250 likes | 453 Views
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks. Wenliang (Kevin) Du , Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department of EECS Syracuse University. Overview. Wireless Sensor Networks (WSN). Key management problem in WSN. Existing solutions.
E N D
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department of EECS Syracuse University
Overview • Wireless Sensor Networks (WSN). • Key management problem in WSN. • Existing solutions. • Our solution. • Security and performance analysis. • Conclusion and future work.
Sensors Deploy Wireless Sensor Networks
Sensors Deploy Securing WSN Secure Channels
Problem Description • How can each pair of neighboring nodes find a secret key? • Pairwise: secret keys are unique for each pair. • Can be used for authentication.
Approaches • Trusted-Server Schemes • Finding trusted servers is difficult. • Public-Key Schemes • Expensive and infeasible for sensors. • Key Pre-distribution Schemes
Key Pre-distribution • Goal: Loading Keys into sensor nodes prior to deployment, s.t. any two nodes can find a secret key between them after deployment • Challenges • Security: nodes can be compromised • Scalability: new nodes might be added later • Memory/Energy efficiency • Authentication: pairwise keys
Naïve Solutions • Master-Key Approach • Memory efficient, but low security. • Needs Tamper-Resistant Hardware. • Pair-wise Key Approach • N-1 keys for each node (e.g. N=10,000). • Security is perfect. • Need a lot of memory and cannot add new nodes.
Eschenauer-Gligor Scheme A m keys (random) B m C m Key Pool S m D E m • E.g., when |S| = 10,000, m=75, the local connectivity p = 0.50 • This scheme is further improved by Chan, Perrig, and Song (IEEE S&P 2003).
Our Goal • Pairwise key pre-distribution scheme. • Use Blom Scheme. • Further improvement on performance and resilience. • Use random key pre-distribution scheme.
Blom Scheme • Public matrix G • Private matrix D (symmetric). D +1 +1 G N +1 Let A = (D G)T A G = (D G)T G = GT DT G = GT D G = (A G)T
Node i carries: Node j carries: Blom Scheme A = (D G)T G (D G)T G j i Kij i = N X Kji j N +1 N
G Matrix To achieve -secure: Any +1 columns of G must be linearly independent. Vandermonde matrix has such a property. G =
Properties of Blom Scheme • Blom’s Scheme • Network size is N • Any pair of nodes can directly find a secret key • Tolerate compromise up to nodes • Need to store +2 keys • Our next goal: increase without increasing the storage usage.
spaces spaces spaces Two nodes can find a pairwise Key if they carry a common Key space! Multiple Space Scheme Key-Space Pool (D1, G) (D2, G) (D, G)
How to select and? • If the memory usage is m, the security threshold (probablistic) m is • To improve the security, we need to increase /2. • However, such an increase affects the connectivity.
Measure Local Connectivity plocal= the probability that two neighboring nodes can find a common key.
Security Analysis • Network Resilience: • When x nodes are compromised, how many other secure links are affected?
Other Analysis • Communication overhead • Computation overhead
Improvement:Using Two-hop Neighbors = 7 = 2 = 31 = 2
Conclusion • We have proposed a pairwise key pre-distribution scheme for WSN. • We analyzed security, computational overhead, communication overhead. • Our scheme substantially improves the network resilience.
Independent Discoveries • The similar scheme is independently discovered by two other groups: • Liu and Ning from NC State (next talk). • Katz and his group from University of Maryland.