On Secure Key Management in Mobile Ad Hoc Networks

It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Backed up by the surprisingly large successful attack probabilities computed in this paper, we show that the probabilistic approaches have only limited performance advantages over deterministic approaches. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [1], where any node capture happens after the establishment of all pairwise links, and show that the deterministic approach can achieve a performance as good as the probabilistic one. Whereas in a mobile network, the probabilistic key management as described in [1] can lead to a successful attack probability (SAP) of one order of magnitude larger than the one in a static network due to node fabrication attacks. Finally, we propose two low-cost secure-architecture-based techniques to improve the security against such attacks. Our new architectures, specifically targeted at the sensornode platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can significantly decrease the SAP and increase the security level of key management for mobile ad hoc networks.

[1]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[2]  Hideki Imai,et al.  On the Key Predistribution System: A Practical Solution to the Key Distribution Problem , 1987, CRYPTO.

[3]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[4]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[5]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[6]  Gaurav S. Sukhatme,et al.  Mobile Sensor Network Deployment using Potential Fields : A Distributed , Scalable Solution to the Area Coverage Problem , 2002 .

[7]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[9]  Donggang Liu,et al.  Location-based pairwise key establishments for static sensor networks , 2003, SASN '03.

[10]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[11]  Roberto Di Pietro,et al.  Random key-assignment for secure Wireless Sensor Networks , 2003, SASN '03.

[12]  Douglas R. Stinson,et al.  Deterministic Key Predistribution Schemes for Distributed Sensor Networks , 2004, Selected Areas in Cryptography.

[13]  Sushil Jajodia,et al.  An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[14]  Yongdae Kim,et al.  Revisiting random key pre-distribution schemes for wireless sensor networks , 2004, SASN '04.

[15]  Bülent Yener,et al.  Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks , 2004, ESORICS.

[16]  C. Siva Ram Murthy,et al.  Ad Hoc Wireless Networks: Architectures and Protocols , 2004 .

[17]  Yunghsiang Sam Han,et al.  A key management scheme for wireless sensor networks using deployment knowledge , 2004, IEEE INFOCOM 2004.

[18]  Bart Preneel,et al.  The wandering nodes: key management for low-power mobile ad hoc networks , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[19]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[20]  Bülent Yener,et al.  Key distribution mechanisms for wireless sensor networks : a survey , 2005 .

[21]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[22]  Sushil Jajodia,et al.  LEAP+: Efficient security mechanisms for large-scale distributed sensor networks , 2006, TOSN.

[23]  Ruby B. Lee,et al.  Hardware-rooted trust for secure key management and transient trust , 2007, CCS '07.