1. ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang

2. 2 Pairwise key establishment with guarantee –Problems of basic key pre-distribution and Chan’s improvement The key establishment is not guaranteed Tolerance to sensor compromise –Polynomial based key pre-distribution Random subset assignment approach Grid based key distribution

3. 3 Polynomial based key distribution –A bivariate t-degree polynomial f(x, y) is generated –It has the property of f(x, y) = f(y, x) –For every sensor i, we can replace x with i and generate a new poly f(i, y) –When sensor i meets sensor j, node i can calculate f(i, j), node j can calculate f(j, i); –The two keys are the same

4. 4 Overhead –Every sensor needs to store a t-degree poly –Evaluation of the polynomial Robustness –Need at least t+1 nodes to figure out a poly Problem –Want to further reduce overhead Improvement –Using a group of polynomials

5. 5 Polynomial pool based key pre-distribution –We generate a pool of bivariate polynomials –When we have only one poly, it returns to the previous method –When all poly are 0-degree, it returns to the basic approach –Each sensor gets a subset of polys Direct key establishment Path key establishment

6. 6 Random subset assignment – approach 1 –Every sensor gets a random set of polys –Analysis of key sharing Directly b/w two sensors Through one hop neighbors Similar to the basic approach –Then what is the advantage of using poly to replace a key ?

7. 7 Grid based key pre-distribution –Guaranteed key establishment –Improved resilience to sensor compromise –“Zero” interaction to figure out the key – except the node identity

8. 8 We have n sensors, n < m * m –Every sensor can be mapped to a unique point in the m*m matrix –Generate 2m polynomial, one for each row and one for each column –For a sensor at position (i, j), the corresponding row and column polys will be given to the node

9. 9 Any two sensors in the same row or column will share a poly – they can derive the key If the two sensors are not in the same row or column –Locate the node that can establish keys with both nodes

10. 10 Advantages –Storage overhead: every node only stores two polys –A sensor can directly figure out can it establish a key to the other sensor

11. 11

12. 12 Key pre-distribution based on Blom’s scheme –Improve resilience to sensor compromise –Authentication between sensor pair

13. 13 Blom’s key pre-distribution –Generate a (λ+1) * N matrix G, N is the size of the network, λ is the threshold of tolerance. The matrix is public –Generate a (λ+1) * (λ+1) symmetric matrix D and keep it as secret –A = (D * G)^T, A is a N * (λ+1) matrix –Since D is symmetric, we have A*G = (A*G)^T, so A*G is a symmetric matrix

14. 14 If we let K = A*G, then Kij = Kji See example of the calculation Every node i will have ith row of A and ith column of G When node i and j meet, they exchange the columns of G and calculate Kij and Kji

15. 15 Blom’s scheme guarantees that any two sensors can find a key. But we do not need such dense keys If we generate multiple Blom’s matrices, each can be viewed as a key space

16. 16 Approach –Generate one matrix G –Generate w matrix D1, D2, ---, Dw, we can calculate A1=(D1 * G)^T, A2=(D2 * G)^T, ---, Aw=(Dw * G)^T. –Every node will select t key spaces and get corresponding information from the matrices. –If two sensors have the same key space, they can generate a key.

17. 17 Analysis of key space sharing –Similar to the basic mechanisms What is the probability that a key space is compromised? –Need at least (λ+1) sensors holding this key space –When x nodes are broken, the probability that j of them know the key space is:

18. 18 When the key space is not compromised, pairwise keys can be used to authenticate