Key Management for Wireless Sensor Networks in Hostile Environments

Contents 7.1 Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 7.2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 7.3 The Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 7.4 Fundamental Design Principles of SECK . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 7.5 The Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 7.6 The Complete Specification of SECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

7.6.1 Required Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 7.6.2 Location Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 7.6.3 Establishment of Administrative Keys . . . . . . . . . . . . . . . . . . . . . . . 158 7.6.4 Administrative Key Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 7.6.5 Reactive Reclustering after AFN Capture . . . . . . . . . . . . . . . . . . . . 160 7.6.6 MSN Addition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

7.7 Robustness of SECK against Node Capture . . . . . . . . . . . . . . . . . . . . . . . . 162 7.7.1 Robustness of a Clustered Architecture . . . . . . . . . . . . . . . . . . . . . 162 7.7.2 Robustness against MSN Node Capture . . . . . . . . . . . . . . . . . . . . . 163

7.7.3 Evaluation of the Administrative Key Recovery Procedure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

7.8 Evaluation of Communication and Storage Overhead . . . . . . . . . . . . . 166 7.8.1 Energy Dissipation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 7.8.2 Storage Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 7.8.3 Comparison of Communication Overhead. . . . . . . . . . . . . . . . . . 168

7.8.3.1 Key Establishment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 7.8.3.2 Updating Session Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

7.9 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 7.10 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

7.1 Abstract Large-scale wireless sensor networks (WSNs) are highly vulnerable to attacks because they consist of numerous miniaturized resource-constraint devices, interact closely with the physical environment, and communicate via wireless links. These vulnerabilities are exacerbated when WSNs have to operate unattended in a hostile environment, such as battlefields. In such an environment, an adversary poses a physical threat to all the sensor nodes; that is, an adversary may capture any node compromising critical security data, including keys used for confidentiality and authentication. Consequently, it is necessary to provide key management services to WSNs in such environments that, in addition to being efficient, are highly robust against attacks. In this chapter, we illustrate a key management design for such networks by describing a self-organizing key management scheme for large-scale WSNs, called Survivable and Efficient Clustered Keying (SECK). SECK is designed for managing keys in a hierarchical WSN consisting of low-end sensor nodes clustered around more capable gateway nodes. Using cluster-based administrative keys, SECK localizes the impact of attacks and considerably improves the efficiency of maintaining fresh session keys.

7.2 Introduction Key management is crucial to the secure operation of wireless sensor networks (WSNs). A large number of keys must be managed in order to encrypt and authenticate all sensitive data. The objective of key management is to dynamically establish and maintain secure channels among communicating parties. Typically, key management solutions use administrative keys (a.k.a. key encryption keys) to securely and efficiently (re-)distribute and, at times, generate the secure channel session keys (a.k.a. data encryption keys) to the communicating parties. Session keys may be pair-wise keys used to secure a communication channel between two nodes that are in direct or indirect communication [3,4,19,21], or they may be group keys [17,18,31,32]

shared by multiple nodes. Network keys (both administrative and session keys) may need to be changed (re-keyed) to maintain secrecy and resiliency to attacks, failures, or network topology changes. Key management entails the basic functions of generation, assignment, and distribution of network keys. It is to be noted that re-keying is comprised essentially of these basic functions.