Outline

1

A Key Pre-Distribution Scheme Using Deployment Knowledge for Wireless Sensor Networks

Zhen Yu & Yong Guan

Department of Electrical and Computer EngineeringIowa State University

Sep. 15, 2004

2

Outline

1. Introduction

2. Related work

3. Our scheme

4. Evaluation and simulation

5. Conclusions

3

Bootstrapping Problem (1)

Need to encrypt communications between sensor nodes against eavesdropping and node capture.

Bootstrapping problem: How to set up secret keys among nodes

4

Bootstrapping Problem (2)

Limitations of wireless sensor networks:

• Limited power resource;

• Limited computation capacity;

• Limited memory size;

• Limited transmission range r.

General methods cannot be used:

• Public-key cryptography consumes more energy and needs longer time;

• No trusted third party for online key management;

• Storing N-1 pairwise keys is not suitable for large sensor networks;

Solution: key pre-distribution scheme.

5

Basic Scheme

1. Each node picks k secret keys from a large key pool of size m.

2. Two neighboring nodes can establish secure connection if sharing at least one common key.

Key Pool

m keys

k

k

k

m

k

km

p 1

6

Du’s Deployment Knowledge Scheme (1)

Group-based deployment model:

• Drop nodes from a helicopter hanging above some deployment point;

• Divide sensor field into equal-size square grids;

• Divide sensor nodes into groups equally;

• The center of each grid is a deployment point, the expected location of a group of nodes;

• Each group is deployed into a corresponding grid;

• The real location of nodes of each group i follows a normal distribution:

2

22

2

])()[(

22

1),(

iyix yx

i eyxf

7

Du’s Deployment Knowledge Scheme (2)

A B C

D E

Divide a global key pool into multiple key pools

Shared keys between neighboring key pools

Global Key Pool

Global Key Pool

1a 1-a

Key assignment for all the key pools

8

Preliminary: Blom’s Scheme

• D is symmetric

• Public matrix G

• Secret matrix A

A = (DG)T = GTD

• K is symmetric

K = AG = GTDG

• Each node i stores the i-th row of A and the i-th column of G;

• Node i and j exchange their columns of G in plaintext and derive Kij = Kji;

• So G is public, while A is kept secret

• A can be broken after rows compromised.)1(

9

Our Scheme: Overview

Observation: Most neighbors come from the same group or neighboring groups

• Hexagonal deployment

• One public matrix G.

• Multiple secret matrices As and Bs.

• Each node picks rows from A and B.

Assignment of A: Each group has a distinct A.

Assignment of B: Any two neighboring groups share some common B(s).

A: in-group communications.

B: inter-group communications.

Nodes from the same group or neighboring groups can always find common keys.

10

Our Scheme: Assignment of B (1)

• Cluster: 7 neighboring groups

• At most 2 basic groups / cluster

• At most 2 rows / node

• At most 13 affected groups

11

Our Scheme: Assignment of B (2)

• At most 3 basic groups / cluster

• At most 3 rows / node

• At most 16 affected groups

12

Our Scheme: Assignment of B (3)

• At most 1 basic groups / cluster

• At most 3 rows / node

• Max # of affected groups: large

13

Our Scheme: Assignment of B (4)

• Cluster: 9 neighboring groups

• At most 3 basic groups / cluster

• At most 3 rows / node

• At most 21 affected groups

14

Our Scheme: Performance Metrics

• Connectivity:

The probability that the deployed network is connected

• Resilience against node capture:

The fraction of links compromised over the total number of links given some number of nodes are compromised

• Memory requirement:

The number of keys stored

15

Our Scheme: Connectivity Analysis (1)

MN, the longest edge of a random Minimum Spanning Tree

If set , we have

where Pc is the probability that the network is connected when N approaches infinite.

16

Our Scheme: Connectivity Analysis (2)

When nodes are not uniformly distributed, use the lowest node density over sensor field.

Normal distribution over 4x4 hexagonal grids

Lowest node density area

17

Our Scheme: Connectivity Analysis (3)

Constrain neighbors coming from neighboring groups

• Normal distribution: 99.87% nodes reside within 3σ of deployment point;

• Let any two non-neighboring groups be farther away than 6σ;

• So we set ( ) for hexagonal (square) grids.

Deploy 104 nodes into 103x103 m2 field with Pc = 0.9999:

• Our scheme: r = 31.25 m;

• The basic scheme and Du’s scheme: r = 40 m.

32l 3l

18

Our Scheme: Security Metrics

Global security:• The fraction of links compromised given some nodes are compromised

over the entire sensor field.

Local security:• The fraction of links compromised given some nodes are compromised in

some local area.

Simulation:• For local security: suppose nodes are uniformly distributed in each grid

and the compromised nodes come from the same grid.

• Deploy 104 nodes into 103x103 m2 sensor field with Pc = 0.9999

19

Our Scheme: Local Security

• Larger memory size brings a larger ;

• Hexagonal deployment is better than square one due to less affected groups.

20

Our Scheme: Global Security

• Better performance in security than other schemes;

• A lower memory requirement to achieve Pc = 0.9999.

21

Conclusions

• A novel key pre-distribution scheme;

• Hexagonal deployment;

• Smaller transmission range with the same connectivity;

• Better performance in security;

• Lower memory requirement.

22

References

• L. Eschenauer, et al., ''A Key-Management Scheme for Distributed Sensor networks'', in ACM CCS, 2002.

• W. Du, et al., ''A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge'', in IEEE INFOCOM, 2004.

• R. Blom, ''An Optimal Class of Symmetric Key Generation Systems'', in Advances in Cryptology: Proceedings of EUROCRYPT 84, LNCS, vol. 209, pp.335-338, 1985.

• W. Du, et al., ''A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks'', in ACM CCS, 2003.

• M. D. Penrose, ''The Longest Edge of the Random Minimum Spanning Tree'', in The Annals of Applied Probability, Vol. 7, No. 2, pp. 340-361, 1997.