Available online at www.sciencedirect.

com
Available online at www.sciencedirect.com

Energy
Procedia

Energy Procedia
00 (2011)
Energy Procedia
13000000
(2011) 9741 9749

www.elsevier.com/locate/procedia

ESEP 2011: 9-10 December 2011, Singapore

A Random Key Predistribution Scheme for Wireless Sensor

Networks based on Region Security Level
Xueli Yan*, Xiaohui Ye
College of Electronic Engineering, Navel University of Engineering, Hubei Wuhan 430033, China

Abstract
Random key predistribution is a usually adopted method in establishing the pairwise keys in wireless sensor
networks. However, most of existing random key pre-distribution schemes use the same key predistribution way to
all the sensor nodes in the whole region whereas rarely consider having different security levels in the deployment
region, so they only can provide some extent of network resilience. As the number of compromised nodes increasing,
the fraction of compromised communications will increase quickly. In order to address these shortcomings, in this
paper, we present a new random key predistribution scheme based region security levels. This scheme first divides
the whole application region into a few subregions according to their individual security levels, at the same time
divides the whole sensor nodes into a few corresponding subgroups too, and then it combines the key predistribution
in different subgroups sensor nodes with the security level of the region in which they lie in. Meanwhile, the scheme
use hash function to derive the different keys stored into different subgroups sensor nodes. The analysis and
simulations show that our scheme has a better network resilience against node capture attack, while maintaining the
same probability of direct key establishment.

2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of Singapore Institute of
2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ESEP 2011
Electronics
Keywords: Wireless Sensor Network, Key Predistribution, Region Security Level, Hash Function

1. Introduction
Wireless sensor networks[1], are often deployed in unattended and hostile environments such as
homeland security monitoring and battlefield surveillance. Therefore, security[2] becomes a vitally
important problem to be resolved because confidentiality, integrity and availability of the transmitted data
between sensor nodes must be preserved in these circumstances. As a basic requirement for providing
* Corresponding author. Tel.: +86-27-83442734 ; fax: +86-27-83442734 .
E-mail address: heuejv@sina.com.

1876-6102 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of Singapore Institute of Electronics
doi:10.1016/j.egypro.2011.12.794

9742
2

Xueli
Yan
and
Ye / Procedia
Energy Procedia
13 000000
(2011) 9741 9749
Xueli
Yan
et Xiaohui
al. / Energy
00 (2011)

security functionality, key management[3] plays a central role in data encryption and authentication.
However, due to resource constraints in sensor nodes, many cryptographic key establishment mechanisms
in conventional networks are not suitable for wireless sensor networks. Symmetric key cryptography
turns out to be very attractive in sensor networks because of its efficiency and feasibility. So far, the
researchers all over the world have suggested a number of key establishment proposals using symmetric
key techniques.
Eschenauer and Gligor[4](E-G scheme hereafter) first proposed a basic random key predistribution
scheme, in which each sensor is assigned a random subset of keys from a large key pool before
deployment so that any two sensor nodes will have a certain probability to share at least one common key.
Chan et al.[5] advanced the q-composite random key predistribution scheme, in which they improved E-G
scheme by only increasing the number of keys that two sensor nodes share from at least 1 to at least q .
Du et al.[6] rose to utilize node deployment knowledge to improve the local secure connectivity. Their
scheme assumes a group-based deployment model, in which the entire network is divided into many nonoverlapping square cells and in each cell a group of sensor nodes is deployed. E-G scheme is applied into
each cell. Du et al.[7] also proposed a multiple key spaces key establishment scheme. Liu and Ning[8]
developed a framework in which pairwise keys are predistributed by using bivariate polynomials. They
also proposed the closest polynomials predistribution scheme[9], which take advantage of sensor nodes
expected locations to predistribute appropriate keys to sensor nodes and thus can improve the
performance of key establishment. Chan et al.[10] presented a key management scheme in distributed
sensor networks using attack probabilities, which first accounts for existing different attack probabilities
in the whole deployment region. Yu[11] suggested a pairwise key management scheme based on hash
function for wireless sensor networks, in which the author utilized the hash function to generated some
part of keys in the global key pool so as to alleviate the effect of compromised sensor nodes on the
uncompromised sensor nodes. All the schemes described above, although increased the security and
connectivity of the network to an extent, but still didn't enhance them much better. And most of them
used the same key predistribution means, but failed to consider the distinction of preloaded keys in the
sensor nodes according to the different regions where they resided and these regions diverse security
levels.
In this paper, we present a new random key predistribution scheme based region security level, in
which we divide the whole region into a few subregions according to their individual security levels, and
also partition the all sensor nodes into a few subgroups that correspond to these divided subregions. One
subgroups sensor nodes are deployed into a corresponding subregion. At the same time, we use hash
function to derive the relevant keys preloaded into the different subgroups sensor nodes in order to
alleviate the effect of compromised sensor nodes belonging to some subregion on the rest uncompromised
sensor nodes belonging to the other subregions. Compared with the previous solutions, our scheme can
provide the better network resilience against node capture attack, whereas not change the probability of
establishing direct keys.
The rest of the paper is organized as follows. Section II gives an overview of the basic random key
predistribution scheme. In Section III, we relate our proposed scheme in detail. Section IV gives the
analysis and simulation of our proposal and compares with the other schemes. In Section V, we conclude
the paper.
2. The basic random key predistribution scheme
In this section, we briefly review the basic random key predistribution scheme proposed by
Eschenauer and Gligor in[4], which is the basis of our new proposal. This scheme has three phases: key
predistribution, shared key discovery, and path key establishment.

Xueli Yan
andYan
Xiaohui
/ Energy
Procedia
(2011)
9741 9749
Xueli
et al.Ye
/ Energy
Procedia
0013
(2011)
000000

In the key predistribution phase, a large key pool P size of S keys is generated first. Then, each
sensor node randomly selects k distinct keys from the key pool P and stores them in its memory. This
set of k keys is called the sensor nodes key ring. The number of keys S in the key pool is determined
such that the probability of any two sensor nodes having at least one common key reaches a certain value
p.
After the sensor nodes have been deployed, the shared key discovery phase will be performed. During
this phase, each sensor node attempts to find out with which of its neighbors it shares a common key.
Since all the keys are randomly selected from the same key pool, two sensor nodes may have some
overlapped keys in their memories. If such a key exists, the key will be used to secure the communication
between the two sensor nodes.
If a sensor node does not have shared keys with some of its neighboring nodes, it uses the secure links
graph build during the shared key discovery phase to find a path to arrive at this neighbor, and through
the path to set up a path key between them. If the graph is connected, the path can always be found. So a
generated path key can be sent securely from the source sensor node to the target sensor via this path.
The basic random key predistribution scheme is the first attempt to deal with key predistribution
problem in wireless sensor networks. It is more efficient than public-key based security schemes. The
main weakness of the scheme is it can not provide sufficient security when the number of the
compromised sensor nodes increases. And because it uses the same global key pool and key
predistribution method for all the sensor nodes, a key may be used by many pairs of sensor nodes.
Therefore, any sensor nodes capture could disclose the secure communications between the other noncaptured sensor nodes. In the basic scheme, this problem is defined as network resilience, which is used
to evaluate the fraction of the secure communications compromised between the uncompromised sensor
nodes as the adversaries capture a certain number of sensor nodes. When the compromised fraction of the
secure communication is small, the network resilience is good, when the compromised fraction of the
secure communication is large, the network resilience is bad. For example, for a fixed S , the larger the
size of the key ring, the worse the network resilience; for a fixed k , the larger the size of the key pool,
the better the network resilience. In addition, local connectivity in the basic scheme is defined as the
probability that any two neighboring sensor nodes share at least one key. When S is given, the larger the
size of the key ring, the higher the local connectivity; when k is given, the larger the size of the key pool,
the lower the local connectivity.
3. The proposed scheme
The main idea of the proposed scheme is to associate the key predistribution technique with region
security levels and use the hash function to derive the different keys preloaded into the sensor nodes
whinin the different regions which have different security levels. As related above, scheme[10] also has
consider the attack probabilities of different regions, equivalent to region security levels in our paper, but
it decreases the network connectivity due to assigning the fewer keys to the sensor nodes in the region
with the higher attack probabilites. Moreover, scheme[10], also used the same global key pool for all the
sensor nodes in the whole network, which result in that a node belonging to one region captured will
reveal the keys stored in the rest nodes belonging to the other regions. But different from the scheme[10],
our scheme utilizes the hash function to derive different keys predistributed to the different regions
sensor nodes in accordance with the regions security levels while keeping the network connectivity not
reduced.
Our scheme has three phases: key predistribution, shared key discovery, and path key establishment.
At first, we are going to describe the deployment model of sensor networks.

9743
3

9744
4

Xueli
Yan
and
Ye / Procedia
Energy Procedia
13 000000
(2011) 9741 9749
Xueli
Yan
et Xiaohui
al. / Energy
00 (2011)

3.1. Deployment model

In our scheme, the whole deployment region is divided into a few non-overlapping subregions(the total
divided number being s ), each of which has a security level wi . Without loss of generality, we assume
w1 w2 L ws and 0 wi < 20 . Also, all the sensor nodes are divided into s corresponding subgroups
in the average, each subgroups sensor nodes deployed into a subregion. We suppose the number of the
all sensor nodes is N , then the number of nodes in each subgroup is N s . Fig.1 shows an example of
depleyment model.
w3

w2

w1

ws

w4

BS

BS: Base Station

Fig. 1. A deployment model based on region security level.

3.2. Key predistribution phase

Before we introduce the key predistribution phase in details, lets explain what on earth the derivative
key is. Given an original key K , we call the derivative key of it as the one derived from using the hash
function H () one or more times on the basis of itself. When using the hash function one time on the
original key K , thats H ( K ) , the derivative key is one time derivative key, symboled as K 1 ; when using
the hash function two times on the original key K , thats H 2 ( K ) = H ( H ( K )) , the derivative key is two

time derivative key, symboled as K 2 ; and the rest can be reduced in the same manner. The original key
K is also call zero time derivative key, symboled as K 0 . We suppose that any derivative key has the
same ID with it original key.
In order to limit the effect of the sensor nodes capture of some subregion on the whole network, We
adopt the pricipal of predistributing the lower time derivarite keys to the sensor nodes in the subregion of
higher security level, while predistributing the higher time derivarite keys to the sensor nodes in the
subregion of lower security level. The concrete steps is followed as:
Step 1: The key distribution server(KDS) gernerates a large pool of S keys, each key assigned a
unique identifier. We take the all keys in these key pool as the originals keys in our paper.
Step 2: For each sensor node in the subgroup i ( 1 i s ), which is deployed in the subregion i ,
assuming its security level is wi , KDS randomly selects k keys K1 ,L , K k from the key pool, computes
their individual s i time derivative keys H s i ( K1 ),L , H s i ( K k ) , and then stores these k derivarite keys
K1s i ,L , K k s i , their IDs, as well as the hash function H () into the sensor node.
3.3. Shared key discovery phase
After deployment, if two sensor nodes want to establish a pairwise key, they first need to identify
whether they share a common key ID. If they can find at least one such ID, a common pairwise key can
be established directly between them. In order to find out the common ID, if they have, they could

Xueli Yan
andYan
Xiaohui
/ Energy
Procedia
(2011)
9741 9749
Xueli
et al.Ye
/ Energy
Procedia
0013
(2011)
000000

broadcast their IDs directly. Or, in order to protect the IDs information of theirs, the two sensor nodes
may challenge each other to solve puzzles. For example, using the method in [4], the sensor node A may
broadcast an encryption list, , EID j ( ) , j =1,, k , where ID j is a potential ID of the derivarite key
the other node B may have. If the sensor node B can correctly decrypt one of them, then it shares the
common key ID with the sensor node A , and can establish a direct pairwise key with A .
Assuming the two sensor nodes A (from subgroup i ,which is deployed in the subregion i of security
level wi ) and B (from subgroup j ,which is deployed in the subregion j of security level w j ), there is
the derivative key K s i in A and the derivative key K s j in B . Because these two keys are both
derived from the same original key K , they have the same key ID. So, the pairwise key between the two
sensor nodes can be computed using the hash function H () as follows. There are three cases to be
considered:
Case 1: i = j . In this case, it is obvious that K s i = K s j . So they can use the K s i or K s j as the
pairwise key between them.
Case 2: i > j . In this case, it is obvious that K s j = H i j ( K s i ) . So they can use the K s j as the
pairwise key between them. The sensor node A can compute the pairwise key K s j = H i j ( K s i ) .
Case 3: i < j . In this case, it is obvious that K s i = H j i ( K s j ) . So they can use the K s i as the
pairwise key between them. The sensor node B can compute the paiwise key K s i = H j i ( K s j ) .
3.4. Path key establishment phase
If the two sensor nodes do not share a common key ID at all in the previous phase, they can find an
intermediate neighboring node that shares pairwise keys with both of them to help establish a path key.
Otherwise, the intermediate sensor node would broadcast this message continuously until it discovers a
sensor node that shares a pairwise key with the two sensor nodes respectively. Then the path key can be
established along the message broadcast path reversely.
3.5. Sensor addition and revocation
To add a new sensor node, the KDS only needs to determine which subregion the sensor node will be
deployed in, and then according to the subregions security level, it adopts the same method as in the
predistribution phase to preload the keys into the new node.
The revocation method is also easy. Each sensor node only needs to delete the keys with the same IDs
as the keys in the captured sensor nodes when the security levels of the subregions in which the captured
nodes reside are higher than the one the sensor node itself resides in.
4. Analysis and simulation

4.1. Local connectivity

In this section, we evaluate the local connectivity in our proposed scheme. It is the probability that any
two neighboring sensor nodes can establish the pairwise key directly, or say the probability that the two
nodes share a common key ID. We use the notation plocal to present it. Similar to the analysis of
scheme[4], plocal is computed as:

9745
5

9746
6

Xueli
Yan
and
Ye / Procedia
Energy Procedia
13 000000
(2011) 9741 9749
Xueli
Yan
et Xiaohui
al. / Energy
00 (2011)

plocal

S S k

k
k
= 1 Pr(two nodes have no common key ID) = 1
S S

k k

(1)

Using the Stirlings approximation[4], we can simplify the expression (1), and get the simulcation
result. Here, we use MATLAB as the simulation language. Fig.2 shows the probability of two sensor
nodes establishing the shared key given different number of the keys preloaded in each sensor when
S =1000, 2000, 5000, 10000, 100000.
Probability of two nodes eatablishing direct keys

1
0.9
0.8
0.7
S=1 000
S=2 000
S=5 000
S= 10 000
S= 100 000

0.6
0.5
0.4
0.3
0.2
0.1
0

50
100
150
Number of keys stored in each node

200

Fig. 2. Probability of establishing direct keys between two nodes.

From Fig.2, we can see that our scheme has the same local connectivity with the basic random key
predistribution scheme. For given S , when the number of keys stored in the semsor node is large, the
local connectivity is high; when the number of keys stored in the semsor node is small, the local
connectivity is low. This is because that when the key number is large, the probability of two nodes
sharing the same key ID is large. But the value of k become too large, the sensor nodes will spend too
much storage space. So we need to control k , while maintaining the necessary local connectivity plocal .
4.2. Resilience against sensor node capture
Node capture attack is one of the serious threats in the wireless sensor networks. An adversary can
easily capture the sensor nodes in the network, and then get the all secret information in them. In this
subsection, we discuss the resilience of the proposed scheme against sensor node capure through
probability analysis. Generally,the resilience of one scheme is measured by the fraction of total network
communication that are compromised when x sensor nodes are captured, not including the
communication in which the captured sensor nodes are involved directly. This fraction is also the
probability of the direct pairwise key between any two sensor nodes compromised, we use the notation
pc to represent it.
Most of the existing random key predistribution scheme[4-5,10] use the same global key pool and the
same key predistribution way for all the sensor nodes in the whole deployment region, therefore, some
sensor nodes capture will compromise the pairwise keys between the other non-captured nodes. But
unlike with them, in our scheme, we use the hash function to get the different derivative keys stored into
the sensor nodes according to which subregions they belong to. Because the one-way property of the hash
function, the sensor nodes in the subregions of low security levels captured can not disclose the keys
assigned to the sensor nodes in the subregions of high security levels. Thus we may compute the
compromised probability pc from the following two steps:
Step 1: Computing the compromised probability of the any key in each subregion.
Assume that pi is the security proportion of the subregion i takes in the whole deployment region,

9747
7

Xueli Yan
andYan
Xiaohui
/ Energy
Procedia
(2011)
9741 9749
Xueli
et al.Ye
/ Energy
Procedia
0013
(2011)
000000

whose security level is wi ; xi is the average number of the nodes belonging to the subregion i when
there are x sensor nodes captured; ni is the number of the sensor nodes which can provide the useful
keys from that the necessary compromised key preloaded in the sensor nodes of subregion i can be
derived; Ai represents the event that the compromised key is the key preloaded in the sensor nodes of
subregion i ; B represents the event that any key is compromised; P ( Ai ) is the probability that the event
Ai takes place; P ( B | Ai ) represents the conditional probability that the key is compromised when any
key is the key belongs to the sensor nodes in the subregion i ; P ( B ) is the probability that the event B
takes place. Consequently,
pi =

wi
w
= s i
w1 + L + ws
wi

(2)

i =1

xi = x pi

(3)

P ( Ai ) = pi

(4)

Because when the wanting compromised key is stored in the sensor nodes of the subregion i , only the
sensor node in the higher security levels subregions can provide the useful keys, thereby,
ni = xi + xi +1 + L + xs

(5)

k
P ( B | Ai ) = 1 (1 ) ni
S

(6)

Step 2: Computing the compromised probability of the any key in the whole region.
The compromised probability of the any key in the whole region is the statistics average of the
compromised probability of it in all the subregions. It is computed as:
s

P ( B ) = P ( B | A1 ) P ( A1 ) + L + P ( B | As ) P ( As ) = P ( B | Ai ) P( Ai )
i =1

k
= pi (1 (1 ) ni )
S
i =1
s
k
= pi (1 (1 ) xi + xi+1 +L+ xs )
S
i =1
s

(7)

P ( B ) is the value of pc .
We presume that the size of the key pool is S = 100000 ; the number of the all sensor nodes is
N = 10000 ; the whole region is divided into s = 5 subregions and the all sensor nodes is devided into
s = 5 subgroups too; the security levels in the all subregions are 1, 2, 3, 4, 5. Fig. 3 shows the fraction of
compromised communications between two non-compromised nodes in total network for plocal = 0.33 and
0.5 when x sensor nodes are captured.

4.3. Comparision with other schemes

In this subsection, let us compare our scheme with the -G scheme and the q-composite scheme. We

9748
8

Xueli
Yan
and
Ye / Procedia
Energy Procedia
13 000000
(2011) 9741 9749
Xueli
Yan
et Xiaohui
al. / Energy
00 (2011)

assume that in all the schemes, the probability of establishing a direct pairwise key between two
neighboring sensor nodes is taken as plocal =0.33. And each sensor node could store up to k =200
cryptographic keys.
0.8
Plocal= 0.33
Plocal= 0.5

Fraction of compromised communications

0.7
0.6
0.5
0.4
0.3
0.2
0.1
0

200

400
600
Number of compromised nodes

800

1000

Fig. 3. Fraction of compromised communications between non-compromised nodes in total network for plocal = 0.33 & 0.5 .

In E-G scheme, an adversary compromises a small number of sensor nodes, he can obtain a larger
fraction of keys in the global key pool. The fraction of compromised communications pc may be
evaluated as[4]:
k
pc = 1 1
S

(8)

Where the size of key pool is S =100000 and the size of the key ring k = 200 . Obviously, We can get
the probability of establishing a direct pairwise key between the two neighboring sensor nodes plocal is
0.33.
In q-composite scheme, the fraction of compromised communications pc can be calculated as[5]:
S S i 2(k i )

i 2(k i ) k i
p(i ) =
2
S

k

(9)

p = p(q ) + p (q + 1) + L + p(k ) = p (i )

(10)

i=q

k x p(i )
pc = 1 1
S p
i=q

(11)

Where S is the size of key pool, k is the size of key ring and q is the number of overlapping keys
between two sensor nodes. In the simulation, we set p = plocal = 0.33 through selecting the proper value
of S .
Fig.4 depicts the comparision of our scheme and the E-G scheme and the q-composite scheme when
plocal = 0.33 . From the Fig.4, we may find that our scheme has the better resilience against the nodes
capture than the other two existing schemes. When the number of captured nodes is 400, the

Xueli Yan
andYan
Xiaohui
/ Energy
Procedia
(2011)
9741 9749
Xueli
et al.Ye
/ Energy
Procedia
0013
(2011)
000000

compromised fraction pc in our scheme is less than 0.4, but the compromised fraction pc in the E-G
schem and the q-composite scheme( q = 2,3 ) are more than 0.5.
1

Fraction of compromised communications

0.9
0.8
0.7
0.6
0.5
0.4
0.3

E-G
q=1
q=2
q=3

0.2
0.1
0

200

400
600
Number of compromised nodes

800

1000

Fig. 4. Comparison the fraction of compromised communications between our scheme and other schemes for plocal = 0.33 .

5. Conclusion

In this paper, we have described a novel random key predistribution scheme based on region security
level which combines the key predistribution with the region security level and uses the hash function to
derive the different key preloaded into the sensor nodes residing in different subregion. Analysis and
simulation show that our scheme has the better resilience against node capture than the existing schemes.
References
[1] Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E. A survey on sensor networks. IEEE Communications Magazine
2002;40(8):102114.
[2] Zhou YFang YZhang Y. Securing wireless sensor networks: a survey. IEEE Communications Surveys & Tutorials
2008;10(3):628.
[3] Simplcio Jr MA, Barreto PS, Margi CB, Carvalho TC. A survey on key management mechanisms for distributed Wireless
Sensor Networks. Computer Networks 2010;54(15):25912612.
[4] Eschenaure L, Gligor VD. A key-management scheme for distributed sensor networks. Proc. the 9th ACM Conference on
Computer and Communications Security 2002;4147.
[5] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. Proc. IEEE Symposium on Security
and Privacy 2003;197313.
[6] Du W, Deng J, Han YS, Chen S, Varshney PK. A key management scheme for wireless sensor networks using deployment
knowledge. Proc. IEEE Conference on Computer Communications (INFOCOM) 2004;586597.
[7] Du W, Deng J, Han YS, Chen S, Varshney PK. A pairwise key pre-distribution scheme for wireless sensor networks. Proc.
the 10th ACM Conference on Computer and Communications Security (CCS03) 2003;4251.
[8] Liu D, Ning P. Establishing pairwise key in distributed sensor networks. Proc. the 10th ACM Conference on Computer and
Communications Security 2003;5261.
[9] Liu D, Ning P. Location-based pairwise key establishments for static sensor networks. Proc. ACM Workshop on Security of
Ad Hoc and Sensor Networks (SASN) 2003;7282.
[10] Chan SP, Poovendran R, Sun MT. A key management scheme in distributed sensor networks using attack probabilities.
Proc. 2005 Glabal Telecommunications Conference (GLOBECOM05) 2005;10071011.
[11] Yu W. A Pairwise Key Management Scheme Based on Hash Function for Wireless Sensor Networks. Proc. 2010 Second
International Workshop on Education Technology and Computer Science (ETCS) 2010;198201.

9749
9