On Key Distribution And Agreement Schemes In Wireless Networks

With the rapid development of wireless communication and its related technologies, the application wireless network in all fields is also becoming more and more widely. However, compared with the traditional wired networks, wireless networks risk much more due to their open wireless channels and constrained resources on wireless devices. The wireless network security becomes the focus. The key distribution and agreement is the base and critical technology for ensuring the wireless network security. Therefore, it is highly significant to study the key distribution and agreement techniques in wireless networks.In this dissertation, we focus on the research and analysis of the key distribution and agreement techniques in wireless networks, and have achieved some meaningful research results. The main contributions are summarized as follows:1. Pair-wise key management in wireless networksUsing the resource-constrained wireless sensor networks as the network environment, we mainly study the pair-wise key pre-distribution management schemes.(1) First, for the low connectivity problem in the basic random key pre-distribution schemes, we proposed a key management scheme with improved global secure connectivity. Through a’neighboring" node expansion protocol, secure isolated nodes find the sharing key(s) with nodes beyond the one-hop so that they establish at least one secure path to guarantee the network secure connectivity. Analysis and simulation results show that our proposed scheme has higher global connectivity, higher security performance and larger total usable energy compared with the original scheme. And the performance improvement of the proposed scheme is in the price of limited additional negotiation overhead.(2) In the path-key establishment phase of existing pre-distribution key management schemes for wireless sensor networks. there are still many problems, such as long path-key establishment path, high communication overhead. and low secure network connectivity growth rate. In order to resolve these problems, an enhanced scheme for establishing the path-key was proposed. In path-key set up phase, the proposed scheme makes full use of the pre-distributed keys in the securely connected neighbors within the communication range of the node, and increases the number of nodes used to negotiate the path-key, improve the network secure connectivity and anti-capture capability. Simulation results show that with the enhanced scheme, secure network connectivity rate is obviously improved, and it achieves to100%quickly. Moreover, the enhanced scheme needs much less pre-distributed keys to achieve the prospective network connectivity rate.2. Group key management in wireless networksWe mainly study the self-healing group key distribution schemes in wireless networks.(1) In order to resolve the problem that the life span is limited in current revocation polynomial-based self-healing group key distribution schemes, we proposed an efficient long lived δ-self-healing group key distribution scheme. The proposed scheme is based on the sliding window mode and is capable of supporting infinite sessions by updating the personal secret of group members during each session and performing a partial revocation.(2) To resolve the problems in access polynomial and hash chain-based self-healing group key distribution schemes, such as the lack of collusion attack resistance capability between revoked users and new joined users, the limited number of allowed active group members, and the much communication redundancy in the session key updating broadcast packets, we proposed an enchanced self-healing group key distribution scheme based on the access polynomial and the dual directional hash chain (DDHC) for resource-constrained wireless networks. In our proposed scheme, the structure of DDHC is improved by replacing the forward key with a random value in sessions with revoked users, which makes that revoked users cannot collude with new joined users to recover unauthorized session keys. Hence, the problem of collusion attack resistance is solved, and the security is hence enhanced. Moreover, some novel methods to construct the personal secret, the access polynomial and the session key updating broadcast packet were presented. These methods contribute to eliminating the limit of maximum allowed number of active group members without the increase of storage and communication overheads. The fact that users are revoked from the group not in all sessions in a real-world network is taken into consideration, which contributes to further reducing the communication overhead and energy consumption, and prolonging the lifetime of wireless networks.(3) With the constrain of the maximum key updating broadcast packet, the existing revocation polynomial-based self-healing group key distribution schemes have some defects, such as the limited number of allowed revoked/colluding users, the larger communication overhead and the weak collusion attack resistance capability. In order to resolve above problems, we proposed three enhanced schemes for resource-constrained wireless networks, such as ZigBee-based wireless networks. In our proposed schemes,(a) a new anti-collusion attack method was proposed, in which a special utilization method of one-way hash chain was proposed to resolve the collusion attack resistance problem in hash chain based schemes.(b) by binding the time at which the user joins the group with the capability of recovering previous session keys, some new methods to construct the revocation polynomial, the personal secret polynomial and the broadcast polynomial were proposed, which contributes to expanding the maximum allowed number of revoked/colluding users m times without increasing the storage and communication overheads. The proposed scheme has stronger security.(c) the fact that new users join the group not in all sessions in real-world networks is considered. In our proposed schemes, users joining the group in different sessions are allocated different random session identify, different revocation polynomials are constructed according to the time of their joining in each session, and different hash key chain is used in each session, which contribute to further reducing the communication redundancy.(4) To resolve the problems in existing access polynomial based self-healing group key distribution schemes, such as the limited number of allowed active group members and the significant communication redundancy in session key updating broadcast packets, we proposed an enhanced access polynomial-based self-healing group key distribution scheme for resource-constrained ZigBee-based wireless networks. In our proposed scheme, the fact that new users join the group not in all sessions in real network environments is considered, and some novel structures of the personal secret, access polynomial and the key updating broadcast packet were introduced. We construct different access polynomials according to the time of users" joining and use different one-way hash chains for each session, which resolves the problem that the number of allowed active group members is limited in existing access polynomial based self-healing group key distribution schemes and increases the number of active group members. Our proposed scheme reduces the communication overhead without increasing the storage overhead.3. Information-theoretic secure secret key agreementWe mainly study the information-theoretic secure secret key agreement from public discussion.(1) A new model to obtain the initial random related information was proposed. The new model is equivalent in function to the source model and the channel model, however, the total efficiency of the key agreement under the new model is increased.(2) A new bit pair interation advantage distillation/advantage degeneration protocol was proposed. In the new protocol, the mutual information between legitimate communication paties is distilled quickly, and at the same time, the mutual information of the eavesdropper is also degenerated. Thus, the total efficiecy of the whole secret-key agreement is improved.(3) We analyze the three phases of the information-theoretically secure secret-key agreement and their mutual restrictive relationship in detail, analyze how to select parameters of each phase to maximize the total efficiency of the whole secret-key agreement, and also give the required initial random key string length to meet the key length requirements.