Developing Network Security Protocol by using Key Pre-Distribution for Wireless
Tarik Eltaeib, Abdalraouf Hassan, Khaled Elleithy
Department of Computer Science and Engineering,
University of Bridgeport
Bridgeport, CT-06604, USA
email@example.com, firstname.lastname@example.org, email@example.com
In this paper, we design a protocol for secure end-to-end
communication for a randomly deployed wireless sensor
network by using key pre-distribution. The main theme of the
method is to allocate different keys to the sensors to improve
the resilience of the sensors to links. We have mathematically
analyzed the end-to-end secure communication protocol as
well as the protocol optimization. In the proposed protocol,
high resilience links are preferred to those with low resilience
links during the process of routing data from the sending node
to a receiving node.
Keywords: Sensors Networks, secure communications, Key Pre-
In the past few years wireless communications have gained
popularity because of its applications in every dimension of life
including health, military, and commercial applications. To
meet the requirements of new life styles, much advancement
has been done in wireless communications which enabled the
development of Wireless Sensor Networks (WSN) .
Recently, wireless sensor networks (WSNs) have been
deployed for applications of different situations such as
forecasting systems, battleground monitoring, territory
monitoring, weather conditions detection, natural animal
protection, museums sanctuary and unreachable dangerous
A wireless sensor network is composed of nodes which are
used in the sending, receiving, processing of data, and other
components for communication. These nodes use their power
to perform simple computations and for data transfer.
Recent applications require a high level of secure WSN.
Some of the security threats are equally applicable to the
traditional networks as well as to the wireless sensor networks.
But in WSN, there are some additional threats and
vulnerabilities because of the unprotected and unsafe channels
of communication, limited resources, and limited bandwidth.
The level of security required for WSN varies depending on
the nature of the application , .
The pairwise distinct keys are encrypted in the
communication between nodes. There are several protocols
proposed [2-4] for the management of these pre-distributed
keys. The RKP (Random Key Pre-distribution) method, which
is public key cryptography such as SPIN phases (Sensor
Protocols for information negations), works in two phases. In
the first phase all the nodes are distributed with pre distribution
key from a number of keys. In the second phase, nodes get
information of their neighbor and after sharing the pre
distributed key, they make a pairwise key. If two of the nodes
do not share the distributed keys, then they have an option to
use proxies in order to make a path for establishment of
pairwise key. Certain variation in the random key pre-
distribution model has been proposed with some improvements
and modifications in each model for wireless sensor networks
as well as for other networks like homogeneous and
heterogeneous sensor networks, and also in mobile sensor
In homogeneous sensor networks, the same number of keys
is distributed to each node. In  the distribution of keys is
done using an optimization technique which enhances the
sharing of keys between two nodes. In  and  for the key
distribution, multiple paths are used to overcome the link
resilience between nodes.
Several models have been proposed for the security of end-
to-end communication in wireless sensor networks [6-8].
Random key pre distribution  is one of the models providing
secure communication between nodes. In RKP (Random key
pre-distribution) from a large number of keys, every sensor
with a different key is distributed. The distributed keys are
used by the nodes to make a pairwise arrangement of keys
between the nodes.
In this paper we propose an architecture that describes a
prototype for a security protocol of pre-distribution key for
secure communication between nodes. In our work, we
propose a security protocol architecture associated with a grid
based sensor ID to efficiently communicate the information to
a gateway node. Furthermore, the proposed security protocol
architecture describes how security keys are generated and
distributed. Also, the architecture describes the security keys
management mechanisms for adding new sensors to the WSN
in order to achieve robust and efficient communications. The
presented protocol prefers high resilience links to those of low
resilience links during the process of routing .
After designing the architecture, we investigate the
proposed design and try to optimize the performance of the pre
key distribution of the nodes. We present a mathematical
model to optimize the key pre-distribution. The simulation
results demonstrate the validity and the performance of the
proposed security protocol. Furthermore, we investigate some
of the attacks that the system can be vulnerable and study the
response of the system to these attacks.
II. RELATED WORK
For heterogeneous Sensor networks, several approaches
were reported for the management of key distribution [8-20].
Eschenauer and Gligor  proposed a basic probabilistic
key pre-distribution algorithm, where each sensor node is
assigned a random subset of keys from a key pool before
deployment. As a result, two sensor nodes have a certain
probability to share at least one key after deployment. In ,
more keys are distributed with the cluster heads using an
algorithm for quick encryption and deletion so that there is no
compromise on the keys that are supplementary. This approach
is somehow similar to our proposed design.
In , a tree hierarchy structure is introduced for the
distribution of the keys. In such a scheme, the keys have been
grouped into similar categories like cluster key, intermediate
key, and private key. This scheme has poor resilience. In
LEACH protocol , a new protocol is designed for the
selection combining the cluster head in the network and the
private and public key approach. In , the proposed scheme
uses an initial key for the establishment of the trust with other
nodes. This scheme securely makes the establishment in time
when there is no danger of attack.
In , a highly sophisticated scheme is proposed for the
security of the WSN. Some of the security designs like forward
and backward confidentiality and non-group confidentiality. In
, the same mechanism is used but this time with a bi-
variate polynomial is used as compared to the symmetric
distribution of keys. In , much of the emphasis is given on
the hierarchical design of the sensor networks to support
features like efficiency of energy, key updating, key
revocation, and reducing the effects of attacks. Unfortunately,
these types of models are too complex to.
In the past few years much of the work has been done on
random key pre-distribution for wireless sensor networks. In
, the exploitation of the traffic models has been discussed
in detail. In order to optimize the usage of memory and power
and to provide security in WSN, genetic algorithms are used
LEACH stands for Low Adaptive Clustering Hierarchy.
This protocol applied cluster node approach and it requires
TDMA (Time Division Multiple Access) scheduling that
prevents packet collision . This protocol has two phases:
setup phase and steady phase.
First step in LEACH protocol is to choose a cluster Head.
Each node generates a random number between 1 and 0 then
compares it with a threshold value. If the number less than the
threshold value, this node becomes a head cluster. Each cluster
head is set to 0, to prevent this node from being involved in
another attempt. Next, the cluster head broadcasts the network
information to all other nodes. Even though LEACH seems to
be able to work smoothly in WSN, it assumes that all nodes
work with their full power capabilities so that the nodes are
able to reach the base station. The protocol is not useful with
wide range network. Furthermore, cluster mechanism will add
extra overhead that leads to more power consumption. The
protocol schematic is shown in Figure 1.
III. SECURITY OVERVIEW
It is essential to provide basic security primitives to the
sensor nodes in order to give a minimal protection to the
information flow and a foundation to create secure protocols
. These security primitives are symmetric key
cryptography (SKC), hash primitives, and public key
cryptography (PKC). Since sensor nodes are extremely
constrained in terms of resources, and implementing the
security primitives in an efficient way; consuming less power,
memory space, time computations, without sacrifices the
strength of their security properties is one of the major
challenges in this area. Multiple cryptographic resolutions
have been proposed based on symmetric and asymmetric
algorithms  and .
Symmetric Key Cryptography uses the same secret key
for both encryption and decryption. Public key cryptography
is known as asymmetric cryptography. This technique uses
two keys; private key and public key. All PKC Algorithms are
useful for authentication purposes .
Hash function is utilized in order to compress a set of data
of variable length into a set of bits of fixed length. The result
is a digital fingerprint of the data. Hash functions are usually
used for insuring the integrity of the information flow and
providing a unique fingerprint for every packet in form of
(MAC) message authentication code. However hash functions
are slower than symmetric key cryptography in terms of speed
Fig 1: LEACH Protocol
IV. A PROTOTYPE SECURITY PROTOCOL
In this section we propose a prototype security protocol
for sensor networks. The key is manually programmed into the
sensor nodes before deployment. In this protocol three keys
are used; main key, private key and public key to provide
baseline of security. The prototype is based on key pre-
assigned technique . Only public and private key are
distributed as cryptographic keys. We preserve the data
integrity by using private key and authenticity by using public
1. Main Key
The main key is shared between the base station and all
nodes. The main key is manually assigned to the base station
and all nodes before the network is deployed. Nodes use the
main key to encrypt data that is sent to the base station.
1.1Main Key with base station
Each node is programmed with two parameters; main key
and number of nodes in the network. The base station
generates private keys table and public keys set. The base
station generates N*3 different random private keys and 3
public keys. For example, if we have 8 nodes, the main station
will generate 24 different private keys. Each 3 keys will be
assigned to a certain node in the network. Whenever a new
node is added, the base station assigns 3 unique private keys
and 3 shared public keys. The private key is shared between
the base station and each node. The neighbor nodes do not
know other nodes private keys. Each node uses the private key
to encrypt the actual data in the transmitted packets. We
preserve data integrity by using private keys to encrypt only
very important data in the packet.
1.2 Public key with Main station
The public key will be generated by the base station. The
base station will generate 3 different public keys. In case of
any one of these three public keys is compromised, the WSN
is still able to maneuver using the other two keys. The sensor
nodes use one of these public key with neighbor nodes. The
public key works as group key between all nodes. Each node
uses the public key for encrypted the packet information such
as node ID. The three public are randomly generated when the
network is deployed.
1.3 Main key with a node
When the network is deployed, the node does not have
any private keys or any public keys. The node sends an initial
packet using the main key. The base station receives the initial
packet and replies with the configuration packet which
contains all the necessary information to make this node part
of this sensor network. Private keys and public keys are sent
within the configuration packet. Therefore, the node must
have direct communication with the base station to get this
configuration packet. After the node gets the configuration
packet, it can be placed anywhere in the network radius.
2. Private Key length modules
The length of the private key is crucial because the
private table uses large space from memory. In order to avoid
wasting resources, we have to design a module that provides
customized key length. This module should satisfy two
conditions; short and of sufficient length to accommodate all
private keys. The length of the key is log 𝑀 ∗ 3 , where M is
the number of nodes in WSN. For example, if we have M= 8,
then 𝐿 = log𝑀 ∗ 3 = 4.5 ≈ 5, L=5 bits. Thus, the base
station is assigned 5 bits for the private keys which is 24 keys
in this case. The total bits are reserved for these table
5×24=120 bits. In fact, this is very low memory space.
Another example, if we have M=100 nodes, we will have 300
private keys. L= 8.2 ≈ 9 bit. So the base is assigned 9 bits for
private keys which is total 300 keys in this case. The total bits
assigned for this private key table is 300×9= 2700 bits. In fact,
2.7 k is very low memory space for large WSN that holds 100
3. Private Table fields
The base station holds the set of data that is randomly
generated. The base station creates the required number of
private keys then it assigns every three of them to a unique
node. Figure 2 shows the Private Table in the base station. It
consists of 4 fields that are key1, key2, key3, node ID, and
state. Key fields represent private keys and are assigned to
nodes. Each node takes 3 different-unique keys. Node ID of
zero value indicates that keys are not assigned yet. If the node
moves to unsecure mode, the base station will set node state to
zero. Node sate indicates whether this node using encryption
mode or not. The node state gives WSN flexibility to move
from state to state or to apply encryption mode only on group
of nodes. Obviously, the main key is crucial to add any nodes
to the Private Table. The main role of the Private Table is to
create a list of nodes IDs that are considered part of the WSN.
Furthermore, any node is not registered in the private table is
considered unauthenticated node by the base station.
Figure 2: Private Table in the Base Station
4. Data Confidentiality and Authentication
In order to protect the exchanged packets between the
nodes from eavesdropping by unauthorized parties, private
keys encryption mechanisms are provided. The private keys
are used to provide data confidentiality. Message
authentication codes (MAC) mechanisms are used to check
any modifications in the received packets. MAC generation is
performed by implementing a hash function of the packets
using the public key.
5. Neighbors Discovery
After the node receives its keys, the node starts a neighbor
discovery phase. In the initial step, the node broadcasts a
specific type packet containing its ID, main key which is
encrypted by the public key so that every other node receives
it. Every node gets the broadcast packet, decrypts and reads
the main key fields to compare it with its main key. If the
main key is the same between the sender and the receiver, the
receiver adds the node ID to its routing table.
The protocol presented in this provides Data
Confidentiality and Authentication for WSN. Private keys
encryption mechanisms are used in the implementation of this
algorithm. The private keys are used to provide data
confidentiality. Message authentication codes (MAC)
mechanisms are used to check any modifications in received
packets. MAC generation is performed by using an enhanced
hash function of the packets by using public key. This
protocol is highly efficient which uses small memory space
and low overhead for data encryption and decryption.
 M. Khan, E. Felemban , S.Qaisar, S. Ali, "Performance
Analysis on Packet Delivery Ratio and End-to-End Delay of
Different Network Topologies in Wireless Sensor Networks
(WSNs)," Mobile Ad-hoc and Sensor Networks (MSN), 2013
IEEE Ninth International Conference on. IEEE, 2013.
 Liu, Donggang, Peng Ning, and Rongfang Li. "Establishing
pairwise keys in distributed sensor networks," ACM
Transactions on Information and System Security (TISSEC) 8.1
 S. Zhu, S. Xu, S. Setia, and S. Jajodia, “Establishing pairwise
keys for secure communication in ad hoc networks: a
probabilistic approach," in Proc. 11th IEEE International Conf.
Netw. Protocols, Nov. 2003.
 J. Lee and D. R. Stinson, “Deterministic key predistribution
schemes for distributed sensor networks," in Proc. 11th
Workshop Sel. Areas Cryptography, Aug. 2004.
 W. Du, J. Deng, Y. S. Han, and P. K. Varshney, “A pairwise
key predistribution scheme for wireless sensor networks," in
Proc. 10th ACM Conf. Comput. Commun. Security, Oct. 2003.
 H. Chan, A. Perrig, and D. Song, “Random key predistribution
schemes for sensor networks," in Proc. IEEE Symp. Research
Security Privacy, May 2003.
 J. Kim, J. Lee, and K. Rim, “Energy efficient key management
protocol in wireless sensor networks," International J. Security
its Appl., 2010.
 L. Eschenauer and V. D. Gligor, “A key-management scheme
for distributed sensor networks," in Proc. 9th ACM Conf.
Comput. Commun. Security, Nov. 2002
 H. Dai and H. Xu, “Triangle-based key management scheme for
wireless sensor networks," Frontiers Electrical Electron. Eng.
China, vol. 4, no. 3, pp. 300-306, 2009.
 P. Traynor, H. Choi, G. Cao, S. Zhu, and T. L. Porta,
“Establishing pair-wise keys in heterogeneous sensor networks,"
in Proc. 25th IEEE Conf. Comput. Commun., Apr. 2006.
 A. Poornima and B. Amberker, “Tree-based key management
scheme for heterogeneous sensor networks," in 16th IEEE
International Conf. Netw., 2008.
 Y. Zhang, W. Yang, K. Kim, and M. Park, “An AVL tree-based
dynamic key management in hierarchical wireless sensor
network," in Proc. International Conf. Intelligent Inf. Hiding
Multimedia Signal Process., pp. 298-303, 2008.
 T. Landstra, M. Zawodniok, and S. Jagannathan, “Energy-
efficient hybrid key management protocol for wireless sensor
networks," in IEEE Conf. Local Comput. Netw., 2007.
 A. Poornima and B. Amberker, “Key management schemes for
secure communication in heterogeneous sensor networks,"
International J. Recent Trends Eng., 2009.
 A. Das, “An unconditionally secure key management scheme
for largescale heterogeneous wireless sensor networks," in Proc.
First International Commun. Syst. Netw. Workshops, pp. 1-10,
 M. Wen, Z. Yin, Y. Long, and Y. Wang, “An adaptive key
management framework for the wireless mesh and sensor
networks," Wireless Sensor Netw. J., 2010.
 H. Jen-Yan, I. Liao, and H. Tang, “A forward authentication key
management scheme for heterogeneous sensor networks,"
EURASIP J. Wireless Commun. Netw., 2010.
 Venkatesh , S. Patil, “Sensor network traffic-adaptive key
management scheme," in Proc. International Conf. Advances
Recent Technol. Commun. Comput., 2009.
 C. Wang, T. Hong, G. Horng, and W. Wang, “A GA-based key-
management scheme in hierarchical wireless sensor networks,"
International J. Innovative Comput., Inf. Control, 2008.
 Wenjun Gu, Neelanjana Dutta, Sriram Chellappan and Xiaole
Bai, “Providing End-to-end Secure Communications in Wireless
Sensor Networks,” Network and Service Management, IEEE
Transactions on 8(3), pp. 205 – 218, September 201.
 I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci,
Wireless sensor networks: a survey," Computer networks, vol.
38, no. 4, pp. 393-422, 2002.
 A. Siuli Roy and S. Bandyopadhyay, \Agro-sense: precision
agriculture using sensor based wireless mesh networks," in
Innovations in NGN: Future Network and Services,2008. K-
INGN 2008. First ITU-T Kaleidoscope Academic Conference.
IEEE, pp. 383 -388, 2008.
 X. Xing, G. Wang, J. Wu, and J. Li, “Square region-based
coverage and connectivity probability model in wireless sensor
networks," in Collaborative Computing: Networking,
Applications and Worksharing, 2009. CollaborateCom 2009. 5th
International Conference on. IEEE, pp. 1-8, 2009.
 X. Wang, G. Xing, Y. Zhang, C. Lu, R. Pless, and C. Gill,
Integrated coverage and connectivity conguration in wireless
sensor networks," in Proceedings of the 1st international
conference on Embedded networked sensor systems. ACM, pp.
28 -39, 2003.
 A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. Culler,
“SPINS: security protocols for sensor networks,” Wireless
Networks, vol. 8, no. 5, pp. 521–534, 2002.