A Robust on-Demand Path-Key Establishment Framework via Random Key Predistribution for Wireless Sensor Networks
Hindawi Publishing Corporation
EURASIP Journal on Wireless Communications and Networking
Volume 2006, Article ID 91304, Pages 1–10
DOI 10.1155/WCN/2006/91304
A Robust on-Demand Path-Key Establishment Framework via
Random Key Predistribution for Wireless Sensor Networks
Guanfeng Li,1 Hui Ling,1 Taieb Znati,1 and Weili Wu2
1 Department of Computer Science, University of Pittsburgh, Pittsburgh, PA 15260, USA
2 Department of Computer Science, University of Texas at Dallas, Richardson, TX 75083-0688, USA
Received 2 October 2005; Revised 11 January 2006; Accepted 12 January 2006
Secure communication is a necessity for some wireless sensor network (WSN) applications. However, the resource constraints of a
sensor render existing cryptographic systems for traditional network systems impractical for a WSN. Random key predistribution
scheme has been proposed to overcome these limits. In this scheme, a ring of keys is randomly drawn from a large key pool and
assigned to a sensor. Nodes sharing common keys can communicate securely using a shared key, while a path-key is established
for those nodes that do not share any common keys. This scheme requires moderate memory and processing power, thus it is
considered suitable for WSN applications. However, since the shared key is not exclusively owned by the two end entities, the
established path-key may be revealed to other nodes just by eavesdropping. Based on the random-key predistribution scheme,
we present a framework that utilizes multiple proxies to secure the path-key establishment. Our scheme is resilient against node
capture, collusive attack, and random dropping, while only incurring a small amount of overhead. Furthermore, the scheme
ensures that, with high probability, all path-keys are exclusively known by the two end nodes involved in the communication along
the path.
Copyright © 2006 Guanfeng Li et al. This is an open access article distributed under the Creative Commons Attribution License,
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
1.
INTRODUCTION
Recent advances in wireless technologies have led to a new
generation of inexpensive sensors and actuators. Individually, these devices are resource-constrained and, as such,
are only capable of a limited amount of processing and
communication. When deployed in a large number, however, the coordinated effort of these networked devices bears
promises for a significant impact, not only on science and
engineering, but equally importantly on a broad range of
civil and military applications, including health care, critical infrastructure protection, environmental and wildlife
monitoring, crisis management, and military reconnaissance.
Harnessing the potential of wireless sensor networks,
however, brings about a number of fundamental challenges,
the most critical of which is security. It is frequently the case
that sensors are deeply embedded into the environment or
deployed in open areas, making them vulnerable to physical
attacks and potentially compromising sensor nodes’ security.
Secure communication among sensors, during the response
phase to an attack on a critical infrastructure, for example, is
crucial for emergency responders to successfully coordinate
their activities. Malicious information, injected by attackers
during the response phase may hamper greatly the ability of
first responders to communicate and share data. Cryptology
methods are, therefore, needed to achieve secure communication among sensor nodes.
Since sensors will either have to be powered by small
nonrenewable batteries, or by a modest amount of energy
that can be harvested from the environment, developing
energy-efficient cryptographic algorithms and methods is a
critical issue in designing security protocols for wireless sensor networks. The sensors’ resource constraints, coupled with
their limited knowledge of the topology within which they
are deployed, render public-key-infrastructure-(PKI) based
schemes inappropriate for wireless sensor networks. Carman
et al. pointed out that asymmetric cryptography algorithms,
like 1024-bit RSA, consume at least two orders of magnitude more energy than symmetric cryptography algorithms,
such as 1024-bit AES in [1]. Furthermore, symmetric-key
cipher and hash functions execute between two to four orders of magnitude faster than their asymmetric counterparts.
Similarly, trusted server-based cryptography systems, such as
Kerberos, do not apply in WSNs, as these schemes require a
trusted third party which is not always available in WSNs.
Consequently, these schemes may not be scalable when a
WSN involves thousands of sensor nodes. These constraints
�2
EURASIP Journal on Wireless Communications and Networking
leave designers of security protocols for WSNs with no choice
but to use symmetric-key cryptographic systems.
In symmetric-key cryptographic systems, keys have to be
installed onto sensors before deployment. Nodes then use
shared keys to conduct secure communication. Two strategies can be used to distribute shared keys between sensors in
WSNs. In the first strategy, all sensor nodes share the same
session key, while in the second case each sensor node shares
a unique key with each of the remaining n − 1 sensors, where
n is the total number of sensors in the WSN. The advantage
of the first strategy stems from its low maintenance cost. In
this strategy, however, the compromise of one single node
may jeopardize the security of the entire network. The second
strategy has potential to achieve perfect security even when a
number of nodes are captured. In large WSNs, however, this
approach requires installing n − 1 keys in each sensor and, as
such, may be prohibitive, given the limited memory size of
a sensor node. Furthermore, sensors are likely to fail due to
hardware faults or energy depletion caused by excessive communication. Consequently, in order to maintain the level of
node density required to meet the quality of service requirement of the applications, new sensors may have to be injected
into the existing network. The addition of these nodes further limits the applicability of the second approach, as it requires installing new keys into the existing sensors in order
to facilitate communication between these sensors and the
newly injected ones.
To overcome the shortcomings of the above strategies, a
random key predistribution scheme has been proposed [2].
This scheme only requires a relatively small number of keys,
in the order of ten to one hundred, to be installed onto each
node, to achieve connectivity between pair of nodes with
high probability. The link with two end nodes sharing keys
is called secure link. Nodes that do not share a key set up a
path-key, through negotiation, using paths formed by secure
links. The major shortcoming of this scheme is during pathkey establishment, communication between the end nodes is
exposed to intermediate nodes along the path.
This path (...truncated)
