Cryptography Reference
In-Depth Information
8.5 Cross-Layer Key Establishment
In this section, we provide the implementation details of the key-establishment proto-
cols embedded within the clustering protocol Saglam and Dalkılıç (2009b). Here, the
physical-node density of the network has been selected as 8, which is the minimum
node density requirement of the clustering protocol to achieve a network connectivity
performance higher than 99%. We first detail the implementation of the basic scheme,
and then provide the ECDH-based key establishment.
8.5.1 Basic Scheme
The cross-layer implementation of the basic scheme includes a clustering protocol that
would require additional communication messages in the neighbor-discovery phase. In
the clustering protocol discussed in Section 8.4.1, as soon as a configuration message is
received by a floating sensor node, the neighbor-discovery operation is initiated. During
this phase, states of sensor nodes in the neighborhood are registered and the budgets for
cluster extension are distributed to the floating neighbors. Predistributed key rings are
checked during this phase, and the neighbors sharing common key(s) in their key rings
are used to establish a secure connection (Sections 6.3.4 and 6.3.5).
Key pool size Q and key ring size m of the basic scheme define the probability p of
establishing a secure link between two sensor nodes. Hence, the number of neighbors to
be securely connected is determined by these parameters. However, it should be noted
that changing these parameters affects the cost of storage and transmission of messages.
Transactions for basic scheme implementation in the neighbor-discovery phase of
the clustering protocol are depicted in Figure 8.5.
Phase I . In this scheme, any configured sensor node (Alice) starts neighbor discovery
by broadcasting a list of key indexes, k A , included in its key ring (Figure 8.6— Phase I ).
Phase II . This polling message is received by its neighbors n i ( i = 1, 2, . . . , d , where d
is the expected node density) and compare k A with their key rings k i . If there is at least
one key index match, then the corresponding neighbors reply to Alice with the match-
ing index number idx i ( Phase II ). Hence, the expected number of neighbors finding a
common key after the shared key discovery is pd . As a result, there exist (1- p ) d neighbors
that cannot find a shared key with k A . These neighbors who do not share a key reply
with a list of their key indexes k i ( i = 1, 2, . . . , (1- p ) d ), which are subsequently used in
the path key discovery phase.
Phase III . In this phase, Alice is aware of the nodes that share a key, and depending on
the probability p , if there are neighbors that cannot establish a link key, Alice initiates
the path key discovery process via its pd secure neighbors. Alice broadcasts the list of key
indexes k i ( i = 1, 2, . . . , (1- p ) d ) received in the shared key-discovery phase together with
the corresponding node identities id i .
Search WWH ::




Custom Search