State-Based Random Key Pre-Distribution Scheme for Wireless Sensor Networks*

In wireless sensor networks (WSNs), for secure communications, the random key pre-distribution arises as the practical solution for sharing common keys between sensor nodes. Since sensor networks suffer from the resource constraints, we should consider the small computation, small number of keys, etc. while supporting the same security level, i.e., high resilience against node capture. In this paper, we propose a new random key pre-distribution scheme that utilizes new pre-deployment knowledge, state of sensors, to avoid unnecessary key assignments while supporting higher connectivity and resilience against node capture. The analysis of this paper shows that the outstanding performance of our proposed scheme with respect to the connectivity, memory usage, and resilience against node capture. previous schemes in section IV. Finally, we conclude our paper in section V. II. Modeling State of Sensors 1. Classification of State We consider two major operational states: active and sleep. We define that sensors in sleep state consume the lowest amount of the node power; while being asleep, a node cannot interact with the external world. On the other hand, the sensors in active-state can interact with the external world with higher node power consumption. 2. Active-State Group Modeling The state of sensor depends on the scheduler implemented in sensors, events that sensors may receive, MAC protocol and other variable factors. The probability of active-state is determined by the sleep scheduling algorithm, job scheduler, and randomness of other variable factors. Since all possibilities related to the sensors' state are probabilistic and random, the probability of active-state for all sensors may have the different pdfs(probability density function). However, in our proposed scheme, keys are pre-distributed to each group classified by the probability of active-state at each time-interval. Therefore, all sensors in each group can be assumed to have same pdfs. In this paper, we assume such a group-based key pre-distribution, and we model each group follows Gaussian distribution. We also assume that each group has different time point when the probability is maximized. Based on these assumptions, we define that Active-State Group is the group of sensors which are highly probable in the active-state at the same time-interval. If a sensor  in  is the most probable in active-state at time  , the pdf of node  in group  is as follow:   ∈         (1) where      . Without loss of generality, we assume that the pdf for each group is identical except the value of , so we use ∈ instead of  ∈ throughout this paper. depicts the pdf of each group. We can find out that if one group has the highest probability of active-state at one time-interval, it also has the moderately high probability at nearby time-interval. Therefore, two neighbor groups are probable to be in active-state at the same time-interval with the moderate probability. Probability Distribution of Active-State Group III. The Proposed Scheme 1. Assumptions and Security Threats To use the state as the pre-deployment knowledge, we define the following assumptions: Whole lifetime of WSN can be divided into many small time-intervals and each of them repeats periodically. There is no time-interval when all sensors are in sleep state. WSN is vulnerable to several security threats. We consider two major security threats; node capture and eavesdropping. First, adversary can monitor communications between sensors due to the characteristic of the radio broadcast signal. Second, adversary can capture nodes and analyze all information embedded in each sensor. 2. Design Requirements To address the security threats and the problems of existing key pre-distribution schemes, we propose our scheme which satisfies following requirements: Small number of keys: To address the limited memory constraint, small number of keys should be promised while supporting the same or higher level of security. Higher connectivity: With smaller number of keys, the probability that two sensors share at least one common session key at given time-interval should be higher. Resilience against node capture: Sensors are easily captured by adversaries. Once captured, they are analyzed and may reveal secret information to the adversaries. The proposed scheme should be resilient against node capture. 3. Notations and Terminologies We utilize following notations and terminologies for convenience of description. Global Key Pool: A global key pool  is a pool of random symmetric keys, from which a group key pool is generated. (Cardinality= ) Group Key Pool: A group key pool (=1,2, 3, ) is a subset of global key pool, ... . (Cardinality= ) Time-Interval: A time-interval, , is a part of lifetime of WSN.  is divided into the small time-intervals, (=1,2,3, ). ... Group: A group, (=1,2,3, ) is a set of ... sensors estimated to be in active-state at specific time-interval,  with high probability. Key Ring: A key ring ,(,=1,2,3, ) is a ... subset of group key pool, which is independently assigned to each sensor  classified as the . (Cardinality=) Key-Sharing Graph: Let  represent all sensors. A Key-Sharing Graph  is constructed in the following manner: For any two sensor nodes  and  in , there exists an edge between them if and only if (1) nodes  and  have at least one common key, and (2) nodes  and  can reach each other within the wireless transmission range, i.e., in a single hop. 4. Key Pre-Distribution Scheme Using state of sensors modeled in the previous section, terms and notations, and assumptions, we propose a new random key pre-distribution scheme that satisfies all requirements listed in the previous section. Our proposed scheme consists of three phases: key pre-distribution phase, shared-key discovery, and path-key establishment. 1) Key Pre-Distribution Phase This phase is performed off-line and before deployment. Key setup server estimates the probability of active-state at all time-intervals for each sensor using the information about all sensors like MAC protocol, sleep scheduler, job scheduler, and so on. Based on the estimation, it classifies all sensors into groups so that sensors more probable in active-state at the same time can share common session keys. We assume that  different groups are found while estimation. After grouping of all sensors, key setup server generates a large global key pool  , and divides it into  group key pools  (for  =1,2,3, , ...  ), for group . Two group key pools are neighbors if their corresponding time-intervals are previous or next. The purpose of setting up the group key pool  is to allow the neighbor groups to share more keys. We will describe the detail group key pool setup step later. After completion of group key pool setup, for each sensor in the active-state group , randomly selected  keys from its corresponding group key pool  and their indices are loaded into the memory of each sensor. Because key assignments for sensors are determined by the probability of active-state, in some cases sensors may be in active-state even though they are not assumed to be. Therefore, all sensor should share keys with the other groups to communicate with others. Since we assume that the probability of active-state follows the Gaussian distribution, sensors are moderately probable to be in active-state at the previous and next time-interval. Therefore, each sensor should carry some portion of the group key pools from the previous and next time-interval. 2) Shared-Key Discovery Phase After deployment, the state of each sensor is switching depending on the scheduler, events, and other variable factors at each time-interval. For secure communication with active-state node at given time-interval, each active node broadcasts a message containing the indices of the keys it carries. Each active node can use these broadcast messages to find out if there exists a common key it shares with the broadcasting node. If such a key exists, the active node uses this key to secure its communication channel with the broadcasting node. For disclosing the indices of keys each sensor carries, the challenge-response technique can be utilized to avoid sending the indices [2], that is for every key  on a key ring, each sensor can broadcast a list  ( =1, , ... ), where  is a challenge. By decrypting the  with the proper key, a recipient can reveal the challenge  and establish a shared key with the broadcasting sensor. After above step, entire sensor network forms a key-sharing graph  . 3) Path-Key Establishment Phase It is possible that two active sensors do not share a pre-distributed key. They should perform path-key establishment phase. Suppose that  wants to share a session key with  , who do not share a common key each other. The idea is to use the secure channels that have already been established in the key-sharing graph : as long as the graph is connected, two active nodes  and  can always find a path in  from  to  . Two sensors need to find an intermediate active-state sensor node that shares common keys with both of them to help establish a session key. Either of these two sensors may broadcast a request message with their own IDs. We assume that  sends this request. Suppose sensor  receives this request, and  shares a common key  with  , and a common key  with  . Sensor  then generates a random session key  and sends a message back to  , which contains    and   . These are the session key  encrypted with  and , respectively. Upon receiving this reply message, node  can have the session key by decrypting   , and inform sensor  by forwarding    to . 4) Setting up Group Key Pools We will show how to assign keys to each group key pool , for =1,2,3, , ...  , such that group key pools corresponding to nearby time-intervals have a certain number of common keys. We assume that  determines the certain number of common keys between two nearby time-interval groups. In our scheme, one group key pool shares exactly  with nearby time-interval group key pool(0≤a<1). We call  an overlapping factor. To achieve this property, we divide the keys in each group key pool into two partitions like illustrated in . Keys in each partition are those keys that are shared between corresponding nearby time-interval group key pools. In , the left partition of  consists of   keys shared between  and . Shared keys between nearby group key pools Given the global key pool  and overlapping factor , we now describe how to select keys for each group key pool . First, keys for the first group key pool  are selected from ; then remove   keys from  . For each group key pool  (=2,...,), select   keys from group key pool   ; then select  keys from the global key pool , and remove the selected  keys from  . After group  selects  keys from its nearby time-interval group , no other group can select any one of the  keys. That is, these   keys are only shared between  and . With above strategies, we can generate group key pool for each group. Then, now we calculate the number of keys in each group key pool. Since keys selected from the other groups are all distinct, the sum of all the number of keys should be equal to the . Therefore, we have the following equation:    where  is the number of groups and  is the overlapping factor. IV. Performance Analysis In this section, we analyze our proposed scheme in detail. We present the probability that two sensors share a common key, and analyze our proposed scheme.