DOC

Review of Key Management Mechanisms in Wireless Sensor Networks

By Jimmy Wells,2014-01-25 09:06
7 views 0
Review of Key Management Mechanisms in Wireless Sensor Networks

    Review of Key Management Mechanisms in

    Wireless Sensor Networks

    Vo1.32.No.6ACTAAUT0MATICASINICANovember,2006

    ReviewofKeyManagementMechanismsinWirelessSensorNetworks

    SUNDongMe[HEBing.

    (InstituteofInformationScience,BeijingJiaotongUniversity,Beijing100044) (Electrical&ComputerEngineeringandComputerScienceDepartment. UniversityofCincinnati,USA)

    (E-mail:dmsun@center.njtu.edu.ca,heb~ececs.uc.edu)

    AbstractRecentadvancementsinwirelesscommunicationandmicrochiptechniqueshaveaccel

    eratedthedevelopmentofwirelesssensornetworksfWSN).KeymanagementinwsNisacritical

    andchallengingproblembecauseoftheinnercharacteristicsofsensornetworks:deployedinhostile

    environments,limitedresourceandadhocnature.Thispaperinvestigatestheconstraintsandspecial

    requirementsofkeymanagementinsensornetworkenvironment,andsomebasicevaluationmetrics

    areintroduced.Thekeypre-distributionschemeisthoughtasthemostsuitablesolutionforkeyman

    agementprobleminwirelesssensornetworks.Itcanbeclassifiedintofoorclasses:pureprobabilistic

    keYpredistribution,polynomialbased,Blomsmatrix

    based,anddeterministickeypre-distribution

    schemes.Ineachclassofmethods,therelatedresearchpapersarediscussedbasedonthebasic evaluationmetrics.Finally,thepossibleresearchdirectionsinkeYmanagementarediscusse

d.

    KeywordsKeymanagement,keypredistribution,wirelesssensornetworks

    1Introduction

    Recentadvancementsinwirelesscommunicationsandmicroelectromechanicalsystemstechnolo-

    gieshavepromotedthedevelopmentandapplicationofwirelesssensornetworks.Awirelesssensor

    networkiscomposedoflargenumberoftinysensornodes,whicharepoweredbybatteries,equipped

    withsensing,dataprocessingandshortrangeradiocommunicationscomponents_lj.

    Whenthesensorsaredeployedinahostilefieldformilitaryuse.thenetworkisvulnerableto securityattacksduetothebroadcastnatureoftransmissionintheopenairmedium.Alsothesensor

    nodescanbephysicallycapturedordestroyedorimpersonated.Sothesecurityissueisavery importantproblemtoWSN.

    Toprovidesecurity,encryptiontechnologiesareusedtoachievesecretcommunications.Toencrypt

    thedata,aprerequisiteisthesecretkeysshouldbesetupamongcommunicatingsensornodes. Keymanagementistheprocessinwhichkeysarecreated,stored,protected,transferred,usedand

    destroyed.Keyingmeanstheprocessofachievingkeysagreementamongsensornodesbyderiving

    commonsecretkeysamongcommunicatingparties.Pair

    wisekeyinginvolvestwopartiesagreeingona

    sharedsessionkeywhilegroupkeyingisthatmorethantwopartiestosetupthecommunicationkey.

    Currentlyseveralkeyingschemeshavebeenproposed.Generally,therearethreekindsofprotocols[4:

    Thearbitratedkeyingprotocols.self-enforcingprotocolsandpre-distributionkeyingprotocols.The

    arbitratedkeyingschemereliesonsometrustedcentralpoint,whichisvulnerabletosinglepoint

    failure,alsotheadhocattributeofWSNmakesitdifficulttosetupanetwork

    wiseavailablecentral

    point.Theself-enforcingschemeusestheasymmetricencryptioncryptography,whichislimitedby

    thecurrentcomputationabilitiesandenergyresourcesofsensornetworktechnologies.Sowemainly

    considerapplyingthepre-distributionkeymanagementscheme,inwhichkeysareloadedintosensor

    nodesbeforedeployment.

    Thepaperisorganizedasfollows.InSection2,weanalyzethespecialrequirementsandconstraints

    ofwirelesssensornetworkssecurityschemes,andbasedonthatsomepopularevaluationmetricsare

    introduced.InSection3,fourmajorpre-distributionkeymanagementschemesareexaminedanddis

    cussed.Section4presentssomeadditionalresearchrequirementsandpossiblefutureresearchdirections.

    SomeconclusionsaregiveninSection5.

    2Securityrequirementsandevaluationmetrics

    Thebasicconstraintsofsensornetworksare:limitedpower/energy,lowtransmissionrange,limited

    storageandworkingmemory,andunattendedoperations[.

    Sowhenevaluatingtheperformanceof

    keymanagementschemes,thefollowingmetricsareoftenused.

    ReceivedNovember21,2005;inrevisedformMarch1,2006

    No.6SUNDong-Meieta1.:ReviewofKeyManagementMechanismsinWireless???901 1)Connectivity(1ocal/globa1):localconnectivityistheprobabilitythattwonodesincommu

nica-

    tionrange(neighboringnodes)shareatleastonekey,~~hiletheglobalconnectivityreferstotheratio

    ofthenumberofnodestobeabletocommunicateinthepost

    keys-setupgraphtothesizeofthewhole

    network.

    2)Resiliencetosensornodescapture:wheneverasensornodeiscaptured,theinformationit carriesmayberetrievedbytheadversary.Thefractionoftotalkeysinformationexposedtoadversary

    canbeconsideredastheresilience.

    31Scalability:thepossibilitythatnewnodesmightbeaddedlater.,

    41Memoryefficiency:theamountofkeyinginformationneedstobestoredineachnode. Therearetwonaivesolutionstobeconsidered.Oneiscalledthenetworkwide"master"key

    approach,inwhicheverynodeinthewholenetworkshareonecommonkey.Thismethodismemory

    efficient,butwithweakresiliencebecausecaptureofanynodecompromisesthewholenetwork.

    Anothermethodispair-wisekeyapproachinwhich'eachnodecarriesN1differentkeysto

    communicatewithallothernodes(supposingthenetworksizeisN).Precisely,tosecuregroupsofup

    toGnodesinthenetworkkeyshavetobegeneratedanddeployedsothateachnodeholds (?)keys[31.Theresilienceisperfectbutitisextremelynotm一锄esw

    poorscalabilitythatnonodehasthekeyofnewlyaddednodes.

    Sobothsimplesolutionsarenotsuitableforpracticaluse.

    3Keypre-distributi0nschemes

    Themainideaofkeypredistributionschemesisthateachnodeisdistributedwiththesecret keysorsecretinformationbeforedeployedintothesensingarea.Generally,akeypre-distribution

    schemecontainsthreephases:keypre-distributionphase,shared

keydiscoveryphaseandpathkey

    establishmentphase.Thedetailsofimplementationofkeypre-distributionschemearediscussedin

    51.Thecurrentproposedkeyprdistrutionschemesmainlycanbeclassifiedintofourclasses:

    pureprobabilistickeypre-distributionschemes,polynomial-basedkeypre-distributionschemes,Bloms

    matrixbasedkeypre

    distributionschemesanddeterministickeypre-distributionschemes. 3.1Pureprobabilistickeypre-distributionschemes

    EschenauerandGligorproposedtheprobabilistickeypre-deployedschemeJ,whichiscalledbasic

    schemebymostpapers.Inthisscheme,threephasesareneededtosetupthecommunicationkeys:key

    pre-distribution,shared-keydiscovery,andpathkeyestablishment.Inthekeypre

    distributionphase

    (Fig.1),eachsensornodecarrieskdistinctkeys,whicharerandomlychosenfromabigkeypool(with

    sizeP>>k).

    KeypoolS

    //???

    ABC

    \\.?

    ,)

    Fig.1Keypre-distributionphase

    ThissetofkkeysiscalledkeyringandeachkeyhasacorresDondingidentifier. Theshared.keydiscoveryphasehappenswhenthesensornodesaredeployedintothesensedarea.

    Inthephaseeachnodediscoversitsneighborsinradiorangewithwhichitsharescommonkevs.Inthe

    endofshared-keydiscoveryphaselinksaresetupbetweennodesthatarenotonlyinradiorangebut

    alsosharingcommonkeys.AsampletopologyisshowninFig.2.Inthisnetwork,nodepairsAandC,

    andBandCcansetupsecurelinksfA,',andfB,C'.

    \,-,\

    ?g

    /,?

    /

    G?

902ACTAAUT0MATICASINICAV01.32

    Fig.2Sharedkeydiscoveryandpath-keyestablishment

    Forsomenodepairsinradiorangebutnottoshareacommonkey.theymaybeconnectedby twoormorehoplinksinthepath

    keyestablishmentphase.AsshowninFig.2,nodesAandBarein

    communicationradiorangebutdonotshareacommonkey.Thepath

    keyestablishmentphaseassigns

    apathkeytothesensornodesvianodeCandthentheycansetupsecurelinkbetweenthem. Inthisscheme.therandomgraphtheoryLisusedtodesignakeypre-distributionscheme.A randomgraphC(n,P)isdefinedasagraphofnvertices,inwhichtheprobabilitythatalinkexists betweentwonodesisP.Inthenetworkgraphtwonodesareadjacentiftheyshareasecretkey.The

    graphicconnectivityPchastherelationwithPasfollows.

    Pc=limPr[G(,P)isconnected】一en}oo

    wherep:ln(

    n)+

    ,cisarea1constlt.

    GivennwecallfindPandtheexpecteddegreeofanodedP(n1)inwhichtheresulting

    graphisconnectedwithrequiredprobabilityPc.Alsothewirelessconnectivityconstraintsm

aylimit

    neighborhoodston<<nnodes.thentheprobabilityofshareingakeybetweenanytwonodesina

    neighborhoodbecomes

    ,d

    p.>>p

    Thisschemeworksasbelow.

    11ChoosecforadesiredprobabilityofconnectivityPcsuchthatPc=e

    2)calculatepbyp:ln(

    n)+

    ,

    and

    nD

    31DeterminethesizeofkeypoolPandthesizeofkeyring.Pandshouldsatisfy[.

    ?p一两p

    Thus.akeypoolofsizePisdefinedandeachnodecanrandomlyselectkkeysinthekeYpoo1. AsweCallsee,mostofthefollowingkeYpre-distributionschemesarebasedonthismode1. ThecrucialproblemofthisschemeistochoosePandsothattheprobabilityofsharingatleast onekeYbetweenanytwonodesisnotlessthanthethresholdprobabilityP,whichiscalculatedbythe

    randomgraphtheory.Inthiswaythewholesensornetworkcanachievethepredeterminedconnectivity

    probabilityPc.

    Toireprovetheresiliencetonodecapture.Chaneta1.[Slproposedamodifiedversionofthebasic

    scheme.Inthisscheme,qcommonkeysareneededtosetupthecommonkeywithahashfunction,

    ratherthanonlyone.Byincreasingtheamountofkeyoverlaprequiredforkey

    setup,theresilience

    ofthenetworkagainstthenodecaptureisincreased.Actually.astheamountofrequiredkeyoverlap

    increases,itbecomesexponentiallyharderfortheadversarytoattack.Butbecausemoresharedkeysare

    neededtosetupaneighborcommunicationkeY.thelocalconnectivityisdecreasedandthemaximum

    supportnetworksizeislimited.

    Inbothschemesdiscussedabove,manynodessharethesamekeY.Itisshownthataveragely /PnodesshareacommonkeYinanetwork,wherennodesselectkeysfromakeypoolwitha sizeofP.0nenodebeingcapturedwillaffectallthenodesthatsharethecommonkeywithit.even

    farfromit.Toremedythekeyoverlappingproblem.HuangandDudevelopedanode-basedkey

    No.6SUNDongMeieta1.:ReviewofKeyManagementMechanismsinWireless--?903 pre-distributionscheme,inwhichdifferentkeysareusedondifferentlinks.Theprimaryideais,forany

    r1

    node,insteadofselectingkeysfromthekeypool,itselectst=lldifferentnodesfromthen1Lj

    nodesandpre-distributessymmetrickeysbetweenthenodeandthetnodeset.Inthisnode

    based

    scheme,notwolinksbeingestablishedusethesamekeys.Andtheresilienceagainstnodecaptureis

    improvedaseachcapturednodeonlyaffectsthosenodessharingalinkwithit. Allthepreviousschemesdonotconsiderthedeploymentknowledgeofeachnode.Dueta1.[.

    describedamodel,inwhichthesensornodesaredeployedingroups,soineachgroupthenodeshave

    highprobabilitytobeneartoeachother.Sothebasicideaistoletthenodesdeployedneartoeach otherselectkeysfromsub

    keypoolsthatsharemorekeys.Inthescheme,becauseeachnodecarries

fewerkeys,thememoryefficiencyandresiliencearebothimproved.

    3.2Polynomialbasedkeypre-distributionschemes

    Blundoeta1.proposedapolynomial-basedkeypre

    distributionprotoco1.whichisthebasisof

    pairwisekeyspre-distributionschemes.

    Topredistributepairwisekeys,oneof[1inekeyset

    upseverrandomlygeneratesabivariatet-degree

    t

    polynomial,(z,Y)=:%zYoverafinitefield.whereqisaprimenumberthatislargeenough i,j=0

    toaccommodateacryptographickey,andhasthepropertyof/(x,Y)=f(u,z).Foreachsensoriwith

    auniqueID,thesetupservercomputesapolynomialshareoff(x,),thatis,f(i,y).Foranytwo sensornodesiandJ,nodeicancomputethecommonkeyf(i,J)byevaluatingf(i,)atpointJ,and nodeJcancomputethecommonkeywithibyevaluatingf(J,Y)ati.Sotoestablishapairwisekey

    bothnodesneedtoevaluatethepolynomialwiththeIDoftheothernode.Theschemeisprovedsecure

    andt-collusionresistant.

    LiuandNing(121proposedaspecialschemeforsensornetworksbasedonf111.Themaindifference

    ofthisschemewiththoseinSection3.1isthatitchangestheglobalkeypooltoglobalpolynomial

    poo1.Apoolofrandomlygeneratedbivariatepolynomialsisusedtoestablishpairwisekeysbetween

    sensors.Sothenodesselectdifferentpolynomialsfromthepolynomialpool,inwhicheachpolynomial

    withdifferentID.Inthedirectkeyestablishmentphase,sensornodesexchangetheIDofpolynomials

    tofindsharedpolynomials,andsoestablishthepmrwisekeybycomputationasdiscussedinf1

11.

    Comparedwithpreviousmethods,thisschemeismoresecure.Moreimportantimprovementisthat

    thescalabilityisexcellent,thatis,sensorscanbeaddeddynamicallywithouthavingtocontactthe

    previouslydeployedsensors.

    Agrid-basedschemeisalsoproposedin

    12],wherethepolynomialsarearrangedinagrid.The

    setupserverassignseachsensorinthenetworktoauniqueintersectioninthegrid.Thisgridbased

    methodisdescribedaslowcommunicationoverhead,andismoreintrusiontolerantthanprevious

    schemes.

    Thelocationinformationcanbeusedtoimprovethepolynomial

    basedkeypredistributionschemes

    asproposedin[13],calledtheclosestpolynomialscheme.Thisschemecombinestheexpectedlocations

    ofsensornodeswiththerandomsubsetassignmentschemeinf12],andallowstradeoffbetweenthe

    securityagainstnodecapturesandtheprobabilityofestablishingdirectkeyswithagivenmemory

    constraint.

    InaUthepolynomial-basedkeypre

    distributionschemes.theessentialcomputationinsensornodes

    liesintheevaluationofat-degreepolynomia1.

    3.3Blomsmatrix-basedkeypredistributionschemes

    Theoriginalmatrixbasedkeypre-distributionschemeisproposedbyBlom[14.

    Inthisscheme.

    asymmetricmatrixKnxnstoresallpairwisekeysofagroupofnnodes,whereeachelementt,is

Report this document

For any questions or suggestions please email
cust-service@docsford.com