Low power and Lossy Networks (LLNs), e.g., sensor networks, have a myriad of applications, such as Smart Grid and Smart Cities. Various challenges are presented with LLNs, such as lossy links, low bandwidth, battery operation, low memory and/or processing capability, etc. Shared-media communication networks, such as wireless networks or power-line communication (PLC) networks (a type of communication over power-lines), provide an enabling technology for networking communication. These technologies can be used, for example, in advanced meter infrastructure (AMI) networks, which may or may not involve LLN solutions. Shared-media communication networks also can be useful within homes and buildings.
Security is an important aspect of many shared-media networks, particularly for LLN solutions. LLNs generally operate over a large physical area, in an uncontrolled environment. Network security may involve, for example, link-layer key management.
Link-layer key management (whether for LLNs or in general) consists of negotiating the link-layer keys used to protect link data frames transmissions from one device to another. The existing enterprise-scale security system for WiFi (e.g., WPA2) utilizes IEEE Std. 802.1X for authentication and establishing the initial security association between a supplicant and the authenticator. WPA2 utilizes the IEEE Std. 802.11i amendment to manage link-layer keys for use with data frame transmissions.
IEEE Std. 802.11i follows a centralized architecture, where the authenticator is responsible for detecting inconsistencies in the supplicant state and initiating updates to the supplicant state. In particular, the authenticator maintains the current state of every supplicant in the network, including what Pairwise Master Keys (PMKs), Pairwise Temporal Keys (PTKs), and Group Temporal Keys (GTKs) are resident on every supplicant in the network. Using that state, the authenticator determines when it must communicate new information to individual supplicants. In other words, the authenticator maintains a central view of what state each supplicant should have and is responsible for updating the supplicants' views whenever a state inconsistency occurs. This centralized design philosophy does not perform well in large-scale networks, and more particularly in LLNs, for a number of reasons.