A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge Presenter: Todd Fielder

Key Agreement Schemes Trusted Server Trusted Server Requires trusted infrastructure Requires trusted infrastructure Self-Enforcing Self-Enforcing Asymmetric cryptography Asymmetric cryptography Pre-Distribution Pre-Distribution Key information is pre-distributed prior to deployment Key information is pre-distributed prior to deployment In sensor networks, only a small portion of the keys are predistributed. In sensor networks, only a small portion of the keys are predistributed.

Key Pre-distribution Use only a subset of keys within the network and probabilistically guarantee a connected graph dependent on node density Use only a subset of keys within the network and probabilistically guarantee a connected graph dependent on node density Not all nodes will be connected Not all nodes will be connected Possible to increase this probability and connected nodes if deployment knowledge is used Possible to increase this probability and connected nodes if deployment knowledge is used Nodes will be deployed in some order. Nodes will be deployed in some order. i.e. there is a higher probability that a node deployed at time t we be closer to other nodes deployed at time t than to nodes deployed at time (t+1). i.e. there is a higher probability that a node deployed at time t we be closer to other nodes deployed at time t than to nodes deployed at time (t+1).

Definitions and Assumptions Static Nodes Static Nodes Deployment is evenly distributed through region. Deployment is evenly distributed through region. Is this a safe assumption? Is this a safe assumption? Deployment Point Deployment Point Point location where a node may be deployed Point location where a node may be deployed May reside in an area around deployment point which is defined by a probability density function (pdf). May reside in an area around deployment point which is defined by a probability density function (pdf). i.e. the helicopter where the node is dropped from i.e. the helicopter where the node is dropped from Resident Point Resident Point Point near the deployment point where sensor actually resides. Point near the deployment point where sensor actually resides. i.e. where the node lands. i.e. where the node lands.

Group-Based Deployment Model Group of sensors are deployed at a single deployment point. Group of sensors are deployed at a single deployment point. Increases the pdf with a group Increases the pdf with a group Decreases the pdf between groups. Decreases the pdf between groups. For a uniform distribution policy, there is no knowledge about which nodes will be neighbors For a uniform distribution policy, there is no knowledge about which nodes will be neighbors Requires a larger key pool. Requires a larger key pool. Decreases probability of sharing keys. Decreases probability of sharing keys. This research distributes nodes uniformly in a 2X2 grid. This research distributes nodes uniformly in a 2X2 grid.

Protocol Key Pre-Distribution Key Pre-Distribution Global key pool, S, is divided into t*n (number of groups) number of key pools. Global key pool, S, is divided into t*n (number of groups) number of key pools. Goal is to allow nearby key pools S i, j to share keys with a neighboring group S i+1, j. Goal is to allow nearby key pools S i, j to share keys with a neighboring group S i+1, j. Each node contains a subset m of their groups key pool. Each node contains a subset m of their groups key pool.

Phases 2 & 3 Shared key Discovery Shared key Discovery Broadcast indices of keys. Broadcast indices of keys. Setup secure links with neighbors. Setup secure links with neighbors. Path Key Establishment Path Key Establishment Use previously established secure channels to setup keys with unconnected neighbors. Use previously established secure channels to setup keys with unconnected neighbors. Allows intermediate nodes to determine keys. Allows intermediate nodes to determine keys. Problem: Intermediate nodes may be compromised, choose a key known by attacker. Problem: Intermediate nodes may be compromised, choose a key known by attacker. Probability of securing a link between nodes over three hops is close to one. Probability of securing a link between nodes over three hops is close to one. Requires communication overhead Requires communication overhead Between nodes Between nodes To determine who is choosing the key To determine who is choosing the key

Setting up Key Pools Horizontally or vertically neighboring key pools share (0<a<.25) S c keys 2. Horizontally or vertically neighboring key pools share (0<a<.25) S c keys 2. Diagonal neighbors share (0<b<.25) S c keys Diagonal neighbors share (0<b<.25) S c keys 4a + 4b = 1 4a + 4b = 1 A and B are the over-lapping factors and define the amount of keys shared by neighboring groups. A and B are the over-lapping factors and define the amount of keys shared by neighboring groups. Non-neighboring groups share no keys. Non-neighboring groups share no keys.

Determining Overlapping Factors A determines shared values between horizontal/vertical neighbors. A determines shared values between horizontal/vertical neighbors. Connectivity (100)=.68 Connectivity (100)=.68 B determines shared keys with diagonal neighbors. B determines shared keys with diagonal neighbors. Connectivity (100) =.48 Connectivity (100) =.48

Key Pool Size Group S 1,1 chooses S c from S, then removes those keys Group S 1,1 chooses S c from S, then removes those keys For each cell S 1,j, for j=2…n, pick a*(S c ) keys from S 1,j-1. Then pick (1-a)*(S c ) from pool. For each cell S 1,j, for j=2…n, pick a*(S c ) keys from S 1,j-1. Then pick (1-a)*(S c ) from pool. Repeat for each row S i,j, also picking b*(S c ) keys from S i-1,j-1. Repeat for each row S i,j, also picking b*(S c ) keys from S i-1,j-1. Flaw: There is no guarantee that a key will not percolate from one grid to the next if node (j+1) can pick arbitrary keys from j. Flaw: There is no guarantee that a key will not percolate from one grid to the next if node (j+1) can pick arbitrary keys from j. Causes nodes to share keys. Causes nodes to share keys.

Experimental Setup S = 100,000; a=.167; b=.083. S = 100,000; a=.167; b=.083. Number of nodes = 10,000 Number of nodes = 10,000 Deployment area = 1000m X 1000m Deployment area = 1000m X 1000m t=n=10 t=n=10 Grid size = t X n = 100m Grid size = t X n = 100m Group size = number of nodes / #grids Group size = number of nodes / #grids 100 nodes per group 100 nodes per group Communication Range (R) = 40m Communication Range (R) = 40m S c = 1770 (for each group) S c = 1770 (for each group)

Evaluation Local Connectivity: Probability that two neighboring nodes share a key. Local Connectivity: Probability that two neighboring nodes share a key. M: number of keys M: number of keys

Evaluation cont. Global Connectivity: relation between size of isolated components and size of graph. Global Connectivity: relation between size of isolated components and size of graph. Excludes nodes outside of communication range since this is due to deployment and not key-distribution. Excludes nodes outside of communication range since this is due to deployment and not key-distribution.

Communication Overhead As number of keys increase in memory, communication required decreases. As number of keys increase in memory, communication required decreases.

Point of Uncertainty If each group shares only 1770 keys, a lot of keys are reused unnecessarily. If each group shares only 1770 keys, a lot of keys are reused unnecessarily. 100 nodes per group * 100 keys per node. 100 nodes per group * 100 keys per node. Do we need 100 keys per group? Do we need 100 keys per group? Is group connectivity guaranteed to be 100%? Is group connectivity guaranteed to be 100%?

Questions???