Pairwise key establishment is a fundamental security service in sensor networks; it enables sensor nodes to communicate securely with each other using cryptographic techniques. However, due to the resource constraints on sensors, it is infeasible to use traditional key management techniques such as public key cryptography and key distribution center (KDC). To facilitate the study of novel pairwise key predistribution techniques, this paper presents a general framework for establishing pairwise keys between sensors on the basis of a polynomial-based key predistribution protocol [2]. This paper then presents two efficient instantiations of the general framework: a random subset assignment key predistribution scheme and a grid-based key predistribution scheme. The analysis in this paper indicates that these two schemes have a number of nice properties, including high probability (or guarantee) to establish pairwise keys, tolerance of node captures, and low communication overhead. Finally, this paper presents a technique to reduce the computation at sensors required by these schemes.

this paper, we provide a framework in which to study the security of key pre-distribution schemes, propose a new key pre-distribution scheme which substantially improves the resilience of the network compared to previous schemes, and give an in-depth analysis of our scheme in terms of network resilience and associated overhead. Our scheme exhibits a nice threshold property: when the number of compromised nodes is less than the threshold, the probability that communications between any additional nodes are compromised is close to zero. This desirable property lowers the initial payoff of smaller-scale network breaches to an adversary, and makes it necessary for the adversary to attack a large fraction of the network before it can achieve any significant gain

Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a group key that is shared by all the nodes in the network. The protocol used for establishing and updating these keys

this paper is to evaluate the key distribution solutions. Depending on application types, it is possible to discuss: (i) network architectures such as distributed or hierarchical, (ii) communication styles such as pair-wise (unicast), group-wise (multicast) or network-wise (broadcast), (iii) security requirements such as authentication, confidentiality or integrity, and (iv) keying requirements such as pre-distributed or dynamically generated pair-wise, group-wise or network-wise keys. In this paper, we provide a comparative survey, and taxonomy of solutions. It may not be always possible to give strict quantitative comparisons; however, there are certain metrics, as described in the next section, that can be used to evaluate the solutions. The structure of the paper is as follows: in Section 2 common terms and definitions are given, in Section 3 network models are defined, in Section 4 security vulnerabilities and requirements are discussed, in Sections 5 and 6 key distribution solutions are evaluated, and finally in Section 7 we provide summary and discussions

Sensor networks are composed of a large number of low power sensor devices. For secure communication among sensors, secret keys must be established between them. Recently, several pairwise key schemes have been proposed for large distributed sensor networks. These schemes randomly select a set of keys from a key pool and install the keys in the memory of each sensor. After deployment, the sensors can set up keys by using the preinstalled keys. Due to lack of tamper-resistant hardware, the sensor networks are vulnerable to node capture attacks. The information gained from captured nodes can be used to compromise communication among uncompromised sensors. Du et al. [1], Liu and Ning [2] proposed to use the known deployment information to reduce the memory requirements and mitigate the consequences of node capture attack. Our analysis shows that the assumption of random capture of sensors is too weak. An intelligent attacker can selectively capture sensors to get more information with less efforts. In addition to selective node capture attack, all recent proposals are vulnerable to node fabrication attack, in which an attacker can fabricate new sensors by manipulating the compromised secret keys and then deploy the fabricated sensors into the sensor system. To counter these attacks, we propose a grid-group scheme which uses known deployment information. Unlike the pairwise key scheme using deployment information proposed by Du et al., we uniformly deploy sensors in a large area; instead of randomly distributing keys from a large key pool to each sensor, we systematically distribute secret keys to each sensor from a structured key pool. Our performance analysis shows that our scheme requires less number of keys preinstalled for each sensor and is resilient to selective node capture attack and node fabrication attack.

Abstract—Routing in wireless sensor networks is different from that in commonsense mobile ad-hoc networks. It mainly needs to support reverse multicast traffic to one particular destination in a multihop manner. For such a communication pattern, end-to-end encryption is a challenging problem. To save the overall energy resources of the network, sensed data needs to be consolidated and aggregated on its way to the final destination. We present an approach that 1) conceals sensed data end-to-end by 2) still providing efficient and flexible in-network data aggregation. The aggregating intermediate nodes are not required to operate on the sensed plaintext data. We apply a particular class of encryption transformations and discuss techniques for computing the aggregation functions “average ” and “movement detection. ” We show that the approach is feasible for the class of “going down ” routing protocols. We consider the risk of corrupted sensor nodes by proposing a key predistribution algorithm that limits an attacker’s gain and show how key predistribution and a key-ID sensitive “going down ” routing protocol help increase the robustness and reliability of the connected backbone. Index Terms—Wireless sensor networks, data encryption, data aggregation, robustness and reliability, privacy homomorphism, key predistribution. 1

will sooner or later be widely used in wireless sensor networks. Recently, it has been shown that the performance of some publickey algorithms, such as Elliptic Curve Cryptography (ECC), is already close to being practical on sensor nodes. However, the energy consumption of PKC is still expensive, especially compared to symmetric-key algorithms. To maximize the lifetime of batteries, we should minimize the use of PKC whenever possible in sensor networks. This paper investigates how to replace one of the important PKC operations–the public key authentication–with symmetric key operations that are much more efficient. Public key authentication is to verify the authenticity of another party’s public key to make sure that the public key is really owned by the person it is claimed to belong to. In PKC, this operation involves an expensive signature verification on a certificate. We propose an efficient alternative that uses one-way hash function only. Our scheme uses all sensor’s public keys to construct a forest of Merkle trees of different heights. By optimally selecting the height of each tree, we can minimize the computation and communication costs. The performance of our scheme is evaluated in the paper.

Many key pre-distribution techniques have been developed recently to establish pairwise keys for wireless sensor networks. To further improve these schemes, researchers have proposed to take advantage of sensors ’ expected locations to help pre-distributing keying materials. However, it is usually very difficult, and sometimes impossible, to guarantee the knowledge of sensors ’ expected locations. In order to remove the dependency on expected locations, this paper proposes a practical deployment model, where sensor nodes are deployed in groups, and the nodes in the same group are close to each other after the deployment. Based on this model, the paper develops a novel group-based key pre-distribution framework, which can be combined with any of existing key predistribution techniques. A distinguishing property of this framework is that it does not require the knowledge of sensors ’ expected locations and greatly simplifies the deployment of sensor networks. The analysis also shows that the framework can substantially improve the security as well as the performance of existing key predistribution techniques.

Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. μTESLA and multi-level μTESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders. Though multi-level μTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes, or require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using μTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders. The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical, and can achieve better performance than the previous approaches. 1.

Establishing pairwise keys for each pair of neighboring sensors is the first concern in securing communication in sensor networks. This task is challenging because resources are limited. Several random key predistribution schemes have been proposed, but they are appropriate only when sensors are uniformly distributed with high density. These schemes also suffer from a dramatic degradation of security when the number of compromised sensors exceeds a threshold. In this paper, we present a group-based key predistribution scheme, GKE, which enables any pair of neighboring sensors to establish a unique pairwise key, regardless of sensor density or distribution. Since pairwise keys are unique, security in GKE degrades gracefully as the number of compromised nodes increases. In addition, GKE is very efficient since it requires only localized communication to establish pairwise keys, thus significantly reducing the communication overhead. Our security analysis and performance evaluation illustrate the superiority of GKE in terms of resilience, connectivity, communication overhead and memory requirement. Categories and Subject Descriptors C.2 [Computer-Communication Networks]: secuirty and protection;