SECURITY AND COMMUNICATION NETWORKS

Security Comm. Networks (2014)

Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1058

RESEARCH ARTICLE

A dynamic key management scheme for dynamic

wireless sensor networks
Seyed Hossein Erfani1 *, Hamid H. S. Javadi2 and Amir Masoud Rahmani1
1
Department of Computer Engineering, Islamic Azad University, Science and Research branch, Tehran, Iran
2
Department of Mathematics and Computer Science, Shahed University, Tehran, Iran

ABSTRACT
Dynamic wireless sensor network (DWSN) is a group of mobile sensor nodes deployed in an intended area. Secure
communication in DWSNs depends on the existence of an efficient key management scheme. Because of the movements
of sensor nodes and unknown mobility pattern, dynamic key management is an important issue in such networks. In this
paper, we propose a new key management scheme, which uses key pre-distribution and post-deployment key establishment
mechanisms for DWSNs. The proposed approach ensures that the two communicating nodes share at least one common
key. It also provides efficient ways for key generation and revocation as well as addition or deletion of mobile sensor
nodes. Compared with the other key management schemes, which are designed for DWSNs, our simulation and analytical
results demonstrate the efficiency of the proposed approach in terms of confidentiality, resilience, memory usage, energy
consumption and overhead. Copyright © 2014 John Wiley & Sons, Ltd.

KEYWORDS
dynamic wireless sensor network; key management; energy efficiency; scalability
*Correspondence
Seyed Hossein Erfani, Department of Computer Engineering, Islamic Azad University, Science and Research branch, Tehran, Iran.
E-mail: h.erfani@srbiau.ac.ir

1. INTRODUCTION hierarchical key management schemes. We can define

Dynamic wireless sensor network (DWSN) is a group
of lightweight mobile devices with short-range radio
communication capability, limited computational power
and memory space. These devices are equipped with var-
ious types of sensors to sense and gather environmental
data, which will be sent through the network. Sensor
nodes store the collected data and transmit it to the sink
node or base station (BS). Although the use of mobile
nodes brings some advantages such as improved cover-
age and energy efficiency, it leads to some type of security
challenges [1]. Because, in DWSNs, sensor nodes move
around the deployment area with different mobility
patterns, establishing a secure communication between
two sensor nodes becomes a challenging issue. Moreover,
node authentication and key exchanges in such networks
impose some communication and computation overhead to
the network.
Recent advances in hardware and communication
technologies and also in security mechanisms, which are
used in WSNs, [2–4] have led to the introduction of several
key management solutions such as key pre-distribution,
pairwise key agreement, group-wise key agreement, and
key management as a set of procedures that support key
distribution and the maintenance of keying relationships
between authorized nodes according to a security policy
[5]. Key management schemes can be divided into two
categories: (i) Static: Cryptographic keys are pre-
distributed into sensor nodes and do not change during
the lifetime of sensor nodes; (ii) Dynamic: Secret keys
of a node are changed throughout the lifetime of node,
that is, rekeying is performed periodically or on demand
[5]. Dynamic key management schemes can be catego-
rized as centralized or distributed because of the exis-
tence of central entity, which performs the key generation
and distribution processes [5]. On the basis of various
cryptographic primitives, distributed schemes can be fur-
ther categorized into three sub-categories: exclusion basis
system-based [6,7], polynomial secret-sharing-based [8,9],
and deterministic sequence number-based [10] schemes.
Moreover, variety in the network structures forces
centralized approaches to be classified into three groups:
flat network-based [11,12], hierarchical network-based
[13,14], or heterogeneous network-based [15] approaches.
According to the characteristics of flat networks,
nodes have the same responsibilities and capabilities.

Copyright © 2014 John Wiley & Sons, Ltd.

A dynamic key management scheme for DWSNs
Hierarchical network-based schemes aim to reduce
communication overhead for rekeying purpose by clus-
tering the network. Finally, heterogeneous network-based
approaches benefit from variety in resource availability of
nodes in order to manage the network functionality.
In this paper, we present an efficient dynamic key
management scheme, which uses both key pre-distribution
and post-deployment key establishment methods and
stands in the category of flat network-based approaches.
Our analysis results show that the proposed approach pro-
vides better resilience in dynamic environments compared
with similar previous protocols.
The rest of the paper is organized as follows: Section 2
presents some related works. Section 3 describes our net-
work model. Section 4 details the key management method
in the proposed approach. Section 5 provides performance
and security evaluation of our proposed scheme. Finally,
Section 6 concludes the paper and outlines directions for
future research studies.
2. RELATED WORKS ON DYNAMIC
WIRELESS SENSOR
NETWORK SECURITY
2.1. Key pre-distribution schemes
Key pre-distribution is one of the solutions to the problem
of key establishment in WSNs where a finite set of keys is
assigned to each sensor node before deployment of the net-
work. Key pre-distribution schemes can be classified into
three categories: random, deterministic, and hybrid. In ran-
dom schemes, a set of keys are randomly drawn from a key
pool and stored in each sensor node. These schemes do not
ensure direct communication between every pair of nodes
through a common key. If the two nodes cannot commu-
nicate directly, we need to establish a path between them.
Establishing a path key increases energy consumption and
decreases the speed of communications. In deterministic
schemes, key pools and key chains are designed determin-
istically in order to provide better key connectivity. Hybrid
schemes use both deterministic and probabilistic solutions
in order to improve scalability and resilience.
Eschenauer and Gligor [2] proposed a random key pre-
distribution scheme, which is called EG, for distributed
WSNs. In this scheme, a large key pool is generated, and
each sensor node is preloaded with a number of keys,
which are chosen randomly from this key pool. In key dis-
covery phase, the two neighboring nodes exchange the list
of key identifiers in their key chains to find a common
key. If they share a common key, they can communi-
cate securely. Otherwise, they use intermediate nodes to
establish a path key.
Combinatorial design theory can be used to design
a deterministic Key pre-distribution scheme (KPS).
Combinatorial design theory deals with the arrangement
of the elements of a finite set into subsets to fulfill cer-
tain properties [16]. One of the most important properties
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
of combinatorial design is that by choosing appropri-
ate parameters, we can increase the connectivity of the
network while decreasing the computation and communi-
cation overhead.
Çamtepe and Yener proposed a deterministic KPS
for distributed WSNs [16]. They used finite generalized
quadrangles and symmetric balanced incomplete block
design (BIBD) in their scheme. These schemes provide
full connectivity while diminishing the resilience and
scalability. Lee and Stinson used transversal design [17]
to achieve better resilience. Some other deterministic key
pre-distribution schemes have been proposed by Roy and
Ruj, which is based on partially BIBD (PBIBD) [18], and
Dong and Pei, which uses orthogonal arrays [19].
2.2. Post-deployment key
distribution schemes
Recently, some methods have been introduced for authenti-
cation and key establishment in DWSNs [20–23]. Accord-
ing to [20], in order to provide security in such networks, a
mobile sensor node has to be authenticated by new neigh-
boring nodes and establishes a common key for secure
communication. In this scheme, to enhance security, both
pre-distributed and post-deployment keys have been used.
All keys have been assigned a time stamp and lifetime.
One of the advantages of this method is its scalability. It
also provides secure communication between every pair of
nodes. The most important disadvantage of this scheme is
the amount of memory usage for storing key lifetime and
time stamp in each sensor node. Large values for key life-
time results in the decrease of resilience, whereas small
values lead to more key constructions and consequently
more energy consumption.
Han et al. [21] proposed an approach for efficient
node authentication and key exchange, which reduces the
overhead of mobile node re-authentication. In this method,
each sink node authenticates other neighboring sink and
sensor nodes. The advantage of this method is that when
a node connects to a new sink after moving from another
neighboring sink nodes communication range, the new
sink node is able to re-authenticate that sensor node
with less communication and computation overhead. After
authentication, each sensor node constructs a key for
communicating with the sink node, which is located in its
communication range.
In [10], Zhang et al. proposed an Energy-efficient Dis-
tributed Deterministic Key (EDDK) management scheme
in which establishment and maintenance of the pairwise
keys and the local cluster keys have been considered.
In this scheme, an initial key (i.e., KI ) and a network-
wide shared pseudo-random function (i.e., f ) are pre-
distributed to each node before the deployment of the
network. Each node can compute its individual key using
KI and f . Moreover, each node shares a local cluster key
with all of its neighboring nodes and also stores a neigh-
bor table to maintain ID, pairwise key, sequence number,
local cluster key and local broadcast sequence number
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
of its neighbors. This scheme consists of three phases:
key establishment, data transfer, and key maintenance.
The main advantage of the EDDK scheme is that pairwise
keys are decentralized and the compromise of any sensor
node does not affect other communication links. It is also
resilient against replay attack, Sybil, and node replication
attacks. The main disadvantage of EDDK is that it is not
applicable in dense networks because each sensor node
should store a table, which includes the information of all
of its neighbors [5].
3. NETWORK MODEL
We assume a DWSN, which consists of a large number
of tiny mobile sensor nodes, multiple sink nodes, and a
BS. BS is assumed to be resourceful and secure. It man-
ages the entire network and stores all gathered information
by sensor nodes. Sink node is assumed to have more stor-
age capacity, processing power, communication range, and
energy than sensor nodes. A sink node acts as a gateway
between sensor nodes and BS. Sensor nodes are assumed
to have a random linear movement pattern. BS and sink
nodes are static as same as Han scheme [21,22]. In our net-
work model, each sensor node has a unique ID and stores
some pre-distributed and post-deployment keys in its mem-
ory. The pre-distributed keys are loaded to the memory of
sensor nodes before network deployment, and after that,
some post-deployment keys are generated and stored in
each sensor node (Section 4). The BS manages the key gen-
eration and distribution between sensor nodes and stores
information about each sensor node.
4. PROPOSED APPROACH
In the proposed approach, we partition the memory of
each sensor node into two parts. We store ˛ pre-distributed
keys in the first part and ˇ post-deployment keys in
the second part. Each pair of sensor nodes, which are
within each other’s radio range and have a common
pre-distributed or post-deployment key, can communi-
cate securely. If the two neighboring nodes do not share
any common key, they can construct a post-deployment
key using the procedure, which will be described in the
following subsection.
4.1. Key construction
Assume the two neighboring nodes i and j need to con-
struct a post-deployment key. First, each of these two nodes
should generate a packet with a random number and a time
stamp and send the generated packets to the BS through
the nearest sink node. The content of this message can
be decrypted only by the BS. Then, BS sends the random
number of node i to node j and the random number of node
j to node i in an encrypted manner. Finally, these two nodes
generate the shared key using the random numbers and
time stamp. In what follows, we provide detailed proce-
dure of the key generation phase for sensor node i. It is also
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A dynamic key management scheme for DWSNs
worth mentioning that the same procedure is performed by
sensor node j.
(1) Sensor node i computes vi and ui as follows and
sends them to the sink node:
 
Ki = h Ki1 k Ki2 k    k Ki˛ k i k 0
 
MKi = h Ki1 k Ki2 k    k Ki˛ k i k 1
ui = EKi {i k j k S1 k Ri k TSi } (1)
vi = MACMKi {i k j k S1 k ui }
Ni ! S1 : i k S1 k ui k vi
where ˛ is preloaded key-chain size of each sensor
j
node, and Ki is the j-th key in i-th sensor node’s key
chain. Moreover, S1 is the nearest sink node to the
sensor node i, and Ri is a random number, which is
generated by sensor node i. The time stamp of node
i is demonstrated by TSi , and h is an Elliptic Curve
Digital Signature Algorithm (ECDSA) hash function
[24].
(2) Node S1 transmits the received message to the BS
directly or through a multi-hop path (via other sink
nodes). We concatenate a message authentication
code (MAC) to each message.
S1 ! BS : i k S1 k ui k vi k
MACKS1 (i k S1 k ui k vi ) (2)
(3) The BS is aware of the keys that are stored in sensor
node i; therefore, it can decrypt ui after authenticat-
ing the message. After authenticating vi , BS decrypts
ui and obtains Ri . Similarly, node j performs the
aforementioned steps. BS extracts Rj in the same way
and checks the accuracy of TS. Then, it generates two
encrypted messages v0i and u0i as follows and sends
them to S1 :
u0i = EKi {i k j k S1 k Rj k TSij }
v0i = MACMKi (i k j k S1 k u0i )
(3)
BS ! S1 : BS k i k S1 k u0i k v0i
S1 ! Ni : i k S1 k u0i k v0i
Node S1 sends the message to sensor node
i afterward.
(4) After receiving the message, node i verifies v0i and
decrypts u0i to obtain Rj . Then, it computes KijTS
according to the following equation and puts it in the
post-deployment key list.
TSij
Kij = KGF(Ri k Rj k TSij ) (4)
where KGF is a key generation function, which is
similar to a hash function. If the number of keys in
post-deployment key list is more than ˇ, the key with
minimum amount of TS will be deleted from the list.
A dynamic key management scheme for DWSNs
(5) Finally, node i sends ACK to the sink node.
v00i = MAC k j k ACK k Ri k Rj k TSij )
TSij (i
Kij
Ni ! S1 : i k S1 k ACK k v00i
4.2. Key revocation
The key KijTS will be revoked if the following conditions
occur:
(1) There are more than or equal to ˇ keys in the post-
deployment key list.
(2) Sensor node i or j wants to generate a new common
key with sensor node k.
(3) If TS is the lowest time stamp of sensor node i or j in
the post-deployment key list.
Assuming that the aforementioned conditions are met
by sensor node i, the key must be removed from the mem-
ory of nodes i and j. Sensor node i erases the key KijTS from
its memory, whereas sensor node j removes the key when it
is prompted by the BS; That is, the BS informs the sensor
node j to remove the key KijTS .
5. PERFORMANCE AND
SECURITY ANALYSIS
In this section, we present the performance evaluation
of the proposed scheme through simulation experiments.
We provide extensive simulations to verify the perfor-
mance metrics such as communication pass, message size,
memory and energy consumption, computation overhead,
and the resilience of the proposed scheme. We compare
the proposed approach with two types of key distribution
methods, that is, key pre-distribution schemes such as EG
[2] and BIBD [16] and post-deployment key management
schemes introduced by Han and Shon [22], Qiu et al. [20],
and Zhang et al. [10].
We assume 10 000 sensor nodes, and 100 sink nodes are
randomly distributed in a 1000  1000 m field. Each sensor
node has a fixed speed ranging from 1 to 10 m/s. The radio
range of each sensor node is considered as 50 m, and each
sensor node stores 100 keys in its memory.
5.1. Performance analysis
5.1.1. Communication pass.
We consider the number of messages that will be sent
by sensor nodes, sink, and BS for generating common keys
Table I. Comparison of required number of communication passes.
Schemes Han (initial) Han (re-authentication)
Node 2h 2h
Sink 2t 1 0 or t
BS 1 0
BS, base station.
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
as communication pass. In terms of communication pass,
the proposed approach is compared with the three other
related schemes in Table I. Here, h is taken as the number
of intermediate nodes between sensor node and sink, n is
(5)
denoted as the number of sensor nodes neighbors, and t
represents the number of sink nodes between sensor nodes
and BS.
In Han scheme [22], neighboring two hop sink nodes
share the information of sensor nodes with each other;
therefore, sensor nodes do not need to be re-authenticated
by the new sink when they leave a sink node’s radio range
and connect to another sink node. Each sensor node is
assigned an authentication ticket, which is used by sink
nodes for re-authentication.
In Qiu scheme [20], each sensor node is assumed to
be able to send message to BS directly. Therefore, sen-
sor nodes send requesting key message to the BS directly,
and BS sends back a message, which includes the
requested key to the sensor node through some sink
nodes accordingly.
In the key pre-distribution methods, two neighboring
nodes send a message only to discover a shared key, and
there is no need for key construction.
Because of key pre-distribution phase in the proposed
approach and Qiu scheme, if two neighboring nodes share
a common key, there is no need for sending further mes-
sages to generate a common key.
In the proposed scheme, when two neighboring nodes
do not share a common key, they construct a new one
as described in Section 4.1. If two neighboring nodes
share a common pre-distributed key, they send a message
to each other to discover shared key; otherwise, if they
share a post-deployment key, they do not need to send any
messages to find it.
5.1.2. Message size.
We have compared our scheme with other aforemen-
tioned schemes in terms of the required message size for
authentication and key construction. As mentioned before,
key pre-distribution schemes do not need key construction,
and they are able to find a common key by sending only
one message. For example, in combinatorial design based
key pre-distribution schemes, the two sensor nodes only
broadcast their ID. But in random or hybrid designs, sensor
nodes broadcast their key indexes or send an encrypted
challenge.
We have compared the message size of our proposed
scheme with that of Han and Qiu schemes considering the
following parameters: MAC size is considered as 4 bytes,
Qiu Pre-distribution Proposed approach
0 or 1 0 0 or 2h
0 0 or 2t
0 or 1 0 0 or 1
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani A dynamic key management scheme for DWSNs

Table II. Comparison of required message size for authentication and key construction (bytes).

Schemes Han (initial) Han (re-authentication) Qiu Proposed approach

Node to sink 48 74 26 34
Sink to sink 52 0 26 38
Sink to BS 54 0 26 38
BS to sink 46 0 70 36
Sink to sink 50 0 74 36
Sink to node 88 24 40 24
Total message size 338 98 210 206
BS, base station.

Table III. Comparison of computation overhead.

Schemes Han (initial) Han (re-authentication) Qiu Proposed approach

Cryptography in total 10 4 4 4
Cryptography by sensor node 3 1 2 2
MAC in total 14 10 12 14
MAC by sensor node 4 4 4 5
MAC, message authentication code.

4 bytes for time stamp, random nonce as 16 bytes, and
32 bytes for key size. We also consider 2 bytes for the
source and destination IDs.
To compute message size, we did not consider the
message overhead, which consists of a protocol ID, a mes-
sage ID, a check-sum, and the headers and footers of the
low-level network layers.
Table II shows the authentication message size, which
is sent between sink node and BS (two hop distance is
assumed between them). The message length in the pro-
posed method is lower than Han (in init phase) and Qiu
schemes because of the existence of pre-distributed keys
stored in each sensor node’s memory, which are used
for key construction. As the key reconstruction in Han
scheme is performed locally based on existing informa-
tion in neighboring sink nodes, the message length in
re-authentication phase is lower compared with that of our
proposed scheme.
5.1.3. Computation overhead.
In the key construction phase, the most computation
overhead is related to cryptography and authentication
operations. The number of encryption or decryption oper-
ations in each node is illustrated in Table III. All these
three schemes use light weight cryptography methods. We
applied TinySEC [3] and TinyHash [4] for implementation
of the proposed scheme.
5.1.4. Memory consumption.
5.1.4.1. Key space analysis. As mentioned in Section
4, we have partitioned the memory of each sensor node
into two parts. One for keeping pre-distributed keys and
the other for post-deployment keys.
Figure 1 depicts the average number of sent messages
for key construction (computation overhead) when the val-
ues of ˛ and ˇ vary. As it can be seen, as ˛, that is,
pre-distribution space, decreases the probability of key
share is reduced, thus the number of exchanged mes-
sages grows. Furthermore, as ˇ, that is, post-deployment
space, increases, less number of keys are generated, thus
less number of messages are exchanged in the network.
Because of the mobility of nodes, each pair of nodes may
leave each others radio range and return back after a few
seconds. If we consider large post-deployment space, we
do not need to erase some keys in order to store new
generated keys; therefore, the two nodes already possess
the common key in their memory. Thus, the number of
required messages to be exchanged for generating new
keys decreases.
It can be realized that by storing 90 post-deployment
and 10 pre-distributed keys in each sensor node, we will
achieve the best result in terms of the number of trans-
mitted messages. While the security of the before node
authentication phaseİ (Section 5.2.6) is dependent to the
number of pre-distributed keys, there is a trade-off between
˛ and ˇ.
The advantage of our proposed scheme is that it
provides full secure connectivity, while the probability of
key share in EG key pre-distribution method [2] with the
same key chain size is about 0.63. To achieve the full
connectivity in EG, at least 300 keys must be saved in
each node.
The probability of key share in BIBD-based scheme
[16] is similar to the proposed scheme while it is not
scalable.
5.1.4.2. Key space comparison. In this section, we
compute the required memory space for storing keys in
sensor nodes, sink nodes, and BS. In Table IV, the amount
of memory required for storing keys in the proposed
scheme and the three other similar solutions are compared
with each other. Here, N is denoted as the network size,

Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A dynamic key management scheme for DWSNs S. H. Erfani, H. H. S. Javadi and A. M. Rahmani

Figure 1. Average number of sent messages based on different values of ˛ and ˇ .

Table IV. Comparison of memory consumption in terms of key-chain size.

Schemes Han Qiu Pre-distribution (BIBD) Proposed approach

p
Node 1 ˛+ˇ +1 N ˛+ˇ
Sink Kn+1 1 — 1
BS N+S Nˇ — N(˛ + ˇ ) + S
BS, base station; BIBD, balanced incomplete block design.

S demonstrates the number of sink nodes, and n is the
average number of sensor nodes, which placed in the radio
range of each sink node.
Each sink node stores only a key KS , which is used
by other sink nodes, and BS to authenticate this node.
BS stores a key table, which contains some information
about sensor nodes’ keys. In addition, BS is aware of sink
nodes’ keys.
In Han scheme, key construction is occurred only
between sensor node and sink. In this scheme, two sensor
nodes can communicate only through a sink node. Also
each node has only a common key with a sink node, which
is located in its radio range. Each sink node stores the keys
of all sensor nodes, which are placed in its radio range, the
stored information in neighboring sink nodes about sensor
nodes, and a key for communicating with BS. Here, K is
denoted as the number of two hop neighboring sink nodes.
BS maintains all the keys that are stored in all sensor nodes
and sinks.
Qiu et al. assumed that each sensor node is able to
communicate directly with BS. Therefore, each sensor
node stores a key for communication with the BS. Because
sensor nodes in Qiu scheme store key lifetime along with
the keys, the number of stored keys in each sensor node
depends on the lifetime of each key. Although the sink
nodes store one key to communicate with BS, BS stores all
post-deployment keys with their time stamp accordingly.
Anyway, in the same conditions, memory usage of the
proposed scheme is lower than the Qiu scheme.
5.1.5. Energy consumption.
As mentioned earlier, in Han scheme, the key construc-
tion process is performed only when the sensor node moves
from a sink node’s radio range into another node’s radio
range, while there is not any key that is generated for com-
munication between a pair of sensor nodes. In this scheme,
the sink nodes should cover the whole network while in the
proposed scheme, coverage of all the sensing area by sink
nodes is not necessary.
Figure 2(a) demonstrates the effect of network size
on the average energy consumption by a sensor node in
the proposed approach versus Qiu, Han, and EDDK
schemes. It can be realized that as network size increases,
the proposed approach outperforms the Han and EDDK
schemes, and it is almost the same as Qiu scheme. In
the proposed scheme, size of the messages, which are
exchanged to construct a shared key, is smaller than the
size of messages in Qui scheme. In Han scheme, the shared
key is generated in initial phase and also re-authentication
phase. Furthermore, two sensor nodes, which reside in the
radio range of each other, can communicate only through a
sink node. While, in the proposed scheme, each pair of sen-
sor nodes can generate a shared key between themselves
using their pre-distributed keys.

Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
Figure 2. Simulation results for the average energy consumed by a node: (a) energy consumption versus network size, (b) energy
consumption versus time, and (c) energy consumed by a node based on different values of ˛ and ˇ .
Table V. Energy cost of common operations on MICAz [26].
Energy cost MICAz
Compute for 1 Tclk 3.5 nJ
Transmit 1 bit 0.60 J
Receive 1 bit 0.67 J
Listen for 1 Tclk 9.2 nJ
Sleep for 1 Tclk 3 pJ
In comparison with EDDK, the proposed scheme
is more scalable. In EDDK scheme, each sensor node
constructs a shared key with all of its neighboring nodes,
while in the proposed scheme, sensor nodes construct
a shared key only when they do not have a shared
pre-distributed key.
The average energy is calculated according to the
sent and received message sizes, which are illustrated
in Table II, and energy cost of sending and receiving
operations in MICAz, which is represented in Table V.
Figure 2(b) depicts the snapshot of the first 20 s of
the simulation, and Figure 2(c) shows the average energy
consumed by a node when the space, which is dedicated
to pre-distribution keys and post-deployment keys, varies.
We compared the energy consumption in the deployment
time and afterward. It can be realized that in the case
which ˛ = 90 and ˇ = 10, the energy consumed by the
node is almost the same; while if we consider ˛ = 10
and ˇ = 90, the energy consumed in the deployment
time is more than other times. In the latter case, as we
consider small space for pre-distributed keys, the proba-
bility of key share decreases, which forces the generation
of new post-deployment keys, and leads to more energy
consumption.
5.2. Security analysis
5.2.1. Sensor node authentication.
In the proposed scheme, each sensor node Ni is assigned
a set of keys, which are used to generate keys Ki and MKi
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A dynamic key management scheme for DWSNs
according to Equation 1. Because the BS is aware of the
pre-distributed keys on each sensor node, it can authenti-
cate the sensor node Ni using vi . An attacker needs to attain
function h and all pre-distributed keys in sensor node i to
be able to generate Ki and MKi . It is possible for an attacker
to recover function h and some of the pre-distributed keys
by capturing a node with the probability that is defined in
[2], but as he or she does not know the order of keys, he
or she can not recover the MKi. Considering a key pool of
size P and key chain size ˛, the probability of discovering
keys Ki and MKi when an attacker captures all the nodes
of the network can be defined as
(P – ˛)!
(6)
P!
5.2.2. Confidentiality and
message authentication.
Each sensor node in the proposed scheme is assigned
with two types of keys, that is, pre-distributed keys and
post-deployment keys. Each pair of communicating nodes,
for example, sensor nodes i and j, encrypts their mes-
TSij
sages by a shared pre-distributed key or by Kij . Hence,
confidentiality and reliability of the exchanged message is
related to the secrecy of these keys. As we will discuss in
section 5.2.6, pre-distributed keys are vulnerable against
node capture attack, but post-deployment keys are resilient
against this type of attack. The messages, which are sent to
the BS or sink nodes, are encrypted by Ki , which is resilient
against node capture attack.
5.2.3. Forward and backward secrecy.
Forward secrecy ensures that a passive adversary
can not use an old subset of group keys to decrypt
new messages with subsequent group keys. Backward
secrecy ensures that a passive adversary who knows new
group keys cannot recover previous messages, which are
encrypted by prior keys [5,25].
The proposed approach uses some random numbers
and time stamps to generate new keys. Therefore, an
attacker who discovered previous keys can not recover new
A dynamic key management scheme for DWSNs
messages, which are encrypted with new generated keys
and vice versa. So, the proposed approach ensures for-
ward and backward secrecy just like Han, Qiu, and
EDDK schemes.
5.2.4. Security against known attacks.
In the proposed scheme, as an attacker can not dis-
cover the keys Ki and MKi , even if he or she can spoof
TSij
the identity of Ni , he or she can not recover the key Kij .
Therefore, spoofing an identity or using several IDs is not
possible in the proposed scheme, and sinkhole, sybil, and
spoofing attacks will fail.
The wormhole attack will also fail in the proposed
scheme because according to Equation 2, BS receives the
intermediate sink node’s ID and MAC along with the
source sensor node’s information.
In replay attack, an attacker resends an old message,
which has been sent for key generation request. In the pro-
posed approach, time stamp TSij has been used to prevent
the replay attack. In this case, the new generated shared key
between the two nodes will not be the same as the priori
key. An attacker can continuously resend an old message
to consume the energy of sensor nodes; however, these
messages will be discarded.
In comparison with other related works, the schemes
introduced by Han and Shon [22], Qiu et al. [20], and the
EDDK scheme [10] are also resistant against the afore-
mentioned types of attacks. However, EDDK scheme can
not be used in dense networks. Moreover, as each sensor
node maintains a neighbor table with limited entries, some
new authenticated sensor nodes may not be able to join the
network [5].
Figure 3. Comparison of resilience between the proposed scheme and balanced incomplete block design based scheme where the
key-chain size is 100.
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
5.2.5. Collusion resistance.
Collusion resistance can be considered as a security
metric for the evaluation of key management schemes in
WSNs. A good dynamic key management scheme should
tolerate the collusion of an attacker and a set of corrupted
sensors for secure communications [5].
As explained in Section 4.1, each pair of communicat-
ing nodes, for example, sensor nodes Ni and Nj , shares a
common key using their private keys, that is, Ki and Kj
correspondingly, by the means of BS. Because an attacker
can not discover these keys, he or she can not disrupt the
communication between these two nodes even if he or she
captures other nodes of the network.
5.2.6. Resilience.
We assume that, whenever a sensor node or a sink node
is captured by an attacker, all of the keys, which are stored
within this node, are compromised. Compromising a node
may occur in two phases of node’s lifetime:
5.2.6.1. Before node authentication phase. In
many schemes such as Qiu and Han, as the network is con-
sidered safe against node capture attack during this phase,
it will be very vulnerable. In these schemes, if a sensor
node or sink node is captured in this phase, key materials,
which are used for key construction, are disclosed, thus all
communication links will be compromised. But in the pro-
posed scheme, as we use pre-distributed keys as well as
post-deployment keys, we provide better resilience against
node capture attack. Here, the resilience of sensor network
depends on the number of pre-distributed keys and key
pool size.
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
5.2.6.2. After node authentication phase. In this
phase, if a sink node is captured, only KS is compromised,
which is used for generating MAC for sending informa-
tion to the BS. While KS is unique for each sink node,
compromising a sink node does not affect other sink nodes.
When a sensor node is captured by an attacker, all
pre-distributed and post-deployment keys of this node are
compromised. Because each post-deployment key is gen-
erated for securing the communication between a pair of
nodes, the compromise of such key does not affect the
security of other communications. On the other hand, while
pre-distributed keys are common between some sensor
nodes, compromising the pre-distributed keys of a sensor
node will make other communication links insecure with
the probability of (C  ˛)/P according to [2] where C
denotes the number of compromised sensor nodes, ˛ is the
number of pre-distributed keys in each sensor node, and P
demonstrates the key pool size.
As the proposed scheme is similar to the BIBD-based
design in terms of key sharing probability, we compared
our scheme with BIBD-based approach in terms of
resilience. Figure 3 shows the resilience comparison
between both designs, where key-chain size in both
schemes is the same.
In BIBD-based scheme, there is no need to send any
message for key construction except one message for
finding shared key. The advantage of our proposed scheme
compared with BIBD-based design is its higher resilience
against node capture attack. It is also observed that when
we allocate more memory space to post-deployment keys,
resilience improves. For example, in BIBD-based design,
assuming q = 101 and the number of sensor nodes in the
network to be 10 303, if 100 sensor nodes are compro-
mised, the remaining communication links will be insecure
with the probability of 63%; while in our proposed scheme
with the same number of sensor nodes, if we consider 10
pre-distributed keys and 90 post-deployment keys, only
11% of links may be insecure.
6. CONCLUSION
Security is one of the most challenging issues in DWSNs.
Establishment of cryptographic keys is a vital concern in
DWSNs. In this paper, we proposed an efficient dynamic
key management scheme, which provides perfect key
connectivity. Both random key pre-distribution scheme and
post-deployment key management methods are used in the
proposed approach. The performance analysis indicates
that our scheme achieves better resilience and scala-
bility compared with the key pre-distribution methods.
Although it utilizes more memory compared with
the post-deployment key distribution schemes, it provides
better security.
The main drawback of most of the post-deployment
key distribution schemes is that they use one primary key,
and thus, compromise of this key leads to failure of the
entire network. However, in our proposed scheme, a set of
pre-distributed keys is used, so compromising a sensor
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
A dynamic key management scheme for DWSNs
node does not affect other parts of the network. More-
over, in the proposed scheme, sensor nodes utilize minimal
storage compared with that of Qiu hybrid scheme. Further-
more, size of the messages, which are used for generating
keys, is small. Another advantage of the proposed scheme
is that removing captured nodes’ keys allows us to re-
allocate the released memory space to post-deployment
keys. In this way, resilience is improved.
As a future research, memory allocated to pre-
distributed and post-deployment keys can be dynamic, in
such a way that we set the value of ˛ to be greater than ˇ at
first; this value will be reduced through the lifetime of the
network. Therefore, at the beginning of network operation,
the probability of key share is enhanced, and new key gen-
eration procedures are reduced, which results in reduced
energy consumption.
REFERENCES
1. Jiang S, Zhang J, Miao J, Zhou C. A privacy-
preserving reauthentication scheme for mobile
wireless sensor networks. International Jour-
nal of Distributed Sensor Networks 2013; 2013.
http://dx.doi.org/10.1155/2013/913782.
2. Eschenauer L, Gligor VD. A key-management scheme
for distributed sensor networks. Proceedings of the 9th
ACM Conference on Computer and Communications
Security, ACM, Washington, DC, USA, 2002; 41–47.
3. Karlof C, Sastry N, Wagner D. Tinysec: a link layer
security architecture for wireless sensor networks.
Proceedings of the 2nd International Conference
on Embedded Networked Sensor Systems, ACM,
Baltimore, MD, USA, 2004; 162–175.
4. Lee H, Choi Y, Kim H. Implementation of TinyHash
based on hash algorithm for sensor network. Interna-
tional Journal of Electrical, Electronic Science and
Engineering 2007; 1(10): 15–19.
5. He X, Niedermeier M, De Meer H. Dynamic key
management in wireless sensor networks: a survey.
Journal of Network and Computer Applications 2013;
36(2): 611–622.
6. Eltoweissy M, Moharrum M, Mukkamala R. Dynamic
key management in sensor networks. IEEE Communi-
cations Magazine 2006; 44(4): 122–130.
7. Lo CC, Huang CC, Chen SW. An efficient and
scalable EBS-based batch rekeying scheme for
secure group communications. Military Communica-
tions Conference, 2009. MILCOM 2009. IEEE, IEEE,
Boston, USA, 2009; 1–7.
8. Zhang W, Zhu S, Cao G. Predistribution and local
collaboration-based group rekeying for wireless sensor
networks. Ad Hoc Networks 2009; 7(6): 1229–1242.
9. Guo S, Shen AN. A compromise-resilient pair-wise
rekeying protocol in hierarchical wireless sensor
A dynamic key management scheme for DWSNs
networks. Computer Systems Science and Engineering
2010; 25(6): 397–405.
10. Zhang X, He J, Wei Q. Eddk: energy-efficient
distributed deterministic key management for wire-
less sensor networks. EURASIP Journal on Wireless
Communications and Networking 2011; 2011:
12; 1–11.
11. Dini G, Savino IM. An efficient key revocation pro-
tocol for wireless sensor networks. Proceedings of the
2006 International Symposium on World of Wireless,
Mobile and Multimedia Networks, IEEE Computer
Society, Washington, DC, USA, 2006; 450–452.
12. Wang Y, Ramamurthy B, Xue Y. A key manage-
ment protocol for wireless sensor networks with mul-
tiple base stations. IEEE International Conference
on Communications, 2008. ICC’08, IEEE, Beijing,
China, 2008; 1625–1629.
13. Messai ML, Aliouat M, Seba H. Tree based proto-
col for key management in wireless sensor networks.
EURASIP Journal on Wireless Communications and
Networking 2010; 2010: 59; 1–13.
14. Wang G, Kim S, Kang D, Choi D, Cho G. Lightweight
key renewals for clustered sensor networks. Journal of
Networks 2010; 5(3): 300–312.
15. Huang JY, Liao IE, Tang HW. A forward authen-
tication key management scheme for heterogeneous
sensor networks. EURASIP Journal on Wireless
Communications and Networking 2011; 2011: 6;
1–10.
16. Çamtepe SA, Yener B. Combinatorial design of key
distribution mechanisms for wireless sensor networks.
IEEE/ACM Transactions on Networking 2007; 15 (2):
346–358.
17. Lee J, Stinson DR. On the construction of practical
key predistribution schemes for distributed sensor net-
works using combinatorial designs. ACM Transactions
on Information and System Security (TISSEC) 2008;
11(2): 1–35.
S. H. Erfani, H. H. S. Javadi and A. M. Rahmani
18. Ruj S, Roy B. Key predistribution using partially
balanced designs in wireless sensor networks. In Par-
allel and Distributed Processing and Applications.
Springer: Berlin Heidelberg, 2007; 431–445.
19. Dong JW, Pei DY, Wang XL. A class of key predis-
tribution schemes based on orthogonal arrays. Journal
of Computer Science and Technology 2008; 23(5):
825–831.
20. Qiu Y, Zhou J, Baek J, Lopez J. Authentication and
key establishment in dynamic wireless sensor net-
works. Sensors 2010; 10(4): 3718–3731.
21. Han K, Kim K, Shon T. Untraceable mobile
node authentication in WSN. Sensors 2010; 10(5):
4410–4429.
22. Han K, Shon T. Sensor authentication in dynamic
wireless sensor network environments. International
Journal of RFID Security and Cryptography (IJR-
FIDSC) 2012; 1(1/2): 36–44.
23. Huang Q, Cukier J, Kobayashi H, Liu B, Zhang J.
Fast authenticated key establishment protocols for self-
organizing sensor networks. Proceedings of the 2nd
ACM International Conference on Wireless Sensor
Networks and Applications, ACM, Baltimore, MD,
USA, 2003; 141–150.
24. Liu A, Ning P. Tinyecc: a configurable library
for elliptic curve cryptography in wireless sensor
networks. International Conference on Information
Processing in Sensor Networks, 2008. IPSN’08, IEEE,
St. Louis, USA, 2008; 245–256.
25. de Morais Cordeiro C, Agrawal DP. Ad Hoc and
Sensor Networks: Theory and Applications. World
Scientific: River Edge, NJ, USA, 2011.
26. De Meulenaer G, Gosset F, Standaert FX, Pereira
O. On the energy cost of communication and cryp-
tography in wireless sensor networks. IEEE Interna-
tional Conference on Wireless and Mobile Computing,
Networking and Communications, 2008. WIMOB’08,
IEEE, Avignon, France, 2008; 580–585.
Security Comm. Networks (2014) © 2014 John Wiley & Sons, Ltd.
DOI: 10.1002/sec