Self-Healing Group-Wise Key Distribution
Schemes with Time-Limited Node
Revocation for Wireless Sensor Networks
Minghui Shi, Xuemin Shen, Yixin Jiang, Chuang Lin
CMSC 681 Fall 2007
Advanced Computer Networks
Isaac Mativo
Sensor Node

Typical sensor node contains






Power unit
Sensing unit
Processing unit
Storage unit
Wireless transceiver
Wireless Sensor Node may be able to monitor
several parameters by combining several
kinds of sensor nodes
Wireless Sensor network

Architecture of a wireless sensor
network
Data processing and
management center
Internet/
satellite
Base Station
Sensor field
Motivation






Important to prevent unauthorized nodes to access
some information
Traffic encryption key (TEK) is used to encrypt data
at source and decrypt at destination
TEK refreshed continuously by the group key
manager (GKM)
This process may degrade performance and
scalability
Authors propose two schemes which ensures secrecy,
certain collusion freedom, and group confidentiality.
Algorithm based on the dual direction hush chain
(DDHC) and hash binary tree (HBT)
Important Issues

Key management in
WSN




Resilience against
node capture
Resilience against
node replication
Node revocation or
participation
Scalability – as
network grows

Group-wise key
distribution schemes




Group confidentiality
Forward secrecy
Backward secrecy
Collusion freedom
DDHC

DDHC is composed of two one-way hash
chains


Forward hash chain
Backward hash chain
Limited Time Node Revocation

y = Hash(x): Should be easy to compute y
given x, but computationally infeasible to
compute x such that y = Hash(x)
Hash Binary Tree
How the Schemes Work

DDHC






Group key manager (GKM) selects a
secret seed to generate the one-way
hash chain
The rekeying message is broadcast
within the sensor network from time
to time
Each legitimate node within the
group is able to compute the traffic
encryption key (TEK) to encrypt and
decrypt the multicast messages
Time-limited node revocation
scheme: TEK = f(Nf, Nb, RK)
Each node has a small storage
buffer that enables it to perform
self-healing recovery of a rekeying
message.
Lost RK can be recovered using the
one-way hash function and the last
received RK

HBT






Also based on hash functions
To improve security, the HBT is
adopted to generate all preassigned seeds.
GKM assigns the seeds, which
include the sub-root nodes that are
then used to compute the leaf
nodes
Each TEK is linked to a leaf node,
and all leaf nodes are derived using
a hash algorithm on these seeds.
Time-limited node revocation
mechanism: TEK = f(S(D, t), RK)
Lost RK can be recovered using the
one-way hash function and the last
received RK
Conclusion

Scheme provides:






Low storage overhead
Low Communication overhead (broadcast
and unicast)
Low to medium implementation complexity
Implicit authentication
Tolerance for lost rekeying messages
Forward and backward secrecy
Questions?

The End