An Efficient Authentication and Key Management Protocol for Hierarchical Ad hoc Sensor Networks Ali Fanian Mehdi Berenjkoub Department of Electrical and Computer Engineering Isfahan University of Technology (IUT) Isfahan, Iran {Fanian@ec.,Brnjkb@cc.}iut.ac.ir T. Aaron Gulliver Department of Electrical and Computer Engineering University of Victoria Victoria, BC Canada a.gulliver@ieee.org Abstract— Despite extensive research on flat ad hoc networks, meeting satisfactory security levels in sensor networks presents many problems. The main reason is that these networks are typically designed based on hierarchal structures. In this paper, we propose an efficient scheme for authentication and key management in hierarchical ad hoc sensor networks using symmetric polynomials. In the proposed method, the processing requirements and traffic load are proportional to the processing capability and required bandwidth in each layer. An ad hoc node at the lowest level of the hierarchy uses symmetric cryptography. With more processing capabilities, entities in higher layers use public key cryptography. Performance results show the superiority of the proposed method in comparison with previous approaches developed for hierarchical ad hoc sensor networks. Keywords — Wireless networks, Ad-hoc sensor networks, Key management, Network security I. INTRODUCTION Ad hoc sensor networks are a well known class of wireless networks. These networks can be deployed without any prior infrastructure or central management. Every node in the network is able to send/receive communication signals within a limited radius. Communication between two nodes which are separated by a distance beyond this radius requires that the packets be relayed from source to destination. This is called a flat ad-hoc network, and while it is simple and inexpensive to deploy, it has limitations [1]. Hierarchical ad hoc sensor networks have been proposed as an efficient solution to overcome the deficiencies of flat networks [3]. Fig. 1 shows the general structure of these networks. The open environment of ad hoc networks with easy access to the channels or nodes creates a significant security problem. Numerous attacks by outside malicious parties or compromised nodes are possible. Therefore a variety of security services must be employed in these networks, including authentication, confidentiality, integrity, non-repudiation and anonymity. Cryptographic algorithms are needed to implement these services, including symmetric and asymmetric cryptosystems. In a symmetric cryptosystem, two parties must possess a given shared secret key to be able to use the encryption/decryption algorithm. In an asymmetric cryptosystem, a node requires only some of the private and public keys to use the public key cryptographic algorithm. However, the latter suffers from significant computational complexity [3]. Key management is very important in both approaches. It is a solution for the production, storage, distribution, updating and revocation of keys. In ad hoc networks, efficient key management is critical due to serious limitations in the computational capabilities of sensor nodes. In this paper, a hierarchical method for key management in these networks is proposed based on symmetric polynomials. Sensor node authentication to other nodes, access points and servers is done using symmetric polynomials, and authentication in upper layers uses public key cryptography. The rest of this paper is organized as follows. Related work and authentication using symmetric polynomials are reviewed in Section II. We discuss our key management protocol for hierarchical ad hoc sensor networks in Section III. Performance evaluation of the proposed approach and an analysis of the message overhead are presented in Section IV. Finally, some conclusions are given in Section V. II. PRELIMINARIES In this section, we review the related work and present authentication using symmetric polynomials. The notation and symbols used throughout the paper are listed in Table I. TABLE I. NOTATION AND SYMBOLS Symbol Description N N i t k+1 ID x Cert( ) ET GT MAC i x N b 0 ,b 1 ,..,b t I j K C n i K Sj K i-j L i Number of sensor nodes Number of nodes in group i Polynomial degree Number of variates in the symmetric polynomial Global sensor, access point or server identity Sensor node certificate Certificate expiry time Certificate generation time Message authentication code Nonce (used for authentication between sensor and upper layer entities and vice versa) Sensor polynomial share Local sensor identity Sensor pre-shared key Nonce (used for authentication between sensors) Symmetric key generated by the polynomial share (between the sensor and upper layer) Symmetric key between sensors i and j Group identity 978-1-4244-2948-6/09/$25.00 ©2009 IEEE This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2009 proceedings.