A Survey and Taxonomy of Symmetric Key Management Schemes for Wireless Sensor Networks

Suman Bala Thapar University

Patiala, India +91-9888902419

suman.bala@thapar.edu

Gaurav Sharma Thapar University

Patiala, India +91-9350620203

sharmagaurav@ieee.org

Anil K. Verma Thapar University

Patiala, India +91-9888601667

akverma@thapar.edu

ABSTRACT WSN is the collection of thousands of tiny sensor nodes which have the capability of sensing, computing and transmitting the information in the network. Due to the low circuit design, it has some resource constraints but still efficient to carry the information through wireless communication. The exchange of information in a secure manner is critical in WSN. There are many techniques developed in recent years for the security purposes, one of the core areas is the key management. Key management is a challenging issue in sensor networks. In this paper classification of key management techniques for wireless sensor networks based on the encryption techniques has been presented. Also the open issues in this area are focused.

Categories and Subject Descriptors D.4.6 [Security and Protection] Cryptographic controls.

General Terms Algorithms, Performance, Security.

Keywords Wireless Sensor Networks, Key Management, Symmetric Key Management.

1. INTRODUCTION A WSN is a collection of thousands of resource constrained sensor nodes which can communicate through wireless medium. These nodes are preferable because they are inexpensive, self-organized and easy to deploy, but due to limited battery, limited processing power, limited memory and wireless nature, it is easy to get control over it. Security of WSN is a very important aspect because they carry sensitive information that may be captured by intruder or different types of attack can be played over it. WSN has both military and civilian applications such as detecting and monitoring enemy movement, battlefield surveillance, detection of chemical or biological attack, traffic monitoring, health care and forest fire detection. Various attacks like Denial of Service,

node tampering, eavesdropping can be easily implemented in WSN due to their constrained environment. Therefore there should be some flexible and effective mechanisms for secure communication in WSN.

Key management protocols play an important role for security in WSN. The main goal of key management scheme is to provide secure communication between sensor to sensor, a group of sensor and sensor to base station. These are known as unicast, multicast and broadcast respectively. Key management is a bundle of components such as key establishment- protocol in which shared secret keys are available to both the parties. Several researchers have categorized the key management techniques into three categories: symmetric, asymmetric and hybrid. The paper presents the classification of symmetric key management schemes for WSN.

2. CLASSIFICATION OF SYMMETRIC KEY MANAGEMENT SCHEMES There are various ways in which we can classify key management schemes in wireless sensor networks by considering different benchmarks. Key management schemes in wireless sensor networks can be classified broadly into dynamic or static solutions based on whether rekeying of administrative keys is enabled post network deployment. Key management schemes in wireless sensor networks can also be classified into homogeneous and heterogeneous schemes based on the role of network nodes in the key management process. Homogeneous schemes are generally flat network model, while heterogeneous schemes are used for both flat and clustered networks. Another criterion of distinction is hierarchical and distributed sensor networks based on network models. Other classification criteria include whether nodes are anonymous or have pre-deployment identifiers, and if so, when (pre-, post-deployment, or both), and what deployment knowledge (location, degree of hostility, etc.) is provided to the nodes.

In this paper, taxonomy of symmetric key management schemes has been presented. Figure 1 shows the classification of symmetric key management schemes for wireless sensor networks. We classify symmetric key management schemes broadly into three categories, base-station participation scheme, trusted third node based scheme and pre-distribution schemes. Based on the key distribution, key discovery and key establishment in the pre-distribution schemes, we classify these schemes into nine categories, these are: master key based pre-distribution scheme, pair-wise key pre-distribution schemes, pure probabilistic key pre-distribution schemes, polynomial based key pre-distribution schemes, matrix based key pre-distribution

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. CUBE 2012, September 3–5, 2012, Pune, Maharashtra, India. Copyright 2012 ACM 978-1-4503-1185-4/12/09…$10.00.

585

schemes, tree based key pre-distribution schemes, hierarchical key management scheme, combinatorial design based key pre-distribution schemes, EBS based key pre-distribution schemes. Merits and demerits of symmetric key management schemes for wireless sensor networks have been presented in Table 1.

Recently, a combination of trusted-server scheme and key pre-distribution scheme that meets the security requirements of WSN has been proposed by Yang et al. [23]. A novel approach to divide the master key into several sub keys by adopting the main idea of threshold secret sharing scheme, combing the clustering structure of WSN with dynamic key management scheme, and finally a new key management scheme has been proposed by Hu et al [12]. Compared to other key management schemes, their protocol has strong security and resistance of captured attack as well as low computational overhead and storage.

2.1 Base Station Participation Scheme In base station participation schemes, a trusted, secure base station is used as an arbiter to provide link keys to sensor nodes. Each sensor node shares a unique key with a base station, which acts as a Key Distribution Centre (KDC). Thus, the scheme is also called centralized Key Distribution Centre (KDC) approach. The authentication is provided by the sensor nodes itself to the base station. After that the base station generates a link key and sends it to both parties securely. The scheme requires less memory and perfectly controlled node replication, also it is resilient to node capture and possible to revoke key pairs. But it is not scalable and the base station becomes the target of attacks.

SPINS [21]. SPINS, a security building block, optimized for resource-constrained environments and wireless communication, is an authenticated routing scheme and a secure node-to-node key agreement protocol. The protocol is based on trusted base server. SPINS protocol has two secure building blocks: SNEP (Secure Network Encryption Protocol) which provides the data confidentiality, two-party data authentication, and data freshness with low overhead and μTESLA (the “micro” version of the Timed, Efficient, Streaming, Loss-tolerant Authentication Protocol) which provides authenticated broadcast for severely resource-constrained environments.

Logical Key Hierarchy for Wireless sensor networks (LKHW) [22]. LKHW is a secure group communication scheme which is based on directed diffusion and Logical Key Hierarchy (LKH) scheme, is used to protect the directed diffusion protocol. It is a key tree structure with source nodes as leafs and a sink node as the root where each leaf node holds keys along the path from it to the root node. LKHW integrates security and routing in a single framework.

2.2 Trusted Third Node Based Scheme In trusted third node based scheme a peer sensor node is used as a trusted intermediary for the establishment of a shared key between nodes.

Peer Intermediaries for Key Establishment PIKE [5]. (PIKE) is a key distribution scheme which is based on using peer sensor nodes as trusted intermediaries. The objective of the scheme was to address the lack of scalability of existing symmetric key distribution schemes. The scheme establishes keys between any two nodes by using one or more sensor nodes trusted intermediaries regardless of network topology or node density.

The scheme is having less communication overhead as compared to KDC approach.

Master Key Based Pre-Distribution Scheme

Pairwise Key Pre-Distribution Schemes

Pure Probabilistic Key Pre-Distribution Schemes

Polynomial Based Key Pre-Distribution Schemes

Matrix Based Key Pre-Distribution Schemes

Tree Based Key Pre-Distribution Schemes

Hierarchical Key Management Schemes

Combinatorial Design Based Key Pre-Distribution

EBS Based Key Pre-Distribution Schemes

BROadcast Session Key negotiation protocol [15] Lightweight Key Management System [6]

Random Pair-Wise Keys Scheme [4]

Random Key Pre-Distribution Scheme [11] Q-Composite Random Key Pre-distribution scheme [4] Multipath Key Reinforcement Scheme [4] Closest Pairwise Keys Pre-Distribution Scheme [17; 19] Random Key Pre-Distribution Using Node Deployment Knowledge [7] Key Pre-Distribution Using Post-deployment Knowledge [19]

Polynomial Based Pairwise Key Pre-Distribution [18] Polynomial Pool-Based Pairwise Key Pre-Distribution [18] Random Subset Assignment Key Pre-Distribution Scheme [18, 20] Grid-Based Key Pre-Distribution [18] Location-Based Pair-Wise Keys Using Bivariate Polynomials [17] Closest Polynomials Scheme [19] Hypercube-Based Key Pre-Distribution Scheme [20] Random Perturbation-Based (RPB) Scheme [27]

Grid-Group Deployment Scheme [13] Robust Group-Based Key Management Scheme [26] Multiple-Space Key Pre-distribution Scheme [8] CARPY scheme [25]

ID-Based On-Way Function Scheme [16] Deterministic Multiple Space Blom’s Schemes [16]

Localized Encryption And Authentication Protocol (LEAP) [28] A Time-Based Deployment Model [14]

Combinatorial design-based key pre-distribution schemes [3]

EBS-Based Key Pre-Distribution Schemes [9] SHELL [24] LOcalized Combinatorial Keying (LOCK) scheme [10]

Symmetric Key Management Schemes

Pre-Distribution Schemes

SPINS [21] Logical Key Hierarchy for Wireless sensor networks [22]

Peer Intermediaries for Key Establishment (PIKE) [5]

Base Station Participation Schemes

Trusted Third Node Based Schemes

Figure 1. Classification of symmetric key management schemes.

586

2.3 Pre-Distribution Schemes In the initialization of the scheme, each node is distributed with the secret keys or secret information before deployed into the sensing area. The key pre-distribution scheme comprises three phases: key pre-distribution phase, shared-key discovery phase and path-key establishment phase.

2.3.1 Master Key Based Pre-Distribution Scheme A single or master key is loaded to all the sensor nodes of the network before the deployment of the nodes in the network. After deployment, every node in the network can use the master key to encrypt and decrypt the messages. The benefit of such schemes includes minimal storage requirements and avoidance of complex protocols. This also prevents the process of key discovery or key exchange. But, this will lay the network to the compromising state because of the single node shared throughout the network.

BROadcast Session Key negotiation protocol (BROSK) [15]. BROSK broadcasts key negotiation messages to construct link-dependent keys where each node can negotiate a session key with its neighbors. The scheme solves the problem of authentication by constructing trust levels among the nodes.

Lightweight Key Management System [6]. The scheme is based on the basic bootstrapping protocol where secure links are established between sensors which are deployed in different phases. It authenticates and establishes secure local links by using initial trust which is put up from a small set of shared keys. A group authentication key and a key-generation key have been stored to each sensor node. The authentication key is used for the authentication of the two sensor nodes which must be from same generation and for the establishment of the session key random nonce values are exchanged.

2.3.2 Pair-Wise Key Pre-Distribution Scheme Pair-wise keys are loaded to all the nodes before they are being deployed in the network. For example, if the n sensor nodes in the network then, n-1 unique pair-wise keys loaded to each node in the network, which allows each node to communicate with all other nodes in its communication range. The merit of the approach is increased resilience against the node capture and offers node-to-node authentication. This minimizes the chance of node replication but the drawback is the additional overhead needed for each node to establish n-1 unique key with all the other nodes in the network and maintenance of those keys in the memory. The key-distribution process consists of three phases: (i) key pre-distribution phase; (ii) shared-key discovery; (iii) path-key establishment phase.

Random Pair-Wise Keys Scheme [4]. The random pair-wise keys scheme is a pair-wise key pre-distribution scheme in which distinct pair-wise keys are loaded to the sensor nodes before deployment.

2.3.3 Pure Probabilistic Key Pre-Distribution Schemes The master key based schemes and pair-wise key pre-distribution scheme are trivial solutions. That means in both the cases if memory requirement and key connectivity is considered then resilience would compromised or vice versa. Thus, to overcome such disadvantages, there is one more solution which ensures some probability that any two sensor nodes can communicate

using a pair-wise key. The scheme does not, however, ensure that two nodes are always able to compute a pair-wise key for secure communication.

Random Key Pre-Distribution Scheme [11]. A random key pre-distribution scheme was proposed for distributed sensor networks which are dynamic in nature, in the sense that they allow addition and deletion of sensor nodes in the network after deployment. The scheme basically focuses on the bootstrapping problem in sensor networks.

Q-Composite Random Key Pre-distribution Scheme [4]. Q-common keys chosen from a large key pool instead of one common key in the basic scheme [11] are loaded in each of the sensor node. This will increase the resilience of the network against node capture.

Multipath Key Reinforcement Scheme [4]. The scheme used with basic random key scheme to strengthen the security of an established link key by establishing the link key through multiple paths.

Closest Pair-wise Keys Pre-Distribution Scheme [17; 19]. The scheme is based on pseudo random function (PRF) and a master key is shared between each sensor and the setup server where each sensor node share pair-wise keys with a number of other sensor nodes whose expected locations are closest to the expected location of the sensor node.

Random Key Pre-Distribution Scheme Using Node Deployment Knowledge [7]. The most important knowledge for pre-distribution is the knowledge of the nodes that are likely to be neighbors of each sensor nodes. Deployment knowledge can be exhibited using non-uniform probability density functions (pdfs) which means that the positions of sensor nodes to be at certain areas.

Key Pre-Distribution Using Post-deployment Knowledge [19]. The objective of the scheme is to improve the pair-wise key pre-distribution in static sensor networks. Pre-distributed keys got priority based on post-deployment knowledge, after assigning an excessive amount of pre-distributed keys to each sensor node, and discard low priority keys to prevent node compromise attacks and return memory to the applications.

2.3.4 Polynomial-Based Key Pre-Distribution Schemes Polynomial-based key pre-distribution scheme is based on pair-wise keys pre-distribution schemes. Thus, these schemes overcome some of the probabilistic pre-distribution schemes’ disadvantages. These are: (1) Any two sensors can definitely establish a pair-wise key when there are no compromised sensors; (2) Even with some nodes compromised, the others in the network can still establish pair-wise keys; (3) A node can find the common keys to determine whether or not it can establish a pair-wise key and thereby help reduce communication overhead.

Polynomial Based Pair-wise Key Pre-Distribution [18]. The scheme uses the concept of the protocol in [2] which was developed for group key pre-distribution.

Polynomial Pool-Based Pair-wise Key Pre-Distribution [18]. It is a general framework which is based on polynomial based key pre-distribution and key pool [11; 4]. A pool of randomly generated bivariate polynomials is used to establish pair-wise

587

keys between sensors. The polynomial pool has two special cases. (1) When the polynomial pool has only one polynomial, the general framework degenerates into the polynomial-based key pre-distribution. (2) When all the polynomials are 0-degree ones, the polynomial pool degenerates into a key pool as in Basic Scheme [11] or the Q-Composite scheme [4].

Random Subset Assignment Key Pre-Distribution Scheme [18; 20]. This scheme is based on polynomial pool-based pair-wise key pre-distribution. A random strategy is used for subset assignment during the setup phase. A random subset of polynomials in F is selected by the setup server and a polynomial share is assigned to the sensor node.

Grid-Based Key Pre-Distribution [18]. A scheme was proposed which is based on the components of the general framework designed in [18]. The scheme guarantees that any two sensors can establish a pair-wise key when there is no compromised sensor, provided that the sensors can communicate with each other.

Location-Based Pair-Wise Keys Scheme Using Bivariate Polynomials [17]. It is based on polynomial-based key pre-distribution technique and closest pair-wise keys scheme. The target field partitioned into small areas called cells, each of which is associated with a unique random bivariate polynomial.

Closest Polynomials Scheme [19]. It is a combination of the expected locations of sensor nodes with the random subset assignment scheme in [18] to overcome the limitations of sensor nodes. The polynomials for each sensor node are chosen based on its expected location instead of random selection as in the original random subset assignment scheme.

Hypercube-Based Key Pre-Distribution Scheme [20]. It is a generalization of grid-based key pre-distribution scheme [18]. It guarantees that any two sensor nodes can establish a pair-wise key when there are no compromised sensor nodes, assuming that the nodes can communicate with each other.

Random Perturbation-Based (RPB) Scheme [27]. The scheme is based on polynomials to generate pair-wise keys. The polynomials are defined over a finite field denoted as Fq, where q is a prime number.

2.3.5 Matrix-based key pre-distribution schemes In matrix-based key pre-distribution schemes, all possible link keys in a network of size n can be represented as an n × n key matrix, which is based on Blom’s concept [1]. Small amount of information is stored to each sensor node, so that every pair of nodes can calculate corresponding field of the matrix, and uses it as the link key.

Grid-Group Deployment Scheme [13]. Sensor nodes are uniformly deployed in a large area instead of randomly distributing keys from a large key pool to each sensor. Secret keys are systematically distributed to each sensor from a structured key pool.

Robust Group-Based Key Management Scheme [26]. It uses the concept of group-based key management scheme using sensor deployment knowledge. The sensor field is partitioned into hexagonal grids.

Multiple-Space Key Pre-distribution Scheme [8]. It is based on Blom’s key pre-distribution scheme and combines the random key

pre-distribution method [11] with it; which offers improved network resilience. In this scheme, complete graph is converting to a connected graph, so that each sensor node needs to carry less key information.

ConstrAined Random Perturbation based pair-wise keY establishment (CARPY) scheme [25]. Two sensor nodes communicate with each other only for exchanging the respective column, which can be known by the adversary. If each column can be generated by each sensor node itself, then communications will no longer be necessary. The second variation is (CARPY+) Communication-Free CARPY Scheme.

2.3.6 Tree-based Key Pre-Distribution Schemes In tree-based key pre-distribution schemes, sensor nodes are arranged in a tree in which each sensor node communicates with its parent node. So, the key establishment has done between neighbouring nodes along the aggregation tree. The new node receives two tickets that can be verified by two existing nodes randomly selected by the network administrator, before joining the network. After the deployment of a new node into the network, it generates a pair-wise key for its parent node. For securely transmitting the key to the parent, the new node splits the key into two parts and sends them with its tickets to the nodes selected by the administrator, which authenticates the new node and forwards key materials to the parent of the new node. The merit of a tree-based key distribution is the significantly reduction of the memory cost.

ID-Based On-Way Function Scheme [16]. In this scheme a public one way hash function was used to reduce the number of keys stored in the node. A unique ID is assigned to each sensor node and this ID is used to compute secret keys.

Deterministic Multiple Space Blom’s Scheme [16]. The basic idea of the scheme is to weaken the connectivity of the network graph to improve the resiliency of the multiple IOSs. The scheme considers the complete bipartite graph Km1,m2 instead of a complete graph.

2.3.7 Hierarchical Key Management Scheme A tree of keys is built for the hierarchical network, where the keys at a certain level are distributed to the corresponding class of nodes. The keys at higher levels can be used to derive the keys at lower levels, but not vice versa. The intention of the hierarchical network is to facilitate data collection, fusion and query propagation in hostile environments.

Localized Encryption and Authentication Protocol (LEAP) [28]. It supports the in-network processing. It restricts the security impact of a node compromise to the immediate network neighbourhood of the compromised node. It supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pair-wise key shared with another sensor node, a cluster key shared with multiple neighbouring nodes, and a group key that is shared by all the nodes in the network.

A Time-Based Deployment Model [14]. It would localize the impact of key compromise within the time intervals.

2.3.8 Combinatorial design-based key pre-distribution scheme [3] The scheme decides how many selected keys to assign to each

588

key-chain before the sensor network deployment. Here, it is interested in arranging elements of a finite set into subsets to satisfy certain properties.

2.3.9 EBS-Based Key Pre-Distribution Schemes [4] This scheme uses a combinatorial optimization methodology for key management of group communication setups. The EBS scheme exploits the trade-off between the number of administrative keys k and the number of rekeying messages m.

Scalable, Hierarchical, Efficient, Location-aware, and Light-weight (SHELL) Scheme [24]. SHELL supports rekeying, thus enhances network security and survivability against node capture. Key assignment has been tracked by cluster gateways not by the actual keys. SHELL is collusion-resistant. It uses post-deployment location information in key assignment.

LOcalized Combinatorial Keying (LOCK) Scheme [10]. LOCK performs localized rekeying to minimize overhead. The physical network model is a three-tier wireless sensor network with the base station (BS) at the top, followed by cluster leader nodes (CLs), then regular sensor nodes. In LOCK, no pre-deployment information is assumed about the expected locations of the nodes.

3. COMPARISON OF SYMMETRIC KEY MANAGEMENT SCHEMES A comparison of symmetric key management scheme has been made on the basis of the various parameters like resilience, key connectivity, memory consumption, computation overheads, etc. On the basis of the comparison of schemes, a table is constructed which shows the merits and demerits associated with the symmetric key management schemes.

Q-Composite Random Key Pre-distribution [4] and Polynomial Based Pair-wise Key Pre-Distribution [18] focused on resilience and compromised with key connectivity, whereas SPINS [21], Multipath Key Reinforcement [4], CARPY [25], and LEAP [28] also focused on resilience but compromised scalability, communication overhead, energy consumption, rekeying overhead respectively.

Closest Pair-wise Keys Pre-Distribution [17; 19], RPB [27], and ID-Based On-Way Function [16] focused on storage and communication overhead, energy consumption and resilience were not effectively dealt with. Further, Closest Polynomials Scheme [19], and Grid-Group Deployment [13] focused on storage and compromised with security. The key Pre-Distribution Using Post-deployment Knowledge [19], and Hypercube-Based Key Pre-Distribution Scheme [20] also focus on storage but makes the system more complex. LKHW [22] reduced storage but makes base station vulnerable to attacks.

BROSK [15] and Lightweight Key Management System [6] enhanced on storage and computation but compromised resilience. Random Subset Assignment Key Pre-Distribution Scheme [18, 20] were able to address the resilience and scalability communication but Multiple-Space Key Pre-distribution [8] focused on storage as well. Grid-Based Key Pre-Distribution [18] focused on communication, computation and network connectivity storage. Robust Group-Based Key Management [26] focused on network connectivity, memory and resilience but was unable to address the centre grid vulnerability. Random Key Pre-

Distribution [11], and Location-Based Pair-Wise Keys Scheme Using Bi-variate Polynomials [17] improved on network connectivity and compromised resilience, security

respectively, whereas the Random Pair-Wise Key [4] also focused on network connectivity but compromised scalability, resilience and additional overhead.

Random Key Pre-Distribution Scheme Using Node Deployment Knowledge [7] achieves good on storage, resilience and network connectivity but the system complexity is increased. Polynomial Pool-Based Pair-wise Key Pre-Distribution [18] is able to address the concerns on resilience, scalability, network connectivity, computation and communication but lacks on compromised storage and key connectivity.

4. OPEN RESEARCH CHALLENGES A lot of research has been done in the field of key management in wireless sensor networks, but still there are some open issues regarding design of key management techniques. Some of the open issues have been presented in this section which may benefit to researchers. Open issues include the following:

Most key management schemes are suitable for static WSNs.

Most key management schemes assume that the base station is trustworthy.

In symmetric key schemes, verification of sender’s identity is not possible due to the same key used in the network. So, it becomes difficult to identify the originality and authenticity of the message.

Need for secure channel for secure key exchange.

When a secret key for a new user is generated for communication, problem arises with managing and ensuring the security of the keys.

5. CONCLUSION Key management for wireless sensor networks is one of the main concerned areas in terms of providing security. The study of key management in wireless sensor networks still has abundant research opportunities in the future. As for now, key management systems are a trade-off of performance and security to low overhead in memory usage and message transmissions. Key management systems sole purpose is to supply secure communication in wireless sensor networks without producing much overhead. This paper classified symmetric key management schemes broad ly into three categories, these are: base-station participation scheme, trusted third node based scheme and pre-distribution schemes. An overview of various symmetric key management techniques proposed by different researchers has been taken into consideration. Also, we provide taxonomy of symmetric key management schemes for wireless sensor networks with their advantages and disadvantages. At the end, open research challenges discuss that there is still a need of better key management technique.

6. REFERENCES [1] Blom R. Theory and application of cryptographic

techniques. Eurocrypt 84 workshop on advances in cryptology. Springer, Berlin, 1984.

589

Table 1.Merits and Demerits of Symmetric Key Management Schemes

Scheme Merits Demerits

SPINS [21] - Good resilient to node capture - Possible to revoke key pairs

- Not scalable - Base station becomes the target of attacks

LKHW [22] - Minimal storage - Base station becomes the target of attacks

PIKE [5] - low communication overheads as compared to

random key pre-distribution scheme - key establishment is not probabilistic

- Intermediary node may be the target of attack

BROSK [15]

- minimal storage - less computations - no need to perform key discovery or key

exchange

- very low resilience - Single node causes the compromise of the entire

network through the shared key

Lightweight Key Management System [6]

- Low memory and computation cost - Low key setup overhead - Self-organizing

- Low resilience - Adversary may log the messages flowing in the

network to process later when the required credentials are compromised completely

Random Pair-Wise Key [4]

- node-to-node authentication - High network connectivity

- limited scalability - less resilient - additional overhead for each node to maintain and

store distinct pair-wise keys Random Key Pre-Distribution [11]

- good network connectivity - provides revocation, re-keying

- not resistant against node capture

Q-Composite Random Key Pre-distribution [4]

- improved resilience than random key pre-distribution scheme

- less probability of key sharing than random key pre-distribution scheme

Multipath Key Reinforcement [4]

- Better security than the random key pre-distribution or the Q-Composite scheme

- improved resilience

- creates communication overhead - depleted node battery life

Closest Pair-wise Keys Pre-Distribution [17; 19]

- knows sensors’ expected locations - compromise of sensor nodes does not lead to

the compromise of direct keys shared between non-compromised sensor nodes

- facilitate dynamic deployment of new sensors - reduced storage overhead

- additional overhead by requiring master sensors to remember the IDs of their revoked slaves

- sensors are not evenly distributed in the target field - communication overhead-to add a new sensor after

deploying the sensor network

Random Key Pre-Distribution Scheme

Using Node Deployment Knowledge [7]

- good storage complexity - good resilience - reduced overhead - good connectivity of the network graph

- complex

Key Pre-Distribution Using Post-deployment

Knowledge [19]

- improved pair-wise key pre-distribution in static sensor networks

- good security and reduced storage overhead

- complex; keep track of locations of nodes before and after deployment

Polynomial Based Pair-wise Key Pre-Distribution

[18]

- need to evaluate the polynomial at the ID of the other sensor node

- good resilience

- poor key connectivity - storage overhead - tolerate no more than t compromised nodes

Polynomial Pool-Based Pair-wise Key Pre-Distribution [18]

- good resilience and scalability - low communication and computation overhead - total connected graph

- poor key connectivity - Storage overhead

Random Subset Assignment Key Pre-

Distribution Scheme [18, 20]

- good resilience - good scalability

- less secure - if an adversary knows the distribution of polynomial

shares, specific nodes can be targeted for attack to compromise communications

Grid-Based Key Pre-Distribution [18]

- low communication and computation overhead - total connected graph

- storage overhead; as each node share the polynomial keys and the ID’s

Location-Based Pair-Wise Keys Scheme Using

Bivariate Polynomials [17]

- increase the direct connectivity ratio of neighboring nodes

- allow neighboring nodes to communicate with each other with higher probability

- anchor nodes are randomly dispersed in the environment causes denial of service attack

590

Closest Polynomials Scheme [19]

- compromise of sensors does not lead to the compromise of direct keys shared between non-compromised sensors

- tolerate a large fraction of compromised nodes - probability is independent from the total

number of polynomials in the pool

- cell side length is large

Hypercube-Based Key Pre Distribution Scheme [20]

- much more efficient than grid based key pre-distribution schemes

- more complex

Random Perturbation-Based (RPB) [27]

- highly secure - less computations - less storage requirement

- more energy consumption - less efficient

Grid-Group Deployment [13]

- uniformly deploys sensors in a large area rather than random key pre-distribution schemes

- less number of keys preinstalled

- based on assumption of random capture is too weak

Robust Group-Based Key Management [26]

- higher degree of connectivity - lower memory requirement - stronger resilience - scheme distributes secret information instead

of secret keys

- centre of a grid is a deployment point; target of attack

Multiple-Space Key Pre-distribution [8]

- requires much lower memory usage - scheme is scalable and flexible, and nodes do

not need to be deployed at the same time

- not optimal resilience

CARPY [25] - great resilience - first non-interactive key establishment scheme

- energy consumption is more

ID-Based On-Way Function [16]

- Multiple copies of single basic IOS would increase the network size

- not suitable for large size network - accommodate only O(k) sensor nodes for the node

storage of k keys - Multiple copies of single basic IOS would decrease

the resilience Deterministic Multiple

Space Blom’s [16] - l copies improves the resiliency against

multiple IOS - -

Localized encryption and authentication protocol

(LEAP) [28]

- The use of different keys to secure different types of communication channels in the WSN may increase the overall efficiency of the communications; it leads to a very low resistance degree.

- The entire network will suffer a severe loss if an initial key is exposed to an attacker during key setup.

- Hence, early key establishment must be completed quickly in order to strengthen the security of LEAP.

A Time-Based Deployment Model [14]

- uses probabilistic time intervals - localize the impact of KI disclosure within the

time intervals

- the assumption of security in the initial deployment phase is not viable in many cases since the initial deployment of dense networks may not take short as LEAP expected.

Combinatorial Design-Based Key Pre-Distribution [3]

- it increases the probability of a pair of sensor nodes to share a key

- decreases the key-path length while providing scalability with hybrid approaches

- hybrid design sacrifices key sharing probability

Exclusion-Based System (EBS) [9]

- Good network survivability - Good scalability - secure and efficient

- If small number of nodes in the network is compromised, information about the entire network could be uncovered

SHELL [24]

- If the gateway is compromised, the command node is notified.

- If sensor node is compromised, it is given that the gateway node can detect it.

- Nodes need to be in direct transmission range of each other to collude.

- structure and operation are highly complex, involving heterogeneous node operations and multiple (at least seven) types of keys.

LOCK [10]

- LOCK uses key polynomials to improve network resilience to collusion instead of location-based key assignment as in SHELL

- the capture of any node in LOCK (including cluster leaders) does not affect the normal operation of other clusters.

- Includes rekeying overhead

591

[2] Blundo, C., Santis, A., Herzberg, A., Kutten, S., Vaccaro, U. and Yung, M. Perfectly-Secure Key Distribution for Dynamic Conferences. In Proceedings of Crypto 92’, 1992.

[3] Camtepe S. and Yener, B. Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks IEEE/ACM Transactions on Networking, 15(2), 2007.

[4] Chan, H., Perrig, A. and Song, D. Random Key Pre-Distribution Schemes for Sensor Networks. IEEE Symposium on Research in Security and Privacy, 2003.

[5] Chan H, Perrig A. PIKE: Peer Intermediaries For Key Establishment in Sensor Networks. 24th annual joint conference of the IEEE Computer and Communications Societies (INFOCOM ’05), Miami, FL, USA, 2005.

[6] Dutertre, B., Cheung, S. and Levy, J. Lightweight Key Management in Wireless Sensor Networks by Leveraging Initial Trust. Tech. Rep. SRI-SDL-04-02, System Design Laboratory, 2004.

[7] Du, W., Deng, J., Han, Y., Chen, S. and Varshney, P. A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge. IEEE INFOCOM’04, 2004.

[8] Du, W., Deng, J., Han, Y. S., Varshney, P, Katz, J, and Khalili, A. A pairwise key pre-distribution scheme for wireless sensor networks. ACM Transactions on Information and System Security (TISSEC) 8(2): 228–58, 2005.

[9] Eltoweissy, M,. Heydari, H,. Morales, L,. and Sudborough, H. Combinatorial optimization of Group key management. . Journal of Network and System Management, 12(1), 2004.

[10] Eltoweissy, M,. Moharrum, M, and Mukkamala R. Dynamic key management in sensor networks. IEEE Communications Magazine, 122–30, 2006.

[11] Eschenauer, L and Gligor, V. D. A Key-Management Scheme for Distributed Sensor Networks. 9th ACM conference on Computer and Communications Security, 2002.

[12] Hu, J., Bai, E. and Yang, Y. A Novel Key Management Scheme for Hierarchical Wireless Sensor Networks. IEEE, 2010.

[13] Huang D, Mehta M, Medhi D, and Harn L. Location-aware key management scheme for wireless sensor networks. ACM workshop on security of ad hoc and sensor networks (SASN04). Washington, DC, USA, 2004.

[14] Jang, J., Kwon, T., and Song, J. A Time-Based Key Management Protocol for Wireless Sensor Networks. ISPEC 2007, LNCS 4464: 314–328, 2007.

[15] Lai, B., Kim, S. and Verbauwhede, I. Scalable Session Key Construction Protocol for Wireless Sensor Networks. IEEE Workshop on Large Scale Real Time and Embedded Systems LARTES, 2002.

[16] Lee J, and Stinson D.R. Deterministic key pre-distribution schemes for distributed sensor networks. ACM symposium on Applied Computing 2004, Lecture notes in computer science, 3357: 294–307,Waterloo, Canada, 2004.

[17] Liu, D. and Ning, P. Location-Based Pair-wise Key Establishment for Static Sensor Networks. 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, 2003a.

[18] Liu, D. and Ning. P. Establishing Pair-wise Keys in Distributed Sensor Networks. 10th ACM Conference on Computer and Communications Security CCS’03, 2003b.

[19] Liu D and Ning P. Improving key pre-distribution with deployment knowledge in static sensor networks. ACM Transactions on Sensor Networks, 1(2): 204–39, 2005a.

[20] Liu, D., Ning, P., Li, R. Establishing Pairwise Keys in Distributed Sensor Networks. ACM Transactions on Information and System Security, 8 (1): 41–77, 2005b.

[21] Perrig, A., Szewczyk, R., Wen, V., Culler, D., and Tygar, J. Spins: Security Protocols for Sensor Networks. ACM MOBICOM, 2001.

[22] Pietro, R., Mancini, L., Law, Y., Etalle, S, and Havinga, P. LKHW: a directed diffusion- based secure multicast scheme for wireless sensor networks. 1st International Workshop on Wireless Security and Privacy (WiSPr 03), 2003.

[23] Yang, S., Liu, J., Fan, C., Zhang , X., and Zou, J. A New Design of Security Wireless Sensor Network Using Efficient Key Management Scheme. Proceedings of IC-NIDC2010, IEEE, 2010.

[24] Younis, M. F., Ghumman, K., and Eltoweissy, M. Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Network. IEEE Transactions on Parallel and Distributed Systems, 17(8): 865-882, 2006.

[25] Yu, C., Lu, C., and Kuo, S. A Simple Non-Interactive Pairwise Key Establishment Scheme in Sensor Networks. IEEE SECON-09, 2009.

[26] Yu Z, Guan Y. A robust group-based key management scheme for wireless sensor networks. IEEE Wireless Communications and Networking Conference (WCNC 2005), New Orleans, LA USA, 2005.

[27] Zhang, W., Tran, M., Zhu, S., and Cao, G. A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks. MobiHoc’07, Montréal, Québec, Canada, 2007.

[28] Zhu, S., Setia, S., and Jajodia, S. Leap: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks. 10th ACM Conference on Computer and Communications Security (CCS ’03), 2003.

592