A Key Pre-Distribution Scheme Using Deployment Knowledge for Wireless Sensor Networks Zhen Yu & Yong Guan Department of Electrical and Computer Engineering Iowa State University Sep. 15, 2004

Outline Introduction Related work Our scheme Evaluation and simulation Conclusions

Bootstrapping Problem (1) Need to encrypt communications between sensor nodes against eavesdropping and node capture. Bootstrapping problem: How to set up secret keys among nodes

Bootstrapping Problem (2) Limitations of wireless sensor networks: Limited power resource; Limited computation capacity; Limited memory size; Limited transmission range r. General methods cannot be used: Public-key cryptography consumes more energy and needs longer time; No trusted third party for online key management; Storing N-1 pairwise keys is not suitable for large sensor networks; Solution: key pre-distribution scheme.

Basic Scheme Key Pool m keys Each node picks k secret keys from a large key pool of size m. Two neighboring nodes can establish secure connection if sharing at least one common key.

Du’s Deployment Knowledge Scheme (1) Group-based deployment model: Drop nodes from a helicopter hanging above some deployment point; Divide sensor field into equal-size square grids; Divide sensor nodes into groups equally; The center of each grid is a deployment point, the expected location of a group of nodes; Each group is deployed into a corresponding grid; The real location of nodes of each group i follows a normal distribution:

Du’s Deployment Knowledge Scheme (2) Global Key Pool Global Key Pool A B C 1 D E a 1-a Divide a global key pool into multiple key pools Key assignment for all the key pools Shared keys between neighboring key pools

Preliminary: Blom’s Scheme D is symmetric Public matrix G Secret matrix A A = (DG)T = GTD K is symmetric K = AG = GTDG Each node i stores the i-th row of A and the i-th column of G; Node i and j exchange their columns of G in plaintext and derive Kij = Kji; So G is public, while A is kept secret A can be broken after rows compromised.

Our Scheme: Overview Observation: Most neighbors come from the same group or neighboring groups Hexagonal deployment One public matrix G. Multiple secret matrices As and Bs. Each node picks rows from A and B. Assignment of A: Each group has a distinct A. Assignment of B: Any two neighboring groups share some common B(s). A: in-group communications. B: inter-group communications. Nodes from the same group or neighboring groups can always find common keys.

Our Scheme: Assignment of B (1) Cluster: 7 neighboring groups At most 2 basic groups / cluster At most 2 rows / node At most 13 affected groups

Our Scheme: Assignment of B (2) At most 3 basic groups / cluster At most 3 rows / node At most 16 affected groups

Our Scheme: Assignment of B (3) At most 1 basic groups / cluster At most 3 rows / node Max # of affected groups: large

Our Scheme: Assignment of B (4) Cluster: 9 neighboring groups At most 3 basic groups / cluster At most 3 rows / node At most 21 affected groups

Our Scheme: Performance Metrics Connectivity: The probability that the deployed network is connected Resilience against node capture: The fraction of links compromised over the total number of links given some number of nodes are compromised Memory requirement: The number of keys stored

Our Scheme: Connectivity Analysis (1) MN, the longest edge of a random Minimum Spanning Tree If set , we have where Pc is the probability that the network is connected when N approaches infinite.

Our Scheme: Connectivity Analysis (2) When nodes are not uniformly distributed, use the lowest node density over sensor field. Lowest node density area Normal distribution over 4x4 hexagonal grids

Our Scheme: Connectivity Analysis (3) Constrain neighbors coming from neighboring groups Normal distribution: 99.87% nodes reside within 3σ of deployment point; Let any two non-neighboring groups be farther away than 6σ; So we set ( ) for hexagonal (square) grids. Deploy 104 nodes into 103x103 m2 field with Pc = 0.9999: Our scheme: r = 31.25 m; The basic scheme and Du’s scheme: r = 40 m.

Our Scheme: Security Metrics Global security: The fraction of links compromised given some nodes are compromised over the entire sensor field. Local security: The fraction of links compromised given some nodes are compromised in some local area. Simulation: For local security: suppose nodes are uniformly distributed in each grid and the compromised nodes come from the same grid. Deploy 104 nodes into 103x103 m2 sensor field with Pc = 0.9999

Our Scheme: Local Security Larger memory size brings a larger ; Hexagonal deployment is better than square one due to less affected groups.

Our Scheme: Global Security Better performance in security than other schemes; A lower memory requirement to achieve Pc = 0.9999.

Conclusions A novel key pre-distribution scheme; Hexagonal deployment; Smaller transmission range with the same connectivity; Better performance in security; Lower memory requirement.

References L. Eschenauer, et al., ''A Key-Management Scheme for Distributed Sensor networks'', in ACM CCS, 2002. W. Du, et al., ''A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge'', in IEEE INFOCOM, 2004. R. Blom, ''An Optimal Class of Symmetric Key Generation Systems'', in Advances in Cryptology: Proceedings of EUROCRYPT 84, LNCS, vol. 209, pp.335-338, 1985. W. Du, et al., ''A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks'', in ACM CCS, 2003. M. D. Penrose, ''The Longest Edge of the Random Minimum Spanning Tree'', in The Annals of Applied Probability, Vol. 7, No. 2, pp. 340-361, 1997.