Abstract
Path keys are secrets established between communicating devices that do not share a pre-distributed key. They are required by most key pre-distribution schemes for sensor networks, because topology is unknown before deployment and storing complete pairwise-unique keys is infeasible for low-cost devices such as sensors. Unfortunately, path keys have often been neglected by existing work on sensor network security. In particular, proposals for revoking identified malicious nodes from a sensor network fail to remove any path keys associated with a revoked node. We describe a number of resulting attacks which allow a revoked node to continue participating on a network. We then propose techniques for ensuring revocation is complete: universal notification to remove keys set up with revoked nodes, path-key records to identify intermediaries that are later revoked, and blacklists to prevent unauthorized reentry via undetected malicious nodes. Path keys also undermine identity authentication, enabling Sybil attacks against random pairwise key pre-distribution.
Please use the following format when citing this chapter: Moore, T. and Clulow, J., 2007, in IFIP International Federation for information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, -f., von Soims, R., (Boston: Springer), pp. 157–168.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
L. Eschenauer and V. D. Gligor, A Key-Management Scheme for Distributed Sensor Networks, ACM Conference on Computer and Communications Security, 2002, pp. 41–47.
H. Chan, A. Perrig, and D. X. Song, Random Key Predistribution Schemes for Sensor Networks, IEEE Symposium on Security and Privacy, 2003, pp. 197–213.
S. Zhu, S. Xu, S. Setia, and S. Jajodia, Establishing Pairwise Keys for Secure Communication in Ad Hoc Networks: a Probabilistic Approach, IEEE International Conference on Network Protocols, 2003, pp. 326–335.
W. Du, J. Deng, Y. S. Han, and P. K. Varshney, A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks, ACM Conference on Computer and Communications Security, 2003, pp. 42–51.
D. Liu and P. Ning, Establishing Pairwise Keys in Distributed Sensor Networks, ACM Conference on Computer and Communications Security, 2003, pp. 52–61.
H. Chan and A. Perrig, PIKE: Peer Intermediaries for Key Establishment in Sensor Networks, IEEE INFOCOM, 2005, pp. 524–535.
H. Chan, V. D. Gligor, A. Perrig, and G. Muralidharan, On the Distribution and Revocation of Cryptographic keys in Sensor Networks, IEEE Trans. Dependable Secur. Comput. 2(3), 233–247 (2005).
J. R. Douceur, in: Lecture Notes in Computer Science 2429, edited by P. Druschel, M. Kaashoek, and W. Rowstron (Springer, Heidelberg, 2002), pp. 251–260.
R. Di Pietro, L. V. Mancini, and A. Mei, Energy Efficient Node-to-Node Authentication and Communication Confidentiality in Wireless Sensor Networks, Wireless Networks 12(6), 709–721, 2006.
10. T. Moore, A Collusion Attack on Random Pairwise Key Predistribution Schemes for Distributed Sensor Networks, IEEE International Workshop on Pervasive Computing and Communications Security, 2006, pp. 251–255.
R. J. Anderson, H. Chan, and A. Perrig, Key Infection: Smart Trust for Smart Dust, IEEE International Conference on Network Protocols, 2004, pp. 206–215.
J. Newsome, E. Shi, D. X. Song, and A. Perrig, The Sybil Attack in Sensor Networks: Analysis and Defenses, Information Processing and Sensor Networks, 2004, pp. 259–268.
R. C. Merkle, Protocols for Public-Key Cryptosystems, IEEE Symposium on Research in Security and Privacy, 1980, pp. 122–134.
B. Parno, A. Perrig, and V. D. Gligor, Distributed Detection of Node Replication Attacks in Sensor Networks, IEEE Symposium on Security and Privacy, 2005, pp. 49–63.
15. R. Anderson, The Initial Costs and Maintenance Costs of Protocols, International Workshop on Security Protocols, 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Moore, T., Clulow, J. (2007). Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)