key management for wireless sensor networks n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Key management for wireless sensor networks PowerPoint Presentation
Download Presentation
Key management for wireless sensor networks

Loading in 2 Seconds...

play fullscreen
1 / 22

Key management for wireless sensor networks - PowerPoint PPT Presentation


  • 129 Views
  • Uploaded on

Key management for wireless sensor networks. Sources: ACM Transactions on Sensor Networks, 2(4), pp. 500-528, 2006. Sources: Computer Communications, 30(9), pp. 1964-1979, 2007. Reporter: Chun-Ta Li ( 李俊達 ). Outline.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Key management for wireless sensor networks' - gloria-sweet


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
key management for wireless sensor networks

Key management for wireless sensor networks

Sources: ACM Transactions on Sensor Networks, 2(4), pp. 500-528, 2006.

Sources: Computer Communications, 30(9), pp. 1964-1979, 2007.

Reporter: Chun-Ta Li (李俊達)

outline
Outline
  • LEAP+: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks [ACM Transactions on Sensor Network]
    • Introduction
    • Zhu et al.’s scheme
  • Key Management for Long-Lived Sensor Networks in Hostile Environments [Computer Communications]
    • Chorzempa et al.’s scheme
    • Comparisons
  • Comments

2

2

introduction
Introduction
  • Security of wireless sensor networks

Micro Sensor Nodes

Aggregation and Forwarding Nodes

MSN

Base Station

MSN

AFN

MSN

AFN

BS

MSN

MSN

MSN

MSN

MSN

AFN

MSN

MSN

MSN

MSN

BS

MSN

MSN

MSN

AFN

cluster

BS

// symmetric shared keys

MSN

MSN

// multiple keying mechanism

introduction cont
Dynamic keying in a hierarchical WSN

Establishing individual node keys

Establishing pairwise shared keys

The basic scheme

The extended scheme

Establishing cluster keys

Establishing global key

Clustering and key setup

Node addition

Key renewal

Recovery from multiple MSN node captures

Re-clustering after AFN capture

Introduction (cont.)

[Zhu et al.’s scheme]

[Chorzempa et al.’s scheme]

zhu et al s scheme
Zhu et al.’s scheme

MSN

MSN

MSN

Base Station

MSN

MSN

BS

MSN

MSN

MSN

Micro Sensor Nodes

MSN

MSN

// sensors are not mobile

// neighboring nodes of any sensor are not known in advance

MSN

// BS will not be compromised

zhu et al s scheme cont
Zhu et al.’s scheme (cont.)
  • Four types of required keys
    • Individual Key: MSN <-> BS (MSN can compute a MAC for ensuring validity of its sensed readings to BS)
    • Global Key: all MSNs (BS may broadcast queries or commands to the entire network)
    • Cluster Key: MSN <-> neighbors (securing locally broadcast message)
    • Pairwise Shared Key: MSNa <-> MSNb
zhu et al s scheme cont1
Zhu et al.’s scheme (cont.)
  • Notations
    • N is the number of nodes in the network.
    • u, v are principals such as communicating nodes.
    • {fk} is a family of pseudo-random function.
    • {s}k means encryption message s with key k.
    • MAC(k,s) is the message authentication code of message s using a symmetric k.
    • {Tmin, Test} are two types of time interval, where Tmin > Test.
    • KIN is an initial key
    • Ku is a master key belongs to node u such that Ku = fKIN(u).
zhu et al s scheme cont2
Zhu et al.’s scheme (cont.)
  • Establishing Individual Node Keys (IKu)

u

BS

IKu = fKm(u)

// f is a pseudo-random function

// Km is a master key known only to BS

// Each node has a unique id u

zhu et al s scheme cont3
Zhu et al.’s scheme (cont.)
  • Establishing Pairwise Shared Keys (Basic)
    • Key predistribution
    • Neighbor discovery
    • Key erasure (when its timer expires after Tmin)

// KINis an initial key known to each node

u

BS

Ku = fKIN(u)

// Each node u derives a master key Ku

u

neighbors

1. HELLO(u)

v

u

// Kuv = fKv(u) = fKu(v) = Kvu

2. v, MAC(Kv, u|v)

u

Node u erases KIN and all master keys (Kv)of its neighbors (no erasure Ku)

zhu et al s scheme cont4
Zhu et al.’s scheme (cont.)
  • Establishing Pairwise Shared Keys (Extended)
    • Key predistribution
    • Neighbor discovery
    • Key erasure

u

BS

KiIN

Kju = fKjIN(u), i < j < M

u

neighbors

1. HELLO(u,i)

v

u

// Kuv = fKiv(u) = fKiu(v) = Kvu

2. v, MAC(Kiv, u|v)

u

Node u erases KiIN and all master keys (Kiv)of its neighbors (no erasure Kiu or any other preloaded master keys Kju where i < j < M)

zhu et al s scheme cont5
Zhu et al.’s scheme (cont.)
  • Establishing Cluster Keys (Kci)

one-way key chain HCv

(Kcv)Kvu

u

v

Kcu

Kcv

(Kcu)Kuv

(Kcu)Kuw

(Kcv)Kvw

one-way key chain HCu

(Kcw)Kwv

(Kcw)Kwu

one-way key chain HCw

w

Kcw

// When node u is revoked, every neighbor node generate a new cluster key and transmits it to all other neighbors

zhu et al s scheme cont6
Zhu et al.’s scheme (cont.)
  • Rekeying the Global Key k’g (when a compromised node is detected)
    • Authenticated Node Revocation
    • Secure Key Distribution

The value of hash chain

BS

M = u, fk’g(0), kTi, MAC(kTi, u | fk’g(0))

x

v

// If verification is successful,

Broadcast M

t

u

  • v and w will remove its pairwise key shared with u

w

  • v and w will update its cluster key
  • v and w will store fk’g(0) temporarily

(k’g)KcBS

(k’g)Kci

BS

zhu et al s scheme cont7
Zhu et al.’s scheme (cont.)
  • Integration of the pairwise key establishment phase with the cluster establishment phase

v

u

1. HELLO(u)

2. v, {Kcv}Kv, MAC(Kv, u | v | {Kcv}Kv)

3. u, {Kcu}Kuv, MAC(Ku, u | {Kcu}Kuv)

chorzempa et al s scheme
Chorzempa et al.’s scheme

Aggregation and Forwarding Nodes

Micro Sensor Nodes

Base Station

MSN

MSN

MSN

AFN

BS

AFN

MSN

MSN

MSN

MSN

AFN

MSN

MSN

MSN

MSN

MSN

chorzempa et al s scheme cont
Chorzempa et al.’s scheme (cont.)
  • Location training

=>

CEM

=>

neighbors

IDAFN1

ID1

ID2

Coordinate Establishment Message (CEM)

  • hopcountNj+1 < hopcountNi

 Reassign to AFN2

(IDAFN2)

(IDAFN1)

  • hopcountNj+1 > hopcountNi

 Discard CEM

(IDAFN1)

=

(IDAFN1)

  • hopcountNj+1 > hopcountNi
  • MSNs have completed neighbor discovery

 Unicast CEM to its primary AFN1

(IDAFN2)

(IDAFN1)

  • AFN is aware of one-hop MSNs
chorzempa et al s scheme cont1

Kt1

AFN

Kt2

M1

Kt1

M3

M2

M4

Kt2

Chorzempa et al.’s scheme (cont.)

Number of MSN nodes in a cluster

  • Three types of required keys
    • Administrative key set (k+m), EBS(n,k,m)
    • Pairwise secret key Kpi (BS<->MSN)
    • Tree administrative key Kti

hold

not hold

Kp1

Kp3

Kp4

An example of EBS(10,3,2)

Kp2

A cluster view

Update a session key Kg with Kg’

(k + m broadcasts)

(EBS; Exclusion Basis System)

chorzempa et al s scheme cont2
Chorzempa et al.’s scheme (cont.)
  • If N1 is captured (replace administrative keys and session keys known to N1)
  • Non-colluding node captures (|y|=2; N1, N6)

IDAFN||EKa4(EKa2(Ka1’~Ka5’))

IDAFN||EKa5(EKa2(Ka1’~Ka5’))

IDAFN||EKa4(EKa3(Ka1’~Ka5’))

IDAFN||EKa5(EKa3(Ka1’~Ka5’))

(m broadcasts)

(my broadcasts)

chorzempa et al s scheme cont3

tree1

AFN

tree2

M1

M1

M2

M3

M4

M5

M6

tree1

Sc

M4

M2

M5

K1

0

1

1

0

1

1

tree2

tree1

K2

1

0

1

tree2

1

0

1

M3

M6

Sut

K3

1

1

0

1

1

0

Chorzempa et al.’s scheme (cont.)
  • Colluding node captures (Administrative key recovery) (EBS(6,2,1))

Kt2

Kt2

Kt2

EKt2(EK1(K1’)||EK2(K2’)||EK3(K3’))

chorzempa et al s scheme cont4
Chorzempa et al.’s scheme (cont.)
  • Reactive re-clustering after AFN capture
    • membership list

(location training)

BS

capture

AFNa

AFNb

absorption

AFNb

BS

MSN

MSN

MSN

MSN

EKAFNb(KAFNb-Ni || IDNi) || TicketNi ,

TicketNi = EKpi(KAFNb-Ni || IDAFNb || IDNi || routeNi-AFNb || nonce)

Ni

AFNb

IDNi || IDAFNb || EKAFNb-Ni( administrative keys)) || TicketNi

chorzempa et al s scheme cont5
Chorzempa et al.’s scheme (cont.)
  • MSN addition

BS

AFNa

AFNb

Old

New

=>

neighbors

1.

hello

Old

Old

Old

Old

New

Old

2.

neighbors

hello

hello

Old

New

Old

Old

Old

Old

IDNi || IDAFNp || hopcountNi

AFNa

Old

New

3.

New

5.

BS

(IDNnew || IDAFNa || nonce) || MACKpi

TicketNnew = EKpi(KAFNa-Nnew || IDAFNa || IDNnew || nonce)

AFNa

BS

4.

(IDNnew || IDAFNa || nonce) || MACKpi || MACKAFNa

comparisons
Comparisons

n: the number of neighbors

comments
Comments
  • In Zhu et al.’s scheme, an old node is unable to establish a pairwise key with a new node.
  • In Chorzempa et al.’s scheme, it lacks the mechanism of pairwise key establishment for any two sensors.