Probabilistic Analysis of Covering and Compromise in Node Capture Attacks

In this technical report, we analyze wireless sensor networks (WSN) under node capture and cloning attacks. Assuming that WSNs use symmetric keys, with key assignment based on a random key predistribution scheme, we provide extensive probabilistic analysis of WSNs under the attack. We define and characterize the following parameters: the number of nodes an adversary needs to capture in order to disrupt WSN’s functionality M , the number of compromised links α due to the fact that an adversary has captured one node, the number of unit refreshment actions after one compromised node is revoked β, the number of valid nodes with all the keys compromised γ and the number of cloned nodes deployed in the network δ. I. PRELIMINARIES In this section, we state the assumptions about the physical WSN system to be analyzed and an adversary performing an attack. A summary of notation used is provided in Table I. A. Network Model Consider a WSN containing a set of N sensor nodes, randomly deployed with a density ρ over an area A. We assume WSNs use encrypted communication, with key assignment based on a random key predistribution scheme. Each node is randomly assigned a set of K different keys from a key pool P keys [1]. Two nodes are able to securely communicate if they are within each other’s radio range and if they share at least one common key. Let N denote a set of N deployed nodes and Kt a set of symmetric cryptographic keys used for secure communication in a WSN at time t. A WSN can be represented as a random graph G(N ,Kt), with a set of vertices N and a set of edges Kt. A pair of nodes ni, nj ∈ N within each other’s radio range is able to securely communicate if and only if they share at least one common key, i.e., Kt,ni ∩ Kt,nj 6= ∅. Let C denote a set of captured nodes. If there exist a node ck ∈ C, a set of keys Kt,ck held by node ck is considered to be compromised. Due to the fact that keys are being reused in this predistribution scheme, secure links between any two nodes ni, nj ∈ N using a key ki ∈ Kt,ck are considered to be exposed to an adversary and hence insecure. B. Adversarial Model We consider one active adversary who is assumed to have limited resources and mobility. An adversary is able to actively listen on all of the exposed links throughout the WSN, capture sensor nodes and access all the information stored within them, such as cryptographic keys and measured data. Additionally, an adversary is capable of functionally cloning a captured node and deploying it in a WSN. TABLE I A SUMMARY OF NOTATION USED Symbol Definition ρ Deployment density A Area of deployment Aused Area occupied by valid sensor nodes N Set of sensor nodes deployed in the network R Radio range of one sensor node N Number of nodes in the network P Size of key pool Kt Set of symmetric cryptographic keys at time t K Number of distinct keys assigned to each node Kt,ni Set of keys held by the valid node ni at time t Kt,ni∩nj Keys nodes ni and nj have in common at time t C Set of compromised nodes KtC Set of keys held by compromised nodes at time t Kt,ck Set of keys held by the compromised node ck at time t M Number of nodes needed to be captured in order to compromise all the links in a WSN λi Number of nodes sharing the key ki αmax Maximum number of compromised links due to existence of a captured node ck αavg Average number of compromised links due to existence of a captured node ck β Number of unit refreshment actions after the revocation of one compromised key ck ∈ C γ Number of valid nodes with all the keys compromised δi Maximum number of replicas of one captured node ci ∈ C that can be deployed in a WSN using RM detection algorithm δ Maximum number of cloned nodes deployed in a WSN An adversary’s goal is to gain control of a WSN. He achieves that goal by capturing enough nodes to be able to actively listen on all the links used in a WSN or by gathering all the distinct keys assigned to nodes in a WSN. II. ANALYSIS In this section we provide the analysis and characterization of parameters M , α, β, γ and δ. A. Derivation of Parameter M We start by defining the parameter M , the number of nodes an adversary should capture in order to disrupt network connectivity. In a WSN using a random key predistribution scheme [1], each node ni ∈ N is assigned a set of K keys. To be able to securely communicate, two nodes ni and nj ∈ N should be