The establishment of link-layer keys between neighboring nodes is a fundamental issue in securing... more The establishment of link-layer keys between neighboring nodes is a fundamental issue in securing sensor network communications. Most of existing solutions are key predistribution schemes which rely on sensor nodes to broadcast hundreds of or even thousands of pre-loaded key IDs to find pairwise keys between neighboring nodes. The shortcomings include poor resilience against node compromise, low network connectivity, large communication overhead, etc. This paper presents a novel location-based link-layer key establishment scheme, in which a hexagonal-grid-based deployment model and a polynomial-based key establishment model are combined for the first time to establish a link-layer key between two neighboring nodes. Compared with conventional proposals, our scheme features much lower communication overhead and memory requirements while still maintaining high network connectivity and network resilience against node compromise.
In a large scale sensor network, it is infeasible to assign a unique Transport Layer Key (TLK) fo... more In a large scale sensor network, it is infeasible to assign a unique Transport Layer Key (TLK) for each pair of nodes to provide the end-to-end security due to the huge memory cost per node. Thus, conventional key establishment schemes follow a key predistribution approach to establish a Link Layer Key (LLK) infrastructure between neighboring nodes and rely on multihop paths to provide the end-to-end security. Their drawbacks include vulnerability to the node compromise attack, large memory cost, and energy inefficiency in the key establishment between neighboring nodes. In this paper, we propose a novel key establishment scheme, called LAKE, for sensor networks. LAKE uses a t-degree trivariate symmetric polynomial to facilitate the establishment of both TLKs and LLKs between sensor nodes in a two-dimensional space, where each node can calculate direct TLKs and LLKs with some logically neighboring nodes and rely on those nodes to negotiate indirect TLKs and LLKs with other nodes. Any two end nodes can negotiate a TLK on demand directly or with the help of only one intermediate node, which can be determined in advance. As for the LLK establishment, LAKE is more secure under the node compromise attack with much less memory cost than conventional solutions. Due to the location-based deployment, LAKE is also energy efficient in that each node has direct LLKs with most neighbors without spending too much energy on the establishment of indirect LLKs with neighbors through multihop routing.
Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the... more Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious ''new'' nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.
The establishment of link-layer keys between neighboring nodes is a fundamental issue in securing... more The establishment of link-layer keys between neighboring nodes is a fundamental issue in securing sensor network communications. Most of existing solutions are key predistribution schemes which rely on sensor nodes to broadcast hundreds of or even thousands of pre-loaded key IDs to find pairwise keys between neighboring nodes. The shortcomings include poor resilience against node compromise, low network connectivity, large communication overhead, etc. This paper presents a novel location-based link-layer key establishment scheme, in which a hexagonal-grid-based deployment model and a polynomial-based key establishment model are combined for the first time to establish a link-layer key between two neighboring nodes. Compared with conventional proposals, our scheme features much lower communication overhead and memory requirements while still maintaining high network connectivity and network resilience against node compromise.
In a large scale sensor network, it is infeasible to assign a unique Transport Layer Key (TLK) fo... more In a large scale sensor network, it is infeasible to assign a unique Transport Layer Key (TLK) for each pair of nodes to provide the end-to-end security due to the huge memory cost per node. Thus, conventional key establishment schemes follow a key predistribution approach to establish a Link Layer Key (LLK) infrastructure between neighboring nodes and rely on multihop paths to provide the end-to-end security. Their drawbacks include vulnerability to the node compromise attack, large memory cost, and energy inefficiency in the key establishment between neighboring nodes. In this paper, we propose a novel key establishment scheme, called LAKE, for sensor networks. LAKE uses a t-degree trivariate symmetric polynomial to facilitate the establishment of both TLKs and LLKs between sensor nodes in a two-dimensional space, where each node can calculate direct TLKs and LLKs with some logically neighboring nodes and rely on those nodes to negotiate indirect TLKs and LLKs with other nodes. Any two end nodes can negotiate a TLK on demand directly or with the help of only one intermediate node, which can be determined in advance. As for the LLK establishment, LAKE is more secure under the node compromise attack with much less memory cost than conventional solutions. Due to the location-based deployment, LAKE is also energy efficient in that each node has direct LLKs with most neighbors without spending too much energy on the establishment of indirect LLKs with neighbors through multihop routing.
Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the... more Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious ''new'' nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.
Uploads
Papers by Yun Zhou