Key management schemes
Some key management schemes for establishing and distributing cryptographic keys in the network are:
Distributed key scheme. A group of users of a network, referred to as a ‘conference,’ in order to securely communicate over public channels, could decide to use symmetric encryption algorithms, e.g., RC6 or AES. These algorithms are fast and presumed to be secure. However, to apply this strategy, they need a common key to encrypt and decrypt the messages they wish to send to each other.
Using a KDC is a common solution to the key establishment problem. A KDC is a server of the network which generates and distributes on-demand the conference keys. The idea is: each user shares a secure point-to-point channel with the centre. When one user wants to communicate with other users securely, he sends a request message for a session key. The centre checks for membership of the user in the group, and distributes the conference key to each member of the group in encrypted form.
A distributed key distribution centre (DKDC) is a set of ‘n’ servers of a network that jointly realise the function of a KDC, as shown in Fig. 2. In this setting, a user who needs to participate to a conference sends a key-request message to a fixed-size subset at his choice of the ‘n’ servers. The contacted servers answer with some information enabling the user to compute the conference key.
Assume every message between sensor nodes is encrypted and authenticated by the pairwise keys between them. The aim of distributed key establishment scheme is just to establish pairwise keys between sensor nodes.
Single network-wide key scheme. Using a single network-wide key is by far the simplest key establishment technique. In the initialisation phase of this technique, a single key is preloaded into all the nodes of the network. After deployment, every node in the network can use this key to encrypt and decrypt messages. Only a single key is to be stored in the nodes’ memory, and once deployed in the network, there is no need for a node to perform key discovery or key exchange since all the nodes in communication range can transfer messages using the key which they al-ready share. This scheme counters several constraints with less computation and reduced memory use, but it fails in providing the basic requirements of a sensor network by making it easy for an adversary trying to attack.
Pairwise key establishment scheme. The pairwise key establishment scheme includes node-to-node authentication and resilience to node replication. For a network of ‘n’ nodes in the pairwise scheme, the key predistribution is done by assigning each node a unique pair-wise key with all the other nodes in the network. With each node sharing a unique key with every other node in the network, this scheme offers node-to-node authentication. Each node can verify the identity of the node it is communicating with. This scheme also offers increased resilience to network capture as a compromised node does not reveal information about other nodes that are not directly communicating with the captured node.
One drawback with the pairwise scheme is the additional overhead needed for each node to establish n-1 unique keys with all the other nodes in the network and maintain those keys in its memory.
Public-key schemes RSA and ECC. Both RSA and ECC have been in re-search for many years. RSA stands for ‘Rivest Shamir Adleman’ algorithm. It was developed in 1977 and is still one of the most popular public-key encryption technologies currently available. RSA derives its strength from the complication of factoring very large numbers.
ECC was developed in 1985 independently by Koblitz and Miller. Its approach to public-key cryptography is based on the mathematics of elliptic curves. ECC can obtain the same security level as RSA while using a smaller key. A 160-bit ECC key has the same security as a 1024-bit RSA key. A 224-bit ECC key compares to the 2048-bit RSA key. This is because it takes exponential algorithms to solve the elliptic curve discrete logarithm problem as opposed to small runtime algorithms to solve the large number factorisation in RSA.
The RSA scheme generally introduces keys of 512–2048 bits. Its takes a message ‘M’ and composes a cipher text ‘C’ using the key ‘K.’ A method called the Chinese Remainder Theorem (CRT) can be used to accelerate RSA. Two prime numbers ‘q’ and ‘p’ are multiplied together to get the modulus ‘n.’ Computing these modular multiplications, CRT can lower computation time by almost three-fourth. Other factors like the Montgomery multiplication and optimised squaring can reduce RSA complexity by 25 per cent.