Method and apparatus for key management in distributed sensor networks
First Claim
1. A method of key-management in Distributed Sensor Networks, comprising the steps of:
- prior to deployment of a plurality of sensor nodes of the Distributed Sensor Network, storing a respective key ring including a plurality of individually selectable private keys in each sensor node of the Distributed Sensor Network, said private keys being randomly chosen from a common pool, said key rings of at least a pair of said sensor nodes having a pre-defined probability of having at least one private key in common;
wherein the step of storing a respective key ring further includes the steps of;
generating a key space having a multiplicity of keys,randomly selecting a pool of keys from said key space,assigning a specific key identifier for each key in said pool of keys,randomly selecting a number of the keys from said pool of keys to form said respective key ring for each sensor node, said number of keys being probabilistically determined to provide said pre-defined probability of said pair of sensor nodes having at least one shared private key, andstoring said specific key identifier with said respective key ring in each said sensor node;
deploying said plurality of the sensor nodes of the Distributed Sensor Network;
actuating at least one sensor node to discover at least another sensor node sharing said at least one private key to establish a secure communication link between said one sensor node and another of said sensor nodes; and
using said at least one shared private key for subsequent secure communication between said at least one sensor node and said other sensor node.
1 Assignment
0 Petitions
Accused Products
Abstract
In a distributed sensor network, a method of key management is carried out in several phases, particularly key pre-distribution phase, shared key discovery phase, and as needed, a path key establishment phase. In the key pre-distribution phase, prior to DSN deployment, a ring of keys is distributed to each sensor node, each key ring consisting of randomly chosen keys from a large pool of keys which is generated off-line. A shared key exists between each two key rings with a predetermined probability. In the shared key discovery phase, which takes place upon deployment of the DSN, every sensor node discovers its neighbors in wireless communication range with which it shares keys, and the topology of the sensor array is established by forming secure communication links between respective sensor nodes. The path key establishment phase assigns a path key to selected pairs of sensor nodes in wireless communication range that do not share a key but are connected by two or more links at the end of the shared key discovery phase. The key management scheme also assumes a revocation phase for removal of the key ring of the compromised sensor node from the network. Also, re-keying phase is assumed for removal of those keys with the expired lifetime.
55 Citations
19 Claims
-
1. A method of key-management in Distributed Sensor Networks, comprising the steps of:
-
prior to deployment of a plurality of sensor nodes of the Distributed Sensor Network, storing a respective key ring including a plurality of individually selectable private keys in each sensor node of the Distributed Sensor Network, said private keys being randomly chosen from a common pool, said key rings of at least a pair of said sensor nodes having a pre-defined probability of having at least one private key in common; wherein the step of storing a respective key ring further includes the steps of; generating a key space having a multiplicity of keys, randomly selecting a pool of keys from said key space, assigning a specific key identifier for each key in said pool of keys, randomly selecting a number of the keys from said pool of keys to form said respective key ring for each sensor node, said number of keys being probabilistically determined to provide said pre-defined probability of said pair of sensor nodes having at least one shared private key, and storing said specific key identifier with said respective key ring in each said sensor node; deploying said plurality of the sensor nodes of the Distributed Sensor Network; actuating at least one sensor node to discover at least another sensor node sharing said at least one private key to establish a secure communication link between said one sensor node and another of said sensor nodes; and using said at least one shared private key for subsequent secure communication between said at least one sensor node and said other sensor node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A Distributed Sensor Network system, comprising:
-
at least two sensor nodes, each said sensor node being pre-loaded prior to deployment thereof with a respective key ring including a plurality of individually selectable private keys randomly chosen from a common pool, the key rings of at least a pair of said sensor nodes having a pre-defined probability of having at least one private key in common, each of said private keys of said key ring having an associated key identifier stored in a corresponding sensor node;
each of said sensor nodes having means for searching for another sensor node where a plurality of said key identifiers are broadcast to search for other sensor nodes with a matching of at least one of the key identifiers, said matching key identifier indicating the other sensor node has a private key in common therewith to establish a secure communication link therebetween;means for generating a key space having a multiplicity of keys, means for randomly selecting a pool of keys from said key space, means for assigning a specific key identifier for each key of said pool of keys, and means for randomly selecting a distinct set of private keys from said pool of keys for each said sensor node to thereby form said respective key rings for said sensor nodes. - View Dependent Claims (16, 17, 18, 19)
-
Specification