Non-Interactive Hierarchical Pairwise Key Predistribution Scheme with Multi-Level Key Establishment

Networking environments with connectivity, bandwidth and computational constraints such as critical infrastructure networks or MANETs benefit from non-interactive key predistribution capabilities. In these networks, nodes can compute shared keys using public identities without the need for interactions once basic key materials are distributed to them. Motivated by the electric power grid, in this paper we propose a novel key predistribution solution for hierarchical networks, namely, Non-interactive Hierarchical pairwise Key Predistribution (NHKP) that supports (1) hierarchical key predistribution and (2) non-interactive multi-level key establishment. In NHKP each node of the hierarchy gets its key materials from its parent node directly and any pair of nodes, even at different levels, can establish a shared key without interactions. To the best of our knowledge, this is the first scheme to date that supports direct multi-level key establishment. NHKP is constructed using multivariate symmetric polynomials and specially designed multivariate perturbation polynomials (PPs). It achieves perfect resistance to collusion attacks at the lowest Q levels (Q is a tunable parameter) and partial resistance at the upper levels. Our scheme provides a partial answer to an open question posed by Gennaro et al. [1] who developed a hierarchical key predistribution scheme with such resistance only at the leaf level. Furthermore, NHKP is efficient in terms of computation and storage overheads. Our prototype implementation shows that NHKP is practical. Note that although our scheme uses a similar idea of PP, which was originally proposed in [2] and recently broken in [15], our construction for PPs is in nature different from previous constructions. We use multiple variables in PPs (instead of a single variable as in [2]) to introduce more randomness and each PP is constructed on the fly using random Langrange interpolation. Consequently, the space of PPs in our scheme has T dimensions, where T is a large parameter, rather than two dimensions as used in [2]. These make it very hard for the adversary to break any of PPs or the master polynomial. This paper only provides a security analysis of our scheme, and a formal security proof is the focus of our future research.