Pervasive Computing and Communications Workshops, IEEE International Conference on (2006)
Mar. 13, 2006 to Mar. 17, 2006
Tyler Moore , University of Cambridge
Key predistribution schemes are a favoured solution for establishing secure communication in sensor networks. Often viewed as the safest way to bootstrap trust, the main drawback is seen to be the large storage overhead imposed on resource-constrained devices. In this paper, we argue that predistribution schemes can actually be quite insecure: pre-loading global secrets onto exposed devices strengthens the incentive for attackers to compromise nodes. Furthermore, lack of coordination between nodes arising from localised communication helps attackers hide misbehaviour. We consider one scheme in particular-Chan et al.'s random pairwise key predistribution  - and demonstrate an attack where colluding nodes reuse selected pairwise keys to create many false identities. We find that a small, colluding minority can hijack a majority of node communication channels. Finally, we consider countermeasures, from improved detection to scrapping predistribution altogether.
T. Moore, "A Collusion Attack on Pairwise Key Predistribution Schemes for Distributed Sensor Networks," Pervasive Computing and Communications Workshops, IEEE International Conference on(PERCOMW), Pisa, Italy, 2006, pp. 251-255.