A Key Management Scheme for Distributed Sensor Networks

1. A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor

2. Introduction • Constraints • Problems with Current Solutions • Key Distribution • Key Revocation, Re-Keying, and Node Capture Resiliency • Analysis and Simulation • Problems

3. Constraints • Power • Computation • Key Transmission • Digital Signatures • Storage Space • Code • Keys

4. Problems with Current Solutions • Global Keys • Compromise Is Drastic • Pair-Wise Keys • Storage Problems • Inefficiency • Re-keying and Node Additions Are Expensive

5. Key Distribution • Key pre-distribution phase • Preconfigured keys • Generation of key pool • Randomly chosen sets of keys from key pool  key ring • Probability 2 nodes share key is very high • Key identifiers are remembered by base station, and base station shares key with every node

6. Key Distribution Cont’d. • Shared key discovery phase • Nodes broadcast key identifiers • If 2 nodes share a key identifier then a secure link is set up • Links at routing layer are only set up if a shared key exists • Can protect this exchange with a encrypted challenge

7. Key Distribution Cont’d. • Path key establishment phase • Enables two nodes not sharing a key to communicate via a multi-hop link • Relies on the fact that many keys on a key ring remain unused after shared key discovery phase

8. Revocation • Revoke keys of a compromised node • Base station broadcast a signed message containing all keys to be removed from key ring • To sign message base station generates new key and unicasts it to each node • Node uses this key to verify signature of revocation message

9. Re-Keying • Keys may have a lifetime shorter than that of node • Nodes simply remove key from key ring and begin shared key discovery phase again

10. Node Capture Resiliency • 2 threat levels • Sensor input manipulation • Bogus data • Difficult to detect, harder to prevent • Data correlation for redundant sensors • Physical Compromise • Tamper-proof construction

11. Node Capture Resiliency Cont’d. • Automatic key erasure • Global key = complete compromise • Pair-wise keys = n-1 links to compromised are available • Key distribution scheme = k << n are compromised

12. Analysis • Probability and Graph Theory • Expected degree of a node to ensure connectivity? • Sizes of key ring, key pool, and network

13. Analysis Cont’d. • Key sharing probabilities • Logarithmic increase: as network size increases key ring increases logarithmicaly

14. Simulations • Effects on Network Topology • Dependent on size of key ring • Multi-hop neighbors can use path only once

15. Simulations Cont’d.

16. Simulations Cont’d. • Resiliency revisited • Node compromise limits number of links attacker gains access to:

17. Analysis • Relatively simple operation • Complicated staging and pre-deployment • Need to take future into account when deciding on key-sizes and key-lifetimes. • Achieves relatively low power and computation

18. Problems • No authentication in key discovery phase • Open to selective forwarding attack: Compromised node C tells hears node A tell node B it has key 4. C then tells A it also has key 4. A might then send info to C, and C can drop packets. • Limited since C can’t actually encrypt anything since it doesn’t actually have key 4.

19. Problems Cont’d. • Compromised node could keep broadcasting a different key identifier list causing neighbors to waste bandwith searching their key list. • Sibyl attack where compromised node repeatedly sends out different key identifier lists. Possibly making a nodes link table grow too large