The present disclosure is directed to the secure deployment of information in a user-friendly manner. The secure deployment of cryptographic keys in a sensor network is explored as one example of the disclosed method and apparatus.
Sensor nodes may be deployed in extreme environmental conditions, such as on major highways or bridges, in naval vessels, and under water [15, 20, 23]. To better protect the nodes and to reduce per-node manufacturing costs, commodity wireless sensors may not be equipped with physical interfaces, such as USB connectors, screens, or keypads. Thus, key setup must take place over the wireless communication interface. That makes key deployment in sensor networks uniquely challenging, as we observe in the three requirements outlined below.
Deploying cryptographic keys in a secure manner to sensor nodes is a prerequisite for secure sensor network operation. If the cryptographic keys are compromised during key setup, attackers can access the data transmitted, even if secure data communication protocols are used.
At first glance, relying on factory-installed keys is an attractive option for key deployment. However, pre-installed keys cannot be trusted unless the entire distribution chain is secured, from factory to customer. Because that is unlikely, keys will be deployed by each customer, and non-expert personnel will be managing the installation process. That means the installation process must be simple, secure, and tolerant of human error.
An active attacker may eavesdrop on wireless traffic and inject malicious traffic. For example, suppose an organization tried to use Diffie-Hellman to secure key setup. Standard Diffie-Hellman key establishment is vulnerable to an active man-in-the-middle attack. The protocol must rely on a shared secret key [2] or on authentic public keys [9] for secure operation. Hence, a wireless setup protocol must be resistant to attacks based on eavesdropping and injection.
Unfortunately, secure key setup has been largely ignored in the sensor network community. For example, the TinySec [12] authors state that key “distribution is relatively simple; nodes are loaded with the shared key before deployment.” SPINS also relies on an unspecified key distribution mechanism [17]. Similarly, the plethora of work on random key predistribution also relies on an unspecified mechanism to load sensor nodes with keys [6, 10, 11, 13]. Outside of academic literature, the ZigBee security specification suggests sending the cryptographic key in the clear, “resulting in a brief moment of vulnerability,” or imprinting the key during factory installation, which customers may not trust [24].
There had been a few attempts at building a key deployment system for commodity sensor nodes. However, as we describe five related schemes below, we also discuss their shortcomings.
Resurrecting Duckling sets up a secure shared key by electrical contact [21,22]. This scheme is secure, yet requires additional specialized hardware for each device. Talking to Strangers relies on a location-limited channel, such as audio or infrared, as an out-of-band channel for key setup [1], and such a channel is not commonly found on sensor nodes, sometimes referred to herein as “motes”. In Seeing-is-Believing, an installation device equipped with a camera or a bar code reader reads a public key as 2 2D barcode on each device [16]. Again, such specialized hardware is uncommon among sensor motes. In On-off Keying, the presence of an RF signal represents a binary ‘1,’ while its absence represents a binary ‘0’ [3, 4]. Assuming that an attacker cannot cancel out RF signals, the attacker can only modify authentic messages by changing 0's to 1's—but not the inverse. By carefully selecting the encoding scheme, On-off Keying ensures that the attacker is unable to modify a packet during transmission. Unfortunately, On-off Keying requires a threshold value to differential between a ‘0’ and ‘1,’ and this value itself needs to be authenticated. Key Infection simply sends secret keys in the clear, assuming that an attacker would arrive at a later point in time [5]. Similar to ZigBee, this results in a brief window of vulnerability. Thus, a need exists for a secure, user-friendly protocol for initial key deployment in sensor networks.