Image Processing Reference
In-Depth Information
H
H
H
H
H
H
H
Use key
K
1
K
2
K
3
K
4
K
5
K
6
K
7
K
8
t
T
1
T
2
T
3
T
4
T
5
T
6
T
7
T
8
Interval
P
1
P
2
P
3
P
4
P
5
Packet
MAC
2
MAC
3
MAC
5
MAC
5
MAC
7
K
1
K
2
K
3
K
4
K
5
K
6
K
7
Disclose
FIGURE .
Example of TESLA operation.
for this is that sensor nodes do not have enough memory for storing key chains and cannot, therefore,
authenticate broadcast packets on their own.
In [LN], Liu and Ning extend the μTESLA idea by proposing “multilevel key chains” to over-
come the scalability problems caused by the tradeoff between key chain length and duration of the
key disclosure time interval: Shorter duration of the time interval on the one hand has the advantage
of sensor nodes being able to check the authenticity of messages and deliver them earlier, thus requir-
ing less buffer space in sensor nodes, but requires rather long key chains to support a given network
lifetime. On the other hand, if the interval length is set to a higher value, a shorter key chain can be
used, requiring less computation and storage effort for setup of the scheme, but sensor nodes need
to buffer more messages before authenticity can be checked. To overcome the problem of long key
chains, Liu and Ning propose to use higher-level key chains with long intervals for authenticating
commitments of lower-level key chains that are communicated to the sensor nodes early enough to
be authenticated before the time of their usage.
10.5 Alternative Approaches to Key Management
Key management is often said to be the hardest part of implementing secure communications, as on
the one hand legitimate entities need to hold or be able to agree on the required keys, and on the
other hand, a suite of security protocols cannot offer any protection if the keys fall in the hands of an
attacker. he SNEP protocol suite as described in Section . includes a simple and rather traditional
key management protocol that enables two sensor nodes to obtain a shared secret key with the help of
a base station. In this section, we will treat the subject of key management in more depth and review
alternative approaches to it.
All in all, key management comprises of the following tasks [Sch]:
•
“Key generation” is the creation of the keys that are used. his process must be executed
in a “random” or at least “pseudo-random-controlled” way, because hackers will other-
wise be able to execute the process themselves and in a relatively short time will discover
the key that was used for security. Pseudo-random-controlled key generation means that
keys are created according to a deterministic approach but each possible key has the same
probability of being created from the method. Pseudo-random generators must be ini-
tialized with a real random value so that they do not always produce the same keys. If
the process of key generation is not reproducible, it is referred to as “really random” key
generation.
•
Task of “key distribution” consists of deploying generated keys in the place in a sys-
tem where they are needed. In simple scenarios, the keys can be distributed through
direct (e.g., personal) contact. If larger distances are involved and symmetric encryption
