IET Information Security (May 2021)

How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes

  • Chris J Mitchell

DOI
https://doi.org/10.1049/ise2.12016
Journal volume & issue
Vol. 15, no. 3
pp. 223 – 230

Abstract

Read online

Abstract Three closely related polynomial‐based group key pre‐distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, that is, making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further studies have built on these schemes, for example, to propose secure routing protocols for wireless sensor networks. Unfortunately, as shown by the author, all three schemes are completely insecure; whilst the details of their operation vary, they share common weaknesses. In two cases, we show that an attacker equipped with the information built into just one sensor node can compute all possible group keys, including those for which the attacked node is not a member; this breaks a fundamental design objective. In the other case, an attacker equipped with the information built into at most two sensor nodes can compute all possible group keys. In the latter case, the attack can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent work proposes a group membership authentication and key establishment scheme based on one of the three key pre‐distribution schemes analysed here; as the author demonstrates, this scheme is also insecure, as the attack we describe on the corresponding pre‐distribution scheme enables the authentication process to be compromised.

Keywords