Key Predistribution Schemes for Distributed Sensor Networks

Indian Statistical Institute K olk ata T ec h. Rep. no. ASD/2 010/3 , No vem b er 10, 2010 Revised draft August 1, 2011 Key Predistribution Sc hemes for Distributed Sensor Net w orks via Blo ck Designs Mausumi Bose a 1 , Alok e Dey b , Rah ul Muk erjee c a Indian Statistic al Institute, Kolkata 700108 , India b Indian Statistic al Institute, New Delhi 1100 16, India c Indian Institute of Management Calcutta, Kolkata 700104, India Abstract Key predistribu tion sc h emes for distrib uted sensor net w orks ha v e receiv ed signiﬁcan t atten tion in the recen t literature. In this pap er w e prop ose a new construction method for these sc hemes based on com binations of du als o f standard blo c k designs. Our metho d is a broad sp ectrum o ne whic h w orks for any intersectio n threshold. By v arying the initial designs, we can generate v arious sc hemes and this mak es the method quite ﬂexible. W e also obtain explicit algebraic expressions for the metrics for lo cal connectivit y and resiliency . These schemes are quite eﬃcien t with rega rd to connectivit y and resiliency and at the s ame time they allo w a straigh tforw ard shared-key disco very . 1 In tro duction Distributed sensor net w orks ha v e b een extensively studied in recen t years due to their wide applicabilit y in b oth civilia n and military con texts. F or instance, in a military operation, sensor no des may b e distribu ted in a random manner ov er a sensitive area and, once deplo y ed, these no des are requir ed to comm unicate with eac h other in order to gather and rela y inform ation. This communicati on has to b e done in a secret manner and so secure keys need to b e established b et w een the no des in the system. F or more details on th e applications, the securit y fr amew ork and mo d els for these distr ibuted sensor net w orks (DSNs) we refer e.g ., to Carmen et al. (200 0), Roman et al. (2005 ) and Du et al. (200 5). There are also interesting results p ertaining to an 1 Corresponding aut hor. email address: mausumi.b ose@gmail.com (Mausumi Bose) 1 alternativ e situation where the lo cation of sensor no des can b e determined p rior to deplo ym ent, e.g., results by Y oun is et al. (2006 ), Martin et al., (2010 ), Blac kburn et al. (2010 ), Martin et al. (2011), and others. In this pap er w e focu s on the situation of random deplo ymen t of no des. Sev eral authors h av e reco mmended the use of k ey pr e distribution schemes (KPSs) in a DS N, where secret k eys are installed in eac h sensor no d e b efore deplo ymen t. Esc henauer and Gligor (2002 ) p ioneered a probabilistic approac h to k ey predistribution and ga ve a sc h eme in whic h ev ery n o de is assigned a rand omly c hosen subset of k eys from a giv en p o ol of k eys. Chan et al. (2003 ) generalized this b asic sc heme to the q -comp osite sc heme, where t w o n o des can com- m unicate only i f they share at least q common keys, wher e q is a presp eciﬁed in teger called the interse ction thr esho ld . Cam tep e and Y ener (2004) ﬁr st in tro duced the use of com binato- rial designs in KPSs, using ﬁnite pro jectiv e planes and generalized quadrangles. The p rincipal adv an tages of using deterministic key assig nment schemes b ased on combinato rial d esigns com- pared to random key assignment is that, in the former appr oac h, the problem of generating go o d pseudorand om num b ers is a v oided, and moreo v er, b y exploiting the com b inatorial s truc- tures of the u nderlying designs, one can study the lo cal connectivit y and resiliency prop erties of th e sc heme easily , and also carry out shared-key disco v ery and p ath-k ey establishment in a structured manner . F or more details on these adv an tages w e refer to Lee and Stinson (2008) and Martin (2009). Man y researc hers appreciated the adv an tages of the ab o v e approac h and con tin ued to fu rther dev elop th is area. Lee and Stinson (2005a, 2005 b) ga v e a construction based on tran s v ersal designs, Chakrabarti et al. (200 6) f ollo wed this b y prop osing a merger of a random selectio n of blo c ks of a transve rsal d esign to form the n o des, Dong et al. (2008 ) used 3-designs, Ru j and Ro y (2007) used partially balance d designs and Ruj et al. (2009) used b alanced incomplete blo c k designs in their constru ction. Lee and Stinson (2008) ga ve a compr eh ensiv e accoun t of k ey assignment schemes based on com binatorial designs and studied all asp ects of th eir schemes. They ga ve constructions for tw o classes of sc hemes, namely , a linear sc heme with inte rsection threshold q = 1 and a quadratic sc heme with q = 2, based on transv ersal designs. T hey studied these tw o classes of sc hemes separately and , for eac h of the t w o classes, th ey sho w ed their sc heme to b e eﬃcien t with rega rd to the lev els of connectivit y and r esiliency , wh ile allo win g simple shared-k ey discov ery and path-k ey establishmen t. Th e n u m b ers of no des requir ed in the net w ork for these t wo classes of KPS s are of the form p 2 and p 3 , resp ectiv ely , w here p is a p rime or prime p ow er. 2 In this p ap er w e p r op ose a new metho d for constructing K P Ss and then stud y the prop erties of the resulting sc h emes. Realizing a connection b et ween the transversal designs used by Lee and S tinson (2008) in their construction for q = 1 and a particular t y p e of p artially balanced incomplete blo c k d esigns, we consider the latter designs in their fu ll generalit y and show that w e can construct useful KPSs b ased on a suitable com bination of partially balanced incomplete blo c k designs. W e prop ose one general construction method f or an y giv en inte rsection th reshold q ( ≥ 1), and it will b e seen that for the case q = 1, our construction co vers the linear sc h eme of Lee and Stinson (2008). On e adv an tage of our pr op osed metho d is that it w orks for all q ( ≥ 1), and by v arying the choic es of the designs, one can construct KPSs for net w ork s with v arying n um b ers of no des, ke y-p o ol sizes and n um b ers of ke ys p er nod e, th us pro viding more ﬂexibilit y in c ho osing a sc h eme suitable for the r equiremen ts of a situatio n. F or exa mple, n o w the num b er of no d es need not b e of the p articular forms p 2 or p 3 , w ith p p rime or pr ime p ow er, as in Lee and Stinson (2008). These p oints w ill b e elab orated on in Section 8. Another adv an tage of our metho d of construction is that it allo w s us to obtain u niﬁed and explicit algebraic expressions for the metrics for ev aluating th e connectivit y and r esiliency of these sc hemes, all f or general v alues of q ( ≥ 1). Using these expressions, the metrics can b e easily calculate d from the p arameters of the p articular d esigns used in the construction. T his ma y b e con trasted with Lee and Stin s on (2008), Ruj and Ro y (200 7) or Ruj et al. (20 09), where ev aluation of the metrics can inv olve exp licit en u meration whic h m ay b ecome cumb ersome. W e also sh ow that our KPSs ha v e goo d connectivit y with h igh lev els of resiliency and the com b inatorial stru cture of the u nderlying designs mak e the shared-k ey disco very and path-k ey establishmen t phases particularly simp le. In Section 2 of this p ap er we giv e s ome p reliminaries on v arious metrics for ev aluating a KPS , follo w ed b y some b asics on blo c k designs. Section 3 describ es ou r prop osed metho d for constru cting a KPS. Next, in Sections 4 and 5 w e obtain expressions for the connectivit y and r esiliency metrics for these sc hemes an d giv e illustr ativ e examples. In Section 6 we app ly our m etho d to constructions based on some sp eciﬁc blo ck designs, together with n umerical illustrations. In Section 7 we discuss h o w w e can lab el the keys and no d es so that shared -k ey disco v ery and path-key establishmen t b ecome simple. Finally in Section 8 w e discuss the gains ac h iev ed via our metho d of construction. 3 2 Preliminaries 2.1 Some metr ics for ev aluating KPSs Sev eral authors hav e considered some standard metrics for ev aluating the p erformance of key predistribu tion sc hemes for distrib uted s ensor n et w orks . W e br ieﬂy d escrib e these metrics here; a more comprehensive ac coun t can b e found in Lee and Stinson (2008). Tw o basic metrics of a KPS are the network size or the num b er of no des in the net w ork and the key stor age or the num b er of k eys stored p er no de, usually denoted by n and k , resp ectiv ely . A KPS should typica lly ha v e large n , say 1000 or m uc h higher and small k , sa y ab out 50, though some authors ha v e used k up to 200. In a DSN the no des are scattered o v er a physical area and, since no des h a v e limited p o wer, eac h can send or r eceiv e signals only ov er a certain wireless communicati on range or neighb orho o d . Once the no des are deplo y ed, any t w o no des wh ic h are within eac h other’s n eigh b orho o d can securely comm unicate directly with eac h other if they ha v e at least q common k eys, wh ere q ( ≥ 1) is a s p eciﬁed in teger, the interse ction thr eshold of th e DSN. O n the other hand, if t w o no des in th e same neighborh o o d do not h a v e q common k eys, then they can establish a connection through multiple secure links if there is a s equence of one or more int ermediate n o des connecting them suc h that ev ery pair of adjacent no des in this sequence share q common k eys. T o study the lo cal connectivit y of th e netw ork, w e adopt the metrics used in Lee and S tinson (2005 b, 2008), and for this, w e no w in trod uce the relev an t probabilities as deﬁned by them. Deﬁne Pr 1 to b e the p robabilit y that tw o ran d om no des sh are at least q common k eys. T h us giv en any t w o rand omly c hosen no des within eac h other’s neigh b orho od , Pr 1 is th e probabilit y that these tw o n o des can establish secure d ir ect communicat ion with eac h other. Also, deﬁn e Pr 2 to b e the probabilit y that t wo nod es in the same neigh b orho o d do not ha ve q common keys but there is a third nod e within the intersect ion of their neigh b orho o ds whic h shares q common k eys with b oth of them, thus allo wing these tw o no des to comm unicate securely via this third no de. So Pr 2 is the probabilit y that t w o randomly c h osen no des within the same neighborh o o d fail to establish direct comm unication b ut can communicate via a t w o-hop p ath. Hence, the su m Pr = Pr 1 + Pr 2 is a useful metric for studying the local connectivit y of a KPS th rough either a secure direct link or a secur e t wo-hop path. No w supp ose in an attac k on the net w ork a n um b er of sensor no des are captured at random. Then it is assumed that all keys stored in these compromised nod es are rev ealed and so cannot 4 b e used for comm u nication an y more. Consider any tw o uncompromised no des, sa y A and A ′ , whic h ha v e at least q common keys. Then the direct comm unication link b et w een A and A ′ fails if k eys common to them o ccur in one or more of the compr omised no des; otherwise, the link remains secure. W e w an t th e sensor net w ork to b e resilien t against such ran d om no de compromises. F rom th is consideration, resiliency is measured b y fail(s) , wh ic h represents the conditional probability of the link b et w een A and A ′ to fail when out of the r emaining n − 2 no des, s randomly c hosen ones are compromised, giv en that A and A ′ share at least q common k eys. A smaller v alue of fail( s ) implies a larger resiliency . Finally , in order to comm unicate, t w o no des in the same neighborh o o d need to determine if they share q common ke ys; this is the shar e d-key disc overy phase , and if they do n ot, then they try to establish a secure tw o-hop path for comm un ication; th is is the p ath-key establishment phase . The d iﬃculties in v olve d in these t wo phases are al so used to assess the utilit y of a KPS. 2.2 Some basics on blo ck designs W e p resen t some basic deﬁnitions of blo c k designs and related concepts whic h w e will need in our constructions of KPS s. Illustrative examples are also give n. F or more d etails on these designs w e refer to Street and S tr eet (1987 ), Stinson (200 3) and Dey (2010) . Deﬁnition 2.1 A blo ck design d ∗ is an arr angement of a set of v ∗ symb ols i nto b ∗ subsets, these subsets b eing c al le d blo c k s. Example 2.1 The follo wing is a blo c k design d ∗ with v ∗ = 9, b ∗ = 12. Denoting the symb ols b y 1 , . . . , 9 and blo c ks b y 1 , . . . , 12, w e can write d ∗ : B lock S y mbol s B lock S y mbol s B lock S y mbol s B lock S y mbol s 1 4 , 7 , 2 4 5 , 8 , 3 7 6 , 9 , 1 10 1 , 2 , 3 2 7 , 1 , 5 5 8 , 2 , 6 8 9 , 3 , 4 11 4 , 5 , 6 3 1 , 4 , 8 6 2 , 5 , 9 9 3 , 6 , 7 12 7 , 8 , 9 ✷ Deﬁnition 2.2 If d ∗ is a blo ck design with v ∗ symb ols and b ∗ blo cks then its dual design, say d , is a blo c k design obtaine d fr om d ∗ by inter changing the r oles of symb ols and blo cks, i.e., d is a blo ck design involving b ∗ symb ols and v ∗ blo cks, such that the i th blo ck of d c ontains the j th symb ol if and only if the j th blo ck of d ∗ c ontains the i th symb ol, 1 ≤ i ≤ v ∗ , 1 ≤ j ≤ b ∗ . 5 Example 2.2 The dual design d obtained from d ∗ in Example 2.1 h as 12 symbols, 1 . . . . , 12 and 9 blo cks d enoted by B 1 , . . . , B 9 as follo ws: d : B lock S y mbol B lock S y mbol B lock S y mbol B 1 2 , 3 , 7 , 10 B 4 1 , 3 , 8 , 11 B 7 1 , 2 , 9 , 12 B 2 1 , 5 , 6 , 10 B 5 2 , 4 , 6 , 11 B 8 3 , 4 , 5 , 12 B 3 4 , 8 , 9 , 10 B 6 5 , 7 , 9 , 11 B 9 6 , 7 , 8 , 12 ✷ Deﬁnition 2.3 A b alanc e d inc omplete blo ck (BIB) design is a blo ck design d ∗ satisfying the fol lowing c onditions: (i) e ach symb ol app e ars at most onc e in a b lo c k , (i i ) e ach blo ck has a ﬁxe d numb er of symb ols, say k ∗ , (iii) e ach symb ol app e ars in a ﬁxe d numb er of blo cks, say r ∗ , and (iv) every p air of distinct symb ols app e ar to gether in λ blo cks. The inte ger λ is called the concurrence parameter of the BIB design. It can b e c h eck ed that th e design in Example 2.1 is a BIB design with λ = 1 . Deﬁnition 2.4 A r elationship deﬁne d on a set of symb ols is c al le d an asso ciation scheme with two asso ciate classes if it satisﬁes the fol lowing c onditio ns: (a) any two distinct symb ols ar e c al le d either 1st or 2nd asso c i ates of e ach other, any symb ol b e ing c al le d the 0th asso ciate of itself, (b) e ach symb ol has θ j j th asso ciates ( j = 0 , 1 , 2 ), and (c) for every p air of symb ols which ar e j th asso ciates of e ach other, ther e ar e φ j u,w symb ols that ar e u th asso ciates of one and w th asso ciates of the other ( j, u, w = 0 , 1 , 2) . The follo w ing r elations are eviden t from Deﬁnition 2.4: θ 0 = 1 , φ 1 0 , 0 = φ 1 0 , 2 = φ 1 2 , 0 = φ 2 0 , 0 = φ 2 1 , 0 = φ 2 0 , 1 = 0 , φ 1 0 , 1 = φ 1 1 , 0 = φ 2 0 , 2 = φ 2 2 , 0 = 1 . (1) V arious asso ciatio n sc hemes are a v ailable in the literature and for these w e refer to Clat w orth y (1973 ). Our construction and results are v alid for an y general asso ciation scheme but in our illustrations in Section 6, we use three of these association sc hemes, namely group divisib le, triangular and Latin square t yp e association sc h emes. These are deﬁned b elo w. Deﬁnition 2.5 L et ther e b e af symb ols, ( a, f ≥ 2) , p artition e d into a gr oups of f symb ols e ach, and let the symb ols in the i th gr oup b e denote d by i 1 , i 2 , . . . , if , i = 1 , . . . , a . A gr oup divisible (GD) asso ciation scheme on these af symb ols is deﬁne d as one wher e two distinct symb ols ar e c al le d 1 st asso ciates i f they b elong to the same gr oup, and 2 nd asso ciates otherwise. 6 The ab o v e deﬁn ition implies that for the GD asso ciation sc heme, in add ition to (1) we h a v e θ 1 = f − 1 , θ 2 = f ( a − 1) , φ 1 1 , 1 = f − 2 , φ 1 1 , 2 = φ 1 2 , 1 = 0 , φ 1 2 , 2 = f ( a − 1) , φ 2 1 , 1 = 0 , φ 2 1 , 2 = φ 2 2 , 1 = f − 1 , φ 2 2 , 2 = f ( a − 2) . Example 2.3 Let a = 2 , f = 3. Then the 6 symb ols are partitioned into tw o groups as: { 11 , 12 , 13 } , { 2 1 , 22 , 23 } . No w, f or the symbol 11, the 1st asso ciates are 12 , 13 w hile its 2nd asso ciates are 21 , 22 , 23 . Similarly , the 1st and 2nd asso ciates of other symbols ma y b e wr itten do wn and the parameters of the scheme can b e obtained. ✷ Deﬁnition 2.6 L et ther e b e  m 2  symb ols, ( m ≥ 4) , denote d by or der e d p airs ij , 1 ≤ i < j ≤ m . A triangular asso ciation scheme on these symb ols is deﬁne d as one wher e any two distinct symb ols ar e c al le d 1 st ass o ciates if the or der e d p airs r epr esenting these symb ols have one element in c ommon, and 2 nd asso ciates otherwise. The ab o ve deﬁnition implies that f or the triangular association sc h eme, in addition to (1) we ha v e θ 1 = 2( m − 2) , θ 2 =  m − 2 2  , φ 1 1 , 1 = m − 2 , φ 1 1 , 2 = φ 1 2 , 1 = m − 3 , φ 1 2 , 2 =  m − 3 2  , φ 2 1 , 1 = 4 , φ 2 1 , 2 = φ 2 2 , 1 = 2 m − 8 , φ 2 2 , 2 =  m − 4 2  . Example 2.4 Let m = 5. The  5 2  (= 10) symb ols are denoted b y the ordered p airs: 12 , 13 , 14 , 15, 23 , 24 , 25 , 34 , 35 , 45 . No w, for the sym b ol 12, the 1st asso ciates are 13 , 14 , 15 , 23 , 24 , 25 while its 2nd asso ciates are 34 , 35 , 45 . Similarly , the 1st and 2nd asso ciates of other sym b ols ma y b e written do wn and the parameters of th e sc h eme obtained. ✷ Deﬁnition 2.7 L et ther e b e p 2 symb ols, p ≥ 3 , arr ange d in a p × p squar e S and supp ose k − 2 mutual ly ortho gonal L atin squar es of or der p ar e available. A L atin squar e typ e asso ciation scheme on these p 2 symb ols is deﬁne d as one wher e any two distinct symb ols ar e c al le d 2 nd asso ciates if they o c cur in the same r ow or same c olumn of S or if, after sup erimp osing e ach of the L atin squar es on S , they o c cur in p ositions o c cupie d by the same letter in any of the L atin squar es. O therwise, they ar e c al le d 1 st asso ciates. The ab ov e deﬁn ition implies that for the Latin square t yp e asso ciation scheme, in addition to (1) w e ha v e θ 1 = ( p − 1)( p − k + 1) , θ 2 = k ( p − 1) , φ 1 1 , 1 = ( p − k )( p − k − 1) + p − 2 , φ 1 1 , 2 = φ 1 2 , 1 = k ( p − k ) , φ 1 2 , 2 = k ( k − 1) , φ 2 1 , 1 = ( p − k )( p − k + 1) , φ 2 1 , 2 = φ 2 2 , 1 = ( k − 1)( p − k + 1) , φ 2 2 , 2 = ( k − 1)( k − 2) + p − 2 . 7 Example 2.5 Let p = 4 and k = 3 . W e denote the 4 2 (= 16) symb ols by the ordered p airs: 11 , 12 , 13 , 14 , 21 , 22 , . . . , 43 , 44 and wr ite S and the single Latin s quare L as S = 11 12 13 14 21 22 23 24 31 32 33 34 41 42 43 44 , L = A B C D B C D A C D A B D A B C. Then it follo ws that for the symb ol 11 , the 2nd associates are 12 , 13 , 14 , 21 , 31 , 41 , 24 , 33 , 42 , while its 1st asso ciates are 22 , 23 , 32 , 34 , 43 , 44. Similarly , the 1st and 2nd asso ciates of other sym b ols ma y b e wr itten do wn and the parameters of the sc heme obtained. ✷ Deﬁnition 2.8 Given an asso ciation scheme with two asso ciate c lasses on a set of v ∗ symb ols, a p artial ly b alanc e d inc omplete blo ck (PBIB) design b ase d on this asso ciation scheme is a blo ck design d ∗ with v ∗ symb ols and b ∗ blo cks satisfying the fol lowing c onditions: (i) e ach symb ol app e ars at most onc e in a b lo c k , (ii) e ach blo ck has a ﬁxe d numb er of symb ols, say k ∗ , (iii) e ach symb ol app e ars in a ﬁxe d numb er of blo cks, say r ∗ , and (iv) every p air of symb ols which ar e j th asso ciates of e ach other app e ar to gether in λ j blo cks ( j = 1 , 2 ). The intege rs λ 1 and λ 2 are the t w o concurr ence paramete rs of the PBIB d esign, where λ 1 6 = λ 2 . Example 2.6 W e can constru ct a PBIB design d ∗ based on the GD asso ciation sc heme b y pairing ea c h of the af symb ols with its second asso ciates to form the blo cks. T h us, s u c h a design can b e constructed for ev ery integ er a, f ( ≥ 2). It is easy to see that this d esign will ha v e v ∗ = af , b ∗ =  a 2  f 2 , k ∗ = 2 , r ∗ = ( a − 1) f and λ 1 = 0 , λ 2 = 1. F or examp le, a PBIB design based on the GD asso ciation sc h eme in Example 2.3 can b e constru cted by pairing eac h of the 6 sym b ols with its second asso ciates to get 9 blo cks as follo ws: d ∗ : B lock S y mbol B lock S y mbol B l ock S y mbol 1 11 , 21 4 1 2 , 21 7 13 , 21 2 11 , 22 5 12 , 22 8 13 , 22 3 11 , 23 6 12 , 23 9 13 , 23 . Clearly , this GD design has v ∗ = 6 , b ∗ = 9 , k ∗ = 2 , r ∗ = 3 , λ 1 = 0 , λ 2 = 1. ✷ Example 2.7 W e can construct a PBIB design d ∗ based on the triangular association sc heme b y pairing eac h of the  m 2  sym b ols w ith its second asso ciates to get th e b lo c ks. Thus, such a 8 design can b e constructed for ev ery m ≥ 4. It is easy to see that this d esign will hav e v ∗ =  m 2  , b ∗ = 3  m 4  , k ∗ = 2, r ∗ =  m − 2 2  , and λ 1 = 0 , λ 2 = 1 . F or example, a PBIB design based on the triangular asso ciation sc h eme in Example 2.4 has 10 sym b ols arranged in 15 blo c ks give n b y: (12 , 34) , (12 , 35) , (12 , 45) , (13 , 24) , (13 , 25 ) , (13 , 4 5) , etc. ✷ F or a give n p ositive in tege r t ( ≥ 1), w e now consider t blo c k designs d ∗ 1 , . . . , d ∗ t suc h that eac h d ∗ i is a PBIB design based on an association scheme w ith t w o asso ciate classes and concurrence parameters λ 1 = 0, λ 2 = 1, th e common occurr ence n um b er of ev ery sym b ol in d ∗ i ( i = 1 , . . . , t ) b eing at least t . F or 1 ≤ i ≤ t , consider the dual d i of d ∗ i and den ote the symbols of d i b y 1( i ) , . . . , v i ( i ) , and b lo c ks by B 1 ( i ) , . . . , B b i ( i ) . Then from Deﬁnitions 2.2 and 2.8, it is evident that eac h su ch d i , inv olving v i sym b ols and b i blo c ks, satisﬁes the f ollo win g conditions: (I) ev ery symbol o ccurs at most once in eac h blo ck of d i , (I I) ev ery symbol o ccurs in a ﬁxed n um b er of blo cks, sa y r i (2 ≤ r i < b i ) , of d i , (I I I) eve ry b lo c k of d i con tains a ﬁxed num b er of sym b ols, sa y k i ( v i > k i ≥ t ), and (IV) there is an asso ciation sc heme with t w o asso ciate classes on the set of blo cks of d i ; an y t w o distinct blo c ks either ha v e no common symb ol, in whic h case they are called 1st asso ciates of eac h other; or th ey h a v e exact ly one symb ol in common, in wh ich case they are calle d 2nd asso ciates of eac h other; eve ry blo c k b eing its o wn 0th asso ciate. F or 1 ≤ i ≤ t , let θ j ( i ) d enote the n um b er of j th asso ciates of an y blo ck of d i , and giv en an y t w o blo cks w h ic h are j th asso ciates of eac h other, let φ j u,w ( i ) denote the num b er of blocks of d i whic h are u th asso ciates of one an d w th asso ciates of the other ( j, u, w = 0 , 1 , 2) . Th en clearly , for eac h design d i the relations corresp onding to (1) hold, and moreo ver, θ 0 ( i ) = 1 , θ 1 ( i ) + θ 2 ( i ) = b i − 1 and θ 1 ( i ) > 0 , θ 2 ( i ) > 0 (1 ≤ i ≤ t ) . (2) Example 2.8 Let d ∗ 1 b e the PBIB d esign giv en in Example 2.6. Then, the dual of d ∗ 1 is give n b y a design d 1 with 6 symbols arranged in 9 blo cks. Denoting these symb ols as 1(1) , . . . , 9(1) and the blo c ks as B 1 (1) , . . . , B 6 (1) as describ ed ab ov e, the design d 1 has blo c ks giv en by: d 1 : Block Sym b ols Block Sym b ols Bloc k Symbols B 1 (1) 1(1) , 2(1) , 3(1) B 3 (1) 7(1) , 8(1) , 9(1) B 5 (1) 2(1) , 5(1) , 8(1) B 2 (1) 4(1) , 5(1) , 6(1) B 4 (1) 1(1) , 4(1) , 7(1) B 6 (1) 3(1) , 6(1) , 9(1) Clearly , d 1 satisﬁes conditions (I)-(II I) abov e with v 1 = 9 , b 1 = 6 , r 1 = 2 , k 1 = 3. Also, 9 condition (IV) is satisﬁed; we ha ve the follo w in g asso ciation structure: Block 1st asso ciates 2nd asso ciates B 1 (1) B 2 (1) , B 3 (1) B 4 (1) , B 5 (1) , B 6 (1) B 2 (1) B 1 (1) , B 3 (1) B 4 (1) , B 5 (1) , B 6 (1) B 3 (1) B 1 (1) , B 2 (1) B 4 (1) , B 5 (1) , B 6 (1) B 4 (1) B 5 (1) , B 6 (1) B 1 (1) , B 2 (1) , B 3 (1) B 5 (1) B 4 (1) , B 6 (1) B 1 (1) , B 2 (1) , B 3 (1) B 6 (1) B 4 (1) , B 5 (1) B 1 (1) , B 2 (1) , B 3 (1) So, in addition to the relations in (1), we hav e θ 1 (1) = 2 , θ 2 (1) = 3 , φ 1 1 , 1 (1) = 1 , φ 1 1 , 2 (1) = φ 1 2 , 1 (1) = 0 , φ 1 2 , 2 (1) = 3 , φ 2 1 , 1 (1) = 0 , φ 2 1 , 2 (1) = φ 2 2 , 1 (1) = 2 , φ 2 2 , 2 (1) = 0 . ✷ In the ab o ve develo pmen t, we can as w ell tak e an y d ∗ i to b e a BIB design with λ = 1 , eac h sym b ol app earing at lea st t times in the design. Then b y Deﬁnitions 2.2 and 2.3, its dual design d i will again satisfy th e conditions (I)-(IV), but with θ 1 ( i ) = 0. This is b ecause in this case, an y t w o b lo c ks of d i will alw a ys ha v e exactly one symb ol in common and so b y (IV), any t w o distinct b lo c ks of d i can only b e second asso ciates, there b eing no 1st associates for an y blo ck. Th us, conditions (1) and (2) are v alid, k eeping in mind that n ow in (2), θ 1 ( i ) = 0 and in (1), the quantit ies φ 1 u,w ( i ) do not arise, w hile φ 0 u,w ( i ) = 0 and φ 2 u,w ( i ) = 0 whenever u = 1 or w = 1. Example 2.9 Let d ∗ 2 b e the BIB d esign in Examp le 2.1. Th en, the dual of d ∗ 2 is the design in Example 2.2, denoted by d 2 , sa y . Clearly , d 2 satisﬁes conditions (I)-(I I I ) with v 2 = 12 , b 2 = 9 , r 2 = 3 , k 2 = 4. Also, co ndition (IV) is satisﬁed with no blo ck in d 2 ha ving any other b lo c k as its 1st associate, all distinct blo cks b eing 2nd asso ciates of eac h other. Thus, in addition to the relations in (1), we ha ve θ 1 (2) = 0 , θ 2 (2) = 8 , φ 2 1 , 1 (2) = φ 2 1 , 2 (2) = φ 2 2 , 1 (2) = 0 , φ 2 2 , 2 (2) = 7 . ✷ In view of the ab ov e discussion, deﬁne t w o sets Q and ¯ Q as Q = { i : 1 ≤ i ≤ t, θ 1 ( i ) > 0 } and ¯ Q = { i : 1 ≤ i ≤ t, θ 1 ( i ) = 0 } . (3) Clearly , i ∈ Q if d ∗ i is a PBIB design and i ∈ ¯ Q if d ∗ i is a BIB design as indicated ab o ve. 3 Construction of KPS Supp ose the intersec tion thr eshold of the requir ed KPS is stipulated as q . W e consider t = q blo c k designs d ∗ i , 1 ≤ i ≤ t, where eac h d ∗ i is either a PBIB design with λ 1 = 0 , λ 2 = 1 or a 10 BIB design with λ = 1; ev ery symb ol app earing at least t times in eac h design. As b efore, for 1 ≤ i ≤ t, let d i b e the du al of design d ∗ i , so d i satisﬁes conditions (I)-( IV) listed in Sub section 2.2. A KPS with q = t , based on th e designs d 1 , . . . , d t is constructed as follo ws. First ident ify the symbols in d 1 , . . . , d t as the k eys of the KPS. Next, consider all p ossible selections of one block from eac h d i , 1 ≤ i ≤ t, and tak e the union of the t blo cks in eac h suc h select ion as a nod e of the KPS. Th us the resu lting K PS has v = P t i =1 v i k eys giv en b y th e sym b ols 1( i ) , . . . , v i ( i ) , (1 ≤ i ≤ t ) and n = Π t i =1 b i no des giv en by N ( α 1 . . . α t ) = B α 1 (1) ∪ · · · ∪ B α t ( t ) , 1 ≤ α i ≤ b i , 1 ≤ i ≤ t . (4) By condition (I I I) in Su bsection 2.2, ev ery no de h as k = P t i =1 k i k eys. Note that n is m ultiplica- tiv e in the b i while k is add itiv e in the k i , 1 ≤ i ≤ t . As illustrated later, th is helps in attaining the t win ob jectiv es of ha v in g a large num b er of no des in th e net work while keeping the num b er of k eys stored p er n o de relativ ely small. Remark 3.1 One of the t w o constructions in Lee and Stinson (2008), namely , the one with q = 1, is co v ered by (4). This fact will b e elucidated in more detail in Remarks 4.3 and 5.3. ✷ F or 1 ≤ i ≤ t , it is clear from (4) that th e b lo c k B α i ( i ) is the con tribution of the design d i to the no d e N ( α 1 . . . α t ). F rom this p ersp ectiv e, w e in tro duce the follo wing d eﬁnition. Deﬁnition 3.1 When no des ar e c onstructe d as in (4), the blo ck of d i that app e ars in any no de A is c al le d the pr oje ction of the no de A on the design d i and is denote d by pr oj ( A, i ) . Th us from (4), B α i ( i ) is the pro jection of the no d e N ( α 1 . . . α t ) on d i . W e no w deﬁn e an asso ciation sc heme on the set of n o des as giv en b y (4). This w ill pla y a crucial role in exploring the prop erties of the K PSs obtained thr ough (4). Here eac h asso ciate relationship is represented b y a t -tuple of the form j 1 . . . j t . Deﬁnition 3.2 Two distinct no des A and A ′ ar e j 1 . . . j t th asso ciates of e ach other if, for 1 ≤ i ≤ t , pr oj ( A, i ) and pr oj ( A ′ , i ) ar e j i th asso ciates of e ach other. W e illustrate the ab o v e ideas with a small toy example b elo w. Example 3.1 T oy Example: Let q = 2. So, by the ab ov e metho d , we tak e t = 2 and constru ct a KP S with q = 2 based on t w o designs, d ∗ 1 and d ∗ 2 . Let us tak e d ∗ 1 as the PBIB design giv en 11 in Example 2.6 and d ∗ 2 as the BIB design in Example 2.1. Their resp ectiv e duals d 1 and d 2 are giv en in Examples 2.8 and 2.2. Th e K P S constructed b y th e ab o ve metho d h as n = b 1 b 2 = 54 no des with k = k 1 + k 2 = 7 keys p er no de. Using (4), w e get the k ey assignmen ts in the no d es, for example, t w o t ypical no d es are: N (1 , 1) = B 1 (1) ∪ B 1 (2) = 1(1) , 2(1) , 3(1) , 2(2) , 3(2) , 7(2) , 10(2) , and N (3 , 4) = B 3 (1) ∪ B 4 (2) = 7(1) , 8(1) , 9(1) , 1(2) , 3(2) , 8(2) , 11(2) . Then, by Deﬁnition 3.1, the blo c ks B 1 (1) and B 1 (2) are the pro jections of the no d e N (1 , 1) on the d esigns d 1 and d 2 , resp ectiv ely , i.e., pr oj ( N (1 , 1) , 1) = B 1 (1) and pr oj ( N (1 , 1) , 2) = B 1 (2) . Similarly , pr oj ( N (3 , 4) , 1) = B 3 (1) and pr oj ( N (3 , 4) , 2) = B 4 (2) . No w , from Examples 2.8 and 2.9, we see that B 1 (1) and B 3 (1) are 1st asso ciate s while B 1 (2) and B 4 (2) are 2nd asso ciates. So, by Deﬁnition 3.2 w e sa y that no des N (1 , 1) and N (3 , 4) are 12th associates of eac h other. ✷ In Deﬁnition 3.2, j 1 . . . j t 6 = 0 . . . 0 , since the nod es A and A ′ are distinct. Also, by (3), j i = 0 , 1 or 2 if i ∈ Q and j i = 0 or 2 if i ∈ ¯ Q . Thus the set of all p ossib le asso ciate r elationships b et w een t w o distinct no des in the KPS is giv en by I = { j 1 . . . j t : j 1 . . . j t 6 = 0 . . . 0; j i = 0 , 1 or 2 if i ∈ Q and j i = 0 or 2 if i ∈ ¯ Q } . (5) W e no w obtain expressions for certain parameters of the association scheme on the set of no des, as giv en by Deﬁn ition 3.2. F or j 1 . . . j t ∈ I , let n j 1 ...j t denote the num b er of j 1 . . . j t th asso ciates of an y n o de A . T hen by Deﬁnition 3.2, n j 1 ...j t equals the pro d uct, o v er 1 ≤ i ≤ t , of the num b er of j i th asso ciates of pr oj ( A, i ). Th er efore, n j 1 ...j t = t Y i =1 θ j i ( i ) . (6) Again, giv en any tw o no des wh ich are j 1 . . . j t th asso ciates of eac h other, let p j 1 ...j t u 1 ...u t ,w 1 ...w t denote the n u m b er of no des that are u 1 . . . u t th asso ciates of one no de and w 1 . . . w t th asso ciates of the other, where j 1 . . . j t , u 1 . . . u t and w 1 . . . w t ∈ I . Then as in (6), p j 1 ...j t u 1 ...u t ,w 1 ...w t = t Y i =1 φ j i u i ,w i ( i ) . (7) Let λ j 1 ...j t denote the num b er of common keys b et w een an y tw o distinct no des A and A ′ whic h are j 1 . . . j t th asso ciates of eac h other, j 1 . . . j t ∈ I . Then from Deﬁnition 3.2 it f ollo ws that λ j 1 ...j t = t X i =1 ψ j i ( i ) (8) 12 where ψ j i ( i ) is the num b er of sym b ols (or equiv alen tly , k eys) common to proj ( A, i ) and pr oj ( A ′ , i ) when they are j i th asso ciates of eac h other. By cond ition (IV) of Subs ection 2.2 and the f act that eac h blo c k of d i is the 0th asso ciate of itself, it is eviden t that ψ 0 ( i ) = k i , ψ 1 ( i ) = 0 , ψ 2 ( i ) = 1 , 1 ≤ i ≤ t. (9) W e illustrate these concepts by conti n uing with the to y example in Example 3.1. Example 3.2 T oy Example c ontinue d: Since d ∗ 1 is a PBIB and d ∗ 2 a BIB design, b y (5), the set of all p ossible asso ciate relationships b et w een an y t w o n o des in the KPS is I = { 02 , 10 , 12 , 20 , 22 } . No w , E xamples 2.8 and 2.9 sho w that θ 1 (1) = 2 , θ 2 (1) = 3 and θ 2 (2) = 8. Recalling from (1) that θ 0 (1) = θ 0 (2) = 1, b y (6) it follo ws that the num b er of 02th asso ciates of any no de in the KPS is n 02 = 1 × 8 = 8 . Similarly , n 10 = 2 , n 12 = 16 , n 20 = 3 , n 22 = 24 . No w, using the v alues of φ j 1 u 1 ,w 1 (1) and φ j 2 u 2 ,w 2 (2) from E xamples 2.8 and 2.9 and remem b ering (1), it follo w s from (7) that p 12 02 , 10 = φ 1 01 (1) φ 2 20 (2) = 1 × 1 = 1 = p 12 10 , 02 , and similarly , p 12 22 , 20 = p 12 20 , 22 = 3 × 1 = 3 , p 12 22 , 22 = 3 × 7 = 21 , p 12 02 , 12 = p 12 12 , 02 = 1 × 7 = 7 , p 12 10 , 12 = p 12 12 , 10 = 1 × 1 = 1 , p 12 12 , 12 = 1 × 7 = 7 , while ev ery other p 12 u 1 u 2 ,w 1 w 2 equals zero. Again, b y (9), ψ 0 (1) = 3 , ψ 0 (2) = 4 , ψ 1 (1) = 0 , ψ 2 (1) = ψ 2 (2) = 1, and so it f ollo ws f rom (8) that the num b er of symbols common b et w een an y t wo n o des which are 02th asso ciates of eac h other is λ 02 = 3 + 1 = 4 . Similarly , λ 10 = 4 , λ 12 = 1 , λ 20 = 5 , λ 22 = 2 . Hence, since q = 2, all pairs of no des, other th an those whic h are 12th asso ciates of eac h other, can communicate directly with one another. ✷ 4 Lo c al connectivit y In this section w e explore the local connectivit y of the K P S introdu ced in (4). Theorem 4.1 is the main result in this section and it giv es an expression f or the metric Pr for this sc heme, in terms of the parameters of the constituen t d esigns. Some notation and t wo lemmas are needed in order to present th e theorem. Let ∆ = { j 1 . . . j t : j 1 . . . j t ∈ I , λ j 1 ...j t ≥ q } , (10) where I is giv en b y (5). So, an y tw o n o des whic h are j 1 . . . j t th asso ciates of eac h other can comm unicate d irectly on ly if j 1 . . . j t ∈ ∆ . Let ¯ ∆ b e the complemen t of ∆ in I and let P ∆ , P ¯ ∆ and P I stand for sums o v er j 1 . . . j t ∈ ∆ , j 1 . . . j t ∈ ¯ ∆ and j 1 . . . j t ∈ I , resp ectiv ely . 13 Giv en t w o distinct n o des which are j 1 . . . j t th asso ciates of eac h other, let µ j 1 ...j t denote the n um b er of no d es sharing at least q (= t ) common keys with b oth of th em. Also, f or any tw o distinct no des A and A ′ in eac h other’s neigh b orho od , let the in tersection of their neigh b orho od s con tain η no des excludin g A and A ′ themselv es. Deﬁn e β j 1 ...j t = 1 −  n − 2 − µ j 1 ...j t η   n − 2 η  , j 1 . . . j t ∈ ¯ ∆ . (11) Lemma 4.1 Any j 1 . . . j t ( ∈ I ) i s a memb er of ∆ if and only if either (a) j i = 0 for at le ast one i , or (b) j 1 = · · · = j t = 2 . Pro of of Lemma 4.1 F ollo ws from (8), (9) and (10), noting that k i ≥ t for eac h i by condition (I I I) of Su bsection 2.2. ✷ Lemma 4.2 Given two distinct no des which ar e j 1 . . . j t th asso ciates of e ach other, if j 1 . . . j t ∈ ¯ ∆ , then µ j 1 ...j t = P P p j 1 ...j t u 1 ...u t ,w 1 ...w t , the double sum b eing over u 1 . . . u t ∈ ∆ and w 1 . . . w t ∈ ∆ . Pro of of Lemma 4.2 F ollo ws from (10), on recalling the deﬁ nition of p j 1 ...j t u 1 ...u t ,w 1 ...w t . ✷ Theorem 4.1 The pr ob ability that two distinct r ando mly c hosen no des A and A ′ in e ach other’s neighb orho o d c an establish c ommunic ation, either dir e ctly or via a two-hop p ath, e q uals Pr = Pr 1 + Pr 2 , wher e Pr 1 = P ∆ n j 1 ...j t n − 1 , (12) and Pr 2 = X ¯ ∆ n j 1 ...j t n − 1 β j 1 ...j t ≈ X ¯ ∆ n j 1 ...j t n − 1  1 −  1 − µ j 1 ...j t n − 2  η  . (13) Pro of of Theorem 4.1 Let C b e the eve n t that the n o des A and A ′ can establish comm u- nication either directly or via a t w o-hop path. Deﬁne E ( j 1 . . . j t ) as th e ev ent that A and A ′ are j 1 . . . j t th asso ciates of eac h other. Since the ev en ts E ( j 1 . . . j t ) , j 1 . . . j t ∈ I , are m utually exclusiv e and exhaustive , we ca n wr ite Pr = P ( C ) = X I P { E ( j 1 . . . j t ) } P { C | E ( j 1 . . . j t ) } , (14) where P { C | E ( j 1 . . . j t ) } is, as usual, the conditional p robabilit y of C , giv en E ( j 1 . . . j t ). No w, for eac h j 1 . . . j t ∈ I , recalling that there are n j 1 ...j t no des which are j 1 . . . j t th asso ciates of an y giv en no de, it follo ws that P { E ( j 1 . . . j t ) } = 1 2 n × n j 1 ...j t  n 2  = n j 1 ...j t n − 1 . (15) 14 Moreo ver, if j 1 . . . j t ∈ ∆, then by (10), A and A ′ ha v e at least t common keys and hence can establish direct communicati on, imp lying P { C | E ( j 1 . . . j t ) } = 1 , for j 1 . . . j t ∈ ∆ . (16) On the other hand, if j 1 . . . j t ∈ ¯ ∆, then they ha v e less than t common k eys. In this case, direct comm unication b et w een A and A ′ is not p ossible bu t they can establish comm unication via a t w o-hop path pro vided the in tersection of their neigh b orho o ds con tains on e of the µ j 1 ...j t no des sharing at least t common ke ys with b oth of them. Hence , u sing (11), it is clear that P { C | E ( j 1 . . . j t ) } = β j 1 ...j t , for j 1 . . . j t ∈ ¯ ∆ . (17) Substitution of (15), (16) and (17) in (14) establishes the theorem. ✷ Remark 4.1 The appro ximation used in (13) is quite accurate wh en the quan tities n − 2 − µ j 1 ,...,j t are large r elativ e to η , whic h is t ypically the case. Note also that the expression for Pr 2 in (13) is a reﬁnemen t of that used in Lee and Stinson (2008) for q = 2. T o see this, ﬁrst note from (12) that P ¯ ∆ n j 1 ...j t n − 1 = n − 1 − P ∆ n j 1 ...j t n − 1 = 1 − Pr 1 , (18) b ecause P I n j 1 ...j t = n − 1. Next, write µ ∗ = m in { µ j 1 ...j t : j 1 . . . j t ∈ ¯ ∆ } and from (11) observe that β j 1 ...j t ≥ β ∗ for ev ery j 1 . . . j t ∈ ¯ ∆, wh er e β ∗ is deﬁned as in (11) with µ j 1 ...j t replaced by µ ∗ . As a result, from (13) and (18), we ge t Pr 2 ≥ X ¯ ∆ n j 1 ...j t n − 1 β ∗ = (1 − Pr 1 ) β ∗ ≈ (1 − Pr 1 )  1 −  1 − µ ∗ n − 2  η  . (19) F or their quadratic scheme, Lee an d Stinson (2008) to ok Pr 2 as the counte rpart of the lo w er b ound in (19) for their setup . Instead, we w ork here w ith the more direct exp r ession giv en in (13), and in addition, this is v alid for all q ≥ 1. ✷ Remark 4.2 Lee and Stinson (2008) remark ed that it is diﬃcult to ﬁnd an algebraic expression of µ ∗ for their quadr atic KPS, and therefore, stud ied Pr 2 through design sp eciﬁc n umerical ev aluation of µ ∗ . An adv an tage of our metho d is that for all q ( ≥ 1), even when one starts with arbitrary d esigns, T heorem 4.1 giv es readily applicable algebraic expressions for b oth Pr 1 and Pr 2 for our sc hemes in terms of the design parameters. Equations (2), (6), (7), and Lemmas 4.1 and 4.2 can b e us ed in ﬁnding the n j 1 ...j t and µ j 1 ...j t , and hence one can ﬁn d Pr 1 and Pr 2 explicitly in sp eciﬁc situations. The f ollo wing examples serve to illustrate this p oin t for the cases q = 1 and q = 2 . ✷ 15 Example 4.1 Case: q = 1. W e tak e t = 1 and constru ct a KPS as in (4) with d ∗ 1 either (a) a PBIB or (b) a BIB design. (a) If d ∗ 1 is a P BIB design with λ 1 = 0 , λ 2 = 1, then its dual design d 1 has θ 1 (1) > 0. Then n = b 1 and by (3), (5) and Lemma 4.1, Q = { 1 } , I = { 1 , 2 } , ∆ = { 2 } and ¯ ∆ = { 1 } . Also, from (6) and (7), n 1 = θ 1 (1) , n 2 = θ 2 (1) and p 1 2 , 2 = φ 1 2 , 2 (1). So b y Lemma 4.2, µ 1 = p 1 2 , 2 = φ 1 2 , 2 (1). Hence (12) and (13) yield Pr 1 = θ 2 (1) b 1 − 1 and Pr 2 ≈ θ 1 (1) b 1 − 1 " 1 − 1 − φ 1 2 , 2 (1) b 1 − 2 ! η # . (20) (b) If d ∗ 1 is a BIB design with λ = 1, then its dual d 1 has θ 1 (1) = 0, θ 2 (1) = b 1 − 1 . T hen n = b 1 and by (3), (5) and Lemma 4.1, ¯ Q = { 1 } , I = { 2 } = ∆ . So by (12), Pr 1 = b 1 − 1 b 1 − 1 = 1 alw ays. ✷ Remark 4.3 As m en tioned in the Remark 3.1, the construction in Lee and Stins on (2008) with q = 1 is co v er ed by (4) . T o see this in detail, we ﬁrst note that in their construction, the no des are tak en as the b lo c ks of a transv ersal design (cf. Stinson (2003 )), with k p symb ols and p 2 blo c ks, suc h that (a) th e set of sym b ols is p artitioned in to k groups eac h of card inalit y p , (b) eac h group contributes one sym b ol to eac h blo c k, and (c) an y t wo sym b ols from diﬀeren t groups o ccur together in exactly one blo c k. Recalling Deﬁnitions 2.7 and 2.8 it can now b e c hec k ed that suc h a transversal design is actually the du al of a PBIB design based on a Latin square type asso ciation sc heme with v ∗ = p 2 , b ∗ = k p, r ∗ = k , k ∗ = p , and λ 1 = 0 , λ 2 = 1 . Hence one can v erify that their construction can equiv alently b e describ ed via our construction in (4) w ith t = 1 and d ∗ 1 c hosen as this PBIB design. Th en its dual d 1 is th eir transv ersal d esign in v olving v 1 = k p sym b ols and b 1 = p 2 blo c ks, such that conditions (I)–(IV) of Subsection 2.2 hold with r 1 = p, k 1 = k , θ 1 (1) = ( p − 1)( p + 1 − k ) , θ 2 (1) = k ( p − 1) , φ 1 2 , 2 (1) = k ( k − 1) . Hence we can apply (20) to get Pr 1 = k p + 1 and Pr 2 ≈  1 − k p + 1   1 −  1 − k ( k − 1) p 2 − 2  η  . These exactly matc h the expressions for Pr 1 and Pr 2 in Su bsection 4.1.1 of Lee and Stinson (2008 ). W e will see in Remark 5.3 that their expression for fail( s ) also f ollo w from our corre- sp ond ing expressions. ✷ Example 4.2 Case: q = 2. T oy example: W e con tin u e with the KPS consid er ed in Exam- ples 3.1 and 3.2. F rom the λ j 1 j 2 v alues in Example 3.2, it follo ws that ∆ = { 02 , 10 , 20 , 22 } and so, using the n j 1 j 2 v alues ob tained there, (12) giv es Pr 1 = (8 + 2 + 3 + 24) / 53 = 0 . 6981. T o 16 obtain Pr 2 , w e see that ¯ ∆ = { 12 } , an d so, remem b ering the v alues of p 12 u i u 2 ,w 1 w 2 , u 1 u 2 , w 1 w 2 ∈ ∆ , obtained in Example 3.2 , it follo ws from Lemma 4.2 that µ 12 = 1 + 1 + 3 + 3 + 21 = 29 . Hence, from (13), Pr 2 = 16 53 [1 − (1 − 29 / 52 ) η ] and for v arying v alues of η w e ha v e η 1 2 3 4 5 10 15 20 Pr 1 + Pr 2 0.8665 0.940 9 0.9739 0.98 84 0.9949 0.9999 1.0000 1.0000 ✷ Example 4.3 General Case, q = 2: (a) PBIB and BIB d esign: Supp ose we construct a KPS as in (4) b ased on t wo designs d ∗ 1 and d ∗ 2 giv en by a PBIB design with λ 1 = 0 , λ 2 = 1 an d a BIB design with λ = 1, resp ectiv ely . Hence th eir duals d 1 and d 2 ha v e θ 1 (1) > 0 and θ 1 (2) = 0. Then n = b 1 b 2 and b y (3), (5) and Lemma 4.1, w e hav e Q = { 1 } , ¯ Q = { 2 } , I = { 02 , 10 , 12 , 20 , 22 } , ∆ = { 02 , 10 , 20 , 22 } a n d ¯ ∆ = { 12 } . Also, by (2) and (6), n 02 = θ 2 (2) , n 10 = θ 1 (1) , n 12 = θ 1 (1) θ 2 (2) , n 20 = θ 2 (1) an d n 22 = θ 2 (1) θ 2 (2) . So from (12), on usin g (2), we ha v e Pr 1 = 1 b 1 b 2 − 1 { θ 2 (2) + θ 1 (1) + θ 2 (1) + θ 2 (1) θ 2 (2) } , = 1 b 1 b 2 − 1 { b 1 + b 2 − 2 + θ 2 (1) θ 2 (2) } . (21) Next b y (7) and Lemma 4.2, µ 12 = X X p 12 u 1 u 2 ,w 1 w 2 = X X φ 1 u 1 ,w 1 (1) φ 2 u 2 ,w 2 (2) = φ 1 0 , 0 (1) φ 2 2 , 2 (2) + φ 1 0 , 1 (1) φ 2 2 , 0 (2) + φ 1 0 , 2 (1) φ 2 2 , 0 (2) + φ 1 0 , 2 (1) φ 2 2 , 2 (2) + φ 1 1 , 0 (1) φ 2 0 , 2 (2) + φ 1 1 , 1 (1) φ 2 0 , 0 (2) + φ 1 1 , 2 (1) φ 2 0 , 0 (2) + φ 1 1 , 2 (1) φ 2 0 , 2 (2) + φ 1 2 , 0 (1) φ 2 0 , 2 (2) + φ 1 2 , 1 (1) φ 2 0 , 0 (2) + φ 1 2 , 2 (1) φ 2 0 , 0 (2) + φ 1 2 , 2 (1) φ 2 0 , 2 (2) + φ 1 2 , 0 (1) φ 2 2 , 2 (2) + φ 1 2 , 1 (1) φ 2 2 , 0 (2) + φ 1 2 , 2 (1) φ 2 2 , 0 (2) + φ 1 2 , 2 (1) φ 2 2 , 2 (2) . Hence in v oking (1) for the asso ciation s chemes underlying the designs d 1 and d 2 , w e get µ 12 = 2 + 2 φ 1 1 , 2 (1) + 2 φ 1 2 , 2 (1) + φ 1 2 , 2 (1) φ 2 2 , 2 (2) . (22) Since ¯ ∆ = { 12 } and n 12 = θ 1 (1) θ 2 (2), (13) now yields Pr 2 ≈ θ 1 (1) θ 2 (2) b 1 b 2 − 1  1 −  1 − µ 12 b 1 b 2 − 2  η  , (23) with µ 12 as giv en in (22). ✷ 17 Example 4.4 General Case q = 2: (b) Both PBIB designs: No w supp ose we construct a KPS as in (4) based on tw o PBIB designs, eac h with λ 1 = 0 and λ 2 = 1, resulting in θ 1 (1) and θ 1 (2) b oth p ositiv e. T hen n = b 1 b 2 and by (3), (5) and Lemma 4.1, Q = { 1 , 2 } , I = { 01 , 02 , 10 , 11 , 12 , 20 , 21 , 22 } , ∆ = { 01 , 02 , 10 , 20 , 22 } and ¯ ∆ = { 11 , 12 , 21 } . Hence pro ceeding as in Example 4.3, one can chec k that Pr 1 = 1 b 1 b 2 − 1 { b 1 + b 2 − 2 + θ 2 (1) θ 2 (2) } , n 11 = θ 1 (1) θ 1 (2) , n 12 = θ 1 (1) θ 2 (2) , n 21 = θ 2 (1) θ 1 (2) µ 11 = 2 + φ 1 2 , 2 (1) φ 1 2 , 2 (2) , µ 12 = 2 + 2 φ 1 1 , 2 (1) + 2 φ 1 2 , 2 (1) + φ 1 2 , 2 (1) φ 2 2 , 2 (2) , µ 21 = 2 + 2 φ 1 1 , 2 (2) + 2 φ 1 2 , 2 (2) + φ 2 2 , 2 (1) φ 1 2 , 2 (2) . Pr 2 can b e readily obtained u s ing these expressions for the n j 1 j 2 and µ j 1 j 2 , j 1 j 2 ∈ ¯ ∆, in (13). ✷ 5 Resiliency W e no w study the resiliency of the KPS as giv en by (4) and f or this we recall the notion of f ail( s ) in tro duced in S ubsection 2.1. Theorem 5.1 b elo w giv es an algebraic expression for fail( s ) and it is the main resu lt of this section. S ome notation and a lemma are needed in order to p resen t the theorem. Let A and A ′ b e t w o d istin ct no des wh ic h ha v e at least t common k eys, i.e., by (10), they are j 1 . . . j t th asso ciates of eac h other, for some j 1 . . . j t ∈ ∆ . Then by Lemma 4.1, the set Ω = { i : 1 ≤ i ≤ t, j i = 0 or 2 } is nonempt y . F or i ∈ Ω, let δ j i ( i ) equal 1 or r i according as j i = 0 or 2, resp ectiv ely . Consider no w an y nonempt y subset Γ of Ω. T hen for i ∈ Γ, as n oted in (9), pr oj ( A, i ) and pr oj ( A ′ , i ) are iden tical if j i = 0, while pr oj ( A, i ) and pr oj ( A ′ , i ) h av e exactl y one common k ey if j i = 2. Deﬁne H ( A, A ′ ; Γ) as the collectio n of no des A ′′ , suc h that for ev ery i ∈ Γ, pr oj ( A ′′ , i ) is diﬀerent f r om pr oj ( A, i )[= pr oj ( A ′ , i )] whenever j i = 0, and pr oj ( A ′′ , i ) do es not includ e the single key common to pr oj ( A, i ) and pr oj ( A ′ , i ) whenever j i = 2. Lemma 5.1 With r efer enc e to any two distinct no des A and A ′ which ar e j 1 . . . j t th asso ciates of e ach other, wher e j 1 . . . j t ∈ ∆ , the c ar dinality of H ( A, A ′ ; Γ) deﬁne d as ab ove is giv e n by σ (Γ) = Y i ∈ Γ { b i − δ j i ( i ) } !   Y i / ∈ Γ b i   . 18 Pro of of Lemma 5.1 In view of th e deﬁnition of the δ j i ( i ), this is eviden t from (4) on recalling that ev ery symbol o ccurs in r i blo c ks of d i b y condition (I I) of Su bsection 2.2. ✷ Theorem 5.1 L et ξ j 1 ...j t = Π t i =1 ξ j i ( i ) , wher e ξ 0 ( i ) = 1 − (1 − b − 1 i ) s , ξ 1 ( i ) = 1 , ξ 2 ( i ) = 1 − (1 − r i b − 1 i ) s , 1 ≤ i ≤ t. Then for s < min( k 1 , . . . , k t ) , fail( s ) ≈ 1 −  n n − 2  s +  n n − 2  s P ∆ n j 1 ...j t ξ j 1 ...j t P ∆ n j 1 ...j t . Pro of of Theorem 5.1 Consider tw o d istinct no d es A and A ′ . Let D denote the ev en t that they hav e at least q (= t ) common k eys and F d en ote the ev ent that the link b et w een them fails when out of the remaining n − 2 n o des, s randomly chosen ones are compromised. T h en fail( s ) = P ( F | D ) = P ( F ∩ D ) /P ( D ) . (24) As in the pro of of T heorem 4.1, let E ( j 1 . . . j t ) denote the ev ent that A and A ′ are j 1 . . . j t th asso ciates of eac h other. Then by (10) and (15), P ( D ) = X ∆ P { E ( j 1 . . . j t ) } = P ∆ n j 1 ...j t n − 1 . (25 ) Similarly , P ( F ∩ D ) = X ∆ P { F ∩ E ( j 1 . . . j t ) } = X ∆ P { E ( j 1 . . . j t ) } P { F | E ( j 1 . . . j t ) } = X ∆ n j 1 ...j t n − 1 P { F | E ( j 1 . . . j t ) } . (26) In order to ﬁ nd an expression for the conditional pr obabilit y in (26), tak e any ﬁxed j 1 . . . j t ∈ ∆, and condition on the ev en t that A and A ′ are j 1 . . . j t th asso ciates of eac h other. Then as noted in the con text of Lemma 5.1, the set Ω = { i : 1 ≤ i ≤ t, j i = 0 or 2 } is nonempt y . By (9), pr oj ( A, i ) and p r oj ( A ′ , i ) ha v e one or more common keys if and only if i ∈ Ω . F or an y su c h i , let G i denote the ev ent that not all of the k ey(s) common to pr oj ( A, i ) and pr oj ( A ′ , i ) o ccur in one or more of th e s randomly chosen no d es that are compromised. Then for the ﬁxed j 1 . . . j t under consideration, by the usual union in tersection formula, P { F | E ( j 1 . . . j t ) } = 1 − P {∪ i ∈ Ω G i } = 1 + X Γ ⊆ Ω ( − 1) | Γ | P ( ∩ i ∈ Γ G i ) , (27) 19 where the sum on th e extreme right is ov er all n onempt y s ubsets Γ of Ω, and | Γ | d en otes the cardinalit y of Γ. Note that the right side of (27) dep ends on j 1 . . . j t through Ω. F or an y ﬁ xed nonempty subset Γ of Ω , we no w ﬁn d the probabilit y P ( ∩ i ∈ Γ G i ) app earing in (27). De note the s randomly c hosen n o des that are compromised by A ∗ 1 , . . . , A ∗ s . Fix an y i ∈ Γ, so that j i = 0 or 2. First supp ose j i = 0. Th en pr oj ( A, i ) and pr oj ( A ′ , i ) are identical , and G i happ en s if and only if , for eac h 1 ≤ l ≤ s , pr oj ( A ∗ l , i ) is d iﬀeren t from pr oj ( A, i )[= pr oj ( A ′ , i )]. The only if part of this claim is ob vious. Th e if part follo w s b ecause an y t w o d istinct b lo c ks of d i in tersect in at most one sym b ol or ke y ( vide condition (IV) of Subsection 2.2) and s < min( k 1 , . . . , k t ). Next, let j i = 2. Then p r oj ( A, i ) and pr oj ( A ′ , i ) h a v e exactly one common k ey and G i happ en s i f and only if , for eac h 1 ≤ l ≤ s , pr oj ( A ∗ l , i ) do es n ot includ e this single common k ey . Recalling the deﬁnition of H ( A, A ′ ; Γ), it is no w cl ear that ∩ i ∈ Γ G i happ en s if and only i f eac h of A ∗ 1 , . . . , A ∗ s b elongs to H ( A, A ′ ; Γ). So, as n = Q t i =1 b i , b y Lemma 5.1, we ge t P ( ∩ i ∈ Γ G i ) =  σ (Γ) s   n − 2 s  ≈  σ (Γ) n − 2  s =  n n − 2  s  σ (Γ) n  s =  n n − 2  s Y i ∈ Γ  1 − δ j i ( i ) b i  s . (28) Since ξ j i ( i ) = 1 for j i = 1, i.e., for i / ∈ Ω , and 1 −  1 − δ j i ( i ) b i  s = ξ j i ( i ) , for j i = 0 or 2, i.e., for i ∈ Ω, su b stitution of (28) in (27) yields P { F | E ( j 1 . . . j t ) } ≈ 1 +  n n − 2  s X Γ ⊆ Ω ( − 1) | Γ | Y i ∈ Γ  1 − δ j i ( i ) b i  s = 1 −  n n − 2  s +  n n − 2  s Y i ∈ Ω  1 −  1 − δ j i ( i ) b i  s  = 1 −  n n − 2  s +  n n − 2  s t Y i =1 ξ j i ( i ) = 1 −  n n − 2  s +  n n − 2  s ξ j 1 ...j t . (29) If we now sub stitute (2 9) in (26) and then sub s titute (25) and (2 6) in (24) the result f ollo ws. ✷ Remark 5.1 The approximati on in (28) and h en ce that in Theorem 5.1 is in the spirit of Lee and Stins on (2008 ). It is quite accurate wh en n and σ (Γ) are large and s is relativ ely sm all, whic h is t ypically the case. ✷ 20 Remark 5.2 The condition s < min( k 1 , . . . , k t ) in Theorem 5.1 is n ot seve re b ecause t yp ically s is not large. Moreo ver, it can b e c hec k ed that for the case q = t = 1, Theorem 5.1 remains v alid ev en without this condition. ✷ Examples 4.1 and 4.3 are now revisited with a view to illustrating T heorem 5.1. E x amp le 4.4 can also b e treated in the same w a y as Example 4.3 and so is not sh o wn here. Example 5.1 Example 4.1 (con tinued). Here t = 1 , n = b 1 and, irr esp ectiv e of whether d ∗ 1 is a PBIB design with λ 1 = 0 , λ 2 = 1, or a BIB design with λ = 1, we ha v e ∆ = { 2 } . Hence Theorem 5.1 yields fail( s ) ≈ 1 −  n n − 2  s +  n n − 2  s ξ 2 (1) = 1 −  b 1 − r 1 b 1 − 2  s . (30) ✷ Remark 5.3 As a con tin u ation of Remarks 3.1 and 4.3, we no w see that the fail( s ) v alues of the lin ear sc heme constructed in Lee and Stinson (2008) also f ollo w from Tho erem 5.1. Since their sc heme has b 1 = p 2 and r 1 = p , on substituting these in our expression (30) w e get fail( s ) ≈ 1 − p 2 − p p 2 − 2 ! s . This matc hes the expression for fail ( s ) in their Sub section 4.1.1 . ✷ Example 5.2 Example 4.3 (con tinued). Here t = 2 , θ 1 (1) > 0 , θ 1 (2) = 0 , n = b 1 b 2 and ∆ = { 02 , 10 , 20 , 22 } . As noted earlier, n 02 = θ 2 (2) , n 10 = θ 1 (1) , n 20 = θ 2 (1) , n 22 = θ 2 (1) θ 2 (2) . (31) Also, ξ 02 = { 1 − (1 − b − 1 1 ) s }{ 1 − (1 − r 2 b − 1 2 ) s } , ξ 10 = 1 − (1 − b − 1 2 ) s , ξ 20 = { 1 − (1 − r 1 b − 1 1 ) s }{ 1 − (1 − b − 1 2 ) s } , ξ 22 = { 1 − (1 − r 1 b − 1 1 ) s }{ 1 − (1 − r 2 b − 1 2 ) s } . (32) One can now r eadily apply Theorem 5.1 to ﬁnd fail( s ) . ✷ 21 6 Applications As mentio ned earlier, our m etho d of construction, based on (4) and app licable to an y q ( ≥ 1), can yield K PSs for widely d iv erse v alues of the un derlying parameters such as the num b er of no des n , the num b er of k eys p er n o de k and the key p o ol size v , th us enabling the p ractitioner to ﬁnd a su itable KPS dep endin g on the r equiremen ts of a given s ituation. This ﬂexibilit y arises b ecause of the freedom in c ho osin g the PBIB or BIB designs d ∗ 1 , . . . , d ∗ t that one s tarts with while applying (4). F urthermore, the analytical results in th e last t w o sections can b e applied to ensur e that the r esulting KPS s b ehav e nicely w ith regard to lo cal connectivit y and r esiliency , as measured b y Pr and fail( s ). In order to giv e a ﬂav or of th e p oin ts noted ab o v e without making the p resen tation too long, w e no w fo cus on the case q = 2 and in the next three s ubsections presen t three applicatio ns where d ∗ 1 is a PBIB design based on the (a) GD, (b ) triangular and (c) Latin square t yp e asso ciation sc hemes, and d ∗ 2 is a BIB d esign; note that these corresp ond to the setup of Example 4.3. The parameter v alues of the resulting KPSs, obtained via (a), (b) and (c) are seen to b e (a) n = af (2 g + 1), k = ( a − 1) f + g , v =  a 2  f 2 + 1 3 (2 g + 1) g , where a, f ( ≥ 2) are any in tege rs and g ( ≥ 3) satisﬁes g = 0 or 1 (mo d 3), (b) n =  m 2  (2 g + 1), k =  m − 2 2  + g , v = 3  m 4  + 1 3 (2 g + 1) g , where m ( ≥ 4) is an y in teger and g is as in (a), (c) n = p 2 (2 g + 1), k = ˜ k + g , v = ˜ k p + 1 3 (2 g + 1) g , where p ( ≥ 3) and ˜ k ( < p + 1) are integ ers suc h that ˜ k − 2 m utually orthogonal Latin squares of ord er p exist, and g is as in (a). Th us these three applications alone are capable of p ro ducing KPSs for a wide range of parameter v alues. Moreo v er, Theorems 4.1 and 5.1 allo w us to explore the prop erties of these KPSs and the examples in th e next three su bsections show that they can b eha v e quite well with r esp ect to Pr and fail( s ). Indeed, our construction in (4), coupled with these theorems, can easily allo w n umerous other c hoices of d ∗ 1 and d ∗ 2 as w ell, and h en ce pa ves the wa y for obtaining KPSs with an ev en more versati le range of parameter v alues, while ens uring attractiv e v alues for Pr and fail( s ). In con trast, the existing metho ds of construction are almost inv ariably design sp eciﬁc, i.e., th ey emplo y only BIB d esigns or only tran s v ersal designs and so on, and as a resu lt, it is v ery diﬃcult f or th ese metho ds to ac hiev e parameter v alues as d iv erse as w hat is ac hiev ed, for instance, in (a)-(c) ab o v e. In addition, the existing metho ds are not alw a ys informative ab out the p rop erties of the resu lting KPSs with regard to lo cal conn ectivit y or r esiliency . W e will 22 return to this comparison in more detail in the concluding section. 6.1 Use of a PBIB design based on the group divisible asso ciation sc heme and a BIB design Supp ose th e design d ∗ 1 in Ex amp le 4.3 is a PBIB design based on the group d ivisible asso ciation sc heme as in Examp le 2.6, with v ∗ 1 = af , b ∗ 1 =  a 2  f 2 , k ∗ 1 = 2 , r ∗ 1 = ( a − 1) f , λ 1 = 0 , λ 2 = 1. As seen th er e, suc h a d ∗ 1 exists for all intege rs a, f ( ≥ 2). Also, let the d ∗ 2 in Example 4.3 b e a BIB design with v ∗ 2 = 2 g + 1 , b ∗ 2 = 1 3 (2 g + 1) g , k ∗ 2 = 3 , r ∗ 2 = g , λ = 1. Suc h a BIB design corresp onds to the S teiner’s triple sys tem and it is w ell kno wn (cf. Kir k m an (1847 )) that it exists for eve ry in teger g ( ≥ 3) satisfying g = 0 or 1 (mo d 3). Note that the BIB design in Example 2.1 b elongs to this class with g = 4. In our construction (4), no w tak e t = 2, with d 1 and d 2 c hosen as the dual designs of d ∗ 1 and d ∗ 2 , resp ectiv ely . Th en recalli ng Deﬁnition 2.2, the parameters of d 1 are v 1 =  a 2  f 2 , b 1 = af , r 1 = 2 , k 1 = ( a − 1) f , θ 1 (1) = f − 1 , θ 2 (1) = ( a − 1) f , φ 1 1 , 2 (1) = 0 , φ 1 2 , 2 (1) = ( a − 1) f , (33) and the parameters of d 2 are v 2 = 1 3 (2 g + 1) g , b 2 = 2 g + 1 , r 2 = 3 , k 2 = g , θ 1 (2) = 0 , θ 2 (2) = 2 g , φ 2 2 , 2 (2) = 2 g − 1 . (34) The KPS obtained f rom d 1 and d 2 via (4) has v = v 1 + v 2 =  a 2  f 2 + 1 3 (2 g + 1) g ke ys and n = b 1 b 2 = af (2 g + 1) no des, there b eing k = k 1 + k 2 = ( a − 1) f + g ke ys in ev ery no d e. F or this K P S, sub s titution of (3 3) and (34) in (22) yields µ 12 = 2 + ( a − 1) f (2 g + 1) and hence fr om (21) and (23) we get Pr 1 = af + 2 g − 1 + 2( a − 1) f g af (2 g + 1) − 1 , Pr 2 ≈ 2( f − 1) g af (2 g + 1) − 1  1 −  1 − µ 12 af (2 g + 1) − 2  η  . Similarly , s ubstitution of (33) and (34) in (31) and (32) yields n 02 = 2 g , n 10 = f − 1 , n 20 = ( a − 1) f , n 22 = 2( a − 1) f g, ξ 02 =  1 −  1 − 1 af  s   1 −  1 − 3 2 g + 1  s  , 23 ξ 10 = 1 −  1 − 1 2 g + 1  s , ξ 20 =  1 −  1 − 2 af  s   1 −  1 − 1 2 g + 1  s  , ξ 22 =  1 −  1 − 2 af  s   1 −  1 − 3 2 g + 1  s  . Theorem 5.1 can no w b e easily used to ﬁnd fail( s ). On v arying the v alues of a, f and g w e can ge t v arious choic es of d ∗ 1 and d ∗ 2 , leading to KPSs for a v ariet y of parameter v alues. Two illustrativ e examples follo w. Example 6.1 Let a = 2 , f = 21 , g = 25. T hen for the resulting K PS, we ha ve v = 86 6 , n = 2142 , k = 46, while the v alues of Pr 1 , Pr 2 , Pr = Pr 1 + Pr 2 for v arious η and the v alues of fail( s ) for v arious s are as: η 1 2 3 4 5 10 15 20 Pr 1 0.5329 0.5329 0.5329 0.5 329 0.5329 0.5329 0.5329 0.5329 Pr 2 0.2342 0.3510 0.4092 0.4 382 0.4527 0.4667 0.4671 0.4671 Pr 0.7671 0.8839 0.9421 0.9 711 0.9856 0.9996 1.0000 1.0000 s 1 2 3 4 5 6 8 10 fail( s ) 0.00 21 0.0089 0.01 98 0.0340 0.0510 0.0703 0.1141 0.1624 ✷ Example 6.2 Let a = 2 , f = 23 , g = 22. Th e r esulting KPS has v = 859, n = 2070 , k = 45 and the v alues of P r 1 , Pr 2 , Pr = Pr 1 + Pr 2 and fail( s ) are as: η 1 2 3 4 5 10 15 20 Pr 1 0.5321 0.5321 0.5321 0.5 321 0.5321 0.5321 0.5321 0.5321 Pr 2 0.2346 0.3516 0.4099 0.4 390 0.4535 0.4675 0.4679 0.4679 Pr 0.7667 0.8837 0.9420 0.9 711 0.9856 0.9996 1.0000 1.0000 s 1 2 3 4 5 6 8 10 fail( s ) 0.00 22 0.0093 0.02 06 0.0352 0.0527 0.0724 0.1169 0.1658 ✷ 6.2 Use of a PBIB design based on t he triangular asso ciation sc heme and a BIB design No w supp ose the design d ∗ 1 in Example 4.3 is a triangular PBIB design as constru cted in E x- ample 2.7. Thus d ∗ 1 has v ∗ 1 =  m 2  , b ∗ 1 = 3  m 4  , k ∗ 1 = 2 , r ∗ 1 =  m − 2 2  , λ 1 = 0 , λ 2 = 1, and as s een there, suc h a d ∗ 1 exists for ev ery intege r m ( ≥ 4). Also, let us cont in ue with d ∗ 2 as the BIB design considered in Sub section 6.1 . 24 In our constru ction (4), tak e t = 2, with d 1 and d 2 c hosen as the dual designs of d ∗ 1 and d ∗ 2 , resp ectiv ely . Then r ecalling Deﬁnition 2.2, the parameters of d 1 are v 1 = 3  m 4  , b 1 =  m 2  , r 1 = 2 , k 1 =  m − 2 2  , θ 1 (1) = 2( m − 2) , θ 2 (1) =  m − 2 2  , φ 1 1 , 2 (1) = m − 3 , φ 1 2 , 2 (1) =  m − 3 2  , (35) while the p arameters of d 2 are as in (34). Th e KPS obtained from d 1 and d 2 via (4) has v = 3  m 4  + 1 3 (2 g + 1) g ke ys and n =  m 2  (2 g + 1) no des, there b eing k =  m − 2 2  + g k eys in ev ery no de. F or this KPS, substitution of (34) and (35) in (22) yields µ 12 = 2( m − 2) +  m − 3 2  (2 g + 1) and hence from (21) and (23) Pr 1 = m ( m − 1) + 4 g − 2 + 2( m − 2)( m − 3) g m ( m − 1)(2 g + 1) − 2 , Pr 2 ≈ 8( m − 2) g m ( m − 1)(2 g + 1) − 2  1 −  1 − 2 µ 12 m ( m − 1)(2 g + 1) − 4  η  . Similarly , s ubstitution of (34) and (35) in (31) and (32) yields n 02 = 2 g , n 10 = 2( m − 2) , n 20 = m − 2 2 ! , n 22 = ( m − 2)( m − 3) g, ξ 02 =  1 −  1 − 2 m ( m − 1)  s   1 −  1 − 3 2 g + 1  s  , ξ 10 = 1 −  1 − 1 2 g + 1  s , ξ 20 =  1 −  1 − 4 m ( m − 1)  s   1 −  1 − 1 2 g + 1  s  , ξ 22 =  1 −  1 − 4 m ( m − 1)  s   1 −  1 − 3 2 g + 1  s  . Theorem 5.1 can no w b e emplo y ed to ﬁnd fail( s ). Again, on v arying m and g we can get KPSs for a v ariet y of parameter v alues. Two illustrativ e examples follo w. Example 6.3 Let m = 9 and g = 27. The resulting KP S has v = 873 , n = 1980 , k = 48 and the v alues of Pr 1 , Pr 2 , Pr = Pr 1 + Pr 2 and fail( s ) are as: η 1 2 3 4 5 10 15 20 Pr 1 0.6180 0.6180 0.6180 0.6 180 0.6180 0.6180 0.6180 0.6180 Pr 2 0.1620 0.2553 0.3091 0.3 400 0.3578 0.3805 0.3819 0.3820 Pr 0.7800 0.8733 0.9271 0.9 580 0.9758 0.9985 0.9999 1.0000 s 1 2 3 4 5 6 8 10 fail( s ) 0.00 21 0.0094 0.02 10 0.0362 0.0544 0.0750 0.1216 0.1728 ✷ 25 Example 6.4 Let m = 8 and g = 31. The resulting KP S has v = 861 , n = 1764 , k = 46 and the v alues of Pr 1 , Pr 2 , Pr = Pr 1 + Pr 2 and fail( s ) are as: η 1 2 3 4 5 10 15 20 Pr 1 0.5780 0.578 0 0.5780 0.57 80 0.5780 0.5780 0.5780 0.5780 Pr 2 0.1538 0.251 5 0.3136 0.35 31 0.3782 0.4175 0.4215 0.4220 Pr 0.7318 0.8295 0.8916 0.9311 0.9562 0.99 55 0.9995 1.000 0 s 1 2 3 4 5 6 8 10 fail( s ) 0.0023 0.0103 0.023 0 0.0396 0.05 93 0.0815 0.13 12 0.1853 ✷ 6.3 Use of a PBIB design based on the Latin square t yp e asso ciation scheme and a BIB design No w supp ose the d esign d ∗ 1 in E xample 4.3 is a PBIB d esign b ased on the Latin square typ e asso ciation sc heme and ha ving parameters v ∗ 1 = p 2 , b ∗ 1 = ˜ k p, k ∗ 1 = p, r ∗ 1 = ˜ k , λ 1 = 0 , λ 2 = 1. Suc h a design exists wh en p ( ≥ 3) and ˜ k ( < p + 1) are suc h that ˜ k − 2 m u tually orthog onal Latin squares of order p are a v ailable, cf. Deﬁnition 2.7. Hence f ollo win g Deﬁnition 2.2, its dual d esign d 1 has parameters v 1 = ˜ k p, b 1 = p 2 , r 1 = p , k 1 = ˜ k , θ 1 (1) = ( p − 1)( p + 1 − ˜ k ) , θ 2 (1) = ˜ k ( p − 1) , φ 1 1 , 2 (1) = ˜ k ( p − ˜ k ) , φ 1 2 , 2 (1) = ˜ k ( ˜ k − 1) . (36) W e con tin u e with d 2 as in the last t wo sub sections and (34) con tin u es to hold f or d 2 . In our construction (4), now ta k e t = 2, w ith d 1 and d 2 c hosen as ab ov e. Clearly , the KPS obtained from d 1 and d 2 via (4) h as v = ˜ k p + 1 3 (2 g + 1) g k eys and n = p 2 (2 g + 1) no d es, there b eing k = ˜ k + g ke ys in ev ery n o de. F or this K PS, substitution of (34) and (36) in (22 ) yields µ 12 = 2 + 2 ˜ k ( p − ˜ k ) + ˜ k ( ˜ k − 1)(2 g + 1) and hence f r om (21) and (23 ) w e get Pr 1 = p 2 + 2 g − 1 + 2 ˜ k ( p − 1) g p 2 (2 g + 1) − 1 , Pr 2 ≈ 2( p − 1)( p + 1 − ˜ k ) g p 2 (2 g + 1) − 1  1 −  1 − µ 12 p 2 (2 g + 1) − 2  η  . Similarly , s ubstitution of (34) and (36) in (31) and (32) yields n 02 = 2 g , n 10 = ( p − 1)( p + 1 − ˜ k ) , n 20 = ˜ k ( p − 1) , n 22 = 2 ˜ k ( p − 1) g , 26 ξ 02 =  1 −  1 − 1 p 2  s   1 −  1 − 3 2 g + 1  s  , ξ 10 = 1 −  1 − 1 2 g + 1  s , ξ 20 =  1 −  1 − 1 p  s   1 −  1 − 1 2 g + 1  s  , ξ 22 =  1 −  1 − 1 p  s   1 −  1 − 3 2 g + 1  s  . Theorem 5.1 can now b e easily used to ﬁ nd fail( s ) . Again, KPSs for a v ariety of parameter v alues can b e obtained by v arying the v alues of p, ˜ k and g . Two illustrative examples follo w . Example 6.5 Let p = 17 , ˜ k = 12 , g = 28. Then the resulting KPS has v = 736 , n = 16473 , k = 40 and the v alues of P r 1 , Pr 2 , Pr = Pr 1 + Pr 2 and fail( s ) are as: η 1 2 3 4 5 10 15 20 Pr 1 0.6736 0.6736 0.6736 0.6 736 0.6736 0.6736 0.6736 0.6736 Pr 2 0.1515 0.2327 0.2762 0.2 995 0.3120 0.3258 0.3264 0.3264 Pr 0.8251 0.9063 0.9498 0.9 731 0.9856 0.9994 1.0000 1.0000 s 1 2 3 4 5 6 8 10 fail( s ) 0.00 30 0.0115 0.02 44 0.0410 0.0606 0.0826 0.1320 0.1857 ✷ Example 6.6 No w let p = 19 , ˜ k = 13 , g = 28. Then the resulting K P S has v = 779 , n = 20577 , k = 41 and the v alues of Pr 1 , Pr 2 , Pr = Pr 1 + Pr 2 and fail( s ) are as: η 1 2 3 4 5 10 15 20 Pr 1 0.6571 0.6571 0.6571 0.6 571 0.6571 0.6571 0.6571 0.6571 Pr 2 0.1508 0.2353 0.2826 0.3 091 0.3240 0.3419 0.3428 0.3429 Pr 0.8079 0.8924 0.9397 0.9 662 0.9811 0.9990 0.9999 1.0000 s 1 2 3 4 5 6 8 10 fail( s ) 0.00 28 0.0104 0.02 21 0.0372 0.0551 0.0753 0.1209 0.1710 ✷ 7 Shared k ey disco v ery A ma jor adv ant age of our construction in (4) is that it mak es the task of d isco vering the ke ys shared b y an y t wo no des of the resulting KPS quite straigh tforw ard. Th is h app ens b ecause of the follo wing reasons: (a) Consider any t wo distinct no d es A and A ′ . F r om (4) and Deﬁn ition 3.1 it is clear that pr oj ( A, i ) and pr oj ( A ′ , i ′ ) do not ha v e an y common sym b ol wh enev er i 6 = i ′ . Hence, the set 27 of keys (symb ols) co mmon to A and A ′ equals the union of the sets of symb ols common to pr oj ( A, i ) and pr oj ( A ′ , i ), the union b eing o v er all i, 1 ≤ i ≤ t. As a r esult, in order to disco v er the k eys sh ared by A and A ′ , it suﬃces to ﬁnd the set of symbols common to pr oj ( A, i ) and pr oj ( A ′ , i ), sep ar ately for eac h i, 1 ≤ i ≤ t. T his is m uc h simpler than comparing the en tire sets of k eys in A and A ′ . (b) T u rning no w to the identiﬁca tion of the set of sym b ols common to pr oj ( A, i ) and pr oj ( A ′ , i ) for any i , from Deﬁnition 3.1 we see th at this set is nothing but the set of sym- b ols common to t wo blo c ks of d i . Therefore, in view of the d ualit y b et w een d i and the design d ∗ i that w e orig inally started with, this set is simply the set of b lo c ks lab els where the corresp ond- ing tw o symb ols of d ∗ i o ccur together. Thus iden tiﬁcation of this set b ecomes p articularly easy if the symbols and blo cks in d ∗ i can b e pr op erly lab eled so as to obtain algebraically a listing of the sym b ols app earing in eac h blo ck of d ∗ i . Since th e d ∗ i considered here are PBIB or BIB designs, suc h lab eling is p ossible under wide generalit y . F or instance, the commonly used cycli c constructions of these designs, b ased on one or more in itial sets, readily allo w suc h lab eling. This kind of lab eling is also p ossible for the constructions d escrib ed in Examples 2.6 and 2.7. Indeed in construction (4), eac h d ∗ i can p oten tially b e any PBIB design with λ 1 = 0 , λ 2 = 1 or any BIB d esign with λ = 1. Because of su c h d iv ersit y , it is u nrealistic in the limited space of this pap er to attempt to giv e an acc oun t of the lab eling of blo cks and symbols, men tioned in (b) ab ov e, encompassing al l p ossibilities for d ∗ i , i = 1 , . . . , t . F or illustration, therefore, we no w revisit the setup of Sub section 6.1 in some detail; th ose of Subsections 6.2 and 6.3 are br ieﬂy touc h ed up on later. Recall that in Subsection 6.1, d ∗ 1 is a group divisible PBIB design constru cted as in Exam- ple 2.6. Also d ∗ 2 is a BIB design b elonging to the Steiner’s triple system, and as seen b elo w , it is generated via a cyclic constru ction. The p arameters of these designs are as d escrib ed in Subsection 6.1. The facts noted b elo w in (A) and (B) for these t wo designs will b e useful. (A) L ab els for symb ols and blo cks of d ∗ 1 : Denote the af sym b ols of d ∗ 1 b y ordered pairs β γ , where β γ is the γ th symbol of the β th grou p ; 1 ≤ β ≤ a and 1 ≤ γ ≤ f . Then as indicated in Example 2.6, its  a 2  f 2 blo c ks are { β γ , ˜ β δ } , and let these b e lab eled as β ˜ β γ δ , sa y , where 1 ≤ β < ˜ β ≤ a and γ , δ ∈ { 1 , 2 , . . . , f } . Th us, an y t wo distinct sym b ols β γ and ˜ β δ o ccur together in some blo c k if and only if β 6 = ˜ β , and if this hap p ens then the u n ique blo c k where they o ccur together has lab el β ˜ β γ δ if β < ˜ β or ˜ β β δγ if ˜ β < β . Let the lab el for this blo ck b e iden tiﬁed as L 1 ( β γ , ˜ β δ ). 28 Similarly , the ( a − 1) f blo c ks where an y sym b ol β γ o ccurs ha ve labels (i) β ˜ β γ δ , where β < ˜ β ≤ a and δ ∈ { 1 , 2 , . . . , f } , and (ii) ˜ β β δγ where 1 ≤ ˜ β < β and δ ∈ { 1 , 2 , . . . , f } . Let V 1 ( β γ ) b e the co llection of these ( a − 1) f blo c k lab els. ✷ (B) L ab els for symb ols and blo cks of d ∗ 2 : Let g = 1 mo d 3 in d ∗ 2 , i.e., g = 3 h + 1 for some in teger h ( ≥ 1). So d ∗ 2 in v olv es 6 h + 3 sym b ols and (2 h + 1)(3 h + 1) b lo c ks. Denote these sym b ols of d ∗ 2 b y ζ u where ζ ∈ { 0 , 1 , . . . , 2 h } , u = 0 , 1 , 2 . Th en, the blo cks of d ∗ 2 can b e r ep resen ted and lab eled as { ( y + z ) x , ( z − y ) x , z x +1 } = xy z , sa y , and { z 0 , z 1 , z 2 } = 0 z , sa y , where x, y and z range o ver { 0 , 1 , 2 } , { 1 , . . . , h } and { 0 , 1 , . . . , 2 h } , r esp ectiv ely , and the subs cr ip t x + 1 is r educed mo dulo 3, while y + z and z − y are reduced mo dulo 2 h + 1. Th ere is a unique blo c k where t w o distinct sym b ols ζ u and ˜ ζ w , ( ζ , u ) 6 = ( ˜ ζ , w ), o ccur toge ther and let the lab el for this blo c k b e iden tiﬁed as L 2 ( ζ u , ˜ ζ w ). Since y ran ges o v er { 1 , . . . , h } , the follo w in g are not h ard to observe : (a) Let u = w and ζ 6 = ˜ ζ . Th en L 2 ( ζ u , ˜ ζ u ) = uy z , where z = ( ζ + ˜ ζ ) / 2 mo d 2 h + 1 and y = ( ζ − ˜ ζ ) / 2 or ( ˜ ζ − ζ ) / 2 mo d 2 h + 1, d ep endin g on whether ( ζ − ˜ ζ ) / 2 mo d 2 h + 1 b elongs to { 1 , . . . , h } or { h + 1 , . . . , 2 h } . (b) Let u 6 = w and ζ = ˜ ζ . Then L 2 ( ζ u , ζ w ) = 0 ζ . (c) L et u 6 = w and ζ 6 = ˜ ζ . Th en L 2 ( ζ u , ˜ ζ w ) = xy z , where ( x, z ) = ( u, ˜ ζ ) or ( w , ζ ), dep en ding on whether w = u + 1 or u = w + 1 mo d 3 and y = ζ − ˜ ζ or ˜ ζ − ζ mo d 2 h + 1, d ep endin g on whether ζ − ˜ ζ mo d 2 h + 1 b elongs to { 1 , . . . , h } or { h + 1 , . . . , 2 h } . Similarly , the g (= 3 h + 1) blo cks where an y symb ol ζ u o ccurs are lab eled as (i) uy z , wh ere y ∈ { 1 , . . . , h } and z = ζ ± y mo d 2 h + 1, (ii) ( u − 1) y ζ , where y ∈ { 1 , . . . , h } and u − 1 is reduced mo d 3, and (iii) 0 ζ . Let V 2 ( ζ u ) b e the collection of these 3 h + 1 blo c k lab els. ✷ Returning to the setup of S ubsection 6.1, consider no w the KPS constructed as in (4), with t = 2 and d 1 and d 2 c hosen as the d u al designs of d ∗ 1 and d ∗ 2 , resp ectiv ely , wher e d ∗ 1 and d ∗ 2 are as detailed in the facts (A) and (B) ab o v e. As seen in S ubsection 6.1, this KPS has v =  a 2  f 2 + 1 3 (2 g + 1) g =  a 2  f 2 + (2 h + 1)(3 h + 1) k eys and n = af (6 h + 3) no des. Since d 1 and d 2 are obta ined b y inte rc hanging the r oles of sym b ols and blo cks in d ∗ 1 and d ∗ 2 , resp ectiv ely , it is clear from (4) that the v k eys corresp ond to the blo c k lab els of d ∗ 1 and d ∗ 2 , while the n no des corresp ond to ordered pairs wh ose ﬁrst m em b er is a symb ol of d ∗ 1 and second mem b er is a sym b ol of d ∗ 2 . Th us, usin g the facts in (A) and (B), the v keys can b e denoted by β ˜ β γ δ , xy z and 0 z , where 29 1 ≤ β < ˜ β ≤ a and γ , δ ∈ { 1 , 2 , . . . , f } , while x, y and z range o v er { 0 , 1 , 2 } , { 1 , . . . , h } and { 0 , 1 , . . . , 2 h } , resp ectiv ely . Similarly , th e n n o des can b e lab eled as ( β γ , ζ u ), where 1 ≤ β ≤ a, 1 ≤ γ ≤ f , and u and ζ r an ge o v er { 0 , 1 , 2 } and { 0 , 1 , . . . , 2 h } , r esp ectiv ely . Then clearly , the k eys app earing in an y no de ( β γ , ζ u ) are giv en by the lab els of the blo c ks of d ∗ 1 con taining the sym b ol β γ and the lab els of the blo c ks of d ∗ 2 con taining the symbol ζ u . Hence, as discussed in the b eginnin g of this section, the k eys shared by t w o distinct n o des ( β γ , ζ u ), and ( ˜ β δ , ˜ ζ w ) are giv en by the lab els of the blo cks of d ∗ 1 con taining b oth β γ and ˜ β δ and the lab els of the blo cks of d ∗ 2 con taining b oth ζ u and ˜ ζ w , i.e., u sing the facts n oted in (A) and (B), these s hared k eys are as describ ed b elo w: (i) the k eys in V 1 ( β γ ) and k ey L 2 ( ζ u , ˜ ζ w ), if β γ = ˜ β δ and ( ζ , u ) 6 = ( ˜ ζ , w ); (ii) the k eys in V 2 ( ζ u ) , if β = ˜ β , γ 6 = δ and ( ζ , u ) = ( ˜ ζ , w ); (iii) the k ey L 1 ( β γ , ˜ β δ ) and the k eys in V 2 ( ζ u ) , if β 6 = ˜ β and ( ζ , u ) = ( ˜ ζ , w ); (iv) the ke y L 2 ( ζ u , ζ w ) if β = ˜ β , γ 6 = δ , and ( ζ , u ) 6 = ( ˜ ζ , w ); (v) the ke ys L 1 ( β γ , ˜ β δ ) and L 2 ( ζ u , ˜ ζ w ) if β 6 = ˜ β and ( ζ , u ) 6 = ( ˜ ζ , w ) Th us th e k eys s h ared by an y t wo distin ct no des can b e found r eadily from the no d e lab els. Consider an y tw o no d es A and A ′ in ea c h other’s neigh b orho o d and b y our construction as describ ed ab o v e, sup p ose they are assigned lab els ( β γ , ζ u ) and ( ˜ β δ , ˜ ζ w ), r esp ectiv ely . In the shared-k ey discov ery phase, nod e A only broadcasts the four v alues β , γ , ζ and u . Once no d e A ′ receiv es these four v alues, it simp ly chec ks them against the corresp on d ing fou r v alues in its o wn lab el, decides on one of the ﬁve ca ses in (i)-(v) ab o ve and accordingly , it im m ediately iden tiﬁes its common keys with A . Thus there is no n eed to solv e an y equations nor any complicated computations are inv olv ed. P ath-k ey establishment is also similarly straigh tforw ard . F or further illustration, we revisit the second example of Subsection 6.1, where a = 2 , f = 23 and g = 22. T hen, as discussed ab o v e, the k eys of the resulting KPS can b e denoted b y 12 γ δ, xy z and 0 z , where γ , δ ∈ { 1 , 2 , . . . , 23 } , wh ile x , y and z range o ver { 0 , 1 , 2 } , { 1 , . . . , 7 } and { 0 , 1 , . . . , 14 } , resp ectiv ely . Similarly , the no des of this KPS can b e lab eled as ( β γ , ζ u ) where β = 1 or 2 , 1 ≤ γ ≤ 23 , and u and ζ range o v er { 0 , 1 , 2 } and { 0, 1,. . . , 14 } , resp ectiv ely . F rom (i) ab o v e, the k eys shared, for example, b y the no des (16 , 4 0 ) and (16 , 6 0 ) are 126 δ , 1 ≤ δ ≤ 23 , whic h constitute V 1 (16) , and L 2 (4 0 , 6 0 ) = 015. Similarly , from (v) ab ov e, the n o des (22 , 5 1 ) and (13 , 6 2 ) share the k eys L 1 (22 , 13) = 1232 and L 2 (5 1 , 6 2 ) = 116 . The other applications considered in Section 6 allo w equally simp le disco v ery of shared k eys. The sym b ols and blo cks of the triangular PBIB design in Sub section 6.2 can b e r ep resen ted along 30 the lines of (A) ab ov e. Also, follo wing Lee and Stinson (2008), the blo cks of d 1 in S ubsection 6.3 can b e so lab eled that one can readily identify the common symbol, if an y , b et w een t wo giv en blo c ks. F urthermore, if g = 0 mo d 3 f or the BIB design d ∗ 2 , then one can represent its symbols and b lo c ks in a m anner similar to (B) abov e. Th ese representa tions r eadily yield the counterparts of V 1 , V 2 , L 1 and L 2 for th ese designs. As a result, for constru ctions inv olving these designs, k eys shared by any t w o distinct no des can again b e found easily from the no de lab els. 8 Comparison of our metho d with some existing ones In this pap er, w e ha v e giv en a general metho d for construction of K PSs usin g d uals d 1 , . . . , d t of PBIB or BIB d esigns. The most imp ortan t features of our metho d can b e su m marized as follo ws : (i) It is applicable to any presp eciﬁed in tersectio n threshold q ≥ 1. (ii) It allo ws the construction of KPSs f or a wide sp ectrum of parameter v alues, namely , the n um b er of n o des n , the n um b er of keys p er no de k and the k ey p o ol size v , thus enabling the user to ﬁnd a suitable KPS in a giv en con text. (iii) It ensu res that n is multi plicativ e in the n um b ers of blo cks of d 1 , . . . , d t while k is add itiv e in the blo ck sizes of these designs. This allo ws a large n an d , at the same time, k eeps k in chec k. (iv) I t comes along with explicit form ulae for the lo cal connectivit y and resiliency metrics as giv en by Pr and fail( s ). It also k eeps the tasks of sh ared k ey discov ery and path k ey establishmen t simple. As seen earlier, for instance, in the b eginning of S ection 6 and in Remarks 4.1, 4.2, b ecause of (i)-(iv) ab ov e, our metho d has sev eral adv an tages compared to the existing ones. W e no w indicate these adv anta ges in some m ore detail. First note that in con trast to (i), th e existing m etho ds based on combinatorial designs are t ypically mean t for sp eciﬁc v alues of q , su c h as q = 1 in Camt ep e and Y ener (2004, 2007), Lee and S tinson (2005a), Ch akrabart y et al. (2006), Dong et al. (2008), Ruj and R oy (2007) and Ruj et al. (200 9), or sep arately for q = 1 and q = 2 in Lee and Stinson (2008) . Next, as a consequence of (ii ), our method allo ws u s to obtain KPSs f or net works wh ere the n um b er of no des n need not b e of an y sp ecial ized form, su c h as the forms p ( p − 1) / 2 or p ( p − 1) as in Ruj and Ro y (2007), or the f orms p 2 (for q = 1) or p 3 (for q = 2), p a prime/prime p o w er, as in Lee and Stinson (2008). F u r thermore, b ecause of (iii) and (iv), this can b e ac h iev ed with 31 a con trol on th e num b er of k eys k p er no de, while assuring go o d v alues of the p erformance metrics. T o understand wh y this is imp ortan t, let q = 2 and supp ose w e s tart with a sc heme of Lee and Stinson (2008) with n equal to the lo w est pr ime p o w er of the form p 3 that exceeds the target n u m b er of no des. If w e then discard the unnecessary nod e allocations to get the ﬁnal sc heme for us e, th is ﬁnal scheme will not preserv e the Pr and fail( s ) v alues of the original sc heme and hence the prop erties of the ﬁnal scheme in this regard can b ecome quite erratic. This is b ecause, these p erformance metrics of the original scheme dep end on th e pattern of th e keys allocated to th e diﬀeren t no des, this allocation h a ving b een done b y exploiting the structure of some combinatorial design, and once a large n um b er of the allo cated no des are discarded, the u n derlying combinato rial structure is disru pted, leading to a s c heme with uncertain local connectivit y and resiliency prop erties. F or illustration, supp ose it is desired to obtain a KPS with ab out 16500 n o des. T hen our Example 6.5 giv es a sc heme with 16473 no des with demonstrated go o d v alues of the p erform ance metrics. Th e closest higher prim e p ow er of the form p 3 is 27 3 = 19683 . I f we start with the sc heme of Lee and Stinson (2008 ) with allo cation for 19683 no des, w e will h a v e to delete the allocation for ab out (196 83-16 500=)318 3 no des constituting 16.17% of the original 196 83 no des. After su ch large scale deletion, th e Pr and fail( s ) v alues of the ﬁ nal sc heme v ery m uc h dep end on the particular n o des deleted and hen ce b ecome quite arbitrary . Similarly , if ab out 20500 no des are needed, then our Example 6.6 give s a scheme with 20577 no des and assured p rop erties while the nearest sc heme of Lee and S tinson (2008) with 29 3 = 24389 no d es en tails a deletion of ab out 3889, i.e., 15.95%, of the n o des, leading to unpredictable p erformance. In either of these situations, th e constructions in Ru j and Ro y (2007), with n = p ( p − 1) / 2 or p ( p − 1) and k = 2( p − 2), can bring n close to the target but at the cost of pr ohibitiv ely large (i.e., 250 or ev en larger) v alues of k . In cont rast, the sc hemes in our Examples 6.5 and 6.6 in v olv e only 40 and 41 k eys p er no de. The additive nature of k in our co nstruction, as ment ioned in (iii) ab o v e, helps in ac hieving this. Finally , as n oted in (iv), our metho d comes along with explicit and readily ap p licable for- m ulae for Pr = Pr 1 + P r 2 and fail( s ), and also k eeps the tasks of shared key d isco very and path k ey establishmen t s im p le. Not all of th ese asp ects ha v e b een explored in many of the existing constructions of KPSs via combinatoria l d esigns, and eve n wh en this is done, analytical results on Pr and fail( s ) are not alwa ys a v aila ble. F or example, Dong et al. (2008) studied only Pr 1 and fail(1) for their scheme. Again, as seen in Remark 4.2, the quantit y Pr 2 in th e Lee and 32 Stinson (2008) sc h eme for q = 2 do es not admit an explicit expression and its calculat ion calls for design sp eciﬁc numerical enumeratio n w hic h can b e diﬃ cu lt when the num b er of nod es is large. Similarly , Ruj and Ro y (2007) an d Ruj et al. (2009) gav e some b ounds on the exp ected num b er of links that will b e brok en if a sp eciﬁed n um b er of no d es are compromised in their schemes and rep orted asso ciated simulatio n results, but did not study fail( s ). In ciden tally , their sc h emes ha v e Pr 1 = 1, a feature shared also b y our construction w h en the initial d esigns d ∗ 1 , . . . , d ∗ t are all tak en as BIB designs with λ = 1; cf. Examp le 4.1. How ev er, as argued in Lee and Stinson (2008 ), a sc heme with Pr 1 = 1 will ha ve p o or connectivit y in the even t of no d e compromise as reﬂected in large fails( s ) v alues. This is wh y we ha v e fo cused on s c hemes with go o d v alues of Pr rather than attempting to h a v e Pr 1 = 1. T o sum up, our metho d of construction is a b road sp ectrum one which supplement s and impro v es up on the existing metho ds from v arious considerations. It is applicable to any inte r- section thr eshold q ≥ 1 and allo ws the constru ction of K PSs for widely div erse parameter v alues. The fact that it is s u pp orted by a detailed study of the p erformance metrics, including explicit form ulae for Pr and fail( s ), fu r ther enhances the scop e of its app lication. Ac kno wledgemen t The authors thank t w o referees for their insigh tful comments whic h led to an enhancemen t of the con tents and p resen tation in this ve rsion. Th e work of AD w as s u pp orted b y th e In dian National Science Academ y under the S en ior Scien tist S c heme of the Aca dem y . The work of RM w as sup p orted b y the J. C. Bose National F ello wship of the Go vt. of In dia and a grant from the Indian Institute of Managemen t Calcutta. References Blac kbu rn, S. R., E tzion, T., Martin, K . M., and P aterson, M. B. (2010). Distinct Diﬀer- ence Conﬁgurations: Multihop Pa ths and Key Predistribu tion in Sensor Net w orks. IEEE T ran s actions on Information Theory . 56 , 3961-397 2. Carmen, D. , Kruus, P ., and Matt, B. (2000). Constrain ts and app roac h es for distribu ted sensor net w ork securit y . T ec h. rep. 00 -010, NAI Labs. Cam tep e, S. and Y ener, B. (2004). Com binatorial design of key predistribu tion mec hanisms for wireless sensor net w orks. In E SORICS 2004 Pr o c e e dings . Lecture Notes in Computer 33 Science, 3193 , Spr inger, 29 3-308. Cam tep e, S. and Y ener, B. (2007). Com binatorial design of key p redistribu tion mec hanisms for wireless sensor net w orks. IEEE/ACM T r ans. Network. 15 , 346-3 58. Chakrabarti, D., Maitra, S., and R oy , B. (20 06). A key-predistribution scheme for wireless sensor net w orks: merging b lo c ks in com binatorial design. International Journal of Informatio n Se curity , 5 , 105-114 Chan, H., Pe rrig, A., and Song, D. (2003). Rand om key predistribution schemes for sensor net w orks. In Pr o c e e dings of the 2003 Symp osium on Se cu rity and Privacy . IEEE Computer So ciet y , 197-213. Clat worth y , W. H. (1973). T ables of Two-associate P artially Bala nced Designs. Natl. Bur. Standards Appl. Math. Ser . No. 63 . W ashington D.C. Dong, J., Pei, D., and W ang, X. (2008). A k ey pred istribution sc heme based on 3-designs. I n INSCR YPT 20 07. Lecture Notes in Compu ter Science, 4990 , 81-92, Sprin ger, Berlin. Dey , A. Incomplete Blo c k Designs. (2010 ). Hindus tan Book Agency , New Delhi Du, W., Deng, J., Han, Y., V ars h ney , P ., Katz, J., and Kh alili, A. (2005 ). A pairwise k ey predistribu tion sc heme for wireless sensor net w orks . ACM T r ans. Inform. Syst. Se cur. 8, 228-2 58. Esc henauer, L. and Gligor, V. (2002). A k ey-managemen t sc h eme for distribu ted sen s or net- w orks. In Pr o c e e dings of the 9th ACM Confer enc e on Computer and Communic ations Se- curity. A CM Pr ess, 41-47 Kirkman, T. P . (18 47). On a prob lem in com bin ations. Cambridge and Dublin Math. J. 2 , 192-2 04. Lee, J. and S tinson, D. (2005a). A com bin atorial approac h to key predistribution for d is- tributed sensor net w orks. In IEE E Wir e less Communic ations and Networking Confer enc e (WCNC’05) 2 , IEEE Communicatio ns S o ciet y , 1200-120 5 Lee, J. and Stinson, D. (2005b). Deterministic ke y predistribution sc hemes for d istributed sensor net w orks. In SAC 2004 Pr o c e e dings. Lecture Notes in Compu ter Science, 3357 , Spr inger, 294-3 07. Lee, J . and Stinson, D. (2008) . On the construction of practical key predistribu tion sc hemes for distributed sensor n et w ork s usin g combinatorial designs. A CM T r ans. Inform. Syst. Se cur. 11 , Article 5. Martin, K.. (2009). On th e applicabilit y of combinato rial designs to key predistribu tion for 34 wireless sensor n et w orks In Pr o c e e dings of the 2nd International Workshop on Co ding and Cryptolo gy, Spr in ger, Berlin. Martin, K., Blac kburn, S .R., Etzion, T ., and Pa terson, M.B. (2010 ). Distinct diﬀerence conﬁg- urations: multihop paths and key predistribu tion in sensor net w orks. IE EE T r ansactions in Information The ory, 56 ,3961 -3972 . Martin, K., S tin s on, D.R., Pa terson, M.B. (2011). Key predistribution for homogeneous wireless sensor netw orks with group deplo ymen t of no des. A CM T r ansactio ns on Sensor Ne tworks, 7 , No. 2. Roman, R., Zh ou , J., and L op ez, J. (2005). On th e securit y of wireless sensor net w ork. In ICCSA 2005 Pr o c e e dings. Lecture Notes in Computer Science, V ol 3482. Springer, 681-6 90 Ruj, S. and Roy , B. (2007). K ey predistrib ution u sing partially balanced designs in w ireless sensor net w orks. In Pr o c e e dings of ISP A 2007 , Lecture Notes in Computer Science, 4742 , 431-4 45. Ruj, S ., Seb erry , J., and Roy , B. (2009). K ey predistribution sc h emes using b lo c k designs in wireless sensor netw orks. In Computationa l Scienc e and Engi ne ering, 2009. CSE ’09., 873- 878. DOI 10 .1109/ CSE.2009.35 Stinson, D. (2003). Combinato rial Designs: C onstructions and Analysis. Sprin ger, Berlin, German y . Street, A.P . and Street, D.J. (198 7). Combinatorics of Exp erimenta l Design. Clarend on Press, Oxford. Y ounis, M.F., Ghumman, K ., and Eltow eissy , C.V. (2006). Lo cation-a ware combinato rial k ey managemen t s cheme f or clustered s en sor net w orks . IEE E T r ansactions on Par al lel and Distribute d Systems, 17 , 865-882 35

Key Predistribution Schemes for Distributed Sensor Networks

Original Paper

Comments & Academic Discussion

Leave a Comment

Original Paper

Related Papers

Comments & Academic Discussion

Leave a Comment