Resilient and highly connected key predistribution schemes for wireless sensor networks
Ergun, Murat (2010) Resilient and highly connected key predistribution schemes for wireless sensor networks. [Thesis]
Wireless sensor networks are composed of small, battery-powered devices called sensor nodes with restricted data processing, storage capabilities. Sensor nodes collect environmental data, such as temperature, humidity, light conditions, and transmit them using their integrated radio communication interface. In real life scenarios, the exact position of a node is not determined prior to deployment because their deployment methods are arbitrary. Wireless sensor networks may be used for critical operations such as military tracking, scientific and medical experiments. Sensor nodes may carry sensitive information. In such cases, securing communication between sensor nodes becomes an essential problem. Sensor nodes may easily be impersonated and compromised by malicious parties. In order to prevent this, there is a need for some cryptographic infrastructure. Public key cryptography is infeasible for sensor nodes with limited computation power. Hence symmetric key cryptography mechanisms are applied in order to provide security foundations. Due to resource constraints in sensor nodes, best solution seems to be symmetric key distribution prior to deployment. For each node, a number of keys are drawn uniformly random without replacement from a pool of symmetric keys and loaded in the node’s memory. After deployment, neighboring sensor nodes may share a key with a certain probability since all the keys are drawn from the same key pool. This is the basic idea of key predistribution schemes in wireless sensor networks. Also there are more advanced deployment models that take the change of network in time into consideration. The nodes are powered by batteries and the batteries eventually deplete in time. However the network needs to operate longer than the lifetime of a single node. In order to provide continuity, nodes are deployed and integrated in the network at different times along the operation of the network. These networks are called multiphase wireless sensor networks. The main challenge of these networks is to provide connectivity between node pairs deployed at different times. In this thesis, we proposed three different key predistribution schemes. In the first scheme, we introduce the concept of XORed key, which is the bitwise XOR of two regular (a.k.a single) keys. Sensor nodes are preloaded with a mixture of single and XORed keys. Nodes establish secure links by shared XORed keys if they can. If no shared XORed key exists between two neighboring nodes, they try single keys loaded in their memory. If node pairs do not have any shared XORed or single keys, they transfer keys from their secure neighbors in a couple of ways, and use them to match with their XORed keys. In this scheme, we aim to have a more resilient network to malicious activities by using XORed keys since an attacker has to know either both single key operands or the XORed key itself. We performed several simulations of our scheme and compared it with basic scheme . Our scheme is up to 50% more connected as compared to basic scheme. Also it has better resilience performance at the beginning of a node capture attack and when it starts to deteriorate the difference between the resilience of our proposed scheme and basic scheme is not greater than 5%. The second scheme that we proposed is actually an extension that can be applied to most of the schemes. We propose an additional phase that is performed right after shared keys between neighboring nodes are discovered. As mentioned above, neighboring node pairs share a common key with a certain probability. Obviously some neighboring node pairs fail to find any shared key. In our proposed new phase, keys preloaded in memories of secure neighbors of a node a are transferred to a, if necessary, in order for a to establish new links with its neighboring nodes that they do not share any key. In this way, we achieve the same connectivity with traditional schemes with significantly fewer keys. We compared the performance of our scheme with basic scheme  after shared-key discovery phase and our results showed that our scheme achieved the same local connectivity performance with basic scheme, moreover while doing that, nodes in our scheme are loaded with three fourth of keys fewer than the keys loaded in nodes in basic scheme. In addition to that, our scheme is up to 50% more resilient than basic scheme with shared-key discovery phase under node capture attacks. The last scheme that we proposed is designed to be used for multi-phase wireless sensor networks. In our model, nodes are deployed at the beginning of some time epochs, called generations, in order to replace the dead nodes. Each generation has completely different key pool. Nodes are predistributed keys drawn uniformly random from key pools of different generations in order to have secure communication with nodes deployed at those generations. In other words, in our scheme keys are specific to generation pairs. This makes the job of attacker more difficult and improves the resiliency of our scheme. We compared our scheme to another key predistribution scheme designed for multi-phase wireless sensor networks. Our results showed that our scheme is up to 35% resilient in steady state even under heavy attacks.
Repository Staff Only: item control page