Roberto Di Pietro, Luigi V. Mancini and
Alessandro Mei



Limited memory
Limited computational power
Limited energy

Passive attacks
◦ Cipher text attacks

Active attacks
◦ Take control of a sensor node


Unfriendly environment
Nodes only trust themselves




Secure pairwise communication
Memory efficient
Energy efficient
Tolerate the collusion of a set of corrupted
sensors

Have one master key
◦ Can’t tolerate nodes being taken over

Each node stores a seperate key for every
other node
◦ Requires too much space
◦ Expensive to add more nodes later

Tradeoff
◦ Use less memory, but have only a probabilistic
tolerance to nodes being taken over




One way hash function
Symmetric encryption
Keyed hashed function
Pseudo-random number generator



A key deployment scheme
A key discovery procedure
A security adaptive channel establishment
procedure
Method used in A key-management
scheme for distributed sensor networks:


A pool of P random keys is generated
Each sensors takes k random keys from the
pool



Challenge is encrypted using each key and
then broadcasted
Needs to perform k^2 decryptions on receiver
side and k encryptions on the sender side
At least k messages have to be sent



Also used in A key management scheme for
distributed sensor networks
Instead of challenge response, submit the
indexes
Less secure, as a smart attacker can easily
find the nodes that have the key it wants
Method used in Establishing pair-wise keys for
secure communication in ad hoc networks: A
probabilistic approach:



A pool of P random keys is generated
k indexes into the pool are created pseudorandomly with a publicly known seed
dependent on the node id.
Less secure than challenge-response, but can
be improved


Find out which keys are shared and xor them
together
An attacker needs to know all shared keys

Nearby sensors
◦ Weaker against geographically attacks

Random
◦ Larger communication overhead

Individual properties
◦ More trusted nodes can give higher security

They give an upper bound on the probability
that the channel between two nodes is
corrupted, given w corrupted nodes

Sensor failure resistent
◦ Can add more sensors if required

No information leakage
◦ Sensors in the C set only transmits hash values of
their keys

Adaptiveness
◦ If an upper bound of w is known, C can be chosen to
secure communication with a desired probability.

Load balance
◦ a sends c+1 message, sensors in C send 1, tot=2c+1
◦ Only done once during setup

Sensor doesn’t respond
◦ After timeout, node a can pick another node

Sensor sends correct key
◦ Lowers security

Sends false key
◦ Can pick another C set
◦ Notify trusted base-station
◦ Aware that network is under attack

If node a has the keys that node a should
have, according to the pseudo-random
number generator, it’s probable that a is a.


M = {}
for all keys k in P
◦ z = RND(id||k)
◦ if(z%(|P|/m)==0)
 put k into M


|M| must be less than memory size but larger
than the security constraints
Discard ID if conditions not satisfied