Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks

Minghui Shi, Xuemin Shen, Yixin Jiang, Chuang Lin

CMSC 681 Fall 2007Advanced Computer Networks

Isaac Mativo

Sensor Node Typical sensor node contains

Power unit Sensing unit Processing unit Storage unit Wireless transceiver

Wireless Sensor Node may be able to monitor several parameters by combining several kinds of sensor nodes

Wireless Sensor network

Architecture of a wireless sensor network

Data processing and management center

Internet/satellite

Base Station

Sensor field

Motivation Important to prevent unauthorized nodes to

access some information Traffic encryption key (TEK) is used to encrypt

data at source and decrypt at destination TEK refreshed continuously by the group key

manager (GKM) This process may degrade performance and

scalability Authors propose two schemes which ensures

secrecy, certain collusion freedom, and group confidentiality.

Algorithm based on the dual direction hush chain (DDHC) and hash binary tree (HBT)

Important Issues Key management

in WSN Resilience against

node capture Resilience against

node replication Node revocation

or participation Scalability – as

network grows

Group-wise key distribution schemes Group

confidentiality Forward secrecy Backward secrecy Collusion freedom

DDHC DDHC is composed of two one-way hash

chains Forward hash chain Backward hash chain

Limited Time Node Revocation y = Hash(x): Should be easy to compute

y given x, but computationally infeasible to compute x such that y = Hash(x)

Hash Binary Tree

How the Schemes Work DDHC

Group key manager (GKM) selects a secret seed to generate the one-way hash chain

The rekeying message is broadcast within the sensor network from time to time

Each legitimate node within the group is able to compute the traffic encryption key (TEK) to encrypt and decrypt the multicast messages

Time-limited node revocation scheme: TEK = f(Nf, Nb, RK)

Each node has a small storage buffer that enables it to perform self-healing recovery of a rekeying message.

Lost RK can be recovered using the one-way hash function and the last received RK

HBT Also based on hash functions To improve security, the HBT is

adopted to generate all pre-assigned seeds.

GKM assigns the seeds, which include the sub-root nodes that are then used to compute the leaf nodes

Each TEK is linked to a leaf node, and all leaf nodes are derived using a hash algorithm on these seeds.

Time-limited node revocation mechanism: TEK = f(S(D, t), RK)

Lost RK can be recovered using the one-way hash function and the last received RK

Conclusion

Scheme provides: Low storage overhead Low Communication overhead

(broadcast and unicast) Low to medium implementation

complexity Implicit authentication Tolerance for lost rekeying messages Forward and backward secrecy

Questions?

The End