Random Key-Assignment for Secure Wireless Sensor Networks

1. Random Key-Assignment for Secure Wireless Sensor Networks Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei

2. Sensor nodes • Limited memory • Limited computational power • Limited energy

3. Secure microcontroller

4. Threat Model • Passive attacks • Cipher text attacks • Active attacks • Take control of a sensor node • Unfriendly environment • Nodes only trust themselves

5. Goals • Secure pairwise communication • Memory efficient • Energy efficient • Tolerate the collusion of a set of corrupted sensors

6. Naïve solutions • Have one master key • Can’t tolerate nodes being taken over • Each node stores a seperate key for every other node • Requires too much space • Expensive to add more nodes later • Tradeoff • Use less memory, but have only a probabilistic tolerance to nodes being taken over

7. Requirements • One way hash function • Symmetric encryption • Keyed hashed function • Pseudo-random number generator

8. The direct protocol • A key deployment scheme • A key discovery procedure • A security adaptive channel establishment procedure

9. Key deployment Method used in A key-management scheme for distributed sensor networks: • A pool of P random keys is generated • Each sensors takes k random keys from the pool

10. Inefficient key discovery • Challenge is encrypted using each key and then broadcasted • Needs to perform k^2 decryptions on receiver side and k encryptions on the sender side • At least k messages have to be sent

11. Key deployment II • Also used in A key management scheme for distributed sensor networks • Instead of challenge response, submit the indexes • Less secure, as a smart attacker can easily find the nodes that have the key it wants

12. Key deployment III Method used in Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach: • A pool of P random keys is generated • k indexes into the pool are created pseudo-randomly with a publicly known seed dependent on the node id. • Less secure than challenge-response, but can be improved

13. Channel existence

14. Channel establishment • Find out which keys are shared and xor them together • An attacker needs to know all shared keys

15. Corruption probability – P=1000

17. Corruption Probability – k=120

18. The cooperative protocol

19. The C set • Nearby sensors • Weaker against geographically attacks • Random • Larger communication overhead • Individual properties • More trusted nodes can give higher security

20. Upper bound • They give an upper bound on the probability that the channel between two nodes is corrupted, given w corrupted nodes

21. Features of cooperation protocol • Sensor failure resistent • Can add more sensors if required • No information leakage • Sensors in the C set only transmits hash values of their keys • Adaptiveness • If an upper bound of w is known, C can be chosen to secure communication with a desired probability. • Load balance • a sends c+1 message, sensors in C send 1, tot=2c+1 • Only done once during setup

22. DoS Attacks of Malicious Cooperators • Sensor doesn’t respond • After timeout, node a can pick another node • Sensor sends correct key • Lowers security • Sends false key • Can pick another C set • Notify trusted base-station • Aware that network is under attack

23. Authentication • If node a has the keys that node a should have, according to the pseudo-random number generator, it’s probable that a is a.

24. P=1000 and w=8

25. P=1000 w=16

26. P=10000 w=32

27. Efficient and Secure Pre-deployment (ESP) • M = {} • for all keys k in P • z = RND(id||k) • if(z%(|P|/m)==0) • put k into M • |M| must be less than memory size but larger than the security constraints • Discard ID if conditions not satisfied

28. Generated IDs

29. Direct protocol