Information Technology Reference
In-Depth Information
after deployment is generally considered as unrealistic and inaccurate under
these situations.
Liu et al. [Liu et al., 2005a] proposed a polynomial pool-based pairwise key
pre-distribution scheme. Instead of deploying keys, their scheme uses bivariate
t-degree polynomials f (x, y) =
t
i,j=0
a
ij
x
i
y
j
, such that f (x, y) = f (y, x), to
compute the pairwise communication keys between nodes. For each node i,
the setup server computes a polynomial share f (i, y), which is derived from
the polynomial function f (x, y), and installs f (i, y) into node i prior to de-
ployment. Based on the property of bivariate polynomial, two nodes i and
j are able to establish a secure connection if they can compute the same
key f (i, j) = f (j, i). This polynomial pool-based scheme is based on the ba-
sic polynomial-based key pre-distribution proposed by Blundo et al. [Blundo
et al., 1992]. Two nodes are able to establish a secure connection only if they
share at least one polynomial function in common by exchanging polynomial
function IDs. An attacker requires to capture at least t + 1 polynomial shares
in order to retrieve the original t-degree polynomial function. This scheme
shows a significant enhancement of network resilience as long as the number
of nodes captured is under a certain threshold, i.e., t in this case. It is in-
teresting to note that this scheme is equivalent to Du et al.'s pairwise key
pre-distribution scheme discussed above.
Eltoweissy et al. [Eltoweissy et al., 2006] developed a protocol for dynamic
re-keying in the post-deployment phase. Under the long life cycle assumption,
re-keying is necessary in the addition or revocation
4
of nodes. By doing so,
node capture attacks can no longer further compromise the rest of the net-
work. When some nodes are suspected to be compromised, the base station
sends the re-keying instruction(s) to the cluster controllers
5
to trigger the
corresponding re-keying operations. The drawbacks are that their approach
requires the coordination among a base station and the cluster controllers. In
addition, there is an assumption that the compromised nodes can be detected
accurately by the base station.
Based on the design objectives (or constraints consideration) of the above
schemes, we summarize this comparison in Table 6.2.
6.10.2 Asymmetric Key-Based Approaches
It is well known that public key cryptosystems are in general more versatile
than the symmetric cryptography. They can provide more functions such as
digital signature and key exchange. However, they are computationally expen-
sive and undesirable to be implemented in the resource-constrained sensor net-
works. With advancement of sensor network technologies in recent years, im-
4
Node revocation is used to remove some detected misbehaving nodes.
5
A cluster controller is responsible for organizing and managing a particular cluster of
nodes.
Search WWH ::
Custom Search