ABSTRACT
Because sensor nodes carry out their duties in a hazardous or hostile environment, it is indispensable to deliver data from sensors securely for the wide deployment of sensor networks. To provide the security services in sensor networks, a suitable key management scheme is required [2-5]. Generally, the key management service is provided by a centralized server or by virtue of the help of such a server. For instance, the Base Station (BS) has a key pool of many keys, and distributes a predetermined number of keys to each sensor before the deployment of the duty field. Each sensor establishes communication keys with other sensors using those predistributed keys, after the deployment. Recently, cluster architecture that transforms a network into small groups of nodes has been employed for wireless sensor networks. Under the cluster architecture, sensors belonging to a cluster are served and controlled by a local server, so-called Cluster Head (CH). Also, the responsibility of distributing and managing keys is delegated from the BS to each CH. As a result, the burden laid on the centralized server (that is, the BS) is distributed, and the efficiency of total key management is improved. However, in the cluster architecture, the compromise of CHs is more threatening than that of member sensors. This is because CHs collect data from member sensors and send the collected data to the BS. Therefore, if an attacker compromises a CH, it can obtain all data from the CH’s members and even fabricate all data from the members. Furthermore, an attacker can easily identify the CH role nodes and aim at compromising the CH role nodes. If all CHs are compromised by attackers, the attackers can control the network. Assume that a number of sensors are deployed in a mountain to detect a fire. In the network, compromised sensors intentionally send the forged information, indicating that there is no fire to the BS under the occurrence of fire. If all CHs are compromised, the whole network is controlled by attackers and the occurrence of fire is never known to the fire-monitoring center. In this case, the sensor network does not function at all and the mountain will be burnt to ashes. Therefore, in the cluster architecture, it is very important to change the CH role nodes periodically.
