Cryptography Reference
In-Depth Information
key pool Q and stored into the node's memory. Each of the m keys have identifiers that
will be used to map the keys by the receiving nodes during the discovery phase of this
scheme (discussed in the next section). This set of m keys is called the node's key ring.
The number of keys in the key pool | Q | (key pool size) is chosen such that any two
random subsets of size m in Q will share at least one key, with some probability p .
Phase II: Shared-Key Discovery
On deployment, neighboring sensor nodes begin the discovery process to find out if
they share a common key with each other; if they do, then they establish a secure link.
There could be many modes for the discovery phase, such as broadcasting the list of
identifiers existing in their key ring in clear text or through a challenge-response mech-
anism. If the probability p were chosen correctly for the network's neighbor density,
then the resultant graph of secure links will be connected with some high probability.
The remaining links in the graph are then filled in by routing key-establishment mes-
sages along this connected network of initial secure links. From a security perspective,
although this approach does not reveal any important information to the adversary, it
is still susceptible to a passive traffic analysis attack.
Phase III: Path-Key Establishment
On completing the discovery phase, if two nodes in the network discover that they
do not share a key between them, they send an encrypted message to neighbors with
whom they share a key, with a request to secure a connection with the unshared node.
This model assumes that after the completion of Phase II , there exist many keys in each
key ring that can be used for third-party path-key establishment. Hence, the neighbor-
ing nodes generate pairwise keys for nodes that do not directly share a key.
Let us now find this probability p that any two nodes with key ring sizes m in the
network share at least one common key from the pool Q. Let p ¢ be the probability that
two nodes do not share a key between them. Then, p is defined as
p ¢
=-
p
1
(6.1)
In this case, keys from the key ring are drawn from Q without replacement. The total
number of possible key rings t 1 is shown below:
Q
!
=
t
(6.2)
1
mQ m
!(
-
)!
Now, the total number of possible key rings that do not share a key with a particu-
lar key ring t 2 is the number of key rings drawn from the remaining Q-m unused keys
in the pool:
(
Qm
-
)!
=
t
(6.3)
2
mQ
!(
-
2
m
)!
Search WWH ::




Custom Search