Providing secrecy in key management protocols for large wireless sensors networks Roberto Di Pietro a, * ,1 , Luigi V. Mancini a,1 , Sushil Jajodia b a Dipartimento di Informatica, Universit a di Roma ‘‘La Sapienza’’, Via Salaria 113, 00198 Roma, Italy b Center for Secure Information Systems, George Mason University, University Drive, VA 22030, USA Abstract This paper defines a new protocol KeEs for the key establishment that meets the security requirements of the threat model proposed. The KeEs protocol assures forward and backward secrecy of the session key, so that if any set of the session keys is compromised, even including the current session key, these compromised keys do not undermine neither the security of future session keys, nor the security of past session keys. We illustrate the protocol in two different scenarios, one in which a Base Station acts as a synchronizer for re-keying the sensors, and a second scenario based on a completely distributed approach where the sensors rely only on themselves to achieve synchronization in the re-keying process. For both scenarios the KeEs protocol requires minimal overhead in terms of computations and transmissions. Finally, in KeES none of the resources needed by a generic sensor is bounded to the size of the WSN. Ó 2003 Elsevier B.V. All rights reserved. Keywords: Wireless sensor network security; Key management protocol; Forward and backward secrecy; Synchronization; Distributed algorithms 1. Introduction Advances in micro-electro-mechanical systems (MEMS) technology allow sensors to be re- programmable, self-localizing, and to support low-energy, wireless, multi-hop networking, while requiring only minimal pre-configuration. To support the reliability of coordinated control, management, and reporting functions, the sensor networks are self-organizing with both decentral- ized control and autonomous sensor behavior, resulting in a sophisticated processing capability [5]. A wireless sensors network (WSN) is a collec- tion of sensors, whose number can range from a few hundred to a few hundred thousands and possibly more. These sensors do not rely on any pre-deployed network architecture, thus commu- nicating via an ad hoc wireless network. Distrib- uted in irregular patterns across remote and often hostile environments, sensors will autonomously aggregate into collaborative, peer-to-peer net- works. Sensor networks must be robust and sur- vivable despite individual sensor failures and intermittent connectivity (for instance due to noisy channel or shadow zone). Often WSNs are * Corresponding author. E-mail addresses: dipietro@dsi.uniroma1.it (R. Di Pietro), mancini@dsi.uniroma1.it (L.V. Mancini), jajodia@gmu.edu (S. Jajodia). 1 This work was partially supported by the Italian MIUR under the FIRB WEB-MINDS Project, and by the EU under the IST-2001-34734 EYES project. 1570-8705/$ - see front matter Ó 2003 Elsevier B.V. All rights reserved. doi:10.1016/S1570-8705(03)00046-5 Ad Hoc Networks 1 (2003) 455–468 www.elsevier.com/locate/adhoc