Random Key-Assignment for Secure Wireless Sensor

NetworksRoberto Di Pietro, Luigi V. Mancini and

Alessandro Mei

Limited memory Limited computational power Limited energy

Sensor nodes

Secure microcontroller

Passive attacks◦ Cipher text attacks

Active attacks◦ Take control of a sensor node

Unfriendly environment Nodes only trust themselves

Threat Model

Secure pairwise communication Memory efficient Energy efficient Tolerate the collusion of a set of corrupted

sensors

Goals

Have one master key◦ Can’t tolerate nodes being taken over

Each node stores a seperate key for every other node◦ Requires too much space◦ Expensive to add more nodes later

Tradeoff◦ Use less memory, but have only a probabilistic

tolerance to nodes being taken over

Naïve solutions

One way hash function Symmetric encryption Keyed hashed function Pseudo-random number generator

Requirements

A key deployment scheme A key discovery procedure A security adaptive channel establishment

procedure

The direct protocol

Method used in A key-managementscheme for distributed sensor networks:

A pool of P random keys is generated Each sensors takes k random keys from the

pool

Key deployment

Challenge is encrypted using each key and then broadcasted

Needs to perform k^2 decryptions on receiver side and k encryptions on the sender side

At least k messages have to be sent

Inefficient key discovery

Also used in A key management scheme for distributed sensor networks

Instead of challenge response, submit the indexes

Less secure, as a smart attacker can easily find the nodes that have the key it wants

Key deployment II

Method used in Establishing pair-wise keys forsecure communication in ad hoc networks: Aprobabilistic approach: A pool of P random keys is generated k indexes into the pool are created pseudo-

randomly with a publicly known seed dependent on the node id.

Less secure than challenge-response, but can be improved

Key deployment III

Channel existence

Find out which keys are shared and xor them together

An attacker needs to know all shared keys

Channel establishment

Corruption probability – P=1000

Corruption Probability – k=120

The cooperative protocol

Nearby sensors◦ Weaker against geographically attacks

Random◦ Larger communication overhead

Individual properties◦ More trusted nodes can give higher security

The C set

They give an upper bound on the probability that the channel between two nodes is corrupted, given w corrupted nodes

Upper bound

Sensor failure resistent◦ Can add more sensors if required

No information leakage◦ Sensors in the C set only transmits hash values of

their keys Adaptiveness

◦ If an upper bound of w is known, C can be chosen to secure communication with a desired probability.

Load balance◦ a sends c+1 message, sensors in C send 1,

tot=2c+1◦ Only done once during setup

Features of cooperation protocol

Sensor doesn’t respond◦ After timeout, node a can pick another node

Sensor sends correct key◦ Lowers security

Sends false key◦ Can pick another C set◦ Notify trusted base-station◦ Aware that network is under attack

DoS Attacks of Malicious Cooperators

If node a has the keys that node a should have, according to the pseudo-random number generator, it’s probable that a is a.

Authentication

P=1000 and w=8

P=1000 w=16

P=10000 w=32

M = {} for all keys k in P

◦ z = RND(id||k)◦ if(z%(|P|/m)==0)

put k into M

|M| must be less than memory size but larger than the security constraints

Discard ID if conditions not satisfied

Efficient and Secure Pre-deployment (ESP)

Generated IDs

Direct protocol