Pair-wise key pre-distribution method for wireless sensor network

Abstract

The present invention provides a method regarding key deployment in wireless sensor networks, that is, with random anticipated disposition mechanism as basis, a key management mechanism is designed.

Description

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1: Representing diagram of initialization step 1 of prefer implementation 1 of the present invention

FIG. 2: Representing diagram of initialization step 2 of prefer implementation 1 of the present invention

FIG. 3: Representing diagram of adding new nodes step 1 of prefer implementation 1 of the present invention

FIG. 4: Representing diagram of adding new nodes step 2 of prefer implementation 1 of the present invention

FIG. 5: Representing diagram of adding new nodes step 3 of prefer implementation 1 of the present invention

FIG. 6: Representing diagram of initialization step 1 of prefer implementation 2 of the present invention

FIG. 7: Representing diagram of initialization step 2 of prefer implementation 2 of the present invention

FIG. 8: Representing diagram of adding new nodes step 1 of prefer implementation 2 of the present invention

FIG. 9 Representing diagram of adding new nodes step 2 of prefer implementation 2 of the present invention

FIG. 10 Representing diagram of adding new nodes step 3 of prefer implementation 2 of the present invention

Claims

1. A method of key deployment in wireless sensor networks includes the following steps: (a) Preceding step of key deployment: a plurality of sensor node are deployed beforehand in wireless sensor networks, and using ways of permutations and combinations, detailed key list is build up, a plurality of node separately draws out at least a sector not repeated from the key list that is built, as key list of each nodes, each node, in accordance with the key list it selected, selects the corresponding relative key so as to form a key ring, and separately stores in each sensor nodes, key rings in each sensor nodes is distributed by a predetermined way and mutually shares at least a key;(b) Initialization step: in the wireless sensor networks deployed with plurality of sensor node, at least a sensor node is shared at least a key by at least another sensor node and mutually discovers, then secure link is set up; andAfter secure link is set up in at least a sensor node with at least another sensor node, the sensor node with secure link already set up has its own distinct key information stored by a predetermined way, and the key stored in the key rings is deleted.

2. According to method of claim 1, wherein preceding step of key deployment further includes the following step: generate a key space, and randomly select the key pool in the key space, furthermore draw out another identity key pool, its sum of keys must be greater than all the amount of sensor nodes deployed.

3. According to method of claim 2, wherein the sum of keys stored by every sensor node must be greater than half of the sum of keys randomly selected from key space.

4. According to method of claim 3, wherein further includes the following step: from the sum of keys randomly selected from the key space and the amount of keys stored in every sensor node, utilizing ways of permutations and combinations to calculate its possibility to combine hence to use it to build up the detailed key list.

5. According to method of claim 4, wherein further includes the following step: a plurality of sensor node deployed in wireless sensor networks separately draws out mutually non repeated sectors from the key list that is build, key list between sensor nodes is not entirely similar.

6. According to method of claim 4, wherein further includes the following step: every sensor node separately selects from the identity key pool, an identity key not yet chosen, as identity key for sensor node itself.

7. According to method of claim 1, wherein further includes the following step during initialization step: at least a sensor node with another sensor node will in accordance with the key it chose and stored carry out pair-wise key set up, at least a key is shared mutually between sensor nodes, discovers and carries out linking.

8. According to method of claim 7, wherein further includes the following step: at least a sensor node carries out sticky operations on the identity code and the key list stored by itself and through broadcast is conveyed to at least another sensor node, and at least another sensor node will also carry out sticky operations on the identity code and the key list stored by itself and through broadcast is conveyed to at least another sensor node and both mutually conveys.

9. According to method of claim 8, wherein further includes the following step: after receiving the sticky operations broadcast of the identity code and the key list between sensor nodes, the sensor nodes will then make use of the key list information stored by it self to carry out comparison and to find out the repeated key part, and utilizing hash function, combinations is carried out on the class of repeated key parts which forms session keys, identity keys and identity codes of the sensor nodes are encrypted by the session keys and are conveyed between sensor nodes.

10. According to method of claim 9, wherein further includes the following step: at least a sensor node and at least another sensor node after receiving messages encrypted by session keys, utilizing session keys formed by itself, decryption is done and identity key and identity code of the opposite sensor node is acquired, again using hash function, secure link key is formed mutually between the session key, identity key between sensor nodes.

11. According to method of claim 10, wherein secure link key can be used as encryption keys for messages transfer between sensor nodes.

12. According to method of claim 10, wherein further includes the following step: when plurality of sensor nodes deployed in wireless sensor networks have completed the building of entire secure link keys, sensor nodes then utilizes hash function to combine the identity key and key list of itself to form v value, keys existing in key rings are then removed.

13. A method of key deployment in wireless sensor networks, is the utilization of the wireless sensor networks deployed by the method as claimed in claim 12 to add at least a new sensor node, it includes the following step: (a) Preceding step of key deployment: the at least new sensor node separately draws out at least a non repeated sector as the key list of the class of new sensor nodes from the detailed key list build up by ways of permutations and combinations, and selects a identity key not yet selected from the identity key pool, furthermore based on the key list to select the corresponding key to form key rings, and then store all the keys chosen randomly from the key space.(b) Step of key deployment: at least a new sensor node is shared at least a key by at least a sensor node already deployed and mutually discovers then sets up secure link; and after secure link is set up by at least a sensor node and at least a sensor node already deployed, the class of sensor nodes with secure link already set up uses a predetermined storing its individual key information and deletes the key stored by it in the key ring.

14. According to method of claim 13, wherein further include the following step: at least a newly added node separately convey its own identity key and newly added request to at least a sensor node already deployed; at least a sensor node already deployed then uses its own key list and identity code and utilizes its v value to encrypt its own identity key and identity code, and conveys it altogether to at least a newly added sensor node.

15. According to method of claim 14, wherein further includes the following step: at least a newly added sensor node after receiving identity code and key list, then uses the key list information stored by itself to carry out comparison, and to find out its repeated parts, and utilizing hash function to carry out combinations on the class of repeated key parts to form session keys, decryption is carried out on the session keys to obtain the identity key of at least a sensor node already deployed.

16. According to method of claim 14, wherein at least a newly added sensor node uses the identity key derived from at least a sensor node already deployed and the key carried by at least a newly added sensor node itself to calculate its v value, then utilizing the v value encryption is carried out on the identity code and identity key of at least a newly added sensor node, and conveys to the identity key of at least a sensor node already deployed, so as to enable exchange of identity keys between sensor nodes.

17. According to method of claim 16, wherein between at least a sensor node already deployed and at least a newly added sensor node, using hash function, mutual secure link key are formed from v value, identity key of at least a sensor node already deployed and identity key of at least a newly added sensor node.

18. According to method of claim 17, wherein further include the following step: as entire secure link keys have finished set up between at least a newly added sensor node deployed in wireless sensor networks and at least a sensor node already deployed, at least a newly added sensor node then utilizes hash function to combine its own identity key, key list to form v value and its originally stored key is then removed.

19. A method of key deployment in wireless sensor networks, wherein a time stamp can be added selectively in method as claimed in claim 1.

20. According to method of claim 19, wherein during initialization step, wherein at least a sensor node conveys the key list stored by it to at least another sensor node through broadcasts, and at least another sensor node also conveys the key list stored by itself to at least a sensor node through broadcasts and mutually conveys.

21. According to method of claim 20, wherein further include the following step: after receiving broadcast of key list between sensor nodes, sensor nodes then utilizes key information stored by itself to carry out comparison, and to find out its repeated key parts, and utilizing hash function combination is carried out on the class of repeated key parts to form session keys, using the session keys identity code and time stamp are encrypted and conveyed between sensor nodes.

22. According to method of claim 21, wherein further include the following step: at least a sensor node and at least another sensor node after receiving messages encrypted by session keys utilizes session keys formed by itself to decrypt and acquire identity code and time stamp of the opposite sensor node, again using hash function, mutual secure link key are formed from identity code and time stamp of the sensor node.

23. According to method of claim 21, wherein further include the following step: its secure link key can be used as encrypting keys for conveying messages between sensor nodes.

24. According to method of claim 21, wherein further include the following step: after entire secure link keys between a plurality of sensor nodes deployed in wireless sensor networks have finished set up, the sensor node then utilizes hash function to combine the identity code, key list of its own to form v value and keys existing in key rings are then removed.

25. A method of key deployment in wireless sensor networks, is adding at least a new sensor node by utilizing wireless networks deployed by the method as claimed in claim 18, wherein during step of key deployment, at least a newly added sensor node broadcast newly added request to at least a sensor node already deployed, the at least a sensor node already deployed then utilizes sticky operations on key list and v value generated in the preceding step to encrypt its own time stamp and identity code, and conveys it altogether to at least a newly added sensor node; At least a newly added sensor node after receiving key list then utilizes key information stored by it self to carry out comparison, and to find out its repeated key part, and utilizing hash function to carry out combinations on the class of repeated key parts to form session keys, decryption is carried out on the session keys to obtain the identity code and time stamp of at least a sensor node already deployed.At least a newly added sensor node then utilizes the key list derived from at least a sensor node already deployed and the key carried by at least a newly added sensor node itself to calculate its v value, then utilizing the v value encryption is carried out on the identity code of at least a newly added sensor node and time stamp of at least a sensor node already deployed, and conveys to at least a sensor node already deployed, so as to enable exchange of identity codes between sensor nodes, again using hash function, mutual secure link key are formed from v value, identity code of at least a newly added sensor node, identity code of at least a sensor node already deployed and time stamp of at least a sensor node already deployed;As entire secure link keys have finished set up between at least a newly added sensor node and at least a sensor node already deployed, in wireless sensor networks, at least a newly added sensor node then utilizes hash function to combine key list to form v value and its originally stored key is then removed.

26. A wireless sensor network system, is utilizing method of key deployment in wireless sensor network as claimed in claim 1, and accomplished by deployment of wireless sensor network nodes.

27. According to method of claim 15, wherein at least a newly added sensor node uses the identity key derived from at least a sensor node already deployed and the key carried by at least a newly added sensor node itself to calculate its v value, then utilizing the v value encryption is carried out on the identity code and identity key of at least a newly added sensor node, and conveys to the identity key of at least a sensor node already deployed, so as to enable exchange of identity keys between sensor nodes.