Wireless Sensor Network (WSN) is a kind of network composed of nodes associated with sensors. Each node has the characteristics of small size, limited power, low computation and wireless access. The sensor node is responsible for collecting and delivering data over wireless network, and it is desirable to keep the delivered data confidential along the wireless transmission path from one node to another.
To ensure secure peer-to-peer wireless communication, the shared session key between any two nodes must be derived. Some protocols use a trusted third party to deliver keys to every node, while other protocols pre-distribute communication keys to all nodes. Since WSNs are self-organized and trusted third party may not be available, key pre-distribution protocols are often adopted in such networks. However, key pre-distribution protocols need to store session keys in every node. This may be difficult in a sensor network where thousands of nodes are deployed with limited storage space only enough to store a small number of session keys. It is desirable to design a new key pre-distribution protocol, which can reduce the storage space of session keys for a large WSN without degrading its security.
Eschenauer and Gligor [23] proposed a key management scheme based on Random Graph
with n nodes, and the probability that a link exists between any two nodes in the graph is p. When p is zero, the graph G has no edges, whereas when p is one, the graph G is fully connected. Erdős and Rényi [9] showed the monotone properties of a random graph G(n, p) that there exists a threshold value of p, over which value the property exhibits a “phase transition”, i.e. the probability for G to have that property will transit from “likely false” to “likely true”. The threshold probability is defined by:
n P pln(n)ln(ln( c))
Eq(20) where Pc stands for desired probability of the property.
Furthermore, the expected degree of a node can be calculated by:
n
P n
n n p
d ( 1)(ln( ) ln( ln( c))) )
1 (
*
Eq(21)
Therefore, the scheme only needs to select d keys to keep a network connected under probability p. It can then significantly reduce the key space. These results are adopted herein as base assumptions. We will propose two key distribution schemes: Adaptive Random Pre-distributed scheme (ARP) and Uniquely Assigned One-way Hash Function scheme (UAO). Both schemes pre-distribute keys in each node before its deployment. According to random graph theory, a sensor network can be connected as long as enough keys are selected. Therefore, each node can communicate with each other without key exchange, which can save computational overhead for communications. More than that, both schemes minimize the storage requirement for key management. Though UAO scheme needs more storage space than ARP does, it provides mutual authentication.
The rest of this paper is organized as follows: The Adaptive Random Pre-distributed scheme and the Uniquely Assigned One-way Hash Function scheme are presented in Section II and III, respectively. Finally we give a conclusion in Section IV.
Adaptive Random Pre-distribution Scheme
ARP scheme is composed of two parts. One is the key pool, and the other is the key selection algorithm. The purpose of key pool is to store randomly generated keys, and the key selection algorithm is to select a set of keys from the key pool. Every node needs to select a set of keys from the key pool by using key selection algorithm before its deployment. These selected keys are saved in each node’s storage space. Any two nodes shares a common key is able to securely communicate with each other by using this shared key. In ARP, the key pool is a dimensional key pool in which keys are generated in two phases, and are arranged in two-dimensional order matrix. The key is pre-generated as follows:
Key Pool Generation Algorithm
Step 1: Randomly generate t keys, called seed keys, and any t one-way hash functions.
Step 2: For every seed key K and one-way hash functioni,0 F , a one-way key chain is i generated. It uses K as initial input, and computes the generated key with a one-way hash i,0 function F . The generated key is fed back into i F to generate a third key. The i procedureKi,j1F(Ki,j) is repeated until the entire key chain is generated.
Consequently, the key chainKC of length s, is composed of a series of keys, 0 K ,i,0 K , …, i,1
1 ,s
Ki . With t seed keys and t one-way hash functions, t key chains generated, namelyKC ,0 KC ,…, 1 KC . t1
Figure 18 demonstrates the difference between the conventional random key pool and the Two-Dimension Key Pool. As shown in Figure 18(a), the original random key pool can be regarded as a set of keys disorderly spread into a large pool. In Figure 18(b), keys of the Two-Dimension Key Pool are arranged in an s by t matrix.
(a) The unordered key pool (b) The Two-Dimension key pool s
t
Figure 18 Unordered key pool and the Two-Dimension key pool with t = 10, s = 10.
Key Selection Algorithm
The key selection algorithm is used to select a set of communication keys by all nodes before its deployment. The detail of the key selection algorithm for ARP scheme is described as follows.
First, suppose we need r keys, each sensor node randomly pick up an one-way key chain )
, , ,
( ,0 ,1 ,1
i i it
i KC KC KC
KC from the Two-Dimension Key Pool. Second, each sensor node randomly picks up the rest rrt keys. Each key is selected from different key chains, except the key chain KC selected in step 1. Third, each sensor node will randomly pick up one key in i the key chain selected in step 2. Fourth, each sensor node has chosen one key chain KC and r’ i single keys. For each sensor node, it will only need to memorize those r’ keys and the one-way hash function Fi and seed key KC of the key chaini,0 KCi.
Figure 19 shows an example of key selection, where t = 10, s = 10, and r’ = 5. The randomly selected one-way key chain isKC , and the rest r’ randomly picked keys are3 KC , 0,6 KC , 5,8 KC , 6,3
7 ,
KC , and 8 KC . 9,4
s
t
s
t
KC2
Figure 19 A key selection example
Uniquely Assigned One-Way Hash Function Scheme
In ARP, any two nodes shared a session key can directly communicate with each other in a
may not be able to authenticate with the shared key the identity of an individual. To cope with the problem, UAO extends ARP to authenticate individual sensor node identities. The detail of UAO is describes as follows.
For each sensor node SNi, it was assigned a unique identity IDi and a uniquely assigned one-way hash function Fi before its deployment. In contrast to ARP key selection algorithm, UAO scheme does not select key. Instead, it uses IDi and Fi to decide a key, where IDi can be the node’s MAC address or identifier; and Fi is a one-way hash functions. The UAO key decision algorithm is as follows:
Key Decision Algorithm:
Step1: Assume the required number of keys to achieve the Random Graph theory is r. For each sensor node SNi in the network, the first SNi will randomly select r of other sensor nodes in the network. We denote the sensor nodes selected by SNi as SNv1, SNv2, …, SNvr.
Step 2: For each SNvj , where j ranges from 1 to r, it will use its unique one-way hash function Fj to generate a unique Kj for SNi. The Kj is generated by the following equation:
) ( i
j
j F ID
K
SNi will memorize all pairs of Kj and IDj in its key ring.
Mutual Authentication
After applying key decision algorithm, every node is deployed in a WSN. For any communication between two nodes, SNi and SNj, SNi shares unique session key Kj with SNj, and
SNj shares unique session key Ki with SNi. We can achieve mutual authentication due to SNi is the only one node which owns the unique one-way hash function Fi. If SNi can correctly calculate Kj and decrypt the cipher, then SNj can authenticate the identity of SNi. Due to Kj is derived from Fi and IDj, if SNj really owns the key Kj then it will make the correct response.
Therefore the SNi will be able to authenticate SNj with IDj.
Evaluation
To evaluate ARP scheme and UAO scheme, both schemes are analyzed in space storage and security strength separately.
Evaluation of ARP Scheme:
To evaluate ARP scheme, the connectivity probability is analyzed because it was observed in the preceding section that ARP is proposed based on Random Graph Theory. If the connectivity probability of different schemes is putting the same, the scheme which needs minimum keys will need less storage space than other schemes.
To evaluate the required probability of connectivity, the network size n and the expected probability Pc of forming a connected graph must be determined. By given n and Pc, we can calculate the threshold probability p and the expected degree d by Equation (20) and (21).
Moreover, since a sensor node cannot communicate with all other nodes in the network, only a limited number of neighbor nodes n’ can be contacted. Therefore, the probability of sharing a common key between any two nodes in a neighborhood is:
' ' n p d
Also, the required key ring size s and the key pool size K to achieve the probability of neighborhood connectivity can be determined.
We denote the probability of any two nodes in the neighborhood sharing at least one common key in Two-Dimension Key Pool Selecting scheme as p’. It is proved that p’ is related to the number of key chains t, key chain length s, and the number of selected keys r’. The p’ can be calculated by one minus the probability that any two nodes in the neighborhood do not sharing any key. To calculate the probability that any two nodes A and B do not sharing any key, the calculation can be categorized into four parts:
(1) A’s one-way key chain does not match with B’s one-way key chain.
(2) A’s one-way key chain does not match with any B’s selected keys.
(3) A’s selected keys do not match with B’s one-way key chain.
(4) A’s selected keys do not match with any B’s selected keys.
Since B selects one hash function and r’ selected keys in different key chains, A’s one-way key chain must belong to the rest of the h – (r’+1) key chains. Therefore, the probability of matching
the first and the second conditions both are h r h( '1)
.
In the third condition, it is taken into consider that we randomly choose r’ key chains from the key pool. A’s r’ selected keys must not belong to A’s key chain. As to match the third condition, it must not also belong to B’s key chain. Thus the probability can be calculated as
1
For the fourth condition, it is supposed that A and B have exactly i selected keys belonging to the same i key chains and the probability that A and B have exactly i selected keys belonging to
the same i key chains as p(i). There are
ways to pick i common key chains from B’s selected key ring. There are only (h – 2 – r’) key chains for us to pick up the rest of A’s (r’ – i) selected keys, due to we have to eliminate A’s and B’s key chains and the other r’ key chains that B’s r’
selected keys belonging to. Thus there are
. Therefore we get the following equation:
Moreover, considering that A and B have exactly i selected keys belonging to the same key chains, the probability that A’s selected keys do not match with any B’s selected keys becomes:
i
Hence, to calculate the probability of matching the fourth condition, we have to consider all possible value of i, where i = 0, 1, 2, …, r’. Thus the probability for the fourth condition is:
By Summarizing the above four conditions, we can calculate the probability p’ by the following equation:
Figure 20 shows the probability of connectivity with different configurations of number of key chains t and the key chain length s.
Figure 20 Comparison of different configured Two-Dimension Key Pool Selecting Schemes and basic scheme (key pool size is 100,000)
As Figure 20 shows, under the same connectivity probability, the ARP scheme requires fewer keys than basic method. In other words, the ARP scheme demands for less storage space than the
basic scheme does. Moreover, with different h and y value, the ARP scheme needs different storage space. This can be left as an option for deployment consideration.
Evaluation of UAO:
In this section, evaluations of the probability of connectivity and the maximum supported network size are analyzed consequently. The maximum supported network size stands for maximum sensor node capacity that can achieve mutual authentication under the same memory storage space attached in every sensor node. In addition, we also make a comparison with the random-pairwise scheme in maximum supported network size and the probability of connectivity.
Probability of Connectivity:
In UAO scheme, the probability of any two nodes in the neighborhood sharing a common key can be evaluated by one minus the probability of that either nodes does not have any key derived from the other’s unique one-way function. The probability for any node to get a key derived from a particular node’s one-way function is
1 n
r . Because each node gets r keys in the key ring,
those keys are derived from r of n – 1 other nodes in the network. The probability of any two nodes in the neighborhood sharing a common key will be
)2
1 1 ( 1
' n
p r Eq(22)
Maximum Supported Network Size:
By combining Equation (22) and (23), the following the equation can be derived.
)2
Furthermore, by using Equation (21), the above equation can turn to be:
)2
The above equation can be simplified to:
' 0
By calculating the root of the above quadratic equation, we can get:
' )
It can be more simplified as:
')
In comparison with Random-pairwise scheme, we assume the network size is n, expected degree of graph connectivity is d, the number of neighbor nodes is n’, and the key ring size is r.
According to the definition of pairwise scheme, there are only r nodes having common shared keys with each sensor node and it still has to achieve the expected degree in the neighborhood.
Then we can find the following equation:
'
To analysis the relationship between memory space and network size, first we combine Equation (21) and Equation (25) to obtain the following equation:
))) ln(
ln(
) ' (ln(
) 1 (
Pc
n n
r n Eq(25)
According to the Equation (25), we can evaluate that the complexity of memory space requirement for the Random-pairwise scheme is O(nln(n)). In addition, according to the Equation (24), it is found that the complexity of memory space requirement for the UAO scheme is O(n ln(n)).
Figure 21 Comparison of Random-pairwise keys scheme and UAO scheme in memory
Figure 20 shows the comparisons of UAO scheme and random-pairwise keys distribution scheme in memory space requirement and the maximum supported network size. As Figure 21 shows, UAO scheme achieves better performance in maximizing network size under the same memory requirement. Therefore, with the same sensor node hardware equipment, UAO can adapt more sensor nodes in a network while remaining more security strength than random-pairwise key distribution scheme.
Summary
Key distribution is a critical and fundamental issue for the security service in wireless sensor networks. The pre-distributed and symmetric cryptography based key management system will be well suitable for the resource limited sensor network. Two efficient schemes are proposed which are based on the Random Graph Theory to provide key distribution for the secure sensor network services.
Adaptive Random Pre-distributed scheme needs less memory space at a given level of security strength. Uniquely Assigned One-Way Hash Function scheme possesses the characteristics of mutual authentication and resistance against node compromise. For a node with limited storage space, ARP can be used in the WSN with a large number of nodes.
The choice of schemes depends on the network size and available memory space. If there is enough memory space and authentication of individuals is desirable, Uniquely Assigned One-Way Hash Function scheme will be the better choice. This is mainly due to the fact that if a node is compromised, only one link is broken. Otherwise, the Adaptive Random Pre-distributed scheme serves as an alternative for the trade-off between memory space and security strength.