How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes
Abstract Three closely related polynomial‐based group key pre‐distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It i...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-05-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12016 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850208864096485376 |
|---|---|
| author | Chris J Mitchell |
| author_facet | Chris J Mitchell |
| author_sort | Chris J Mitchell |
| collection | DOAJ |
| description | Abstract Three closely related polynomial‐based group key pre‐distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, that is, making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further studies have built on these schemes, for example, to propose secure routing protocols for wireless sensor networks. Unfortunately, as shown by the author, all three schemes are completely insecure; whilst the details of their operation vary, they share common weaknesses. In two cases, we show that an attacker equipped with the information built into just one sensor node can compute all possible group keys, including those for which the attacked node is not a member; this breaks a fundamental design objective. In the other case, an attacker equipped with the information built into at most two sensor nodes can compute all possible group keys. In the latter case, the attack can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent work proposes a group membership authentication and key establishment scheme based on one of the three key pre‐distribution schemes analysed here; as the author demonstrates, this scheme is also insecure, as the attack we describe on the corresponding pre‐distribution scheme enables the authentication process to be compromised. |
| format | Article |
| id | doaj-art-97d4adcd89164c8fa91f6f2d6ec2cca8 |
| institution | OA Journals |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2021-05-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-97d4adcd89164c8fa91f6f2d6ec2cca82025-08-20T02:10:09ZengWileyIET Information Security1751-87091751-87172021-05-0115322323010.1049/ise2.12016How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemesChris J Mitchell0Information Security Group Royal Holloway University of London Egham UKAbstract Three closely related polynomial‐based group key pre‐distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, that is, making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further studies have built on these schemes, for example, to propose secure routing protocols for wireless sensor networks. Unfortunately, as shown by the author, all three schemes are completely insecure; whilst the details of their operation vary, they share common weaknesses. In two cases, we show that an attacker equipped with the information built into just one sensor node can compute all possible group keys, including those for which the attacked node is not a member; this breaks a fundamental design objective. In the other case, an attacker equipped with the information built into at most two sensor nodes can compute all possible group keys. In the latter case, the attack can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent work proposes a group membership authentication and key establishment scheme based on one of the three key pre‐distribution schemes analysed here; as the author demonstrates, this scheme is also insecure, as the attack we describe on the corresponding pre‐distribution scheme enables the authentication process to be compromised.https://doi.org/10.1049/ise2.12016cryptographypolynomialsrouting protocolstelecommunication securitywireless sensor networks |
| spellingShingle | Chris J Mitchell How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes IET Information Security cryptography polynomials routing protocols telecommunication security wireless sensor networks |
| title | How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes |
| title_full | How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes |
| title_fullStr | How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes |
| title_full_unstemmed | How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes |
| title_short | How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes |
| title_sort | how not to secure wireless sensor networks a plethora of insecure polynomial based key pre distribution schemes |
| topic | cryptography polynomials routing protocols telecommunication security wireless sensor networks |
| url | https://doi.org/10.1049/ise2.12016 |
| work_keys_str_mv | AT chrisjmitchell hownottosecurewirelesssensornetworksaplethoraofinsecurepolynomialbasedkeypredistributionschemes |