This Article 
 Bibliographic References 
 Add to: 
Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks
August 2006 (vol. 17 no. 8)
pp. 865-882

Abstract—Recent advances in wireless sensor networks (WSNs) are fueling the interest in their application in a wide variety of sensitive settings such as battlefield surveillance, border control, and infrastructure protection. Data confidentiality and authenticity are critical in these settings. However, the wireless connectivity, the absence of physical protection, the close interaction between WSNs and their physical environment, and the unattended deployment of WSNs make them highly vulnerable to node capture as well as a wide range of network-level attacks. Moreover, the constrained energy, memory, and computational capabilities of the employed sensor nodes limit the adoption of security solutions designed for wire-line and wireless networks. In this paper, we focus on the management of encryption keys in large-scale clustered WSNs. We propose a novel distributed key management scheme based on Exclusion Basis Systems (EBS); a combinatorial formulation of the group key management problem. Our scheme is termed SHELL because it is Scalable, Hierarchical, Efficient, Location-aware, and Light-weight. Unlike most existing key management schemes for WSNs, SHELL supports rekeying and, thus, enhances network security and survivability against node capture. SHELL distributes key management functionality among multiple nodes and minimizes the memory and energy consumption through trading off the number of keys and rekeying messages. In addition, SHELL employs a novel key assignment scheme that reduces the potential of collusion among compromised sensor nodes by factoring the geographic location of nodes in key assignment. Simulation results demonstrate that SHELL significantly boosts the network resilience to attacks while conservatively consuming nodes' resources.

[1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “Wireless Sensor Networks: A Survey,” Computer Networks, vol. 38, no. 4, pp. 393-422, Mar. 2002.
[2] S. Tilak, N.B. Abu-Ghazaleh, and W. Heinzelman, “A Taxonomy of Wireless Microsensor Network Models,” ACM Mobile Computing and Comm. Rev., vol. 6, no. 2, pp. 1-8, 2002.
[3] H. Yang et al., “Security in Mobile Ad-Hoc Wireless Networks: Challenges and Solutions,” IEEE Wireless Comm. Magazine, vol. 11, no. 1, pp. 38-47, Feb. 2004.
[4] L. Zhou and Z.J. Haas, “Securing Ad Hoc Networks,” IEEE Networks, vol. 13, no. 6, pp. 24-30, Nov./Dec. 1999.
[5] D. Carman, P. Kruus, and B. Matt, “Constraints and Approaches for Distributed Sensor Networks Security,” Technical Report 00-010, NAI Labs, Sept. 2000.
[6] G. Jolly, M. Kuscu, P. Kokate, and M. Younis, “A Low-Energy Key Management Protocol for Wireless Sensor Networks,” Proc. Eighth IEEE Symp. Computers and Comm. (ISCC '03), June 2003.
[7] TinySec,, 2006.
[8] L. Eschenauer and V. Gligor, “A Key Management Scheme for Distributed Sensor Networks,” Proc. Ninth ACM Conf. Computing and Comm. Security (CCS '02), Nov. 2002.
[9] H. Chan, A. Perrig, and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” Proc. IEEE Symp. Security and Privacy, May 2003.
[10] G. Gupta and M. Younis, “Load-Balanced Clustering in Wireless Sensor Networks,” Proc. Int'l Conf. Comm. (ICC '03), May 2003.
[11] O. Younis and S. Fahmy, “HEED: A Hybrid, Energy-Efficient, Distributed Clustering Approach for Ad Hoc Sensor Networks,” IEEE Trans. Mobile Computing, vol. 3, no. 4, pp. 366-379, Oct.-Dec. 2004.
[12] K. Langendoen and N. Reijers, “Distributed Localization in Wireless Sensor Networks: A Quantitative Comparison,” Computer Networks, vol. 43, no. 4, pp. 499-518, Nov. 2003.
[13] A. Youssef, A. Agrawala, and M. Younis, “Accurate Anchor-Free Localization in Wireless Sensor Networks,” Proc. First IEEE Workshop Information Assurance in Wireless Sensor Networks (WSNIA '05), Apr. 2005.
[14] M. Horton et al., “Mica: The Commercialization of Microsensor Motes,” Sensors Online Magazine, 40main.shtml, Apr. 2002.
[15] M. Eltoweissy, H. Heydari, L. Morales, and H. Sadborough, “Combinatorial Optimization of Key Management in Group Communications,” J. Network and Systems Management, vol. 12, no. 1, pp. 33-50, Mar. 2004.
[16] M. Moharram, R. Mukkamala, and M. Eltoweissy, “TKGS: Threshold-Based Key Generation Scheme for Wireless Ad Hoc Networks,” Proc. IEEE Int'l Conf. Computer Comm. and Networking (ICCCN '04), Oct. 2004.
[17] M. Eltoweissy, M. Younis, and K. Ghumman, “Lightweight Multi-Granularity Key Management for Secure Wireless Sensor Networks,” Proc. IEEE Workshop Multihop Wireless Networks (MWN '04), Apr. 2004.
[18] D. Eastlake and P. Jones, “US Secure Hash Algorithm 1 (SHA-1),” RFC 3174, IETF, Sept. 2001.
[19] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1320, MIT and RSA Data Security, Inc., Apr. 1992.
[20] P. Briggs, K. Cooper, K. Kennedy, and L. Torczon, “Coloring Heuristics for Register Allocation,” Proc. ASCM Conf. Program Language Design and Implementation, June 1989.
[21] R. Diestel, Graph Theory, second ed. Springer-Verlag, Feb. 2000.
[22] C. Neuman and T. Ts'o, “Kerberos: An Authentication Service for Computer Networks,” IEEE Comm., vol. 32, no. 9, pp. 33-38, Sept. 1994.
[23] M. Younis, M. Youssef, and K. Arisha, “Energy-Aware Management in Cluster-Based Sensor Networks,” Computer Networks, vol. 43, no. 5, pp. 649-668, Dec. 2003.
[24] S. Rafaeli and D. Hutchison, “A Survey of Key Management for Secure Group Communication,” ACM Computing Surveys, vol. 35, no. 3, pp. 309-329, Sept. 2003.
[25] H. Harney and C. Muckenhirn, “Group Key Management Protocol (GKMP) Specification,” Report # RFC 2093, The Internet Soc. (ISOC), 1997.
[26] D. Wallner, E Harder, and R. Agee, “Key Management for Multicast: Issues and Architectures,” Report # RFC 2627, The Internet Soc. (ISOC), Reston, Va., 1999.
[27] K. Wong, M. Gouda, and S. Lam, “Secure Group Communications Using Key Graphs,” IEEE/ACM Trans. Networking, vol. 8, no. 1, pp. 16-30, Feb. 2000.
[28] R. Canetti, T. Malkin, and K. Nissim, “Efficient Communication-Storage Tradeoffs for Multicast Encryption,” Proc. Conf. Advances in Cryptology (EUROCRYPT '99), pp. 459-474 1999.
[29] A. Perrig, D. Song, and J. Tygar, “ELK, A New Protocol for Efficient Large-Group Key Distribution,” Proc. IEEE Symp. Security and Privacy, May 2001.
[30] B. Brisco, “MARKS: Multicast Key Management Using Arbitrarily Revealed Key Sequences,” Proc. First Int'l Workshop Networked Group Comm., Nov. 1999.
[31] S. Setia, S. Koussih, and S. Jajodia, “Kronos: A Scalable Group Rekeying Approach for Secure Multicast,” Proc. IEEE Symp. Security and Privacy, May 2001.
[32] C. Boyd, “On Key Agreement and Conference Key Agreement,” Proc. Information Security and Privacy: Australasian Conf., 1997.
[33] O. Rodeh, K. Birman, and D. Dolev, “Optimized Group Rekey for Group Communication Systems,” Proc. Network and Distributed System Security Symp., 2000.
[34] C. Duma, N. Shahmehri, and P. Lambrix, “A Hybrid Key Tree Scheme for Multicast to Balance Security and Efficiency Requirements,” Proc. 12th Int'l Workshop Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE '03), June 2003.
[35] A. Perrig, R. Canetti, J.D. Tygar, and D. Song, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels,” Proc. IEEE Symp. Security and Privacy, May 2000.
[36] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D. Tygar, “SPINS: Security Protocols for Sensor Networks,” J. Wireless Networks, vol. 8, no. 5, pp. 521-534, Sept. 2002.
[37] C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures,” J. Ad-Hoc Networks, vol. 1, nos. 2-3, pp. 293-315, Sept. 2003.
[38] D. Liu and P. Ning, “Establishing Pairwise Keys in Distributed Sensor Networks,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), Oct. 2003.
[39] W. Du, J. Deng, Y.S. Han, and P.K. Varshney, “A Pairwise Key Predistribution Scheme for Wireless Sensor Networks,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), Oct. 2003.
[40] S. Zhu, S. Setia, and S. Jajodia, “LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks,” Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), Oct. 2003.
[41] S. Yi and R. Kravets, “MOCA: Mobile Certificate Authority for Wireless Ad Hoc Networks,” Proc. Second Ann. PKI Research Workshop (PKI '03), Apr. 2003.
[42] G. Xu and L. Iftode, “Locality Driven Key Management Architecture for Mobile Ad-Hoc Networks,” Proc. First IEEE Int'l Conf. Mobile Ad-Hoc and Sensor Systems (MASS '04), Oct. 2004.
[43] S. Zhu, S. Xu, S. Setia, and S. Jajodia “Establishing Pair-Wise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach,” Technical Report ISE-TR-03-01, George Mason Univ., Mar. 2003.
[44] B. Dutertre, S. Cheung, and J. Levy, “Lightweight Key Management in Wireless Sensor Networks by Leveraging Initial Trust,” SDL Technical Report SRI-SDL-04-02, Apr. 2004.
[45] T. Park and K.G. Shin, “LiSP: A Lightweight Security Protocol for Wireless Sensor Networks,” ACM Trans. Embedded Computing Systems, vol. 3, no. 3, pp. 634-660, Aug. 2004.
[46] R.M. Needham and D.J. Wheeler, “TEA Extensions,” technical report, Computer Laboratory, Univ. of Cambridge, Oct. 1997.
[47] R. Rivest, M.J.B. Robshaw, R. Sidney, and Y.L. Lin, “The RC6 Block Cipher,” Proc. First Advanced Encryption Standard (AES) Conf., Aug. 1998.

Index Terms:
Wireless sensor networks, secure group communications, key management, location-aware protocols, exclusion basis systems, combinatorial optimization, energy efficient design, collusion attacks.
Mohamed F. Younis, Kajaldeep Ghumman, Mohamed Eltoweissy, "Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks," IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 8, pp. 865-882, Aug. 2006, doi:10.1109/TPDS.2006.106
Usage of this product signifies your acceptance of the Terms of Use.