1. A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor

2. Introduction Constraints Problems with Current Solutions Key Distribution Key Revocation, Re-Keying, and Node Capture Resiliency Analysis and Simulation Problems

3. Constraints Power Computation Key Transmission Digital Signatures Storage Space Code Keys

4. Problems with Current Solutions Global Keys Compromise Is Drastic Pair-Wise Keys Storage Problems Inefficiency Re-keying and Node Additions Are Expensive

5. Key Distribution Key pre-distribution phase Preconfigured keys Generation of key pool Randomly chosen sets of keys from key pool  key ring Probability 2 nodes share key is very high Key identifiers are remembered by base station, and base station shares key with every node

6. Key Distribution Cont’d. Shared key discovery phase Nodes broadcast key identifiers If 2 nodes share a key identifier then a secure link is set up Links at routing layer are only set up if a shared key exists Can protect this exchange with a encrypted challenge

7. Key Distribution Cont’d. Path key establishment phase Enables two nodes not sharing a key to communicate via a multi-hop link Relies on the fact that many keys on a key ring remain unused after shared key discovery phase

8. Revocation Revoke keys of a compromised node Base station broadcast a signed message containing all keys to be removed from key ring To sign message base station generates new key and unicasts it to each node Node uses this key to verify signature of revocation message

9. Re-Keying Keys may have a lifetime shorter than that of node Nodes simply remove key from key ring and begin shared key discovery phase again

10. Node Capture Resiliency 2 threat levels Sensor input manipulation Bogus data Difficult to detect, harder to prevent Data correlation for redundant sensors Physical Compromise Tamper-proof construction

11. Node Capture Resiliency Cont’d. Automatic key erasure Global key = complete compromise Pair-wise keys = n-1 links to compromised are available Key distribution scheme = k << n are compromised

12. Analysis Probability and Graph Theory Expected degree of a node to ensure connectivity? Sizes of key ring, key pool, and network

13. Analysis Cont’d. Key sharing probabilities Logarithmic increase: as network size increases key ring increases logarithmicaly

14. Simulations Effects on Network Topology Dependent on size of key ring Multi-hop neighbors can use path only once

15. Simulations Cont’d.

16. Resiliency revisited Node compromise limits number of links attacker gains access to:

17. Analysis Relatively simple operation Complicated staging and pre- deployment Need to take future into account when deciding on key-sizes and key-lifetimes. Achieves relatively low power and computation

18. Problems No authentication in key discovery phase Open to selective forwarding attack: Compromised node C tells hears node A tell node B it has key 4. C then tells A it also has key 4. A might then send info to C, and C can drop packets. Limited since C can’t actually encrypt anything since it doesn’t actually have key 4.

19. Problems Cont’d. Compromised node could keep broadcasting a different key identifier list causing neighbors to waste bandwith searching their key list. Sibyl attack where compromised node repeatedly sends out different key identifier lists. Possibly making a nodes link table grow too large