Sage Journals: Discover world-class research

Abstract

Suppose that n nodes with $n_{0}$ acquaintances per node are randomly deployed in a two-dimensional Euclidean space with the geographic restriction that each pair of nodes can exchange information between them directly only if the distance between them is at most r, the acquaintanceship between nodes forms a random graph, while the physical communication links constitute a random geometric graph. To get a fully connected and secure network, we introduce secrecy transfer which combines random graph and random geometric graph via the propagation of acquaintanceship to produce an acquaintanceship graph $G_{n, n_{0}}$ , a kind of random geometric graph with each edge representing an acquaintanceship between two nodes. We find that components of graph $G_{n, n_{0}}$ that undergoes a phase transition from small components to a giant component when $n_{0}$ is larger than a threshold, the threshold for $G_{n, n_{0}}$ to be a connected graph is derived. In addition, we present its implementation method and applications in wireless sensor networks.

1. Introduction

Suppose at a classroom with n students, each of whom initially has $n_{0}$ acquaintances who are randomly chosen among them. Students can only communicate with its direct neighbors. At first, students are isolated. If two adjacent students are acquainted with each other, a link forms between them. As time goes on, some small acquaintance groups emerge. Two stranger students, say Alice and Bob, belonging to different groups may be adjacent, but if there are students in the two groups, respectively, familiar with each other, Alice and Bob may use them as introducers to establish a link between them. By repeating this process, students will be increasingly interwoven by such links, creating a web of acquaintances. We denote this construction as secrecy transfer and the resulting network as the acquaintanceship graph $G_{n, n_{0}}$ . We are here interested in the question: for which critical threshold of $n_{0}$ is there likely to be a connected acquaintanceship graph?

At first glance, the acquaintanceship graph is a kind of social networks, such as the patterns of friendships between individuals. Technically, the acquaintanceship graph is a combination of random graph [1] and random geometric graph [2]. A random geometric graph $G_{n, r}$ is a graph resulting from placing n nodes randomly in a plane and connecting each pair of nodes if their distance is at most the radius r, while a random graph $G_{n, p}$ is a graph with n nodes in which each edge (out of the $(\begin{smallmatrix} n \\ 2 \end{smallmatrix})$ possible edges) is chosen independently at random with an edge probability p. The acquaintanceship graph $G_{n, n_{0}}$ has both properties of random graph and random geometric graph. Initially, n nodes are placed randomly on a plane, every node has $n_{0}$ acquaintances. In the view of acquaintanceship, it can be considered logically as a random graph $G_{n, p}$ without geographical position restriction. If graph $G_{n, n_{0}}$ is connected, everyone can make the acquaintance of arbitrary nodes in the graph. Intuitively, we think that there is a threshold value. If $n_{0}$ is larger than that value, the graph $G_{n, n_{0}}$ may be connected. If the communication between any pair of acquaintances is considered secure and trusted, through the introduction of acquaintances, any one can extend his circle of acquaintance and eventually get secure communication with arbitrary nodes in the graph $G_{n, n_{0}}$ .

Random graphs and random geometric graphs have been studied extensively, but in a separate way. Random graph and its variations have been used as models of social structure in, for example, epidemiology [3], while random geometric graph is always viewed as a wireless communication network [4, 5], such as Ad hoc, Mesh, or sensor networks. In fact, random graphs and random geometric graphs have different structural properties. Any two nodes in a random graph can be connected by a link with certain probability regardless of their geographical position. Random key graphs have been recently been used by Di Pietro et al. [6] to model the random key predistribution scheme of Eschenauer and Gligor [7]. The random key graph is a random graph obtained as follows: n nodes, each assigned a subset of keys, are distributed uniformly at random on a given field. An edge is added if two nodes are within a radius r and share at least one common key. Formally, the resulting graph, matching a random graph with identical link probability to a random geometric graph, can be considered as the initial graph of the acquaintanceship graph $G_{n, n_{0}}$ , if two nodes, sharing one common key, are referred to as acquaintances. Note that, unlike random key graphs, secrecy transfer is a growth model and can be considered as a stochastic process. We are interested in the crucial property, connectivity, of the resulting acquaintanceship graph. In [8], we use secrecy transfer to enhance the security performance of key infection [9]. In fact, secrecy transfer in [8] only focuses on key establishment between adjacent nodes who are in a connected component; otherwise, key infection is applied to establish a secret link key. Obviously, it is a tradeoff between key infection and secrecy transfer discussed in this paper. In this paper, some results are given and complemented by simulations, especially the connectivity threshold.

Organization. First, secrecy transfer is presented in Section 2. We derive the connectivity threshold of value $n_{0}$ in Section 3. Next, in Section 4, we present the analysis of secrecy transfer in heterogeneous networks. Section 5 gives an implementation method of secrecy transfer. In Section 6, some applications are given. Finally, we conclude the paper in Section 7.

2. Secrecy Transfer

Let n nodes be distributed uniformly and independently at random in a field $[0,1]^{2}$ , each of them has $n_{0}$ acquaintances. A pair of nodes are adjacent only if the distance between them is at most the radius r. Suppose nodes A and B are adjacent, that is, the distance between them $| A - B | < r$ . Initially, A and B are connected if they are acquainted with each other (initialization phase, see Figure 1(a)). If nodes A and B are connected by a path, an edge $A - B$ is added (see Figure 1(b)). As time goes on, the graph $G_{n, n_{0}}$ evolves continuously, and gradually consists of some components. If node A belongs to a component $C_{A}$ , and B has acquaint with at least one of nodes in the component $C_{A}$ , say node C in $C_{A}$ , we connect A and B by a new edge (see Figure 1(c)). For the case where A and B belong to different component $C_{A}$ and $C_{B}$ , if there exist two acquaintance nodes C and D in $C_{A}$ and $C_{B}$ , respectively, we introduce an edge between A and B; Otherwise, A and B are disconnected at present stage. If there is no new edge is added for any pair of adjacent nodes, secrecy transfer reaches the stable state and the algorithm terminates. Continuing this process, we can get a acquaintanceship graph $G_{n, n_{0}}$ .

Figure 1

Secrecy transfer.

As depicted in Figure 2, 100 nodes are randomly distributed over a $100 \times 100 m^{2}$ field, $n_{0} = 4$ , and the radius $r = 20 m$ . At first, two adjacent nodes connect with the probability $p = n_{0} / n = 0.04$ , and we get the initial acquaintanceship graph $G_{n, n_{0}}$ , as illustrated in Figure 2(a). After repeating secrecy transfer process on the graph $G_{n, n_{0}}$ , it gradually evolves into the graph shown in Figure 2(g), which approximates to the underly random geometric graph $G_{n, r}$ .

Figure 2

An example of secrecy transfer process, with $n = 100$ nodes randomly distributed over a $100 \times 100 m^{2}$ field, $n_{0} = 4$ , and $r = 20 m$ .

One of our goals is to design a security mechanism to enable any two adjacent nodes to establish a pairwise key after they are deployed in a field. More specifically, suppose that every node in the network has been preloaded before its deployment with $n_{0}$ secret keys, each of which is shared with one of its acquaintances. Let nodes A and B be two adjacent nodes, $| A - B | < r$ . If nodes A and B happen to be acquaintances, they share a key $K_{A B}$ which can be used to protect their communication link. If A and B are not acquaintances, but are connected by a path (Figure 1(b)), A can generate a new key $K_{A B}$ and send it to B along the path. As more secure edges are added to the graph $G_{n, n_{0}}$ , larger components emerge. Suppose node A belongs to a component $C_{A}$ , (as plotted in Figure 1(c)) if node B acquaints with a node $C \in C_{A}$ , which means that nodes B and C have a shared key $K_{B C}$ . In this case, node A randomly generates a key $K_{A B}$ and sends it along a path in the component $C_{A}$ to node C. Node C encrypts $K_{A B}$ with the key $K_{B C}$ , that is, ${K_{A B}}_{K_{B C}}$ and sends the result back to A. Node A, then, sends ${K_{A B}}_{K_{B C}}$ to B via the unsecure channel. Finally, node B can get key $K_{A B}$ , for it has the key $K_{B C}$ . In another case, where nodes A and B belong to different components $C_{A}$ and $C_{B}$ , but node $C \in C_{A}$ acquaints with node $D \in C_{B}$ , as shown in Figure 1(d). Node A first sends a key $K_{A B}$ to node C. Node C encrypts $K_{A B}$ with key $K_{C D}$ which is shared with node D and sends ${K_{A B}}_{K_{C D}}$ to node D via nodes A and B. For node D has $K_{C D}$ , it can decrypt the message ${K_{A B}}_{K_{C D}}$ to obtain $K_{A B}$ .

Given a randomly deployed network with n nodes, we can view it as a random geometric graph $G_{n, r}$ with each edge representing a possible communication link. Without the protection of a secret key, an adversary can eavesdrop conversations between nodes. If each node has several trusted nodes initially, the trust relationship can be considered as a random graph $G_{n, p}$ with each edge connecting a pair of nodes which have shared a secret key. However, random graph does not consider the transmission radius of nodes, but simply assumes any two nodes have the same probability p to establish a connection. When the distance between two nodes is larger than the transmission radius r, they cannot communicate directly. Roughly speaking, $G_{n, p}$ reflects the logical trust relationship between nodes, while $G_{n, r}$ depicts the physical communication structure of nodes in the network. Secrecy transfer constructs a graph $G_{n, n_{0}}$ from $G_{n, r}$ and $G_{n, p}$ (where $p = n_{0} / n$ ) and turns it to a secure random geometric graph by adding secure edges to it.

The construction of secrecy transfer above reveals that, the graph $G_{n, n_{0}}$ is robust against eavesdrop attack, for each edge is added via the existing trustiness between nodes. If cryptographic attacks are considered impractical, the adversary cannot break ${K_{A B}}_{K_{C D}}$ to get the key $K_{A B}$ , for the key $K_{C D}$ shared between C and D is loaded initially.

3. Connectivity Threshold

The component structure of the graph $G_{n, n_{0}}$ changes gradually as secrecy transfer is applied. As illustrated in Figure 2(a), after the initialization phase, the greatest component of $G_{n, n_{0}}$ is tree of small order. Gradually, a giant component emerges, swallowing the whole network, provided the underly random geometric graph $G_{n, r}$ is connected and $n_{0}$ is large enough.

Suppose two adjacent components, $C_{A}$ and $C_{B}$ , have, respectively, $m_{1}$ and $m_{2}$ vertices, nodes A in $C_{A}$ and B in $C_{B}$ are adjacent. We first estimate the probability $P_{m_{1}, m_{2}}$ that two adjacent components $C_{A}$ and $C_{B}$ may get connected to form a larger component.

Let random variable 𝕏 be the total number of nodes with whom nodes in component $C_{A}$ are familiar, $X_{i}$ be a bernoulli random variable, where $X_{i} = 1$ when the circle of acquaintances of node i includes at least one node in the component $C_{A}$ , $X_{i} = 0$ otherwise. Therefore,

\begin{matrix} X = X_{1} + X_{2} + \dots + X_{n} . \end{matrix}

(1)

If component $C_{A}$ consists of $m_{1}$ nodes, we have the probability of $X_{i} = 1$ ,

\begin{matrix} P (X_{i} = 1) = 1 - {(1 - P)}^{m_{1}}, \end{matrix}

(2)

where

P = n_{0} / n

Thus, the expectation of random variable $X_{i}$ is $𝔼 (X_{i}) = 1 - {(1 - P)}^{m_{1}}$ .

For $X_{1}, X_{2}, \dots, X_{n}$ are mutually independent, the expectation of 𝕏 is

\begin{matrix} E (X) = \sum_{i = 1}^{n} ‍ E (X_{i}) = n [1 - {(1 - P)}^{m_{1}}], \end{matrix}

(3)

which means that, for a component of order

m_{1}

, the circle of acquaintances of this component may consist of

n [1 - (1 - P)^{m_{1}}]

nodes on average. Let

a = n [1 - (1 - P)^{m_{1}}]

, the probability

P_{m_{1}, m_{2}}

that there is at least one common acquaintance between components

C_{A}

and

C_{B}

\begin{matrix} P_{m_{1}, m_{2}} = 1 - {(1 - \frac{a - m_{1}}{n - m_{1}})}^{m_{2}} . \end{matrix}

(4)

For example, one may see that, for a network $n = 10,000$ , $m_{1} = 200$ , and $m_{2} = 1$ , the probability $P_{m_{1}, m_{2}}$ tends to 1 when $P > 0.02$ . This provides intuition that, a component of order 200 is attractive and will swallow nodes nearby to form a larger component, a kind of “rich get richer” phenomenon. For two components of order $m_{1} = m_{2} = 50$ , the probability $P_{m_{1}, m_{2}}$ approximates 1 if $P > 0.002$ . In general, the larger the components are, the more likely they are to be mixed together.

In a random graph $G_{n, N}$ with n vertices and N edges, if $N ~ c n$ with $c \geq 1 / 2$ , the greatest component has (with probability tending to 1 for $n \to + \infty$ ) approximately $n^{2 / 3}$ vertices [10]. As a special case, when $n = 10,000$ , $n^{2 / 3} \approx 464$ , such large component in graph $G_{n, n_{0}}$ will swallow the whole network with high probability.

Next, we investigate the relationship between the connectivity property of graph $G_{n, n_{0}}$ and value $n_{0}$ . To determine the value $n_{0}$ which will guarantee the connectivity of graph $G_{n, n_{0}}$ , we employ a well-known algorithm to generate random graphs $G_{n, p}$ with a given degree distribution [11]. Each graph generated has n nodes and $n_{0} = n p$ links per node. The algorithm may lead to a multigraph, either by connecting a node to itself or by connecting two nodes together more than once. However, as n increases, these events become rare and their number becomes statistically insignificant.

We first generate a random graph with n nodes and $n_{0}$ links per node, then deploy the nodes into a square region to obtain a random topology. For $n = 500$ , $r = 35 m$ , and $n_{0}$ varying, we repeat our simulations 50 times to yield an acceptable confidence of results. For each simulation, we measure empirical values for the maximum component and the second component for each trial, averaged over 50 random topologies. In Figure 3, an interesting phenomenon observed is a “phase transition” as $n_{0}$ increases. There is a critical value of $n_{0}$ , above which the graph will almost surely be connected. The maximum component grows rapidly from a component of small size to a giant component when $n_{0} > 10$ . On the contrary, the size of the second component decreases as $n_{0} > 10$ .

Figure 3

Size of the maximum and second components in graph $G_{n, n_{0}}$ for $n = 500$ , $r = 35 m$ .

Within this context, we want to know, under what conditions is the graph $G_{n, n_{0}}$ be connected? How can we choose $n_{0}$ such that the graph $G_{n, n_{0}}$ constructed by secrecy transfer will be connected with high probability? The answer to this question is crucial in determining the number of acquaintances that an arbitrary node should have initially.

3.1. Lower Bound of Connectivity Threshold

To get a fully connected graph $G_{n, n_{0}}$ , two conditions must be satisfied. First, the graph $G_{n, r}$ must be connected, which means that, given the value n and a deployment region, the value r should be large enough to guarantee a connected random geometric graph $G_{n, r}$ . Assume n nodes are uniformly deployed in a unit square $[0,1]^{2}$ , the well-known connectivity threshold $r_{c} = \sqrt{(\log n \pm O (1)) / π n}$ [5]. Second, the value $n_{0}$ must be large enough to get the random graph $G_{n, p}$ fully connected. Consider an arbitrary pair of adjacent nodes A and B in graph $G_{n, n_{0}}$ which have not established secret key between them. For $G_{n, p}$ is connected, there is at least one path in graph $G_{n, p}$ , say $P_{A B} = A x_{0} x_{1} \dots x_{k} B$ between nodes A and B. Given any adjacent nodes in path $P_{A B}$ , say $x_{i}$ and $x_{i + 1}$ , there must exist a path $P' = x_{i} y_{1} y_{2} \dots y_{t} x_{i + 1}$ from $x_{i}$ to $x_{i + 1}$ in graph $G_{n, r}$ , for graph $G_{n, r}$ is connected.

For a random graph $G_{n, p}$ , when p is zero, the graph does not have any edge, whereas when p is one, the graph is fully connected. Bolbbás showed that, for monotone properties, there exists a value of p such that the property moves from “nonexistent” to “certainly true” in a very large random graph [1]. The function defining p is called the threshold function of a property. Given a desired probability $P_{c}$ for graph connectivity, the threshold function p of $G_{n, p}$ is defined by

\begin{matrix} P_{c} = \lim_{n \to \infty} P_{r} [G_{n, p} is connected] = e^{e^{- c}}, \end{matrix}

(5)

where

p = \ln (n) / n + c / n

and c is any real constant.

Therefore, given n we can find p for which the resulting graph $G_{n, p}$ is connected with desired probability $P_{c}$ . Thus, the lower bound of connectivity threshold of $n_{0}$ is

\begin{matrix} n_{0} = p \times (n - 1) = \frac{n - 1}{n} [\ln (n) - \ln (- \ln (P_{c}))] . \end{matrix}

(6)

3.2. Analysis Results of Connectivity Threshold

Notice that when $n_{0}$ is below the lower bound of connectivity threshold mentioned above, the graph $G_{n, p}$ is not connected with high probability, and hence the graph $G_{n, n_{0}}$ also is not connected with high probability. However, a greater $n_{0}$ above the lower bound cannot guarantee a connected graph $G_{n, n_{0}}$ when $n'$ is small, where $n'$ is the average number of neighbors of a node. For a tighter bound of $n_{0}$ , correlated with n, $n'$ , is not known yet, we only present some analysis results of $n_{0}$ below.

After the initialization phase of secrecy transfer, we get a random graph. Erdös and Rényi showed that for random graphs, a giant component exists if the average degree of node $〈 k 〉 > 1$ [10]. If $〈 k 〉 < 1$ only small components exist, and the size of the largest component is proportional to $\ln n$ (n is the number of nodes in the graph). Exactly at the threshold, $〈 k 〉 = 1$ , a component whose size is proportional to $n^{2 / 3}$ emerges. In the sequel, when $n = 10,000$ , $n' = 10$ , and $n_{0} = 200$ , after the initialization phase of secrecy transfer, the average degree of nodes in the graph $G_{n, n_{0}}$ , $〈 k 〉 = n^{'} (n_{0} / n) = 10 \times (200 / 10000) = 0.2$ . In this occasion, the initial graph $G_{n, n_{0}}$ only consists of small components, such as trees of small size. As the simulation results of initialization phase shown in Figure 2(a), the graph $G_{n, n_{0}}$ only contains small isolated trees. Our goal is to determine how many such components exist, and the probability that they will be connected to form a giant component.

Let the graph $G_{n, n_{0}}$ in the initialization phase contains components $C_{1}, C_{2}, \dots, C_{i}$ , such that the size of component $C_{i}$ is $| C_{i} | = λ_{i}$ , and $λ_{1} \geq λ_{2} \geq \dots \geq λ_{i} \geq 2$ . For two components $C_{i}$ and $C_{j}$ of order $λ_{i}$ and $λ_{j}$ , if they are adjacent, the probability that they will be connected through secrecy transfer is

\begin{matrix} P_{λ_{1}, λ_{2}} = 1 - {(1 - \frac{a - λ_{1}}{n - λ_{1}})}^{λ_{2}}, \end{matrix}

(7)

where

a = n [1 - {(1 - P)}^{λ_{1}}]

P = n_{0} / n

When secrecy transfer is applied, the graph $G_{n, n_{0}}$ will evolve continuously. A larger component is more attractive and will swallow nodes nearby to form a larger component with high probability. Popularity is attractive. If a component can absorb nodes nearby by secrecy transfer, it is termed as expandable. Next we estimate the asymptotic probability $P_{expandable}$ that at least one component in $C_{1}, C_{2}, \dots, C_{i}$ is expandable. At first we estimate the number of neighbors $n_{λ}^{'}$ of a component of size λ.

Suppose n nodes distributed uniformly and independently at random in a unit area S, that is, $S = 1$ . Let a component C of size $| C | = λ$ lie inside a circle of radius R, $n_{λ}^{'}$ neighbors of the component C lie outside the circle and be at distance at most r from nodes in the component. Let $S'$ be a subarea in the deployment area S, $S' ≪ S$ . The probability that a node is placed within area $S'$ is $P = S' / S = S'$ . Then, the probability $P (x)$ that of t nodes are placed in the area $S'$ is

\begin{matrix} P (x = t) = (\begin{pmatrix} n \\ t \end{pmatrix}) P^{t} {(1 - P)}^{n - t} . \end{matrix}

(8)

When $n ≫ 1$ and $S' ≪ S$ , we can approximate it with a Poisson distribution,

\begin{matrix} P (x = t) \approx \frac{e^{- n P} \cdot {(n p)}^{t}}{t!} = \frac{e^{- n S'} {(n S^{'})}^{t}}{t!}, \end{matrix}

(9)

and the average number of nodes within area

S'

\begin{matrix} t = n S' . \end{matrix}

(10)

In the initial graph $G_{n, n_{0}}$ , any component of size λ is small ( $λ ≪ n$ ), and the area $S'$ it occupied is also small, that is, $S' ≪ S = 1$ . Therefore, we have approximately

\begin{matrix} λ = n π R^{2}, n' = n π r^{2} . \end{matrix}

(11)

Thus,

\begin{matrix} n_{λ}^{'} = n [{(R + r)}^{2} π - r^{2} π] = n' + 2 \sqrt{λ n'} . \end{matrix}

(12)

Therefore, the probability $P_{λ}$ that a component of size λ is expandable is

\begin{matrix} P_{λ} = 1 - {(1 - P_{λ, 1})}^{n_{λ}^{'}}, \end{matrix}

(13)

where

P_{λ, 1} = (a - λ) / (n - λ)

a = n [1 - (1 - P)^{λ}]

P = n_{0} / n

For a set of components $C_{1}, C_{2}, \dots, C_{i}$ , $| C_{i} | = λ_{i}$ , the probability $P_{expandable}$ can be calculated as

\begin{array}{l} P_{expandable} \\ = 1 - (1 - P_{λ_{1}}) (1 - P_{λ_{2}}) \dots (1 - P_{λ_{i}}) \\ = 1 - {(1 - P_{λ_{1}, 1})}^{n_{λ_{1}}^{'}} {(1 - P_{λ_{2}, 1})}^{n_{λ_{2}}^{'}} \dots {(1 - P_{λ_{i}, 1})}^{n_{λ_{i}}^{'}} \\ \approx 1 - \exp {- (n_{λ_{1}}^{'} P_{λ_{1}, 1} + n_{λ_{2}}^{'} P_{λ_{2}, 1} + \dots + {n^{'}}_{λ_{i}} P_{λ_{i}, 1})} . \end{array}

(14)

Note that for two sets of components $ℂ = {C_{1}, C_{2}, \dots, C_{i}}$ ( $| C_{i} | = λ_{i}$ ) and $ℂ' = {{C'}_{1}, {C'}_{2}, \dots, {C'}_{i}}$ ( $| {C'}_{i} | = λ_{i}^{'}$ ), if $λ_{1} \geq λ_{1}^{'}$ , $λ_{2} \geq λ_{2}^{'}$ , $\dots λ_{i} \geq λ_{i}^{'}$ , then

\begin{matrix} n_{λ_{1}}^{'} \geq n_{λ_{1}^{'}}^{'}, \dots, n_{λ_{i}}^{'} \geq n_{λ_{i}^{'}}^{'}, \\ P_{λ_{1}, 1} \geq P_{λ_{1}^{'}, 1}, \dots, P_{λ_{i}, 1} \geq P_{λ_{i}^{'}, 1} . \end{matrix}

(15)

Therefore, the probability $P_{expandable}$ that at least one component in set ℂ is expandable is greater than that in set $ℂ'$ .

Given parameters n, $n'$ , and $n_{0}$ , after the initialization phase of secrecy transfer, the graph $G_{n, n_{0}}$ may contain some components $C_{1}, C_{2}, \dots, C_{i}$ . The expandable probability of this component set $P_{expandable} \to 1$ , implies that at least one component in $C_{1}, C_{2}, \dots, C_{i}$ is expandable and will grow larger with high probability. Let a component $C_{1}$ be expandable and become a larger component $C_{1}^{'}$ by swallowing nodes nearby. For $| C_{1}^{'} | > | C_{1} |$ , the expandable probability $P_{expandable}^{'}$ of components $C_{1}^{'}, C_{2}, \dots, C_{i}$ is greater than the expandable probability $P_{expandable}$ of components $C_{1}, C_{2}, \dots, C_{i}$ , that is,

\begin{matrix} P_{expandable}^{'} > P_{expandable} ⟶ 1 . \end{matrix}

(16)

Thus, if the expandable probability $P_{expandable}$ of the initial graph approximates 1, it will become even greater almost surely, and the graph $G_{n, n_{0}}$ will eventually evolve into a connected graph with high probability if both $G_{n, p}$ and $G_{n, r}$ are connected graphs. However, small expandable probability of the initial graph $G_{n, n_{0}}$ cannot guarantee a connected graph with high probability and secrecy transfer will terminate with isolated components.

However, exact results of the critical threshold $n_{0}$ are not known yet, we only present some analysis results below.

In an Erdös-Rényi random graph $G_{n, N}$ with n nodes and N links [10], if $N ~ l \cdot n^{(k - 2) / (k - 1)}$ where $l > 0$ , then the number of trees of order k contained in $G_{n, N}$ has in the limit for $n \to + \infty$ a Poisson distribution with mean value

\begin{matrix} \bar{λ} = \frac{{(2 l)}^{k - 1} k^{k - 2}}{k!} . \end{matrix}

(17)

Among these trees, the probability $P_{expandable}$ that at least one tree of order k is expandable is

\begin{matrix} P_{expandable} = 1 - {(1 - P_{k})}^{\bar{λ}}, \end{matrix}

(18)

where

P_{k}

is the probability that a tree of order k is expandable,

P_{k} = 1 - {(1 - P_{k, 1})}^{n_{k}^{'}}

n_{k}^{'} = n' + 2 \sqrt{k n'}

P_{k, 1} = (a - k) / (n - k)

a = n [1 - {(1 - n_{0} / n)}^{k}]

, and

\bar{λ} = (2 l)^{k - 1} k^{k - 2} / k!

For the graph $G_{n, n_{0}}$ after the initialization phase of secrecy transfer, the number of links in $G_{n, n_{0}}$ is

\begin{matrix} N = \frac{1}{2} n \cdot n' P = \frac{1}{2} n \cdot n' \frac{n_{0}}{n} = \frac{1}{2} n' n_{0} ~ l \cdot n^{(k - 2) / (k - 1)}, \end{matrix}

(19)

which yields the result

\begin{matrix} k ~ 1 + \frac{\ln n}{\ln (2 l n / n^{'} n_{0})} . \end{matrix}

(20)

Using the above considerations, we can estimate the expandable probability $P_{expandable}$ of the components (trees) of order k.

We see that, for $n = 10,000$ , $n' = 10$ , and $n_{0} = 100$ , the probability $P_{expandable} \approx 0.6991$ ; for $n_{0} = 200$ , the probability $P_{expandable} \approx 1$ . This indicates that, in this occasion, for $n_{0} \geq 200$ , the graph $G_{n, n_{0}}$ will eventually evolve into a connected graph by secrecy transfer with high probability. However, for $n_{0} < 100$ , the graph $G_{n, n_{0}}$ may be fragmented and contains no giant component of order n. Furthermore, the critical threshold of $n_{0}$ is rather sensitive to $n'$ . For $n = 100,000$ , $n' = 30$ , and $n_{0} = 200$ , the probability $P_{expandable} \approx 0.9337$ . If we reduce $n'$ to $5$ , then $P_{expandable} \approx 0.5391$ . This is because the decline in $n'$ will result in the decline in the number of neighbors of a component, so does the expandable probability.

On the other hand, the probability $P_{0}$ that secrecy transfer cannot take place after the initialization phase is

\begin{matrix} P_{0} = {[{(1 - \frac{n_{0}}{n})}^{n^{'}}]}^{n} = {(1 - \frac{n_{0}}{n})}^{n \cdot n'} \approx e^{- n_{0} \cdot n'}, \end{matrix}

(21)

which is only dependent on

n_{0}

and

n'

. Less

n_{0}

n'

, higher the probability

P_{0}

4. Heterogeneous Network

Consider graph $G_{n, r}$ of n nodes with $n_{0}$ acquaintances per node randomly selected among the nodes in the graph, we are also interested in the number of rounds needed for secrecy transfer to reach a stable state. It is shown in Section 3 that a necessary condition for graph $G_{n, n_{0}}$ to be connected is that graphs $G_{n, p}$ and $G_{n, r}$ must be fully connected. However, the speed of the convergence of secrecy transfer depends on the values of $n_{0}$ , r for given n. To gain insight, we first consider the value r and perform a simulation-based study of it. Employing a uniform random generator, we position $n = 500$ nodes in a square planar region of $500 \times 500 m^{2}$ , following our deployment from Section 3. For each random topology, we estimate the speed of the convergence of secrecy transfer as the number of rounds that it needs to perform to reach its stable state. At each round, each pair of adjacent nodes in the graph $G_{n, n_{0}}$ employ secrecy transfer to try to get connected. If there is no new edge is added in this round, secrecy transfer reaches its stable state and terminates. We observe from Figure 4 that, as the value r increases, the stable state is reached with a faster speed, and for value $n_{0}$ , the number of rounds reaches its peak when $n_{0}$ approximates to its connectivity threshold.

Figure 4

Value $n_{0}$ versus. number of rounds of secrecy transfer for various values of the radius r.

Conventionally, a wireless network consists of some nodes as supernodes with greater communication radius than normal nodes. The use of these supernodes lead to important characteristics of complex networks [12]: a small average shortest path length between all nodes, and a high-cluster coefficient, which help us saving network resources, avoiding excessive communication, and reducing the time to data delivery. Figure 5 depicts plots of secrecy transfer with $n = 500$ nodes deployed over a $500 \times 500 m^{2}$ field, $n_{0} = 20$ , and $r = 35 m$ , among them there are 25 supernodes (squares in the figures) with a larger communication radius $R = 150 m$ and only bidirectional links are considered.

Figure 5

Secrecy transfer process in a heterogeneous network, $n = 500$ , $s = 25$ , $r = 35 m$ , and $R = 150 m$ .

From the simulation results illustrated in Figure 6, we conclude that, compared to the homogeneous network case, for a heterogeneous network with supernodes, as the radius R of supernodes grows, the value of $n_{0}$ required to maintain connectivity of graph $G_{n, n_{0}}$ decreases, the speed of the convergence of secrecy transfer accelerates. Hierarchically, supernodes can form a higher layer, while normal nodes constitute a lower layer of the network. An implication of a heterogeneous network is that it has better performance with regard to improving energy, power and topology control, scalability, and fault-tolerance and routing efficiency.

Figure 6

The maximum component and rounds of secrecy transfer in heterogeneous networks.

One of the most important properties of a network is the degree distribution, or the fraction $P (k)$ of nodes having k connections (degree k). Although the degree distribution alone is not enough to characterize the network, it has great influence on the network's structure and behavior. A well-known result for Erdös-Rényi random graph is that the degree distribution is Poissonian, $P (k) = e^{- λ} λ^{k} / k!$ , where $λ = 〈 k 〉$ is the average degree. For many real networks, such as the Internet, WWW, citations of scientific articles, airline networks, and many more, they often exhibit a scale-free degree distribution, $P (k) = C k^{- γ}$ , $k = m, \dots, K$ , where $C \approx (γ - 1) m^{γ - 1}$ is a normalization faction, and m and K are the lower and upper cutoffs for the degree of a node, respectively. A scale-free network with $2 < γ < 3$ and N nodes have diameter $d ~ \ln \ln N$ and can be considered as “ultra small-world” network. In fact, the diameter of network is relevant in many fields regarding communication and computer networks, such as routing, searching, and transport of information. All these processes become more efficient when the diameter is smaller.

Intuitively, compared to homogeneous networks, a heterogeneous network with supernodes has a degree distribution different from Poisson distribution. Next, we discuss the degree distribution of heterogeneous networks. Let n nodes and s supernodes be distributed uniformly and independently at random in a square of area 1, $[0,1]^{2}$ , the communication radii of nodes and supernodes are r and R ( $r < R$ ), respectively, and only bidirectional links are taken into considerations.

For a heterogeneous network, there are two degree distributions, one for each type of nodes. For normal nodes with radii r, the degree distribution $P_{n} (k)$ is Poissonian,

\begin{matrix} P_{n} (k) = \frac{e^{- λ_{n}} {λ_{n}}^{k}}{k!}, where λ_{n} = 〈 k 〉 = π (n + s) r^{2}, \end{matrix}

(22)

whereas the degree distribution of supernodes is

\begin{matrix} P_{s} (k) = \frac{e^{- λ_{s}} {λ_{s}}^{k}}{k!}, where λ_{s} = 〈 k 〉 = π (n r^{2} + s R^{2}) . \end{matrix}

(23)

Therefore, the degree distribution $P_{2 - h} (k)$ of the heterogeneous network is

\begin{matrix} P_{2 - h} (k) = \frac{n}{n + s} P_{n} (k) + \frac{s}{n + s} P_{s} (k) . \end{matrix}

(24)

From the degree distribution $P_{2 - h} (k)$ derived above, we depict and compare it with two different networks. In Figure 7(a) we show the degree distribution of a heterogeneous network with $n = 9,000$ , $s = 1,000$ , $r = 0.01$ , and $R = 0.1$ . In Figure 7(b), we compare $P_{2 - h} (k)$ with power law $P (k) = k^{- 2}$ and Poisson distribution $P (k) = λ^{k} e^{- λ} / k!$ , where $λ = (n + s) π r^{2}$ . As the figures shown, the degree distribution of a heterogeneous network with two peaks is different from a Poisson distribution and right-skewed to a power law. The results imply that the behavior of a heterogeneous network has some characteristics of scale-free network, such as small diameter.

Figure 7

Degree distributions for different networks. The horizontal axis is node degree k (or $\log k$ ), and the vertical axis is the probability distribution $P (k)$ (or $\log P (k)$ ) of degrees, that is, the fraction of nodes that have degree greater than or equal to k. The network shown in (a) is a heterogeneous network with two types of nodes, three networks (of power law, heterogeneous, and Poisson distribution) are depicted in (b) with a logarithmic degree scale.

Now consider the placement of nodes with more types. Suppose that the network contains t types of nodes, denoted as $T_{1}, T_{2}, \dots, T_{t}$ . For nodes of type $T_{i}$ , the number of nodes $| T_{i} |$ in it and node's communication radius $r_{i}$ satisfy the conditions,

\begin{matrix} r_{1} < r_{2} < \dots < r_{t}, \\ | T_{1} | > | T_{2} | > \dots > | T_{t} | . \end{matrix}

(25)

For simplicity, let n denote the total number of nodes in the network, and

\begin{matrix} | T_{1} | = \frac{n}{2}, | T_{2} | = \frac{n}{2^{2}}, \dots, | T_{t} | = \frac{n}{2^{t}} . \end{matrix}

(26)

It is clear that when $n \to + \infty$ and $t \to + \infty$ ,

\begin{matrix} | T_{1} | + | T_{2} | + \dots + | T_{t} | = n \cdot \sum_{i = 1}^{t} \frac{1}{2^{i}} ⟶ n . \end{matrix}

(27)

Recall that the degree of each type of nodes has a Poisson distribution with different mean value. To derive the degree distribution $P_{t - h} (k)$ of the network, we first determine the degree distribution $P_{i} (k)$ of nodes of type $T_{i}$ ,

\begin{matrix} P_{i} (k) = \frac{e^{- λ_{i}} λ_{i}^{k}}{k!}, (i = 1, \dots, t), \end{matrix}

(28)

where,

\begin{array}{l} λ_{1} = π r_{1}^{2} n, \\ λ_{2} = π \frac{r_{1}^{2} + r_{2}^{2}}{2} n, \\ λ_{3} = π \frac{2 r_{1}^{2} + r_{2}^{2} + r_{3}^{2}}{4} n, \\ λ_{4} = π \frac{4 r_{1}^{2} + 2 r_{2}^{2} + r_{3}^{2} + r_{4}^{2}}{8} n, \\ λ_{5} = π \frac{8 r_{1}^{2} + 4 r_{2}^{2} + 2 r_{3}^{2} + r_{4}^{2} + r_{5}^{2}}{16} n, \\ \dots \dots . \end{array}

(29)

Therefore, the degree distribution of the heterogeneous network with t types of nodes is

\begin{array}{l} P_{t - h} (k) = \frac{1}{2} P_{1} (k) + \frac{1}{4} P_{2} (k) + \dots + \frac{1}{2^{t}} P_{t} (k) \\ = \frac{1}{k!} (\frac{1}{2} e^{- λ_{1}} λ_{1}^{k} + \frac{1}{4} e^{- λ_{2}} λ_{2}^{k} + \dots + \frac{1}{2^{t}} e^{- λ_{t}} λ_{t}^{k}) . \end{array}

(30)

For $P_{t - h} (k)$ is complicated, we present some numerical results on it. Figure 8 shows the degree distribution $P_{t - h} (k)$ for $r_{1} = 0.01$ , $r_{2} = 0.03$ , $r_{3} = 0.05$ , $r_{4} = 0.07$ , $r_{5} = 0.09$ , $r_{6} = 0.11$ , $r_{7} = 0.13$ , and $r_{8} = 0.2$ . As expected, the degree distribution of the heterogeneous network approaches power law $P (k) \propto k^{- 2}$ . This implies that heterogeneous network maintains some statistical properties of a scale-free network. Therefore, it is plausible that the convergence speed of secrecy transfer in a heterogeneous network is faster than that in a homogeneous network.

Figure 8

Degree distributions.

5. Implementation of Secrecy Transfer

In this section, we elaborate the implementation method of secrecy transfer. The method contains three phases: the initialization phase, the secrecy transfer phase, and the update phase. To implement secrecy transfer efficiently, we use Bloom Filter [13] for membership queries.

Bloom Filter

A Bloom Filter is a popular data structure used for membership queries. It represents a set $S = [s_{1}, \dots, s_{n}]$ using k independent hash functions $h_{1}, \dots, h_{k}$ and a string of m bits, each of which is initially set to 0. For each $s \in S$ , we hash it with all the k hash functions and obtain their values $h_{i} (s)$ ( $1 \leq i \leq k$ ). The bits corresponding to these values are then set to 1 in the string. To determine whether an item $s'$ is in S, bits $h_{i} (s')$ are checked. If all these bits are 1s, $s'$ is considered to be in S.

Since multiple hash values may map to the same bit, Bloom Filter may yield false positives. That is, an element is not in S but its bits $h_{i} (s)$ are collectively marked by elements in S. If the hash is uniformly random over m values, the probability that a bit is 0 after all the n elements are hashed and their bits marked is $(1 - 1 / m)^{k n} \approx e^{- k n / m}$ . Therefore, the probability for a false positive is $(1 - (1 - 1 / m)^{k n})^{k} \approx (1 - e^{- k n / m})^{k}$ . The right hand side is minimized when $k = (m / n) \ln 2$ in which case it becomes $(1 / 2)^{k} = (0.6185)^{m / n}$ .

5.1. Initialization Phase

We first generate a random graph with n nodes and $n_{0}$ links per node. For each link a secret key is assigned to it. Each node stores the ID of its neighbors and the corresponding secret key between them. For instance, if node i has $n_{0}$ neighbors $i_{1}, \dots, i_{n_{0}}$ , it constructs an acquaintanceship set

\begin{matrix} A_{i} = {(i_{1}, K_{i, i_{1}}), \dots, (i_{n_{0}}, K_{i, i_{n_{0}}})}, \end{matrix}

(31)

where

K_{i, i_{1}}

is the assigned secret key between node i and its neighbor

i_{1}

After that nodes are deployed randomly over a field.

5.2. Secrecy Transfer Phase

Suppose two adjacent components, $C_{A}$ and $C_{B}$ , have, respectively, $m_{1}$ and $m_{2}$ nodes, nodes $A \in C_{A}$ and $B \in C_{B}$ are adjacent. For component $C_{A}$ , a component head (at first after initialization phase, each node is a component head of its own since all nodes are isolated. After several rounds of secrecy transfer process, some large components emerge. To reduce the communication cost, a node is selected to be a component head according to its centrality in the component. To simply the procedure, the node with the highest degree is chosen to be the component head) is selected. He stores all the ID of nodes belonging to the component $C_{A}$ in a component member set

\begin{matrix} C M_{C_{A}} = {a_{1}, \dots, a_{m_{1}}}, \end{matrix}

(32)

where

a_{i} \in C_{A}

Each node stores a Bloom Filter ${BF}_{C_{A}}$ which contains all the nodes in the acquaintance circle of $C_{A}$ . That is, the nodes in $C_{A}$ and the acquaintances of node i for all $i \in C_{A}$ . If an adjacent node k is added to $C_{A}$ , the Bloom Filter ${BF}_{k}$ of node k is inserted into ${BF}_{C_{A}}$ , that is, a new Bloom Filter ${BF}_{C_{A}^{'}}$ for the new component $C_{A}^{'} = C_{A} + k$ is created, that is, ${BF}_{C_{A}^{'}} = {BF}_{C_{A}} + {BF}_{k}$ .

If two components $C_{A}$ and $C_{B}$ get connected and melt into a larger component $C_{A B}$ , a new Bloom Filter of component $C_{A B}$ , ${BF}_{C_{A B}} = {BF}_{C_{A}} + {BF}_{C_{B}}$ , is created and stored in nodes of $C_{A B}$ . To further improve the performance, not all nodes in $C_{A}$ or $C_{B}$ need to update its ${BF}_{C_{A}}$ or ${BF}_{C_{B}}$ to ${BF}_{C_{A B}}$ , only nodes whose neighbors are not all connected to them need to store the updated Bloom Filter ${BF}_{C_{A B}}$ of the new component $C_{A B}$ . As depicted in Figure 9, $C_{A}$ and $C_{B}$ melt into a larger component $C_{A B}$ , an isolated node E is adjacent to nodes A, B, F, and G. After $C_{A}$ and $C_{B}$ get connected, only nodes A, B, F, and G in $C_{A B}$ have unconnected neighbor. Therefore, they need to store the new ${BF}_{C_{A B}}$ and will broadcast it later.

Figure 9

Secrecy transfer phase.

Next, we give an overview of the operations of secrecy transfer. In general, the operation of secrecy transfer is initiated by a new created component. Let $C_{A}$ be a new component that has “swallowed” node H, nodes A and F have already updated their ${BF}_{C_{A}}$ (to insert the ID of node H into it), and let $C_{B}$ be an adjacent component of $C_{A}$ . After that, nodes A and F broadcast ${BF}_{C_{A}}$ to their adjacent nodes B and E. On receiving the ${BF}_{C_{A}}$ from component $C_{A}$ , node B sends a query message containing ${BF}_{C_{A}}$ to the component head of $C_{B}$ , say node I, where the component member set of $C_{B}$ , $C M_{C_{B}} = {b_{1}, \dots, b_{m_{2}}}$ , is stored. The component head I then determines whether the nodes in set $C M_{C_{B}}$ are in the Bloom Filter ${BF}_{C_{A}}$ . If a node, say $D \in C M_{C_{B}}$ , is found in the Bloom Filter ${BF}_{C_{A}}$ , node I answers node B by sending D to it. Node B then tells A that there is a node $D \in C_{B}$ belonging to the acquaintance circle of component $C_{A}$ . After that, nodes A broadcasts a query message with the ID of node D in component $C_{A}$ . Each node in $C_{A}$ verifies whether node D belongs to its acquaintanceship set. As illustrated in Figure 9, if the acquaintanceship set of node $C \in C_{A}$ contains node D, that is, $A_{C} = {\dots, (D, K_{C D}), \dots}$ , the node C transmits a response message (C, D) to node A. After obtaining the acquaintance node pair (C, D) from C, node A knows that nodes $C \in C_{A}$ and $D \in C_{B}$ are acquaint with each other (they have a shared key $K_{C D}$ ). Now nodes A and B can establish a secret key $K_{A B}$ as mentioned in Section 2.

5.3. Updated Phase

After the secret key $K_{A B}$ between nodes A and B is established, two components become a larger component $C_{A B}$ , we then should update the acquaintance circle of $C_{A B}$ for nodes who have unconnected neighbors. A new component head is also need to be selected according to the degree distribution of nodes in $C_{A B}$ . As to the network in Figure 9, if node I is the new component head of $C_{A B}$ , the component member set is updated to be

\begin{matrix} C M_{A_{B}} = C M_{C_{A}} + C M_{C_{B}} = {a_{1}, \dots, a_{m_{1}}, b_{1}, \dots, b_{m_{2}}} . \end{matrix}

(33)

Finally, if nodes have updated their Bloom Filter

{BF}_{C_{A B}}

, they broadcast the new

{BF}_{C_{A B}}

to their neighbors to find chances for new links. Recursively, this procedure is applied until there is no node has updated its Bloom Filter.

5.4. Security Analysis

As discussed in Section 2, secrecy transfer is robust against eavesdrop attack, for each edge is added via the existing trustiness between nodes. In this subsection, we study the resilience of secrecy transfer against the node compromise attack. Let $n_{c}$ denote the number of nodes that have been captured. Suppose the compromised nodes are independently and random distributed among the entire deployment region.

Theoretically, as depicted in Figure 9, if any node in the paths $A - F - C$ and $D - I - B$ is compromised, the key $K_{A B}$ between nodes A and B is not secure. Suppose that the length of two paths are $l_{1}$ and $l_{2}$ , respectively. It is easy to estimate the probability that a new established key $K_{A B}$ is compromised as the following:

\begin{matrix} P {K_{A B} is compromised} = 1 - \frac{(\begin{smallmatrix} l_{1} + l_{2} \\ n - n_{c} \end{smallmatrix})}{(\begin{smallmatrix} l_{1} + l_{2} \\ n \end{smallmatrix})}, \end{matrix}

(34)

where n is the number of node in the network.

Unfortunately, even if all nodes in two paths are not compromised, the key $K_{A B}$ may be unsecure. For instance, let a path from A to C be $A - H_{1} - H_{2} - H_{3} - H_{4} - C$ , and all nodes in the path have not been compromised. Node A sends $K_{A B}$ to $H_{1}$ by sending ${K_{A B}}_{K_{A H_{1}}}$ , $H_{1}$ then transmits ${K_{A B}}_{K_{H_{1} H_{2}}}$ to node $H_{2}$ until $K_{A B}$ reaches the last node C. If $K_{A H_{1}}, K_{H_{1} H_{2}}, \dots, K_{H_{4} C}$ are not compromised, $K_{A B}$ is still secure after it is transmitted across the path. However, if a key, such as $K_{H_{1} H_{2}}$ , is compromised, an adversary may eavesdrop on the communication flows between nodes $H_{1}$ and $H_{2}$ to obtain ${K_{A B}}_{K_{H_{1} H_{2}}}$ , thus $K_{A B}$ is leaked.

In general, if there are compromised nodes in the network, any key established by secrecy transfer between two neighbors $H_{1}$ and $H_{2}$ may be unsecure unless nodes $H_{1}$ and $H_{2}$ are acquaint with each other initially. For any pair of acquaintance nodes, the secret key between them is preloaded before the network is deployed and is considered unbreakable (unless the node is compromised). As to any key established by secrecy transfer, compromised nodes may degrade its security since lots of nodes are involved in the process of the negotiation of a new link key.

In order to set up a more secure channel between nodes A and C, it is reasonable to use the acquaintanceship set of nodes. Suppose in a path $A - H_{1} - H_{2} - H_{3} - H_{4} - C$ , (A, $H_{3}$ ), ( $H_{1}$ , $H_{3}$ ), and ( $H_{1}$ , C) are three pair of acquaintances. To send a secret key $K_{A B}$ to C, node A can send ${K_{A B}}_{K_{A H_{3}}}$ to $H_{3}$ , $H_{3}$ then sends ${K_{A B}}_{K_{H_{1} H_{3}}}$ to $H_{1}$ . At last, node C can get ${K_{A B}}_{K_{H_{1} C}}$ from $H_{1}$ . The advantage of this method is that all communications are encrypted with predistributed keys. If nodes A, C, $H_{1}$ , and $H_{3}$ are not compromised, the key $K_{A B}$ is secure after the transmission. However, such a secure logical path in a set of nodes may not exist. For a path of l nodes, their initial acquaintanceship can be viewed as a random graph ${\hat{G}}_{n, p}$ , where $n = l$ and $p = n_{0} / n$ . If ${\hat{G}}_{n, p}$ is connected, a logical path exists.

If an adversary is not present at the network before secrecy transfer has completed, or it takes more time than a secure interval to compromise nodes, the communication links established by secrecy transfer are secure; otherwise, undetected malicious nodes may degrade the security of secrecy transfer and jeopardize the network. In [14], authors investigated the potentially disastrous threat of node compromise spreading (via communication and preestablished mutual trust) in wireless sensor networks and proposed an epidemiological model to investigate the probability of a breakout. This model can be adapted to analyze the spread of malicious behavior of compromised nodes in the process of secrecy transfer. But how to design efficient countermeasures is still unknown.

5.5. Storage Overhead

A node, say i, needs to store (1)

an acquaintanceship set

\begin{matrix} A_{i} = {(i_{1}, K_{i, i_{1}}), (i_{2}, K_{i, i_{2}}), \dots, (i_{n_{0}}, K_{i, i_{n_{0}}})}, \end{matrix}

(35)

where

i_{1}, i_{2}, \dots, i_{n_{0}}

are the acquaintances of node i,

K_{i, i_{1}}, K_{i, i_{2}}, \dots, K_{i, i_{n_{0}}}

are the corresponding secret keys with each acquaintance, respectively.

(2)

$n'$ secret keys established with its neighbors,

(3)

a Bloom Filter $B F_{C_{A}}$ ( $i \in C_{A}$ ).

For a component head j ( $j \in C_{A}$ ), in addition to the secret values a normal node stores, it also stores a component member set

\begin{matrix} C M_{C_{A}} = {a_{1}, \dots, a_{m}}, \end{matrix}

(36)

where

a_{1}, \dots, a_{m}

are the members of component

C_{A}

, m is the cardinality of the component.

6. Applications of Secrecy Transfer

The need for untethered distributed communications and computing continues to drive advances in mobile communications and wireless networking. To serve this purpose, wireless sensor networks have been envisioned to consist of groups of lightweight sensor nodes that may be randomly and densely deployed to observe data within a physical region of interest [15].

In many applications, such as target tracking, battlefield surveillance, and intruder detection, sensor networks are often deployed in hostile environments. To protect the sensitive data, secret keys should be established to achieve data confidentially, integrity, and authentication between communicating parties [16–19]. The first practical key predistribution scheme for sensor network is random key predistribution scheme introduced by Eschenauer and Gligor [7]. Its operation can be briefly described as follows. A random pool S of keys is selected from the key space. Each sensor node receives a random subset of m keys (key ring) from the key pool before deployment. Any two nodes able to find one common key within their respective subsets can use that key as their shared secret to initiate communication. Moreover, the network can be viewed as a random graph $G_{n, p}$ , each edge added if two adjacent nodes can find one common key within their key rings. A major advantage of this scheme is the exclusion of base stations in key management, but a fixed number of compromised sensors causes a fraction of the remaining network to become insecure. Successive sensor captures enable the adversary to reveal network key pool and use them to attack other sensors. In addition, the storage overhead is still high for lightweight sensor nodes. As mentioned previously, secrecy transfer can turn a random graph to a secure random geometric graph. If secrecy transfer is applied with the random key predistribution scheme, the storage overhead of nodes is lower and it can achieve better resilience against node capture attack.

In [20], an asymmetric key predistribution scheme AKPS for sensor networks was proposed. Each nodes only store two secret values initially, a large amount of storage is shifted to keying material servers (KMS). Since AKPS needs to provide public keying material for any pair of nodes, a KMS should store $(\begin{smallmatrix} n \\ 2 \end{smallmatrix})$ public keying material for a network of n nodes. Roughly speaking, AKPS is not viable for arbitrary large network. We find that, if secrecy transfer is used, a KMS does not need to be preloaded with $(\begin{smallmatrix} n \\ 2 \end{smallmatrix})$ public keying material. Specially, suppose $n^{*}$ out of $(\begin{smallmatrix} n \\ 2 \end{smallmatrix})$ public keying material are randomly picked, the initial probability that two arbitrary sensors can establish a secret key is $p = n^{*} / (\begin{smallmatrix} n \\ 2 \end{smallmatrix}) = 2 n^{*} / n (n - 1)$ , which means that, any nodes has $n_{0} = n \times p = 2 n^{*} / (n - 1)$ “acquaintances” on average. As before, if $n_{0}$ is larger than the connectivity threshold, we can repeat the construction process of secrecy transfer to get a connected graph $G_{n, n_{0}}$ which will guarantee that any pair of adjacent nodes can establish secret keys.

7. Conclusion

This work presented a secrecy transfer algorithm which is directly based on the idea that networks form primarily by people introducing pairs of their acquaintances to one another. The resulting network, showing both properties of random graph and random geometric graph, cannot only model the introduction process in social networks, but also be used to protect the network.

Footnotes

Acknowledgments

This work is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), the Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (61173135, 61100230, 61100233), and the Natural Science Basic Research Plan in Shaanxi Province of China (2011JM8004). It is also supported partly by Mobile Network Security Technology Research Center of Kyungpook National University, Republic of Korea.

References

Bollobás

Random Graphs 2001 2nd

Cambridge University Press

Penrose

Random Geometric Graphs 2003

Oxford, UK

Oxford University Press

Oxford Studies in Probability

Altmann

Susceptible-infected-removed epidemic models with dynamic partnerships.Journal of Mathematical Biology1995336661675

2-s2.0-0029175104

Bettstetter

On the minimum node degree and connectivity of a wireless multihop network

Proceedings of the 3rd ACM International Symposium on Mobile Ad Hoc Networking and Computing (MOBIHOC ′02)

June 2002

ACM

80 91

2-s2.0-0242696202

Gupta

Kumar

P. R.

The capacity of wireless networks

IEEE Transactions on Information Theory 2000 46 2 388 404

2-s2.0-33747142749

Di Pietro

Mancini

L. V.

Mei

Panconesi

Radhakrishnan

Redoubtable sensor networks

ACM Transactions on Information and System Security 2008 11 3, article 13

2-s2.0-41549165648

10.1145/1341731.1341734

Eschenauer

Gligor

V. D.

A key-management scheme for distributed sensor networks

Proceedings of the 9th ACM Conference on Computer and Communications Security

November 2002

41 47

2-s2.0-0038341106

Liu

Pei

Pang

Park

Key infection, secrecy transfer, and key evolution for sensor networks

IEEE Transactions on Wireless Communications 2010 9 8 2643 2653

2-s2.0-77955692643

10.1109/TWC.2010.061410.100084

Anderson

Chan

Perrig

Key infection: smart trust for smart dust

Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP ′04)

October 2004

Berlin, Germany

206 215

2-s2.0-17744386714

10.

Erdös

Rényi

On the evolution of random graphs

Publication of the Mathematical Institute of the Hungarian Academy of Sciences 1960 5 17 61

11.

Bollobás

A probability proof of an asymptotic formula for the number of labelled regular graphs

European Journal of Combinatorics 1980 1 311 316

12.

Newman

M. E. J.

The structure and function of complex networks

SIAM Review 2003 45 2 167 256

2-s2.0-0038718854

13.

Bloom

B. H,

Space/time trade-offs in hash coding with allowableerrors

Communications of the ACM 1970 13 7 422 426

2-s2.0-0014814325

10.1145/362686.362692

14.

Liu

Das

S. K.

Deployment-aware modeling of node compromise spread in wireless sensor networks using epidemic theory

ACM Transactions on Sensor Networks 2009 5 3 1 33

2-s2.0-67651048997

10.1145/1525856.1525861

15.

Freris

N. M.

Kowshik

Kumar

P. R.

Fundamentals of large sensor networks: connectivity, capacity, clocks, and computation

Proceedings of the IEEE 2010 98 11 1828 1846

2-s2.0-77958151307

10.1109/JPROC.2010.2065790

16.

Giruka

V. C.

Singhal

Royalty

Varanasi

Security in wireless sensor networks

Wireless Communications and Mobile Computing 2008 8 1 1 24

2-s2.0-38149062124

10.1002/wcm.422

17.

Jeong

Haas

Z. J.

Predeployed secure key distribution mechanisms in sensor networks: current state-of-the-art and a new approach using time information

IEEE Wireless Communications 2008 15 4 42 51

2-s2.0-49749094073

10.1109/MWC.2008.4599220

18.

Cheng

Liu

Rivera

iPAK: an in-situ pairwise key bootstrapping scheme for wireless sensor networks

IEEE Transactions on Parallel and Distributed Systems 2007 18 8 1174 1184

2-s2.0-34548205306

10.1109/TPDS.2007.1063

19.

Lee

J. C.

Leung

V. C. M.

Wong

K. H.

Cao

Chan

H. C. B.

Key management issues in wireless sensor networks: current proposals and future developments

IEEE Wireless Communications 2007 14 5 76 84

2-s2.0-36849034499

10.1109/MWC.2007.4396946

20.

Liu

Huang

Moon

Asymmetric Key Pre-distribution Scheme for sensor networks

IEEE Transactions on Wireless Communications 2009 8 3 1366 1372

2-s2.0-62949233339

10.1109/TWC.2009.080049