SPIKE: A novel session key management protocol with time-varying secure cluster formation in wireless sensor networks

Abstract

In this paper we propose Symmetric Parallel Immalleable Key Establishment (SPIKE), a novel session key distribution protocol for Wireless Sensor Networks (WSN). In the protocol, each node before being deployed sets up a secret key with a central Key Management Server (KMS). After deployment, when a node wants to initiate a secure session with another node, both nodes, in parallel, turn to KMS for mutual authentication. The symmetric authentication steps are designed carefully to thwart several types of security breaches present in WSN environment such as Man-in-the-Middle attack, Replay attack, Amplification attack, Sybil attack, Denial of Service (DoS) attack. After verification, KMS generates and dispatches the session key to both nodes, simultaneously. Each session key is valid for a certain period. Later when a node wants to communicate with another node which is already part of some secure communication group, KMS includes the new node also in the same session. This incrementally builds up a group of nodes forming a connected component of the original network graph, all sharing the same session key. In terms of the key storage requirement per node, exactly one session key needs to be maintained in a node at any given instance. This is independent of the network size and the number of concurrent sessions active on that node. In the server side too, session key maintenance overhead becomes minimal as the protocol assigns the same key to all the nodes belonging to a connected component.