Documente Academic
Documente Profesional
Documente Cultură
ABSTRACT
Key management is an important security service for protecting wireless sensor networks (WSNs). Among various existing
schemes, exclusion basis system (EBS) is a practical solution that can be easily implemented to provide long-term and
flexible protection for WSNs. The involved rekeying strategy in EBS can efficiently evict the compromised node and
update the key system. However, the relatively small key pool leads to high correlation among the generated key rings.
Consequently, it is almost impossible for EBS-based schemes to efficiently defend collusion attack with their rekeying
mechanisms. In this paper, we first analyze the impact of collusion attack on WSNs, especially that in the case where the
keys of the compromised nodes can form a connected graph. Then, we propose a novel key management scheme based
on EBS. The proposed scheme is termed as t-EEBS because it can effectively resist the referred collusion attack formed
by t(t > 1) nodes. Furthermore, we assume that the proposed scheme is implemented in hierarchical WSNs. In this case,
two layers of t-EEBS administrative keys are used. The upper layer is implemented among the base station and all cluster
leaders, while the lower layer involves a t-EEBS for each cluster. The results of performance evaluation show that the
proposed scheme has better resistance to collusion attack than other schemes. Therefore, the proposed scheme can provide
better security service for WSNs. Copyright © 2017 John Wiley & Sons, Ltd.
KEYWORDS
key management; wireless sensor networks; exclusion basis system; collusion attack
*Correspondence
Nianmin Yao, Department of Computer Science and Technology, Dalian University of Technology, Dalian, China
E-mail: lucos@dlut.edu.cn
In most of the mentioned schemes, keys are not changed quently, the proposed key management scheme is
any more once they are distributed to the nodes. Conse- able to resist collusion attack in the special case.
quently, while some keys are exposed by the compromised (3) We design an efficient order t-EEBS framework
nodes, the entire key system might be uncovered because construction algorithm. Comparing with the ran-
of the lack of efficient node eviction and rekeying mecha- domized algorithm, this algorithm can be easily and
nism. Therefore, these schemes cannot provide long-term efficiently implemented by attaching some restric-
protection for WSNs. tions to the involved parameters. Likewise, this
In contrast, dynamic key management schemes can pro- algorithm also ensures that the proposed scheme is
vided long-term and flexible protection for WSNs. One able to resist collusion attack in the special case.
classic solution is exclusion basis systems (EBS) [17], (4) We evaluate the performance of the proposed
which can be applied to achieve group key management. scheme with several metrics, such as resistance to
EBS-based key management schemes can efficiently evict
collusion attack, connectivity, and storage overhead.
the compromised node and update the entire key system.
In addition, these schemes have good scalability, because
The remainder of this paper is organized as follows: In
a small key pool can be applied to protect a large scale of
Section 2, several EBS-based key management schemes
network. Accordingly, in such schemes, the generated key
are introduced. In Section 3, we analyze the impact of
rings are highly correlate with each other. Therefore, it is
difficult for these schemes to resist collusion attack, which collusion attack on WSNs. The implementation of the pro-
enables the adversaries to share their knowledge with each posed key management scheme is described in Section 4.
other to discover more information about the network. Section 5 illustrates the results of performance evaluation.
Although EBS-based schemes are not ideal, these schemes The conclusions of this work are described in Section 6.
have many favorable properties, such as little storage Finally, some proofs are explained in Appendix.
overhead, good scalability, and efficient post-deployment
rekeying.
In this paper, we first analyze the impact of collu-
2. RELATED WORKS
sion attack on WSNs. We classify collusion attack into
the general case and special case. The former case only
As mentioned earlier, various dynamic key management
requires that the compromised nodes can form a con-
schemes can be implemented based on EBS. The scheme
nected graph based on their physical locations, while the
proposed in this paper is also achieved by applying EBS. In
latter requires that the compromised nodes can form a con-
this section, EBS and several EBS-based key management
nected graph with both their physical locations and keys.
schemes are described.
Then, based on EBS, we propose a new key manage-
ment scheme to enhance the resistance to collusion attack
in the special case. The proposed scheme is termed as
2.1. Exclusion basis system
t-EEBS, because it can efficiently resist the referred col-
lusion attack formed by t(t > 1) compromised nodes.
Exclusion basis system is a combinatorial formulation of
In the proposed scheme, an appropriate framework for
group key management [17]. This scheme can be briefly
t-EEBS is generated first. We propose two different algo-
summarized as follows:
rithms to construct the expected framework, and these
EBS (n, k, m) is actually a collection of subsets
algorithms are terms as the randomized algorithm and the
of [1, n] = {1, 2, : : : , n} (elements of [1, n] are integers),
order algorithm, respectively. Then, a modified key assign-
and each element t contained in [1, n] holds the following
ment strategy is implemented so that the connectivity of
two properties:
the network can be guaranteed. The results of analyses
show that the proposed scheme can provide long-term (1) t is in at most k subsets of ;
protection even when the collusion attack is launched in
the network. S m subsets, say A1 , A2 , : : : , Am in
(2) There are exactly
such that m i=1 Ai = [1, n] – {t}. That is, each
The main contributions of our work are summarized element t can be excluded by a union of exactly m
as follows: subsets in .
(1) We analyze the impact of collusion attack on WSNs. Each subset of the collection represents a key in the
According to whether the compromised nodes can key pool, and the elements of each subset denote the nodes
form a connected graph with their keys, we classify that have this key. Property (2) means that each node could
the collusion attack into the general case and the be excluded by broadcasting rekeying messages encrypted
special case. The probability of collusion attack in by all its unknown keys. Actually, the parameters n and k
the special case is figured out. denote the size of the network and the number of
(2) We describe a randomized t-EEBS framework con- each node’s keys, respectively. m is the number of
struction algorithm. With this algorithm, an appro- rekeying messages, that is, the number of each node’s
priate framework is able to generated. Conse- unknown keys.
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
Table I. The matrix of EBS (10, 2, 3). performed rekeying to exclude the compromised
Key N1 N2 N3 N4 N5 N6 N7 N8 N9 N10
cluster leader.
To enhance the resistance to collusion attack, key
k1 1 1 1 1 polynomials instead of normal string keys were used
k2 1 1 1 1 in this scheme. However, storage overhead was also
k3 1 1 1 1 greatly increased.
k4 1 1 1 1
k5 1 1 1 1 2.3. SHELL
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
–c
Pc = lim Pr [ G(t, p) is connected ] = ee (6)
t!1
where
ln(t) c
p= + (7) Figure 2. Implementation of key management.
t t
In this case, c is any real constant. As a result, the rela- 4.2. t-EEBS key management scheme
tionship between Pc and p can be figured out according to
formulas (6) and (7). In Section 4, an EBS-based key man- Typically, a key management process includes four phases:
agement scheme is proposed. The proposed scheme can key analysis, key assignment, key generation and key dis-
resist collusion attack in the special case. tribution(and redistribution). In this work, we make some
modifications to the implementation.
According to figure 2, six phases are implemented in
4. THE PROPOSED KEY the proposed key management scheme: the initialization
MANAGEMENT SCHEME phase, t-EEBS framework construction, key assignment,
key distribution, node addition and node eviction. Dur-
In this work, a key management scheme that can resist col- ing the implementation of the proposed scheme, the first
lusion attack in the special case is proposed. The proposed four phases are performed so that appropriate keys can
scheme is achieved based on EBS. Accordingly, the pro- be distributed to nodes. In contrast, node addition and
posed scheme is terms as t-EEBS (n, k, m), where t denotes node eviction are implemented unless some events hap-
the number of colluding nodes. In addition, n, k and m pen, e.g., some nodes are exhausted or compromised by
have same meanings as EBS. In Table II, we summarize an adversary.
the symbols used in the following sections.
4.2.1. The initialization phase.
4.1. Network model In this phase, all nodes join into the appropriate cluster
according to the clustering algorithm, e.g., LEACH [22].
We assume that n nodes are randomly deployed in the Then, each cluster selects a member to be CL. Once the
network and all nodes have same capabilities, such as stor- clustering is achieved, all the members in each cluster sent
age, computation, communication and the power of bat- their IDs and locations to CL to complete registration. Until
tery. Furthermore, the proposed key management scheme the registration in each cluster is done, all CLs can accom-
is applied in hierarchical sensor networks, i.e., the net- plish their registrations to BS through the same way. All
work will be divided into several clusters. Each cluster is the messages exchanged in this phase are encrypted by
managed by a cluster leader (CL). kc. After the implementation of the initialization phase,
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
Table II. Symbols and meanings. elements. In this case, the referred t elements can form a
Symbol Meaning
connected graph.
The proposed key management scheme t-EEBS can be
CL Cluster leader implemented if Theorem 1 is satisfied. As mentioned ear-
BS Base station lier, an appropriate framework needs to be generated first.
n Scale of the network According to Theorem 1, we can find that the construc-
k Size of key ring tion of framework is exactly the generation of referred
m Number of the unknown keys of each node target collection A. In this work, a randomized construc-
t Number of the colluding nodes tion algorithm is proposed to establish the expected target
ki ith Key of key pool
collection. Algorithm 1 shows the details of this algorithm.
A Target collection of key rings
keyi ith Key ring in A
Ni ith Node in the cluster
Algorithm 1: Randomized Framework Construction
neighbori List of neighbors of node Ni
dkct List of key rings in collection A,
Input: size of network-n
which have common keys with keyt Input: number of colluding nodes-p
Output: Available key ring collection-A
1 Calculate the original key ring collection S of n by
EBS framework;
the locations of nodes in the network are known, and the
2 Random select a key combination keyi from S and
structure of each cluster can be discovered.
insert keyi to A;
3 if A satisfies the Theorem 1 then
4.2.2. t-EEBS framework construction. 4 Delete keyi from S;
In this work, the proposed key management scheme 5 Calculate the union of keys in A, denoted as ;
applies same structure as LOCK. There are two layers of 6 Delete the subset of from S
t-EEBS administrative keys: the upper layer enables BS 7 end
to manage all CLs as a group; the lower layer involves 8 else
a t-EEBS for each cluster, and each t-EEBS enables CL 9 Delete keyi from A;
to manage the members as a group. Actually, the imple- 10 Delete keyi from S
mentations of the upper layer and lower layer are similar. 11 end
Therefore, a lower layer t-EEBS is illustrated to describe 12 if S is empty then
the construction of t-EEBS. 13 if the size of A is no less than n then
In most existing EBS-based schemes, after EBS frame- 14 return A
work is established, key rings are assigned and distributed 15 end
to nodes without any further consideration. Actually, after 16 else
determining the size of key pool and key ring, if some 17 empty S and A;
key rings instead of all key rings are determined as can- 18 rerun from step 1 to find a larger S
didates for nodes, an more appropriate framework can 19 end
be generated for the target network. Based on different
20 end
rules, the generated frameworks ensure key management
21 else
scheme possesses different characteristics. In this section,
22 rerun from step 2
we find the rule of key ring selection and propose dif-
23 end
ferent methods to construct an appropriate framework so
that the proposed scheme can resist collusion attack in the
special case. When the proposed algorithm is carried out, a target key
According to the definition of collusion attack in the ring collection A that satisfies Theorem 1 is established.
special case, some healthy nodes cannot update their keys After assigning and distributing these key rings to nodes,
with EBS rekeying mechanism because all of their keys are a t-EEBS key management scheme can be implemented.
exposed by the compromised nodes. Therefore, a theorem Table III illustrates a 3-EEBS (6, 3, 5) framework, where
on resistance to such collusion attacks can be summarized key rings are randomly assigned to nodes. When collu-
as follows: sion attack in the special case is formed by three nodes
or less than three nodes, the compromised nodes can be
Theorem 1. The key management scheme can resist col- successfully excluded. Taking nodes N1 , N3 and N6 for
lusion attack formed by t(t > 1) compromised nodes in the example, they can be evicted by broadcasting the messages
special case, when the following characteristic is satisfied: illustrated in Table IV.
If the sizes of network and key ring are determined, a The aforementioned construction algorithm can be
connected target collection A can be established. The ele- implemented without any additional restrictions to param-
ments of A are various key rings. In collection A, each eter k and m. However, this algorithm is inefficient, and the
element is not contained in the union of any other t result generated by this algorithm is unpredictable.
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
Table III. The matrix of 3-EEBS (6, 3, 5). formats are kj kj+1 . Therefore, when t nodes collude, the
Key N1 N2 N3 N4 N5 N6
exposed keys must be kj kj+1 kj+2 , : : : , kj+t , j 2 [1, k + m – t].
We can find that all kj ku , u 2 [j+1, j+t] are exposed and are
k1 1 1 not able to be updated. Therefore, property (2) is proved.
k2 1 Proof of property (3): According to the aforemen-
k3 1 1 1 1 1 1 tioned proofs, in the former cases, the format of the
k4 1 exposed keys is kj kj+1 kj+2 , : : : , kj+t , j 2 [1, k+m–t]. At this
k5 1 moment, the addition of any key ring kj ku , u 2 [j + t + 1, k +
k6 1 m] to the target collection might ensure that the target col-
k7 1
lection meets Theorem 1. However, if such key ring is put
k8 1 1 1 1 1 1
into the target collection, the format of the exposed keys
is no longer kj kj+1 kj+2 , : : : , kj+t , j 2 [1, k + m – t]. Conse-
quently, other key rings kj ku , u 2 [j + t + 1, k + m] need to be
In order to find an efficient construction algorithm, further checked: if the target collection satisfies Theorem 1,
another solution is proposed. In this case, the value of k this key ring can be retained. Otherwise, this key ring will
is limited to 2. Then, the target collection that satisfies be eliminated from the target collection.
Theorem 1 can be easily obtained. Before describing the According to the aforementioned properties, an order
algorithm, a definition is introduced. framework construction algorithm (Algorithm 2) is
proposed.
Definition 1. (Step-length): the referred Step-length of After the implementation of this algorithm, a target
each key ring is the absolutely value of difference between collection A is generated, which ensures that the corre-
the maximum and minimum indexes of keys, for example, sponding key management scheme can resist collusion
the step-length of k1 k4 is 3. attack in the special case. Although the size of k is 2, the
Considering that the size of key ring is 2, if the key target collection that satisfies various scales of networks
ring collection generated by EBS framework and each key can be generated by the variations of m and t. In con-
ring in this collection are sorted into ascending order, some trast to Algorithm 1, the order construction algorithm is
properties can be found: more efficient.
Similarly, Table V shows a 3-EEBS (8, 2, 5) frame-
(1) Putting all key rings whose Step-lengths are 1 into
work for the network. In this case, there are eight nodes in
the empty target collection can ensure the collection
the network, and each node stores two keys. Key rings in
satisfies Theorem 1;
the target collection are also randomly assigned to nodes.
(2) After the process (1) is done, the addition of all
When no more than three nodes collude, they can be
key rings whose step-lengths are no more than t
excluded by broadcasting the massages encrypted by their
makes the target collection unsatisfied Theorem 1.
unknown keys. Taking nodes N1 , N4 , and N7 for example,
Therefore, they can be directly eliminated;
they can be excluded by the messages in Table VI.
(3) After the processes (1) and (2) are done, if the
When t is also limited to 2, the target collection has
key ring whose step-length is more than t is putted
several statistical properties: (1) All the key rings whose
into the target collection such that the collection
Step-lengths are 1, 3, 5, 7, : : : are appropriate; (2) rest key
satisfies Theorem 1, the key ring can be retained.
rings are inappropriate. As a result, the target collection can
Otherwise, the key ring will be eliminated from the
be directly deduced without programming at all. Therefore,
target collection.
the referred construction is simple and easy to implement.
Proof of property (1): In this case, the format of key Table V. The matrix of 3-EEBS (8, 2, 5).
ring is kj kj+1 , j 2 [1, k + m – 1]. Furthermore, such key
rings are end to end. Obviously, it can be found that no Key N1 N2 N3 N4 N5 N6 N7 N8
matter how many nodes are colluding, other nodes ensure k1 1 1
that at most one of their keys is exposed, Consequently, k2 1 1
each normal node has at least one key unknown to the col- k3 1 1 1
k4 1 1
luding nodes. Then, they can update their keys with the
k5 1 1 1
unknown key.
k6 1 1
Proof of property (2): After process (1) is imple-
k7 1 1
mented, the target collection has several elements whose
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
Table VI. The rekeying messages for N1 , N4 and N7 . nodes. In this work, CL of each cluster distributes keys
0 0 0 0 0 to the members according to key assignment. During key
Message1 : E(k3 (S , E(k1 (k1 )), E(k2 (k2 )), E(k4 (k4 )), E(k5 (k5 ))))
0 0 0 0 0
distribution, the transmitted messages are encrypted by kc.
Message2 : E(k6 (S , E(k1 (k1 )), E(k2 (k2 )), E(k4 (k4 )), E(k5 (k5 ))))
0 0 0 0 0 4.2.5. Node Addition.
Message3 : E(k7 (S , E(k1 (k1 )), E(k2 (k2 )), E(k4 (k4 )), E(k5 (k5 ))))
As battery-powered and usually deployed in compli-
cated environments, some nodes might fail, which might
4.2.3. Key Assignment. lead to the challenge of coverage hole. In order to fix the
With the proposed framework construction algorithms, problem, new nodes need to be deployed into the network.
all available key rings can be determined. However, if According to the location of new node, the new node joins
the size of k is limited, the connectivity of the network into the appropriate cluster. Then, when the target collec-
might suffer decrease. If key rings are randomly assigned tion still has available key rings, the appropriate key ring is
to nodes as illustrated in Tables III and V, the resulting for- distributed to the new node. Otherwise, the former proce-
warding processes caused by the low connectivity might dures need to be implemented once again. However, it can
bring more communication overheads. be found that the framework established by Algorithm 2
In the proposed scheme, when assigning key rings to holds the following properties: (1) nodes always store two
nodes, the locations of nodes are applied to guarantee the keys and different scales of networks are satisfied by the
connectivity. As stated in the initialization phase, the loca- variations of m and t; (2) almost all key rings established
tions of nodes are known. Therefore, the neighbors of each by the current construction are still available, and thus it
node in the cluster can be discovered. During key assign- means that no node or very few nodes need to change
ment, if more elements in the target collection has common their key rings triggered by the update of framework. Con-
keys with the selected element, then the selected element is sequently, energy consumption is hence reduced, and the
assigned to the node that has more neighbors. This process efficiency of WSNs is guaranteed.
is described as follows:
(1) Count the number of each node’s neighbors, noted Algorithm 2: Order Framework Construction
as neighbori (1 i n). According to the value of Input: size of network-n
neighbori , nodes are ranked into descending order. Input: number of colluding nodes-t
(2) To each element of the target collection A, count the Output: Available key ring collection-A
number of elements that have common keys with 1 Calculate the original key ring collection S according
this element, noted as dkct (1 t |A|). Accord- to EBS;
ing to the value of dkct , the elements of A are also 2 Sort S and elements in S into ascending order;
ranked into descending order. 3 Add all of key rings that Step-length equals to 1
(3) According to the rank of nodes, appropriate key into A;
rings are assigned to nodes. To the node Ni (1 i 4 if Step – length of key ring is no more than t then
n), there are two different cases: 5 directly eliminate the key rings
6 end
(a) Ni is neighbor of the nodes that are already 7 else
assigned key rings. Without loss of gener- 8 if key ring satisfied Theorem 1 then
ality, assume Nu and Nv are neighbors of 9 add the key ring into A
Ni , and their key rings are keyr and keys , 10 end
respectively. If there are common key rings 11 else
between dkcr and dkcs , the common key 12 eliminate the key ring
ring that has the highest rank is assigned 13 end
to Ni . Otherwise, the key ring that has the 14 end
highest rank in the union of dkcr and dkcs 15 if S is empty then
is assigned to Ni . 16 if the size of A is no less than n then
(b) Ni is not neighbor of all nodes that already 17 return A
have been assigned key rings. The remain- 18 end
ing key ring that has the highest rank is 19 else
assigned to Ni 20 empty S and A;
21 rerun from step 1 to find a larger S
When each node is assigned an appropriate key ring, the 22 end
process is finished. 23 end
24 else
4.2.4. Key Distribution. 25 rerun from step 3
After the implementation of key assignment, appropri- 26 end
ate key rings need to be distributed to the corresponding
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
5.1. Resistance to collusion attack The rekeying overheads of various 2-EEBS schemes and 3-
EEBS schemes are illustrated in Figure 5. Similar to figure
Figure 3 shows various schemes’ resistance to collusion 3, p denotes the number of the colluding nodes. As the
attacks. The referred collusion attacks are performed by increase of m, rekeying overheads of all illustrated schemes
two–six nodes in the special case. In this figure, p denotes increase. Moreover, when m is determined, rekeying over-
the number of the colluding nodes. The resistance to col- heads of various schemes increase as the number of the
lusion attacks is the ability of network resilience while colluding nodes increases. In contrast, if the size of m
suffering collusion attacks. Without considering the com- and the number of the compromised nodes are determined,
promised nodes, network resilience represents the propor- rekeying overhead decreases as the ability of the resistance
tion of normal nodes that are able to successfully update to collusion attack increases.
their keys to all normal nodes. When comparing the same
scheme in different cases, the referred resistance drops as 5.3. Connectivity
the number of the compromised nodes increases. More-
over, comparing different schemes in same case, 3-EEBS Figure 6 shows average number of elements in the tar-
schemes have better resistance than the corresponding get collection that have common keys with each selected
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
nodes increasing, the size of key rings in SHELL increases international conference on new technologies, mobility
slowly. In contrast, although the number of key rings in and security, ntms 2009, Cairo, Egypt, 2009.
LOCK also increases slowly, the applied key polynomials 2. Huang Y, Hsieh M, Chao H, Hung S, Park J.
lead to larger storage overhead than other schemes. Pervasive, secure access to a hierarchical sensor-
based healthcare monitoring architecture in wire-
6. CONCLUSION less heterogeneous networks. IEEE Journal on
Selected Areas in Communications 2009; 27(4):
Because EBS can provide efficient post-deployment rekey- 400–411.
ing, EBS-based key management schemes can support 3. Duriic MP, Tafa Z, Dimic G, Milutinovic V. A survey
flexible and long-term protection for WSNs. However, of military applications of wireless sensor networks.
because of high correlation among key rings, security of
2012 Mediterranean Conference on Embedded Com-
the network is significantly affected when collusion attack
puting, MECO 2012, Bar, Montenegro, 2012; 196–
is performed. In majority cases, the keys of the colluding
nodes can form a connected graph. In order to enhance the 199.
4. Liu YY, Yu XF, Zhao D. Hardware design of an
resistance to collusion attack in such cases, a new key man-
agement scheme based on EBS is proposed, which is called environmental monitoring system based on wireless
t-EEBS. We consider the proposed scheme is applied in sensor networks. Advanced materials research 2014;
hierarchical WSNs. According to the structure of the net- 864-867: 891–896.
work, the entire scheme consists of two layers of t-EEBS 5. Misra S, Goswami S, Taneja C, Mukherjee A.
administrator keys: the upper layer enables BS to manage Design and implementation analysis of a public key
all CLs as a group; the lower layer involves a t-EEBS for infrastructure-enabled security framework for zigbee
each cluster, and each t-EEBS enables CL to manage the sensor networks. International Journal of Communi-
members as a group. Two t-EEBS framework construc- cation Systems 2016; 29(13): 1992–2014.
tion algorithms are proposed to ensure that the proposed 6. Misra S, Goswami S, Taneja C, Mukherjee A,
scheme can resist the collusion attack formed by t(t > 1) Obaidat MS. A pki adapted model for secure informa-
nodes in the special case. The proposed scheme is local-
tion dissemination in industrial control and automation
ized, location-aware, and resistant to collusion attacks. The
results of performance evaluation show that the proposed 6lowpans. IEEE Access 2015; 3: 875–889.
scheme can greatly improve the resistance to collusion 7. Eltoweissy M, Moharrum M, Mukkamala R. Dynamic
attack and thus enhance the security of the network. key management in sensor networks. IEEE Communi-
cations Magazine 2006; 44(4): 122–130.
8. Zhang J, Varadharajan V. Wireless sensor network
REFERENCES
key management survey and taxonomy. Journal of
1. Khanafer M, Guennoun M, Mouftah HT. Wsn archi- Network and Computer Applications 2010; 33(2):
tectures for intelligent transportation systems. 3rd 63–75.
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
F. Zhan and N. Yao A collusion-resistant dynamic key management scheme for WSNs
9. Misra S, Goswami S. Key Management in Mobile Ad 22. Heinzelman WR, Chandrakasan A, Balakrishnan H.
Hoc Networks, chap. 7: Security of Self-Organizing Energy-efficient communication protocol for wire-
Networks. MANET, WSN, WMN, VANET. S. pathan less microsensor networks. Proceedings of the hawaii
edn., CRC Press: USA, 2010; 145–170. international conference on system sciences, Maui,
10. Eschenauer L, Gligor VD. A key-management scheme USA, 2000; 223.
for distributed sensor networks. Proceedings of the 23. Tuah N, Ismail M, Jumari K. Evaluation of
ACM Conference on Computer and Communications optimal cluster size in heterogenous energy
Security, Washington, DC, United states, 2002; 41–47.
wireless sensor networks. 2012 International
11. Chan H, Perrig A, Song D. Random key predistribu-
Symposium on Telecommunication Technolo-
tion schemes for sensor networks. 2003 Symposium on
gies, ISTT 2012, Kuala Lumpur, Malaysia, 2012;
Security and Privacy, SP 2003, Berkeley, CA, United
124–130.
states, 2003; 197–213.
12. Huang SCH, Du DZ. New constructions on broadcast
encryption and key pre-distribution schemes. Proceed- Appendix
ings - IEEE INFOCOM, Miami, FL, United states,
2005; 515–523. The calculation of the expectation number of the exposed
13. Camtepe SA, Yener B. Combinatorial design of key keys mentioned in Section 3 is described as follows:
distribution mechanisms for wireless sensor networks. Assume that node NA is compromised. The key ring
IEEE/ACM Transactions on Networking 2007; 15 (2): stored by NA is KeyA , while the key ring stored by the col-
346–358. luding node NB is KeyB . The number of new exposed keys
14. Ruj S, Nayak A, Stojmenovic I. Fully secure pair- caused by the collusion attack formed by NA and NB is
wise and triple key distribution in wireless sensor DifAB . Note that DifAB is actually the keys of NB which are
unknown by NA .
networks using combinatorial designs. Proceedings -
IEEE INFOCOM, Shanghai, China, 2011; 326–330.
(1) The general case
15. Ruj S, Nayak A, Stojmenovic I. Pairwise and triple key The range of DifAB is [1, k]. Then, the probability
distribution in wireless sensor networks with applica- of each case in DifAB is
tions. IEEE Transactions on Computers 2013; 62(11):
2224–2237. k m
16. Bechkit W, Challal Y, Bouabdallah A, Tarokh V. A k–i i
pi = k+m , i 2 [1, k]
highly scalable key pre-distribution scheme for wire- k –1
less sensor networks. IEEE Transactions on Wireless
Communications 2013; 12(2): 948–959. Based on this formula, we can calculate the expec-
17. Eltoweissy M, Heydari MH, Morales L, Sudborough tation of DifAB is
IH. Combinatorial optimization of group key manage-
ment. Journal of Network and Systems Management k k k m
X X
2004; 12(1): 33–50. k–i i
i pi = i k+m
18. Younis MF, Ghumman K, Eltoweissy M. Location- i=1 i=1 k –1
aware combinatorial key management scheme for clus-
tered sensor networks. IEEE Transactions on Parallel According to the definition of DifAB , the expecta-
and Distributed Systems 2006; 17(8): 865–882. tion of the exposed keys caused by the collusion of
19. Jiang R, Luo J, Tu F, Zhong J. Lep: A lightweight NA and NB is
key management scheme based on ebs and polynomial
for wireless sensor networks. 2011 IEEE International k k k m
X X
k–i i
Conference on Signal Processing, Communications k+ i pi = k + i k+m
and Computing, ICSPCC 2011, Xi’an, China, 2011. i=1 i=1 k –1
20. Song YL, Cao SG. A lightweight of cluster-based
key management scheme for wireless sensor net- In contrast, the range of sick nodes is y 2 [ k+1
k –
works. Applied mechanics and materials 2013; tk
2, t – 2]. The probability of y in each scenario is
341–342: 1133–1137.
same as DifAB . Assume that j = k+u k – 2, u 2 [1,
21. Ying B, Makrakis D, Mouftah HT, Lu W. Dynamic (t – 1)k], then
combinatorial key pre-distribution scheme for hetero-
geneous sensor networks. Communications in Com- k m
puter and Information Science 2011; 186 CCIS: k–u u
pj = k+m , u 2 [1, (t – 1)k]
88–95.
k –1
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A collusion-resistant dynamic key management scheme for WSNs F. Zhan and N. Yao
Security Comm. Networks (2017) © 2017 John Wiley & Sons, Ltd.
DOI: 10.1002/sec