1 / 28

A Key-Management Scheme for Distributed Sensor Networks

A Key-Management Scheme for Distributed Sensor Networks. -Laurent Eschenauer - Virgil D. Gligor Presented by Vishal S. Jadhav. Agenda. Introduction Basic Scheme

sidney
Download Presentation

A Key-Management Scheme for Distributed Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Key-Management Scheme for Distributed SensorNetworks -Laurent Eschenauer -Virgil D. Gligor Presented by Vishal S. Jadhav

  2. Agenda • Introduction • Basic Scheme • Key Predistribution Phase • Shared Key Discovery Phase • Path Key establishment Phase • Revocation • Resiliency to sensor node capture • Analysis • Simulation • Conclusion

  3. Abstract • DSN’s are ad-hoc networks with limited computational ability. • They allow dynamic addition and removal of nodes from the network. • They may be subjected to surreptitious use by the enemy. • DSN's require cryptographic protection of communications, sensor-capture detection key revocation and sensor disabling.

  4. Cont.. • In this paper we present a key management scheme for operational and security requirements of DSN. • The scheme includes selective distribution and revocation and rekeying of keys to sensor nodes. • It relies on probabilistic key sharing among nodes of random graph.

  5. Introduction • Distributed Sensor Networks and Wireless Embedded Networks:- • Similarities • Both have limited computational capability and rely on wireless communication through radio signals or optical links. • Both include data collection nodes and control nodes. • nodes are highly mobile

  6. Differences:- • DSN’s scale is orders of magnitude larger than that of embedded wireless networks. • DSN’s allow deletion, addition dynamically without actual physical contact. • They can be deployed in hostile areas. How can we secure communication in DSNs?

  7. Traditional Ways to secure communications • The best ways are symmetric-key ciphers, low-energy,authenticated encryption modes and hash functions are the tools of choice for protecting DSN communications. • Problems:- • Traditional approaches are impractical for DSN as their network topology is unknown,range limitations. Key-Predistribution is a feasible way.

  8. Problems with Traditional Key Distribution • single mission key-It compromises the whole system. • a set of separate n-1 keys- each being pair-wise privately shared with another node, must be installed in every sensor which renders it is impractical for DSNs. • Pair-wise private key sharing between any two sensor nodes is unusable • Incremental addition and deletion as well as re-keying of sensor nodes could become both expensive and complex • A dedicated RAM memory for storing n - 1 keys would push the on-chip, sensor-memory limits for the foreseeable future.

  9. Overview of Basic Scheme:- • Key Distribution • Generation of Keys and key identifiers • Random drawing of keys to establish key-ring of sensor • Loading the key ring in memory of each sensor. • Saving of the key identifiers and associated sensor identifier on a trusted controller node. • Loading the controller node with key shared with that node. • Revocation • Re-Keying • Resiliency to Sensor-Node Capture

  10. Key Distribution Phase • Shared key discovery phase- It takes place during intialization,each node discovers its neighbor and who it shares a key with. This can be done by broadcasting list of identifiers on the key ring. • To avoid broadcasting we can also use private shared key discovery. • For example, for every key on a key ring, each node could broadcast a list α,EKi(α), i = 1, · · · , k, where α is a challenge. The decryption of EKi (α) with the proper key by a recipient would reveal the challenge α and establish a shared key with the broadcasting node. • This would force attacker to perform traffic analysis to discover the pattern of key sharing.

  11. Pair wise key sharing

  12. Shared Key Discovery Phase • The shared-key discovery phase establishes the topology of the sensor array as seen by the routing layer of the DSN. • A link exists between two sensor nodes only if they share a key; and if a link exists between two nodes, all communication on that link is secured by link encryption. • It may be possible that a set of nodes share the same key. It does not matter as in normal operation the nodes trust each other and during revocation removal of keys for a node ensures that keys are removed network wide.

  13. Path-key establishment phase • In this phase we assign a path-key between the two sensor nodes which do not have direct path between but are connected by 2 or more links. • The design of DSN is such that no. of keys on key ring are left unassigned to any link. • Such provisioning of having some keys unassigned helps further during revocation or incremental addition of nodes as this may require shared key discovery phase and path key establishment to be done again

  14. Revocation • Revocation needs to be done when a sensor node is compromised. • A controller node broadcasts a single revocation message containing a signed list of k key identifiers for the key ring to be revoked. • To sign the list of key identifiers, the controller generates a signature key Ke and unicasts it to each node by encrypting it with a key Kci. • After obtaining the signature key, each node verifies the signature of the signed list of key identifiers, locates those identifiers in its key ring, and removes the corresponding keys(if there).After this reconfiguration of nodes may be required.

  15. Re-Keying • Although it is anticipated that in most DSNs the lifetime of a key shared between two nodes exceeds that of the two nodes, it is possible that in some cases the lifetime of keys expires and re-keying must take place. • Re-keying is equivalent with a self-revocation of a key by a node • After expired-key removal, the affected nodes restart the shared-key discovery and, possibly, the path-key establishment, phase.

  16. Resiliency to Sensor-Node Capture • It can be done in following ways:- • Active manipulation of Sensor inputs. • data correlation analysis and data-anomaly detection • Complete Physical Control of Adversary • “sleep-deprivation attack” • tamper-detection technologies Key Distribution much more robust. • K<<n keys of single ring are obtained • Attacker has n/p chance to attack succesfully

  17. Analysis • Notation • p : probability that a shared key exists between two nodes • n : # of network nodes • d : d = p(n-1) • expected degree of a node • average # of edges connecting that node with its graph neighbors • To establish DSN shared-key connectivity • What value should d so that a DSN of n nodes is connected ? • Given d and the # of nodes n’ in a neighborhood, what value should the key ring size, k, and pool, P ?

  18. Random Graph Theory • For a random graph G(n,p) • n nodes – probability p that a link i~j exists • degree of a node: d = p*(n-1) • Erdos – Renyi (1960) • if • with c any real constant then • Pr[connected] = .99999 when c chosen to be 11.5 Given n we can find d so as to have a connected graph with desired Pr

  19. Analysis 24 Pr=99.9999% 22 Pr=99.999% 20 Pr=99.99% 18 16 Pr=99.9% d (degree of node) 14 Pr=99% 12 10 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 n (number of nodes)

  20. Analysis • This figure shows that, to increase the probability that a random graph is connected by one order, the expected degree of a node increases only by 2. • Moreover, the curves of this plot are almost flat when n is large, indicating that the size of the network has insignificant impact on the expected degree of a node required to have a connected graph.

  21. Analysis • Given d and the # of nodes n’ in a neighborhood, what value should the key ring size, k, and pool, P ? • p’ : probability of sharing a key between any two nodes in a neighborhood • Using Stirling Approximation:

  22. Scenario • 10,000 nodes – physical topology is connected • Neighborhood connectivity, n’, of 40 nodes • Pr[Graph is connected] chosen to 99.999 % • Analysis • c =11.5, p = (ln(10,000)+11.5)/10,000= 2*10-3 • Average degree d = p*(n-1) =20 • Because of neighborhood constraint p’=d/(n’-1) = 0.5 • If pool of P = 100,000 keys • Each node needs to have k =250 keys. • Assuming 128 bit keys + 16 bit index : 4Kb memory

  23. Figure 2: Probability of sharing at least one keywhen two nodes choose k keys from a pool of size P

  24. Simulation • Average path length at the network layer

  25. Path length to neighbors

  26. Usage of the keypool (P=10000)

  27. Conclusion • Relatively Simple and depends on Probabilistic Key Sharing. • Scalable • Accommodates DSN from 10 to 100,000 nodes and more • Permits incremental addition of sensor nodes • Flexibility • Saves Sensor-Cost and Memory • Can be used in hostile and adaptive environments • Secure • Compromise of key affects few links.[k/p] • Revocation and Re-Keying possible easily.

  28. References • http://www.ee.kth.se/~mabenr/jbLecturesTwoThree/2002-Eschenauer-keymgmt.ppt • http://camars.kaist.ac.kr/~hyoon/courses/cs710_2004_fall/AKeyMana.ppt

More Related