Cryptography Reference
In-Depth Information
to communicate securely with each other after deployment. Furthermore, the scheme
should work with the increase in scalability (addition of new nodes to the network) and
should adhere to the low computational and storage requirements.
In general, key-distribution schemes in WSN can be broadly classified into
four classes: symmetric key algorithms, trusted server mechanisms, random key-
predistribution schemes, and public key algorithms. In the following sections, we
review a few existing key-distribution schemes in WSN.
6.3.1 Symmetric Key Algorithms
In this class, a single shared key is used to perform the encryption and decryption
operations in a communication network.
6.3.1.1 Fully Pairwise-Shared Keys
In this scheme, every node in the network shares a unique, preshared, symmetric key
with every other node in the network. The keys are preloaded into the senor nodes
before deployment. Hence, in a network of n nodes, there would be a total of n ( n -1)/2
unique keys. Subsequently, every node stores n -1 keys, one for each of the other nodes
in the network. In this class of protocols, the compromise of a few sensor nodes will
not result in the complete collapse of the entire network. However, the applicability
of this approach in large sensor networks is not pragmatic, as each node would need
to store n -1 keys, thus resulting in the rapid exhaustion of its limited memory space.
In addition, nodes usually communicate with their immediate one-hop neighbors,
thereby eliminating the need to establish unique keys with every node in the network.
Although symmetric key algorithms are limited in terms of key distribution, they pro-
vide basic cryptographic primitives, which could be used in combination with asym-
metric key cryptographic algorithms.
6.3.2 Trusted Server Mechanisms
In this category, key distribution is done via centralized trusted servers, which are
usually static in nature. In WSN, the sink node or the base station can act as a key-
distribution center (KDC). Usually, unique symmetric keys are shared between the
sink node and the ordinary nodes. If two nodes were to communicate with each other,
they would first authenticate with the base station, after which the base station gener-
ates a link key and sends it securely to both parties.
An example of a base-station-mediated key-agreement protocol is the Security
Protocol for Sensor Networks: SPINS (Perrig et al. 2002). Using this protocol, only
one unique single key is preloaded in every node of the network. Hence, a node capture
will not result in the total compromise of the network. In addition, centralized revoca-
tion is possible through authenticated unicasts from the trusted base station. The main
Search WWH ::




Custom Search