An Identity Based Key Management Scheme in Wireless Sensor Networks

Pairwise key establishment is one of the fundamental security services in sensor networks which enables sensor nodes in a sensor network to communicate securely with each other using cryptographic techniques. It is not feasible to apply traditional public key management techniques in resource-constrained sensor nodes, and also because the sensor nodes are vulnerable to physical capture. In this paper, we introduce a new scheme called the identity based key pre-distribution using a pseudo random function (IBPRF), which has better trade-off between communication overhead, network connectivity and resilience against node capture compared to the other key pre-distribution schemes. Our scheme can be easily adapted in mobile sensor networks. This scheme supports the addition of new sensor nodes after the initial deployment and also works for any deployment topology. In addition, we propose an improved version of our scheme to support large sensor networks.

💡 Research Summary

The paper addresses the fundamental problem of pairwise key establishment in wireless sensor networks (WSNs), where the severe resource constraints of sensor nodes make traditional public‑key infrastructures infeasible and where node capture is a realistic threat. Existing symmetric‑key pre‑distribution schemes such as the Eschenauer‑Gligor (EG) random key pool, q‑composite, polynomial‑based, and matrix‑based methods each trade off connectivity, storage, communication overhead, and resilience to capture.

To improve this trade‑off, the authors propose the Identity‑Based Key Pre‑distribution using a Pseudo‑Random Function (IBPRF). The scheme relies on two ingredients: (1) a master key (MK) uniquely assigned to each sensor node by a trusted key‑setup server, and (2) a pseudo‑random function (PRF) originally described by Goldreich (1986). During the pre‑distribution phase, for each node u the server randomly selects m other node identifiers from the whole node pool N (size n) and computes, for each selected vᵢ, the pairwise key S_K_{u,vᵢ}=PRF(MK_{vᵢ}, u). The (key, ID) pair (S_K_{u,vᵢ}, vᵢ) is stored in u’s key ring K_u. Consequently, u holds m “slave” keys that can be regenerated by the corresponding “master” nodes vᵢ using only their own master key and u’s ID.

After deployment, each node discovers its physical neighbors (nodes within radio range). If a neighbor’s ID appears in its key ring, the node sends a short notification containing only its own ID, indicating that it already possesses the shared key. The neighbor, upon receipt, recomputes the same key by a single PRF evaluation using its master key and the sender’s ID. Thus, direct pairwise key establishment incurs zero communication payload beyond a single identifier message and requires only one lightweight PRF computation per link.

If two physical neighbors do not share a pre‑distributed key, an optional path‑key establishment phase can be invoked. Node u finds a secure multi‑hop path to v (typically 1–2 hops), generates a fresh random key k′, encrypts it with the first hop’s shared key, forwards it hop‑by‑hop, and finally delivers k′ to v. The intermediate hops each perform a single symmetric decryption/encryption using existing secure links. This adds modest communication overhead while dramatically improving overall network connectivity.

The probability that two physical neighbors can directly establish a key is derived as p = m / n, i.e., the ratio of key‑ring size to network size. Consequently, for small networks (low n) and moderate m, connectivity is high; however, as n grows, p declines sharply, limiting scalability. The authors illustrate this behavior with simulations for m = 100, 150, 200 and n ranging from 1,000 to 5,000, showing that the basic IBPRF is unsuitable for large‑scale deployments.

To address scalability, Section 5 sketches an “Improved Scheme” that partitions the deployment area into c sub‑regions, each running an independent instance of IBPRF. Limited inter‑region key sharing is then introduced to bridge the partitions, thereby preserving high connectivity while retaining the low overhead and strong security of the base protocol. (The paper does not provide exhaustive parameter choices, but the concept is clear.)

Security analysis hinges on two facts: (1) the PRF is assumed to be cryptographically strong (pre‑image resistance, pseudorandomness), and (2) the master key of a node is never disclosed to other nodes. If a node is captured, only its master key and the m pre‑distributed keys it holds are exposed. Because each pairwise key is derived via a one‑way PRF from the other node’s master key, an adversary cannot recover any non‑compromised node’s master key or the keys it would generate with other nodes. Hence, the scheme offers perfect security against node capture: compromising a set of nodes does not endanger the confidentiality of links between non‑compromised nodes.

Mobility is naturally supported. When a node moves and encounters new physical neighbors, the same identifier‑exchange and PRF recomputation process establishes fresh pairwise keys without any extra protocol steps. If connectivity remains insufficient, the node may fall back to a one‑hop path‑key establishment, assuming mobility events are infrequent.

The scheme’s storage requirement is modest: each node stores its own master key plus m key‑plus‑ID entries, i.e., m + 1 keys total, fitting comfortably within typical sensor memory limits. Communication overhead is essentially limited to a single short identifier message per direct link, and the computational cost is a single PRF evaluation per link, both well within the capabilities of low‑power microcontrollers (e.g., ATmega128L).

In Section 6 the authors compare IBPRF with EG, q‑composite, and polynomial‑based schemes across three dimensions: communication overhead, network connectivity, and resilience to node capture. IBPRF excels in communication efficiency (near‑zero overhead) and capture resilience (perfect security) but lags in raw connectivity for large n, whereas EG provides higher connectivity at the expense of significant key exposure under capture, and q‑composite improves security but increases storage and communication costs.

In conclusion, the paper presents a compelling identity‑based key management framework that dramatically reduces the communication burden of key establishment while delivering strong security guarantees. Its primary limitation is scalability of direct connectivity, which the authors mitigate through a region‑based extension. The approach is well‑suited for small to medium‑size static or mildly mobile sensor networks where energy and bandwidth are at a premium, and it offers a clear pathway to adapt to larger deployments through hierarchical partitioning.