Utilizing hash graphs for key distribution for mobile and replaceable interconnected sensors in the IoT context

Abstract

In most general terms, Internet of Thing (IoT) applications and networks contain interconnected equipment, which are mostly resource constrained. Sensor nodes with sensing and communication capabilities are widely referred as a "thing" in IoT domain in the literature. On the other hand, mobility is an important concern to provide sustainable security and privacy for IoT applications. Solutions that provide high performance security and privacy with static nodes may perform badly when the nodes are mobile. To this end, a security and privacy infrastructure for mobile IoT deployments requires a flexible cryptographic key distribution mechanism with the support of continuous secure connectivity and resiliency even in the case of node replacements. The concept of continuity by deploying new nodes in the area has been studied under multiphase wireless sensor network topic in the literature. In this type of multiphase networks, key rings of the newly deployed nodes are selected from their deployment generation key pools to improve the resiliency and to ensure constant secure connectivity. Nevertheless, the existing research in this area assumes fixed and/or uniformly distributed network lifetime from key distribution point of view. In IoT terms, as the entire lifetime of an application and the underlying networks cannot be guessed a priori, this issue should also be addressed while designing a key distribution mechanism. In this paper, we propose Hash Graph (HaG) scheme for key predistribution among a large set of sensor nodes in a sustainable and secure way. In our HaG scheme, every generation has its own key pool which is generated using the key pool of the previous generation. Since this is an iterative process, there is no limit on the total number of generations, providing flexible network lifetime property to our HaG scheme. This allows nodes deployed at different generations to have the ability to establish secure channels. Likewise, a captured node can only be used to obtain keys for a limited amount of successive generations. We also consider sensor nodes as mobile and use different mobility models to show its effects on the performance. We compare the connectivity and resiliency performance of our scheme with a state-of-the-art multiphase key predistribution scheme and show that our scheme performs considerably better when the attack rate is low. When the attack rate increases, our scheme still has better resiliency performance considering that it requires less key ring size compared to a state-of-the-art multiphase scheme. (C) 2016 Elsevier B.V. All rights reserved.