For example,
assume that two sensor nodes plan to make a secure connection. In a typical
case, a symmetric key is generated for each node in the sensor network before
deployment and is embedded in each sensor node??™s memory. This embedded
key is used for the two sensors to authenticate themselves to the base station.
Then the base station generates a link key or a session key and sends it securely
to both sensor nodes via a single-hop or multi-hops. This is exactly part of
the approach proposed in SPINS [14].
In the trusted-server scheme, the base station is the most appropriate
choice for the server, and each sensor node stores only an embedded key so
that a compromising/captured node cannot reveal much security information
of the sensor network.
The drawback of the trusted-server scheme is that if the server is compromised,
the network is totally unsecured. However, we usually assume that the
base station where the server runs is secured.
413
Xiaojiang Du and Yang Xiao
4.2 Self-enforcing Scheme
The self-enforcing scheme depends on asymmetric cryptography, such as key
agreement using public key certificates. If the sensor node can support the
computationally intensive asymmetric cryptographic operations, key distribution
via asymmetric cryptography is a favored scheme. Sensor nodes conduct
exchanges of public keys and master key signatures after deployment. A sensor
node is legitimate if the master key??™s signature is verified using the master
public key.
Pages:
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650