Different security schemes, called polynomial or alpha-secure schemes, have been standardized in IEEE 802.15.4, ZigBee. Such schemes, which allow for efficient key agreement and information verification in ZigBee wireless networks, are based on bivariate polynomial of degree α, distributed to different nodes of the network, and used for generating pairwise keys for authenticating nodes, and securing information exchanges.
Generation of a pairwise key is performed as follows: Let ƒ(x,y) be a symmetric bivariate polynomial of degree α over a finite field GF(q), where q is big enough to accommodate a cryptographic key. ƒ(x,y) is secret information. Assume that a general trust center (Tc) distributes a polynomial share derived from the bivariate polynomial to each node in a system. For instance, Alice and Bob receive ƒ(Alice,y) and ƒ(Bob,y) respectively. Whenever Alice wants to generate a key └ log(q)┘ bit long with other party, she uses polynomial share to generate a key with it by evaluating ƒ(Alice,y) in y=Bob. The function ƒ(Alice,y) allows, therefore, Alice to generate a pairwise key with any other party in the network.
These conventional α-secure schemes were initially designed for medical networks, which comprise up to a few thousand of nodes. However, ZigBee standard is now being considered as a good technological option for many telecom applications. Telecom applications, such as information delivery, are characterized in that they may apply to million of nodes. Such a characteristic leads to major issued in α-secure systems, whose security may be compromised as soon as α nodes are compromised. In a relatively small and managed medical network, it is quite easy to detect the capture of α nodes, but such detection is not easily applicable to telecom systems, where a node is, for example; a common device such as a phone, due to the network scalability and unattended system deployment. Indeed, an attacker can actually buy α mobile phones, and then break the systems. Thus, there is a need for dealing with such attacks.