SecurityIN

WIRELESS SENSOR NETWORKS

Prepared by: Ahmed ezz-eldin

Key Management Approaches

•"Pairwise key establishment" is the fundamental security service allowing nodes to communicate in cryptographic way

•Due to limited resources we can't use any of: -Public-Key-Cryptography -Key-Distribution-Center used in traditional networks.

•Instead, we use: Key Pre(before deployment) - schemes

Key Pre-distribution Schemes

•Symmetric-key schemes:"one key for encryption and decryption"

1-Unique Random key.2-Networkwide shared key.3-Probabilistic key pre-distribution.4-Polynomial based key pre-distribution.

•Public-key schemes:"one key for encryption, while the other for decryption"

1-Elliptic Curve Cryptography.

Unique Random Key

•Each node is assigned unique random key.

•To communicate with any node, must use its key.

•Introduces huge storage overhead: network of n nodes, each must store (n-1) keys.

Networkwide Shared Key

•Master/Global key used by all nodes.

•Compromise of even a single node would reveal the secret key and allow decryption of all traffic.

•One variant is to establish a set of link keys with other neighbornodes, then erase the master key.

•Does not allow new nodes to be deployed.

Probabilistic Key Pre-distribution

•Setup server generates large pool of random keys each is assigned unique ID.

•Each node randomly picks subset of keys from the key pool and their Ids.

•Any 2 nodes can communicate with each other if share a common key.

•After deployment, two nodes need to communicate, send list of key IDs they hold, and use common keys for communication.

•The probability of sharing at least one common key is as follows:S : key Pool size.S': Subset size at node.

•If don't have a common key .... need to find number of other nodes to help establish a session key ( called path key ).

•This technique needs less memory and can guarantee a high probability of sharing common key between two nodes.

•But small number of compromised nodes will disclose a large fraction of secrets, as single key may be shared by more than two nodes.

•For more security, q-composite scheme is proposed, where two nodes setup pairwise key iff they share at least q-common keys.

Polynomial key Pre-distribution

•The Setup server randomly generates a bivariate t-degree polynomial over finite field Fq, where f(x,y)=f(y,x).

•For node with id i, setup server will compute polynomial share of f(x,y)->f(i,y) which is pre-loaded for node i.

•Nodes i and j, can compute common key f(i,j) as follows: -node i evaluates f(i,y) at point j gets f(i,j). -node j evaluates f(j,y) at point j gets f(j,i).

•Each node needs "(t+1)log q" storage places to store polynomial f(i,x).

•Large mathematical overhead.

•However, no communication overhead, as what is needed is the id of the other node.

Elliptic Curve Cryptograhy

•ECC is a lightweight type of public key cryptography.

•Usually used in heterogeneous sensor networks.

•Sensor network contains nodes, gateways and base-station.

•Gateways are powerful in terms of energy, computation and memory.

•Before deployment, server generates and pre-loads keys based on ECC into senosr and gateways as follows:

•Sensor node is pre-loaded with:Unique id.

Its own public and private keys. Public key of all gateways in the network.

•Gateway is pre-loaded with:Unique id.Its own public and private keys.Public key of the base station.public key of all sensor nodes in the network.

•Sensor nodes are randomly deployed.

•Gateways are deployed such that each node can hear form at least one gateway.

•Each gateway Gj broadcasts message Bj to all sensor nodes.

•Each node selection will be based on Signal-to-Noise-Ratio.

•Each sensor node ni can verify the message using the public key of the gateway.

•Sensor node sends a session-key request to the gateway node, holding list of its neighbors ni'.

•Gateway sends the ECC encrypted pairwise key between the node i and its neighbor node I'.

•Node i decrypts the message received.

•Assuming that gateways are tamper proof.

•An adversary is unable to impersonate the identity of any node except by capturing it.

•Obviously capturing node ni reveals:Its (PUi , PRi )Pubic key of all gatewaysReveals no info of links not communicate directly with it.

• Capturing node does not effect the security of the rest nodes, as no reveal for private keys of other nodes.

References

*"A Key Management Scheme for Cluster Based Wireless Sensor Networks" 2008 IEEE/IFIP International Conference.*"Security in wireless sensor networks" communication of the ACM june 2004/Vol 47.*"Security for wireless sensor networks" Advances in information security springer.*"Analyzing the Key Distribution from Security Attacks in Wireless Sensor" Piya Techateerawat and Andrew Jennings.*"Secure Clustering and symmetric key establishment in heterogeneous wireless sensor newtorks"Research article Reza Azarderskhsh and Arash reyhani.*"Cryptography and Security in Wireless Sensor Networks" Pyrgelis Apostolos, University of Patras.*”Security and Privacy in Sensor Networks” Haowen Chan and Adrian Perrig, Carnegie Mellon University.