1 / 19

A Key Management Scheme for Distributed Sensor Networks

A Key Management Scheme for Distributed Sensor Networks. Laurent Eschaenauer and Virgil D. Gligor. Introduction. Constraints Problems with Current Solutions Key Distribution Key Revocation, Re-Keying, and Node Capture Resiliency Analysis and Simulation Problems. Constraints. Power

kellsie
Download Presentation

A Key Management Scheme for Distributed Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor

  2. Introduction • Constraints • Problems with Current Solutions • Key Distribution • Key Revocation, Re-Keying, and Node Capture Resiliency • Analysis and Simulation • Problems

  3. Constraints • Power • Computation • Key Transmission • Digital Signatures • Storage Space • Code • Keys

  4. Problems with Current Solutions • Global Keys • Compromise Is Drastic • Pair-Wise Keys • Storage Problems • Inefficiency • Re-keying and Node Additions Are Expensive

  5. Key Distribution • Key pre-distribution phase • Preconfigured keys • Generation of key pool • Randomly chosen sets of keys from key pool  key ring • Probability 2 nodes share key is very high • Key identifiers are remembered by base station, and base station shares key with every node

  6. Key Distribution Cont’d. • Shared key discovery phase • Nodes broadcast key identifiers • If 2 nodes share a key identifier then a secure link is set up • Links at routing layer are only set up if a shared key exists • Can protect this exchange with a encrypted challenge

  7. Key Distribution Cont’d. • Path key establishment phase • Enables two nodes not sharing a key to communicate via a multi-hop link • Relies on the fact that many keys on a key ring remain unused after shared key discovery phase

  8. Revocation • Revoke keys of a compromised node • Base station broadcast a signed message containing all keys to be removed from key ring • To sign message base station generates new key and unicasts it to each node • Node uses this key to verify signature of revocation message

  9. Re-Keying • Keys may have a lifetime shorter than that of node • Nodes simply remove key from key ring and begin shared key discovery phase again

  10. Node Capture Resiliency • 2 threat levels • Sensor input manipulation • Bogus data • Difficult to detect, harder to prevent • Data correlation for redundant sensors • Physical Compromise • Tamper-proof construction

  11. Node Capture Resiliency Cont’d. • Automatic key erasure • Global key = complete compromise • Pair-wise keys = n-1 links to compromised are available • Key distribution scheme = k << n are compromised

  12. Analysis • Probability and Graph Theory • Expected degree of a node to ensure connectivity? • Sizes of key ring, key pool, and network

  13. Analysis Cont’d. • Key sharing probabilities • Logarithmic increase: as network size increases key ring increases logarithmicaly

  14. Simulations • Effects on Network Topology • Dependent on size of key ring • Multi-hop neighbors can use path only once

  15. Simulations Cont’d.

  16. Simulations Cont’d. • Resiliency revisited • Node compromise limits number of links attacker gains access to:

  17. Analysis • Relatively simple operation • Complicated staging and pre-deployment • Need to take future into account when deciding on key-sizes and key-lifetimes. • Achieves relatively low power and computation

  18. Problems • No authentication in key discovery phase • Open to selective forwarding attack: Compromised node C tells hears node A tell node B it has key 4. C then tells A it also has key 4. A might then send info to C, and C can drop packets. • Limited since C can’t actually encrypt anything since it doesn’t actually have key 4.

  19. Problems Cont’d. • Compromised node could keep broadcasting a different key identifier list causing neighbors to waste bandwith searching their key list. • Sibyl attack where compromised node repeatedly sends out different key identifier lists. Possibly making a nodes link table grow too large

More Related