1. Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei

2.  Limited memory  Limited computational power  Limited energy

4.  Passive attacks ◦ Cipher text attacks  Active attacks ◦ Take control of a sensor node  Unfriendly environment  Nodes only trust themselves

5.  Secure pairwise communication  Memory efficient  Energy efficient  Tolerate the collusion of a set of corrupted sensors

6.  Have one master key ◦ Can’t tolerate nodes being taken over  Each node stores a seperate key for every other node ◦ Requires too much space ◦ Expensive to add more nodes later  Tradeoff ◦ Use less memory, but have only a probabilistic tolerance to nodes being taken over

7.  One way hash function  Symmetric encryption  Keyed hashed function  Pseudo-random number generator

8.  A key deployment scheme  A key discovery procedure  A security adaptive channel establishment procedure

9. Method used in A key-management scheme for distributed sensor networks:  A pool of P random keys is generated  Each sensors takes k random keys from the pool

10.  Challenge is encrypted using each key and then broadcasted  Needs to perform k^2 decryptions on receiver side and k encryptions on the sender side  At least k messages have to be sent

11.  Also used in A key management scheme for distributed sensor networks  Instead of challenge response, submit the indexes  Less secure, as a smart attacker can easily find the nodes that have the key it wants

12. Method used in Establishing pair-wise keys for secure communication in ad hoc networks: A probabilistic approach:  A pool of P random keys is generated  k indexes into the pool are created pseudo- randomly with a publicly known seed dependent on the node id.  Less secure than challenge-response, but can be improved

14.  Find out which keys are shared and xor them together  An attacker needs to know all shared keys

19.  Nearby sensors ◦ Weaker against geographically attacks  Random ◦ Larger communication overhead  Individual properties ◦ More trusted nodes can give higher security

20.  They give an upper bound on the probability that the channel between two nodes is corrupted, given w corrupted nodes

21.  Sensor failure resistent ◦ Can add more sensors if required  No information leakage ◦ Sensors in the C set only transmits hash values of their keys  Adaptiveness ◦ If an upper bound of w is known, C can be chosen to secure communication with a desired probability.  Load balance ◦ a sends c+1 message, sensors in C send 1, tot=2c+1 ◦ Only done once during setup

22.  Sensor doesn’t respond ◦ After timeout, node a can pick another node  Sensor sends correct key ◦ Lowers security  Sends false key ◦ Can pick another C set ◦ Notify trusted base-station ◦ Aware that network is under attack

23.  If node a has the keys that node a should have, according to the pseudo-random number generator, it’s probable that a is a.

27.  M = {}  for all keys k in P ◦ z = RND(id||k) ◦ if(z%(|P|/m)==0)  put k into M  |M| must be less than memory size but larger than the security constraints  Discard ID if conditions not satisfied