In the last sections we described which key sets need to be stored on the devices and how two devices can establish a new key if they don’t share one yet. As already mentioned the initial keys need to be distributed to the devices over a secure channel, i.e. out-of-band . In the following we describe some possibilities to do so.
3.4.1 Static Pre-Distribution
The most common method used when deploying a sensor net in the field is the key pre-distribution through the manufacturer. In this case the manufacturer prepares all devices of the
3.4 BOOTSTRAPPING: CREATING THEINITIALKEY-GRAPH 59
network before deploying it in the field. In our case that means that according to Algorithm3.1 each device gets loaded with the appropriate set of keys before the devices are brought in place.
Thus, after deployment the initial key graph is already established and any two arbitrary devices may establish a new key on demand based on the initial key sets.
The advantage of this approach is its simplicity. The burden lies completely with the manu-facturer who needs to store the appropriate initial keys on each device. However, the major drawback is, that with this method it is impossible to add new devices after the network is de-ployed in the field. Thus this approach does not cope with our requirement of dynamic network sizes (Section2.2).
Therefore, this method can be used when deploying a sensor network in the field for instance for wildlife surveillance where the size is known from the beginning, and it does not change over time, i.e. a static sensor network. It is unsuitable for bootstrapping a sensor or actuator network in a users home for instance for home automation or pervasive computing environment. Here it is often needed that devices are added to an already working network, i.e. a dynamic network.
3.4.2 Configuration Device
Another method for storing the initial key set on the devices is the usage of a configuration device. With this method a unique configuration key needs to be initially loaded on each device.
This can be done for instance by the manufacturer of the device. Therefore, when a user buys a new device, the configuration key must be provided along with it, e.g. in the instruction manual. Clearly, also a way of changing this configuration key could be provided in order to allow the user to change the configuration key. Alternatively the manufacturer does not provide a configuration key and the user needs to set one up before the device becomes operational.
The software on each device allows to store and to delete keys from the devices if the com-munication is secured (i.e. encrypted and authenticated) with the configuration key. In order to configure a new device, i.e. store new keys on it and therefore add it to the network we store its configuration key on the so called configuration device. With the aid of the configuration key, the configuration device can now communicate securely with each individual device and provide them with the appropriate keys.
The configuration device does not suffer from the same resource limitations as the devices themselves, and can therefore store one configuration key to each device in the network. Clearly, this device must be kept in a secure place, since if it falls into the hands of an attacker the net-work is completely compromised. However, this is not a issue, since the configuration device is only needed for configuration purposes, i.e. adding a device to the network. Therefore most of the time this device can stay in a secure environment like a safe for instance.
As an example consider the usage of a secure smartcard. The user stores all configuration keys in an encrypted file somewhere on his personal computer. He additionally posses a secure smartcard with a 2048 bit RSA key pair. The file is encrypted with the public RSA key and can therefore only be decrypted with the aid of the corresponding private key - which is safely stored on the smartcard. Thus, only the smartcard needs to be kept in a secure place. Furthermore it would be wise to keep also some backups of the encrypted files in different places in order not to loose it, since it is crucial for configuring the network. In this example the actual configuration device would be the personal computer which needs to be equipped with a smartcard-reader.
The main advantage of this method is that it copes with dynamic network sizes: Whenever the user buys a new device, he registers it with the master device and is then able to configure it at will. The only drawback of this method is that if the user looses the configuration keys he looses control over the network.
Assuming it has been taken care of storing the configuration keys safely this method is suitable for large sensor networks in the field as well as the pervasive computing environment in the users home.
3.4.3 Physical Contact
Following [SA99] physical contact is one of the most secure ways to establish a new secret between two devices. We can use this finding in order to bootstrap new devices as follows:
Initially a password (e.g. some numbers) needs to be setup for a new device before it becomes operational. This password is only known to the user and needs to be entered directly at the device. Thus each device needs the appropriate input capabilities.
For loading a new device with a new key in order to become part of the network, this device needs to be brought in physical vicinity of a device which is already part of the network. The two devices need to be connected physical e.g. through a wire. After that, the user needs to enter the password on each device and then initiate the key generation. The password is only needed to authenticate the user against the devices in order to put those devices in key pre-distribution mode, i.e. they initiate a protocol over the physical connection in order to exchange a new unique key. When this is done, the two devices share a new unique key and can therefore be physically disconnected, since they are now able to communicate securely over the new key.
In order to introduce a new device into the network according to our key graph construction al-gorithm (see Alal-gorithm3.1) this step of physically connecting the device to an already existing device from the network needs to be repeated s times.
The main advantage of this approach is that there is no additional hardware involved in the process of adding a device to the network, especially there is no master device. The user simply buys a new device, sets up his password (which might be the same for all devices) and