Review
Survey on key revocation mechanisms in wireless sensor networks

https://doi.org/10.1016/j.jnca.2016.01.012Get rights and content

Abstract

As sensor nodes are deployed in an open and hostile environment, they are vulnerable to various attacks. Due to the insecure nature of the environment, it is of critical importance to be able to revoke compromised nodes to ensure the confidentiality of data traversing in the network. Several approaches to resolving the challenges associated with key revocation have been proposed in the past years, which can be broadly categorized into four main classes, namely centralized, distributed, decentralized and hybrid. In this survey, we present an overview of existing key revocation schemes for wireless sensor networks, as well as a comparative summary (e.g. performance and security features). We also investigate rekeying schemes which are not designed for wireless sensor networks. We conclude this paper with a discussion of open research issues.

Introduction

A wireless sensor network (WSN) is an ad hoc network which has a large number of low-power, low-cost and densely deployed sensor nodes. It has a wide range of applications in areas, such as military, health and environment (Akyildiz et al., 2002). However, due to constrained computational resources and the fully distributed nature, wireless sensor networks are vulnerable to various attacks (Karlof and Wagner, 2003, Pathan et al., 2006). Cryptographic techniques have been employed to provide data confidentiality, integrity and authenticity between communicating parties in a hostile environment, and key management protocols are one such cryptographic technique to provide communication security by effectively managing key materials.

In the context of WSNs, a key management protocol typically comprises the following processes, namely key setup, distribution of keys, and key revocation. Key setup and distribution protocols have been extensively studied in the literature (Chen and Chao, 2014, Liu and Ning, 2003, Boyd and Choo, 2005, Choo et al., 2006). However, key revocation protocols receive relatively less attention. We argue that key revocation protocols are as important as key distribution protocols, such as those described in Choo (2009) and Choo et al. (2014). It is not a matter of if, but of when, that any sensor node deployed in an open and hostile environment can be compromised by an adversary (Nam et al., 2015, Zeng et al., 2009a, Zeng et al., 2009b, Zeng et al., 2009c). Consequently, when the node gets compromised, information, including key material, stored in the node will be revealed to the adversary. These keys are also shared by other nodes in the network. If the compromised node cannot be revoked from the network as quickly as possible, subsequent communications will be compromised or in the worse case scenario, the adversary may be able to take over the entire network. Therefore, key revocation is critical in reducing the damage a compromised node may cause to the sensor network.

We broadly categorize existing revocation schemes into four classes (based on the involvement of central authority and sensor nodes), namely centralized, distributed, decentralized and hybrid. In 2013, Mall et al. surveyed existing key revocation schemes for WSNs. However, the focus was only on centralized and distributed schemes (Mall et al., 2013). In this paper, we extend their survey to include decentralized and hybrid schemes (Clulow and Moore, 2006, Moore et al.,, Sanchez and Baldus, 2005, Chattopadhyay and Turuk, 2012, Jiang et al., 2013, Ge and Choo, 2014), as well as recently published centralized and distributed schemes (Mansour et al., 2014), in order to provide a more comprehensive and up-to-date overview of the key revocation literature – see Fig. 1. We also present a comparative summary between schemes in each class, in terms of performance and security, as well as discussing the advantages and disadvantages between the different schemes. We then investigate rekeying schemes which are not designed for WSNs, and include two schemes which could be adopted for WSN platforms due to their performance.

The underlying security architecture in the key revocation schemes examined in this paper can be broadly categorized into three types.

  • 1.

    A probabilistic key pre-distribution scheme, where any two nodes have certain probability of sharing a symmetric key, such as in Eschenauer et al. (2002), Wang et al. (2007), and Park et al. (2010).

  • 2.

    A pairwise key establishment scheme, where each node shares a unique pairwise key with each other.

  • 3.

    A group communication scheme, where group members share a secret symmetric key within the group, such as in Dini and Savino (2006).

The remainder of this paper is organized as follows. 2 Centralized revocation schemes, 3 Distributed revocation schemes, 4 Decentralized revocation schemes, 5 Hybrid revocation schemes review existing key revocation protocols for WSNs based on the four classes, namely centralized, distributed, decentralized and hybrid, respectively. In each of these four sections, we describe existing key revocation schemes, evaluate their performance, and analyze their security properties. In Section 6, we present a comparative summary of the schemes discussed in the earlier sections, as well as two key revocation schemes that could be applied in WSNs. The last section concludes the paper and outlines future research directions.

Section snippets

Centralized revocation schemes

In centralized revocation schemes when sensor nodes are detected with misbehavior, a central authority is required to revoke compromised nodes by removing compromised keys and/or updating keys (e.g. session keys shared between nodes or network keys used in group communication) (Eschenauer et al., 2002, Mansour et al., 2014, Dini and Savino, 2006, Wang et al., 2007, Park et al., 2010).

Distributed revocation schemes

The distributed revocation schemes require node collaboration in the revocation process. This improves the reaction time, but results in a more complex network design. Nodes cooperate in two ways. In Chan et al., 2003, Chan et al., 2005, Chao et al. (2013), and Chuang et al. (2010), non-compromised nodes vote against compromised nodes. In Moore et al., non-compromised nodes reelect each other to form a trusted group, thus excluding compromised nodes from the network.

Decentralized revocation schemes

In decentralized revocation schemes, the decision of revoking a compromised node is made by a single sensor node. Without the involvement of a central authority and node cooperation, decentralized schemes provide a speedy process to remove compromised nodes.

Hybrid revocation schemes

Hybrid revocation schemes are based on the grouping nodes concept, and both distributed and centralized methods are combined to increase revocation efficiency and accuracy.

Comparative summary

In this section, we discuss the schemes identified in the earlier sections based on their performance (i.e. memory space, complexity, communication overhead, reaction time, and hardware platform), network resilience, scalability, mobility, and extensibility (e.g. the inclusion of new nodes).

In terms of performance, when the same cryptographic algorithms are used (e.g. symmetric encryption or public key cryptography), centralized schemes require less storage space, computational complexity and

Conclusion and future research

Key revocation protocols are an important component in ensuring the security of communications in WSNs. In our survey of published key revocation schemes, we demonstrated that different schemes in different category have both advantages and disadvantages. Unfortunately, there is no one-for-all solution that can eliminate all restrictions and satisfy all requirements for practical deployment. Therefore, in the design of key revocation protocols, we recommend that protocol designers first

Acknowledgments

The authors would like to thank Professor Mohammed Atiquzzaman (Editor-in-Chief), Professor Ilsun You (Associate Editor), and the three anonymous reviewers for providing constructive and generous feedback. Despite their invaluable assistance, any errors remaining in this paper are solely attributed to the authors.

References (65)

  • I.F. Akyildiz et al.

    Wireless sensor networksa survey

    Int J Comput Telecommun Netw

    (2002)
  • K.-K.R. Choo et al.

    A mechanical approach to derive identity-based protocols from Diffie-Hellman-based protocols

    Inf Sci

    (2014)
  • C. Karlof et al.

    Secure routing in wireless sensor networksattacks and countermeasures

    Ad Hoc Netw

    (2003)
  • Aburumman A, Choo K-KR. A domain-based multi-cluster SIP solution for mobile ad hoc network. In: Proceedings of 10th...
  • Aburumman A, Seo W, Yang A, Choo K-KR, Almomani I. A distributed session initiation protocol solution for mobile ad hoc...
  • Aburumman A, Seo W, Islam R, Khan M, Choo K-KR. A secure cross-domain SIP solution for mobile ad hoc network using...
  • Blom R. An optimal class of symmetric key generation systems. In: EUROCRYPT׳84 on advances in cryptology; 1985. p....
  • Boyd C, Choo K-KR. Security of two-party identity-based key agreement. In: Proceedings of progress in...
  • Camtepe SA, Yener B. Combinatorial design of key distribution mechanisms for wireless sensor networks. In: Proceedings...
  • Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. In: IEEE symposium on security and...
  • H. Chan et al.

    On the distribution and revocation of cryptographic keys in sensor networks

    IEEE Trans Depend Secur Comput

    (2005)
  • C.H. Chao et al.

    Novel Distributed key revocation scheme for wireless sensor networks

    Secur Commun Netw

    (2013)
  • S. Chattopadhyay et al.

    A scheme for key revocation in wireless sensor networks

    Int J Adv Comput Eng Commun Technol

    (2012)
  • C.Y. Chen et al.

    A survey of key distribution in wireless sensor networks

    Secur Commun Netw

    (2014)
  • Cho, Jin-Hee, Chan, Kevin S, Chen, Ing-Ray. Composite trust-based public key management in mobile ad hoc networks. In:...
  • Choo K-KR. Secure key establishment. In: Advances in information security, vol. 41. Springer, NY;...
  • K.-K.R. Choo et al.

    The importance of proofs of security for key establishment protocolsformal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols

    Comput Commun

    (2006)
  • P.J. Chuang et al.

    Revocation scheme using public-key cryptography in wireless sensor networks

    J Inf Sci Eng

    (2010)
  • J. Clulow et al.

    Suicide for the common gooda new strategy for credential revocation in self-organizing systems

    ACM SIGOPS OSR

    (2006)
  • da Silva E, Pessoa Albini LC. Towards a fully self-organized identity-based key management system for MANETs. In: 2013...
  • Dahshan H, Elsayed F, Rohiem A, Elgmoghazy A, Irvine J. A trust based threshold revocation scheme for MANETs. In: 2013...
  • Dini G, Savino IM.: An efficient key revocation protocol for wireless sensor networks. In: Proceedings of IEEE...
  • Dini Gianluca et al.

    HISS: A HIghly Scalable Scheme for Group Rekeying

    Comput. J.

    (2013)
  • Eschenauer L, Gligor VD. A key-management scheme for distributed sensor networks. In: ACM conference on computer and...
  • J.A. Garcia-Macias et al.

    MANET versus WSN

  • Ge M, Choo KKR. A novel hybrid key revocation scheme for wireless sensor networks. In: Network and system security;...
  • A.M. Hegland et al.

    A survey of key management in ad hoc networks

    IEEE Commun Surv Tutor

    (2006)
  • Hwang J, Kim Y. Revisiting random key pre-distribution schemes for wireless sensor networks. In: Proceedings of the 2nd...
  • Kaya T, Lin G, Noubir G, Yilmaz A. Secure multicast groups on ad hoc networks. In: Proceedings of the 1st ACM workshop...
  • Y. Jiang et al.

    A key pre-distribution scheme for wireless sensor networks using hexagonal deployment knowledge

    Chin J Electron

    (2008)
  • Jiang Y, Zhang RN, Du XJ. A new efficient random key revocation protocol for wireless sensor networks. In: 14׳th...
  • Li Lung-Chung, Liu Ru-Sheng. Securing cluster-based ad hoc networks with distributed authorities. In: IEEE transactions...
  • Cited by (0)

    View full text