A Key Pre-Distribution Scheme Based on µ-PBIBD for Enhancing Resilience in Wireless Sensor Networks.

Many key pre-distribution (KPD) schemes based on combinatorial design were proposed for secure communication of wireless sensor networks (WSNs). Due to complexity of constructing the combinatorial design, it is infeasible to generate key rings using the corresponding combinatorial design in large scale deployment of WSNs. In this paper, we present a definition of new combinatorial design, termed “µ-partially balanced incomplete block design (µ-PBIBD)”, which is a refinement of partially balanced incomplete block design (PBIBD), and then describe a 2-D construction of µ-PBIBD which is mapped to KPD in WSNs. Our approach is of simple construction which provides a strong key connectivity and a poor network resilience. To improve the network resilience of KPD based on 2-D µ-PBIBD, we propose a KPD scheme based on 3-D Ex-µ-PBIBD which is a construction of µ-PBIBD from 2-D space to 3-D space. Ex-µ-PBIBD KPD scheme improves network scalability and resilience while has better key connectivity. Theoretical analysis and comparison with the related schemes show that key pre-distribution scheme based on Ex-µ-PBIBD provides high network resilience and better key scalability, while it achieves a trade-off between network resilience and network connectivity.

1. Introduction

Wireless sensor networks have more and more extensive applications due to their properties in lower cost, low power consumption, easy deployment and self-organization [1,2]. Sensor nodes in wireless sensor networks are responsible for monitoring surrounding environment and transmitting the information on-request to base station in one-hop or multi-hop path. A general environment of wireless sensor networks is shown in Figure 1. When sensor networks are deployed in a hostile territory or a special region, they should secure the communication between two sensor nodes by encryption/decryption, safety authentication techniques and others [3,4,5,6,7,8]. Key management is a core of cryptographic system in WSNs, which is used to protect security in application of WSNs [9,10,11,12,13]. Although study on key management in WSNs becomes more mature, it still has a lot of challenges because of different required network size, wide application background, limited sensor performance and so on [14].

Figure 1

Environment of wireless sensor networks.

Key pre-distribution (KPD) scheme is one of the most extensive research directions of symmetric key management in WSNs [15,16,17]. A typical KPD scheme contains three phases: key pre-distribution, shared-key discovery and path-key establishment [13,18]. Key pre-distribution is an initialization phase, in which some keys selected from a large key pool are pre-distributed to each sensor to build a key ring. Shared-key discovery is to discover common pairwise keys between two nearby nodes by matching their key rings. In a path-key establishment phase, two nodes try to find one or more intermediary nodes that share common keys with them when the two neighboring nodes have no common pairwise keys. Various metrics of key pre-distribution scheme, such as network scalability, key connectivity, network resilience et al., are used for analyzing the merits and demerits of schemes in WSNs [19,20].

KPD schemes in WSNs are classified into probabilistic KPD scheme and deterministic KPD scheme based on the manner of key selection [6,12,16]. Typical probabilistic KPD schemes include random KPD, Q-composite KPD and polynomial pool based KPD [13]. Probabilistic KPD scheme randomly extracts a number of keys from key pool to form key rings of nodes, and its advantage is easy implementation due to its simple algorithm [21]. However, probabilistic KPD scheme only judges whether a pair of nodes have common keys by the mean of a probability value, and computers key connectivity by probabilistic result. Deterministic KPD scheme constructs key rings with a simple, straightforward model instead of selecting random key, which contributes to implementing shared-key discovery and path-key establishment. However, operations of these two phases, due to the absence of structure in key pre-distribution, are inherently complicated in randomized KDP scheme [20]. Meanwhile, performance metrics, such as scalability and connectivity, can be proven to be deterministic in a deterministic KPD scheme [22]. On the contrary, the deterministic value can not be obtained in a probabilistic scheme.

Combinatorial design theory is usually used for implementing deterministic KPD schemes. Due to the structural features of combinatorial design, metrics of combinatorial KPD scheme can easily be depicted. A general problem on existing combinatorial KPD schemes for WSNs is that construction of combinatorial designs mapped to KPD are complicated in implementation. Therefore, we focus on constructing a simpler combinatorial design applied to KPD scheme of WSNs, while performance metrics of KPD scheme should not be affected. A novel key pre-distribution scheme based on two-dimensional combinatorial design is introduced. Moreover, to enhance resilience and improve scalability, an extended three-dimensional combinatorial KPD scheme is proposed. The main contributions of our work are described as follows:

A new combinatorial design (µ-PBIBD) is defined based on partially symmetric balanced incomplete block design.

A µ-PBIBD is constructed in 2-D space, and a key pre-distribution scheme based on 2-D µ-PBIBD is proposed in which blocks are mapped to key rings. That is, shared-keys between nodes can be generated from common points between corresponding blocks. As a result, key connectivity of the proposed scheme depends on the construction of µ-PBIBD.

To enhance network resilience of 2-D µ-PBIBD scheme, an Ex-µ-PBIBD is constructed by extending µ-PBIBD from 2-D space to 3-D space. Further, a key pre-distribution scheme based on 3-D Ex-µ-PBIBD is presented.

Performance metrics of the proposed schemes are evaluated by theoretical analyses. Comparing with sBIBD scheme, RD and TD scheme, the results show that the proposed scheme has better scalability and higher resilience.

The remainder of this paper is organized as follows: In Section 2, related works on combinatorial design KPD schemes are introduced. Background knowledge of combinatorial design is described and a new combinatorial design is defined in Section 3. A µ-PBIBD is constructed and KPD scheme based on µ-PBIBD for WSNs is presented in Section 4. Then Section 5 proposes an extended µ-PBIBD based KPD scheme. Performance of the proposed scheme is analyzed and compared with the corresponding schemes in Section 6. Finally, the conclusions are drawn in Section 7.

2. Related Works

Combinatorial design theory is the part of combinatorial mathematics that deals with the existence and construction of systems of finite sets whose the existence have specified numerical properties [23]. Just because of these specified, easy-to-implement, numerical properties of combinatorial design theory, a series of studies on KPD scheme based on combinatorial design theory have been developed rapidly [24,25,26,27,28,29,30,31,32,33]. The first deterministic KPD scheme proposed by Comtepe and Yene [1] based on combinatorial design theory, which mapped Balanced Incomplete Block designs (BIBD) and Generalized Quadrangles (GQ) to KPD schemes, made key connectivity up to 1. Because of the difficulty of constructing BIBD and GQ, this KPD scheme supported only limited network size [9,30] and could not ensure keys pre-distribution according to actual demand about wireless sensor networks. Scheme [32] proposed a hybrid design according to complement of each block, i.e., when blocks of combinatorial design assigned to nodes were used up, a random subset of the complementary design blocks was distributed to the new-added nodes as key rings. This scheme supported larger-scale WSNs and improved the resilience of networks. Modiri et al. [30] introduced a new combinatorial design called residual design and mapped it to key pre-distribution scheme. This KPD scheme provided high connectivity while maintaining better scalability and resilience.

Stinson et al. [20,22,24,25] had been studying a series of combinatorial design based KPD since 2004. Lee and Stinson [20] introduced related knowledge of combinatorial set system to deterministic KPD schemes for WSNs. A strongly regular graph in [24] was used to product a network graph that represented whether two nodes share secret keys, and both one-way hash function and modified multi-space Bolm’ scheme were introduced to reduce efficiently storage overheads of keys and increase resilience. In schemes [25], Lee defined two basic types of combinatorial designs as “configurations” and “µ-common intersection design” and discussed their influence on the local connectivity and two-hop paths in WSNs. In schemes [20], Lee proposed a general framework to construct KPD schemes based on a transversal design (TD), and represented KPD schemes based on linear polynomials and quadratic polynomials. These schemes provided higher efficiency in a shared-key discovery phase with better connectivity and resiliency. Paterson and Stinson in [22] defined a general class of designs as “partially balanced t-designs”, which encompassed almost all of the proposed combinatorial designs used for KPD schemes. This general framework contributed to analyzing proposals of combinatorial KPD schemes and comparing with existing schemes, and easily evaluated which schemes possessed better performance metrics for a certain application. In [33], taking the problem with the restricted number of sensor nodes in combinatorial KPD into consideration, a universal method was proposed to compute metrics for connectivity and resilience of combinatorial KPD schemes. A deterministic method exploited a resolvable TD to adjust the network size by removing key rings and easily analyzed the properties of the scheme using the framework constructed in [22].

Taking into account the difficulty of implementation of scheme [32], Xia et al. [21] first constructed BIBD with Hadamard matrix, and then mapped it to a KPD scheme in WSNs. Furthermore, the network size of WSNs was doubled by complementary set design and the shared-key intensity was enhanced by key slicing. In [26], based on the divisible core pair-wise balanced design, key rings of nodes were constructed, where common blocks and particular blocks were mapped to key rings of common nodes and key rings of cluster head nodes, respectively. This scheme increased network scalability and had better resilience. Gao et al. [31] proposed a combinatorial design based KDP scheme for two-layer hierarchical WSNs. In this scheme, a key pre-distribution scheme was constructed with orthogonal array. A block associated with keys was assigned to a more capable node, and a random subset of a block associated with keys was allotted to a less capable node. This scheme obtained higher resilience and better tradeoff between performance metrics than some probabilistic schemes.

3. Preliminaries

Combinatorial design theory is the branch of combinatorics which focuses on designing subsets of a finite set to satisfy certain properties [23]. Block design is a type of combinatorial design. In the following section, a brief introduction of definitions and prerequisites of combinatorial design theory used in this paper are given.

[34]. Let V be a basic set of v elements (called points) with

[32]. If B is a block design of V that satisfies the following properties:

Uniformity: Each block in B contains exactly k distinct points.

Regularity: Each point of V exists in exactly r different blocks of B.

Balance: Each pair of points of V exists in exactly blocks of B.

B is called ”balanced incomplete block design (BIBD)” and denoted as

Consider

3.1. Combinatorial Design

For every prime or prime power , there exists a . Comtepe et al. [32] defined a mapping from to KPD and proposed a KPD scheme base on sBIBD. In this scheme, each point in V was associated with a distinct random key and each block was used as a key ring, providing the key pool having keys and key rings each having keys. In sBIBD, each pair of blocks intersected on one point and was mapped to KPD scheme in which each pair of key rings shared one key. As a result, the probability of key shared between each pair of nodes was always 1. When value of q was large, constructing was a NP-problem [32] which limited the size of sensor networks whose keys were pre-distributed. That is, this scheme was only theoretically feasible for a large scale of WSNs.

[20]. A set system is a tripe

, for every and every .

Every two points from different groups occurs in exactly λ blocks of B.

The tripe is a transversal design of V which can be expressed as . When , it can be written as . A has the following properties: (1) There are exactly points and blocks; (2) every block contains exactly k points; and (3) every point occurs in exactly q blocks.

Let

Then

A , where q is a prime or a prime power, was constructed by Lee et al. in [20] as follows.

Let the point in V be denoted as (a, b), where , and . The construction of V is

A group G of V is

For every ordered pair , a block of B is defined as

Then . This tripe is a .

Compared with sBIBD scheme proposed by Comtepe and Yener, this transversal design was simple in construction and corresponding KPD scheme was no limit to network size of WSNs.

3.2. µ-Partially Balanced Incomplete Block Design

A PBIBD is a generalization of a BIBD, in which each pair of points does not need to appear the same number of times [34]. The definition of PBIBD is given as follows:

If B is a block design of V that satisfies the following properties:

Uniformity: Each block in B contains exactly k distinct points.

Regularity: Each point of V exists in exactly r different blocks of B.

Partial Balance: Each pair of points of V exists in different numbers of blocks of B.

B is called “partial balanced incomplete block design (PBIBD)”. Further, we refine PBIBD to define a µ-PBIBD.

Let

(V, B) is regular, i.e., each point of V appears in exactly r different blocks of B.

(V, B) is uniform, i.e., the number of points in every block is k.

(V, B) is partial balance, i.e., every pair of points appears in

The µ-PBIBD can be expressed as

The number of common points in any two blocks is

In particular, when d = v and therefore r = k, a µ-PBIBD is called symmetric µ-PBIBD (µ-sPBIBD) which can be denoted as .

Let V = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} and

In this block design, there are 15 blocks and 15 points where each block contains 6 points and each point occurs in 6 blocks. Every pair of points appears in , or blocks, where , and . Then the block design is a µ-sPBIBD which can be denoted as .

4. Key Pre-Distribution Based on µ-sPBIBD

In this section, we construct a basic sPBIBD and describe the mapping from µ-sPBIBD to KPD in WSNs.

4.1. A Construction of 2-D µ-sPBIBD

By combining with and in Section 3.1, we use the representation of data elements in 2-D space to construct µ- which can be described as follows.

Let points of V be expressed as (a, b), where (a, b) are coordinate of 2-D space elements for and . Then V is a set of cardinality , where for every ordered pair , a block in V is defined as

Let .

The pair (V, B) has some following properties.

In (V, B), V has

Constructed as before, V can be viewed as a 2-D space with the dimension . Therefore, the number of points in V is ; Each block in B, where , is a set of coordinates of all elements on a row and b column except (a, b) in 2-D space. Therefore, the number of blocks in B is and the number of points in each block is . □

In (V, B), every point in V occurs in exactly

According to the aforementioned construction of block, point (a, b) in V should appear in block (where is between 1 and n except b) and block (where is between 1 and m except a). Therefore, the number of blocks containing point (a, b) is . □

In (V, B), there are three cases on the number

There are three cases on position relationship between two points in V. One is that, if points (a1, b1) and (a2, b2) in V lie on the different rows and columns, the two points should occur in blocks and , and then . Another is that, if points (a1, b1) and (a2, b2) lie on the same row and different column, the two points should occur in exactly the blocks whose subscript are expressed by other points on the same row except these two points, and then . The third is that, if points (a1, b1) and (a2, b2) lie on the same column and different row, the two points should occur in exactly the blocks whose subscript are expressed by other points on the same column except these two points, and then .

Therefore, inferred from the three properties, (V, B) is µ-sPBIBD which can be denoted as . □

4.2. 2-D µ-sPBIBD Based KDP Scheme

A key pool contains keys which will be selected in various ways to form key rings. These key rings need to be pre-distributed to sensor nodes before sensor nodes of WSNs are deployed. When nodes in WSNs transfer messages to their neighbor nodes, secure communications should be guaranteed by the common keys in key rings of communication nodes.

In KPD schemes based on 2-D µ-sPBIBD for WSNs with M sensor nodes, the mapping from 2-D µ-sPBIBD to KPD is described in Table 1. Each point in V can act as a key in the key pool and each block can be viewed as a key ring to distribute a sensor node, meaning that the number d of blocks should satisfy and if two blocks have common points, the two nodes which contain respectively the two blocks will have share-keys.

Table 1

Mapping from 2-D µ-sPBIBD to key pre-distribution (KPD).

µ-sPBIBD	KPD	Parameter	Value of Parameter
Basic set (point set)	Key pool	V	{(a,b)|(a,b)∈Z_m×Z_n}
Basic set size	key pool size	v	mn
Block	Key ring	B_a,b	{(i,b),(a,j)|1≤i≤m,i≠a;1≤j≤n,j≠b}
Number of blocks	Number of key rings	d	mn
Block size	Key ring size	k	m + n − 2
Number of common points between two blocks	Number of shared keys between two nodes	λ_1,…,λ_μ	2, m − 2, n − 2

4.2.1. Key Pre-Distribution Phase

In 2-D µ-sPBIBD scheme, keys in key pool are defined as the elements in 2-D space while the corresponding key IDs are expressed by coordinates of the elements in 2-D space. That is, points (1, 1), …, (1, n), …, (a, b), …, (m, 1), …, (m, n) in V are view as key IDs which are associated with keys in key pool. Point (a, b) and the corresponding key key can be represented as a whole P, where and , Then the key pool can be described as a set of P. According to the construction of blocks proposed in Section 4.1, blocks are generated, where , which can be denoted as . The number of elements in block is m + n − 2. Elements P in block are distributed as a key ring to a sensor node.

4.2.2. Shared-Key Discovery Phase

When a sensor node needs to transmit the message to neighbor nodes, the node broadcasts its key IDs in key ring. The neighbors discover shared-keys with source node by comparing with their key IDs. Property 3 shows that there are three possibilities for the number of shared-keys between the two nodes: 2, m − 2 or n − 2.

Suppose that two sensor nodes N and N have s shared-keys, say , where and value of s is 2, m − 2 or n − 2, respectively. A session key between the two nodes can be generated from the shared-keys corresponding to common points between blocks. According to [20], a session key is established by a hash function h,

This approach that computes session key by a hash function of common keys can improve the network resilience [6,20].

If two communication nodes fail to discover their shared-keys in the shared-key discovery phase, then path-key will be established. In 2-D µ-sPBIBD scheme, any pair of nodes can share at least two keys. Therefore, path-key establishment phase will not be considered.

4.3. 3-D Ex-µ-sPBIBD Based KPD Scheme

In combinatorial KPD scheme, the more keys the blocks share, the more blocks are effected by a compromised block [32]. That is, network resilience contradicts with key connectivity [18]. Complete key connectivity inevitably leads to poor resilience in 2-D µ-sPBIBD based KPD scheme. In order to make a trade-off between resilience and connectivity, we propose an extended µ-PBIBD that can improve the resilience by reducing properly connectivity.

As mentioned in Section 4.1, a key pool can be viewed as 2-D space to store keys, in which key IDs are expressed by corresponding row-column coordinates of elements in 2-D space. In this subsection, we extend a key pool from 2-D space to 3-D space in which each key ID can be expressed by corresponding row-column-page coordinate of element in 3-D space. A extending µ-sPBIBD (Ex-µ-sPIBD) based KPD is proposed and KPD in 3-D space is described as follows.

Let V be a set of coordinates of elements in 3-D space, which can be defined by

A point in set V is denoted as (a, b, c), where . The blocks in 3-D Ex-µ-sPBIBD are defined as where .

Let

In 3-D Ex-µ-sPBIBD, the number of blocks is and a block has 3q − 3 points. Mapping from Ex-µ-sPBIBD to KPD can be described in Table 2.

Table 2

Mapping from 3-D Ex-µ-sPBIBD to KPD.

Ex-µ-sPBIBD	KPD	Parameter	Value of Parameter
Basic set	Key pool	V	{(a,b,c)|(a,b,c)∈Z_q×Z_q×Z_q}
Basic set size	Key pool size	v	q^3
Block	Key ring	Ba,b,c	{(i,b,c),(a,j,c),(a,b,l)|1≤i≤q,i≠a;1≤j≤q,j≠b;1≤l≤q,l≠c}
Number of blocks	Number of key rings	d	q^3
Block size	Key ring size	k	3q−3
Number of common points between blocks	Number of shared-key between nodes	λ_1,⋯,λ_μ	0,2,q−2

A key pool is considered as 3-D space in which store keys. Key IDs in the key pool are represented by row-column-page coordinate (a, b, c) of elements in 3-D space. A Key combining with the corresponding key ID is denoted as a whole . A 3-D Ex-µ-sPBIBD is constructed by the approach similar to Section 4.1.

5. Theoretical Analysis

In this section, we analyze some important metrics of µ-sPBIBD based KPD scheme, such as connectivity, scalability and resilience.

5.1. Key Connectivity

Key connectivity is one of important metrics to evaluate the performance of KPD scheme in WSNs. Connectivity represents the ability of secure communication between nodes [26] and can be described by the probability that sensor nodes have shared-keys. If two nodes have no shared-keys, communication between them will use the third node to forward who has shared-keys with the two nodes, which will result in energy waste. Therefore, direct key connectivity can not only secure the networks but also save the communication overhead.

As noted in Section 4.2, KPD scheme based on 2-D µ-sPBIBD guarantees that any pair of key rings has common keys, which means key connectivity of the proposed scheme can achieve 1. In the following, we study key connectivity of 3-D Ex-µ-sPBIBD scheme in WSNs.

3-D space with dimension is depicted in Figure 2. Taking N1 as example, the relation among node, block and 3-D space in 3-D Ex-µ-sPBIBD scheme are descripted as follow. Suppose that N1 is a sensor node in WSNs. Then a block constructed by Equation (2) is preloaded to N1 as a key ring. For simplicity, location of N1 in 3-D space is denoted as (a1, b1, c1).

Figure 2

Relation among node, block and shared-key in 3-D Ex-µ-sPBIBD.

If two nodes in 3-D space are coplanar, 3-D Ex-µ-sPBIBD will degenerate into 2-D µ-sPBIBD which has been described in Section 4.1. Therefore, two blocks have 2 or q − 2 common points, which means the two nodes have 2 or q − 2 shared-keys. If two nodes are preloaded non-coplanar blocks as key rings, they will have no shared-key and need to use path-key to secure communicate.

Let V be a set of |V| = v = points and be expressed by Equation (1) where q = 6. According to Figure 2, nodes are denoted as N1, N2, N3, N4 and N5, while the corresponding blocks , , , and can be described as follows.

As shown in Figure 2, shared-keys between nodes have three cases. The first case is that, for example, blocks of N1 and N2 have two shared-keys, say (3, 5, 3) and (3, 4, 2), and the case are the same as N1 and N5, N3 and N5, N3 and N4, and N4 and N5. The second case is that blocks of nodes have q − 2 = 4 shared-keys. For example, shared-keys between N2 and N3 have (1, 4, 3), (2, 4, 3), (4, 4, 3) and (6, 4, 3). The third case is that blocks of nodes have no share-key in which we should establish their path-key.

Taking nodes N1 and N3 as example, we analyze the establishment of path-key between the two nodes. In Figure 2, N2 has shared-key with N1 and N3, and then a secure two-hop path between N1 and N3 (i.e., N1, N2, N3) is established.

Taking example for node N5 in Figure 2, we analyze the connectivity of Ex-µ-sPBIBD scheme. All nodes that are coplanar with N5 have the share-keys with N5. Therefore, the number of nodes on plane A, B and C that have share-keys with N5 is 3q (q − 1). The total number of nodes except N5 in WSNs is q3 − 1. Then direct connectivity of Ex-µ-sPBIBD is given by

Figure 2 illustrates shared relation of blocks and key connectivity of key rings. For simplicity, we replace block with node to illustrate key shared. There are three cases of key-shared between nodes: If two nodes, such as N4 and N5, lie on the same plane and have the different row and column subscript, the two nodes should have 2 shared-keys; If two nodes, such as N2 and N3, lie on the same plane and have the same row (or column subscript), the two nodes should share q − 2 keys; If two nodes, such as N1 and N3, are not coplanar, the two nodes should have no direct shared-key.

5.2. Network Scalability

Network scalability reflects flexibility metrics of KPD scheme in WSNs and fails to effect security of network when new nodes join WSNs. Scalability can be expressed as the maximum number of nodes supported by KPD in WSNs. In the combinatorial KPD scheme, blocks are mapped to key rings. Therefore network scalability is equivalent to the number of blocks in combinatorial design.

In 2-D µ-sPBIBD, let the number of points in V be v, v can be decomposed into multiple forms as , . In terms of property 1, if V is described by 2-D spaces with different dimensions, the number of blocks of µ-sPBIBD will also be different which is , , respectively. That is, scalability of KPD scheme based on 2-D µ-sPBIBD varies with the number of the corresponding key rings.

Suppose the number of points in V is 10,000, 10,000 elements can be expressed in the form of 100 × 100, 50 × 200, 25 × 400, 20 × 500, 10 × 1000, 5 × 2000, 250 × 40 and 125 × 80, where the form 100 × 100 results in the minimum number of points in blocks in 2-D µ-sPBIBD.

Let v be expressed as

Suppose that v can be described by two forms such as and , where and . In both cases, the number of points in blocks are 2q − 2 and , respectively. Comparing with the number of points in the two blocks, the result is as follow.

As described above, if v can be decomposed into many forms of multiplication of two numbers, the number of points of blocks will be the minimum in the case of v being expressed by a square of a certain number. That is, the corresponding 2-D space should hold the same row and column.

In 2-D µ-sPBIBD, the number of blocks is the same as the number of points in V. Therefore, the number of nodes in WSNs is also v. According to Theorem 3, in our proposed KPD scheme based on µ-sPBIBD, the number of keys in the key pool should be a minimum square of a number, which will lead to shorter key ring size under similar network scalability in WSNs. If the number of sensor nodes of WSNs is n and n = q2, the scalability of WSNs can be described as .

In 3-D Ex-µ-sPBIBD, each point in V is denoted as coordinate of 3-D space which is the same as subscript of each block. As analyzed above, 3-D space should be defined as , and then number of blocks in V is q3. That is, if the number of nodes in WSNs is q3, the scalability of WSNs can be described as . □

5.3. Network Resilience

Resilience represents security metrics of KPD against node capture in WSN. Because low performance nodes in WSNs are not equipped with tamper-resistant hardware [35] once one node is captured by an adversary, all of the information stored in the node including key material will be exposed. The adversary may use the captured keys to decrypt communication between other nodes that using the same keys. When the number of compromised sensor nodes reaches a certain value, all keys in the key pool will be exposed and the whole WSNs will be collapsed.

Resilience reflects the extent that the compromised nodes affect the remaining non-compromised nodes when WSNs suffer from attack of node capture. Resilience of WSNs is expressed as Res(x), which denotes the broken probability of a link between two fixed non-compromised nodes when an attacker captures x other nodes [20]. The lower the value of Res(x) is, the stronger the resilience of WSNs will be.

5.3.1. Resilience of 2-D µ-sPBIBD

As noted in Section 5.2, let V be square of q in 2-D µ-sPBIBD. Then two nodes have 2 or q − 2 shared-keys. In Figure 3, 2-D space with dimension is depicted. Taking N1 in Figure 3a as example, the relation among node, block and 2-D space in 2-D µ-sPBIBD scheme is descripted as follows. Suppose that N1 is a sensor node in WSNs, a block constructed in Section 4.1 is preloaded to N1 as a key ring in which (a1, b1) is a point of V. Then, for simplicity, location of N1 in 2-D space is denoted as (a1, b1).

Figure 3

Key distribution and key-shared corresponding to 2-D sPBIBD. (a) 2 shared-keys; (b) q − 2 shared-keys.

1. If the number of shared-keys is 2

Suppose that node N1 and N2 share two keys. Two blocks corresponding to key rings preloaded to N1 and N2 are denoted as and . As presented in Figure 3, in 2-D space, points in cover orange and blue segments, while points in cover green and blue segments. Figure 3a illustrates that and have common points (a1, b2) and (a1) which represent key ID of two shared-keys between N1 and N2 (for simplicity, in the following analyses, we replace key with key ID).

Resilience is repressed by the probability that communication between N1 and N2 will be compromised after x random nodes are captured. Suppose that and are two sets of blocks including (a1, b2) and (a2, b1), respectively. From Property 3, we have that and . Then

To secure the communication between N1 and N2, (a1, b2) or (a2, b1) should not exist in the blocks associated with the x captured nodes. The number of ways of choosing x nodes unrelated to (a1, b2) is . Similarly, the number of ways of choosing x nodes unrelated to (a2, b1) is . Then the number of ways of choosing x nodes unrelated to is . Therefore, if x nodes are captured, network resilience, which is represented by the probability that communication with two fixed nodes is broken, can be given by

2. If the number of shared-key is q − 2

Two blocks will share q − 2 keys if the two blocks corresponding to two key rings in node N1 and N2 have the same row-subscript (or column-subscript). In Figure 3b, blocks and have the same row-subscript. Then the common points between and are all elements in a1 row except (a1, b3) and (a1, b4).

As illustrated in Figure 3b, suppose blocks in N1 and N2 have the same row (or column). If an attacker captures x nodes, N1 and N2 will compromise in the following three cases:

In x captured nodes, there are at last two nodes, such as N3 and N4, that the corresponding blocks have the same row (or column) subscript as the blocks in N1 and N2.

In x captured nodes, there are one node, such as N3, that the corresponding block has the same row (or column) subscript as the blocks in N1 and N2, and then another node, such as N5, must be the node that corresponding block has the same column (or row) subscript as block in N3.

In x captured nodes, if subscripts of blocks in x captured nodes are different with those of N1 and N2, x should be greater than or equal to q − 2 and there are at least q − 2 captured nodes that column (or row) subscripts of the corresponding blocks are different with those of N1 and N2. Meanwhile, column (or row) subscripts of corresponding q − 2 blocks are different from each other. For example, in Figure 3b, N5, N6, N7 and N8 are four nodes of x compromised nodes.

Resilience of the first two cases will be given by

In the third case, the number of ways of choosing x compromised nodes is given by and resilience of the third case will be given by

Then, if two nodes have q − 2 shared-keys, resilience can be written as:

In terms of the construction of µ-sPBIBD, the probability that two blocks share q − 2 points is given by

The probability that two blocks share 2 points is given by

Finally, resilience of KPD scheme based on µ-sPBIBD can be computed by Equations (4) and (8)–(10). The resilience is expressed as follows:

5.3.2. Resilience of 3-D Ex-µ-sPBIBD

Resilience of 3-D Ex-µ-sPBIBD are similar to 2-D µ-sPBIBD. Suppose that x random nodes are captured. Resilience can be analyzed as follows.

1. If the number of shared-keys is 2

Suppose that subscripts of blocks of two nodes have different row and column in the same plane. The two nodes have two shared-keys, say (a1, b1, c1) and (a2, b2, c2). For example, suppose N1 and N2 in Figure 2 have two shared-keys and the corresponding points are (3, 5, 3) and (3, 4, 2). and are sets of blocks containing (a1, b1, c1) and (a2, b2, c2), respectively, where a1 = a2, and . According to Property 3, we have and

Then

In order to ensure the security of a link between N1 and N2, key rings of x captured nodes fail to contain the two keys (a1, b1, c1) and (a2, b2, c2). The number of ways of choosing x nodes unrelated to (a1, b1, c1) is . Similarly, the number of ways of choosing x nodes unrelated to (a2, b2, c2) is . Then the number of ways of choosing x nodes unrelated to is . Therefore, if x nodes are captured, the probability which a link between the two fixed nodes is broken will be given as follows:

2. If the number of shared-keys is q − 2

If subscripts of two blocks are coplanar and with the same row (or column), their corresponding nodes will have q − 2 shared-keys. Taking N2 and N3 as example in Figure 2, we compute network resilience.

Coplanar two blocks in 3-D Ex-µ-sPBIBD can be viewed as two blocks in 2-D µ-sPBIBD. For simplicity, as analyzed in Section 5.3.1, it is similar to Equations (4)–(7) that the resilience of this case can be given by

In terms of construction of 3-D Ex-µ-sPBIBD, the probability that two blocks share 2 points can be given by

The probability that two blocks share q − 2 points can be given by

Finally, resiliency of KPD scheme based on 3-D Ex-µ-sPBIBD can be computed by Equations (12)–(15). Resilience can be expressed as follows,

6. Performance Comparison

In order to better analyze the performance of the proposed method, we compare with other combinatorial design based KPD schemes. Symmetric BIBD scheme [32] is a classical combinatorial design based deterministic key pre-distribution scheme, which mapped a symmetric design with parameters (q2 + q + 1, q + 1, 1) to KPD scheme. RD scheme [30] constructed a residual design (RD) based on sBIBD with parameters (q2 + q + 1, q + 1, 1) and was first time that used RD to KPD scheme, which improved the resilience and scalability comparing with sBIBD scheme. TD scheme [20] employed linear construction and quadratic construction of transversal designs which were expressed as and , respectively, and it offered a lot of flexibility in trading off the various metrics.

In this section, we compare the proposed schemes with sBIBD scheme, RD scheme and linear TD scheme according to different criteria. For the sake of clarity, the parameters of different KPD schemes are listed in Table 3. We can find that metrics of linear TD scheme depend on two parameters k and q, which is different from others combinatorial schemes that only depend on one parameter.

Table 3

Parameters of BIBD, RD, TD, 2-D µ-PBIBD and 3-DEx-µ-PBIBD.

Combinatorial Design	Key Pool Size	Number of Key Rings	Key Ring Size
BIBD [3]	q2 + q + 1	q2 + q + 1	q + 1
RD [30]	q2 + q + 1	(q2 + q + 1)(q + 1)	q
Linear TD [20]	kq	q 2	k
2-D PBIBD	q 2	q 2	2q − 2
3-D EX-PBIBD	q 3	q 3	3q − 3

6.1. Network Scalability

According to Table 3, we can obtain network scalability of these schemes. In sBIBD scheme, the key ring size was k = q + 1 and the maximum size of network supported by sBIBD scheme was q2 + q + 1. In RD scheme, the key ring size was k = q and the scalability of RD scheme was computed as (q2 + q + 1)(q + 1). In linear TD scheme, the key ring size was k and the probability that two sensor nodes shared a common key was Pr1. Then a prime q was chosen such that q + 1 ≤ k/Pr1, and the maximum scale of network supported by linear TD scheme was q2 [20]. In 2-D µ-PBIBD scheme, each node is preloaded with k = 2q − 2 distinct keys and the maximum network size that can be supported by 2-D µ-PBIBD scheme is q2. The key ring size is k = 3q − 3 in 3-D Ex-µ-PBIBD scheme which can support network size up to q3.

The scalability of µ-PBIBD and Ex-µ-PBIBD are compared with sBIBD, RD and TD schemes when size of key ring increases from 10 to 100 by increments of 10. For linear TD scheme, we analyze the scalability in the case of Pr1 = 0.3 and Pr1 = 0.9. As expected, Ex-µ-PBIBD scheme performs better network scalability than µ-PBIBD scheme. Figure 4 shows that at the same key ring size, scalability of Ex-PBIBD is higher than, PBIBD, BIBD and TD(Pr1 = 0.9) scheme, while it is lower than RD and TD(Pr1 = 0.3) scheme. When key ring size is up to 100, the network sizes of the schemes in Figure 4 are 1020201, 110224, 40471, 12100, 9901, and 2601, respectively. Although the scalability of Ex-µ-PBIBD scheme is not the best among the above schemes, according to the data in Figure 4, we achieve that the key ring size in Ex-µ-PBIBD scheme can enough support the corresponding network size in practical WSNs.

Figure 4

Comparison of network scalability of different KPD schemes at the same key ring size k.

6.2. Key Connectivity

In sBIBD scheme with parameters (q2 + q + 1, q + 1, 1), the probability of key shared between each pair of nodes was always 1. Thus, direct key connectivity of BIBD scheme is 1.

In RD scheme with parameters (q2 + q + 1, (q2 + q + 1)(q + 1), q(q + 1), q, 1), the probability that any pair of blocks come from same class was given by and the probability of the pair of blocks shared one or more points was computed as

The probability that any pair of blocks come from different classes was given by and the probability that any pair of blocks shared one or more points was computed as

The formula for Q, P, Q and P were given in Ref. [30]. Then key connectivity of RD scheme was expressed as where Q, P, Q and P could be computed using Equations (17)–(20).

The key connectivity of Linear TD scheme was estimated as follows:

Figure 5 shows key connectivity of the four combinatorial schemes. Any pair of nodes in sBIBD scheme and µ-sPBIBD scheme have at least one common key. Thus the two schemes have complete connectivity property. The connectivity of Linear TD scheme was determined by parameters k and q. In order to compare with the connectivity of Linear TD scheme, the network scale of TD scheme should be the same as that of Ex-µ-PBIBD. Figure 5 shows that at equal key ring size, Ex-µ-sPBIBD scheme has better connectivity than RD scheme when key ring size is more than 13. While it has worse connectivity than TD scheme. We can find that, as key ring size increases, direct connectivity of the proposed scheme decreases in Figure 5. This is due to fact that the probability of key-share tends to O(1/k) when k tends to infinity.

Figure 5

Comparison of key connectivity of different schemes at the key ring size.

6.3. Network Resilience

In this subsection, we discuss network resilience of the five schemes. The network resilience of the sBIBD scheme [32] was calculated as where x represented the number of captured nodes.

In RD scheme, the network resilience [30] was given by where x was the number of captured nodes.

The network resilience of TD scheme in Reference [23] was computed using the following equation:

In Figure 6, we compare the network resilience of the five schemes at equal number of captured nodes for k = 24 and k = 48, respectively. In order to compare the performance of TD scheme in a similar setting, we consider two cases of TD schemes which have the same scalability and connectivity as those of our scheme, respectively. According to Figure 6, we can find that Ex-µ-sPBIBD scheme provides the best network resilience against compromised nodes in the five schemes. The figures reflect the fact that the network resilience of Ex-µ-PBIBD scheme hardly substantially declines, as the number of compromised node increases. Comparing Figure 6a with Figure 6b, the higher k is, the better the network resilience is in the case of the same number of captured nodes. That is because the session key between nodes is constructed by shared-keys of key rings between the two nodes. Then more nodes are needed to capture along with the increase of key ring size.

Figure 6

Comparison of resilience of different schemes at the same key ring size. In this figure, resilience is probability of compromised links between two fixed non-compromised nodes versus number of compromise nodes. TD_sca and TD_con are two cases of TD scheme which have the same scalability and connectivity as those of Ex-µ-PBIBD, respectively. (a) k = 24; (b) k = 48.

6.4. Additional Analysis

In Ex-µ-sPBIBD scheme, connectivity, scalability and resilience are determined by size of key ring (denoted by k). Thus, choosing the proper parameter k could achieve a trade-off between connectivity and resiliency. Comparing with TD scheme, we should normalize by fixing the size of key ring, k, and key connectivity, Con. Firstly, we computer connectivity of Ex-µ-PBIBD scheme using Equation (3). Next, fixing the size of key ring and the key connectivity, we obtain resilience of TD scheme from Equations (21) and (24) and scalability from Table 3. In Table 4, the parameter choices of schemes are summarized. Then we list the maximum network size (denoted by M) and resilience Res(x) of two schemes. We could select the value of k according to requirement of practical WSN.

Table 4

Performance of schemes for values of k and Con fixed.

Parameter	Linear TD	Ex-PBIBD
k = 24Con = 0.3	M = 6241Res(40) = 0.3915Res(80) = 0.6297Res(100) = 0.7112	M = 729Res(40) = 0.1642Res(80) = 0.2533Res(100) = 0.2728
k = 36Con = 0.213	M = 28224Res(40) = 0.2102Res(80) = 0.3762Res(100) = 0.4456	M = 2179Res(40) = 0.0587Res(80) = 0.1131Res(100) = 0.1390
k = 48Con = 0.166	M = 82944Res(40) = 0.1290Res(80) = 0.2414Res(100) = 0.2921	M = 4913Res(40) = 0.0251Res(80) = 0.0533Res(100) = 0.0677

7. Conclusions

In this work, we defined a new combinatorial design, termed “µ-PBIBD” and constructed a 2-D µ-sPBIBD. We proposed a basic mapping from 2-D µ-sPBIBD to KPD which could achieve complete key connectivity and a poor network resilience. To enhance network resilience, we extended a set of keys V from 2-D space to 3-D space and proposed an extended 3-D Ex-µ-sPBIBD KPD scheme with better network scalability and high network resilience. The theoretical analysis and performance comparison with the existing schemes show that KPD scheme based on Ex-µ-sPBIBD increases the network scalability and provides the better network resilience.