ECCE: Enhanced cooperative channel establishment for secure pair-wise communication in wireless sensor networks q Mauro Conti * , Roberto Di Pietro, Luigi V. Mancini Universita ` di Roma ‘‘La Sapienza’’, Dipartimento di Informatica, Via Salaria 113, 00198-Roma, Italy Available online 28 June 2006 Abstract This paper presents the ECCE protocol, a new distributed, probabilistic, cooperative protocol to establish a secure pair- wise communication channel between any pair of sensors in a wireless sensor network (WSN). The main contributions of the ECCE protocol are: to allow the set-up of a secure channel between two sensors (principals) that do not share any pre-deployed key. This feature is obtained involving a set of sensors (cooperators) in the channel establishment protocol; to provide probabilistic authentication of the principals as well as the cooperators. In particular, the probability for the attacker to break authentication check decreases exponentially with the number of cooperators involved; to trade off the memory space required to store the pre-deployed encryption keys with the number of cooperators involved in the pro- tocol. Hence, memory storage can be used to store keys built with the ECCE protocol, which helps amortizing the (limited) overhead incurred in the ECCE key set-up; to be adaptive to the level of threat the WSN is subject to. We provide ana- lytical analysis and extensive simulations of ECCE, which show that the proposed solution increases both the probability of a secure channel set-up and the probability of channel resilience with respect to other protocols. Ó 2006 Elsevier B.V. All rights reserved. Keywords: Wireless sensor networks; Key distribution and management; Authentication; Probabilistic key sharing; Cooperation 1. Introduction A wireless sensor network (WSN) is a collection of sensors whose size can range from a few hundred sensors to a few hundred thousand or possibly more. Sensors do not rely on any pre-deployed network architecture, thus they communicate via an ad-hoc wireless network. The power supply of each individual sensor is provided by a battery, hence both communication and computation activ- ities must be optimized. Distributed in irregular patterns and left unattended, sensors should auton- omously aggregate into collaborative, peer-to-peer networks. Sensors networks must be robust and survivable in order to overcome individual sensor failure due to either malicious (e.g. destruction) or non-malicious (e.g. battery depletion) events. A WSN can be deployed in both military and civil 1570-8705/$ - see front matter Ó 2006 Elsevier B.V. All rights reserved. doi:10.1016/j.adhoc.2006.05.013 q This work was partially supported by the WEB-MINDS project from the Italian MIUR under the FIRB program. Roberto Di Pietro was partially founded with a Post-Doc grant from CNR-ISTI, Pisa, in the framework of the ‘‘SatNEx’’ NoE project (Contract No. 507052). * Corresponding author. Tel.: +39 06 49918421; fax: +39 06 8541842. E-mail addresses: conti@di.uniroma1.it (M. Conti), dipietro@ di.uniroma1.it (R. Di Pietro), mancini@di.uniroma1.it (L.V. Mancini). Ad Hoc Networks 5 (2007) 49–62 www.elsevier.com/locate/adhoc