determine its location

during bootstrapping

Remain stationary

Gateways Can unicast / broadcast information to other gateways on the

network

Can establish the group key using a group key agreement

protocols

Command node

is assumed to be secure and is trusted by all of the nodes in the

sensor network

Identity based hierarchical keying:

8/10/2019 WSN - Copy

71/109


initialization phase (description)

Description of the initialization phase:

Prior deployment each gateway is assigned |S|/|G| keys, where

|S| is the number of sensors on the network and |G| is the

number of gateways

Each sensor is preloaded with id if the gateway with which itshare a key

After deployment each gateway forms a cluster using cluster

formation algorithm and acquires the keys of the sensors in its

cluster from the other gateways

After key exchange is performed gateways erases key of sensorsthat do not belong to its cluster


8/10/2019 WSN - Copy

72/109


initialization phase (protocol)

Each sensor Sibroadcasts its id (idSi) and id (idGj) of thegateway with which it shares a key

After clustering gateways identify set of sensors thatbelong to its cluster {id}i andbroadcasts it to other gateways

Clustering process is performed

Each gateway Gj replies to Gi with the set of keys and

corresponding sensor ids {(KSk,G

j

, idSk

)}i

On the last step, each sensor receives a message that assigns

it to the gateway

Identity based hierarchical

8/10/2019 WSN - Copy

73/109


keying: node addition

Each new sensor is preloaded with two keys as other sensors

Command node transmits the list of (identifier, key) pairs to a

randomly selected gateway Gh, which becomes the gateway that

shares the keys of the new sensors:

Each added node broadcasts a hello message (same as on

initialization phase)

Clustering mechanisms adjusts itself

Each gateway broadcasts the sensors in its range to the

gateways in G, requesting the keys for those sensors


8/10/2019 WSN - Copy

74/109


keying: node addition (cont.)

Gh responds to those requests

Each new sensor Siis assigned to the gateway Gi


8/10/2019 WSN - Copy

75/109


keying: node revocation

If a group of sensors are compromised, they can be triviallyevicted from the command nodes sensor list by the commandnode, as well as from their cluster by the gateway.

Gateway revocation is slightly more complicated

Command node evicts gateway G from the list of gateways

and chooses a head gateway Ghrandomly Command node sends the identifiers of each sensor and their

new gateway Gito Gh

Also the new keys that sensors share with Gi are sent

8/10/2019 WSN - Copy

76/109


8/10/2019 WSN - Copy

77/109


keying: simulations

Distribution of sensor energy consumption with our

approach.

8/10/2019 WSN - Copy

78/109

Location Aware Key

8/10/2019 WSN - Copy

79/109

Location Aware Key

Management for WSN

Problem:

How to pick a large key pool while still maintaining high

connectivity? (i.e maintain resilience while ensuring connectivity)

(e.g. 100,000 vs 200) Solution:

Exploit Location information (Deployment Knowledge)

Du et. al. Infocom 2004. Exploit Location Knowledge for P-RKP

Huang et. Al. SASN 2004. Exploit Location Knowledge for SK-RKP

Location Aware Purely Random

8/10/2019 WSN - Copy

80/109


Key Predistribution (P-RKP)

Du et. al (IEEE Infocom 2004)

Improves Random Key Predistribution (Eschenauer and Gligor)

by exploiting Location Information.

Studies a Gaussian distribution for deployment of Sensor nodes

to improve security and memory usage.


8/10/2019 WSN - Copy

81/109



Rectangular Deployment area (X x Y)

General Deployment Model (Individual)

Current predeployment schemes assume pdf for location f(x,y) as

1/XY.

Group based Deployment Model.

Group based Deployment Model:

N sensor nodes divided into t x n equal size groups. Group G(i,j)

has deployment point x(i,j).

Deployment points arranged in a grid Resident points of node k follow pdf


8/10/2019 WSN - Copy

82/109



Groups select from key group S (i,j)

Probability node is in a certain group is (1 / tn).

njtiSS ji ..1,,...1,,


8/10/2019 WSN - Copy

83/109



Key sharing graphs used to enable connectivity

Use flooding to find secure path (Limit to 3 hops)

Setting up the key pools

Two horizontally or vertically neighboring pools share a|Sc| keys

where 0

8/10/2019 WSN - Copy

84/109




8/10/2019 WSN - Copy

85/109



Key Assignment for Key Pools

For group , select keys from the global key pool S,

then remove these keys from S.

For group , select a. keys from pool ,

then select keys from global pool S

For group select a. from each of the key

pools , and if they exist; select b. Keys from

each of the key pools and if they exist; then

selectwkeys from the global key pool S, and remove these wkeys

from S.

1,1S || cS

njS j ,...,2,,1

|| cS

|| cS 1,1 jS

||).1( cSaw

njtiS ji ,....1,,....2,, || cS

jiS ,1 1, jiS || cS

1,1 jiS 1,1 jiS


8/10/2019 WSN - Copy

86/109



Detemining |Sc|

When |S| = 100,000, t = n = 10, a = 0.167, b = 0.083

|Sc| = 1770


8/10/2019 WSN - Copy

87/109



Performance Evaluation

Evaluation Metrics

Connectivity (Local and Global)

Communication overhead

Resilience against node capture

System configuration

|S| = 100,000. N = 10,000.

Deployment area = 1000m x 1000m

T =n =10m. Each grid is 100m x 100m. Center of grid is deployment point. Wireless communication

range is 40m.


8/10/2019 WSN - Copy

88/109




8/10/2019 WSN - Copy

89/109

y


Local Connectivity

Plocal= Pr((B(n1,n2)|A(n1,n2))

Probability node is in a certain group is (1 / tn) Probability that nodes i and j have local connectivity) is

1)Probability that and share a key (p-lambda) *

2)Probability that resides around the point Z(x,y) *

3)Probability that is a neighbor ofPlocalis the average of this value across the whole region

in jn

jn

jnin


8/10/2019 WSN - Copy

90/109

y


PerformanceLocal connectivity

With 100 keys, location management improves local connectivity

from 0.095 to 0.687


8/10/2019 WSN - Copy

91/109

y


Global connectivity

Only simulation results are available

8/10/2019 WSN - Copy

92/109


8/10/2019 WSN - Copy

93/109

y


Communication overhead

Path needed when two neighbours cannot find a common key.

ph(i) is the probability that the smallest number of hops needed to

connect two neighbouring nodes is i. i is at most 3.


8/10/2019 WSN - Copy

94/109

y


Resilience against node capture

Fraction of additional communication (among uncaptured nodes)that can be compromised based on capture of x nodes.

Location of the x captured nodes affects results.

Assume random location of x nodes (unrealistic)

Location knowledge significantly improves network resilience 1(1m/|S|)^x


8/10/2019 WSN - Copy

95/109

y


Location Aware Structured Key

8/10/2019 WSN - Copy

96/109

y

Random Key Predistribution (SK-RKP)

Huang et. al. (SASN 2004)

Claims random node capture assumption too weak (selective

capture possible)

Gridgroup deployment scheme. Introduces the node fabricationattack

Uses location based information and a structured key pool

Claims fewer number of keys and resilience to selective node

captureand node fabricationattacks

8/10/2019 WSN - Copy

97/109

Location Aware SK-RKP

P-RKP vs SK-RKP

Robustness of both weakened by selective node capture attack

8/10/2019 WSN - Copy

98/109


Both are also weakened by node fabrication attack

P-RKPBy capturing two nodes, attacker canfabricate and deploy (2m new nodes.

SK-RKP is harder to compromise (still possible)

Grid-Group Deployment Scheme Partition N sensors into i.j groups with sensors in each

group

Assign the identifier [(i,j),b] to each sensor in the G(i,j)where b= 1,.N

Assign m keys to each sensor in group G(i,j) Uniformly distribute the sensors for the group G(i,j) in zone

Z(i,j)

zn

8/10/2019 WSN - Copy

99/109

8/10/2019 WSN - Copy

100/109

8/10/2019 WSN - Copy

101/109


Key establishment within the

8/10/2019 WSN - Copy

102/109

same zone

Key establishment within the same zone

Each sensor, say [(i,j),b], broadcasts identifier [(i,j),b] and key

space identifiers [ , ]

For each neighbor, sensor adds a link in key-graphif they

share a key .

Sensor broadcasts list of neighbors who share key-space withit. Uses similar messages from others to expand key-graph.

Source routing to to request and establish pairwise keys with

all its neighbors.

1 2

Key establishment within

8/10/2019 WSN - Copy

103/109

adjacent zones

Each sensor, broadcasts desired node list (of nodes in

the adjacent zone)

A neighbor of the requestor within the same zone who

already shares a key with the nodes For each neighbor,

sensor adds a link in key-graphif they share a key

Sensor broadcasts list of neighbors who share key-

space with it. Uses similar messages from others to

expand key-graph.

Source routing to request and establish pairwise keyswith all its neighbors.

8/10/2019 WSN - Copy

104/109

Performance Analysis

Memory overhead

For p = 0.5238, m = 68 (similar to Du et. Al.)

Security Analysis

Secure against Random Node capture, Selective Node capture and

Node Fabrication attacks

Performance Analysis

8/10/2019 WSN - Copy

105/109

(Security)

8/10/2019 WSN - Copy

106/109

Summary

Robust security mechanisms are vital to the wideacceptance and use of sensor networks for manyapplications

Key management in turns is one the most importantaspects in any security architecture

Various peculiarities of Wireless Sensor Networks makethe development of good key management scheme achallenging task

We have discussed several approaches to key managementin WSN

All of them have strong and weak points The diverse nature of WSN usage makes it not reasonable to

look for some particular approach that would be suitable for allcases

Bibli h

8/10/2019 WSN - Copy

107/109

Bibliography

I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cyirci. Wireless SensorNetworks: A Survey. Computer Networks, 38(4):393-422, 2002.

C. Karlof and D. Wagner, Secure Routing in Wireless Sensor Networks:Attacks and Countermeasures. First IEEE International Workshop onSensor Network Protocols and Applications, May 2003

D. Carman, P. Kruus, and B. Matt. Constraints and approaches fordistributed sensor network security. NAI Labs Technical Report #00-010,September 2000

L. Eschenauer and V. Gligor. A Key-Management Scheme for DistributedSensor Networks. In Proc. of ACM CCS02, November 2002

H. Chan, A. Perrig, D. Song Random Key Predistribution Schemes forSensor Networks. In 2003 IEEE Symposium on Research in Security andPrivacy

S. Zhu, S. Xu, S. Setia, S. Jajodia Establishing Pair-wise Keys For SecureCommunication in Ad Hoc Networks: A Probabilistic Approach. In Proc. ofthe 11th IEEE International Conference on Network Protocols

R. Di Pietro, L. Mancini, A. Mei. Efficient and Resilient Key Discovery Basedon Pseudo-Random Key Pre-Deployment. 18th International Parallel andDistributed Processing Symposium

Bibli h

8/10/2019 WSN - Copy

108/109

Bibliography

D. Liu, P. Ning, Establishing Pairwise Keys in Distributed Sensor Networks,10th ACM CCS '03, Washington D.C., October, 2003

G. Jolly, M. Kusu, P. Kokate, M. Younis. A Low-Energy Key ManagementProtocol for Wireless Sensor Networks. Eighth IEEE InternationalSymposium on Computers and Communications

G. Gaubatz, J.Kaps, B. Sunar Public Key Cryptography in Sensor NetworksRevisited. 1st European Workshop on Security in Ad-Hoc and SensorNetworks

C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung.Perfectly secure key distribution for dynamic conferences. In Informationand Computation, 146 (1), 1998, pp 1-23.

Introduction to Modern Cryptography by M. Bellare, P. RogawayNovember 3, 2003

Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, andS. Vanstone, CRC Press, 1996.

The Strange Logic of Random Graphs, Joel H. Spencer

Nanotechnology website http://www.nanotech-now.com

Bibli h
http://www.nanotech-now.com/http://www.nanotech-now.com/http://www.nanotech-now.com/http://www.nanotech-now.com/

8/10/2019 WSN - Copy

109/109

Bibliography

W. Du, J. Deng, Y. Han, S. Chen, P. Varshney. A Key Management

Scheme for Wireless Sensor Networks Using Deployment Knowledge. IEEE

Infocom 2004.

D. Huang, M. Mehta, D. Medhi, L. Harn. Location-aware Key Management

for Wireless Sensor Networks. 2004 ACM Workshop on Security of Ad Hoc

and Sensor Networks. (SASN 04)

Documents

WSN - Copy