A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor Networks Author: Xiaojiang Du, Guizani M., Yang Xiao.

A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for Heterogeneous Sensor Networks

Author: Xiaojiang Du, Guizani M., Yang Xiao and Hsiao-Hwa ChenSource: Wireless Communications, IEEE, vol.8, no.3, pp.1223-1229, 2009Presenter: Yung-Chih LuDate: 2010/07/13

Outline

Introduction Related Work

L. Eschenauer and V. Gligor. “A Key-Management Scheme for Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov. 2002.

Proposed Scheme Performance Evaluaton Security Analysis Conclusion & Comment

Introduction(1/6)

MANET(Mobile Ad Hoc Network)

WSN (Wireless Sensor Network)

Introduction(2/6)Similarities MANET WSN

Multi-hop routing Yes Yes

Auto-configurable wireless networks Yes Yes

Self-healing Yes Yes

Mobility of nodes Yes Yes

unlicensed spectrum Yes Yes

Differences MANET WSN

Limited computation No Yes

Global identification Yes No

Prone failures No Yes

Base station No Yes

Densely deployed in environment No Yes

The Topology changes frequently No Yes

Introduction(3/6) Sensor node constraints

Battery power • Computational energy consumption• Communication energy consumption

Transmission range Memory space Tamper protection

Evaluation/Comparison metrics Resilience against node capture Addition Revocation Supported network size suite all needs

E-G Scheme(1/3)

Key pre-distribution phase

Key pool(217-220 keys)

Key pool(217-220 keys)

Key ring(m keys)

Key ring(m keys)

Key ring(m keys)

……

two neighboring nodes have at least one the same key in their key rings

E-G Scheme(2/3) Shared-key discovery

Key ring(m keys)

Key ring(m keys)

Key ring(m keys)

wireless

sennor node discovers its neighbors to find the common shared-key in their key ring

the connected graph of secure link is formed

E-G Scheme(3/3)

Path-key establishment

Key ring(m keys)

Key ring(m keys)

Source sensor node

Target sensor node

Path key

Proposed Scheme(1/4)

Centralized Key Establishment

(1)Send EKRL[Key-request message ]

(L-sensor ID and location)

(2)DKUL[EKR

L

[Key-request message ]]= Key-request message

(3)run Centralized MST algorithm to determine the tree structure

(4) disseminates the parent-child relationships to all L-sensors

(5)Send EKUL[Ku,v]

(6)DKRL[EKU

L[Ku,v]]

= Ku,v

Proposed Scheme(2/4)

Centralized Key Establishment

L-sensor: KUH 、 KU

L and KRL

H-sensor: KUH 、 KR

H

all LUL and special key KH

KH is used by a symmetric encryption algorithm

KH

newKH

Proposed Scheme(3/4)

Distributed Key Establishment

(1)Send EKRL[Key-request message ]

(L-sensor ID and location)

(2)DKUL[EKR

L

[Key-request message ]]= Key-request message

(3)run Centralized MST algorithm to determine the tree structure

(4) disseminates the parent-child relationships to all L-sensors

(5)Send public key certificate

EKRH[KU

L]

(6)Proves the authenticity of a public key

Proposed Scheme(4/4)

Distributed Key Establishment

u v(1)Send KUu

(2)Send KUv(4)KR

uKUv (3)KR

vKUu

Ku,v = KRuKU

v = KRvKU

u

Performance Evaluation(1/2)Storage Saving

Cluster Head

Other Sensors

E-G Scheme mM mN

Proposed Scheme-

Centralized

(N+3)M 2N

Proposed Scheme-

Distributed

3M 2N

E-G:64-bit keyECC:160-bit keyE-G Scheme : ECC-Centralized : ECC-Distributed= 29.7 : 10.2 : 1

Performance Evaluation(2/2)n :the number of communication neighbors

Security Analysis(1/2) Proposed Scheme

each sensor is preloaded with one unique private key. Each pair of communicating sensor has a different

shared key.

E-G Scheme Compromising probability C(m) =

Σ[(1-(1-m/P)c)j p(j)] / Σp(j)

p(j) = (Pj)(P-j

2(m-j))(2(m-j)m-j) / (p

m)2

p(1) = m!(P-m)!(P-m)!/P!m!(P-2m)!

m

j=1

m

j=1

Security Analysis(2/2)

E-G Scheme Proposed Scheme

Resilience against node capture

C(m) 0

Addition Establishes a key ring

Establishes shared key

Revocation Revokes the key ring

Revokes the shared key

Supported network size

Small large

Suite all needs No No

Evaluation/Comparison metrics

Conclusion & Comment A sensor only communicates with a small

portion of its neighbors Proposed scheme significantly reduces

sensor storage Proposed scheme significantly reduces

Communication overhead Energy consumption while achieving better

performance

How to manages special key KH