Content uploaded by Ahcène Bounceur
Author content
All content in this area was uploaded by Ahcène Bounceur on Apr 06, 2016
Content may be subject to copyright.
A Dynamic and Distributed Key Management Scheme for
Wireless Sensor Networks
Abdelkader Laouid
University of Bejaia
Department of Computer
Science, Algeria
abdelkader-laouid@univ-
eloued.dz
Mohamed-Lamine
Messai
University of Setif 1
Department of Computer
Science, Algeria
messai.amine@gmail.com
Ahcène Bounceur
University of Western Brittany
Lab-STICC CNRS UMR 6285,
France
bounceur@univ-brest.fr
Reinhardt Euler
Western Brittany University
Lab-STICC CNRS UMR 6285,
France
euler@univ-brest.fr
Abdelnasser Dahmani
University of Bejaia
LMA Laboratory, Algeria
dahmany@gmail.com
Abdelkamel Tari
University of Bejaia
LIMED Laboratory, Algeria
tarikamel59@gmail.com
ABSTRACT
Ensuring key management in Wireless Sensor Networks has
a vital importance, especially when sensor nodes have to
communicate in hostile environments. In this paper, we
propose a new simple and resource-aware key management
scheme. The scheme is based on the idea that the initial
pre-distributed key is not pre-loaded in all nodes to improve
its resilience to node compromising attacks. Each node has
to store an initial key, a set of prime number groups and
a pseudo-random function. This pre-distributed secret in-
formation is used to establish pairwise keys between adja-
cent nodes after their deployment. Moreover, the proposed
scheme is dynamic since it allows a flexible key refresh.
Keywords
WSNs; Distributed algorithms; Security; Key management
1. INTRODUCTION
Since data are transmitted through the air, wireless net-
works suffer from many types of attacks. Therefore, cryp-
tography and security scheme solutions are needed to secure
the data transfer between nodes against unauthorised third
partes. In a Wireless Sensor Network WSN, some sensor
nodes may be captured by an attack whereas, an increase of
security by using asymmetric cryptography algorithms and
complicated schemes is still inappropriate and lacks of scal-
able security solutions. The security schemes proposed in [1]
and [2] to share the key between every pair of nodes are not
scalable for a large number of nodes due to the size of the
pool and ring key used. Otherwise, the taxonomy of pre-
distributed keying schemes for WSN indicates two classes
X-XXXXX-XX-X/XX/XX.
[3], the first class being a probabilistic scheme assigning a
probability pto a pair of adjacent nodes to share securely
the pairwise key. Whereas, the second class is deterministic
to ensure every pair of adjacent nodes to share securely the
pairwise key. A large number of keying schemes [4] exploit
the probabilistic technique for key sharing in order to enable
sensor nodes to compute their shared key.
In this paper, we will design a dynamic key scheme by
taking into consideration the issues cited above. We will
propose a deterministic scheme to securely share the key
between every pair of adjacent nodes without using the pool
and ring key, where we have used only a set of groups and
pseudo-random function to achieve this objective.
2. RELATED WORK
Various key management solutions are proposed for WSNs
to meet their specific requirements [5, 6]. In [11] an Energy-
efficient Distributed Deterministic Key management for WSNs
is presented. EDDK establishes a pairwise key for every
two neighbors in the network. Each node in EDDK is pre-
distributed with a pseudorandom function and an initial key.
After deployment, each node broadcasts one message to es-
tablish a pairwise key with each of its neighbors. EDDK
has a low communication overhead which justifies its en-
ergy efficiency. When adding new sensor nodes, the elliptic
curve algorithm is used to establish pairwise keys. In [7],
a tree based key management in WSNs is proposed. This
scheme is named STKM (Spanning Tree Key Management
for WSNs). In STKM, each sensor node is pre-distributed
with three symmetric keys that will be used after deploy-
ment to construct a spanning tree with secure links. STKM
has a low memory overhead and a good scalability but suf-
fers from node compromising attacks in particular sensor
nodes close to the base station. In [8], authors proposed
LBKs (location-based keys) that rely on location informa-
tion to achieve key management. The pre-distribution of
keys is according to the location of sensor nodes. Eschenauer
and Gligor [1] presented a promising idea based on a ran-
dom key pre-distribution. In their scheme, each node is
pre-distributed with a random set of keys chosen randomly
from a large key pool. When nodes are deployed, a shared
key discovery phase is launched to know whether two neigh-
bors share at least one key. The challenge of this scheme is
to find a good tradeoff between the size of the key pool and
the number of keys stored by nodes to achieve a best key
connectivity and a good resilience to node compromising at-
tacks. Recently, a new key management scheme for WSNs
has been designed in [9]. The scheme is based on numer-
ical sequences to ensure resource-efficient key management
between sensor nodes.
3. PROPOSED SCHEME
In this section, we describe the principle of the proposed
Dynamic Distributed Key Management Scheme DD-
KMS to secure data transfer through authenticated wire-
less sensor nodes. What we will use here are simple and
efficient operations to respond to issues and security met-
rics encountered in WSNs [3], [10]. First, we define some
primitives used in our deterministic scheme by focusing on
mathematical model to reach our objective. In order to ev-
ery two adjacent nodes to share the same key between them,
they should be pre-loaded by some initial acknowledgments
prior to the deployment. After the deployment, each pair of
neighboring nodes can securely establish the key using initial
key, a pseudo-random function, intersection of two groups of
primitive numbers and the modulo. We also aim to avoid
the scenario that an attacker can capture any node from the
network to extract the initial key before accomplishing the
key pairwise step as used in [11] and [12]. The authors in
[11] assume that an attacker cannot extract the key prior
to 10s and to ensure the confidentiality of the initial key a
countdown is defined to erase all initial data in time less
than 10s. Indeed, it is possible to extract the initial key
in this case if an attacker ceases or destroys the countdown
before reaching 10s, the initial key is easily extracted. Oth-
erwise, it shall always consider that an attacker may have a
very high power computation resource to extract the initial
key prior to the erasing time running out. In order to reach
this goal, we assume that some nodes are well secured and
the attacker cannot capture these nodes. However, even if
an attacker can capture any node from the network the pos-
sibility to capture a node that has the initial key is k/N,
where kis the number of nodes that have the initial key and
Nis the number of network nodes. The Table 1 shows our
most used primitives to describe the proposed scheme.
3.1 Configuration step
In order to allow any two neighbors to share the same
secret key, they are prior of the deployment of nodes pre-
configured by private and public data. We now aim to
explain the basic principle of our proposed scheme. The
occurred challenges will be treated one by one in the next
section. A mathematical model is used in our proposition
to share securely the same value of a variable between every
pair of adjacent nodes niand nj. Moreover, a distributed
decision for computing this value from niand njshould be
considered. Then, each pair niand njgenerates secretly
the private pairwise key Kij using the generated variable
values as parameters in pseudo-random function. In the
proposed scheme, we have used a finite of prime numbers
selected randomly and divided into groups in such a way
that all intersections between two distinct groups contain a
single prime number as shown in Figure 1. The goal of these
groups is to distribute the key between any pair of nodes,
Table 1: Primitive notation
Primitive Description
NNumber of deployed nodes
niand njTwo adjacent nodes in the network
IDiIdentifier of node i
ni→type, ∗:MNode nibroadcasts the message M
to all nodes in its radio range
P Req and PR esp Request and Response, respectively, of
pairwise key between two nodes
nonceij Random value generated by nito be
shard securely with nj
XiArbitrary selected group by ni
KvVolatile key used to share securely the
nonceij between niand nj
f(int, int) Pseudo-random function taking integers
as parameters
Kij Secret pairwise key between niand nj
counter Used to prevent a data replay attack;
can also be used as nonce [13]
Ek(M) and Dk(M) Encryption and decryption
of message Musing the key K
where each node niand njselects randomly one group, and
the intersection value of both selected groups is considered
as a common prime number selected by niand nj. A volatile
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Figure 1: Prime groups example.
key Kvis used only to establish a secure pairwise keying be-
fore erasing it. Therefore, each legitimate node is pre-loaded
by the following acknowledgments prior to the deployment
step:
•The predefined prime number groups.
•The volatile key Kv.
•A pseudo-random function to compute the key Kij.
3.2 Deployment and keying step
Immediately after the deployment, each node broadcasts
a discovering neighbor message where every receiver node
of this message inserts the identifier of the source of the
received message. To avoid the collision of broadcasting
at a same time, every node implements a binary exponen-
tial backoff algorithm to avoid collisions before broadcast-
ing. In order to resolve the ambiguity of where to start
the keying procedure every node starts the keying proce-
dure with its neighbors such that their identifiers less than
that of it. When a node nistarts the key pairwise pro-
cedure with njit generates a nonceij and selects an arbi-
trary group Xiamong the existing prime number groups
and sends an authenticated request P Req to njwhich con-
tains EKv(nonceij ||Xi). We use an authenticated request
to prevent an attacker to start a false pairwise request or
response. The receiver node njstarts its role when the re-
ceiving of the pairwise request and selects arbitrarly a group
Xjfrom the existing prime number groups, where Xi̸=Xj.
Before computing the shared value nonceji the receiver re-
sends the pairwise response P Resp to the sender which con-
tains the encrypted selected group Xj. After the decryption
of the DKv(EKv(nonceij ||Xi)) from njand DKv(EKv(Xj)
from ni, each node can compute the shared value nonceji
using equation 1. Therefore, using the described scenario
above every pair of neighboring nodes is able to compute a
common key as illustrated in Figure 2, where Gen: means
generating a random nonce, and Sel: an arbitrary selection
of a group.
nonceji =nonceij mod (Xi∩Xj) (1)
The pairwise key is easy to calculate from niand njusing
a pseudorandom function as shown in Equation 2.
Kij =f(nonceij ||IDi, noncej i||I Dj) (2)
The scenario of this step is shown in algorithm 1 which
ni nj
groups is considered as a common prime number selected by
niand nj. A volatile key Kvis used only to establish a secure
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Fig. 1: Prime groups example.
pairwise keying before erasing it. therefore, each legitimate
node is pre-loaded by the following acknowledgements prior
of deployment step:
•The predefined of prime number groups.
•The volatile key Kv.
•A pseudorandom function which take an integer as pa-
rameter to compute the key Kij .
2.2 The deployment and key pairwise step
After the deployment, each node broadcasts a discovering
neighbor message and every node receives this message inserts
the identifier of the source of the received message. To
avoid the collision of broadcasting in the same time, every
node implements a binary exponential backoff algorithm to
avoid collisions before broadcasting. In order to resolve the
ambiguity of which starts the key pairwise procedure between
niand nj, every node starts the key pairwise procedure with its
neighbors which have the identifier less than that of it. When
a node nistarts the key pairwise procedure with njit generate
anounceij and select arbitrary a group Xifrom exists prime
number groups and sends an authenticated request PReq to nj
which contains the selected group and the encrypted nounce
EKv(nounceij ). We use an authenticated requests to prevent
an attacker to send a false pairwise request or response. The
receiver node njstarts its role since of the receiving of the
pairwise request and select arbitrary a group Xjfrom exists
prime number groups where Xi̸=Xj. Before of computing of
the shared value Vij the receiver resends a pairwise response
PResp to the sender which contains the selected group Xj.
After the decryption of the DKv(EKv(nounceij )) from nj,
each node can compute the shared variable Vij using equation
1.
Vij =nounceij mod (Xi∩Xj)(1)
The pairwise key is easy to computed from niand njusing
a pseudorandom function which take Vij as parameter.
Kij =f(Vij )(2)
The scenario of this step is shown in algorithm 1 which
should be executed by any legitimate node niof the deployed
network. Every node njwhich is the neighbor of nireceives
PReq from it executes algorithm 2.
Algorithm 1 Request to key pairwise.
1: for each IDj<ID
ido
2: nounceij =random();
3: Select arbitrary group Xi;
4: M=EKv(nounceij ||IDj)
5: Send(PReq,IDj,M,Xi);
6: end for
7: Delete Kv;
8: while Receive (PResp,X
j)do
9: Xij =Xi∩Xj;
10: Vij =nounceij mod Xij ;
11: Kij =f(Vij );
12: end while
Algorithm 2 Response to key pairwise Request.
1: while Receive (PReq)do
2: Select arbitrary group Xj;
3: Send(PResp,IDi,Xj);
4: nounceij =DKv(M)
5: Xij =Xi∩Xj;
6: Vij =nounceij mod Xij ;
7: Kij =f(Vij );
8: end while
REFERENCES
[1] X. He, M. Niedermeier, and H. De Meer, “Dynamic key management in
wireless sensor networks: A survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[2] M. A. Simpl´
ıcio, P. S. Barreto, C. B. Margi, and T. C. Carvalho, “A
survey on key management mechanisms for distributed wireless sensor
networks,” Computer networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[3] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient distributed determin-
istic key management for wireless sensor networks,” EURASIP Journal
on Wireless Communications and Networking, vol. 2011, p. 12, 2011.
[4] J. Deng, C. Hartung, R. Han, and S. Mishra, “A practical study of
transitory master key establishment forwireless sensor networks,” in
Security and Privacy for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International Conference on. IEEE, 2005,
pp. 289–302.
2
groups is considered as a common prime number selected by
niand nj. A volatile key Kvis used only to establish a secure
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Fig. 1: Prime groups example.
pairwise keying before erasing it. therefore, each legitimate
node is pre-loaded by the following acknowledgements prior
of deployment step:
•The predefined of prime number groups.
•The volatile key Kv.
•A pseudorandom function which take an integer as pa-
rameter to compute the key Kij.
2.2 The deployment and key pairwise step
After the deployment, each node broadcasts a discovering
neighbor message and every node receives this message inserts
the identifier of the source of the received message. To
avoid the collision of broadcasting in the same time, every
node implements a binary exponential backoff algorithm to
avoid collisions before broadcasting. In order to resolve the
ambiguity of which starts the key pairwise procedure between
niand nj, every node starts the key pairwise procedure with its
neighbors which have the identifier less than that of it. When
a node nistarts the key pairwise procedure with njit generate
anounceij and select arbitrary a group Xifrom exists prime
number groups and sends an authenticated request PReq to nj
which contains the selected group and the encrypted nounce
EKv(nounceij ). We use an authenticated requests to prevent
an attacker to send a false pairwise request or response. The
receiver node njstarts its role since of the receiving of the
pairwise request and select arbitrary a group Xjfrom exists
prime number groups where Xi̸=Xj. Before of computing of
the shared value Vij the receiver resends a pairwise response
PResp to the sender which contains the selected group Xj.
After the decryption of the DKv(EKv(nounceij )) from nj,
each node can compute the shared variable Vij using equation
1.
Vij =nounceij mod (Xi∩Xj)(1)
The pairwise key is easy to computed from niand njusing
a pseudorandom function which take Vij as parameter.
Kij =f(Vij )(2)
The scenario of this step is shown in algorithm 1 which
should be executed by any legitimate node niof the deployed
network. Every node njwhich is the neighbor of nireceives
PReq from it executes algorithm 2.
Algorithm 1 Request to key pairwise.
1: for each IDj<ID
ido
2: nounceij =random();
3: Select arbitrary group Xi;
4: M=EKv(nounceij ||IDj)
5: Send(PReq,IDj,M,Xi);
6: end for
7: Delete Kv;
8: while Receive (PResp,X
j)do
9: Xij =Xi∩Xj;
10: Vij =nounceij mod Xij ;
11: Kij =f(Vij );
12: end while
Algorithm 2 Response to key pairwise Request.
1: while Receive (PReq)do
2: Select arbitrary group Xj;
3: Send(PResp,IDi,Xj);
4: nounceij =DKv(M)
5: Xij =Xi∩Xj;
6: Vij =nounceij mod Xij ;
7: Kij =f(Vij );
8: end while
REFERENCES
[1] X. He, M. Niedermeier, and H. De Meer, “Dynamic key management in
wireless sensor networks: A survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[2] M. A. Simpl´
ıcio, P. S. Barreto, C. B. Margi, and T. C. Carvalho, “A
survey on key management mechanisms for distributed wireless sensor
networks,” Computer networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[3] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient distributed determin-
istic key management for wireless sensor networks,” EURASIP Journal
on Wireless Communications and Networking, vol. 2011, p. 12, 2011.
[4] J. Deng, C. Hartung, R. Han, and S. Mishra, “A practical study of
transitory master key establishment forwireless sensor networks,” in
Security and Privacy for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International Conference on. IEEE, 2005,
pp. 289–302.
2
groups is considered as a common prime number selected by
niand nj. A volatile key Kvis used only to establish a secure
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Fig. 1: Prime groups example.
pairwise keying before erasing it. therefore, each legitimate
node is pre-loaded by the following acknowledgements prior
of deployment step:
•The predefined of prime number groups.
•The volatile key Kv.
•A pseudorandom function which take an integer as pa-
rameter to compute the key Kij.
2.2 The deployment and key pairwise step
After the deployment, each node broadcasts a discovering
neighbor message and every node receives this message inserts
the identifier of the source of the received message. To
avoid the collision of broadcasting in the same time, every
node implements a binary exponential backoff algorithm to
avoid collisions before broadcasting. In order to resolve the
ambiguity of which starts the key pairwise procedure between
niand nj, every node starts the key pairwise procedure with its
neighbors which have the identifier less than that of it. When
a node nistarts the key pairwise procedure with njit generate
anounceij and select arbitrary a group Xifrom exists prime
number groups and sends an authenticated request PReq to nj
which contains the selected group and the encrypted nounce
EKv(nounceij). We use an authenticated requests to prevent
an attacker to send a false pairwise request or response. The
receiver node njstarts its role since of the receiving of the
pairwise request and select arbitrary a group Xjfrom exists
prime number groups where Xi̸=Xj. Before of computing of
the shared value Vij the receiver resends a pairwise response
PResp to the sender which contains the selected group Xj.
After the decryption of the DKv(EKv(nounceij)) from nj,
each node can compute the shared variable Vij using equation
1.
Vij =nounceij mod (Xi∩Xj)(1)
The pairwise key is easy to computed from niand njusing
a pseudorandom function which take Vij as parameter.
Kij =f(Vij)(2)
The scenario of this step is shown in algorithm 1 which
should be executed by any legitimate node niof the deployed
network. Every node njwhich is the neighbor of nireceives
PReq from it executes algorithm 2.
Algorithm 1 Request to key pairwise.
1: for each IDj<ID
ido
2: nounceij =random();
3: Select arbitrary group Xi;
4: M=EKv(nounceij||IDj)
5: Send(PReq,IDj,M,Xi);
6: end for
7: Delete Kv;
8: while Receive (PResp, X
j)do
9: Xij =Xi∩Xj;
10: Vij =nounceij mod Xij;
11: Kij =f(Vij);
12: end while
Algorithm 2 Response to key pairwise Request.
1: while Receive (PReq)do
2: Select arbitrary group Xj;
3: Send(PResp,IDi,Xj);
4: nounceij =DKv(M)
5: Xij =Xi∩Xj;
6: Vij =nounceij mod Xij;
7: Kij =f(Vij);
8: end while
REFERENCES
[1] X. He, M. Niedermeier, and H. De Meer, “Dynamic key management in
wireless sensor networks: A survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[2] M. A. Simpl´
ıcio, P. S. Barreto, C. B. Margi, and T. C. Carvalho, “A
survey on key management mechanisms for distributed wireless sensor
networks,” Computer networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[3] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient distributed determin-
istic key management for wireless sensor networks,” EURASIP Journal
on Wireless Communications and Networking, vol. 2011, p. 12, 2011.
[4] J. Deng, C. Hartung, R. Han, and S. Mishra, “A practical study of
transitory master key establishment forwireless sensor networks,” in
Security and Privacy for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International Conferenceon. IEEE, 2005,
pp. 289–302.
2
Time
Gen:
Sel:
Sel:
groups is considered as a common prime number selected by
niand nj. A volatile key Kvis used only to establish a secure
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Fig. 1: Prime groups example.
pairwise keying before erasing it. therefore, each legitimate
node is pre-loaded by the following acknowledgements prior
of deployment step:
•The predefined of prime number groups.
•The volatile key Kv.
•A pseudorandom function which take an integer as pa-
rameter to compute the key Kij.
2.2 The deployment and key pairwise step
After the deployment, each node broadcasts a discovering
neighbor message and every node receives this message inserts
the identifier of the source of the received message. To
avoid the collision of broadcasting in the same time, every
node implements a binary exponential backoff algorithm to
avoid collisions before broadcasting. In order to resolve the
ambiguity of which starts the key pairwise procedure between
niand nj, every node starts the key pairwise procedure with its
neighbors which have the identifier less than that of it. When
a node nistarts the key pairwise procedure with njit generate
anounceij and select arbitrary a group Xifrom exists prime
number groups and sends an authenticated request PReq to nj
which contains the selected group and the encrypted nounce
EKv(nounceij ). We use an authenticated requests to prevent
an attacker to send a false pairwise request or response. The
receiver node njstarts its role since of the receiving of the
pairwise request and select arbitrary a group Xjfrom exists
prime number groups where Xi̸=Xj. Before of computing of
the shared value Vij the receiver resends a pairwise response
PResp to the sender which contains the selected group Xj.
After the decryption of the DKv(EKv(nounceij )) from nj,
each node can compute the shared variable Vij using equation
1.
Vij =nounceij mod (Xi∩Xj)(1)
The pairwise key is easy to computed from niand njusing
a pseudorandom function which take Vij as parameter.
Kij =f(Vij )(2)
The scenario of this step is shown in algorithm 1 which
should be executed by any legitimate node niof the deployed
network. Every node njwhich is the neighbor of nireceives
PReq from it executes algorithm 2.
Algorithm 1 Request to key pairwise.
1: for each IDj<ID
ido
2: nounceij =random();
3: Select arbitrary group Xi;
4: M=EKv(nounceij ||IDj)
5: Send(PReq,IDj,M,Xi);
6: end for
7: Delete Kv;
8: while Receive (PResp,X
j)do
9: Xij =Xi∩Xj;
10: Vij =nounceij mod Xij ;
11: Kij =f(Vij );
12: end while
Algorithm 2 Response to key pairwise Request.
1: while Receive (PReq)do
2: Select arbitrary group Xj;
3: Send(PResp,IDi,Xj);
4: nounceij =DKv(M)
5: Xij =Xi∩Xj;
6: Vij =nounceij mod Xij ;
7: Kij =f(Vij );
8: end while
REFERENCES
[1] X. He, M. Niedermeier, and H. De Meer, “Dynamic key management in
wireless sensor networks: A survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[2] M. A. Simpl´
ıcio, P. S. Barreto, C. B. Margi, and T. C. Carvalho, “A
survey on key management mechanisms for distributed wireless sensor
networks,” Computer networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[3] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient distributed determin-
istic key management for wireless sensor networks,” EURASIP Journal
on Wireless Communications and Networking, vol. 2011, p. 12, 2011.
[4] J. Deng, C. Hartung, R. Han, and S. Mishra, “A practical study of
transitory master key establishment forwireless sensor networks,” in
Security and Privacy for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International Conference on. IEEE, 2005,
pp. 289–302.
2
groups is considered as a common prime number selected by
niand nj. A volatile key Kvis used only to establish a secure
P1###P5#
P6####P7#
P1###P2#
P8####P9#
P2###P3############
P5####P10#
P3###P4#
P6####P8#
P4###P7#
P10####P9#
A B
C D
E
Fig. 1: Prime groups example.
pairwise keying before erasing it. therefore, each legitimate
node is pre-loaded by the following acknowledgements prior
of deployment step:
•The predefined of prime number groups.
•The volatile key Kv.
•A pseudorandom function which take an integer as pa-
rameter to compute the key Kij.
2.2 The deployment and key pairwise step
After the deployment, each node broadcasts a discovering
neighbor message and every node receives this message inserts
the identifier of the source of the received message. To
avoid the collision of broadcasting in the same time, every
node implements a binary exponential backoff algorithm to
avoid collisions before broadcasting. In order to resolve the
ambiguity of which starts the key pairwise procedure between
niand nj, every node starts the key pairwise procedure with its
neighbors which have the identifier less than that of it. When
a node nistarts the key pairwise procedure with njit generate
anonceij and select arbitrary a group Xifrom exists prime
number groups and sends an authenticated request PReq to
njwhich contains the selected group and the encrypted nonce
EKv(nonceij ). We use an authenticated requests to prevent
an attacker to send a false pairwise request or response. The
receiver node njstarts its role since of the receiving of the
pairwise request and select arbitrary a group Xjfrom exists
prime number groups where Xi̸=Xj. Before of computing of
the shared value Vij the receiver resends a pairwise response
PResp to the sender which contains the selected group Xj.
After the decryption of the DKv(EKv(nonceij )) from nj,
each node can compute the shared variable Vij using equation
1.
Vij =nonceij mod (Xi∩Xj)(1)
The pairwise key is easy to computed from niand njusing
a pseudorandom function which take Vij as parameter.
Kij =f(Vij )(2)
The scenario of this step is shown in algorithm 1 which
should be executed by any legitimate node niof the deployed
network. Every node njwhich is the neighbor of nireceives
PReq from it executes algorithm 2.
Algorithm 1 Request to key pairwise.
1: for each IDj<ID
ido
2: nonceij =random();
3: Select arbitrary group Xi;
4: M=EKv(nonceij||IDj)
5: Send(PReq,IDj,M,Xi);
6: end for
7: Delete Kv;
8: while Receive (PResp,X
j)do
9: Xij =Xi∩Xj;
10: Vij =nonceij mod Xij;
11: Kij =f(Vij);
12: end while
Algorithm 2 Response to key pairwise Request.
1: while Receive (PReq)do
2: Select arbitrary group Xj;
3: Send(PResp,IDi,Xj);
4: nonceij =DKv(M)
5: Xij =Xi∩Xj;
6: Vij =nonceij mod Xij ;
7: Kij =f(Vij );
8: end while
REFERENCES
[1] X. He, M. Niedermeier, and H. De Meer, “Dynamic key management in
wireless sensor networks: A survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[2] M. A. Simpl´
ıcio, P. S. Barreto, C. B. Margi, and T. C. Carvalho, “A
survey on key management mechanisms for distributed wireless sensor
networks,” Computer networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[3] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient distributed determin-
istic key management for wireless sensor networks,” EURASIP Journal
on Wireless Communications and Networking, vol. 2011, p. 12, 2011.
[4] J. Deng, C. Hartung, R. Han, and S. Mishra, “A practical study of
transitory master key establishment forwireless sensor networks,” in
Security and Privacy for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International Conference on. IEEE, 2005,
pp. 289–302.
2
Figure 2: Key establishment scenario between niand nj.
should be executed by any legitimate node niimmediately
after the deployment. Every node njwhich is the neighbor
of nireceives P Req from it and executes algorithm 2.
Algorithm 2 Response to key pairwise Request.
1: while Receive (P Req)do
2: Select arbitrary group Xj;
3: nj→P Resp, I Di:EKv(Xj);
4: DKv(C)
5: Pij =Xi∩Xj;
6: nonceji =nonceij mod Pij ;
7: Kij =f(nonceij ||IDi, noncej i||I Dj);
8: end while
3.3 Key refresh
We always aim to focus on two metrics Efficiency and
Highlight, which are pertinent for WSN security concepts.
Because they have a limited resource of computation, mem-
ory and battery . Beyond the limited resource of compu-
tation, and in contrast to wired or some Ad hoc networks
other kinds of attacks such as stealing sensed data, injecting
false data, etc may occur. In our proposed scheme, it is very
easy to refresh the key securely between every pair of neigh-
boring nodes. Unlike to SPINS which uses the base station
as a third part to share the key, we propose that only the
concerned nodes niand njwill participate in generating of
the new pairwise key K′
ij . In order to refresh the shared key
between two neighboring nodes we use the counter. Any
legitimate node fires the event of key-refresh time in two
different cases:
1. External event: In this case, a node nifires the key-
refresh process when the network node receives an au-
thenticated alert of a compromised node.
2. Internal event: Is considered as a predicted event,
where the network node niupdates the shared key
with every one of its neighbors.
In both cases described above, any network node nistarts
the same deployment scenario for updating the key with
its neighbors, by generating a new nonce′
ij , selecting a new
group X′
iand sending a P Req to all its neighbors using the
Kij to encrypt the new generated nonce EKij (nonce′
ij ).
On the other hand, to prevent the replay data attack we
assign to each neighbor node njof a given node nia distinct
counterij where for each sending message the counter should
be increased by one to guarantee the data freshness. The
updating key process starts between nodes niand njas soon
as when the counter counterij reached to the end.
4. CHALLENGES AND IMPROVEMENTS
In this section, an improvement to the proposed scheme is
introduced in order to reach two objectives. A first objective
aims to increase the security and to prevent the attackers to
recover any secret data during the pairwise key procedure.
Whereas, the second objective aims to enhance the metrics
of the efficiency and simplicity in order the proposed scheme
to be more adequate for implementation in WSNs. Thus,
the introduced improvement can be described in details as
follows:
•Volatile key insertion: We have seen in Section 3, that
the volatile key is inserted into each legitimate node,
and its life duration is very short to avoid to recover
from an attacker. However, an attacker can capture
any network node immediately after the deployment
to recover the volatile key. In order to minimize the
probability pto recover the volatile key from an at-
tacker without losing its short lifetime duration, we
insert it only in some legitimate nodes (kis the num-
ber of nodes which have the volatile key) prior to the
deployment step. Otherwise, other nodes which have
not the volatile key (lis the number of nodes which
have not the volatile key) a set of size gof plain and
encrypted nonces and a selected group is inserted into
them as shown in Table 2, where, the size of the set g
is the number of predicted neighbors for each node.
k∪l=N
:
After the deployment, each node runs the scenario
shown in Section 3.2, where the nodes which have not
the volatile key, send a request P Req by selecting one
of the encrypted nonce and one of the groups. In this
case, a non-authenticated request is used because the
Algorithm 1 Request to key pairwise.
1: for each IDj< I Dido
2: nonceij =random();
3: Select arbitrary group Xi;
4: C=EKv(nonceij ||Xi)
5: ni→P Req, I Dj:C|| MAC(nonceij||Xi);
6: end for
7: while Receive (P Resp)do
8: Pij =Xi∩Xj;
9: nonceji =nonceij mod Pij ;
10: Kij =f(nonceij ||IDi, noncej i||I Dj);
11: end while
12: Delete Kv;
Table 2: Plain and encrypted nonce and groupe
Plain Encrypted
nonce1||X1EKv(nonce1||X1)
nonce2||X2EKv(nonce2||X2)
nonce3||X3EKv(nonce3||X3)
.
.
..
.
.
nonceg||XgEKv(nonceg||Xg)
nodes which don’t have the volatile key, directly use
the plain and encrypted data as shown in Table 2,
where the authentication between them starts imme-
diately after the pairwise key step.
Also the selected group of the P Resp will be sent in
plain. Except, before erasing of the volatile key from
the nodes which have it, we suppose that a node ni
which have Kv. Hence, nisends it securely using the
shared key Kij to all its neighbors njsuch that:
∀j IDj> I Di
immediately after sending the P Resp of the selected
group Xiusing the new secret pairwise key Kij. Then,
every received Kvnode plays its role by decrypting the
encrypted received nonce using Kv, sharing the secret
key pairwise, sending secretly Kvusing the new shared
pairwise key and erasing Kv. Also, in order to prevent
the reuse of the encrypted nonces by an attacker, the
nodes which have a set of pair plain and encrypted
nonces erase immediately after requesting their neigh-
bors the table of encrypted and plain nonces, except
the plain nonces and selected group which their en-
crypted correspondences used on request.
•Single counter: Using a single counter for each node ni
for all its neighbors allows to us to benefit a remarkable
memory space comparing with schemes which links
to each neighbor its own counter [11]. Because the
counter is used for preventing replay attacks, we incre-
ment the counter only when a given node nireceives
a message from one of its neighbors nj. Otherwise, to
ensure the coherence between the sender and the re-
ceiver we use the logical clock principle. The sender
nj, before starting to send data should ask the counter
value of the receiver ni. Then, njstarts sending data
using the counter value of niwhere the sender njin-
crements the counter value of the receiver nifor each
message sent. The receiver niincrements its counter
value for each message received. When the sender nj
ends sending data, niupdates the counter value, but
njdoes not save anything. An unauthorized attacker
eavesdrops on the communication between two neigh-
bor nodes in order to steal information stored in a
system by wiretapping [14]. Therefore, in passive at-
tack scenarios an attacker can eavesdrop some confi-
dential information when the neighbor nodes exchange
the replicate ciphered data between them. It is easy
for an attacker to eavesdrops on some captured mes-
sages ,prior to key refresh, the confidential informa-
tion without decryption. Therefore, the counter can
be used also as a nonce because it is used once for
every single different key. However, the disadvantage
to assign a single counter for each node prevents the
reception of data from many nodes at the same time.
•The key divergence: Equation 1 gives nonceji =nonceij
if nonceij < Pij which means that the pairwise key be-
tween niand njis not a distributed task and may de-
crease the confidentiality. Therefore, we suggest that
all generated nonces should be greater than the biggest
prime number of all groups.
4.1 Interlock state
There are many cases in which to use the improved scheme
as described above. A deep analysis should be undertaken
to resolve all interlock situations that may occur when some
nodes are waiting indefinitely for the volatile key to execute
pairwise key process with their neighbors. Additionally, the
improved scheme should guarantee the short lifetime of the
volatile key which ends when the pairwise key process of
all neighbor pair of the network is done. Figure 3 shows a
simple example of interlock where we assume that IDi<
IDj< I Dk< I Dl< IDmand the volatile key is inserted
only in the node nj. Let txbe the time for one iteration
ij
k
l
m
Figure 3: An interlock scenario example.
of pairwise key process. Hence, the scenario for sharing a
distinct key between every pair of neighbor nodes according
to the improved scheme is as follows:
t1:nj→P Req, I Di:EKv(nonceji ||Xj)
nk→P Req, I Di:EKv(nonceki||Xk)
nk→P Req, I Dj:EKv(noncekj ||X′
k)
nl→P Req, I Dk:EKv(noncelk||Xl)
nm→P Req, I Dk:EKv(noncemk||Xm)
nj→P Resp, I Dk:Xj
where we assume that the step of discovering neighbors is
already done. Only the pair njand nkcan compute Kkj be-
tween them, but njsends Kvto nkusing Kkj before erasing
it. Hence, the second iteration is as follows:
t2:nk→P Resp, I Dl:Xk
nk→P Resp, I Dm:X′
k
We note that Xk,X′
kof t1and Xk,X′
kof t2are not neces-
sarily same. In this iteration, the node nkwill play its role
by sending Kvto nland nmusing for each one its own pair-
wise key before erase it, where both nland nmwill erasing
it immediately without decrypting it. All possible pairwise
keys were computed except Kki which will wait indefinitely
to establish it. On the other hand, we send the encrypted
volatile key inside the PR esp where the received node com-
putes the pairwise key before decrypting it.
In order to unlock the interlock state, we have to ensure
that every node, which has not the volatile key sends at least
one P Req to its neighbor after the deployment. As we have
shown in the example of Figure 3, where the node nidid
not send any pair request P Req because it is the smallest
identifier when compared with the list of its neighbors. In
this case, the node which has not the volatile key and while,
has a smallest identifier on its list of neighbors reverses the
pairwise request to the neighbor which has the biggest iden-
tifier.
5. EVALUATION AND ANALYSIS
In this section, we analyze the proposed scheme by focus-
ing on two metrics, where the first is to ensure the termi-
nation of pairwise key algorithm over of the whole network,
whereas, the second aims to ensure the efficiency and the
scalability.
5.1 The algorithm termination
The deterministic scheme ensures that every pair of neigh-
bor nodes will share securely the same key. In this subsection
we will prove the termination of the pairwise key algorithm
over the whole network to demonstrate that the proposed
algorithm is a deterministic scheme. In order to prove that
every pair of adjacent nodes niand njwill share a key Kij,
Figure 4 shows a graph model of a wireless network and Fig-
ure 5 shows the configuration of node niin this graph, where
Kvmeans that the node nihas not the volatile key, where
L<,L>stand for the number of neighbourrs of that have
identifiers smaller or larger than that of ni, respectively. In
order to ensure the sharing of the key, we assume for every
network node L≮=ϕ.
i
j
k
l
m
h
g
Figure 4: Pairwise key analysis.
ighjk l
Kv
L<L>
Figure 5: Configuration of node ni.
5.1.1 Scenario and discussion
The nodes which don’t have Kvbut at least one element
in L<mean that they have a hope to receive Kv. On the
other hand, those with L<=ϕare sure never share the
key with all their neighbors. For example, let us assume as
depicted in Figure 4 that njhas the volatile key Kv, after the
deployment the nodes start the pairwise of the key between
them. According to the proposed scheme, ngand nhhave
L<=ϕ, thus they reverse PR eq to nmand nirespectively.
Hence, nmmoves ngfrom L<to L>. Consequently, nm
starts the reversing of P Req to ngbecause it has L<=ϕ,
where ngreverses it immediately to ni. Therefore, L<=ϕof
nibecause ngand nhare moved from L<to L>. Therefore,
niplays its role by reversing P Req to nlthen to nkuntil
achieving to the node which has Kv.
5.2 Security Analysis
In this subsection, we analyze the security of the proposed
scheme. An outsider attacker, who does not know the pre-
distribution secret information, cannot discover the meaning
of messages diffused by nodes after deployment. Neverthe-
less, an attacker can compromise one or more nodes, so he
becomes an insider attacker. The corrupted keys issued from
compromised nodes can be used to forge wrong messages and
cause energy depletion to nodes. In the following, the pro-
posed scheme is analyzed in regard to two different attacks
in WSNs.
•HELLO flood attack: in our solution, nodes discover
their neighbors by broadcasting a message encrypted
with the initial key. A HELLO flood attack cannot be
launched without knowing the initial key.
•Node compromising attacks: when an attacker com-
promises a node, he can use its cryptographic material
to from other attacks such as a Sybil attack or a repli-
cation attack. In our solution, the impact of node com-
promising attacks does not spread other links apart
the links of the captured node. Also, the compromised
keys cannot be of use in other region of the network.
6. CONCLUSION
With the rise of the Internet of Things (IoT) WSNs will
play an essential role. The key management problem is a
challenging issue in regard of resource limitations of sensor
nodes. In this paper, we propose a new key management
scheme for sensor networks in the aim to satisfy the security
requirements of these networks. A security analysis of the
proposed scheme shows its feasibility. As a perspective of
our present work, we plan to compare our scheme with other
recently published concepts.
7. REFERENCES
[1] L. Eschenauer and V. D. Gligor, “A key-management
scheme for distributed sensor networks,” in
Proceedings of the 9th ACM conference on Computer
and communications security. ACM, 2002, pp. 41–47.
[2] W. Bechkit, Y. Challal, A. Bouabdallah, and
V. Tarokh, “A highly scalable key pre-distribution
scheme for wireless sensor networks,” Wireless
Communications, IEEE Transactions on, vol. 12,
no. 2, pp. 948–959, 2013.
[3] X. He, M. Niedermeier, and H. De Meer, “Dynamic
key management in wireless sensor networks: A
survey,” Journal of Network and Computer
Applications, vol. 36, no. 2, pp. 611–622, 2013.
[4] C.-Y. Chen and H.-C. Chao, “A survey of key
distribution in wireless sensor networks,” Security and
Communication Networks, vol. 7, no. 12, pp.
2495–2508, 2014.
[5] R. Ezhilarasie, A. Umamakeswari, and T. Renugadevi,
“Key management schemes in wireless sensor
networks: a survey,” International Journal of
Advanced Intelligence Paradigms, vol. 7, no. 3-4, pp.
222–239, 2015.
[6] O. Cheikhrouhou, “Secure group communication in
wireless sensor networks: A survey,” Journal of
Network and Computer Applications, 2015.
[7] M.-L. Messai, M. Aliouat, and H. Seba, “Tree based
protocol for key management in wireless sensor
networks,” EURASIP Journal on Wireless
Communications and Networking, vol. 2010, p. 59,
2010.
[8] D. Liu and P. Ning, “Location-based pairwise key
establishments for static sensor networks,” in
Proceedings of the 1st ACM workshop on Security of
ad hoc and sensor networks. ACM, 2003, pp. 72–82.
[9] M.-L. Messai, H. Seba, and M. Aliouat, “A lightweight
key management scheme for wireless sensor networks,”
The Journal of Supercomputing, vol. 71, no. 12, pp.
4400–4422, 2015.
[10] M. A. Simpl´ıcio, P. S. Barreto, C. B. Margi, and T. C.
Carvalho, “A survey on key management mechanisms
for distributed wireless sensor networks,” Computer
networks, vol. 54, no. 15, pp. 2591–2612, 2010.
[11] X. Zhang, J. He, and Q. Wei, “Eddk: energy-efficient
distributed deterministic key management for wireless
sensor networks,” EURASIP Journal on Wireless
Communications and Networking, vol. 2011, p. 12,
2011.
[12] J. Deng, C. Hartung, R. Han, and S. Mishra, “A
practical study of transitory master key establishment
forwireless sensor networks,” in Security and Privacy
for Emerging Areas in Communications Networks,
2005. SecureComm 2005. First International
Conference on. IEEE, 2005, pp. 289–302.
[13] P. Rogaway, “Nonce-based symmetric encryption,” in
Fast Software Encryption. Springer, 2004, pp.
348–358.
[14] M. Uma and G. Padmavathi, “A survey on various
cyber attacks and their classification.” IJ Network
Security, vol. 15, no. 5, pp. 390–396, 2013.