1 / 22

Key management for wireless sensor networks

Key management for wireless sensor networks. Sources: ACM Transactions on Sensor Networks, 2(4), pp. 500-528, 2006. Sources: Computer Communications, 30(9), pp. 1964-1979, 2007. Reporter: Chun-Ta Li ( 李俊達 ). Outline.

Download Presentation

Key management for wireless sensor networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Key management for wireless sensor networks Sources: ACM Transactions on Sensor Networks, 2(4), pp. 500-528, 2006. Sources: Computer Communications, 30(9), pp. 1964-1979, 2007. Reporter: Chun-Ta Li (李俊達)

  2. Outline • LEAP+: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks [ACM Transactions on Sensor Network] • Introduction • Zhu et al.’s scheme • Key Management for Long-Lived Sensor Networks in Hostile Environments [Computer Communications] • Chorzempa et al.’s scheme • Comparisons • Comments 2 2

  3. Introduction • Security of wireless sensor networks Micro Sensor Nodes Aggregation and Forwarding Nodes MSN Base Station MSN AFN MSN AFN BS MSN MSN MSN MSN MSN AFN MSN MSN MSN MSN BS MSN MSN MSN AFN cluster BS // symmetric shared keys MSN MSN // multiple keying mechanism

  4. Dynamic keying in a hierarchical WSN Establishing individual node keys Establishing pairwise shared keys The basic scheme The extended scheme Establishing cluster keys Establishing global key Clustering and key setup Node addition Key renewal Recovery from multiple MSN node captures Re-clustering after AFN capture Introduction (cont.) [Zhu et al.’s scheme] [Chorzempa et al.’s scheme]

  5. Zhu et al.’s scheme MSN MSN MSN Base Station MSN MSN BS MSN MSN MSN Micro Sensor Nodes MSN MSN // sensors are not mobile // neighboring nodes of any sensor are not known in advance MSN // BS will not be compromised

  6. Zhu et al.’s scheme (cont.) • Four types of required keys • Individual Key: MSN <-> BS (MSN can compute a MAC for ensuring validity of its sensed readings to BS) • Global Key: all MSNs (BS may broadcast queries or commands to the entire network) • Cluster Key: MSN <-> neighbors (securing locally broadcast message) • Pairwise Shared Key: MSNa <-> MSNb

  7. Zhu et al.’s scheme (cont.) • Notations • N is the number of nodes in the network. • u, v are principals such as communicating nodes. • {fk} is a family of pseudo-random function. • {s}k means encryption message s with key k. • MAC(k,s) is the message authentication code of message s using a symmetric k. • {Tmin, Test} are two types of time interval, where Tmin > Test. • KIN is an initial key • Ku is a master key belongs to node u such that Ku = fKIN(u).

  8. Zhu et al.’s scheme (cont.) • Establishing Individual Node Keys (IKu) u BS IKu = fKm(u) // f is a pseudo-random function // Km is a master key known only to BS // Each node has a unique id u

  9. Zhu et al.’s scheme (cont.) • Establishing Pairwise Shared Keys (Basic) • Key predistribution • Neighbor discovery • Key erasure (when its timer expires after Tmin) // KINis an initial key known to each node u BS Ku = fKIN(u) // Each node u derives a master key Ku u neighbors 1. HELLO(u) v u // Kuv = fKv(u) = fKu(v) = Kvu 2. v, MAC(Kv, u|v) u Node u erases KIN and all master keys (Kv)of its neighbors (no erasure Ku)

  10. Zhu et al.’s scheme (cont.) • Establishing Pairwise Shared Keys (Extended) • Key predistribution • Neighbor discovery • Key erasure u BS KiIN Kju = fKjIN(u), i < j < M u neighbors 1. HELLO(u,i) v u // Kuv = fKiv(u) = fKiu(v) = Kvu 2. v, MAC(Kiv, u|v) u Node u erases KiIN and all master keys (Kiv)of its neighbors (no erasure Kiu or any other preloaded master keys Kju where i < j < M)

  11. Zhu et al.’s scheme (cont.) • Establishing Cluster Keys (Kci) one-way key chain HCv (Kcv)Kvu u v Kcu Kcv (Kcu)Kuv (Kcu)Kuw (Kcv)Kvw one-way key chain HCu (Kcw)Kwv (Kcw)Kwu one-way key chain HCw w Kcw // When node u is revoked, every neighbor node generate a new cluster key and transmits it to all other neighbors

  12. Zhu et al.’s scheme (cont.) • Rekeying the Global Key k’g (when a compromised node is detected) • Authenticated Node Revocation • Secure Key Distribution The value of hash chain BS M = u, fk’g(0), kTi, MAC(kTi, u | fk’g(0)) x v // If verification is successful, Broadcast M t u • v and w will remove its pairwise key shared with u w • v and w will update its cluster key • v and w will store fk’g(0) temporarily (k’g)KcBS (k’g)Kci BS

  13. Zhu et al.’s scheme (cont.) • Integration of the pairwise key establishment phase with the cluster establishment phase v u 1. HELLO(u) 2. v, {Kcv}Kv, MAC(Kv, u | v | {Kcv}Kv) 3. u, {Kcu}Kuv, MAC(Ku, u | {Kcu}Kuv)

  14. Chorzempa et al.’s scheme Aggregation and Forwarding Nodes Micro Sensor Nodes Base Station MSN MSN MSN AFN BS AFN MSN MSN MSN MSN AFN MSN MSN MSN MSN MSN

  15. Chorzempa et al.’s scheme (cont.) • Location training =>  CEM => neighbors IDAFN1 ID1 ID2 Coordinate Establishment Message (CEM) • hopcountNj+1 < hopcountNi  Reassign to AFN2  (IDAFN2) (IDAFN1) • hopcountNj+1 > hopcountNi  Discard CEM (IDAFN1) = (IDAFN1) • hopcountNj+1 > hopcountNi • MSNs have completed neighbor discovery  Unicast CEM to its primary AFN1  (IDAFN2) (IDAFN1) • AFN is aware of one-hop MSNs

  16. Kt1 AFN Kt2 M1 Kt1 M3 M2 M4 Kt2 Chorzempa et al.’s scheme (cont.) Number of MSN nodes in a cluster • Three types of required keys • Administrative key set (k+m), EBS(n,k,m) • Pairwise secret key Kpi (BS<->MSN) • Tree administrative key Kti hold not hold Kp1 Kp3 Kp4 An example of EBS(10,3,2) Kp2 A cluster view Update a session key Kg with Kg’ (k + m broadcasts) (EBS; Exclusion Basis System)

  17. Chorzempa et al.’s scheme (cont.) • If N1 is captured (replace administrative keys and session keys known to N1) • Non-colluding node captures (|y|=2; N1, N6) IDAFN||EKa4(EKa2(Ka1’~Ka5’)) IDAFN||EKa5(EKa2(Ka1’~Ka5’)) IDAFN||EKa4(EKa3(Ka1’~Ka5’)) IDAFN||EKa5(EKa3(Ka1’~Ka5’)) (m broadcasts) (my broadcasts)

  18. tree1 AFN tree2 M1 M1 M2 M3 M4 M5 M6 tree1 Sc M4 M2 M5 K1 0 1 1 0 1 1 tree2 tree1 K2 1 0 1 tree2 1 0 1 M3 M6 Sut K3 1 1 0 1 1 0 Chorzempa et al.’s scheme (cont.) • Colluding node captures (Administrative key recovery) (EBS(6,2,1)) Kt2 Kt2 Kt2 EKt2(EK1(K1’)||EK2(K2’)||EK3(K3’))

  19. Chorzempa et al.’s scheme (cont.) • Reactive re-clustering after AFN capture • membership list (location training) BS capture AFNa AFNb absorption AFNb BS  MSN … MSN MSN … MSN EKAFNb(KAFNb-Ni || IDNi) || TicketNi , TicketNi = EKpi(KAFNb-Ni || IDAFNb || IDNi || routeNi-AFNb || nonce) Ni AFNb  IDNi || IDAFNb || EKAFNb-Ni( administrative keys)) || TicketNi

  20. Chorzempa et al.’s scheme (cont.) • MSN addition BS AFNa AFNb Old New => neighbors 1. hello … Old … Old Old Old New Old 2. neighbors  hello hello Old New Old Old Old Old IDNi || IDAFNp || hopcountNi AFNa Old New 3.   New 5. BS  (IDNnew || IDAFNa || nonce) || MACKpi TicketNnew = EKpi(KAFNa-Nnew || IDAFNa || IDNnew || nonce) AFNa BS 4.  (IDNnew || IDAFNa || nonce) || MACKpi || MACKAFNa

  21. Comparisons n: the number of neighbors

  22. Comments • In Zhu et al.’s scheme, an old node is unable to establish a pairwise key with a new node. • In Chorzempa et al.’s scheme, it lacks the mechanism of pairwise key establishment for any two sensors.

More Related