Connectivity invariant lightweight resiliency improvement strategies for CRT-subset scheme

Abstract

It has been found in the literature of key management for IoT devices that most of the schemes do not consider the attacking behavior of the adversary. Considering the effect of adversarial attacks on system nodes, we observe that when an adversary captures a node, it can read all the secret information from the memory of the node, resulting a partial disclosure of key pool and exposes a part of other node’s keyrings. Thereby, usage of these links that are made secure by these keys is no longer permitted. The situation worsens with the compromise of more nodes. So, it becomes important to study the robustness of a system against such attacks. In this regard, it is important to define a parameter that measures the security of sensor networks in an adversarial situation. Resiliency is one of such important parameters. Keeping the connectivity property intact, this paper presents a black-box approach to improve the resiliency of a class of lightweight combinatorial subset schemes, known as CRT-Subset schemes. We have developed unidirectional hash chains for CRT-Subset (HC(CRT-Subset)) by using key doublets through the use of a hash chaining mechanism. The idea extends to a key triplet to manufacture the bidirectional hash chains for CRT-Subset (2HC(CRT-Subset)) scheme. These ideas are explained through four Algorithms. Given the number of nodes required for a system to be implemented for practical purposes, our algorithms are capable of finding suitable parameters to efficiently construct the key rings for future cryptographic communications. They also provide efficient mechanisms to find common keys between two nodes. Furthermore, we have shown that both of our proposed methods are more resilient than the vast majority of existing schemes. Schematic analyses and comparisons exhibit the improvement achieved and thus ensure the practicality in (distributed) deployment for large (low-cost) networks. We observe that in a multi-key scenario, like our proposed resiliency improved variants of CRT-Subset schemes, the standard resiliency measure, fail(s), does not cover the full picture. So, we additionally introduce a new security parameter Ts to measure the robustness of a network. It is mathematically a challenging problem to calculate the exact values of Ts as well as fail(s). We compute a bound of Ts for CRT-Subset and find the exact mathematical expression of fail(s) and Ts for the CRT-KPS scheme. In addition, we come up with a compact expression of T1 for the CRT-Subset Scheme.