Deterministic Key Pre-Distribution and Operational Key Management for Mobile Body Sensor Networks

US 20090167535A1
Filed: 05/31/2006
Published: 07/02/2009
Est. Priority Date: 06/08/2005
Status: Active Grant

First Claim

Patent Images

1. A wireless network for monitoring a patient, the wireless network comprising:

a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;

a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network; and

a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless network (2, 150) for monitoring a patient includes a body sensor network (22, 24, 26, 172, 174, 176) that includes one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network (2, 150). A set-up server (4, 154) configures the one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) with keying material before the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) are deployed to the wireless network (2, 150). A base station (178, 180) distributes a key certificate to the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) associated with the body sensor network (22, 24, 26, 172, 174, 176), such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station (178, 180).

36 Citations

View as Search Results

23 Claims

1. A wireless network for monitoring a patient, the wireless network comprising:
- a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;
  
  a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network; and
  
  a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system according to claim 1, wherein the set-up server randomly generates a set ℑ
    - of t×
      
      (n²+n+1) λ
      
      -degree bivariate polynomials {f_jⁱ(x,y)}_{j=1 . . . n}₂_+n+1ⁱ⁼¹over Fq′ and
      
      for j=1 . . . n²+n+1, the set-up server sequentially picks t of the polynomials from ℑ
      
      , and forms n²+n+1 t-polynomials-sets F_j(x,y), where λ
      
      is a number of nodes in the wireless network and is an integer greater than one, n is a prime power, t is an integer greater than or equal to one, and Fq′
      
      is a finite field where q′
      
      is a prime number large enough to accommodate a cryptographic key.
  - 3. The system according to claim 2, wherein the set-up server generates a finite projective plane, (n²+1,n+1,1), with elements belonging to a set S, where |S|=n²+n+1 and the set S is associated such that each element in S is associated with a distinct one of the t-polynomial-set F^j(x,y), where n is a prime power.
  - 4. The system according to claim 3, wherein each sensor node receives from the set-up server n+1 t-polynomial-set shares F_b_i,j(p_u,j,y) where p_u,jε
    - Fq′
      
      , b_i,jε
      
      B_iε
      
      finite projective plane, and j=1 . . . n+1, wherein n is a prime power.
  - 5. The system according to claim 4, wherein a first block B₁of finite projective plane has elements {b_1,1, . . . b_1,n+1}, and the sensor node (u_a) receives t-polynomials-set shares F_b_1,1(p_n, y) to F_b_1,n+1(p_u,y) evaluated at point p_aof Fq′
    - , wherein a is between 1 and N′
      
      /(n+1), where N is the size of a group of interoperable nodes, which is potentially found in different wireless networks, and is an integer greater than or equal to one, and n is a prime power.
  - 6. The system according to claim 5, wherein a second block B₂of finite projective plane has elements {b_2,1, . . . b_2,n+1}, and b_1,1=b_2,1, and sensor node u_1+N′
    - /(n+1) receives t-polynomials-set shares F_b_1,1(p_{1+N′
      
      /(n+1)},y) evaluated at point p_{1+N′
      
      /(n+1)}, and t-polynomials-set shares F_b_2,2(p₁,y) to F_b_2,n+1(p₁,y) evaluated at point p₁, where N is the size of a group of interoperable nodes, which is potentially found in different wireless networks, and is an integer greater than or equal to one, and n is a prime power.
  - 7. The system according to claim 6, wherein the sensor nodes exchange their IDS, which IDs each contain the indices of the n+1 t-polynomial-set shares carried by the ID and the points p_u₁. . . p_u_n+1, p_v₁. . . p_v_n+1, as which the respective n+1 t-polynomial-set shares are evaluated, where n is an integer greater than or equal to one.
  - 8. The system according to claim 7, wherein each sensor node finds an index k corresponding to the common t-polynomial-set F_k(x,y) and the respective evaluation points p_uand p_v.
  - 9. The system according to claim 8, wherein node u evaluates the t λ
    - -degree bivariate polynomials f_kⁱ(p_u,y), for i−
      
      1 . . . t, at point p_v(i.e. f_jⁱ(p_u,p_v)) to obtain t partial keys and truncates the t partial keys to log q′
      
      bits and concatenates the t key segments to form a final pairwise key K_uvof log q bits, where t is a positive integer.
  - 10. The system according to claim 1, wherein distributing key certificates includes:
    - initializing one or more of the wireless sensors;
      
      distributing a pairwise key to the base station and the one or more of the wireless sensors;
      
      generating a chain of key elements;
      
      distributing the initial element of the key chain to the one or more of the wireless sensors;
      
      issuing a valid key certificate and validating keys for a time period, contacting the security server during the time period;
      
      contacting a body sensor network during the time period;
      
      authentication and establishing secure communication with each of the one or more of the wireless sensors;
      
      distributing a key certificate to each authenticated sensor node; and
      
      establishing a pairwise key between one or more of the wireless sensors.
  - 11. The system according to claim 1, wherein the setup server initializes one or more of the wireless sensors with a unique identifier and security material, randomly chooses and distributes a pairwise key for the base station and the one or more of the wireless sensors and the base station issues a key certificate to a non-compromised node, which validates its pre-distributed keys for a limited period of time.
  - 12. The system of claim 11, wherein during a time interval I_l−
    - 1, the base station sporadically mutually interconnects with one or more other base stations and agree on a key certificate corresponding to time interval I_l+1, where l is a positive integer, where after the time interval I_l, each base station forgets the key certificate and a key is established between the one or more of the wireless sensors.
  - 13. The system according to claim 1, wherein the one or more wireless sensors are initialized with a unique identifier and security material, randomly chooses and distributes a pairwise key to the one or more wireless sensors and further including:
    - a security server which generates a secret S, generates M shares S₁, S₂, . . . , S_Mfrom the secret S following a threshold scheme, and securely distributes the secret S to the base station and one or more other base stations in the network, where M is a positive integer.
  - 14. The system according to claim 13, during a time interval I_l−
    - 1, the one or more base stations sporadically securely interconnect forming small non-interconnected groups G_g, G₁, G₂. . . g<
      
      Mi, wherein each base station connects to at least one group G_g, where g and l are positive integers and each group member independently computes the key certificate for interval I_l+1by calculating KG^g_l+1=F(S, N_Ggl), where N_Gglis a nonce exclusive to group G_gfor interval I_l+1and then each group member forgets S.
  - 15. The system according to claim 14, during a time interval I_l, at least one base station:
    - sporadically and shortly contacts the body sensor network,authenticates and establishes secure communication with each non-compromised wireless sensor forming part of the body sensor network using at least one key, anddistributes the key certificate KC_l+1, for time interval I_l+1, to each authenticated sensor node and establishes a key between the one or more wireless sensors.

16. A wireless network comprising:
- a network that includes one or more wireless nodes;
  
  a set-up server that configures the one or more wireless nodes with keying material before the one or more nodes are deployed to the wireless network; and
  
  a base station that distributes a key certificate to the one or more nodes associated with the network, such that two nodes generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.

17. A method to identify a first sensor in a mobile sensor system, comprising:
- developing a finite projective plane (n²+n+1, n+1,
  
  1) from a set of n−
  
  1 mutually orthogonal Latin squares of order n, where n is a prime power;
  
  discovering a common t-polynomial-set share from the finite projective plane; and
  
  deriving a t-polynomial-set share evaluation point by a second sensor from the first sensor'"'"'s identifier.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method according to claim 17, wherein for n entries in cells of an orthogonal mate L^e^m=|l_ij^e^m| of the mutually orthogonal Latin squares, for each element e_m, m=1,2, . . . n sequentially calculating elements l_ij^e^mof the orthogonal matrix.
  - 19. The method according to claim 17, wherein the finite projective planes is constructed by constructing a matrix M by placing n²integers 1 through n²in their natural order from a first to an n-th of its rows, where n is a prime power.
  - 20. The method according to claim 17, further including:
    - deriving a point p_v, at which node u evaluates its share F_k(p_u,y) of the t-polynomial-set share to generate a key K_uv;
      
      constructing the finite projective plane from the mutually orthogonal Latin square, such that the finite projective plane'"'"'s first n²elements occur once in each group of n subsequent blocks B_1+t,B_2+t, . . . B_n+t, t=0, n, 2n, 3n . . . n×
      
      n; and
      
      deriving an occurrence counter Sk from a block index i, 1≦
      
      i≦
      
      n²+n, and a t-polynomial-set index k, k≦
      
      n², where k is a positive integer and n is a prime power.
  - 21. The method according to claim 18, wherein indices of the t-polynomial-set shares F_b_i,1(u,y), F_b_i,2(u,y) . . . F_b_i,n+1(u,y), which a sensor u carries, are a one-to-one mapping to the elements {b_i,1,b_i,2, . . . b_i,n+1} of a B_iε
    - FPP, where 1≦
      
      i≦
      
      n²+n+1, and where n is a prime power.
  - 22. The method according to claim 19, wherein an Affine Plane AG^(2,n)of order n is generated from the mutually orthogonal Latin squares in which (i) a first of n blocks B_iare the rows of the matrix M, (ii) a second n blocks are columns of the matrix M, and (iii) a remaining n²−
    - n blocks are formed by sequentially superimposing each of the matrices L^e^mon M, and taking the elements of the matrix M which correspond to a single element l^e^min each of the matrices L^e^mas the blocks, where n is a prime power.

23. A method to maximize scalability, resiliency and performance of a wireless system comprising:
- evaluating t-polynomial-set shares associated with nodes in the wireless system;
  
  distributing t-polynomial-set shares to the evaluated nodes in the wireless system; and
  
  pre-distributing a security key via a set-up server to a first node and a second node that are uncompromised and communicate on the wireless system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips N.V.
Inventors
Baldus, Heribert, Sanchez, David S.

Granted Patent

US 7,999,685 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/573.100
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/88   Medical equipments

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/085   Secret sharing or secret sp...

Y04S 40/20   Information technology spec...

Deterministic Key Pre-Distribution and Operational Key Management for Mobile Body Sensor Networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Deterministic Key Pre-Distribution and Operational Key Management for Mobile Body Sensor Networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links