A New Key Predistribution Scheme for Multiphase Sensor Networks Using a New Deployment Model

During the lifecycle of sensor networks, making use of the existing key predistribution schemes using deployment knowledge for pairwise key establishment and authentication between nodes, a new challenge is elevated. Either the resilience against node capture attacks or the global connectivity will significantly decrease with time. In this paper, a new deployment model is developed for multiphase deployment sensor networks, and then a new key management scheme is further proposed. Compared with the existing schemes using deployment knowledge, our scheme has better performance in global connectivity, resilience against node capture attacks throughout their lifecycle.


Introduction
Due to limited energy capacity of batteries and the possibility of node capture, the functional lifetime of sensor networks (SNs) generally is longer than the operational lifetime of single node.To keep networks working efficiently, multiple deployments of nodes are needed.In the paper, multiphase SNs (MSNs) are studied, in which new nodes are periodically redeployed with certain intervals, called multiphase, to replace the dead or compromised nodes.
When SNs are deployed in a hostile environment, security becomes extremely important as they are vulnerable to different types of malicious attacks [1][2][3][4].Hence, it is important to protect communications among sensor nodes to maintain message confidentiality and integrity.As one of the most fundamental security services, pairwise key establishment enables sensor nodes to communicate securely with each other using cryptographic techniques.
However, the security issue is still not solved for MSNs by using deployment knowledge.In the schemes [16,17], a fraction of keys known by an attacker increases with the capture of nodes due to the repeated use of a fixed key pool.As a result, network security significantly declines with time.When a certain number of these nodes are captured, the adversary has enough keys to compromise a large number of links making the network ineffective.Addition of new nodes to the network with keys from the same key pool will not help because the keys in the new nodes are compromised.In [20], a multiphase key management scheme is proposed, in which a multiphase deployment model is used.However, it has the following shortcomings.(1) In a cell, only a few nodes which are not captured are working in a long time.(2) Nodes must know their location information.(3) The number of new nodes added to the network is fixed in every deployment, which will give rise to the number of nodes uncaptured in the network with time.Also, the key management scheme proposed based on the deployment model has the following shortcomings.(1) Nodes which reside in the same cell but are deployed in different phases cannot communicate with each other.As a result, the local connectivity is low.(2) The global connectivity will significantly decrease with time.
2 Journal of Sensors 1.1.Outline of Our Scheme.To sum up, the problem of authentication and pairwise key establishment between nodes is still not solved for MSNs.In this paper, the main focus is twofold.(1) A new multiphase deployment model is proposed for sensor networks.In the model, the deployment field is divided into hexagonal cells, each cell has a deployment point, and nodes which have the same point form a group.When the proportion of uncaptured nodes in a group is less than the threshold  0 , new nodes are needed to be added to the cell.(2) A new key management scheme is proposed based on the deployment model.In our scheme, network deployment includes  phases.For a cell, a disjoint and association  phases' key pool is created, which is generated by two-dimension backward key chains [21].Key pool of each phase is divided into 7 equal size subkey pools.And nodes deployed in the th phase and deployed in a cell (, ) pick keys from the th-phase key pool of the cell (, ) and key pools which are created by neighbors cells of the cell (, ).

Main Contributions.
The main contributions of this paper are summarized as follows.
(1) A multiphase deployment model is presented.The model has the following two main advantages: (1) the number of nodes which are not captured in a cell can be controlled by adjusting the parameter  0 ; (2) nodes do not need to know their location information.
(2) A new method to construct key pools is proposed and a new key predistribution scheme is presented.The scheme can provide good performances in local connectivity, global connectivity, and resilience against node capture.

Related Work
To improve the performance of key establishment, Du et al. [16] and Yu and Guan (YG scheme) [17] developed a scheme using predeployment knowledge, respectively.In [16], the network area is divided into a grid and information on the associated matrices is stored in the sensors based on deployment knowledge.In [17], the network area is divided into hexagonal cells.Compared with [16], the scheme achieves a higher connectivity with a much lower memory requirement and a shorter transmission range.In the two schemes, all nodes choose their keys from the same key pool.An attacker can easily obtain a large number of keys by capturing a small fraction of nodes, which can make SNs ineffective.The addition of new nodes to the network with keys from the same key pool will not help because the keys in the new nodes are already compromised.Therefore, for MSNs, the above two schemes are ineffective.For MSNs, in [20], a scheme (ESPK scheme) is proposed using deployment knowledge, in which a multiphase deployment model is presented.In the model, the deployment field is divided into a grid.Each cell has a deployment point.Nodes which have the same deployment point form a group.The number of nodes in a group is .And it is supposed that a new group of nodes are needed to be added to a cell only when 90% of nodes in the cell are captured.The model has the following shortcomings.(1) To know the number of nodes in each cell, location information of nodes is needed.(2) If just 80% of nodes in a cell are captured, there are a few nodes in the cell that are working in a long time.(3) The number of new nodes added to the network is measured in a group, and the number of nodes in a group is fixed, which will give rise to the number of nodes in the network with time.On the other hand, the proposed key management scheme can provide good resilience against node capture by using disjoint key pools.However, nodes which come from different phases but are deployed in the same cell cannot establish shared keys.As a result, the local connectivity is low, and the global connectivity decreases significantly with time.So, the problem of secure is still not solved for MSNs using deployment knowledge.

Deployment Knowledge and Threat Models
3.1.Multiphase Deployment Knowledge Model.As shown in Figure 1, a target field is partitioned into hexagon cells, and each cell has a deployment point that resides in the center of the cell.Node distribution follows two-dimensional Gaussian distributions [27] with the deployment point as center.
Nodes which are deployed in the same cell form a group.And nodes deployed in the cell (, ) are denoted by  (,) .The number of nodes in  (,) is . (,) is clustered into phases according to the deployment time.The -phase subgroup of  (,) is denoted by   (,) .In our scheme, SN (,) represents the set of nodes whose deployment point locate in the cell (, ) and that are not captured, and |SN (,) | ≤  (several schemes have been proposed to identify the compromised sensors in prior studies, such as [28]).When  (,) is less than the threshold  0 , we should add -SN (,) new nodes to the cell.The  (,) can be calculated as follows: In a deployment phase, if no new nodes are needed to be added to a cell, then the number of deployment phase of the cell remains unchanged.For example, in the second deployment phase, no new nodes are needed to be added to the cell (1, 1); the number of recent deployment phase of the cell is 1 not 2.

Threat Model.
Due to the short time period of the direct key establishment phase, it is reasonable to believe that only a limited number of sensor nodes may be compromised by an attacker [2,[20][21][22][23].We further assume that if an attacker captures a node, all the keying information it holds will also be compromised.
In the scheme, the attack model is similar with [16], when an attacker locates in a cell, he can capture nodes around it.

Our Scheme
4.1.Two-Dimensional Backward Key Chain.In [21], a two-dimensional backward key chain is constructed (see Figure 2).For a two-dimensional backward key chain   , if the key , 1), where  1 and  2 are two independent hash functions.So, the key  ( 2 , 2 )  ( 2 ≥ 1) can be computed as follows: If the keys are known, the key ) can be computed using the following equation: (3)

Key Pool.
In our scheme, the key pool is made up by twodimensional backward key chains [21].The key pool of the cell (, ), namely,  (,) , which consists of  two-dimensional backward hash key chains, is divided into phases according to the generation of the keys.  (,) represents the th-phase key pool of the cell (, ).  (,) is divided into seven equal size subkey pools, and   (,)  represents the th (0 ≤  ≤ 6) pool (see Figure 3).  (,)  consists of the following two parts: one is a generation key pool   (,)  = {   ,  ∈ [1, ]} and the other is an ordinary key pool 4.3.Our Scheme.Our scheme consists of three phases: key predistribution phase, shared-key discovery phase, and pathkey establishment phase.Although path-key establishment phase is the same as, key predistribution phase and sharekey discover phase are different in the previous schemes [16,17,20].The details of our scheme are described below.

Key Predistribution
Phase.This phase is conducted offline before sensor nodes are deployed.A node   (,) deployed in the ith deployment phase and its deployment point locates in the cell (, ), is predistributed the following keys.
Step 3. Select randomly and uniformly 3 (3 is a system parameter) keys from   (,) 0 , and meet the following condition: the number of keys from a two-dimensional backward hash key chain is no more than 1.For example, it is supposed that  (, 1 )  has been predistributed to   (,) and    cannot be predistributed to   (,) .
Step 4. Select randomly and uniformly 3 keys from    (  ,  )   , where (  ,   ) is the neighbor cell of (, ),    (  ,  )   represents the generation key pool of the cell (  ,   ), and   denotes the recent deployment phase.For example, if the deployment phase of cells (1, 1) and (1, 2) is 2 and 3, respectively, and new nodes are needed to be added to cell (1, 2), but no new nodes are needed to be added to cell (1, 1); then  4  (1,2) should pick 3 keys from  2 (1,1) 1 (see Figure 3).But if both cells (1, 1) and (1, 2) need to add new nodes, then  4  (1,2) and  3 (1,1) should pick 3 keys from  3 (1,1) 1 and  4 (1,2) 4 (see Figure 3), respectively. ( 2 , 2 ) ) to establish a shared key at length.Similarly, in the following analysis, it is supposed that   ≥   , where   and   represent the deployment time of nodes  and , respectively.And in our scheme, if nodes  and  are deployed in the same cell or the neighboring cells, then they can establish a pairwise key, otherwise, they cannot.
If  1 =  2 and  1 =  2 , when   =   , the values of  1 and  2 are equal.The pairwise key between them consists of the following three parts (see Figure 4 , ID  ), . . ., ( , ID  ).Node  can calculate these keys by using the generation keys of these keys 3 and the same method as the previous.As a result, if the number of shared keys is larger than 0, that is, 1 + 2 + 3 ≥ 1, the shared key between them is hashed by all common keys.

Performance Analysis and Simulation
In this section, we will analyze and simulate the performances of our scheme, including deployment model, local connectivity, communication overhead, and network resilience against node capture.
In the following experiments, the involved main parameters subsequent are defined as follows.
(1) We consider a SN deployed over fields of 475 m by 520 m.
(2) The area is divided into a hexagon and len is 50.
(3) The center of each cell is the deployment point (see Figure 1).
(5) The wireless communication range for a node is 40 m.
(6) We assume that node deployment follows a twodimensional Gaussian distribution [27], and its standard deviation is  = 40.
(7) We assume that node deployment includes 5 phases.The value of  0 is 0.7.
(8) The number of key pool of a cell, namely, , is 175, and the length of a forward key chain is 30 ( = 30).
5.1. 0 .In the capture model, when an attacker locates in a cell, he can capture nodes around it.In this paper, it is supposed that compromised nodes can be identified by using schemes proposed by some scholars, such as [28].But how

Generation keys Ordinary keys
Generation keys Ordinary keys
Figure 6 shows that the relation between the number of uncaptured nodes in a cell and the standard deviation of twodimension normal distributions and  0 .In our simulations, the number of nodes in each cell is about 48, and if a cell is compromised, about 50% nodes in the cell are captured.When the ratio of nodes uncaptured in the set SN (,) is less than  0 , new nodes are needed to be added to cell (, ).The larger the , the smaller the number of new nodes which actually reside in cell (, ).Therefore, when  increases, the number of nodes captured in cell (, ) which come from  (,) decreases.To ensure that nodes uncaptured in each cell are many, we must increase  0 .For example, after nodes are captured and new nodes are added to the network, to ensure that the average number of nodes in the captured cells is larger than 35, when  = 30 and  = 40, the value of  0 should be set to 0.6 and 0.7, respectively.However, when  = 50, even if  0 equals 0.8, the above goal cannot be achieved.In addition, the frequency of adding new nodes to the network increases with the increase of  0 .Therefore, the value of  0 should be set in accordance with the specific condition.For example, when  = 30 and  = 40, we can set  0 to 0.7.

Local Connectivity.
For multiple deployment sensor networks, local connectivity is not only affected by the key predistribution method but also affected by the deployment model and the capture model.In this paper, only the analysis that local connectivity is affected by the key predistribution method is presented, that is, the probability  (,) of shared key between nodes  and .
If  1 =  2 and  1 =  2 , when   =   , the probability  (,) can be calculated as follows:  and  have where  0 can be calculated as When   ̸ =   (without loss of generality, it is supposed that   <   ),   = 2 = 0.The number of ways to pick x1 generation keys from generation key pools of neighbor cells and the x3 ordinary keys from ordinary key pools   (1,1)  (see Section 4.3.2) can be calculated as follows: where   0 can be calculated as Hence, if  1 =  2 and  1 =  2 , we have If cells ( 1 ,  1 ) and ( 2 ,  2 ) are neighbor cells, 1 = 2 = 0.When   =   , a and b have ( /7 1 )⋅( /7 3 )⋅(  1 ) 1 different ways of picking 1 ordinary keys from the ordinary key pool and 3 ordinary keys from the generation key pool.The number of ways to pick the  ( =   +   ) common keys can be calculated as follows: When   ̸ =   (without loss of generality, it is supposed that   <   ), 1 = 2 =   = 0.The number of ways to pick the  ( =   ) keys can be calculated as follows: Hence, if cells ( 1 ,  1 ) and ( 2 ,  2 ) are neighbor cells, we have If cell ( 1 ,  1 ) and cell ( 2 ,  2 ) are not neighbor cells, the probability  (,) is equal to 0. Figure 7 shows that local connectivity of our scheme is high.For example, when 1 = 10, 2 = 20, and 3 = 2, the local connectivity in the first phase is 0.936.And in this case, the number of keys predistributed to a node is 10 × 6 + 20 + 2 × 7 = 94 only.In addition, Figure 7 shows that the larger the value of t1 and t3, the higher the local connectivity.For example, the value of 1 increases from 5 to 15 and 3 increases from 1 to 3; local connectivity increases by 0.135 and 0.117, respectively.However, in this case, for a node, the storage overheads increase by 60 and 14, respectively.As a result, we can have a conclusion that the parameter 3 has a great influence on local connectivity.The larger the value of 3 is, the higher the local connectivity is.However, the larger the value of 3, the more keys compromised when nodes are captured.If a node is captured, the number of keys compromised can be calculated by 6 × 1 + 2 + 7 × 3 ×   × , where   represents the deployment phase of node .When   and  are 5 and 30, respectively, 3 increases from 1 to 3; the number of keys compromised increases by 7 × 2 × 5 × 30 = 2100 ≫ 6 × 10 = 60.Therefore, concerning safety, 3 should be as small as possible.On the other hand, Figure 7 shows that the larger the number of deployment phases, the smaller the local connectivity.However, after multiple deployments, local connectivity can keep basically stable.For example, from the 4th phase to the 5th phase, local connectivity decreases by less than 0.01.

Communication Overhead.
If direct key establishment fails, two sensor nodes need to start on path-key establishment phase to establish a pairwise key with the help of other sensor nodes.To establish a pairwise key with node , node  needs to find a sequence of nodes between itself and node  such that any two adjacent nodes in this sequence can establish a direct key.For the sake of presentation, we call such a sequence of nodes a key path.
In this section, we investigate the number of hops required on this path for various parameters of our scheme.Let ph(ℎ) be the probability that the smallest number of hops needed to connect two neighboring nodes is ℎ.Obviously, ph(1) is local connectivity.
In our scheme, after the 5th deployment, the local connectivity keeps basically stable.So, we plot the values of ph(1), ph(2), ph(3), and ph(4) of the four phases (see Figure 8).From the figure, we can observe that ph(1) + ph(2) ≈ 1 (i.e., the probability that at most 2 hops are required is essentially 1).

Comparisons.
In this section, performance and security between our scheme and YG scheme [17] and ESPK scheme [20], are compared.For the sake of fairness, in YG and ESPK, the method for processing keys is same as our scheme.In this simulation, 1, 2, and 3 of our scheme is 10, 20, and 2, respectively.The predistribution keys of YG and ESPK scheme is same as our scheme.Other parameters are same as Section 5.

Local Connectivity.
With the same storage overhead, Figure 9 shows that, in each deployment phase, local connectivity of our scheme is higher than YG scheme and ESPK scheme.In ESPK scheme, nodes which come from different deployment phase but reside in the same cell cannot communicate with each other.Its local connectivity is the lowest.Fox example, in the fifth phase, local connectivity of our scheme, YG scheme, and ESPK scheme is 0.88, 0.86, and 0.46, respectively.

Global Connectivity.
If local connectivity is less than 1, nodes in SNs may be divided into one or more isolated components.Any two nodes in an isolated component can securely communicate with each other directly or indirectly (Figure 10).Global connectivity refers to the ratio of the number of nodes in the largest isolated component to the size of the whole network.If the ratio equals 98%, it means that 98% of the sensor nodes are connected securely and the remaining 2% are unreachable from the largest isolated component.So, global connectivity metric indicates the percentage of nodes that are wasted because of their unreachability.
In this work, we use simulation to estimate it.In ESPK scheme, nodes which reside in the same cell but are deployed in different deployment phases can establish shared keys only by using path keys.For a node, if it cannot find a path to establish shared key with neighbouring nodes, then it is an isolated node.Therefore, the global connectivity of the scheme is the lowest.Fox example, in the fifth phase, global connectivity of our scheme, YG scheme, and ESPK scheme is 0.99955, 0.99941, and 0.94499, respectively.

5.4.3.
Resilience.A scheme's resilience toward node capture is evaluated by estimating the fraction of total network communications that are compromised by a capture of  nodes not including the communications in which the compromised nodes are directly involved.Where CC is the number of nodes captured by an attacker during the period of the direct key establishment phase.
We conducted simulation tests on network resilience against node capture of the above three schemes.In our simulations, it is supposed that only a few nodes are compromised during the shared-key discovery phase.In ESPK scheme, the key pools of nodes from different deployment phase are different.Therefore, its network resilience against node capture is the best.In YG scheme, the key pool is fixed.Therefore, increases in the number of captured nodes will diminish network resilience.For example, when  = 30, Figure 11 shows the probability that a shared key is compromised in the first phase and the 5th phase is 0.04 and 0.31, respectively.In our scheme, the subkey pool of the th phase and the   th phase is disjoint, that is,   (,) ∩    (,) =  ( ̸ =   ).Therefore, compared with YG scheme, our scheme can improve the performance in network resilience against node capture attacks.For example, when  = 30, in our scheme, the probability that shared keys are compromised in the 5th phase is 0.09.

Conclusion and Future Work
In this paper, we proposed a new deployment model for multiple deployment sensor networks, based on which a new key management scheme is further presented.We conducted a comprehensive study on connectivity, network resilience of our scheme.The results showed that our scheme can significantly improve network resilience over the YG scheme [17].Compared with the ESPK scheme [20], our scheme can significantly improve its local connectivity and global connectivity, although the resilience of our scheme is poorer than that of the scheme.We have presented both the analytical and numerical results.In our future work, we will study different attack models and the accuracy how attack model affects the results.

Figure 1 :
Figure 1: A target field is partitioned into hexagon grids.e represents a deployment point.

𝑖 1 𝑗
is known, the key   2  ( 2 ≤  1 ), the generation key   2  , and the first key  ( 2 ,0)  of the second dimensional key chain can be calculated as follows, respectively:

8 Figure 6 :
Figure 6: The average number of uncaptured nodes in a cell as a function of  and  0 .

Figure 7 :
Figure 7: Local connectivity as a function of various parameters.

3 Figure 8 :
Figure 8: Distribution of the number of hops required to connect neighbors.
( 2 , 2 ) (in the following analysis,  and  are short for 4.3.2.Shared-Key Discovery Phase.In our scheme, after shared key establishment, each node should save the hashed keys in its key ring.For example, it is supposed that an sensor   (,) is pre-distributed two keys    1 and  (,)  2 .As soon as the shared keys establishment between   (,) and other nodes is finished,   (,) saves the two following hashed keys:  2 (   1 , ID   (,) ) and  2 ( (,)  2 , ID   (,) ), where ID   (,) is the identity of node   (,) .Next, we will describe the method for any two nodes [1,6]on 4.1.When   ̸ =   (without loss of generality, it is supposed that   <   ), the pairwise key between them consists of the following two parts (see Figure4(b)).(1) 1 hashed generation keys,  1 , ID  ), ..., (  1  1 , ID  ).Node a can calculate these keys by using the predistributed keys   1 and the method described in Section 4.1 and in Section 4.3.2.(2) 3 hashed ordinary keys, ( ( 1 , 1 )   1 , ID  ), ..., ( ( 1 ,   )   3, ID  ).Node a can calculate these keys by using the predistributed keys  ,  2 ) and ( 2 ,  2 ) are neighbor cells, the values of 1 and 2 are equal to 0. When   =   , shared keys between them include   and   = 3 −   ordinary keys (see , 2 )  ( ∈[1,6]), respectively.Nodes  and  can calculate these keys by using these predistributed keys (without loss of generality, it is supposed that   <   ), common keys between them contain 3 =   hashed ordinary keys (see Figure5(b)), ( ( 1 , 1 )  1 ways of picking their 61 + 2 + 73 keys from the ordinary key pools and the generation key pools.It is supposed that  and  have  twodimensional backward key chains in common.The number of ways to pick x1 generation keys from generation key pools of neighbor cells and 2 + 3 ordinary keys from ordinary key pools   ( 1 , 1 )  (see Section 4.3.2) can be calculated as follows: