Deterministic key pre-distribution and operational key management for moblie body sensor networks
First Claim
1. A wireless system for monitoring a patient, the wireless network comprising:
- a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;
a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network, the set-up server randomly generating set ℑ
of t×
(n2+n+1) λ
-degree bivariate polynomials {ji(x,y)}j=1 . . . n2+n+1i=1 . . . i over Fq′ and
for j=1 . . . n2+n+1, the set-up server sequentially picking t of the polynomials from ℑ
, and forming n2+n+1 t-polynomials-sets Fj(x,y), where λ
is a number of nodes in the wireless network and is an integer greater than one, n is a prime power, t is an integer greater than or equal to one, and Fq′
is a finite field where q′
is a prime number large enough to accommodate a cryptographic key;
a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.
1 Assignment
0 Petitions
Accused Products
Abstract
A wireless network (2, 150) for monitoring a patient includes a body sensor network (22, 24, 26, 172, 174, 176) that includes one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network (2, 150). A set-up server (4, 154) configures the one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) with keying material before the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) are deployed to the wireless network (2, 150). A base station (178, 180) distributes a key certificate to the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) associated with the body sensor network (22, 24, 26, 172, 174, 176), such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station (178, 180).
20 Citations
22 Claims
-
1. A wireless system for monitoring a patient, the wireless network comprising:
-
a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network; a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network, the set-up server randomly generating set ℑ
of t×
(n2+n+1) λ
-degree bivariate polynomials {ji(x,y)}j=1 . . . n2 +n+1i=1 . . . i over Fq′ and
for j=1 . . . n2+n+1, the set-up server sequentially picking t of the polynomials from ℑ
, and forming n2+n+1 t-polynomials-sets Fj(x,y), where λ
is a number of nodes in the wireless network and is an integer greater than one, n is a prime power, t is an integer greater than or equal to one, and Fq′
is a finite field where q′
is a prime number large enough to accommodate a cryptographic key;a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
-
-
11. A wireless network for monitoring a patient, the wireless network comprising:
-
a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network; a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network and a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station, the base station issuing a key certificate to a non-compromised node, which validates its pre-distributed keys for a limited period of time; wherein during a time interval Il−
1 the base station sporadically mutually interconnects with one or more other base stations and agree on a key certificate corresponding to time interval Il+1, where l is a positive integer, where after the time interval Il, each base station forgets the key certificate and a key is established between the one or more of the wireless sensors.
-
-
13. A wireless network for monitoring a patient, the wireless network comprising:
-
a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network; a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network; a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station; a secret S, generates M shares S1, S2, . . . , SM from the secret S following a threshold scheme, and securely distributes the secret S to the base station and one or more other base stations in the network, where M is a positive integer; and wherein during a time interval Il−
1, the one or more base stations sporadically securely interconnect forming small non-interconnected groups Gg, G1, G2 . . . g<
Mi, wherein each base station connects to at least one group Gg, where g and l are positive integers and each group member independently computes the key certificate for interval Il+1 by calculating KCgl+1=F(S, NGgl), where NGgl is a nonce exclusive to group Gg for interval Il+1 and then each group member forgets S. - View Dependent Claims (14)
-
-
15. A wireless network comprising:
-
a network that includes a plurality of wireless nodes; a set-up server that configures each of the wireless nodes with a plurality of polynomials before the one or more nodes are deployed to the wireless network such that the nodes are configured with different combinations of the polynomials, and such that each pair of the nodes is configured with a common one of the polynomials; and a base station that distributes a key certificate to the one or more nodes associated with the network, such that each pair of the nodes generates a unique pairwise key based at least in part upon the common polynomial of the pair and the key certificate distributed by the base station.
-
-
16. A method to identify a first sensor in a mobile sensor system, comprising:
-
developing a finite projective plane (n2+n+1,n+1,1) from a set of n−
1 mutually orthogonal Latin squares of order n, where n is a prime power;discovering a common t-polynomial-set share from the finite projective plane; and deriving a t-polynomial-set share evaluation point by a second sensor from the first sensor'"'"'s identifier. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method to maximize scalability, resiliency and performance of a wireless system comprising:
-
evaluating t-polynomial-set shares associated with nodes in the wireless system; distributing t-polynomial-set shares to the evaluated nodes in the wireless system; and pre-distributing a security key via a set-up server to a first node and a second node that are uncompromised and communicate on the wireless system.
-
Specification