A Key Management Scheme for Distributed Sensor Networks

Laurent Eschaenauer and

Virgil D. Gligor

Introduction Constraints Problems with Current Solutions Key Distribution Key Revocation, Re-Keying, and

Node Capture Resiliency Analysis and Simulation Problems

Constraints Power

Computation Key Transmission Digital Signatures

Storage Space Code Keys

Problems with Current Solutions Global Keys

Compromise Is Drastic Pair-Wise Keys

Storage Problems Inefficiency Re-keying and Node Additions Are

Expensive

Key Distribution Key pre-distribution phase

Preconfigured keys Generation of key pool Randomly chosen sets of keys from key

pool key ring Probability 2 nodes share key is very high Key identifiers are remembered by base

station, and base station shares key with every node

Key Distribution Cont’d. Shared key discovery phase

Nodes broadcast key identifiers If 2 nodes share a key identifier then

a secure link is set up Links at routing layer are only set up

if a shared key exists Can protect this exchange with a

encrypted challenge

Key Distribution Cont’d. Path key establishment phase

Enables two nodes not sharing a key to communicate via a multi-hop link

Relies on the fact that many keys on a key ring remain unused after shared key discovery phase

Revocation Revoke keys of a compromised node Base station broadcast a signed

message containing all keys to be removed from key ring

To sign message base station generates new key and unicasts it to each node

Node uses this key to verify signature of revocation message

Re-Keying Keys may have a lifetime shorter

than that of node Nodes simply remove key from key

ring and begin shared key discovery phase again

Node Capture Resiliency 2 threat levels

Sensor input manipulation Bogus data Difficult to detect, harder to prevent Data correlation for redundant sensors

Physical Compromise Tamper-proof construction

Node Capture Resiliency Cont’d.

Automatic key erasure Global key = complete compromise Pair-wise keys = n-1 links to

compromised are available Key distribution scheme = k << n are

compromised

Analysis Probability and Graph Theory

Expected degree of a node to ensure connectivity?

Sizes of key ring, key pool, and network

Analysis Cont’d. Key sharing

probabilities Logarithmic

increase: as network size increases key ring increases logarithmicaly

Simulations Effects on Network Topology

Dependent on size of key ring Multi-hop neighbors can use path only once

Simulations Cont’d.

Simulations Cont’d. Resiliency revisited

Node compromise limits number of links attacker gains access to:

Analysis Relatively simple operation Complicated staging and pre-

deployment Need to take future into account

when deciding on key-sizes and key-lifetimes.

Achieves relatively low power and computation

Problems No authentication in key discovery phase Open to selective forwarding attack:

Compromised node C tells hears node A tell node B it has key 4. C then tells A it also has key 4. A might then send info to C, and C can drop packets.

Limited since C can’t actually encrypt anything since it doesn’t actually have key 4.

Problems Cont’d. Compromised node could keep

broadcasting a different key identifier list causing neighbors to waste bandwith searching their key list.

Sibyl attack where compromised node repeatedly sends out different key identifier lists. Possibly making a nodes link table grow too large