A Key Management Scheme for Distributed Sensor Networks

Laurent Eschaenauer and

Virgil D. Gligor

Introduction

Constraints Problems with Current Solutions Key Distribution Key Revocation, Re-Keying, and

Node Capture Resiliency Analysis and Simulation Problems

Constraints

Power Computation Key Transmission Digital Signatures

Storage Space Code Keys

Problems with Current Solutions

Global Keys Compromise Is Drastic

Pair-Wise Keys Storage Problems Inefficiency Re-keying and Node Additions Are

Expensive

Key Distribution Key pre-distribution phase

Preconfigured keys Generation of key pool Randomly chosen sets of keys from key

pool key ring Probability 2 nodes share key is very

high Key identifiers are remembered by

base station, and base station shares key with every node

Key Distribution Cont’d.

Shared key discovery phase Nodes broadcast key identifiers If 2 nodes share a key identifier then

a secure link is set up Links at routing layer are only set up

if a shared key exists Can protect this exchange with a

encrypted challenge

Key Distribution Cont’d.

Path key establishment phase Enables two nodes not sharing a key

to communicate via a multi-hop link Relies on the fact that many keys on

a key ring remain unused after shared key discovery phase

Revocation Revoke keys of a compromised node Base station broadcast a signed

message containing all keys to be removed from key ring

To sign message base station generates new key and unicasts it to each node

Node uses this key to verify signature of revocation message

Re-Keying

Keys may have a lifetime shorter than that of node

Nodes simply remove key from key ring and begin shared key discovery phase again

Node Capture Resiliency

2 threat levels Sensor input manipulation Bogus data Difficult to detect, harder to prevent Data correlation for redundant

sensors Physical Compromise

Tamper-proof construction

Node Capture Resiliency Cont’d.

Automatic key erasure Global key = complete compromise Pair-wise keys = n-1 links to

compromised are available Key distribution scheme = k << n are

compromised

Analysis Probability and Graph Theory

Expected degree of a node to ensure connectivity?

Sizes of key ring, key pool, and network

Analysis Cont’d. Key sharing

probabilities Logarithmic

increase: as network size increases key ring increases logarithmicaly

Simulations Effects on Network Topology

Dependent on size of key ring Multi-hop neighbors can use path only once

Simulations Cont’d.

Simulations Cont’d. Resiliency revisited

Node compromise limits number of links attacker gains access to:

Analysis

Relatively simple operation Complicated staging and pre-

deployment Need to take future into account

when deciding on key-sizes and key-lifetimes.

Achieves relatively low power and computation

Problems No authentication in key discovery phase Open to selective forwarding attack:

Compromised node C tells hears node A tell node B it has key 4. C then tells A it also has key 4. A might then send info to C, and C can drop packets.

Limited since C can’t actually encrypt anything since it doesn’t actually have key 4.

Problems Cont’d.

Compromised node could keep broadcasting a different key identifier list causing neighbors to waste bandwith searching their key list.

Sibyl attack where compromised node repeatedly sends out different key identifier lists. Possibly making a nodes link table grow too large