Title: A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge
1A Key Management Scheme for Wireless Sensor
Networks Using Deployment Knowledge
- IEEE INFOCOM 2004
- Wenliang Du, Jing Deng, Yunghsiang S. Han,
Shingang Chen, Pramod K. Varshney - - Reformatted by dhhan_at_cosmos.kaist.ac.kr -
2Overview
- Overview of Wireless Sensor Networks (WSN).
- Security in wireless sensor networks.
- Why is it different?
- This papers contributions on key
pre-distribution in WSN - Deployment-based scheme (INFOCOM04)
- Summary.
3Wireless Sensors
Berkeley Motes
4Mica Motes
- Mica Mote
- Processor 4Mhz
- Memory 128KB Flash and 4KB RAM
- Radio 916Mhz and 40Kbits/second.
- Transmission range 100 Feet
- One year battery life
- TinyOS operating System small, open source and
energy efficient.
5Spec Motes
6Wireless Sensor Networks (WSN)
Sensors
7Applications of WSN
- Battle ground surveillance
- Enemy movement (tanks, soldiers, etc)
- Environmental monitoring
- Habitat monitoring
- Forrest fire monitoring
- Hospital tracking systems
- Tracking patients, doctors, drug administrators.
8Securing WSN (outline)
- Motivation why security?
- Why not use existing security mechanisms?
- WSN features that affect security.
- This papers work
- Improved key management schemes.
9Why Security?
- Protecting confidentiality, integrity, and
availability of the communications and
computations - Sensor networks are vulnerable to security
attacks due to the broadcast nature of
transmission - Sensor nodes can be physically captured or
destroyed
10Why Security is Different?
- Sensor Node Constraints
- Battery,
- CPU power,
- Memory.
- Networking Constraints and Features
- Wireless,
- Ad hoc,
- Unattended.
11Sensor Node Constraints
- Battery Power Constraints
- Computational Energy Consumption
- Crypto algorithms
- Public key vs. Symmetric key
- Communications Energy Consumption
- Exchange of keys, certificates, etc.
- Per-message additions (padding, signatures,
authentication tags)
12Constraints (Cont.)Public Key Encryption
- Slow
- 1000 times slower than symmetric encryption
- Hardware is complicated
- Energy consumption is high
13Memory Constraints
- Program Storage and Working Memory
- Embedded OS, security functions (Flash)
- Working memory (RAM)
- Mica Motes
- 128KB Flash and 4KB RAM
14Key Management Problem
15Key Management Problem
Sensors
16Key Management Problem
Sensors
Secure Channels
17Approaches
- Trusted-Server Schemes
- Finding trusted servers is difficult.
- Public-Key Schemes
- Expensive and infeasible for sensors.
- Key Pre-distribution Schemes
18Key Pre-distribution
- Loading Keys into sensor nodes prior to
deployment - Two nodes find a common key between them after
deployment - Challenges
- Memory/Energy efficiency
- Security nodes can be compromised
- Scalability new nodes might be added later
19Naïve Solutions
- Master-Key Approach
- Memory efficient, but low security.
- Needs Tamper-Resistant Hardware.
- Pair-wise Key Approach
- N-1 keys for each node (e.g. N10,000).
- Security is perfect.
- Need a lot of memory and cannot add new nodes.
20Eschenauer-Gligor Scheme
Key Pool S
Each node randomly selects m keys
A
B
E
D
C
- When S 10,000, m75
- Pr (two nodes have a common key) 0.50
21Establishing Secure Channels
B
A
C
22Improvement Over Eschenauer-Gligor Scheme
23Observations and Objectives
A
B
F
Property Pr(A, B) Pr(A, F)
Our objective Pr(A, B) gtgt Pr(A, F)
Using deployment knowledge
24Modeling Deployment Knowledge
Deployment points for a group of sensors
I
A
J
B
K
F
25Probability Distribution Function of Each
Deployment Group
26Probability Distribution Function of All
Deployment Group
27Key pre-distribution Scheme
- Step 1 Key pre-distribution phase
- Step 2 Shared-key discovery phase
- Step 3 Path-key establishment phase
28Step 1 Key pre-distribution phase
Key Pools
29Step 1 Key pre-distribution phase- Key Sharing
Among Key Pools -
Horizontal
a
B
C
A
b
b
a
F
D
a
a
Vertical
Diagonal
a
b
b
G
H
I
b
a
30Step 1 Key pre-distribution phase- Key Pool
Size -
31Step 2 Shared-key discovery phase
- By broadcasting to neighbors
- Challenge-response technique
- a, EKi(a)
- i 1,,m
- Key ring which has m members
32Step 3 Path-key establishment phase
- A ?? B
- Find secure path by using flooding method.
- Limit the lifetime of the flooding message to
three hops to reduce flooding overhead - Share random key K by using secure path.
33Local Connectivity
34Network Resilience
- What is the damage when x nodes are compromised?
- These x nodes contain keys that are used by the
good nodes. - What percentage of communications can be affected?
35Network Resilience
36Summary
- Security in WSN is quite different from
traditional (Wired) network security. - Our schemes substantially improves the
performance and network resilience.