Top Banner
Contents Distributed Sensor Networks (DSNs) Key Predistribution Schemes – KPSs A Set System The 3 phases Metrics for the Evaluation of KPSs • Configurations Linear schemes Quadratic schemes Performance comparisons
83

Contents

Jan 18, 2016

Download

Documents

ndubuisi onwa

Contents. Distributed Sensor Networks (DSNs) Key Predistribution Schemes – KPSs A Set System The 3 phases Metrics for the Evaluation of KPSs Configurations Linear schemes Quadratic schemes Performance comparisons. Contents. Distributed Sensor Networks (DSNs) - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 2: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 3: Contents

Introduction

•Distributed sensor networks (DSNs)–What are they?

Page 4: Contents

Introduction

•Distributed sensor networks (DSNs)–What are they?–What for?

•Civilian areas–Forest fire sensors–Sensors of vibrations to predict earthquakes –Sensors of chemical substances to discover pollution

Page 5: Contents
Page 6: Contents

Introduction

•Distributed sensor networks (DSNs)–What are they?–What for?

•Civilian areas–Forest fire sensors–Sensors of vibrations to predict earthquakes –Sensors of chemical substances to discover pollution

•Military applications–Collecting images–Collecting sounds

Page 7: Contents

Requirements

• Accumulate secret information (and relay it to a base station)

• Communicate with each other • As small as possible• Consume little power• Encryption

Page 8: Contents

Encryption• Encryption is the process of transforming

information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

Page 9: Contents

Two trivial examples• Every node is given the same secret “master

key”Low Memory costs

Compromise of a single node would render the network completely insecure and unreliable

• For every pair of nodes and there is a secret key given only to these 2 nodes

Expensive memory costs

Excellent resiliency (security)

iU jUijK

Page 10: Contents

Ways to establish pairwise secret keys

• Using public key protocolsExpensive computational costsIncreased storage requirements

• Establishing a trusted server that can communicate with all the nodes in the network (like Kerberos)

Expensive costs for message relay

• Employing key predistribution schemes (also called KPSs)

Page 11: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 12: Contents

Related Prior Work

• Several schemes were proposed for KPS

• The schemes we will be discussing closely rely on previous work

• We will mention 7 other schemes

Page 13: Contents

The Basic Scheme

• Developed by Eschenauer and Gligor

• 3 Parameters:– n number of nodes– k size of key ring– v size of key space

• Nodes communicate if they have a shared key– Encryption is done using the shared key

Page 14: Contents

The Basic Scheme

• n can grow greatly even for medium values of v and k

vn

k

Page 15: Contents

Basic scheme: Deterministic vs

Randomized Key Rings

Randomized• Keys are chosen by

random• Key ring assignment

is done by random

Deterministic• Keys are still chosen

by random!• Key ring assignment

is deterministic

Page 16: Contents

Basic scheme: Deterministic vs

Randomized Key RingsDeterministic

No overhead

Combinatorial properties are guaranteed.

Shared-key discovery and path key establishments can be done in O(1).

RandomizedSignificant overhead in generating good pasudo-random numbers

Combinatorial properties are not guaranteed (such as connectivity)

Shared-key discovery and path key establishments – O(???)

Page 17: Contents

q Composite Scheme

• Generalization of the Basic Scheme

• Two nodes communicate directly if they have at least q common keys– Encryption key is created using all common

keys

• If q=1 then similar to Basic Scheme, yet different

Page 18: Contents

Camtepe and Yener’s Scheme

• First scheme to use combinatorial designs called Set Systems

• Blocks and points

Page 19: Contents

2005 Lee and Stinson’s Scheme

• Authors of the article

• Set Systems

• Linear polynomials over a finite field

Page 20: Contents

Chakrabarti, Maitra, and Roy’s Scheme

• Start with a certain Set System

• Form key rings by merging blocks

• Larger key rings

• Some performance metrics are improved

Page 21: Contents

Multiple Space Schemes

• Combine basic KPS (set systems) with older KPS such as Blom[1985]

• Inner and outer schemes

Page 22: Contents

Multiple Space SchemesBlom [1985]

Page 23: Contents

Hash Chain Schemes

• Another avenue of research using KPS

• Good resilience

• Bad complexity

Page 24: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 25: Contents

A Set System

• A set system is a pair (X,A)• A is a finite set of subsets of X called blocks• The degree of a point is the number of

blocks containing x• )X,A) is regular if (of degree r) if all points have

the same degree r• The rank of (X,A) is the size of the largest block.• If all blocks have the same size, say k, then

(X,A) is said to be uniform (of rank k)

x X

Page 26: Contents

Example

X={1,2,3,4,5,6,7,8,9}

A={123,456,789,147,258,369

159,267,348,168,249,357}

Page 27: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 28: Contents

The 3 phases

– There are 3 basic operation that should be implemented:

• Key predistribution• Shared-key discovery• Path-key establishment

Page 29: Contents

Key Predistribution Phase

• Choose n and k input parameters

• Center creates a uniform and regular set system with rank k and n blocks

• Center determines q

• Assignment algorithm

• What happens if A is just a set of n random k sized blocks?

Page 30: Contents

Shared-Key Discovery phase• The phase in which 2 nodes determine the

common points in the 2 blocks assigned to them– Suggestion: node i would broadcast the k

points in to each of its neighbors• Suppose that 2 nodes discover that

and have exactly t common points :

if t>=q then they can establish a secret key

iA

,i jU UiA jA

1{ ,..., }a atx x

Page 31: Contents

The secret key

h is a public key derivation function (such as SHA-1)

We are using all the common keys to derive the pairwise key in order to achieve maximum resiliency!

1( || ... || || || )ij a atK h L L i j

Page 32: Contents

Path-Key Establishment phase

• What happens if 2 nodes in wireless communication rage fail to find sufficient number of common keys in the shared-key discovery phase?– They look for multiple secure links (or hops) to

reach each other

Page 33: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 34: Contents

Metrics for the Evaluation of KPSs

• Network Size (denoted by n)

• Key Storage (denoted by k)

• Global connectivity

• Local connectivity

• Resiliency

• Complexity of Shared-Key Discovery and Path-Key Establishment

Page 35: Contents

Network Size

• The number of nodes in a DSN, which we denote by the parameter n.– The number of nodes is usually between 1,000

and 10,000 nodes (or even higher)

– Notice that in some schemes cannot be chosen independently!

Page 36: Contents

Key Storage

• The number of keys per node, which we denote by the parameter k– When we use a combinatorial set system as a

key ring space, the number of keys per node is equal to the rank of the set system , which is denoted by k

Page 37: Contents

Global Connectivity• The communication capabilities of the

network– It is depended on the physical level and the

network level

• The Physical Level is represented by the physical graph

• The Network Level is represented by the block graph– Determined by the structure of the key ring

space

Page 38: Contents

They Key-Sharing Graph

• It is the intersection between the physical graph and the block graph

• We hope that the key sharing graph is connected

• We say that the DSN is globally connected if the key sharing graph is a connected graph

Page 39: Contents

Local Connectivity

• Refers to the situation where nodes that are physically close to each other can establish a short secure communication path between them

• Pr1 – The probability that 2 random nodes share at least q common keys

• Pr2 – The probability that 2 nodes in wireless communication range do not share q common keys but there exist a third node that shares q common keys with each of the first 2 nodes

Page 40: Contents

Resiliency

• When an adversary captures a number of sensor nodes at random we assume that all the keys of information stored in the nodes are revealed to the adversary.

• We want node captures to affect as small a part of the entire network as possible

• The resiliency of the network is estimated by fail(s), which is the probability that a link between 2 fixed noncompromised nodes is affected after s other nodes are compromised

Page 41: Contents

Complexity of Shared-Key Discovery and Path-Key Establishment

• Shared-Key discovery is often done by having the 2 nodes exchange the list of identifiers of the keys they hold

• If the 2 lists are presorted in increasing order of key identifiers then this can be done in time O(k)

• By choosing carefully structured key ring space we can obtain an algebraic description of the key rings

• In that case we can reduce the computational complexity of shared-key discovery to O(1)!!!

Page 42: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 43: Contents

Configurations

• We’ll have q=1 for the rest of the discussion

• (v,n,r,k)-designs

• Necessary condition for existing configuration nk = vr

Page 44: Contents

LEMMA 1

Any vertex (i.e., block) A j in the

block graph GA of a (v, n, r, k)-design, (X,A), has degree at most k(r − 1). Further,

all vertices in GA have degrees equal to k(r−1) if and only if |Ai ∩ A j| ≤ 1

for all , ,i jA A A i j

Page 45: Contents

Configurations

• A (v, n, r, k)-design is called a (v, n, r, k)-configuration if any two distinct

blocks intersect in zero or one point.

Page 46: Contents

LEMMA 2

Suppose we use a (v, n, r, k)-design for a key ring space with

intersection threshold q = 1. Then Pr1 ≤ k(r − 1)/(n − 1).

Further, Pr1 = k(r− 1)/(n− 1)

if and only if the (v, n, r, k)-design is a configuration.

Page 47: Contents

LEMMA 3

A (v, n, r, k)-configuration exists only if nk = vr and v − 1 ≥ r(k − 1).

Page 48: Contents

Complete Block Graphs

• The block graph of a configuration is a complete graph if and only if

k(r − 1) = n − 1

• n << k²

Page 49: Contents

μ-Common Intersection Designs

• Two-hop paths

• Increase choices for best-match common neighbor

Page 50: Contents

μ-Common Intersection Designs

Suppose that (X,A) is a (v, n, r, k)-configuration. We say that

(X,A) is a μ-common intersection design

(or (v, n, r, k;μ)-CID) provided that

whenever Ai ∩ A j = .∅

|{ : } |h i h j hA A A A and A A

Page 51: Contents

Pr1 and Pr2

• η - number of nodes in the intersection of the neighborhoods of the two nodes Ui and Uj.

2 1Pr (1 Pr ) 1 12n

Page 52: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 53: Contents

Linear Schemes

• A Tranversal design TD(k,m) is a Triple (X,H,A)

• X is a finite set of cardinality km

• H is a partition of X into k parts of size m

• A is a set of k-subsets of X called blocks

*

• ** Every pair x,y from different groups occurs in exactly one block in A

Page 54: Contents

Theorem

• If there exists a TD(k,m) then there is a (km, m*m,m,k;k*k-k)-CID

• Proof: it is not hard to see that a TD(k,m) has km points and m*m blocks, every block has size k, and every point ocuurs in m blocks

Page 55: Contents

Proof cont’

• Next, we show that (X,A) is a configuration

• Let A1, A2 be two blocks and suppose that

• Therefore there are 2 points x1, x2 such that

from * x1 and x2 must be from different groups.

from ** we get a contradiction

Page 56: Contents

Proof cont’

• Finally we show that (X,A) is a CID

• Suppose and

where A and B are 2 disjoint blocks

• There is no block containing the pair

but there is unique block containing any pair where

Hence, the design is a common intersection design

2k k{ , }i ix y

{ , }i ix y

Page 57: Contents

LEMMA

• It is well-known (from previous articles) that if p is a prime or prime power, the TD(k,p) can be easily constructed.

Page 58: Contents

Example

Page 59: Contents

Example

• TD(30, 49) key ring space

• (1470, 2401, 49, 30)-1-design

• support up to 2,401 nodes in the network

• every node is required to store 30 keys

Page 60: Contents

Local connectivity

Pr1 and Pr2:

Page 61: Contents

Local Connectivity

Page 62: Contents

Resiliency

Page 63: Contents

Network Size

Page 64: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 65: Contents

Quadratic Schemes

• A Tranversal design TD(t,k,m) is a Triple (X,H,A)• X is a finite set of cardinality km• H is a partition of X into k parts of size m• A is a set of k-subsets of X called blocks

*• ** Every subset of t elements of X from t

different groups occurs in exactly one block in A• A TD(k,m) is identical to a TD(2,k,m)

Page 66: Contents

Theorem

• Suppose (X,H,A) is a TD(3,k,m)• Then every point occurs in exactly blocks,

and every pair of points from different groups occurs in exactly m blocks.

• Further, any block intersects exactly

blocks in one point, exactly blocks in two

points, and is disjoint from exactly

blocks

Page 67: Contents

proof

• Let x,y be any 2 points from different groups. Let H be a group such that . Then for every , there is a unique block containing x,y, and z. Hence, there are m blocks containing x, y and some (because the size of H is m).

• Next, let x be any point and let H be any group such that

. For every , there are m blocks containing x and z. The resulting blocks are distinct and account for all the blocks containing x (this follows from **).

• Now, let A be a block. There are ways to choose 2 points . For each such choice, there are m-1 blocks other than A that contain x and y.

Page 68: Contents

Proof cont’

• The resulting blocks are distinct and account for all the blocks that intersect A in exactly 2 points.

• Suppose there are blocks that intersect A in exactly i points, i=0,1,2. We have shown above that

Now, suppose that . There are (m-1)(k-1) blocks that contain x and exactly one other point from A. There blocks intersect A in exactly 2 points. There remain

blocks other than A that contain x. Since there are k points , it follows that .

• Finally, since the total number of blocks is , it follows that .

Page 69: Contents

Example

• TD(3, 23, 23)

• each node in the network is required to store 23 keys

Page 70: Contents

Local Connectivity

Page 71: Contents

Local Connectivity

Page 72: Contents

Resiliency

Page 73: Contents

Network Size

Page 74: Contents

Contents

• Distributed Sensor Networks (DSNs)• Key Predistribution Schemes – KPSs• A Set System• The 3 phases• Metrics for the Evaluation of KPSs• Configurations• Linear schemes• Quadratic schemes• Performance comparisons

Page 75: Contents

Performance Comparisons

• We will compare the following schemes for different parameter situations:– Basic schmes– 1-composite and 2-composite schemes– Linear schemes– Quadratic schemes

Page 76: Contents
Page 77: Contents
Page 78: Contents
Page 79: Contents
Page 80: Contents
Page 81: Contents
Page 82: Contents
Page 83: Contents

Summarize

• All the schemes are able to support quite large networks.• The basic, 1-composite and linear schemes require quite

large key pools when k is large and Pr1 is small.• The linear scheme has the simplest shared-key

discovery.• As Pr1 decrease the nodes must be distributed more

densely in order to have good local connectivity.• The quadratic and 2-composite schemes have the best

resiliency when k and Pr1 are both large.• There is a trade-off between connectivity and resiliency.• In general, a larger value of k is beneficial for all the

metrics considered.