Secure communications in wireless sensor networks operating under adversarial conditions require providing pairwise (symmetric) keys to sensor nodes. In large scale deployment scenarios, there is no priory knowledge of post deployment network configuration since nodes may be randomly scattered over a hostile territory. Thus, shared keys must be distributed before deployment to provide each node a key-chain. For large sensor networks it is infeasible to store a unique key for all other nodes in the key-chain of a sensor node. Consequently, for secure communication either two nodes have a key in common in their key-chains and they have a wireless link between them, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path have a key in common. Length of the key-path is the key factor for efficiency of the design. This paper presents novel deterministic and hybrid approaches

this paper is to evaluate the key distribution solutions. Depending on application types, it is possible to discuss: (i) network architectures such as distributed or hierarchical, (ii) communication styles such as pair-wise (unicast), group-wise (multicast) or network-wise (broadcast), (iii) security requirements such as authentication, confidentiality or integrity, and (iv) keying requirements such as pre-distributed or dynamically generated pair-wise, group-wise or network-wise keys. In this paper, we provide a comparative survey, and taxonomy of solutions. It may not be always possible to give strict quantitative comparisons; however, there are certain metrics, as described in the next section, that can be used to evaluate the solutions. The structure of the paper is as follows: in Section 2 common terms and definitions are given, in Section 3 network models are defined, in Section 4 security vulnerabilities and requirements are discussed, in Sections 5 and 6 key distribution solutions are evaluated, and finally in Section 7 we provide summary and discussions

Abstract — Many sensor network applications require sensors ’ locations to function correctly. Despite the recent advances, location discovery for sensor networks in hostile environments has been mostly overlooked. Most of the existing localization protocols for sensor networks are vulnerable in hostile environments. The security of location discovery can certainly be enhanced by authentication. However, the possible node compromises and the fact that location determination uses certain physical features (e.g., received signal strength) of radio signals make authentication not as effective as in traditional security applications. This paper presents two methods to tolerate malicious attacks against beacon-based location discovery in sensor networks. The first method filters out malicious beacon signals on the basis of the “consistency ” among multiple beacon signals, while the second method tolerates malicious beacon signals by adopting an iteratively refined voting scheme. Both methods can survive malicious attacks even if the attacks bypass authentication, provided that the benign beacon signals constitute the majority of the “consistent ” beacon signals. This paper also presents the implementation of these techniques on MICA2 motes running TinyOS, and the evaluation through both simulation and field experiments. The experimental results demonstrate that the proposed methods are promising for the current generation of sensor networks. I.

As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design. However, due to inherent resource and computing constraints, security in sensor networks poses different challenges than traditional network/computer security. There is currently enormous research potential in the field of wireless sensor network security. Thus, familiarity with the current research in this field will benefit researchers greatly. With this in mind, we survey the major topics in wireless sensor network security, and present the obstacles and the requirements in the sensor security, classify many of the current attacks, and finally list their corresponding defensive measures.

In multihop wireless systems, such as ad-hoc and sensor networks, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is known as the wormhole attack, where a malicious node records control and data traffic at one location and tunnels it to a colluding node, which replays it locally. This can have an adverse effect in route establishment by preventing nodes from discovering routes that are more than two hops away. In this paper, we present a lightweight countermeasure for the wormhole attack, called LITEWORP, which does not require specialized hardware. LITEWORP is particularly suitable for resource-constrained multihop wireless networks, such as sensor networks. Our solution allows detection of the wormhole, followed by isolation of the malicious nodes. Simulation results show that every wormhole is detected and isolated within a very short period of time over a large range of scenarios. The results also show that the fraction of packets lost due to the wormhole when LITEWORP is applied is negligible compared to the loss encountered when the method is not applied.

Secure sensor network communication protocols need to provide three basic properties: data secrecy, authentication, and replay protection. Secure sensor network link layer protocols such as Tiny-Sec [13] and ZigBee [28] enjoy significant attention in the community. However, TinySec achieves low energy consumption by reducing the level of security provided. In contrast, ZigBee enjoys high security, but suffers from high energy consumption. MiniSec is a secure network layer that obtains the best of both worlds: low energy consumption and high security. MiniSec has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication. The latter does not require per-sender state for replay protection and thus scales to large networks. We present a publicly available implementation of MiniSec for the Telos platform, and experimental results demonstrate our low energy utilization.

Abstract—Routing in wireless sensor networks is different from that in commonsense mobile ad-hoc networks. It mainly needs to support reverse multicast traffic to one particular destination in a multihop manner. For such a communication pattern, end-to-end encryption is a challenging problem. To save the overall energy resources of the network, sensed data needs to be consolidated and aggregated on its way to the final destination. We present an approach that 1) conceals sensed data end-to-end by 2) still providing efficient and flexible in-network data aggregation. The aggregating intermediate nodes are not required to operate on the sensed plaintext data. We apply a particular class of encryption transformations and discuss techniques for computing the aggregation functions “average ” and “movement detection. ” We show that the approach is feasible for the class of “going down ” routing protocols. We consider the risk of corrupted sensor nodes by proposing a key predistribution algorithm that limits an attacker’s gain and show how key predistribution and a key-ID sensitive “going down ” routing protocol help increase the robustness and reliability of the connected backbone. Index Terms—Wireless sensor networks, data encryption, data aggregation, robustness and reliability, privacy homomorphism, key predistribution. 1

Sensor networks are composed of a large number of low power sensor devices. For secure communication among sensors, secret keys must be established between them. Recently, several pairwise key schemes have been proposed for large distributed sensor networks. These schemes randomly select a set of keys from a key pool and install the keys in the memory of each sensor. After deployment, the sensors can set up keys by using the preinstalled keys. Due to lack of tamper-resistant hardware, the sensor networks are vulnerable to node capture attacks. The information gained from captured nodes can be used to compromise communication among uncompromised sensors. Du et al. [1], Liu and Ning [2] proposed to use the known deployment information to reduce the memory requirements and mitigate the consequences of node capture attack. Our analysis shows that the assumption of random capture of sensors is too weak. An intelligent attacker can selectively capture sensors to get more information with less efforts. In addition to selective node capture attack, all recent proposals are vulnerable to node fabrication attack, in which an attacker can fabricate new sensors by manipulating the compromised secret keys and then deploy the fabricated sensors into the sensor system. To counter these attacks, we propose a grid-group scheme which uses known deployment information. Unlike the pairwise key scheme using deployment information proposed by Du et al., we uniformly deploy sensors in a large area; instead of randomly distributing keys from a large key pool to each sensor, we systematically distribute secret keys to each sensor from a structured key pool. Our performance analysis shows that our scheme requires less number of keys preinstalled for each sensor and is resilient to selective node capture attack and node fabrication attack.

Key management is one of the fundamental building blocks of security services. In a network with resource constrained nodes like sensor networks, traditional key management techniques, such as public key cryptography or key distribution center (e.g., Kerberos), are often not effective. To solve this problem, several key pre-distribution schemes have been proposed for sensor networks based on random graph theory. In these schemes, a set of randomly chosen keys or secret information is pre-distributed to each sensor node and a network is securely formed based on this information. Most of the schemes assumed that the underlying physical network is dense enough, that is, the degree of each node is high. In this paper, we revisit the random graph theory and use giant component theory by Erdös and Rényi to show that even if the node degree is small, most of the nodes in the network can be connected. Further, we use this fact to analyze the Eschenhauer et. al’s, Du et. al’s, and Chan et. al’s key pre-distribution schemes and evaluate the relation between connectivity, memory size, and security. We show that we can reduce the amount of memory required or improve security by trading-off a very small number of isolated nodes. Our simulation results show that the communication overhead does not increase significantly even after reducing the node degree. In addition, we present an approach by which nodes can dynamically adjust their transmission power to establish secure links with the targeted networked neighbors. Finally, we propose an efficient path-key identification algorithm and compare it with the existing schemes.

Abstract — Many key pre-distribution techniques have been developed recently to establish pairwise keys for wireless sensor networks. To further improve these schemes, researchers have proposed to take advantage of sensors ’ expected locations to help pre-distributing keying materials. However, it is usually very difficult, and sometimes impossible, to guarantee the knowledge of sensors ’ expected locations. In order to remove the dependency on expected locations, this paper proposes a practical deployment model, where sensor nodes are deployed in groups, and the nodes in the same group are close to each other after the deployment. Based on this model, the paper develops a novel group-based key pre-distribution framework, which can be combined with any of existing key pre-distribution techniques. A distinguishing property of this framework is that it does not require the knowledge of sensors ’ expected locations and greatly simplifies the deployment of sensor networks. The analysis also shows that the framework can substantially improve the security as well as the performance of existing key pre-distribution techniques. I.