a key management scheme for wireless sensor networks using deployment knowledge
DESCRIPTION
A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge. Presenter: Todd Fielder. Key Agreement Schemes. Trusted Server Requires trusted infrastructure Self-Enforcing Asymmetric cryptography Pre-Distribution Key information is pre-distributed prior to deployment - PowerPoint PPT PresentationTRANSCRIPT
A Key Management A Key Management Scheme for Wireless Scheme for Wireless
Sensor Networks Using Sensor Networks Using Deployment KnowledgeDeployment Knowledge
Presenter: Todd FielderPresenter: Todd Fielder
Key Agreement SchemesKey Agreement Schemes
Trusted ServerTrusted Server Requires trusted infrastructureRequires trusted infrastructure
Self-EnforcingSelf-Enforcing Asymmetric cryptography Asymmetric cryptography
Pre-DistributionPre-Distribution Key information is pre-distributed prior Key information is pre-distributed prior
to deploymentto deployment In sensor networks, only a small portion of In sensor networks, only a small portion of
the keys are predistributed.the keys are predistributed.
Key Pre-distributionKey Pre-distribution
Use only a subset of keys within the Use only a subset of keys within the network and probabilistically guarantee a network and probabilistically guarantee a connected graph dependent on node connected graph dependent on node densitydensity Not all nodes will be connectedNot all nodes will be connected
Possible to increase this probability and Possible to increase this probability and connected nodes if deployment knowledge connected nodes if deployment knowledge is usedis used Nodes will be deployed in some order.Nodes will be deployed in some order.
i.e. there is a higher probability that a node deployed i.e. there is a higher probability that a node deployed at time t we be closer to other nodes deployed at at time t we be closer to other nodes deployed at time t than to nodes deployed at time (t+1). time t than to nodes deployed at time (t+1).
Definitions and AssumptionsDefinitions and Assumptions Static NodesStatic Nodes Deployment is evenly distributed through Deployment is evenly distributed through
region.region. Is this a safe assumption?Is this a safe assumption?
Deployment PointDeployment Point Point location where a node may be deployedPoint location where a node may be deployed
May reside in an area around deployment point which May reside in an area around deployment point which is defined by a probability density function (pdf).is defined by a probability density function (pdf).
i.e. the helicopter where the node is dropped fromi.e. the helicopter where the node is dropped from Resident PointResident Point
Point near the deployment point where sensor Point near the deployment point where sensor actually resides.actually resides.
i.e. where the node lands.i.e. where the node lands.
Group-Based Deployment ModelGroup-Based Deployment Model
Group of sensors are deployed at a single Group of sensors are deployed at a single deployment point.deployment point. Increases the pdf with a groupIncreases the pdf with a group Decreases the pdf between groups.Decreases the pdf between groups.
For a uniform distribution policy, there is For a uniform distribution policy, there is no knowledge about which nodes will be no knowledge about which nodes will be neighborsneighbors Requires a larger key pool.Requires a larger key pool. Decreases probability of sharing keys.Decreases probability of sharing keys.
This research distributes nodes uniformly This research distributes nodes uniformly in a 2X2 grid.in a 2X2 grid.
ProtocolProtocol
Key Pre-DistributionKey Pre-Distribution Global key pool, S, is divided into t*n Global key pool, S, is divided into t*n
(number of groups) number of key (number of groups) number of key pools. pools.
Goal is to allow nearby key pools S Goal is to allow nearby key pools S i, ji, j to to share keys with a neighboring group Sshare keys with a neighboring group Si+1, i+1,
jj.. Each node contains a subset m of their Each node contains a subset m of their
groups key pool.groups key pool.
Phases 2 & 3Phases 2 & 3 Shared key DiscoveryShared key Discovery
Broadcast indices of keys.Broadcast indices of keys. Setup secure links with neighbors.Setup secure links with neighbors.
Path Key EstablishmentPath Key Establishment Use previously established secure channels to setup Use previously established secure channels to setup
keys with unconnected neighbors.keys with unconnected neighbors. Allows intermediate nodes to determine keys.Allows intermediate nodes to determine keys. Problem: Intermediate nodes may be compromised, choose Problem: Intermediate nodes may be compromised, choose
a key known by attacker.a key known by attacker. Probability of securing a link between nodes over three Probability of securing a link between nodes over three
hops is close to one.hops is close to one. Requires communication overheadRequires communication overhead
Between nodesBetween nodes To determine who is choosing the keyTo determine who is choosing the key
Setting up Key PoolsSetting up Key Pools
Horizontally or vertically neighboring key Horizontally or vertically neighboring key pools share (0<a<.25) Spools share (0<a<.25) Scc keys keys22..
Diagonal neighbors share (0<b<.25) SDiagonal neighbors share (0<b<.25) Sc c
keyskeys
4a + 4b = 1 4a + 4b = 1 A and B are the over-lapping factors and A and B are the over-lapping factors and
define the amount of keys shared by define the amount of keys shared by neighboring groups.neighboring groups.
Non-neighboring groups share no keys.Non-neighboring groups share no keys.
Determining Overlapping FactorsDetermining Overlapping Factors
A determines shared values between A determines shared values between horizontal/vertical neighbors.horizontal/vertical neighbors. Connectivity (100)= .68Connectivity (100)= .68
B determines shared keys with B determines shared keys with diagonal neighbors.diagonal neighbors. Connectivity (100) = .48Connectivity (100) = .48
Key Pool SizeKey Pool Size
Group SGroup S1,11,1 chooses S chooses Scc from S, then removes from S, then removes those keysthose keys
For each cell SFor each cell S1,j1,j, for j=2…n, pick a*(S, for j=2…n, pick a*(Scc) keys ) keys from Sfrom S1,j-11,j-1. Then pick (1-a)*(S. Then pick (1-a)*(Scc) from pool.) from pool.
Repeat for each row SRepeat for each row Si,ji,j, also picking b*(S, also picking b*(Scc) ) keys from Skeys from Si-1,j-1i-1,j-1.. Flaw: There is no guarantee that a key will not Flaw: There is no guarantee that a key will not
percolate from one grid to the next if node (j+1) percolate from one grid to the next if node (j+1) can pick arbitrary keys from j.can pick arbitrary keys from j.
Causes nodes to share keys.Causes nodes to share keys.
Experimental SetupExperimental Setup
S = 100,000; a=.167; b=.083.S = 100,000; a=.167; b=.083. Number of nodes = 10,000Number of nodes = 10,000 Deployment area = 1000m X 1000m Deployment area = 1000m X 1000m t=n=10t=n=10
Grid size = t X n = 100mGrid size = t X n = 100m Group size = number of nodes / #gridsGroup size = number of nodes / #grids
100 nodes per group100 nodes per group Communication Range (R) = 40mCommunication Range (R) = 40m SScc = 1770 (for each group) = 1770 (for each group)
EvaluationEvaluation
Local Connectivity: Probability that Local Connectivity: Probability that two neighboring nodes share a key.two neighboring nodes share a key. M: number of keysM: number of keys
Evaluation cont.Evaluation cont.
Global Connectivity: relation between Global Connectivity: relation between size of isolated components and size size of isolated components and size of graph.of graph. Excludes nodes outside of Excludes nodes outside of
communication range since this is due communication range since this is due to deployment and not key-distribution.to deployment and not key-distribution.
Communication OverheadCommunication Overhead
As number of keys increase in As number of keys increase in memory, communication required memory, communication required decreases.decreases.
Point of UncertaintyPoint of Uncertainty
If each group shares only 1770 keys, If each group shares only 1770 keys, a lot of keys are reused a lot of keys are reused unnecessarily.unnecessarily. 100 nodes per group * 100 keys per 100 nodes per group * 100 keys per
node.node. Do we need 100 keys per group?Do we need 100 keys per group?
Is group connectivity guaranteed to Is group connectivity guaranteed to be 100%?be 100%?
Questions???Questions???