Cryptography Reference
In-Depth Information
p ¢ for m = 200 and i = 10
Figure 6.2. Key-Pool Set | Q | Selection Based on
()
In general, random key predistribution presents a desirable trade-off between the
insecurity of using a single network-wide key and the impractical high memory over-
head of using unique pairwise keys. Its main advantage is that it provides much lower
memory overhead than the full pairwise keys scheme while being more resilient to
node compromise than the single-network-wide key scheme. Furthermore, it is fully
distributed and does not require a trusted base station. The main disadvantages to this
approach are the probabilistic nature of the scheme, which makes it difficult to pro-
vide the guarantee of the initial graph of secure links being connected under nonuni-
form conditions or sparse deployments. Furthermore, since keys can be shared between
a large number of nodes, this class of schemes does not provide very high resilience
against node compromise and subsequent exposure of node keys.
6.3.6 Random Pairwise Key Scheme
The random pairwise key scheme, proposed by Chan et al. (2003), is a hybrid of the
random key-predistribution scheme and the full pairwise key scheme. In the analysis
of random key predistribution, it was deduced that as long as any two nodes can form
a secure link with at least a probability p , the entire network will be connected with
secure links with high probability. Based on this observation, Chan et al. note that it is
not necessary to perform full pairwise key distribution to achieve a network where any
two nodes can find a secure pathway to each other. Instead of preloading n -1 unique
pairwise keys in each node, the random pairwise key scheme preloads m unique
pairwise keys from each node. The m keys of a key ring are a small, random subset of
Search WWH ::




Custom Search