Sage Journals: Discover world-class research

Abstract

Limited capabilities of tiny sensor node make it difficult to build a secure wireless sensor network. To cope with this problem, location-aware key predistribution schemes have been studied but without considering irregularity of real sensing fields. They were designed for ideal sensing fields divided into uniform regular polygons but false is the real sensing field, where we face irregular obstacles, undulations, and boundaries. In this paper, we tackle this problem from practical sense and first introduce the general deployment model, comparable to the previous uniform deployment model. To construct a secure WSN in the general deployment model, we present a new framework called GenDep, which consists of two phases: group placement and key management. In the group placement phase, we find an optimal position for sensor groups so that both connectivity and global coverage are satisfied for secure communications. In the key management phase, we devise a new structure called extended groups to partition the whole deployment area into irregular subareas. GenDep can build secure and flexible WSNs by using the existing key predistribution schemes even designed in the uniform deployment model. To ensure practicality of GenDep, we also conduct rigorous analysis and simulation in this paper.

1. Introduction

Wireless sensor networks (WSNs) play an important role in mission critical applications, such as military systems, healthcare services, and industrial systems. In such applications, security is a crucial requirement. Unfortunately, it is quite challenging to construct secure WSNs because tiny sensor nodes are very constrained in the capacity of computation, communications, storage, and power management. In particular, key management, which is the most fundamental part of security mechanisms, must be considered in the design phase of WSN with regard to the limited capabilities of tiny sensor nodes.

Since Eschenauer and Gligor have introduced the first proposal [1], a variety of approaches have been studied for secure key management based on the key predistribution concept [2–7]. Among them, location-aware key management schemes [5–7] were remarkable in their efficiency in terms of computation and communication costs (Section 2.1). Indeed, the efficiency came from the preknowledge of the location that helps sensor nodes share secret keys effectively with their (likely) adjacent nodes. However, previous approaches are unrealistic. (1) The previous deployment models assumed a sensing field to be a flat area that is dividable into uniform, regular grids. Such a uniform deployment model is, however, far from the real sensing field, which is actually not uniform in its geographical features and so highly inefficient. (2) The previous location-aware key management schemes are not applicable to a general deployment model, which covers various geographic features in the real sensing field. Their target application is so limited; nonuniform density was not allowed for placing the sensor nodes (Section 2.2).

To cope with these problems in this paper, we first present the general deployment model for WSNs and then propose a new location-aware key management framework called GenDep so as to be effective in that model. We can summarize our contribution as follows. (i)

We present the general deployment model (Section 3). We address that the conventional uniform models are unrealistic because geographical features are irregular in the real world. The general deployment model relaxes the constraints of sensing fields and implements the conceptual WSNs to be practical.

(ii)

On the general deployment model, we construct the new framework called GenDep that actually enables practical location-aware key management. GenDep consists of two phases. First, in the group placement phase (Section 4), we find optimal positions of sensor groups by fulfilling the requirements of WSN applications and geographical features. After placing groups of sensor nodes, we partition a whole sensing field into a number of nonuniform polygons, called zones. Second, in the key management phase (Section 5), we can employ the existing key predistribution schemes (even designed in the uniform deployment model) for our general deployment model. To do so, we devise a new structure of extended groups, each of which consists of a pair of adjacent zones. The extended groups are organized for every pair of zones; thus they overlap each other and connect all neighbors. We treat every extended group as an independent group. Therefore, we can employ any key predistribution scheme for each extended group.

(iii)

We evaluate GenDep via numerical analyses and simulations (Section 6). In particular, the numerical analyses handle connectivity, security, and storage overhead of sensor nodes with general probability distributions.

2. Background and Problem

2.1. Related Work

Sensor Node Placement. Previous studies on the node placement have focused on how to place a sensor node at an optimal location individually. Meguerdichian et al. addressed the coverage problem in WSN [8]. They calculated the maximum breach path and the maximum service path of nodes to find a position that maximizes coverage. In [9], Zou and Chakrabarty introduced a greedy algorithm called virtual force algorithm (VFA). VFA assumes targets have virtual attractive forces and obstacles have virtual repulsive forces. Sensor nodes can find their position under the influence of the forces. Zou and Chakrabarty [10] also proposed setting a virtual backbone from active nodes to improve coverage and connectivity in ad hoc networks. Takahara et al. [11] evaluated the coverage of sensors deployed in the grid pattern for uniform and normal errors. Wang et al. [12] proposed a deployment strategy when sensors are deployed in Gaussian distribution without concerns on the connectivity. Recently, interesting researches have been carried out to enhance coverage in mixed WSNs, which has the heterogeneous setting of static and mobile nodes. Ghosh and Das presented a good survey on the coverage and connectivity issues in [13]. Static sensor nodes are arranged to maximize the coverage (blanket/barrier coverage of [13]) and mobile sensor nodes move carefully to fill the coverage holes (sweep coverage). Lambrou and Panayiotou proposed collaborative scheme to improve coverage in mixed sensor networks [14, 15]. In particular, considering the tradeoff between coverage and energy consumption (communication), they pursue an autonomous sensor system to improve coverage effectively by mobile sensor nodes. Emphasizing the role of mobile sensor nodes for coverage, Das and Roy presented an algorithm to maximize coverage with continuous movement of sensor nodes in [16]. The proposed algorithm lets the mobile sensor nodes cover the sensing field fully within a fixed time. Mahboubi et al. employ Voronoi polygons in [17] to find the coverage holes. Each sensor node has its Voronoi polygon that is derived by relative position to adjacent nodes. Thus the difference between the sensing area and the Voronoi polygon can show the effectiveness of coverage. The authors proposed node-based and vertex-based strategies to relocate sensor nodes. He et al. presented curve-based deployment for barrier coverage in [18]. They modeled sensor nodes along curved lines to enhance the suboptimal coverage of line-based coverage. To sum up, the previous researches focused on placing individual sensor nodes effectively and achieved their goal. However, in large-scale WSNs, where sensors are deployed in groups, we have to take into account group placement. In that sense, GenDep focuses on placing sensor groups rather than individual sensor nodes.

Key Management in Wireless Sensor Networks. In [1], Eschenauer and Gligor proposed a random key predistribution (RKP) scheme for WSNs. A randomly selected sub-key pool is preinstalled to each node before deployment. Chan et al. enhanced RKP (q-composite RKP, qRKP). qRKP achieves better resilience by restricting the minimum number of shared keys to connect. They also proposed the random-pairwise key scheme (RP) in [19], where RP selects a random pair and gives a pairwise key. In [3], Du et al. proposed a structured key-pool RKP scheme (skRKP) by adding randomness to the Blom scheme [20]. If two sensors share a key space, they can generate a key through shared key matrix. The location-aware schemes enhance key managements in WSN. They partition a whole sensing field into fixed square areas, called “grid.” We classify it as grid deployment. Du et al. proposed the location-aware RKP, where sensors share a key pool with other sensors in the same and adjacent grids only. Liu and Ning proposed a similar approach using bivariate polynomials [6]. In the grid-group key predistribution scheme (GGD) [5], Huang et al. employ skRKP to connect nodes in the same grid but RP to connect nodes in adjacent grids. Fanian et al. applied a mixed key from polynomial-based and random key predistribution schemes to WSNs in [21]. Grid-based predeployment knowledge on location is used to preinstall the hybrid keys to sensor nodes. Our previous work improves the connectivity in key management with perfect resilience via the key offering method [22].

2.2. Problems

Previous location-aware approaches [2, 3, 5, 6] assume the uniform deployment model, where a sensing field is a flat area with a uniform geographical feature. In real world, however, a target sensing field is nonuniform. We hardly meet the ideal sensing field that fits to the uniform deployment model. Furthermore, the real-world field has irregular geographical features. The WSN applications also have different sensing interests. Of course we can apply the uniform deployment model to the real-world field by force but it must be extremely inefficient.

Figure 1 shows an example of the real-world sensing field. Suppose that we would like to install WSN for a plain field only (not on the mountain and lake). We cannot make an optimal design to partition the sensing field with grids. To provide a practical WSN for real-world sensing fields, we should be able to divide the sensing field into any polygons like the dotted lines.

Figure 1

An example of the sensing field in the real world.

3. GenDep Overview

In this section, we overview the proposed method, GenDep, which is a novel location-aware key management scheme in the general deployment model. The detailed explanations on GenDep will be given in later sections, Sections 4 and 5.

3.1. General Deployment Model

Large-scale WSNs benefit from group-based deployment, that is, placing sensors by the unit of a group [23], for their scalability. Since sensor groups should be placed in a fixed pattern, however, the uniform deployment model is not appropriate for large-scale WSNs in the real world. To cope with this impracticality, we present the general deployment model. Any form of deployment area can be used for group-based deployment by dividing it into nonuniform subareas, which the existing uniform deployment model cannot support. The general deployment model relaxes the constraints and resolves this problem. Unfortunately, the previous location-aware key management schemes have been considered in the uniform model only, and so they are not quite workable in the general model. It is desirable to develop a new location-aware key management method in the general deployment model.

3.2. GenDep Framework

The new method proposed in this paper is called GenDep. In the general deployment model, GenDep divides and assigns subareas in irregular form to sensor groups and performs location-aware key management effectively.

Figure 2 illustrates the basic procedure of GenDep. Given the information of a sensing field and application requirements in the general deployment model, we firstly define the sensing requirements, which imply the required density of sensors at a particular point. We then apply GenDep in two phases as follows. (i)

Phase 1: in this phase, we make a group placement plan by finding optimal positions of “sensor groups.” We first set reference points according to the sensing requirements and then set deployment points of sensor groups based on the reference points. Finally, we adjust the planned location and distribution of sensor groups so as to enhance the intergroup connectivity.

(ii)

Phase 2: in this phase, we preinstall key sets and conduct location-based key establishment in the general deployment model. We first build group structures incorporating zones and extended groups. Second, we preinstall key sets to every sensor node so as to deploy sensor groups to the target sensing field according to the group placement plan. Finally, after the real deployment, all the sensor nodes conduct pairwise key establishment.

Figure 2

Procedure of GenDep.

4. Group Placement (Phase 1)

The group-based deployment phase consists of three steps: (1) setup reference points, (2) setup deployment points, and (3) adjust distributions. Notations section summarizes the notations to be used in this paper.

4.1. Step 1: Setup Reference Points

In this step, we set reference points according to the sensing requirements. First of all, we represent a target sensing field as a two-dimensional Cartesian plane and place reference points $(x, y)$ , as illustrated in Figure 3(a). The reference points are the points that hold sensing requirements at their position and are placed by following the uniform distribution. Note that they are not actual deployment points but only used for deriving local sensing requirements based on the prior knowledge about the terrain and WSN application.

Figure 3

Three steps of the group placement scheme. (All sensor groups are modeled as the Gaussian distribution with $σ = 10.0$ .)

From [9, 10, 12, 24], we generalize the sensing requirements for the general deployment model. It is required that an event taking place at a certain reference point $(x, y)$ should be detected by at least $b (x, y)$ numbers of sensor nodes with the probability of $p_{d} (x, y)$ . Hence, the sensing requirements are defined at a specific point $(x, y)$ and parametrized as follows: (i)

$p_{d} (x, y)$ : detection probability of a sensor desired at $(x, y)$ ,

(ii)

$b (x, y)$ : number of sensors required to detect an event at $(x, y)$ .

We then combine these parameters to the sensor density desired at $(x, y)$ , $U (x, y)$ . First we compute the area of the sensing region where a sensor node can detect an event with higher probability than $p_{d} (x, y)$ . We assume probabilistic sensing model, in which the detection probability decays exponentially as the power of distance. When we suppose d is the distance of a sensor from an event, $e^{- α d}$ would be the detection probability of the sensor, where α is a positive parameter that represents the physical characteristics of the sensor node and it is determined by the sensor type [9, 12]. Hence a sensor can detect an event taking place within $- (\ln p_{d} (x, y) / α)$ with higher probability than $p_{d} (x, y)$ and the area of the sensing region is $π {- (\ln p_{d} (x, y) / α)}^{2}$ when we assume sensors are omnidirectional. In other words, an event at $(x, y)$ can be detected by sensors located in the sensing region of $π {- (\ln p_{d} (x, y) / α)}^{2}$ with the probability of $p_{d} (x, y)$ . $U (x, y)$ also requires at least $b (x, y)$ number of sensors to be located in the sensing region. Thus,

\begin{matrix} U (x, y) = \frac{b (x, y)}{π {\ln p_{d} (x, y) / α}^{2}} . \end{matrix}

(1)

However, $U (x, y)$ is a goal of density to achieve when deploying sensor nodes. When placing sensor nodes as a group, it is likely that there exists a gap between the goal $U (x, y)$ and the actual density of sensor nodes at $(x, y)$ . We represent the gap, $V (x, y)$ , as follows:

\begin{array}{l} V (x, y) \\ = \max (U (x, y) - \sum_{i = 1}^{N_{D}} ‍ \frac{N_{i} (x, y, - (\ln p_{d} (x, y) / α))}{π {- (\ln p_{d} (x, y) / α)}^{2}}, 0), \end{array}

(2)

where

N_{D}

is the total number of sensor groups and

(N_{i} (x, y, - (\ln p_{d} (x, y) / α))) / (π {- (\ln p_{d} (x, y) / α)}^{2})

is the density of sensor nodes belonging to

i th

sensor group,

G (i)

(x, y)

. Let us defer the explanation of

N_{i} (\cdot)

to Section 6.2.4.

Figure 3(a) shows an initial state of $V (x, y)$ when the target sensing field is covered by 25 reference points. With $α = 1$ , $U (x, y)$ is derived from the sensing requirements given to the reference point $(x, y)$ , that is, $p_{d} (x, y)$ and $b (x, y)$ . Since no sensor groups are deployed yet, $V (x, y)$ is the same as $U (x, y)$ for now.

4.2. Step 2: Setup Deployment Points

The goal of this step is to set deployment points of sensor groups on the positions that would minimize the sum of all $V (x, y)$ , that is, $\min \sum_{\forall (x, y)} ‍ V (x, y)$ . We first perform initial placement and then adjust the position of the deployment points.

Initial Placement. We conduct the initial deployment as shown in Algorithm 1. Algorithm 1 finds a reference point of highest $V (x, y)$ and assigns an unassigned sensor group at the point iteratively. Since $V (x, y)$ represents the gap between $U (x, y)$ and the sensor density of assigned sensor groups, the value of $V (x, y)$ keeps being updated during the process. As a result, we obtain the set B of assigned deployment points of sensor groups.

Algorithm 1: Initial placement: initial placement for unassigned sensor groups.

Input: A set $Q = {G (i) | 1 \geq i \geq N_{D}}$ of sensor groups and a set

$W = {\forall ((x, y), V (x, y))}$ of tuples of a reference point $(x, y)$ and its

$V (x, y)$ for every reference point

Output: A set $B = {[x, y]_{i} | 1 \geq i \geq N_{D}}$ of deployment points assigned to sensor groups

$B \leftarrow \emptyset$

for $G (i) \in Q$ do

Find a reference point $(x, y)$ of highest $V (x, y)$ in W.

$[x, y]_{i} \leftarrow (x, y)$ .

Add $[x, y]_{i}$ to B.

Update $V (x, y)$ s in W.

end

return B

We will improve the result of initial placement in the following steps. We first adjust positions in B to minimize the sum of $V (x, y)$ . And then we determine an optimal position (in Step 3) with regard to the intergroup connectivity.

Position Adjustment. We present a new algorithm, pVFA, which adjusts the assigned deployment position of sensor groups to find more suitable position for achieving the goal. pVFA is an iterative, subgradient method. In an iteration of pVFA, every sensor group calculates a gradient that would decrease the sum of all $V (x, y)$ . The gradient is represented as an Euclidean vector (direction and magnitude) in the target sensing field. Sensor groups move along their gradients by a unit step at the end of an iteration.

More specifically, Algorithm 2 explains the detailed process. Let ${\vec{F}}_{G (i)}^{A} (x, y)$ be attractive force on a group $G (i)$ from a reference point $(x, y)$ . A reference point attracts sensor groups with the power of $V (x, y)$ ; that is, $| {\vec{F}}_{G (i)}^{A} (x, y) | = V (x, y)$ . The gradient of $G (i)$ , $\nabla_{G (i)}$ , is the sum of attractive power from all the reference points, $\nabla_{G (i)} = \sum_{\forall (x, y)} ‍ {\vec{F}}_{G (i)}^{A} (x, y)$ . A sensor group, $G (i)$ , updates its assigned deployment point as $[{x + δ_{d} \cdot \nabla_{G (i)} |}_{x}, {y + δ_{d} \cdot \nabla_{G (i)} |}_{y}]_{i}$ by applying its gradient, where $δ_{d}$ is a unit step for distance. The iteration is repeated until the average of gradients goes below a threshold $T_{V}$ .

Algorithm 2: Position adjustment: adjustment of initial position of sensor groups.

Input: A set $B = {{[x, y]}_{i} | 1 \geq i \geq N_{D}}$ of deployment points assigned to sensor groups

Output: A set $B^{'} = {{[x, y]}_{i} | 1 \geq i \geq N_{D}}$ of deployment points after position adjustment

repeat

for $G (i) \in Q$ do

Calculate an attractive force, ${\vec{F}}_{G (i)}^{A} (x, y)$ , from $V (x, y)$ .

$({{\vec{F}}_{G (i)}^{A} (x, y) |}_{x} = | V (x, y) | \cos θ, {{\vec{F}}_{G (i)}^{A} (x, y) |}_{y} = | V (x, y) | \sin θ)$

Derive the gradient of $G (i)$ : $\nabla_{G (i)} = \sum_{\forall (x, y)} ‍ {\vec{F}}_{G (i)}^{A} (x, y)$ .

Update its position as ${[{x + δ_{d} \cdot \nabla_{G (i)} |}_{x}, {y + δ_{d} \cdot \nabla_{G (i)} |}_{y}]}_{i}$ of B

Update $V (x, y)$ s in W.

end

Copy B to $B^{'}$ .

until $T_{V} > \frac{\sum_{i = 1}^{N_{D}} ‍ | \nabla_{G (i)} |}{N_{D}}$

return $B^{'}$

Figure 3(b) shows the results of this step. The circles indicate the effective region of sensor groups (which we will describe in the next step). The initial deployment determines the gray circles while the black circles indicate the position of sensor groups after the position adjustment. We show the gradient $\nabla_{G (i)}$ as a vector in arrow. As a result, we could obtain the intermediate deployment points of sensor groups and we will finalize the optimal deployment points in the next step.

4.3. Step 3: Adjust Distributions

The result of the previous step could have satisfied the sensing requirements (initially given by the general deployment model) but may have isolated groups having no well-connected adjacent groups because of missing the intergroup connectivity. To avoid such a case, we adjust the assigned deployment point and distribution of sensor groups before accomplishing the group placement plan.

The requirement for achieving “well-connectedness” in the intergroup connectivity is to have an effective, reasonable number of interconnections for two adjacent sensor groups. Thus, we count interconnections between sensor nodes, both of which are effective members in their own sensor groups only. To do so, we first define an effective region of a sensor group as the area covered by an effective number (we set the effective number as 80 percent of the number of sensor nodes in a group) of sensor nodes in that group. And we then set the minimum number of interconnections for two sensor groups to become a connected component.

Effective Region and Interconnections. We model sensor nodes deployed in a sensor group by omnidirectional probabilistic distributions, for example, Gaussian distribution. Hence the effective region is a circular region whose radius we calculate from the inverse cumulative distribution (CDF) [25] of the probabilistic distribution. CDF of the distribution of a sensor group returns the portion of member nodes for a given region of the sensor group; thus the inverse CDF provides an area (or a radius) that holds the given portion of sensor nodes. For example, we calculate the radius of the effective region as $P^{- 1} (0.8)$ , where $P^{- 1} ()$ is the inverse CDF. We then regard interconnections of sensor nodes located in intersection of the effective regions of two adjacent sensor groups as effective interconnections. Let $w_{i}$ and $w_{j}$ , respectively, denote the number of sensor nodes from $G (i)$ and $G (j)$ in the intersection region between $G (i)$ and $G (j)$ .

Minimum Number of Interconnections. To become a connected component, a sensor group must have such a minimum degree of graph as $⌈ C \log n_{z} ⌉$ , where C is a tunable radio transmission range parameter ( $C \geq 1.5$ will increase the global connectedness to be close to 1) [26] and $n_{z}$ is the number of sensor nodes in a sensor group. Similarly, two sensor groups must have a minimum degree of graph, $⌈ C \log 2 n_{z} ⌉$ . Therefore, we define a set of well-connected neighbor groups, ${\hat{N}}_{i}$ , for group $G (i)$ :

\begin{matrix} {\hat{N}}_{i} = {j | p_{1}^{*} \cdot w_{j} \geq ⌈ C \log 2 n_{z} ⌉, \forall j, i \neq j}, \end{matrix}

(3)

where

p_{1}^{*}

is the probability that two nodes of different groups can be connected. It indicates that two nodes are within each other's communication range and also share keys because only sensor nodes sharing the same key can communicate with each other [5]. Finally, to avoid the case that isolated groups exist, the following condition should be satisfied:

\begin{matrix} | {\hat{N}}_{i} | \geq ⌈ C \log N_{D} ⌉ . \end{matrix}

(4)

pVFA with an Extending Option. We improve the intergroup connectivity of the isolated sensor groups by extending their effective regions. For this purpose, we employ pVFA with an extending option. Algorithm 3 shows the process of this step. First we compute the effective region, denoted by $F_{i}$ , of a group $G (i)$ and calculate intergroup connections between every pair of neighboring sensor groups, which have overlapped effective region in common. We then identify the isolated groups by using the condition of (4). When extending the effective region, we control the parameter of probability distribution of the sensor group. Here we suppose that we model the probability distribution as the two-dimensional Gaussian distribution. Thus we increase the standard deviation (std), $σ_{i}$ , of $G (i)$ by multiplying $δ_{s}$ , which is a unit step for std. During extending the effective region, we can improve the connectivity but we could also experience the lower density of sensor nodes in the sensor group at the same time. It may bring back $V (x, y)$ . Thus pVFA also adjusts the position by applying the algorithm PositionAdjustment of Algorithm 2. This process is repeated until there is no isolated group and the average magnitude of the gradient is below $T_{V}$ . The result is a deployment plan for a given sensing field. The deployment plan indicates the position of sensor groups (i.e., deployment points) and its distribution parameter (i.e., std).

Algorithm 3: Final adjustment: adjustment of position and distribution for intergroup connectivity.

Input: A set $B^{'} = {{[x, y]}_{i} | 1 \geq i \geq N_{D}}$ of deployment points after position adjustment

Output: Deployment plan: a set $K = {([x, y]_{i}, σ_{i}) | 1 \geq i \geq N_{D}}$ of

deployment points and distribution for each sensor group

$I \leftarrow \emptyset$

repeat

foreach $G (i)$ do Compute the effective region of $G (i)$ , $F_{i}$

for $\forall (G (i), G (j))$ , $F_{i} \cup F_{j} \neq \emptyset$ do

Calculate inter-group connections between $G (i)$ and $G (j)$

end

Identify isolated groups as I

for $G (i) \in I$ do

$σ_{i} \leftarrow δ_{s} \cdot σ_{i}$

end

Apply PositionAdjustment

until $I \neq \emptyset$ and $T_{V} > \frac{\sum_{i = 1}^{N_{D}} ‍ | \nabla_{G (i)} |}{N_{D}}$

return K

In Figure 3(c), the gray circle and the black circle indicate the effective region, respectively, before and after the adjustment. We could observe that isolated groups have extended their effective regions while several groups have moved to minimize $V (x, y)$ in Figure 3(c). Compared with the result of Step 2, the fraction of connected groups has been significantly improved from 0.455 to 1.0 at the cost of $V (x, y)$ , of which the average increased from 0.0043 to 0.0132.

5. Key Management (Phase 2)

In this section, we describe the key management phase of GenDep. On the basis of the result of the group placement phase, we preinstall key sets to sensors for establishing pairwise keys in the key management phase. To do so, we describe building group structures in Step 1, preinstalling key sets to sensors in Step 2, and establishing pairwise keys in Step 3 (after deployment).

5.1. Step 1: Build Group Structures

In order to provide the location awareness to the key management schemes, we need to define a zone for a group. The key management schemes assume zones are nonoverlapped; thus we divide the sensing field into zones by using the Voronoi decomposition method [27], where a Voronoi cell for a seed point is a region consisting of points that are closer to the seed point than other seed points.

By employing the deployment points of groups as the seed points, we define a zone for the group $G (i)$ is the Voronoi cell based on its deployment point, $[x, y]_{i}$ . Let $N V_{i}$ denote a set of groups sharing Voronoi edges with the group $G (i)$ . Then we could define a set of neighbor groups, $N Z (i)$ , as follows:

\begin{matrix} N Z (i) = N V_{i} \cap {\hat{N}}_{i} . \end{matrix}

(5)

Figure 4(a) is an example of the zones based on the deployment points of Figure 3. The sensing field was partitioned into 11 zones. Every zone has different shapes and different neighbors. In order to explain the subsequent process more clearly, we use the field of Figure 4(b) that consists of various polygons, that is, irregular zones.

Figure 4

Voronoi decomposition and deployment plan.

After partitioning zones, every pair of two neighboring zone groups is merged to be an extended group, EG. A group belongs to as many EGs as the number of its neighbor groups.

Algorithm 4 explains the process for setting the neighbor sensor group and assigning extended groups. All the assigned EGs are in E. In addition, Figure 5 illustrates an example of multiple EGs (i.e., 5 EGs) overlapped on the group $G (7)$ . Note that EGs could intrinsically support location awareness because of binding a pair of adjacent zones.

Algorithm 4: Build structure: define the neighbor groups and build a set of extended groups of every pair of neighboring sensor groups.

Input: A set Q of sensor groups, a set $N_{i}$ of well-connected sensor groups of

$G (i)$ , and a set $N V_{i}$ of the sensor groups sharing a Voronoi edge with $G (i)$

Output: A set $E = {E G (i, j) | G (j) \in N Z (i) \lor G (i) \in N Z (j)}$ of extended groups.

$E \leftarrow \emptyset$

foreach $G (i)$ do

$N Z (i) \leftarrow N V_{i} \cap {\hat{N}}_{i}$

for $G (j) \in N Z (i)$ do

if EG $(i, j) \notin W$ then

$E \leftarrow E \cup {E G (i \cdot j)}$

end

return E

Figure 5

Group structures for group $G (7)$ . (Note that $E G (i, j)$ denotes the extended group of $G (i)$ and $G (j)$ .)

5.2. Step 2: Preinstall Key Sets

In this step, we assign key predistribution schemes to EGs and preinstall key sets to be used for key establishment. Before preinstall keys to sensor nodes, we select a key predistribution scheme suitable for each EG. Because each EG is an independent space, we could assign not only homogeneous but also heterogeneous key predistribution schemes to EGs. It is clear that heterogeneous schemes could only affect their own EGs. For example, a compromised sensor node may only contaminate sensors in its local EG. When selecting key predistribution schemes, we could flexibly approach them by considering their distinct features in terms of node-capture resilience, storage overhead, and computational complexity. We could prioritize one of those features in each EG. For instance, we could select RP for prioritizing the perfect resilience against node capture attacks or RKP for higher connectivity. No key predistribution scheme is a panacea.

According to the selected key predistribution schemes, we preinstall key sets to sensor nodes. Algorithm 5 shows the procedure. First we assign unique identifiers, $I D_{u}$ and $I D_{E G}$ , to each sensor node and each EG, respectively. For each EG, we generate a key pool, $K_{E G (i, j)}$ , according to the selected key predistribution scheme for the EG. From the key pool, we select a key set and install it on a sensor node of the EG. The method for generating a key pool GenerateKeyPool and selecting a key set from the key pool SelectKeysFrom is dependent on the selected key predistribution scheme.

Algorithm 5: Preinstall: preinstall a key set for each sensor node.

Input: A set E of extended groups

foreach a sensor node, u do

SetNewIdentifier $(u, I D_{u})$

end

foreach EG $(i, j)$ do

SetNewIdentifier $(E G (i, j), I D_{E G})$

$K_{E G (i, j)}$ ← GenerateKeyPool $(E G (i, j))$

for a sensor node, $u \in E G (i, j)$ do

s← SelectKeysFrom $(K_{E G (i, j)})$

InstallKeySet $(u, s)$

end

5.3. Step 3: Establish Pairwise Keys

Finally, we could deploy sensor nodes into the sensing field. After deployment, the sensor nodes will then establish pairwise keys by themselves. The procedure to establish pairwise keys is as follows. (1)

Key Discovery. Each sensor node broadcasts its ID, $I D_{u}$ , and key list whereas the key list is composed of the identifiers of its keys, $〈 I D_{k}, I D_{E G} 〉$ . Sensor nodes could exchange them with their neighbors and compare the lists for key establishment.

(2)

Pairwise Key Establishment. If a sensor node finds a neighbor node sharing the same key, then it sends a connection request to the neighbor. By using the key agreement method of [3], the two adjacent nodes can generate a pairwise key in a secure way.

(3)

Path Key Establishment. If there remain neighbors not yet connected, the sensor node broadcasts the IDs of the disconnected neighbors to the connected neighbors, so that the connected neighbors could help them to establish pairwise keys. This step is repeated until the sensor node connects to all the neighbors and cannot find newly connectable nodes.

6. Performance Evaluation

In this section, we analyze the performance of GenDep. We compare our method to the previous location-aware key management schemes based on the fixed deployment model, such as GGD [5] and skRKP [2].

6.1. System Model for Evaluation

We assume the following. (i)

The number of sensor nodes ( $n_{z}$ ) is 100 in a single group.

(ii)

To compare the result with the previous schemes fair, we set each zone to be formed as a square: $\forall G (i), L_{G (i)} = 4$ .

(iii)

GenDep uses three configurations for key predistribution schemes: G-skRKP, G-COMB, and G-RP. For G-skRKP and G-RP, we select skRKP and RP as key predistribution schemes, respectively. In G-COMB, a combination of RKP and RP is applied; among 4 EGs of a group, 2 EGs use RKP and the other 2 EGs employ RP. The key pool size of the RKP scheme is 4880 to keep the faction of communication compromised under 0.4 until 50% nodes are compromised [1].

(iv)

In order to keep the same level of key storage and to preserve the λ-secure property (for resilience against compromised sensor nodes, the key distribution schemes using the secret key matrix of the Blom scheme, such as GGD and skRKP [2, 5], have an upper bound on the ratio of the number of sensor nodes and the size of secret matrix; this is called λ-secure property; please refer to [3] for the λ-secure property) [3], $ω = 7$ for all the schemes but $τ_{G} = 3$ , $τ_{D} = 2$ , and $τ_{E} = 1$ for GGD, skRKP-D, and G-skRKP, respectively. The analysis of key storage is described in Section 6.5. Additionally, we set the parameters for GGD as $γ_{G G D} = 8$ and $α_{G G D} = 1$ based on [5].

6.2. Key Graph Connectivity

Let $p_{1 n} (i, j)$ be the probability that two sensor nodes in $G (i)$ and $G (j)$ share at least one common key. It is assumed that a sensor node of $E G (i, j)$ randomly picks $m_{k}$ different keys for $E G (i, j)$ from a key pool of size M. Then, the $p_{1 n} (i, j)$ is

\begin{array}{l} p_{1 n} (i, j) = 1 - \frac{(\begin{smallmatrix} M \\ m_{k} \end{smallmatrix}) (\begin{smallmatrix} M - m_{k} \\ m_{k} \end{smallmatrix})}{{(\begin{smallmatrix} M \\ m_{k} \end{smallmatrix})}^{2}} \\ = 1 - \frac{{(M - m_{k})!}^{2}}{M! \cdot (M - 2 m_{k})} . \end{array}

(6)

Likewise, let

p_{1 s} (i)

be the probability that two sensor nodes in the same

G (i)

share at least one common key. The sensor nodes in the same group have all their EGs in common. They can be connected unless they do not share any key in their EGs, which are

E G (i, j), G (j) \in N Z (i)

. For each

E G (i, j)

that they share, the key graph connecting probability is

p_{1 n} (i, j)

. Thus,

\begin{matrix} p_{1 s} (i) = 1 - \prod_{G (j)}^{N Z (i)} ‍ (1 - p_{1 n} (i, j)) . \end{matrix}

(7)

If a single key predistribution scheme is applied to all EGs of

G (i)

p_{1 s} (i)

is calculated as

\begin{array}{l} p_{1 s} (i) = 1 - {[\frac{(\begin{smallmatrix} M \\ m_{k} \end{smallmatrix}) (\begin{smallmatrix} M - m_{k} \\ m_{k} \end{smallmatrix})}{{(\begin{smallmatrix} M \\ m_{k} \end{smallmatrix})}^{2}}]}^{L_{G (i)}} \\ = 1 - {[\frac{{(M - m_{k})!}^{2}}{M! (M - 2 m_{k})!}]}^{L_{G (i)}}, \end{array}

(8)

since the number of shared EGs of the two sensor nodes in the same group is

L_{G (i)}

. Appendix A shows the probabilities,

p_{1 n}

and

p_{1 s}

, on the instantiations of key predistribution schemes in GenDep.

A sensor node can be connected to neighbors directly (1 hop) or through relaying of other neighbor nodes (more than 1 hop). For simplicity and clarity, we consider 2 hops at maximum. Let $N_{i} (x, y, R)$ be the number of sensors of $G (i)$ within the communication range R from a position $(x, y)$ . We assume a sensor node u in $G (i)$ at $(x, y)$ . For the sensor node u, we take $n_{i}^{'} = N_{i} (x, y, R) - 1$ as the number of reachable neighbor nodes in $G (i)$ (the number of sensor nodes within the communication range except itself) and $n_{j}^{'} = N_{j} (x, y, R)$ as the number of reachable neighbor nodes in $G (j)$ , where $j \neq i$ and $G (j) \in N Z (i)$ .

6.2.1. Key Graph Connectivity within the Same Group

Suppose that a sensor node u connects to another sensor node v in the same group $G (i)$ , $u, v \in G (i)$ . We represent the probability that two nodes are connected, $P_{u, v}$ , as

\begin{matrix} P_{u, v} = P_{u, v} [1 hop] + (1 - P_{u, v} [1 hop]) P_{u, v} [2 hops], \end{matrix}

(9)

where the probability of the 1-hop connection,

P_{u, v} [1 hop]

, is equal to

p_{1 s} (i)

. When we calculate the probability of the 2-hop connection,

P_{u, v} [2 hops]

, we take account of two cases of relaying: by a node in the same group or another node in a neighbor group. Let us denote by

P_{i}

and

P_{j}

the probabilities that the sensor nodes, u and v, are connected via a node in

G (i)

and

G (j) \in N Z (i)

, respectively. The two nodes can be connected in any of these cases. Hence,

\begin{matrix} P_{u, v} [2 hops] = 1 - (1 - P_{i}) \cdot \prod_{G (j)}^{N Z (i)} ‍ (1 - P_{j}) . \end{matrix}

(10)

We calculate

P_{i}

and

P_{j}

by developing the binomial probability distribution (the development of the binomial probability distribution for the key graph connecting probability is inspired by [28]). We compute

P_{i}

as follows:

\begin{array}{l} P_{i} = \sum_{k_{1} = 1}^{n_{i}^{'} - 1} (\begin{pmatrix} n_{i}^{'} - 1 \\ k_{1} \end{pmatrix}) {p_{1 s} (i)}^{k_{1}} \\ \times {1 - p_{1 s} (i)}^{n_{i}^{'} - k_{1} - 1} {1 - {(1 - p_{c} p_{1 s} (i))}^{k_{1}}}, \end{array}

(11)

where the part

\sum_{k_{1} = 1}^{n_{i}^{'} - 1} ‍ (\begin{smallmatrix} n_{i}^{'} - 1 \\ k_{1} \end{smallmatrix}) {p_{1 s} (i)}^{k_{1}} {1 - p_{1 s} (i)}^{n_{i}^{'} - k_{1} - 1}

is the binomial probability distribution that represents that u is connected to

k_{1}

sensor nodes out of

n_{i}^{'} - 1

neighbors (the number of reachable neighbor nodes except v) and u is connected to one of

k_{1}

sensor nodes by

p_{1 s} (i)

. The term,

1 - (1 - p_{c} p_{1 s} (i))^{k_{1}}

, represents the probability that at least one of the

k_{1}

sensor nodes is connected to v. Note that

p_{c}

is the probability that any two sensor nodes are within the communication range of each other. If the communication range is circle-shaped and of equal radius, then

p_{c}

is 0.5865 regardless of R according to [28]. Likewise, we calculate

P_{j}

\begin{array}{l} P_{j} = \sum_{k_{2} = 1}^{n_{j}^{'}} ‍ (\begin{pmatrix} n_{j}^{'} \\ k_{2} \end{pmatrix}) {p_{1 n} (i, j)}^{k_{2}} \\ \times {1 - p_{1 n} (i, j)}^{n_{j}^{'} - k_{2}} {1 - {(1 - p_{c} p_{1 n} (i, j))}^{k_{2}}} . \end{array}

(12)

Equation (12) represents that u is connected to v via one of

k_{2}

sensor nodes in

G (j) \in N Z (i)

. Since the

k_{2}

sensor nodes belong to

G (j)

, the connecting probability between them and u or v is

p_{1 n} (i, j)

. Finally, we get (13) by joining (9), (10), (11), and (12).

\begin{array}{l} P_{u, v} \\ = p_{1 s} (i) + (1 - p_{1 s} (i)) \\ \times {1 - [1 - \sum_{k_{1} = 1}^{n_{i}^{'} - 1} ‍ (\begin{pmatrix} n_{i}^{'} - 1 \\ k_{1} \end{pmatrix}) {p_{1 s} (i)}^{k_{1}} \\ \times {1 - p_{1 s} (i)}^{n_{i}^{'} - k_{1} - 1} \\ \times {1 - {(1 - p_{c} p_{1 s} (i))}^{k_{1}}}] \\ \cdot \prod_{j}^{N Z (i)} ‍ [1 - \sum_{k_{2} = 1}^{n_{j}^{'}} ‍ (\begin{pmatrix} n_{j}^{'} \\ k_{2} \end{pmatrix}) {p_{1 n} (i, j)}^{k_{2}} \\ \times {1 - p_{1 n} (i, j)}^{n_{j}^{'} - k_{2}} \\ \times {1 - {(1 - p_{c} p_{1 n} (i, j))}^{k_{2}}}]} \end{array}

(13)

6.2.2. Key Graph Connectivity between Neighbor Groups

$P_{u, v^{*}}$ is the probability that a sensor node u in $G (i)$ connects to another node v in $G (j)$ , that is, a neighbor group of $G (i)$ ( $G (j) \in N Z (i)$ ) with or without help from all neighbor nodes. Obviously, $P_{u, v^{*}} [1 hop] = p_{1 n} (i, j)$ , but, in $P_{u, v^{*}} [2 hops]$ , three cases of 2-hop connections are possible: $P_{i}^{*}$ , $P_{j}^{*}$ , and $P_{g}^{*}$ .

First, $P_{i}^{*}$ , the probability of 2-hop connection by relaying of a sensor node in $G (i)$ is

\begin{array}{l} P_{i}^{*} = \sum_{k_{1} = 1}^{n_{i}^{'}} ‍ (\begin{pmatrix} n_{i}^{'} \\ k_{1} \end{pmatrix}) {p_{1 s} (i)}^{k_{1}} \\ \times {1 - p_{1 s} (i)}^{n_{i}^{'} - k_{1}} {1 - {(1 - p_{c} p_{1 n} (i, j))}^{k_{1}}} . \end{array}

(14)

In (14), note that

p_{1 s} (i)

and

p_{1 n} (i, j)

, respectively, represent the probability that node u connects to

k_{1}

neighbor nodes and the probability that

k_{1}

neighbor nodes connect to node v. Second,

P_{j}^{*}

is the probability of 2-hop connection by relaying of a sensor node in

G (j)

and is given as

\begin{array}{l} P_{j}^{*} = \sum_{k_{2} = 1}^{n_{j}^{'} - 1} ‍ (\begin{pmatrix} n_{j}^{'} - 1 \\ k_{1} \end{pmatrix}) {p_{1 n} (i, j)}^{k_{2}} \\ \times {1 - p_{1 n} (i, j)}^{n_{j}^{'} - k_{2} - 1} \\ \times {1 - {(1 - p_{c} p_{1 s} (j))}^{k_{2}}} . \end{array}

(15)

Third,

P_{g}^{*}

is the probability of 2-hop connection by the relay of a sensor node in neighbor groups except

G (j)

, which are

N Z (i) ∖ {G (j)}

. Hence,

P_{g}^{*}

\begin{array}{l} P_{g}^{*} = \sum_{k_{3} = 1}^{n_{g}^{'}} ‍ (\begin{pmatrix} n_{g}^{'} \\ k_{3} \end{pmatrix}) {p_{1 n} (i, g)}^{k_{3}} \\ \times {1 - p_{1 n} (i, g)}^{n_{g}^{'} - k_{3}} \\ \times {1 - {(1 - p_{c} p_{1 n} (i, g))}^{k_{3}}} . \end{array}

(16)

From (14), (15), and (16), we derive that

\begin{array}{l} P_{u, v} [2 hops] = 1 - (1 - P_{i}^{*}) (1 - P_{j}^{*}) \\ \cdot \prod_{g}^{N Z (i) ∖ {G (j)}} ‍ (1 - P_{g}^{*}) . \end{array}

(17)

Finally,

\begin{matrix} P_{u, v^{*}} = P_{u, v^{*}} [1 hop] + (1 - P_{u, v^{*}} [1 hop]) P_{u, v^{*}} [2 hops] . \end{matrix}

(18)

Joining (14), (15), (16), and (17), we represent

P_{u, v^{*}}

as (19).

\begin{array}{l} P_{u, v^{*}} \\ = p_{1 n} (i, j) + (1 - p_{1 n} (i, j)) \\ \cdot {1 - [1 - \sum_{k_{1} = 1}^{n_{i}^{'}} ‍ (\begin{pmatrix} n_{i}^{'} \\ k_{1} \end{pmatrix}) {p_{1 s} (i)}^{k_{1}} \\ \times {1 - p_{1 s} (i)}^{n_{i}^{'} - k_{1}} \\ \times {1 - {(1 - p_{c} p_{1 n} (i, j))}^{k_{1}}}] \\ \cdot [1 - \sum_{k_{2} = 1}^{n_{j}^{'} - 1} ‍ (\begin{pmatrix} n_{j}^{'} - 1 \\ k_{1} \end{pmatrix}) {p_{1 n} (i, j)}^{k_{2}} \\ \times {1 - p_{1 n} (i, j)}^{n_{j}^{'} - k_{2} - 1} \\ \times {1 - {(1 - p_{c} p_{1 s} (j))}^{k_{2}}}] \\ \cdot \prod_{g}^{N Z (i) ∖ {G (j)}} ‍ [1 - \sum_{k_{3} = 1}^{n_{g}^{'}} ‍ (\begin{pmatrix} n_{g}^{'} \\ k_{3} \end{pmatrix}) (\begin{pmatrix}  \end{pmatrix}) {p_{1 n} (i, g)}^{k_{3}} \\ \times {1 - p_{1 n} (i, g)}^{n_{g}^{'} - k_{3}} \\ \times {1 - {(1 - p_{c} p_{1 n} (i, g))}^{k_{3}}}]} \end{array}

(19)

6.2.3. Numerical Results in Key Graph Connectivity

Figure 6 depicts $P_{u, v}$ and $P_{u, v^{*}}$ when $n_{i}^{'}$ and $n_{j}^{'}$ are the same. Table 1 shows the parameters, $p_{1 s}$ and $p_{1 n}$ , computed by the equations as referred to Appendix A. As illustrated in Figure 6, the connectivity of GGD is best at the same group but worst between the neighbor groups at the same time. The reason is that GGD employs different methods for the same and the neighbor groups. The connectivities at the same group are similar in G-skRKP, G-RP, and skRKP-D. But the connectivities between the neighbor groups are better than skRKP-D in G-skRKP and G-RP as illustrated in Figure 6(b). When we assume the number of neighbor nodes is 21, in Figure 6(a), the $P_{u, v}$ of G-RP is $22 %$ and $3 %$ lower than GGD and skRKP-D, respectively, but, in Figure 6(b), $P_{u, v^{*}}$ of G-RP is $640.7 %$ and $55.7 %$ higher than the two schemes. In other words, GenDep has slightly lower connectivity within the same group but far higher connectivity between the neighbor groups. In both cases of Figure 6, G-COMB achieves high connectivity. Furthermore, it is noteworthy that RP is a good choice as a key predistribution scheme because G-RP shows better performance than skRKP-D and G-skRKP. In addition, RP does not require complex computation in the key establishment and has better network resilience [22].

Table 1

Local connectivity ( $p_{1 s}$ and $p_{1 n}$ ).

	$p_{1 s}$	$p_{1 n}$
G GD	0.8857	0.01
skRKP-D	0.5338	0.0816
G-skRKP	0.4602	0.1429
G-RP	0.4779	0.15
G-COMB	0.62	0.33 (RKP), 0.08 (RP)

Figure 6

Key graph connectivity.

6.2.4. Discussion on Key Graph Connectivity according to Deployment Distribution

We model the deployment method for a sensor group as probabilistic distribution of sensor nodes. In this section, we take into consideration two kinds of probabilistic distributions: Gaussian and uniform distributions.

Gaussian Distribution. First, in the Gaussian distribution, sensor nodes are deployed in the 2-dimension (2D) Gaussian distribution from their deployment point. We denote by $g (z, r)$ the cumulative density function (CDF) of the 2D Gaussian distribution within a circle whose center is located at the distance of z from the deployment point and its radius is r. More formally,

\begin{array}{l} g (z, r) = 1 {z < r} [1 - e^{- {(r - z)}^{2} / 2 σ^{2}}] \\ + \frac{1}{2 π σ^{2}} \int_{| z - r |}^{z + r} ‍ 2 l \cos^{- 1} (\frac{l^{2} + z^{2} - r^{2}}{2 l z}) e^{- l^{2} / 2 σ^{2}} d l, \end{array}

(20)

where σ is the standard deviation of the Gaussian distribution. Please refer to [29] about derivation of

g (z, r)

. Let us denote the position of the deployment point,

[x, y]_{i}

, by using

x_{i}

and

y_{i}

. The number of nodes in

G (i)

at the point of

(x, y)

within r is

\begin{matrix} N_{i} (x, y, r) = ⌊ n_{z} \cdot g (\sqrt{{(x - x_{i})}^{2} + {(y - y_{i})}^{2}}, r) ⌋ . \end{matrix}

(21)

Figure 7 depicts the probability of the key graph connectivity to nodes in any neighbor group,

P_{*} = 1 - \prod_{k}^{N Z} ‍ (1 - P_{u, v^{*}})

, from (0,0) to (100,100) where the deployment point is located at (50,50). Since the distribution of neighbor nodes determines the probability of the key graph connectivity, Figure 7 shows high connectivity along each direction to the deployment points of neighbor groups. Additionally, note that the shape of the zone in Figure 7(a) is a regular polygon, that is, a square, but that of Figure 7(b) is the irregular pentagon, which is the same shape to the zone G in Figure 4(b).

Figure 7

Key graph connectivity with Gaussian sensor deployment ( $n_{z} = 100$ , $σ = 25$ , $r = 10$ , $G - s k R K P$ ).

Uniform Distribution. Second, in the uniform distribution, the coverage area and density determine the number of neighbor nodes regardless of the deployment point. Let $ρ_{i}$ be the sensor node density of $G (i)$ , which can be calculated by $ρ_{i} = n_{z} / | zon e_{i} |$ , where $zon e_{i}$ is the zone of $G (i)$ . Hence, the number of sensor nodes within r in $G (i)$ is

\begin{array}{l} N_{i} (x, y, r) \\ = ⌊ ρ_{i} \cdot | zon e_{i} \cap {(x, y) | \sqrt{{(x - x^{'})}^{2} + {(y - y^{'})}^{2}} < r} | ⌋, \end{array}

(22)

where

| zon e_{i} \cap {(x, y) | \sqrt{(x - x^{'})^{2} + (y - y^{'})^{2}} < r} |

is the area of the intersected region between

zon e_{i}

and the communication range of the node located at

(x^{'}, y^{'})

. The intersected area can be calculated geometrically using the sensor coverage analysis such as [5].

6.3. Simulation

We perform simulation to validate our analysis result in more realistic situations. Our simulation follows the system setup of Sections 6.1 and 6.2.4 ( $n_{z} = 100$ , $σ = 25$ , $R = 10 m$ ). In the simulation, we place nine sensor groups as shown in Figure 8. Each group is located from a given group distance. We ran simulation with varying distances between groups to check the number of connections to confirm the trends of key graph connectivity of our analysis in Section 6.2.3. In the simulation, we implemented GGD and G-skRKP, since the relative performance of G-skRKP to GGD is a good indicator for the trend of the analysis result.

Figure 8

Simulation setting. We place nine sensor groups and deploy sensor nodes in Gaussian distribution. (Please note that we use $σ = 10$ in this figure to show sensor groups more distinguishably but $σ = 25$ in the simulation to follow the settings of Sections 6.1 and 6.2.4.)

Figure 9 shows the result of the simulation. We change the distance between groups from 20 m to 50 m and count the total number of connections established within the two-hop key graph after deployment. Since sensor nodes are deployed randomly in Gaussian distribution, we ran simulation 30 times to get the average of the results. As expected, we can observe that the connectivity within the same group does not change by varying the distance in Figure 9(a). GGD has 18.8% more connections among sensor node within the same group than G-skRKP. As shown in Figure 9(b), however, G-skRKP always outperforms GGD by 338% in the number of connections among neighbor groups. Therefore, both results show the same trend as the result of the numerical analysis in Section 6.2.3 and G-skRKP can provide higher connectivity between groups.

Figure 9

Key graph connectivity in the simulation.

6.4. Security Analysis

The group structures in GenDep prevent the general deployment model from incurring additional security concerns. The security conditions for the key predistribution schemes, such as the λ-secure property, can also be applied easily.

Figure 10 depicts the network resilience against node capture attacks for the same size of key sets, $m_{k} = 30$ , and the local connectivity, $p_{1} = 0.14$ . We refer to [3, 19] and Appendix B for the equations of the network resilience. In Figure 10, skRKP shows the strong resistance to the node capture attacks when $n_{z}$ is only restricted under 100, that is, satisfying the λ-secure property. However, RP can achieve the perfect resilience against the node capture attacks. Note that the network resilience of qRKP is worse than RKP due to the small size of $m_{k}$ and key pool. Therefore, we exclude the qRKP scheme in the performance comparison. In case that nodes store a relatively smaller number of keys for an EG, the RKP scheme is better to be selected for security and connectivity than the qRKP scheme.

Figure 10

Network resilience of the key predistribution schemes ( $m_{k} = 30$ , $p_{1} = 0.14$ ).

6.5. Storage Overhead

The size of the key storage required to preinstall key sets in a sensor node is dependent on the key predistribution schemes. Let $m_{k, l}$ be the size of the key storage for the $l th$ EGof a sensor node. The total storage for a node can be computed as $m = \sum_{l = 1}^{L_{G (i)}} ‍ m_{k, l}$ . The security conditions of the key predistribution scheme may restrict the lower bound of $m_{k}$ . In that sense, for the Blom-based schemes in GenDep, the security parameter λ is calculated as $2 n_{z} τ_{E} / ω$ . That is, the selected key space in GenDep, $τ_{E}$ , should be half of τ that other Blom-based schemes use in order to keep the same value of $n_{z}$ . Thus, $m_{k}$ for an EG with skRKP is

\begin{matrix} m_{k} = (⌈ \frac{2 n_{z} τ_{E}}{ω} ⌉ + 1) τ_{E} . \end{matrix}

(23)

In case that skRKP is assigned to all EGs, for example, G-skRKP,

m = L_{G (i)} \cdot m_{k}

. Table 2 shows the key storage overhead on various configurations for this case. Based on the configurations of [3, 5] (

ω = 7

τ = 2

τ_{E} = 1

, 64-bit key), the required key storage for GenDep is under a few kilobytes for both cases of

L_{G (i)} = 4

(rectangular zone) and

L_{G (i)} = 6

(hexagonal zone). Even in the cases of hexagonal zone, 128-bit key, and

τ_{E} = 2

, the key storage is under 12 kbytes. Since MICAz sensor nodes have a 128 kbyte program memory and a 512 kbyte secondary memory [30], the required key storage is small enough to be installed to the memory of sensor nodes.

Table 2

Required key storage.

L	$n_{z}$	ω	$τ_{E}$	Key size (bits)	Storage (bytes)	L	$n_{z}$	ω	$τ_{E}$	Key size	Storage
4	50	7	1	64	512	6	50	7	1	64	768
4	100	7	1	64	960	6	100	7	1	64	1440
4	200	7	1	64	1888	6	200	7	1	64	2832

4	50	7	1	128	1024	6	50	7	1	128	1536
4	100	7	1	128	1920	6	100	7	1	128	2880
4	200	7	1	128	3776	6	200	7	1	128	5664

4	50	7	2	64	1920	6	50	7	2	64	2880
4	100	7	2	64	3776	6	100	7	2	64	5664
4	200	7	2	64	7424	6	200	7	2	64	11136

Let $m_{G}$ , $m_{D}$ , $m_{G - s k R K P}$ , $m_{G - C O M P}$ , and $m_{G - R P}$ be the required storages to store keys for GGD, skRKP-D, G-skRKP, G-COMB, and G-RP, respectively. In skRKP-D, each key pool is shared among neighbor zones in proportion to a or b. In other words, due to the λ-secure property, we cannot deploy more than $n + (4 a + 4 b) n$ nodes. Hence, $λ = ⌈ n τ_{G} / ω ⌉$ for GGD and $λ = ⌈ 2 n τ_{D} / ω ⌉$ for skRKP-D using the condition $4 a + 4 b = 1$ in [2]. From these conditions, the required key storage for the schemes is

\begin{matrix} m_{G} = (⌈ \frac{n_{z} τ_{G}}{ω} ⌉ + 1) τ_{G} + γ α, \\ m_{D} = (⌈ \frac{2 n_{z} τ_{D}}{ω} ⌉ + 1) τ_{D}, \\ m_{G - s k R K P} = 4 (⌈ \frac{2 n_{z} τ_{E}}{ω} ⌉ + 1) τ_{E} . \end{matrix}

(24)

From (24), the parameters of the system model in Section 6.1 are determined to achieve the same level of key storage,

m_{D} = m_{G - s k R K P} = 120

and

m_{G} = 128

. Since G-RP and G-COMB do not require the security conditions on m, we set the

m_{G - C O M P} = m_{G - R P} = 120

7. Conclusion

In this paper, we proposed GenDep, the novel framework for location-aware key management in WSNs regarding the general deployment model. Due to the notion of generalized location awareness, GenDep can apparently provide a practical advantage. The WSN can be deployed without losing its security in the real world where nonuniform geographical features exist. In GenDep, the group placement phase is operated to find optimal deployment positions of sensor groups. In the following key management phase, a whole deployment area is partitioned into a number of different smaller zones based on the deployment points of sensor groups. Subsequently, we build a new group structure to cover all sensor nodes deployed in neighboring zones. Using the group structures, we can render the benefit of location awareness to the existing key predistribution schemes. We proved the superior performance of key predistribution schemes when applied to GenDep, compared to their raw deployment. We also showed that it is possible to achieve the same level of security even in the irregular deployment area due to our generalized location awareness.

The generalized location awareness approach is promising for various practical applications, not limited to WSNs. For WSNs, GenDep enables their deployment to unforeseen circumstances. Thus GenDep is also applicable to three-dimensional (3D) sensor deployment, such as sensors in intelligent buildings. Secure key management for a group of any scattered devices can adopt GenDep as well, for example, RF readers in department stores and remote consoles in cafes and restaurants. We believe it would be promising to scrutinize more applications in the future study.

Footnotes

Appendices

Notations

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (nos. 2012R1A1A1044693 and 2012R1A1B3000965).

References

Eschenauer

Gligor

V. D.

A key-management scheme for distributed sensor networks

Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02)

November 2002

Washington, DC, USA

ACM Press

41 47

2-s2.0-0038341106

Deng

Han

Y. S.

Varshney

P. K.

A key predistribution scheme for sensor networks using deployment knowledge

IEEE Transactions on Dependable and Secure Computing 2006 3 1 62 77

2-s2.0-32844459414

10.1109/TDSC.2006.2

Deng

Han

Y. S.

Varshney

P. K.

Katz

Khalili

A pairwise key predistribution scheme for wireless sensor networks

ACM Transactions on Information and System Security 2005 8 2 228 258

2-s2.0-23244467182

10.1145/1065545.1065548

di Pietro

Mancini

L. V.

Mei

Random key-assignment for secure wireless sensor networks

Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03)

October 2003

Fairfax, Va, USA

ACM Press

62 71

2-s2.0-4544301464

Huang

Mehta

Medhi

Harn

Location-aware key management scheme for wireless sensor networks

Proceedings of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '04)

October 2004

Washington, DC, USA

ACM Press

29 42

2-s2.0-14844314204

Liu

Ning

Location-based pairwise key establishments for static sensor networks

Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03)

October 2003

Fairfax, Va, USA

ACM Press

72 82

2-s2.0-4544293215

Zhang

Liu

Lou

Fang

Location-based compromise-tolerant security mechanisms for wireless sensor networks

IEEE Journal on Selected Areas in Communications 2006 24 2 247 260

2-s2.0-33144476837

10.1109/JSAC.2005.861382

Meguerdichian

Koushanfar

Potkonjak

Srivastava

M. B.

Coverage problems in wireless ad-hoc sensor networks

Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '01)

April 2001

Anchorage, Alaska, USA

1380 1387

2-s2.0-0034997317

Zou

Chakrabarty

Sensor deployment and target localization in distributed sensor networks

ACM Transactions on Embedded Computing Systems 2004 3 1 61 91

10.1145/972627.972631

10.

Zou

Chakrabarty

A distributed coverage- and connectivity-centric technique for selecting active nodes in wireless sensor networks

IEEE Transactions on Computers 2005 54 8 978 991

2-s2.0-24144501101

10.1109/TC.2005.123

11.

Takahara

Hassanein

How resilient is grid-based WSN coverage to deployment errors?

Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC '07)

March 2007

Kowloon, China

2872 2877

2-s2.0-36348996674

10.1109/WCNC.2007.532

12.

Wang

Y.-C.

C.-C.

Tseng

Y.-C.

Efficient placement and dispatch of sensors in a wireless sensor network

IEEE Transactions on Mobile Computing 2008 7 2 262 274

2-s2.0-37549044736

10.1109/TMC.2007.70708

13.

Ghosh

Das

S. K.

Coverage and connectivity issues in wireless sensor networks: a survey

Pervasive and Mobile Computing 2008 4 3 303 334

2-s2.0-43549098529

10.1016/j.pmcj.2008.02.001

14.

Lambrou

Panayiotou

Collaborative area monitoring using wireless sensor networks with stationary and mobile nodes [Ph.D. dissertation] University of Cyprus

15.

Lambrou

Panayiotou

Collaborative path planning for event search and exploration in mixed sensor networks

The International Journal of Robotics Research 2013 32 12 1424 1437

10.1177/0278364913498909

16.

Das

Roy

Coordination based motion control in mobile wireless sensor network

Proceedings of the International Conference on Electronic Systems, Signal Processing and Computing Technologies (ICESC '14)

January 2014

Nagpur, India

231 236

10.1109/ICESC.2014.45

17.

Mahboubi

Moezzi

Aghdam

A. G.

Sayrafian-Pour

Marbukh

Distributed deployment algorithms for improved coverage in a network of wireless mobile sensors

IEEE Transactions on Industrial Informatics 2014 10 1 163 174

10.1109/TII.2013.2280095

18.

Gong

Zhang

Chen

Sun

Barrier coverage in wireless sensor networks: from lined-based to curve-based deployment

Proceedings of the IEEE Conference on Computer Communications (INFOCOM '13)

April 2013

Turin, Italy

470 474

10.1109/INFCOM.2013.6566817

19.

Chan

Perrig

Song

Random key predistribution schemes for sensor networks

Proceedings of the IEEE Symposium on Security And Privacy (SP '03)

May 2003

Berkeley, Calif, USA

197 213

2-s2.0-0038487088

20.

Blom

An optimal class of symmetric key generation systems

Advances in Cryptology: Proceedings of EUROCRYPT 84. A Workshop on the Theory and Application of Cryptographic Techniques 1985

New York, NY, USA

Springer

335 338

21.

Fanian

Berenjkoub

Saidi

Gulliver

T. A.

A hybrid key establishment protocol for large scale wireless sensor networks

Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC '10)

April 2010

Sydney, Australia

1 6

2-s2.0-77955041193

10.1109/WCNC.2010.5506121

22.

Kwon

Lee

Song

Location-based pairwise key predistribution for wireless sensor networks

IEEE Transactions on Wireless Communications 2009 8 11 5436 5442

2-s2.0-70749096370

10.1109/TWC.2009.090183

23.

Lee

Kwon

Song

Group connectivity model for industrial wireless sensor networks

IEEE Transactions on Industrial Electronics 2010 57 5 1835 1844

2-s2.0-77951177583

10.1109/TIE.2009.2033089

24.

Zou

Chakrabarty

Uncertainty-aware and coverage-oriented deployment for sensor networks

Journal of Parallel and Distributed Computing 2004 64 7 788 798

2-s2.0-10844275662

10.1016/j.jpdc.2004.03.019

25.

Seshadri

The Inverse Gaussian Distribution: Statistical Theory and Applications 1999

Springer

26.

Xue

Kumar

P. R.

The number of neighbors needed for connectivity of wireless networks

Wireless Networks 2004 10 2 169 181

2-s2.0-1042289031

10.1023/B:WINE.0000013081.09837.c0

27.

Aurenhammer

Voronoi diagrams—a survey of a fundamental geometric data structure

ACM Computing Surveys 1991 23 3 345 405

10.1145/116873.116880

28.

Huang

Mehta

van de Liefvoort

Medhi

Modeling pairwise key establishment for random key predistribution in large-scale sensor networks

IEEE/ACM Transactions on Networking 2007 15 5 1204 1215

2-s2.0-34548391593

10.1109/TNET.2007.896259

29.

Deng

Han

Y. S.

Chen

Varshney

P. K.

A key management scheme for wireless sensor networks using deployment knowledge

Proceedings of the 23th AnnualJoint Conference of the IEEE Computer and Communications Societies (INFOCOM '04)

March 2004

586 597

2-s2.0-8344262333

30.

MEMSIC wireless moudules (formerly, micaz was a product of crossbow technology, inc.)

http://www.memsic.com/

G EN D EP : Location-Aware Key Management for General Deployment of Wireless Sensor Networks

Abstract

1. Introduction

2. Background and Problem

2.1. Related Work

2.2. Problems

3. GenDep Overview

3.1. General Deployment Model

3.2. GenDep Framework

4. Group Placement (Phase 1)

4.1. Step 1: Setup Reference Points

4.2. Step 2: Setup Deployment Points

Algorithm 1: Initial placement: initial placement for unassigned sensor groups.

Algorithm 2: Position adjustment: adjustment of initial position of sensor groups.

4.3. Step 3: Adjust Distributions

Algorithm 3: Final adjustment: adjustment of position and distribution for intergroup connectivity.

5. Key Management (Phase 2)

5.1. Step 1: Build Group Structures

Algorithm 4: Build structure: define the neighbor groups and build a set of extended groups of every pair of neighboring sensor groups.

5.2. Step 2: Preinstall Key Sets

Algorithm 5: Preinstall: preinstall a key set for each sensor node.

5.3. Step 3: Establish Pairwise Keys

6. Performance Evaluation

6.1. System Model for Evaluation

6.2. Key Graph Connectivity

6.2.1. Key Graph Connectivity within the Same Group

6.2.2. Key Graph Connectivity between Neighbor Groups

6.2.3. Numerical Results in Key Graph Connectivity

6.2.4. Discussion on Key Graph Connectivity according to Deployment Distribution

6.3. Simulation

6.4. Security Analysis

6.5. Storage Overhead

7. Conclusion

Footnotes

Appendices

Notations

Conflict of Interests

Acknowledgment

References