ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang

2 Pairwise key establishment in sensor networks –In many of secure routing mechanisms, we have assumed the knowledge of keys –We will investigate how these keys are established among wireless nodes

3 Key predistribution method –In early 2000s, symmetric encryption is still the only choice for sensors –No trusted third party for key distribution –Predistribution Group key Pairwise key Each has its problems: sensor compromise, add new node, forward/backward secrecy

4 Probabilistic key sharing –A pool of P keys are generated offline –Every sensor will randomly get k keys when it is deployed –With a certain probability, any pair of sensors may share at least one key –For those that do not share keys, multihop path can be used to establish such a key

5 Example: P = 10,000, how may keys should every sensor have so that the probability is 0.5? (75) Some simple analysis Shared key discovery b/w neighbors –Broadcast key identifiers –Broadcast plaintext and corresponding ciphertexts

6 Path key establishment –Establish keys through shared neighbors Revocation –A compromised sensor only discloses a small part of the keys Addition of new sensors A question: can we link the pre-distributed keys to node identity or other information? –What will be the advantages and disadvantages?

7

8 Three extensions: –q-composite –Multipath reinforcement –Random pairwise key –Evaluation criteria: Resilience to node capture Revocation Scale Clone attack

9 q-composite pre-distribution –A pair of nodes have to share at least q keys to establish a secure link b/w them –When q increases, attackers have to compromise more nodes to break a link –We still need to preserve a certain probability that any pair of sensors can establish a key –How to balance the two factors?

10 A simple analysis –What is the probability that a pair of sensors have exactly i shared keys? –The probability that a pair of nodes have at least q shared keys is: 1- p(0) - p(1) - …… - p(q-1) –Improvements in resilience to node capture q-composite demonstrates better resilience than basic scheme when a small group of sensors are compromised It makes the system more robust since it is more difficult to compromise a large group of sensors

11

12 Multipath key reinforcement –Try to establish a link key through multiple paths –It will be great to use with the basic mechanism, but not the q-composite –Now the malicious node has to compromise more keys to get the link key

13 Let us assume that A and B have already find a single shared key Now A and B will determine a new link key through multiple independent paths –A locates j link-disjoint paths –Each link in the paths has established a link key –A generates j random numbers and each random number will be sent through a different path –the final key will be k xor R1 xor R2 xor --- xor Rj –The final key is protected by all j random numbers

14 The more paths –The safer is the key –The more communication overhead For each path, the longer is the path –The higher probability that it is not safe 2-hop multipath –Only go through the shared neighbors

15 If the probability that an attacker compromises one link key is b, then the probability that it compromises a k two-hop path key is b (2b – b^2)^k Why multipath and q-composite should not work together? –q-composite needs a smaller key space

16

17 Random pairwise key scheme –In the basic scheme, we cannot authenticate the node –The malicious node can conduct Sybil attack –We need to link the knowledge of a key and the identity of the node Every key is known by only two nodes Every node remembers m keys and the other “half” that knows the key

18 Can be used to –Authenticate the other node –Conduct intruder identification –Prevent Sybil attacks –Support node revocation