Node-Capture Resilient Key Establishment in Sensor Networks: Design Space and New Protocols

Abstract

Key management is required for basic security services of confidentiality, integrity, and data source authentication. Wireless sensor networks (WSNs) are a challenging environment to provide such services due to the resource constraints and the increased likelihood of nodes to be captured. Various key management techniques were proposed that trade off resilience to node capture and overhead in terms of communication and memory. We identify the main factors influencing the design space of key management protocols for sensor networks and describe representative protocols that trade off the number of links established, communication overhead, and resilience to node capture. These trade-offs are due to using direct, pathbased, or multipath-based communication to establish secure links. We propose a new multipath protocol relying on an encoding scheme tailored for WSNs and analyze the effects of key pre-distribution on multipath key establishment. We provide extensive simulations to understand the trade-offs between resilience to node compromise and communication overhead under numerous network scenarios. This comparison highlights the trade-offs between these vastly different key management schemes. For the newer class of key management schemes—multipath based—we quantify experimentally the additional communication overhead required for extra paths and the improvement in resilience from using these paths.

Additional details