Title: A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
1A Pairwise Key Pre-Distribution Scheme for
Wireless Sensor Networks
- Wenliang (Kevin) Du, Jing Deng,
- Yunghsiang S. Han and Pramod K. Varshney
- Department of EECS
- Syracuse University
2Overview
- Wireless Sensor Networks (WSN).
- Key management problem in WSN.
- Existing solutions.
- Our solution.
- Security and performance analysis.
- Conclusion and future work.
3Wireless Sensor Networks
4Securing WSN
Secure Channels
5Problem Description
- How can each pair of neighboring nodes find a
secret key? - Pairwise secret keys are unique for each pair.
- Can be used for authentication.
6Approaches
- Trusted-Server Schemes
- Finding trusted servers is difficult.
- Public-Key Schemes
- Expensive and infeasible for sensors.
- Key Pre-distribution Schemes
7Key Pre-distribution
- Goal Loading Keys into sensor nodes prior to
deployment, s.t. any two nodes can find a secret
key between them after deployment - Challenges
- Security nodes can be compromised
- Scalability new nodes might be added later
- Memory/Energy efficiency
- Authentication pairwise keys
8Naïve Solutions
- Master-Key Approach
- Memory efficient, but low security.
- Needs Tamper-Resistant Hardware.
- Pair-wise Key Approach
- N-1 keys for each node (e.g. N10,000).
- Security is perfect.
- Need a lot of memory and cannot add new nodes.
9Eschenauer-Gligor Scheme
A
m keys (random)
B
m
C
m
Key Pool S
m
D
m
E
- E.g., when S 10,000, m75, the local
connectivity p 0.50 - This scheme is further improved by Chan, Perrig,
and Song (IEEE SP 2003).
10Our Goal
- Pairwise key pre-distribution scheme.
- Use Blom Scheme.
- Further improvement on performance and
resilience. - Use random key pre-distribution scheme.
11Blom Scheme
- Public matrix G
- Private matrix D (symmetric).
D
?1
?1
G
N
?1
Let A (D G)T
A G (D G)T G GT DT G GT D G (A G)T
12Blom Scheme
A (D G)T
G
(D G)T G
j
i
Kij
i
N
X
Kji
j
N
?1
N
13G Matrix
To achieve ?-secure Any ?1 columns of G must be
linearly independent. Vandermonde matrix has such
a property.
1 1 1 1
s s2 s3 sN
s2 (s2)2 (s3)2 (sN)2
s? (s2)? (s3)? (sN)?
G
14Properties of Blom Scheme
- Bloms Scheme
- Network size is N
- Any pair of nodes can directly find a secret key
- Tolerate compromise up to ? nodes
- Need to store ?2 keys
- Our next goal increase ? without increasing the
storage usage.
15Multiple Space Scheme
Key-Space Pool
(D1, G)
(D2, G)
(D?, G)
16How to select ? and ??
- If the memory usage is m, the security threshold
(probablistic) ?m is - To improve the security, we need to increase
?/?2. - However, such an increase affects the
connectivity.
17Measure Local Connectivity
plocal the probability that two neighboring
nodes can find a common key.
18Plocal for different ? and ?
19Security Analysis
- Network Resilience
- When x nodes are compromised, how many other
secure links are affected?
20Resilience (p 0.33, m200)
Blom
21Resilience (p 0.50, m 200)
Blom
22Other Analysis
- Communication overhead
- Computation overhead
23ImprovementUsing Two-hop Neighbors
? 7 ? 2
? 31 ? 2
24Conclusion
- We have proposed a pairwise key pre-distribution
scheme for WSN. - We analyzed security, computational overhead,
communication overhead. - Our scheme substantially improves the network
resilience.
25Independent Discoveries
- The similar scheme is independently discovered by
two other groups - Liu and Ning from NC State (next talk).
- Katz and his group from University of Maryland.