Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 1 Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment Roerto Di Pietro, Luigi V. Mncini, nd Alessndro Mei Deprtment of Computer Science University of Rome L Spienz, Itly
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 2 Wireless Sensor Networks Lrge numer of low-end processor sensors;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 2 Wireless Sensor Networks Lrge numer of low-end processor sensors; sensors do not rely on ny infrstructure; wireless communictions; no se sttions;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 2 Wireless Sensor Networks Lrge numer of low-end processor sensors; sensors do not rely on ny infrstructure; wireless communictions; no se sttions; sensors re ttery equipped; energy is n issue; no symmetric cryptogrphy;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 2 Wireless Sensor Networks Lrge numer of low-end processor sensors; sensors do not rely on ny infrstructure; wireless communictions; no se sttions; sensors re ttery equipped; energy is n issue; no symmetric cryptogrphy; sensors re not tmper resistnt.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 2 Wireless Sensor Networks Lrge numer of low-end processor sensors; sensors do not rely on ny infrstructure; wireless communictions; no se sttions; sensors re ttery equipped; energy is n issue; no symmetric cryptogrphy; sensors re not tmper resistnt. Gol: ny pir of sensors should e le to gree on privte key. Compromise of few sensors should not compromise the whole network.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 3 Eschenuer nd Gligor s Seminl Work First, uild lrge pool P of p rndom keys. P
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 3 Eschenuer nd Gligor s Seminl Work First, uild lrge pool P of p rndom keys. Key Pre-Deployment For ech sensor s, rndomly select m keys from the pool nd ssign them to the sensor s; P
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 3 Eschenuer nd Gligor s Seminl Work First, uild lrge pool P of p rndom keys. Key Pre-Deployment For ech sensor s, rndomly select m keys from the pool nd ssign them to the sensor s; P Key Discovery Two sensors discover common keys nd gree on suset of them to secure the chnnel.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 4 Follow-ups Multi-pth key enforcement: Chn, Perrig, nd Song (S&P 2003); key shring + Blom s scheme: Du, Deng, Hn, nd Vrshney (CCS 2003); key shring + Blundo s scheme: Liu nd Ning (CCS 2003); loction sed predistriution of keys: Liu nd Ning (SASN 2003); coopertive protocol: Di Pietro, Mncini, nd Mei (SASN 2003); pseudo-rndom predistriution of keys: Zhu, Xu, Seti, nd Jjodi (ICNP 2003).
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 5 The Olivious nd the Smrt Attcker The olivious ttcker: the next sensor to e tmpered with is chosen rndomly;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 5 The Olivious nd the Smrt Attcker The olivious ttcker: the next sensor to e tmpered with is chosen rndomly; Defn 1. Assume tht the ttcker s gol is to collect suset T of the keys in the pool. The ttcker hs lredy compromised numer of sensors, nd hs collected ll their keys in set W. For every sensor s in the WSN, the key informtion gin G(s) is rndom vrile equl to the numer of keys in the key ring of s which re in T nd re not in W.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 5 The Olivious nd the Smrt Attcker The olivious ttcker: the next sensor to e tmpered with is chosen rndomly; Defn 1. Assume tht the ttcker s gol is to collect suset T of the keys in the pool. The ttcker hs lredy compromised numer of sensors, nd hs collected ll their keys in set W. For every sensor s in the WSN, the key informtion gin G(s) is rndom vrile equl to the numer of keys in the key ring of s which re in T nd re not in W. the smrt ttcker: the next sensor to e tmper with is sensor s, where s mximizes E[G(s) I(s)], the expecttion of the key informtion gin G(s) given informtion I(s) tht the ttcker knows on sensor s key ring.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction lue! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction red! lue! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction green! red! lue! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! yellow! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! cyn! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! cyn! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! cyn! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys; Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! cyn! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys; Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor; Energy: k messges hve to e sent nd received.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 6 Index Notifiction ornge! green! red! lue! cyn! red! pink! yellow! Ech sensor rodcsts the indexes (colors) of its keys; Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor; Energy: k messges hve to e sent nd received. Authentiction: Sensor is not sure of the identity of.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys; Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys);
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys; Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys); Energy: k messges hve to e sent nd received.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 7 Chllenge Response Ech sensor rodcsts chllenge encrypted with ech of its keys; Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys); Energy: k messges hve to e sent nd received. Authentiction: Sensor is not sure of the identity of.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 8 Pseudo-Rndom Assignment of Keys Keys to e ssigned re selected using pseudo-rndom numer genertor, strting from pulicly known seed dependent on the sensor s id.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 8 Pseudo-Rndom Assignment of Keys Keys to e ssigned re selected using pseudo-rndom numer genertor, strting from pulicly known seed dependent on the sensor s id.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 8 Pseudo-Rndom Assignment of Keys Keys to e ssigned re selected using pseudo-rndom numer genertor, strting from pulicly known seed dependent on the sensor s id. Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 8 Pseudo-Rndom Assignment of Keys Keys to e ssigned re selected using pseudo-rndom numer genertor, strting from pulicly known seed dependent on the sensor s id. Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor; Energy: 0 messges hve to e sent nd received.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 8 Pseudo-Rndom Assignment of Keys Keys to e ssigned re selected using pseudo-rndom numer genertor, strting from pulicly known seed dependent on the sensor s id. Informtion lek: Also the possile ttcker cn know the colors of the keys in ech sensor; Energy: 0 messges hve to e sent nd received. Authentiction: Sensor is proilisticlly sure of the identity of.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 9 Pseudo-Rndom Functions Defn 2. A pseudo-rndom function is n efficient (deterministic) lgorithm which given n h-it seed, y, nd n h-it rgument, x, returns n h-it string, denoted f y (x), so tht it is infesile to distinguish the responses of f y, for uniformly chosen y, from the responses of truly rndom function.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 9 Pseudo-Rndom Functions Defn 2. A pseudo-rndom function is n efficient (deterministic) lgorithm which given n h-it seed, y, nd n h-it rgument, x, returns n h-it string, denoted f y (x), so tht it is infesile to distinguish the responses of f y, for uniformly chosen y, from the responses of truly rndom function. We ssume we hve ccess to pseudo-rndom function f y, where y is uniformly chosen;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 9 Pseudo-Rndom Functions Defn 2. A pseudo-rndom function is n efficient (deterministic) lgorithm which given n h-it seed, y, nd n h-it rgument, x, returns n h-it string, denoted f y (x), so tht it is infesile to distinguish the responses of f y, for uniformly chosen y, from the responses of truly rndom function. We ssume we hve ccess to pseudo-rndom function f y, where y is uniformly chosen; s consequence of the ove definition, the output of f y cn e delt with s eing rndom for ll our purposes.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k);
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k); 2. if z 0 mod (p/m) then ssign key k to sensor.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k); 2. if z 0 mod (p/m) then ssign key k to sensor. Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys): f y is one-wy;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k); 2. if z 0 mod (p/m) then ssign key k to sensor. Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys): f y is one-wy; Energy: 0 messges hve to e sent nd received.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k); 2. if z 0 mod (p/m) then ssign key k to sensor. Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys): f y is one-wy; Energy: 0 messges hve to e sent nd received. Authentiction: Sensor is proilisticlly sure of the identity of.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 10 New Key Discovery For ech sensor, for ech key k of the pool: 1. Compute z = f y ( k); 2. if z 0 mod (p/m) then ssign key k to sensor. Informtion lek: The ttcker cnnot know the colors of the keys in ech sensor (if he does not know the secret keys): f y is one-wy; Energy: 0 messges hve to e sent nd received. Authentiction: Sensor is proilisticlly sure of the identity of. On verge, m keys re ssigned to ech sensor;
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 11 New Key Discovery Security Constrint: t lest m m keys in ech vlid sensor; Hrdwre Constrint: t most m keys in ech vlid sensor; if sensor does not meet either the security of the hrdwre constrint, it must e discrded; Prolem: how mny sensors hve to e generted in order to find vlid one, depending on pool size nd m? Answer: just constnt numer! Theorem 1. Provided tht p m, sensor cn e generted in time O(p) such tht its key ring is composed of t lest m o(m) keys nd t most m keys, with high proility.
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 12 Experiments on Sensor Genertion 14000 12000 90% 95% 99% 10000 itertions 8000 6000 4000 2000 0 0 50 100 150 200 250 300 350 400 450 500 key ring size
Efficient nd Resilient Key Discovery sed on Pseudo-Rndom Key Pre-Deployment p. 13 Experiments on Attcks 450 400 Olivious ttker - IN, CR, PKIT Olivious ttker - New 95% Smrt ttker - IN, PKIT Smrt ttker - CR, New 99% 350 300 sensors to corrupt 250 200 150 100 50 0 0 50 100 150 200 250 key ring size