A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks

1. A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department of EECS Syracuse University

2. Overview • Wireless Sensor Networks (WSN). • Key management problem in WSN. • Existing solutions. • Our solution. • Security and performance analysis. • Conclusion and future work.

3. Sensors Deploy Wireless Sensor Networks

4. Sensors Deploy Securing WSN Secure Channels

5. Problem Description • How can each pair of neighboring nodes find a secret key? • Pairwise: secret keys are unique for each pair. • Can be used for authentication.

6. Approaches • Trusted-Server Schemes • Finding trusted servers is difficult. • Public-Key Schemes • Expensive and infeasible for sensors. • Key Pre-distribution Schemes

7. Key Pre-distribution • Goal: Loading Keys into sensor nodes prior to deployment, s.t. any two nodes can find a secret key between them after deployment • Challenges • Security: nodes can be compromised • Scalability: new nodes might be added later • Memory/Energy efficiency • Authentication: pairwise keys

8. Naïve Solutions • Master-Key Approach • Memory efficient, but low security. • Needs Tamper-Resistant Hardware. • Pair-wise Key Approach • N-1 keys for each node (e.g. N=10,000). • Security is perfect. • Need a lot of memory and cannot add new nodes.

9. Eschenauer-Gligor Scheme A m keys (random) B m C m Key Pool S m D E m • E.g., when |S| = 10,000, m=75, the local connectivity p = 0.50 • This scheme is further improved by Chan, Perrig, and Song (IEEE S&P 2003).

10. Our Goal • Pairwise key pre-distribution scheme. • Use Blom Scheme. • Further improvement on performance and resilience. • Use random key pre-distribution scheme.

11. Blom Scheme • Public matrix G • Private matrix D (symmetric). D +1 +1 G N +1 Let A = (D G)T A G = (D G)T G = GT DT G = GT D G = (A G)T

12. Node i carries: Node j carries: Blom Scheme A = (D G)T G (D G)T G j i Kij i = N X Kji j N +1 N

13. G Matrix To achieve -secure: Any +1 columns of G must be linearly independent. Vandermonde matrix has such a property. G =

14. Properties of Blom Scheme • Blom’s Scheme • Network size is N • Any pair of nodes can directly find a secret key • Tolerate compromise up to  nodes • Need to store +2 keys • Our next goal: increase  without increasing the storage usage.

15.  spaces  spaces  spaces Two nodes can find a pairwise Key if they carry a common Key space! Multiple Space Scheme Key-Space Pool (D1, G) (D2, G) (D, G)

16. How to select and? • If the memory usage is m, the security threshold (probablistic) m is • To improve the security, we need to increase /2. • However, such an increase affects the connectivity.

17. Measure Local Connectivity plocal= the probability that two neighboring nodes can find a common key.

18. Plocal for different  and 

19. Security Analysis • Network Resilience: • When x nodes are compromised, how many other secure links are affected?

20. Resilience (p = 0.33, m=200) Blom

21. Resilience (p = 0.50, m =200) Blom

22. Other Analysis • Communication overhead • Computation overhead

23. Improvement:Using Two-hop Neighbors = 7  = 2 = 31  = 2

24. Conclusion • We have proposed a pairwise key pre-distribution scheme for WSN. • We analyzed security, computational overhead, communication overhead. • Our scheme substantially improves the network resilience.

25. Independent Discoveries • The similar scheme is independently discovered by two other groups: • Liu and Ning from NC State (next talk). • Katz and his group from University of Maryland.