Random Key-Assignment for Secure Wireless Sensor Networks Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei
Feb 23, 2016
Random Key-Assignment for Secure Wireless Sensor
NetworksRoberto Di Pietro, Luigi V. Mancini and
Alessandro Mei
Limited memory Limited computational power Limited energy
Sensor nodes
Secure microcontroller
Passive attacks◦ Cipher text attacks
Active attacks◦ Take control of a sensor node
Unfriendly environment Nodes only trust themselves
Threat Model
Secure pairwise communication Memory efficient Energy efficient Tolerate the collusion of a set of corrupted
sensors
Goals
Have one master key◦ Can’t tolerate nodes being taken over
Each node stores a seperate key for every other node◦ Requires too much space◦ Expensive to add more nodes later
Tradeoff◦ Use less memory, but have only a probabilistic
tolerance to nodes being taken over
Naïve solutions
One way hash function Symmetric encryption Keyed hashed function Pseudo-random number generator
Requirements
A key deployment scheme A key discovery procedure A security adaptive channel establishment
procedure
The direct protocol
Method used in A key-managementscheme for distributed sensor networks:
A pool of P random keys is generated Each sensors takes k random keys from the
pool
Key deployment
Challenge is encrypted using each key and then broadcasted
Needs to perform k^2 decryptions on receiver side and k encryptions on the sender side
At least k messages have to be sent
Inefficient key discovery
Also used in A key management scheme for distributed sensor networks
Instead of challenge response, submit the indexes
Less secure, as a smart attacker can easily find the nodes that have the key it wants
Key deployment II
Method used in Establishing pair-wise keys forsecure communication in ad hoc networks: Aprobabilistic approach: A pool of P random keys is generated k indexes into the pool are created pseudo-
randomly with a publicly known seed dependent on the node id.
Less secure than challenge-response, but can be improved
Key deployment III
Channel existence
Find out which keys are shared and xor them together
An attacker needs to know all shared keys
Channel establishment
Corruption probability – P=1000
Corruption Probability – k=120
The cooperative protocol
Nearby sensors◦ Weaker against geographically attacks
Random◦ Larger communication overhead
Individual properties◦ More trusted nodes can give higher security
The C set
They give an upper bound on the probability that the channel between two nodes is corrupted, given w corrupted nodes
Upper bound
Sensor failure resistent◦ Can add more sensors if required
No information leakage◦ Sensors in the C set only transmits hash values of
their keys Adaptiveness
◦ If an upper bound of w is known, C can be chosen to secure communication with a desired probability.
Load balance◦ a sends c+1 message, sensors in C send 1,
tot=2c+1◦ Only done once during setup
Features of cooperation protocol
Sensor doesn’t respond◦ After timeout, node a can pick another node
Sensor sends correct key◦ Lowers security
Sends false key◦ Can pick another C set◦ Notify trusted base-station◦ Aware that network is under attack
DoS Attacks of Malicious Cooperators
If node a has the keys that node a should have, according to the pseudo-random number generator, it’s probable that a is a.
Authentication
P=1000 and w=8
P=1000 w=16
P=10000 w=32
M = {} for all keys k in P
◦ z = RND(id||k)◦ if(z%(|P|/m)==0)
put k into M
|M| must be less than memory size but larger than the security constraints
Discard ID if conditions not satisfied
Efficient and Secure Pre-deployment (ESP)
Generated IDs
Direct protocol