Key Establishment Protocol for Wireless Sensor Networks
Wireless sensor networks usually comprise a number of sensors with limited resources.
Each sensor includes sensing equipment, a data processing unit, a short range radio device
and a battery [Pottie & Kaiser, 2000; Kahn et al.,1999; Akyildiz, 2002]. These networks have
been considered for various purposes including border security, military target tracking and
scientific research in dangerous environments [Perrig et. al., 2002; Kung & Vlah, 2003;
Brooks, 2003]. Since the sensors may reside in an unattended and/or hostile environment,
security is a critical issue. An adversary could easily access the wireless channel and
intercept the transmitted information, or distribute false information in the network. Under
such circumstances, authentication and confidentiality should be used to achieve network
security. Since authentication and confidentiality protocols require a shared key between
entities, key management is one of the most challenging issues in wireless sensor networks
(WSNs) [Perrig et. al., 2002].
In the literature, key management protocols are based on either symmetric or asymmetric
cryptographic functions [Perrig et. al., 2002]. Due to resource limitations in the sensors, key
management protocols based on public keys are not suitable [Perrig et. al., 2002], [Chan et.
al., 2003]. Hence, key management protocols based on symmetric cryptographic functions
have been extensively investigated [Chan et. al., 2003-Fanian et.al, May 2010]. There are two
types of symmetric key management schemes based on an on-demand trust center or key
pre-distribution. With an on-demand trust center, the center must generate common keys
for every pair of nodes that wish to establish a secure connection. Due to the lack of an
infrastructure in WSNs, this scheme is not suitable. With key pre-distribution, key material
is distributed among all nodes prior to deployment. In this scheme, each node carries a set
of keys to establish a secure connection with other nodes.
A number of key pre-distribution schemes have been developed. A very simple approach is to
have a unique pre-loaded key that is shared among the nodes. Then all sensors can encrypt or
decrypt data between themselves using this key. Due to its simplicity, this method is very
efficient in regards to memory usage and processing overhead, but it suffers from a very
serious security problem. If even one of the sensors is captured by an adversary, the security of
the entire network will be compromised. Another simple approach, called the basic scheme, is to generate a distinct key between every pair of sensors and store these in the sensors. In this
case, if N sensors are deployed in the network, each must store N-1 keys. Despite ideal
resilience, this scheme is not scalable, and is not memory efficient, particularly in large
networks. In addition, after node deployment, if a new node wants to join the network, none
of the previously deployed sensors will have a common key with the new node. Recently,
many key establishment protocols have been proposed to address this problem [Chan et. al.,
2003- Fanian et. al., 2010], but as we will show most have security or performance issues. These
schemes are based on random key pre-distribution, symmetric polynomials and/or the Blom
scheme. As shown in the analysis section, with the protocols based on random key predistribution,
an adversary can obtain the common key between non-compromised sensors by
compromising some sensors. Thus, these schemes have a serious security problem. In the
symmetric polynomial and/or Blom scheme, however, perfect security can be achieved but
resource consumption is an issue. In this chapter, a key establishment protocol employing four
key pre-distribution models for sensor networks with different requirements.
In this chpate, we propose a new key establishment protocol called HKey. In this protocol,
both efficient resource consumption and perfect security are the goals this protocol. The
approach is similar to that of the basic scheme where every pair of sensors has a unique
common key. In the proposed protocol, each sensor has a secret key and a unique identity. The
common key between two sensors is generated using the secret key of one node and the
identity of the other. This key is stored only in the latter node. For example, suppose sensors A
and B want to generate a common key. Before deployment, the key distribution center (KDC)
generates a key, for example, using the secret key of A and the identity of B, and stores this key
only in B. When these sensors want to establish a common key, sensor A can generate the key
with its own secret key and the identity of B. Sensor B just retrieves this key from its memory.
Hence the memory usage in the proposed scheme is half that of the basic scheme.
In HKey, we propose several different models based on the WSN requirements. In some of
these models, the aim is low memory consumption in the sensors. In others, network
connectivity and memory usage are equally important. In the last model, the goal is high
connectivity. The models are deterministic, so every sensor knows whether or not it can
establish a direct common key with another sensor. Since, every pairwise key between two
sensors is unique, the security of the protocols is perfect. Also, it this protocol, only one node
needs to store a common key, the common key can be generated between a new node and
an old one based on the proposed protocol and the key stored in the new node. Therefore,
this protocol is scalable. As we will show, this protocol is efficient in comparison other
The rest of the chapter is organized as follows. Section 2 reviews some required primitives
including related work. Details of our key establishment protocol are discussed in Section 3.
Performance evaluation and security analysis of the proposed protocol are presented in
Section 4. Finally, some conclusions are given in Section 5.