A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks

1
A Pairwise Key Pre-Distribution Scheme for
Wireless Sensor Networks

• Wenliang (Kevin) Du, Jing Deng,
• Yunghsiang S. Han and Pramod K. Varshney
• Department of EECS
• Syracuse University

2
Overview

• Wireless Sensor Networks (WSN).
• Key management problem in WSN.
• Existing solutions.
• Our solution.
• Security and performance analysis.
• Conclusion and future work.

3
Wireless Sensor Networks
4
Securing WSN
Secure Channels
5
Problem Description

• How can each pair of neighboring nodes find a
  secret key?
• Pairwise secret keys are unique for each pair.
• Can be used for authentication.

6
Approaches

• Trusted-Server Schemes
• Finding trusted servers is difficult.
• Public-Key Schemes
• Expensive and infeasible for sensors.
• Key Pre-distribution Schemes

7
Key Pre-distribution

• Goal Loading Keys into sensor nodes prior to
  deployment, s.t. any two nodes can find a secret
  key between them after deployment
• Challenges
• Security nodes can be compromised
• Scalability new nodes might be added later
• Memory/Energy efficiency
• Authentication pairwise keys

8
Naïve Solutions

• Master-Key Approach
• Memory efficient, but low security.
• Needs Tamper-Resistant Hardware.
• Pair-wise Key Approach
• N-1 keys for each node (e.g. N10,000).
• Security is perfect.
• Need a lot of memory and cannot add new nodes.

9
Eschenauer-Gligor Scheme
A
m keys (random)
B
m
C
m
Key Pool S
m
D
m
E

• E.g., when S 10,000, m75, the local
  connectivity p 0.50
• This scheme is further improved by Chan, Perrig,
  and Song (IEEE SP 2003).

10
Our Goal

• Pairwise key pre-distribution scheme.
• Use Blom Scheme.
• Further improvement on performance and
  resilience.
• Use random key pre-distribution scheme.

11
Blom Scheme

• Public matrix G
• Private matrix D (symmetric).

D
?1
?1
G
N
?1
Let A (D G)T
A G (D G)T G GT DT G GT D G (A G)T
12
Blom Scheme
A (D G)T
G
(D G)T G
j
i
Kij
i

N
X
Kji
j
N
?1
N
13
G Matrix
To achieve ?-secure Any ?1 columns of G must be
linearly independent. Vandermonde matrix has such
a property.
1 1 1 1
s s2 s3 sN
s2 (s2)2 (s3)2 (sN)2

s? (s2)? (s3)? (sN)?
G
14
Properties of Blom Scheme

• Bloms Scheme
• Network size is N
• Any pair of nodes can directly find a secret key
• Tolerate compromise up to ? nodes
• Need to store ?2 keys
• Our next goal increase ? without increasing the
  storage usage.

15
Multiple Space Scheme
Key-Space Pool
(D1, G)
(D2, G)
(D?, G)
16
How to select ? and ??

• If the memory usage is m, the security threshold
  (probablistic) ?m is
• To improve the security, we need to increase
  ?/?2.
• However, such an increase affects the
  connectivity.

17
Measure Local Connectivity
plocal the probability that two neighboring
nodes can find a common key.
18
Plocal for different ? and ?
19
Security Analysis

• Network Resilience
• When x nodes are compromised, how many other
  secure links are affected?

20
Resilience (p 0.33, m200)
Blom
21
Resilience (p 0.50, m 200)
Blom
22
Other Analysis

• Communication overhead
• Computation overhead

23
ImprovementUsing Two-hop Neighbors
? 7 ? 2
? 31 ? 2
24
Conclusion

• We have proposed a pairwise key pre-distribution
  scheme for WSN.
• We analyzed security, computational overhead,
  communication overhead.
• Our scheme substantially improves the network
  resilience.

25
Independent Discoveries

• The similar scheme is independently discovered by
  two other groups
• Liu and Ning from NC State (next talk).
• Katz and his group from University of Maryland.