O secure ad reliable commuicatios i wireless sesor etworks: Towards k-coectivity uder a radom pairwise key predistributio scheme Faruk Yavuz Dept. of ECE ad CyLab Caregie Mello Uiversity Moffett Field, CA 94035 Email: fyavuz@adrew.cmu.edu Ju Zhao Dept. of ECE ad CyLab Caregie Mello Uiversity Pittsburgh, PA 15213 Email: juzhao@cmu.edu Osma Yağa Dept. of ECE ad CyLab Caregie Mello Uiversity Moffett Field, CA 94035 Email: oyaga@ece.cmu.edu Virgil Gligor Dept. of ECE ad CyLab Caregie Mello Uiversity Pittsburgh, PA 15213 Email: gligor@cmu.edu Abstract To be cosidered for a IEEE Jack eil Wolf ISIT Studet Paper Award. We study the secure ad reliable coectivity of wireless sesor etworks. Security is assumed to be esured by the radom pairwise key predistributio scheme of Cha, Perrig, ad Sog, ad ureliable wireless liks are represeted by idepedet o/off chaels. Modelig the etwork by a itersectio of a radom -out graph ad a Erdős-Réyi graph, we preset scalig coditios o the umber of odes, the scheme parameter, ad the probability of a wireless chael beig o such that the resultig graph cotais o odes with degree less tha k with high probability, whe the umber of odes gets large. Results are give i the form of zero-oe laws ad are show to improve the previous results by Yağa ad Makowski o the absece of isolated odes i.e., absece of odes with degree zero. Via simulatios, the established zero-oe laws are show to hold also for the property of k-coectivity; i.e., the property that graph remais coected despite the deletio of ay k 1 odes or edges. eywords: Radom graphs, Coectivity, Zero-oe laws, Wireless sesor etworks. I. INTRODUCTION Wireless sesor etworks WSNs are distributed collectio of small sesor odes that gather security-sesitive data ad cotrol security-critical operatios i a wide rage of idustrial, home ad busiess applicatios [1]. May applicatios require deployig sesor odes i hostile eviromets where a adversary ca eavesdrop sesor commuicatios, ad ca eve capture a umber of sesors ad surreptitiously use them to compromise the etwork. Therefore, cryptographic protectio is required to secure the sesor commuicatio as well as to detect sesor capture ad to revoke the compromised keys. Give the limited commuicatio ad computatioal resources available at each sesor, security is expected to be a key challege i WSNs [2], [3], [4]. Radom key predistributio is oe of the approaches proposed i the literature for addressig security challeges i resource costraied WSNs. The idea of radomly assigig secure keys to the sesor odes prior to etwork deploymet was first itroduced by Escheauer ad Gligor [2]. Followig their origial work, a large umber of key predistributio schemes have bee proposed; see the survey articles [4], [5] ad refereces therei. Here we cosider the radom pairwise key predistributio scheme proposed by Cha et al. i [3]: Before deploymet, each of the sesor odes is paired offlie with distict odes which are radomly selected from amogst all other odes. For each sesor ad ay sesor paired to it, a uique pairwise key is geerated ad stored i their memory modules alog with their ids. Two odes ca the secure a existig wireless commuicatio lik if at least oe of them is paired to the other so that the two odes have at least oe pairwise key i commo. Precise implemetatio details are give i Sectio II. Let H; deote the udirected radom graph o the vertex set {1,..., } where distict odes i ad j are adjacet if they have a pairwise key i commo as described earlier; this radom graph models the radom pairwise predistributio scheme uder full visibility whereby all odes have a wireless lik i betwee. The radom graph H; is kow i the literature o radom graphs as the radom -out graph [6], [7], [8]; several properties of this graph have bee recetly aalyzed by Yağa ad Makowski [9], [10], [11], [12]. Recetly, there has bee a sigificat iterest [13], [14], [15], [16], [17] to drop the full visibility assumptio ad to model ad aalyze radom key predistributio schemes uder more realistic situatios that accout for the possibility that commuicatio liks betwee odes may ot be available This could occur due to the presece of physical barriers betwee odes or because of harsh evirometal coditios severely impairig trasmissio. With this i mid, several authors [14], [15], [16], [17] have started with a simple commuicatio model where wireless liks are represeted by idepedet chaels that are either o with probability p or off with probability 1 p. This suggests a overall modelig framework that is costructed by itersectig the radom - out graph H;, with a Erdős-Réyi ER graph model G; p [6].
I this paper, we iitiate a aalysis towards the k-coectivity for the resultig itersectio graph H G;, p. A etwork or graph is said to be k- coected if its coectivity is preserved despite the failure of ay k 1 odes or liks [18]. Therefore, the property of k-coectivity provides a guaratee of etwork reliability agaist the possible failures of sesors or liks due to adversarial attacks or battery depletio; a much eeded property give the key applicatio areas of sesor etworks such as health moitorig, battlefield surveillace, ad evirometal moitorig. Fially, k-coectivity has importat beefits i mobile wireless sesor etworks. For istace, if a etwork is kow to be k-coected, the ay k 1 odes i the etwork are free to move aywhere i the etwork while the rest of the etwork remais at least 1-coected. Our mai result is a zero-oe law for the property that the miimum ode degree of H G;, p is at least k. Namely, we preset scalig coditios o the parameters p ad with respect to, such that the resultig graph cotais o odes with degree less tha k with probability approachig to zero, or oe, respectively, as the umber of odes gets large. The established results already imply the zero-law for the k-coectivity, sice a graph ca ot be k-coected uless all odes have degree at least k. Further, i most if ot all radom graph models i the literature, icludig ER graphs, radom geometric graphs [18], ad radom key graphs [17], the coditios that esure k-coectivity coicide with those esurig miimum ode degree to be at least k. This is ofte established by showig the improbability of a graph beig ot k-coected whe all odes have at least k eighbors. Here, we demostrate this pheomeo via simulatios which idicate that our zero-oe laws hold also for the property of k- coectivity. Fially, our results costitute a improvemet of the previous results by Yağa ad Makowski [19], [14] o the absece of isolated odes i.e., absece of odes with degree zero i H G;, p. A word o the otatio: All statemets ivolvig limits are uderstood with goig to ifiity. I comparig the asymptotic behaviors of the sequeces {a }, {b }, we use a ob, a Ob, a Ωb, ad a Θb, with their meaig i the stadard Ladau otatio. II. MODEL A. The radom pairwise key predistributio scheme We parametrize the pairwise key distributio scheme by two positive itegers ad such that <. There are odes, labelled i 1,...,, with uique ids Id 1,..., Id. Write N {1,... } ad set N i N {i} for each i 1,...,. With ode i we associate a subset Γ,i of odes selected at radom from N i We say that each of the odes i Γ,i is paired to ode i. Thus, for ay subset A N i, we require P [Γ,i A] 1 1 if A 0 otherwise. The selectio of Γ,i is doe uiformly amogst all subsets of N i which are of size ad the rvs Γ,1,..., Γ, are assumed to be mutually idepedet. Oce this offlie radom pairig has bee created, we costruct the key rigs Σ,1,..., Σ,, oe for each ode, as i [12], [10], [14]. I a utshell, key rigs are costructed such that two odes i ad j share a pairwise key that is assiged exclusively to the pair of odes i ad j if at least oe of the evets i Γ,j or j Γ,i take place. I this case ode i ad j ca secure a existig wireless commuicatio lik available to them. B. Radom -out graphs The pairwise key predistributio scheme aturally gives rise to the followig class of radom graphs: With 2, 3,... ad positive iteger <, we say that the distict odes i ad j are -adjacet, writte i j, if ad oly if they have at least oe key i commo i their key rigs, amely i j iff Σ,i Σ,j. 1 Let H; deote the udirected radom graph o the vertex set {1,..., } iduced by the adjacecy otio 1; this correspods to modelig the pairwise distributio scheme uder full visibility. We have P [i j] λ where λ is the lik assigmet probability i H; give by see [10], [12] λ 2 2. 2 The radom graph H; is kow i the literature o radom graphs as the radom -out graph [6], [7], [8]: To each of the vertices assig exactly arcs to distict vertices that are selected uiformly at radom, ad the igore the orietatio of the arcs. C. Itersectio of radom graphs As metioed earlier, we assume a simple wireless commuicatio model that cosists of idepedet chaels, each of which ca be either o or off. Thus, with p i 0, 1, let {B ij p, 1 i < j } deote i.i.d. {0, 1}-valued rvs with success probability p. The chael betwee odes i ad j is available resp. up with probability p ad uavailable resp. dow with the complemetary probability 1 p. Distict odes i ad j are said to be B-adjacet, writte i B j, if B ij p 1. B-adjacecy defies the stadard Erdős-Réyi ER graph G; p o the vertex set {1,..., } [6]. Obviously, P [i B j] p. The radom graph model studied here is obtaied by itersectig the radom graphs iduced by the pairwise key predistributio scheme, ad by the o-off commuicatio model, respectively. Namely, we cosider the itersectio of H; with the ER graph G; p. I this case, distict odes i ad j are said to be adjacet, writte i j, if ad oly they are both -adjacet ad B-adjacet, amely i j iff Σ,i Σ,j ad B ij p 1. 3
The resultig udirected radom graph defied o the vertex set {1,..., } through this otio of adjacecy is deoted H G;, p. The relevace of H G;, p i the cotext of secure WSNs is ow clear. Two odes that are coected by a edge i H G;, p share at least oe cryptographic key ad have a wireless lik available to them, so that they ca establish a secure commuicatio lik. Throughout we assume the collectios of rvs {Γ,1,..., Γ, } ad {B ij p, 1 i < j } to be idepedet, i which case the edge occurrece probability i H G;, p is give by P [i j] P [i j] P [i B j] pλ. 4 III. MAIN RESULT Our mai techical result is give ext. To fix the termiology, we refer to ay mappig : N 0 N 0 as a scalig for radom -out graphs provided it satisfies the atural coditios < for each 1, 2,.... Similarly, we let ay mappig p : N 0 [0, 1] defie a scalig for Erdős-Réyi graphs. To lighte the otatio we ofte group the parameters ad p ito the ordered pair θ, p. Theorem 3.1: Cosider scaligs : N 0 N 0 ad p : N 0 [0, 1] such that lim 2 ad lim sup p < 1. With the sequece γ : N 0 R defied through we have p 1 log1 p p log + k 1 log log + γ, [ ] lim P Mi ode degree of H G; θ is o less tha k 0 if lim γ 1 if lim γ +. The proof of Theorem 3.1 passes through the method of first ad secod momets [8], applied to the radom variable coutig the umber of odes with degree l, with l 0, 1,..., k 1. Although this techique is stadard i the literature, its applicatio to the itersectio graph H G; θ is far from beig straightforward due to itricate depedecies amogst the degrees of odes. Due to space limitatios, we refer the reader to [20] for a proof of Theorem 3.1. The extra coditios eforced by Theorem 3.1 are required for techical reasos; i.e., for the method of momets to be applied successfully to the aforemetioed cout variables. However, we remark that these coditios are mild ad do o preclude their applicatio i realistic WSN scearios. First, the coditio lim sup p < 1 eforces that wireless commuicatio chaels betwee odes do ot become available with probability oe as gets large. The situatio lim sup p 1 is remiiscet of the full visibility case cosidered i [12], ad is ot likely to hold i practice. I fact, as the umber of odes gets large, it may be expected 5 6 7 that p goes to zero due to iterferece associated with a large umber of odes commuicatig simultaeously. Secod, the coditio lim 2 will already follow if 2 c for some c < 1. Give that 2 is equal to the mea umber of keys stored per sesor i the pairwise scheme [11], this coditio eeds to hold i ay practical WSN sceario due to limited memory ad computatioal capability of the sesors. I fact, Di Pietro et al. [21] oted that key rig sizes o the order of log are feasible for WSNs. IV. COMMENTS AND DISCUSSION A. Compariso with Erdős-Réyi Graphs For each p i [0, 1] ad 2, 3,..., let G; p deote the Erdős-Réyi graph o the vertex set {1,..., } with edge probability p. It is kow that edge assigmets are mutually idepedet i G; p, whereas they are strogly correlated i H; i that they are egatively associated i the sese of Joag-Dev ad Proscha [22]; see [14] for details. Thus, H; caot be equated with G; p eve whe the parameters p ad are selected so that the edge assigmet probabilities i these two graphs coicide, say λ; p. Therefore, H G; θ caot be equated with a ER graph either, ad the results obtaied here are ot mere cosequeces of classical results for ER graphs. However, some similarities do exist betwee H G; θ ad ER graphs. We start by presetig the followig wellkow zero-oe law for k-coectivity i ER graphs [23]: For ay scalig p : N 0 [0, 1] satisfyig p log + k 1 log log + γ for some γ : N 0 R, it holds that 0 if γ lim P [ G; p is k-coected ] 1 if γ +. The same result also holds for the property that miimum ode degree is at least k. O the other had, the coditio 5 ca be rephrased as p 1 log1 p p log + k 1 log log + γ, with the result 7 uchaged. Sice log1 p p, we get from 2 that p 1 log1 p p p λ Hece, i ER graphs the threshold of k-coectivity, ad of miimum ode degree beig at least k, appears whe the lik probability is compared agaist log + k 1 log log /. I H G; θ, our result shows that the threshold appears whe a quatity that is always larger tha the lik probability p λ is compared agaist log + k 1 log log /. This idicates that H G; θ teds to exhibit the property that all odes have at least k eighbors easier tha ER graphs; 8
i.e., this property ca be esured by a smaller lik probability betwee odes which leads to smaller average ode degree. The situatio is more itricate if it holds that lim p 0, whece we have This leads p log1 p p p2 1 + o1. 2 1 log1 p p p λ 1 + o1 9 The o1 term i this last expressio ca be writte more precisely as Θp. Thus, i the practically relevat case whe the wireless chaels become weaker as gets large, the threshold for miimum ode degree of H G; θ to be at least k appears whe a quatity that is asymptotically equivalet to lik probability is compared agaist log + k 1 log log /; a situatio that is remiiscet of the ER graphs. A similar observatio was made i [14] for the threshold of 1-coectivity ad absece of isolated odes. Nevertheless, it is worth metioig that eve uder lim p 0, the zero-oe laws for the miimum ode degree beig at least k i ER graphs ad H G; θ are ot exactly aalogous. This is because, the term o1 i 9 may chage the behavior of the sequece γ appearig i 8 sice γ will be give by γ p λ 1 + o1 log k 1 log log. Replacig o1 with the more precise term Θp, ad otig that that λ Θ /, we coclude that the two results will be exactly aalogous if ad oly if p 2 is bouded; i.e., it does ot approach to ifiity as gets large. B. Compariso with results by Yağa ad Makowski for k 1 We ow compare our results with those by Yağa ad Makowski [14] who established zero-oe laws for 1- coectivity, ad for the absece of isolated odes i.e., odes with degree zero i H G; θ. Here, we preset their result i a slightly differet form: Cosider scaligs : N 0 N 0 ad p : N 0 0, 1 such that p 2 1 log1 p p 2 c log, 10 for some c > 0. Assume also that lim p p exists. The, we have lim P [H G; θ cotais o isolated odes] lim P [H G; θ is coected] 0 if c < 1 11 1 if c > 1. To better compare this result with ours, we set k 1 ad rewrite our scalig coditio 5 as p 2 1 log1 p p 1 log + γ 2 1 12 uder which Theorem 3.1 gives [ ] lim P H G; θ 0 if γ has o isolated odes 1 if γ +. We ow argue how our result o absece of isolated odes costitutes a improvemet o the result of [14]. The assumptio that limit lim p p exists was the key i establishig 11 uder 10 ad our results i this paper explais why. First, it is clear that if p 0, the 1 log1 p p lim 1 log1 p p 1 lim 1 2 2 1 so that the left had sides of 12 ad 10 are asymptotically equivalet. Next, if p > 0, the it follows that Olog see [14] uder 10. This agai yields the asymptotical equivalece of the left had sides of 12 ad 10. Therefore, uder the assumptio that p has a limit, a scalig coditio that is equivalet to 10 is give by p 2 1 log1 p p 2 1 1 c log, 13 with the results 11 uchaged. Comparig 12 with 13, we see that our absece of isolated odes result is more fie-graied tha the oe give i [14]. I a utshell, the scalig coditio 13 eforced i [14] requires a deviatio of γ ±Ωlog from the threshold log to get the zero-oe law, whereas i our formulatio 12, it suffices to have a ubouded deviatio; e.g., eve γ ± log log log will do. Put differetly, we cover the case of c 1 i 11 uder 13 ad show that H G; θ could be almost surely free of or ot free of isolated odes, depedig o the limit of γ ; i fact, if 13 holds with c > 1, we see from Theorem 3.1 that H G; θ is ot oly free of isolated odes but also all of its odes will have degree larger tha k for all k 1, 2,.... C. Numerical results ad a cojecture We ow preset some umerical results to check the validity of Theorem 3.1, particularly i the o-asymptotic regime, i.e., whe parameter values are set i accordace with realworld wireless sesor etwork scearios. I all experimets, we fix the umber of odes at 2000. The for a give parameter pair, p, we geerate 200 idepedet samples of the graph H G;, p ad cout the umber of times out of a possible 200 that the obtaied graphs have miimum ode degree o less tha k ad ii are k-coected, for k 1, 2,.... Dividig the couts by 200, we obtai the empirical probabilities for the evets of iterest. Due to space limitatios, we oly provide a small subset of the umerical results we have obtaied; see [20] for a complete discussio. I Figure 1, we depict the resultig empirical probability that each ode i H G;, p has degree at least 2 as a fuctio of for various p values. For each p value, we also show the critical threshold of havig miimum degree at least 2 asserted by Theorem 3.1 viz. 5 by a
Pr{H G;θ has mi. degree 2} 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 p 0.3 p 0.5 p 0.7 p 0.9 0 0 5 10 15 20 25 30 Fig. 1. Probability that all odes i H G;, p have degree at least 2 as a fuctio of for p 0.3, p 0.5, p 0.7, ad p 0.9 with 2000. Pr{H G;θ is 2-coected} 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 p 0.3 p 0.5 p 0.7 p 0.9 0 0 5 10 15 20 25 30 Fig. 2. Probability that all odes i H G;, p is 2-coected as a fuctio of for p 0.3, p 0.5, p 0.7, ad p 0.9 with 2000. Its resemblace with Figure 2 suggests that a aalog of Theorem 3.1 holds also for the property of k-coectivity. vertical dashed lie. Namely, the vertical dashed lies stad for the miimum iteger value of that satisfies log1 p p 1 > log + log log 14 p Eve with 2000, we ca observe the threshold behavior suggested by Theorem 3.1; i.e., the probability that H G;, p has miimum ode degree at least k trasitios from zero to oe as varies very slightly from a certai value. For larger, we would expect the curves to look more like a shifted uit step fuctio with a jump discotiuity i.e., a threshold at aroud the value that gives P [mi ode degree is at least k] 1 2 i the curret plots. Those values match well the vertical dashed lies suggested by Theorem 3.1, leadig to the coclusio that umerical experimets are i good agreemet with our theoretical results. Figure 2 is obtaied i the same way with Figure 1, this time for the probability that H G;, p is 2-coected. It is clear that two figures show a strog similarity with curves correspodig to each p value beig almost idistiguishable. I fact, we ra umerous experimets with differet parameter pairs, ad each time observed that the empirical probabilities of H G;, p beig k-coected ad havig miimum ode degree at least k are almost equal. This suggests that i H G;, p as well, the properties of k-coectivity ad the miimum ode degree beig at least k are asymptotically equivalet, leadig us to cast the followig cojecture. Cojecture 4.1: Cosider scaligs : N 0 N 0 ad p : N 0 [0, 1] such that lim 2 ad lim sup p < 1, ad a sequece γ : N 0 R defied through 5. The, lim P [H G; θ is k-coected] REFERENCES 0 if γ 1 if γ +. [1] I. F. Akyildiz, W. Su, Y. Sakarasubramaiam, ad E. Cayirci, Wireless sesor etworks: a survey, Computer etworks, vol. 38, 2002. [2] L. Escheauer ad V. Gligor, A key-maagemet scheme for distributed sesor etworks, i Proc. of ACM CCS, 2002. [3] H. Cha, A. Perrig, ad D. Sog, Radom key predistributio schemes for sesor etworks, i Proc. of IEEE S&P, 2003. [4] Y. Wag, G. Attebury, ad B. Ramamurthy, A survey of security issues i wireless sesor etworks, Commuicatios Surveys Tutorials, IEEE, vol. 8, o. 2, pp. 2 23, 2006. [5] Y. Xiao ad V.. Rayi ad B. Su ad X. Du ad F. Hu ad M. Galloway, A survey of key maagemet schemes i wireless sesor etworks, Computer Commuicatios, vol. 30, pp. 2314 2341, 2007. [6] B. Bollobás, Radom graphs. Cambridge uiversity press, 2001. [7] T. I. Feer ad A. M. Frieze, O the coectivity of radom m- orietable graphs ad digraphs, Combiatorica, vol. 2, o. 4, 1982. [8] S. Jaso, T. Łuczak, ad A. Ruciński, Radom graphs. 2000, Wiley Itersci. Ser. Discrete Math. Optim, 2000. [9] O. Yağa ad A. M. Makowski, O the gradual deploymet of radom pairwise key distributio schemes, i Proc. of WiOpt, 2011. [10], Coectivity results for sesor etworks uder a radom pairwise key predistributio scheme, i Iformatio Theory Proceedigs ISIT, 2012 IEEE Iteratioal Symposium o, 2012, pp. 1797 1801. [11], O the scalability of the radom pairwise key predistributio scheme: Gradual deploymet ad key rig sizes, Performace Evaluatio, vol. 70, o. 78, pp. 493 512, 2013. [12], O the coectivity of sesor etworks uder radom pairwise key predistributio, IEEE Trasactios o Iformatio Theory, vol. 59, o. 9, pp. 5754 5762, 2013. [13] B. risha, A. Gaesh, ad D. Majuath, O coectivity thresholds i superpositio of radom key graphs o radom geometric graphs, i Proc. of IEEE ISIT, 2013, pp. 2389 2393. [14] O. Yağa ad A. M. Makowski, Modelig the pairwise key predistributio scheme i the presece of ureliable liks, IEEE Trasactios o Iformatio Theory, vol. 59, o. 3, pp. 1740 1760, 2013. [15] O. Yağa, Performace of the Escheauer-Gligor key distributio scheme uder a o/off chael, IEEE Trasactios o Iformatio Theory, vol. 58, o. 6, pp. 3821 3835, Jue 2012. [16] J. Zhao, O. Yağa, ad V. Gligor, Secure k-coectivity i wireless sesor etworks uder a o/off chael model, i Proc. of IEEE Itl. Symp. Ifo. Theory ISIT, 2013, pp. 2790 2794. [17], k-coectivity i secure wireless sesor etworks with physical lik costraits - the o/off chael model, Arxiv, Jue 2012, submitted to IEEE Trasactios o Iformatio Theory. Available olie at arxiv:1206.1531 [cs.it]. [18] M. D. Perose, Radom Geometric Graphs. Oxford Uiversity Press, Jul. 2003. [19] O. Yağa ad A. M. Makowski, Desigig securely coected wireless sesor etworks i the presece of ureliable liks, i Commuicatios ICC, 2011 IEEE Iteratioal Coferece o, 2011, pp. 1 5. [20] F. Yavuz, J. Zhao, O. Yağa, ad V. Gligor, O the k-coectivity of the radom graph iduced by a pairwise key predistributio scheme with ureliable liks, to be submitted. [Olie]. Available: http://users.ece.cmu.edu/ oyaga/jourals/k co PER.pdf [21] R. Di Pietro, L. V. Macii, A. Mei, A. Pacoesi, ad J. Radhakrisha, Redoubtable sesor etworks, ACM Tras. If. Syst. Secur., vol. 11, o. 3, pp. 13:1 13:22, March 2008. [22]. Joag-Dev ad F. Proscha, Negative associatio of radom variables with applicatios, The Aals of Statistics, o. 1, pp. 286 295, 1983. [23] P. Erdős ad A. Réyi, O the stregth of coectedess of radom graphs, Acta Math. Acad. Sci. Hugar, pp. 261 267, 1961.