LCC UMA

SenseKey Tool

Selecting an Optimal Key Distribution Protocol for Homogeneous WSN

1. Overview

1.1. Introduction to the SenseKey Tool

It is indispensable to provide basic security primitives to the sensor nodes in order to give a minimal protection to the information flow[1]. A Key Management System (KMS) creates and provides to the motes the secret pairwise keys that those security primitives need[2] .

A certain KMS can be defined based on the properties it offers to the network designers. However, not all KMS are suitable for a certain Sensor Network Application, being because the Application requires a better protocol (e.g. a network deployed on a hostile environment should not negotiate its secret keys without protection) or because the Application does not need some of the extra properties that the protocol offers (e.g. a small network does not need a complex protocol)

The SenseKey Tool allows a network designer to choose an existent KMS given the properties of the context where the motes (or nodes) are going to work. The tool does not provide implementations - it just points out to the paper where a certain protocol is discussed.

1.2. How to apply the SenseKey Tool

A network designer has to follow the following steps in order to use the SenseKey Tool:

  1. The network designer must find out which properties are essential for a KMS in the context of the application, called Main Properties, and which properties are important but not essential in the context of the application, called Secondary Properties. These properties are described below and in the contextual help of the SenseKey tool.
  2. These properties must be input into the Web Application (SenseKey Tool Section), alongside with other knowledge related to the Sensor Network Deployment
  3. The SenseKey tool will automatically provide the protocols that better adjust to the properties indicated by the network designer. The results can be either stored on the computer or printed afterwards.

1.3. System Requirements

  • Browser:
    • Internet Explorer 6 >
    • Firefox 1 >
      • Other browsers are untested, but theorically they should work. Older browsers (i.e. without the innerHTML tag) will not work.
  • Screen Resolution:
    • Minimum: 800x600.
    • Recommended: 1024x768.
  • Other Requirements:
    • Javascript (Recommended).

2. Network and Scenario Properties

2.1. Introduction

The properties of a KMS ar the following: Memory Overhead, Processing Speed, Communication Overhead, Security (Confidentiality), Network Resilience, [Global/Local/Node] Connectivity, Scalability, Extensibility, and Energy.

In this section we will explain how these properties affect a Sensor Network, and whether they should be considered Main or Secondary properties, from both a technical point of view and an Application point of view.

2.2 Description of the Properties

Memory Usage: A sensor node is usually very constrained in terms of memory. Therefore, it is essential for certain applications to reduce the memory footprint as much as possible.
  • ...As a Main Property (Technical): if the application needs almost all the node's RAM memory.
  • ...As a Secondary Property (Technical): if the designers wish to have as much free memory as possible.
  • ...As a Main/Secondary Property (App.): This is largely influenced by the size and complexity of the service that the WSN has to provide.
Processing Speed: Sensor nodes are also constrained in terms of computing power. Most KMS protocols are not very computationally expensive, although other KMS could spend seconds in order to achieve their tasks.
  • ...As a Main Property (Technical): if the time spent on processing the secret keys during the negotiation must be near zero.
  • ...As a Secondary Property (Technical): if the time spent on processing the secret keys during the negotiation must be as small as possible.
  • ...As a Main/Secondary Property (App.): Depends on whether it is crucial to set up a secure channel between two previously unknown nodes as fast as possible (i.e. while using fast mobile nodes).
Communication Overhead: In most KMS, the nodes must negotiate with its peers the security credentials that they will share.
  • ...As a Main Property (Technical): if the network must produce almost none or no messages for negotiating the secret keys.
  • ...As a Secondary Property (Technical): if network must produce as less messages as possible for negotiating the secret keys.
  • ...As a Main/Secondary Property (App.): Depends on the criticality of the following factors: providing services as soon as possible, even during the deployment; an unrealiable communication channel that would increase errors, hence decreasing the network resources faster; where the network should try to advertise itself as less as possible.
Security - Confidentiality: The whole process of distributing the keys must be secure by default. However, in certain scenarios, there are extra security requirements that must be fulfilled. Confidentiality is one of those requirements, because in some protocols it is necessary to bootstrap the security credentials.
  • ...As a Main Property (Technical): if the negotiation messages must not give any clue about the creation of the secret keys.
  • ...As a Secondary Property (Technical): if the network is allowed to broadcast some hard-to-break data about the secret keys.
  • ...As a Main/Secondary Property (App.): The factors that influence this property are: whenever the deployment area is public, when the information managed by the sensor nodes is important. As these two factors increase, so do the chances of a malicious attacker trying to hinder the operation of the network.
Network Resilience In order to avoid the disruption of the network services, some protocols are designed to increase the network resilience, that is, the ability to cope with stolen credentials and rogue nodes.
  • ...As a Main Property (Technical): if capturing a node must not provide any information about the other keys in the network.
  • ...As a Secondary Property (Technical): if capturing a node provides little information about the other keys in the network.
  • ...As a Main/Secondary Property (App.): Its importance varies depending on the nature of the environment where the nodes are deployed and on the resources an attacker have to spent in order to capture a set of nodes.
Global Connectivity This network property is related to the chance of two sensor nodes sharing the same security credentials. Global Connectivity is the ratio of the size of the largest isolated component in the network and the size of network. If the G.C. is 100%, it means that there is a secure path between all the nodes of the network.
  • ...As a Main Property (Technical): if all nodes must be securely connected.
  • ...As a Secondary Property (Technical): if it is allowed to have a small portion of the network unconnected.
  • ...As a Main/Secondary Property (App.): Depends on the importance of the motes in the network providing the network services.
Local Connectivity This network property is related to the chance of two sensor nodes sharing the same security credentials. Local Connectivity is defined as the probability that two neighboring nodes share one secret key. If the L.C. is 100%, any node can securely communicate with any of its neighbors from the very beginning of the network deployment (with little or no negotiation).
  • ...As a Main Property (Technical): if it is essential for a node to be securely connected from the very beginning to its neighbors.
  • ...As a Secondary Property (Technical): if it is allowed to have some negotiations with other nodes in order to achieve full local connectivity.
  • ...As a Main/Secondary Property (App.): Depends on whether the application needs to assure that most nodes will be able to set up a pairwise key with as less overhead as possible.
Node Connectivity This network property is related to the chance of two sensor nodes sharing the same security credentials. Node Connectivity is the probability of two nodes of the network sharing one secret key. If the N.C. is 100%, any node in the network can open a pairwise secure channel with any other node (being that node on its neighborhood or not) from the very beginning (with little or no negotiation).
  • ...As a Main Property (Technical): if all nodes must be securely connected from the very beginning.
  • ...As a Secondary Property (Technical): if it would be interesting for a node to share a key with some nodes in the network.
  • ...As a Main/Secondary Property (App.): Usually depends on the mobility of the nodes.
Scalability A key distribution protocol should be able to negotiate the security credentials regardless the number of nodes in the network (Scalability).
  • ...As a Main Property (Technical): if all nodes must be securely connected from the very beginning.
  • ...As a Secondary Property (Technical): if it would be interesting for a node to share a key with some nodes in the network.
  • ...As a Main/Secondary Property (App.): Depends on the size of the network. For small networks, it is not important. The importance increases with the network size.
Extensibility A key distribution protocol should be able to include new nodes after the initial deployment finishes Extensibility).
  • ...As a Main Property (Technical): if more nodes need to be added to the network on a frequent basis.
  • ...As a Secondary Property (Technical): if few nodes need to be added to the network after the deployment.
  • ...As a Main/Secondary Property (App.): Depends on the physical context where the nodes are deployed, and also in the lifetime of the network and its services.
Energy The negotiation of the security credentials is a time-consuming and energy-consuming task (inferring the security credentials, sending/receiving data to/from other peers,...), and it affects the remaining energy of the node.
  • ...As a Main Property (Technical): if the node must spend almost no energy on negotiating/calculating the secret keys.
  • ...As a Secondary Property (Technical): if the node must spend an small amount of energy on negotiating/calculating the secret keys.
  • ...As a Main/Secondary Property (App.): Depends on the energy source of the nodes, the lifetime of the network and its services, and the possibility to have physical access to the nodes.

3. The SenseKey Tool

3.1. Using the SenseKey Tool

The SenseKey Tool is basically a form where the user can input the following fields and use the following buttons:

Fields:

  • Main Properties: Essential properties for a KMS in the context of the application.
  • Secondary Properties: Important (but not essential) properties for a KMS in the context of the application.
    • NOTE that a Main Property cannot be a Secondary Property, and Viceversa.
  • Other: Other properties of the to-be-deployed sensor network.
  • Deployment Knowledge. If the node locations are known in advance.
  • Options: Options of the SenseKey Tool.
  • Maximum Number of Results. Selects the maximum number of KMS (5-10) that will be displayed in the results page.
  • Printer-Friendly Version. The results page is displayed in a simple way, thus it can be printed easily.
Buttons:
  • OK Button: Launch the SenseKey Tool with the properties selected by the user.
  • Reset Button: Reset the Contents of the window to their original values.

3.2. Reading the Results

After selecting the properties and the options, The SenseKey Tool will show the network designer the KMS protocols that could be more suitable for the WSN application context, ordered by relevance. The SenseKey Tool will also alert the user if no protocol can be applied to the given requirements.

An example of one paper produced by the SenseKey Tool is the following:

Name of the Protocol.

  • Advantages (Number of Advantages): List of the Advantages of the protocol.
  • Disadvantages (Number of Disadvantages): List of the Disadvantages of the protocol.
Authors. ''Name of the Paper''. Proceedings.
Paper overall score: Score (From 0 "motes" to 5 "motes").

The Advantages and Disadvantages will follow a formatting code, depending on the input of the user:

  • Blue: Main Property in Advantage.
  • Light Blue: Secondary Property in Advantage.
  • Red: Main Property in Disadvantage.
  • Dark Red: Secondary Property in Disadvantage.
  • [Italic inside square brackets]: This property belongs to this cathegory (Advantage, Disadvantage) depending on the design parameters of the protocol.

4. References

4.1. SenseKey Tool References

[1] Y. Zhou, Y. Fang, Y. Zhang. "Securing Wireless Sensor Networks: a Survey". IEEE Communications Surveys \& Tutorials, Vol. 10, No. 3, pp. 6-28, 2008.

[2] S. A. Camtepe, B. Yener. "Key Management in Wireless Sensor Networks". On Wireless Sensor Network Security, pp. 110-141, IOS Press, ISBN 978-1-58603-813-7, 2008.

(Last update: December 2009)