Efficient Key Predistribution for
Grid – Based
Wireless Sensor Networks
The Network Model
• We say that a wireless sensor network is grid based if it consists of a
number of identical sensors arranged in a square grid.
• Transmission range r : the sensor in node ψ is able to communicate
directly with all nodes within the circle of radius r that surrounds it, We
refer to them as r - neighbors of ψ.
• We scale our unit of distance so that adjacent nodes in the grid are at
distance 1 from each other (removes unnecessary complications).
Goal
Design key predistribution schemes in which each node shares a key with
as many of its r - neighbors as possible, while protecting the network
against key compromise (by restricting the extent in which each key is
shared) and taking storage constraints into account.
Costas Arrays
A Costas array of order n is an n×n matrix with the following properties:
1.
2.
3.
•
each position is either blank or contains a dot.
each row and each column contains exactly one dot.
all n(n−1) vectors connecting pairs of dots are distinct as vectors (any two vectors are
different in either magnitude or orientation).
Example 1.
•
•
•
This is an example of a Costas array of order 3. It is easily seen that the six vectors
connecting pairs of dots are distinct
Costas Arrays (cont’)
• The application of Costas arrays in sonar or radar relies on the fact that if a
translation is applied to a copy of a Costas array then at most one dot of
the translated array coincides with a dot of the original array, unless the
two are exactly superimposed.
We formalize it as follows.
• Lemma 1.
Let S = d1 , d2 , d3 ,...., dn  be the set of positions of the dots in a Costas
array A. Suppose the array A is translated by a vector v in the lattice and
let S’ = {d1 + v, d2 + v, . . . , dn + v} be the set of positions of the dots in the
translated array.
Then if v ≠ 0, we have S  S   1
Costas Arrays (cont’)
Proof of Lemma1
Suppose there exists a vector v and dot positions di , dl , d k , dl such that
d k  dl  v
di  d k  d j  dl
di  d j  v . Then
and
A is a Costas array,
this implies that d i  d j and d k  d,l and hence v = 0.
Why?
Any two vectors are different in either magnitude or orientation….
Two main constructions for Costas arrays
** An integer α is a primitive root modulo p if the powers1 , 2 ,....,  p1 are all
distinct modulo p; such integers exist for all odd primes p.
• The Welch Construction
Let α be a primitive root modulo p and let A be a (p − 1) × (p − 1) array. For
each i and j, 1 ≤ i ≤ p−1 and 1 ≤ j ≤ p−1 we put a dot in A(i, j) if and only if
i  j (mod p).
• The Golomb Construction
Let q be a power of a prime and let α and β be two primitive elements in
GF(q). We define A to be a (q − 2) × (q − 2) array. For each i and j, 1 ≤ i ≤ q−2
and 1 ≤ i ≤ q−2 we put a dot in A(i, j) if and only if i   j  1 We remark that
when α = β the construction is called the Lempel Construction.
key predistribution
• In this section we provide basic definitions relating to key predistribution,
and examine certain properties that must be considered when designing
such schemes, before proposing constructions of KPSs that are specifically
adapted to grid based networks.
• Definitions:
– Let K be a finite set whose elements we refer to as keys .
– We consider a set U of wireless sensors, each of which has sufficient memory to store m
keys.
m
– A key predistribution scheme (KPS) for W (wireless sensor network ) is a map U  K
that assigns up to m keys from K to each node in U.
– If each k  K is assigned to a set Sk  U of at most α nodes we refer to the KPS as an
[m, α]-KPS.
key predistribution(cont’)
•
Each node stores the keys assigned to it in its memory prior to
deployment. Once the nodes are deployed we have the following possible
situations:
1.
2.
•
Two nodes that share one or more common elements of K can use them to derive
a common key.
Two nodes that do not share a key may rely on an intermediate node with which
they both share a key in order to communicate securely; this is referred to as a twohop path.
Theorem 1. When an [m, α]-KPS is used to distribute keys to nodes in a
square grid network, the expected number of r - neighbors of a node ψ in
the interior of the network that share at least one key with ψ is at most
m(α − 1). The value m(α − 1) is achieved precisely when the following
conditions are met:
1.
2.
3.
Each interior node stores exactly m keys, each of which are shared by exactly α
nodes.
No pair of nodes shares two or more keys.
The distance between any two nodes sharing a key is at most r.
key predistribution(cont’)
Proof. Theorem 1
The maximum number of keys allocated to an interior node Ψ by an
[m, α]-KPS is m; each of these keys is shared by at most α nodes (which may
or may not be r - neighbors of Ψ).
Hence a given interior node shares keys with at most α − 1 of its
R - neighbors, and this maximum value is achieved if and only if no two nodes
share more than one key with Ψ, and every node with which Ψ shares a
key is an r - neighbor of Ψ.
Key Predistribution Using Costas Arrays
• We now propose a KPS for a grid-based network, in which the pattern of
nodes that share a particular key is determined by a Costas array. The
result is a [n, n]-KPS in which any two nodes have at most one key in
common.
• Construction:
Let A be a n × n Costas array. We can use A to distribute keys from a
keypool K to a set U of nodes arranged in a grid-based network as follows:
– Arbitrarily choose one square of the grid to be the origin, and superimpose A on the
grid, with its lower left-hand square over the origin. Select a key k from K, and distribute
it to nodes occurring in squares coinciding with a dot of A (so n nodes receive the key k).
– Similarly, for each square occurring at a position (i, j) in the grid, we place the lower lefthand square of A over that square, then assign a key ki , j  K to the squares that are now
covered by dots of A.
Example 2.
Consider the 3 × 3 Costas array of Example 1. If we use this array for key
distribution as described above, each node stores three keys.
Figure 1 illustrates this key distribution: each square in the grid represents
a node, and each symbol contained in a square represents a key possessed
by that node.
A
C
A
B
C
A
B
C
B
O
J
R
M
S
I
A
D
R
C
L
H
O
R
Z
M
J
C
A
X
L
C
H
G
K
G
B
E
X
N
W
H
K
V
B
E
N
W
W
V
X
Z
D
D
N
Z
A
E
B
I
I
V
S
L
O
S
K
J
G
M
Key Predistribution Using Costas Arrays (cont’)
• Theorem 3. The key predistribution scheme in Construction 2 has the
following properties:
1.
2.
3.
4.
Each sensor is assigned n different keys.
Each key is assigned to n sensors.
Any two sensors have at most one key in common.
The distance between two sensors which have a common key is at most 2  n  1
• Corollary . When the [n, n]-KPS of Construction 2 is applied to a grid-based
network then a node on the interior of the network shares keys with n(n −
1) other nodes, the maximum possible for a [n, n]-KPS.
Key Predistribution Using Costas Arrays (cont’)
Proof. Theorem 3
1. There are n dots in A. For each dot in turn, if we position A so that dot lies
over a given node Ψ, this determines a positioning of A for which the
corresponding key is allocated to Ψ. Hence Ψ stores n keys in total.
2. A key k i , jis assigned to n positions in the square grid, namely those that
coincide with the n dots of a fixed shift of A.
3. Suppose there exist two sensors A and B sharing (at least) two keys.
These keys correspond to deferent translations of the array A, hence
there exist two translations of A in which dots occur at the positions of
both A and B. However, by Lemma 1, two copies of A coincide in at most
one dot, thus contradicting the original assumption.
4. The two most distant sensors which have a key in common must
correspond to two dots in the same translation of A. The largest distance
between two dots in A occurs if they are in two opposite corners of the
array, i.e. at distance 2  n  1
Distinct-Difference Configurations in Key Predistribution
• The proof of Part 3 of Theorem 3 relies on the property that the vectors
connecting pairs of dots in a Costas array are pairwise distinct. We do not,
however, make use of the requirement that each row and column have
exactly one dot. This suggests that we can relax this condition in order to
explore other structures for use in key predistribution. This leads us to the
following definition.
• Definition 3. A distinct-difference configuration DD(m, r) consists of a set
of m dots placed in a square grid such that
– any two of the dots in the configuration are at distance at most r apart,
– all m(m − 1) differences between pairs of dots are distinct as vectors (any two vectors
differ either in magnitude or orientation).
Distinct-Difference Configurations in Key Predistribution (cont’)
• A Costas array is an example of a DD(n, r). Like Costas arrays, a DD(m, r)
can be used for key predistribution:
• Construction 4. For a given DD(m, r) we distribute keys as in Construction
2, using the DD(m, r) in place of a Costas array.
• Theorem 5. If a DD(m, r) is used for key predistribution as described in
Construction 4 the resulting KPS has the following properties:
1.
2.
3.
4.
Each sensor is assigned m different keys.
Each key is assigned to m sensors.
Any two sensors have at most one key in common.
The distance between two sensors which have a common key is at most r.
Distinct-Difference Configurations in Key Predistribution (cont’)
Proof. Theorem 5
As in the case of the Costas arrays, the fact that differences between pairs of
dots are distinct imply that two nodes share at most one key.
The limit on the distance between nodes sharing keys are a distance of at
most r apart follows directly from the restriction on the distances between
dots in the DD(m, r).
Example 3.
• This is an example of a DD(3, 2).
• This key distribution has an advantage over that of Example 2 in that each
node still shares keys with six other nodes, but these nodes are all 2neighbours, rather than 3-neighbours.
B
A
C
B
A
B
C
DD(3, 2)
C
•
•
•
A
Distinct-Difference Configurations in Key Predistribution (cont’)
• This construction provides [m,m]-KPSs in which interior nodes share keys with
an optimal number m(m−1) of neighboring nodes.
• We have greater flexibility than Construction 2 because we consider a more
general class of configurations.
• The use of a DD(m, r) enables the construction of a KPS suitable for the
specific radius r and maximum storage m of a give network, whereas in the
case of Costas arrays the number of dots and the maximal distance between
them are directly linked.
Two hop r-coverage of a DD(m, r)
•
The use of a DD(m, r) maximizes the number of r – neighbors that share keys with a
given node. Additionally, it is desirable to maximize the number of r - neighbors that
can communicate securely with a given node ψ via a one-hop or two-hop path. We
refer to this quantity as the two hop r-coverage of a KPS.