Donggang Liu
Peng Ning
Skip Abstract Section
Abstract
Pairwise key establishment is a fundamental security service for sensor networks. However, establishing pairwise keys in sensor networks is a challenging problem, particularly due to the resource constraints on sensor nodes and the threat of node compromises. This article proposes to use both predeployment and postdeployment knowledge to improve pairwise key predistribution in static sensor networks. By exploiting the predeployment knowledge, this article first develops two key predistribution schemes, a closest pairwise keys scheme and a closest polynomials scheme. The analysis shows that these schemes can achieve better performance if the expected location information is available and that the smaller the deployment error is, the better performance they can achieve. The article then investigates how to use postdeployment knowledge to improve pairwise key predistribution in static sensor networks. The idea is to load an excessive amount of predistributed keys on sensor nodes, prioritize these keys based on sensors' actual locations discovered after deployment, and discard low-priority keys to thwart node compromise attacks. This approach is then used to improve the random subset assignment scheme proposed recently to demonstrate its practicality and effectiveness. The analysis indicates that the postdeployment knowledge can also greatly improve the performance and security of key predistribution.
- Akyildiz, I., Su, W., Sankarasubramaniam, Y., and Cayirci, E. 2002. Wireless sensor networks: A survey. Comput. Netw. 38, 4, 393--422.]] Google Scholar
- Anderson, R., Chan, H., and Perrig, A. 2004. Key infection: Smart trust for smart dust. In Proceedings of IEEE International Conference on Network Protocols (ICNP 2004). IEEE Computer Society Press, Los Alamitos, CA.]] Google Scholar
- Basagni, S., Herrin, K., Bruschi, D., and Rosti, E. 2001. Secure pebblenets. In Proceedings of ACM International Symposium on Mobile ad hoc Networking and Computing. ACM, New York, 156--163.]] Google Scholar
- Blom, R. 1985. An optimal class of symmetric key generation systems. In Advances in Cryptology: Proceedings of EUROCRYPT 84. Lecture Notes in Computer Science, Vol. 209. Springer Verlag, New York, 335--338.]] Google Scholar
- Blundo, C., De Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., and Yung, M. 1993. Perfectly-secure key distribution for dynamic conferences. In Advances in Cryptology -- CRYPTO '92. Lecture Notes in Computer Science Vol. 740. Springer-Verlag, New York, 471--486.]] Google Scholar
- Buchegger, S. and Boudec, J. L. 2002. Performance analysis of the CONFIDANT protocol (cooperation of nodes: Fairness in dynamic ad-hoc networks). In Proceedings of the 3rd ACM, New York, ACM International Symposium on Mobile Ad Hoc Networking and Computing. 226--236.]] Google Scholar
- Carman, D., Kruus, P., and Matt B. J. 2000. Constrains and approaches for distributed sensor network security. Tech. rep., NAI Labs.]]Google Scholar
- Chan, H. and Perrig, A. 2005. PIKE: Peer intermediaries for key establishment in sensor networks. In Proceedings of IEEE Infocom. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Chan, H., Perrig, A., and Song, D. 2003. Random key predistribution schemes for sensor networks. In Proceedings of the IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA 197--213.]] Google Scholar
- Crossbow Technology Inc. 2005. Wireless sensor networks. http://www.xbow.com/Products/Wireless_Sensor_Networks.htm. (Accessed in May 2005).]]Google Scholar
- Deng, J., Han, R., and Mishra, S. 2003. Security support for in-network processing in wireless sensor networks. In Proceedings of the 2003 ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN '03). ACM, New York.]] Google Scholar
- Du, W., Deng, J., Han, Y. S., Chen, S., and Varshney, P. 2004. A key management scheme for wireless sensor networks using deployment knowledge. In Proceedings of IEEE INFOCOM'04. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Du, W., Deng, J., Han, Y. S., and Varshney, P. 2003. A pairwise key predistribution scheme for wireless sensor networks. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03). ACM, New York, 42--51.]] Google Scholar
- Du, W., Fang, L., and Ning, P. 2005. Lad: Localization anomaly detection for wireless sensor networks. In Proceedings of the 19th IEEE International Parallel & Distributed Processing Symposium (IPDPS '05). IEEE Computer Society Press, Los Alamitos, CA.]] Google Scholar
- Eschenauer, L. and Gligor, V. D. 2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM, New York, 41--47.]] Google Scholar
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J ACM 33, 4 (Oct.), 792--807.]] Google Scholar
- Gura, N., Patel, A., Wander, A., Eberle, H., and Shantz, S. 2004. Comparing elliptic curve cryptography and RSA on 8-bit CPUs. In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 2004).]]Google Scholar
- Hu, L. and Evans, D. 2003a. Secure aggregation for wireless networks. In Proceedings of the Workshop on Security and Assurance in Ad Hoc Networks.]] Google Scholar
- Hu, L. and Evans, D. 2003b. Using directional antennas to prevent wormhole attacks. In Proceedings of the 11th Network and Distributed System Security Symposium. 131--141.]]Google Scholar
- Hu, Y., Perrig, A., and Johnson, D. 2003. Packet leashes: A defense against wormhole attacks in wireless ad hoc networks. In Proceedings of INFOCOM 2003. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Karlof, C. and Wagner, D. 2003. Secure routing in wireless sensor networks: Attacks and countermeasures. In Proceedings of 1st IEEE International Workshop on Sensor Network Protocols and Applications. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Lazos, L. and Poovendran, R. 2004. Serloc: Secure range-independent localization for wireless sensor networks. In Proceeding of the ACM Workshop on Wireless security (ACM WiSe 2004). (Philadelphia, PA.)]] Google Scholar
- Li, L. and Halpern, J. 2001. Minimum-energy mobile wireless networks revisited. In Proceedings of IEEE International Conference on Communications (ICC '01). IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Liu, D. and Ning, P. 2003a. Efficient distribution of key chain commitments for broadcast authentication in distributed sensor networks. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03). 263--276.]]Google Scholar
- Liu, D. and Ning, P. 2003b. Establishing pairwise keys in distributed sensor networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM, New York, 52--61.]] Google Scholar
- Liu, D. and Ning, P. 2003c. Location-based pairwise key establishments for static sensor networks. In Proceeding of the 2003 ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN '03). ACM, New York, 72--82.]] Google Scholar
- Liu, D., Ning, P., and Du, W. 2005a. Attack-resistant location estimation in wireless sensor networks. In Proceedings of the 4th International Conference on Information Processing in Sensor Networks (IPSN '05).]] Google Scholar
- Liu, D., Ning, P., and Du, W. 2005b. Detecting malicious beacon nodes for secure location discovery in wireless sensor networks. In Proceedings of the 25th International Conference on Distributed Computing Systems (ICDCS '05).]] Google Scholar
- Liu, D., Ning, P., and Du, W. 2005c. Group-based key predistribution in wireless sensor networks. In Proceedings of 2005 ACM Workshop on Wireless Security (WiSe 2005). ACM, New York.]] Google Scholar
- Liu, D., Ning, P., and Li, R. 2005d. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Sys. Sec. 8, 1 (Feb.), 41--77.]] Google Scholar
- Marti, S., Giuli, T. J., Lai, K., and Baker, M. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking. ACM, New York, 255--265.]] Google Scholar
- Newsome, J., Shi, R., Song, D., and Perrig, A. 2004. The sybil attack in sensor networks: Analysis and defenses. In Proceedings of IEEE International Conference on Information Processing in Sensor Networks (IPSN 2004). IEEE Computer Society Press, Los Alamitos, CA.]] Google Scholar
- Niculescu, D. and Nath, B. 2001. Ad hoc positioning system (APS). In Proceedings of IEEE GLOBECOM '01. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
- Perrig, A., Canetti, R., Song, D., and Tygar, D. 2000. Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA.]] Google Scholar
- Perrig, A., Canetti, R., Song, D., and Tygar, D. 2001a. Efficient and secure source authentication for multicast. In Proceedings of the Network and Distributed System Security Symposium.]]Google Scholar
- Perrig, A., Canetti, R., Song, D., and Tygar, D. 2002. The TESLA broadcast authentication protocol. In RSA Cryptobytes.]]Google Scholar
- Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, D. 2001b. SPINS: Security protocols for sensor networks. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networks.]] Google Scholar
- Przydatek, B., Song, D., and Perrig, A. 2003. SIA: Secure information aggregation in sensor networks. In Proceedings of the 1st ACM Conference on Embedded Networked Sensor Systems (SenSys '03). ACM, New York.]] Google Scholar
- Sastry, N., Shankar, U., and Wagner, D. 2003. Secure verification of location claims. In Proceeding of the ACM Workshop on Wireless Security. ACM, New York.]] Google Scholar
- Shnayder, V., Hempstead, M., Chen, B., Werner-Allen, G., and Welsh, M. 2004. Simulating the power consumption of large-scale sensor network applications. In Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys'04). ACM, New York.]] Google Scholar
- Stajano, F. and Anderson, R. 1999. The resurrecting duckling: security issues for ad hoc networks. In Proceedings of the 7th International Workshop on Security Protocols. 172--194.]] Google Scholar
- Wong, D. and Chan, A. 2001. Efficient and mutually authenticated key exchange for low power computing devices. In Proceedings of ASIA CRYPT.]] Google Scholar
- Wood, A. D. and Stankovic, J. A. 2002. Denial of service in sensor networks. IEEE Compute 35, 10, 54--62.]] Google Scholar
- Zhu, S., Setia, S., and Jajodia, S. 2003. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03). ACM, New York. 62--72.]] Google Scholar
- Zhu, S., Setia, S., Jajodia, S., and Ning, P. 2004. An interleaved hop-by-hop authentication scheme for filtering false data in sensor networks. In Proceedings of 2004 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA.]]Google Scholar
Index Terms
- Improving key predistribution with deployment knowledge in static sensor networks
Recommendations
Group-based key predistribution for wireless sensor networks
Many key predistribution techniques have been developed recently to establish pairwise keys between sensor nodes in wireless sensor networks. To further improve these schemes, researchers have also proposed to take advantage of the sensors' expected ...
Establishing pairwise keys in distributed sensor networks
Pairwise key establishment is a fundamental security service in sensor networks; it enables sensor nodes to communicate securely with each other using cryptographic techniques. However, due to the resource constraints on sensor nodes, it is not feasible ...
A Hybrid Key Predistribution Scheme for Sensor Networks Employing Spatial Retreats to Cope with Jamming Attacks
In order to provide security services in wireless sensor networks, a well-known task is to provide cryptographic keys to sensor nodes prior to deployment. It is difficult to assign secret keys for all pairs of sensor node when the number of nodes is ...
Comments