Key Pre-distribution Approach in Wireless Sensor Networks Using LU Matrix Authors: Hangyang Dai and Hongbing Xu Source: IEEE Sensor Journal, vol.10, no.8, pp , Presenter: Yung-Chih Lu ( 呂勇志 ) Date: 2010/11/05 1
Outline Introduction Polynomial-based scheme Proposed Scheme Performance Evaluation Conclusion Comment 2
Introduction (1/3) Goal ◦ Key agreement ◦ Against attack node capture attack ◦ Saving resource storage overhead ◦ Extra service node to node authentication 3
Introduction (2/3) Wireless Sensor Network :Base station :Low-end Sensor :High-end Sensor
Introduction (3/3) The Aspect of Key Predistribution ◦ Keys are distributed to all sensor nodes prior to deployment. ◦ Random key predistribution Polynomial-based scheme ◦ Deterministic key predistribution Combinatorial design 5 Key pool ={1,2,3,4} Key pool ={1,2,3,4} Sensor A Sensor B drawing Ex: {2,4} {1,4} L. Eschenauer and V. Gligor. “A Key-Management Scheme for Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov
Theorem ◦ Setup server randomly generates a symmetric bivariate t-degree polynomial Ex: f(x,y) = 4x 2 y 2 + x 3 y 1 + x 1 y It’s a symmetric bivariate 3-degree polynomial Polynomial-based scheme (1/2) C. Blundo, A.D. Santis, A. Herzberg, S. Kutten, U. Vaccaro, M. Yung. "Perfectly-secure Key Distribution for Dynamic Conferences." Lecture Notes in Computer Science,471–486, [ ] 5 0 0 0 0 0 0 1 0 0 4 0 0 1 0 0 6
Key Agreement Polynomial-based scheme (2/2) L-sensor: Low-end sensor s: Step :L v -sensor 5141 y 0 y 1 y 2 y 3 :Cluster head step1: computes 1: Cluster Head ID 2: Lv-sensor ID f(1,y) = 4y 2 + y 1 + y f(2,y) = 16y 2 + 8y 1 + 2y step2: The Setup server loads the sensor node with coefficients step3: Each sensor node broadcasts its own ID step4: Receiver use ID to compute a shared secret key K uv = f(u,v) = f(v,u) = K vu K 12 = f(1,2) = 31 = f(2,1) = K y 0 y 1 y 2 y 3 7 s3 s4
LU Decomposition K 12 =K 21 Proposed Scheme (1/5) 8 L: Lower Triangular Matrix U: Upper Triangular Matrix K: Symmetric Matrix
LU Decomposition 9 Proposed Scheme (2/5) 9 Assuming that u 11 =1, u 22 =2, u 33 =3 K: Symmetric Matrix
Proposed Scheme (3/5) Polynomial pre-distribution phase 10 Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} drawing 1: A symmetric bivariate polynomial S: Sensor Ex: SaSa SbSb
Proposed Scheme (4/5) Shared key establishment phase s1 s /2 20 L r2 L r1 U c2 U c1 step1: Each sensor node broadcasts its L array step2: Sensors use L array to compute a shared secret Polynomial K 21 = L r2 ×U c1 = 1 = L r1 ×U c2 = K 12 1: f(x,y) = 4x 2 y 2 + x 3 y 1 + x 1 y : Shared secret polynomial S: Sensor [ ] 5 0 0 0 0 0 0 1 0 0 4 0 0 1 0 0
Proposed Scheme (5/5) Shared key establishment phase 12 SaSa SbSb LrLr K 21 = L r2 ×U c1 E K 21 [ S b_ID ] L r1 ×U c2 = K 12 D K 12 [E K 12 [ S b_ID ]] = S b_ID E K 12 [ CLR ] MAC(K 12, S b_ID || CLR) E K 21 [ S b_ID ] E K 12 [ CLR ] MAC(K 12,S B || CLR) D K 21 [E K 21 [ CLR ]] = CLR Verify MAC(K 12, S b_ID || CLR) ?= MAC(K 21, S b_ID || CLR) K: Shared secret polynomial CLR: Confirmation message S: Sensor
Performance Evaluation Network Connectivity 13 L. Eschenauer and V. Gligor. “A Key-Management Scheme for Distributed Sensor Networks.” In Proc. 9th ACM Conference on Computerand Communication Security, pp.41-47, Nov S:The key pool size S. A. Camtepe and B. Yener, “Combinatorial design of key Distribution mechanisms for wireless sensor network,” in Proc. Comput. Secur.-ESORICSpp. 293–308, 2004.
Performance Evaluation Resilience Against Node Capture 14 k: the storage per node τ:the number of polynomials in each node t': the degree of the polynomial in the Blundo scheme N: the number of nodes in the network t: the degree of a polynomial in our scheme ω :the polynomial pool size K=400
Performance Evaluation Resilience Against Node Capture 15 k: the storage per node τ:the number of polynomials in each node N: the number of nodes in the network t: the degree of a polynomial in our scheme ω :the polynomial pool size S:the key pool size q:a prime power K=400
Performance Evaluation Memory Overhead 16 N: the number of nodes in the network t: the degree of a polynomial in our scheme h: nonzero-element parts 2z: number of zeros Nt Our scheme memory (bit) Memory Saving (bit) Saving ratio × × % × × % × × % × × %
Conclusion High network connectivity Strong resilience against node capture Node to node mutual authentication Optimize the memory overhead 17
Comment LU= =LU K 12 =K 21 = [ ] Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} drawing Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} Polynomial pool = {1,2,3,4, 5,6,7,8,9,10} drawing