Download
1 / 22
240 likes | 431 Vues
An Efficient Key Management Scheme in Hierarchical Sensor Networks,2005. Author: Xiao Chen and Jawad Drissi. 1. Outline. Introduction Hierarchical sensor network model Key Management Scheme Communication by keys Analysis of the Effectiveness of the Scheme Conclusion.
E N D
An Efficient Key Management Scheme in Hierarchical Sensor Networks,2005 Author: Xiao Chen and Jawad Drissi
1. Outline • Introduction • Hierarchical sensor network model • Key Management Scheme • Communication by keys • Analysis of the Effectiveness of the Scheme • Conclusion
1.1 Sensor network limitation • Vulnerability of physical capture • Limited memory resources • Limited bandwidth and transmission power
1.2 key management scheme design goals • Resilience against sensor capture:防止某一sensor被攻破,就使得節點全被攻破 • Scale : The key management scheme should still be working well with the increase of sensor numbers.
1.3 Traditional key distribution scheme • A single key for the whole network:This scheme has the problem of compromising the whole network when any sensor is captured. • A pair-wise shared key between every pair of sensor:This scheme requires each sensor to storen-1 shared keys.
2.Hierarchical sensor network model • A bubble represents a group. • The dots within a bubble represent group members . • Group member can communicate with each directly ,such as A and B. • The high commander C can directly communicate with A or B. • In order to let two sensors communicate securely , symmetric-key cryptography is used. R L1 D E L2 F C L3 L4 B A
3. Key Management Scheme • 3.1Group key: Each group should have a group key so that all the members in a group can use it to communicate with each other. The key should be known to their commander so that it can send a command to the group encrypted by this key. EX.A want to communication with B, it will encrypt the message using group key KG{AB} A→ {B} : {m} K G{AB} C B A
3.2 Down-level Group Key: All sensors (except leaf) should store the down-level group key of the group it directly leads. It can use the key to give commands to the group. C B A C 的down level group key KG{AB} = A 和 B 的 group key KG{AB}
3.3 Up-level Pair-wise Key: Each member (except root) in a group should have a private pair-wise key with its direct commander. EX. B want to communicate with D, it will send the message to C using the up-level pair-wise key between B and C, and then C will relay the message to D using the up-level pair-wise key between C and D. B → {C} : {m} KBC ; C → {D} : {m} KCD . C D B A
3.4 Down-level Pair-wise Key: Each sensor (except leaf) should have a down-level pair-wise key with each of the group members it directly leads. EX. C want to communicate with A, it will send the message using down-level pair-wise key between C and A. C → {A} : {m} KCA . C B A Down-level group key K CA = Up-level group key K AC
EX. D E A → {C} : {m} KAC using up-level pair-wise key C → {D} : {m} KCD using up-level pair wise key D → {E} : {m} KG {DE} using group key E → {F} : {m} KEF using down-level pair-wise key F C A
4. sensor addition,deletion and replacement • 3.1 sensor addition (a single sensor or a sensor with a subtree ) Step1:It will contact its direct commander. Step2:Its commander will generate a downlevel pair-wise key to be shared with the new sensor. Step3:send the new sensor its downlevel group key encrypted by the downlevel pair-wise key.
Example: Sensor addition N will join the group of C. D generate a down-level pair-wise key KDN to be shared with N (即為N的up-level pair-wise key KND) 再用down-level pair-wise key把down level group key加密後傳給N(即為N之group key) D→ {N} : { KG {CN} }KDN D E C N F A
4.2 Sensor deletion Step1:Its direct commander will generate a new group key. Step2:It will remove the down-level pair-wise key shared with this sensor from its memory. Step3:If the leveling sensor has a subtree, it will take all its off-springs out of the network.
N want to leave the network. D will generate a new group key KG {CH} ,and send it to sensors C and H. D→ {C} : { K G (CH} } K DC D→ {H} : { K G {CH} } K DH And then D will remove the down-level pair-wise key K DN from its memory. D E Example : sensor deletion C N F H
4.3 Sensor replacement Step1:Its direct commander will generate a down-level pair-wise key with the new sensor. Step2:The commander changes the group key of the group it leads and send the new group key to all the group members. Step3:If the new sensor is not a leaf, after deployment, it will send each of its subordinates a new down-level pair-wise key for future communication and change their group key.
Example: Sensor replacement R Sensor N needs to be replaced by a new sensor M. D generate a new down-level key KDM to shared with M. D changes the group key .K G {CHM} D → {C} : {K G {CHM} }K DC D → {H} : {K G{CHM} }K HC D → {M}: {K G{CHM} }K MC If M is not a leaf, M generate new down-level pair-wise keys KMI and KMJ M generate a new group key K G{IJ} D C N M H I J
5. Analysis of the Effectiveness of the Scheme • Suppose there are n sensors on the network, the depth of the tree is d, if the tree is a complete tree, the number of sensors in a group is approximately logdn.
5.2 各點所存的KEY個數 Example: R C D B A R包含:group key K G{CD}downlevel key KRC ,K RDA,B: Group key KG {AB} ,uplevel Pair-wise key KAC, KBC C包含: group key K G {CD} Downlevel group key KG {AB} downlevel key KCA ,K CB uplevel Pair-wise key KCR
6. Conclusion • bring down the storage size • bring down the number of message sent in updating to O(logdN)
7.Commends • 若將替代之節點早已被攻破,commander如何識別跟預防? • 一群點中如何去挑選commander? • 由於sensor的限制,群無法容納太多的成員
