About this Journal Submit a Manuscript Table of Contents
International Journal of Distributed Sensor Networks
Volume 2012 (2012), Article ID 847805, 12 pages
Research Article

Secrecy Transfer

1School of Computer Science and Technology, Xidian University, Xi’an 710071, China
2Department of Electrical Engineering, Kyungpook National University, Daegu 702-701, Republic of Korea

Received 7 March 2012; Revised 8 June 2012; Accepted 10 June 2012

Academic Editor: Mihui Kim

Copyright © 2012 Zhihong Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Suppose that n nodes with acquaintances per node are randomly deployed in a two-dimensional Euclidean space with the geographic restriction that each pair of nodes can exchange information between them directly only if the distance between them is at most r, the acquaintanceship between nodes forms a random graph, while the physical communication links constitute a random geometric graph. To get a fully connected and secure network, we introduce secrecy transfer which combines random graph and random geometric graph via the propagation of acquaintanceship to produce an acquaintanceship graph , a kind of random geometric graph with each edge representing an acquaintanceship between two nodes. We find that components of graph that undergoes a phase transition from small components to a giant component when is larger than a threshold, the threshold for to be a connected graph is derived. In addition, we present its implementation method and applications in wireless sensor networks.

1. Introduction

Suppose at a classroom with students, each of whom initially has acquaintances who are randomly chosen among them. Students can only communicate with its direct neighbors. At first, students are isolated. If two adjacent students are acquainted with each other, a link forms between them. As time goes on, some small acquaintance groups emerge. Two stranger students, say Alice and Bob, belonging to different groups may be adjacent, but if there are students in the two groups, respectively, familiar with each other, Alice and Bob may use them as introducers to establish a link between them. By repeating this process, students will be increasingly interwoven by such links, creating a web of acquaintances. We denote this construction as secrecy transfer and the resulting network as the acquaintanceship graph . We are here interested in the question: for which critical threshold of is there likely to be a connected acquaintanceship graph?

At first glance, the acquaintanceship graph is a kind of social networks, such as the patterns of friendships between individuals. Technically, the acquaintanceship graph is a combination of random graph [1] and random geometric graph [2]. A random geometric graph is a graph resulting from placing nodes randomly in a plane and connecting each pair of nodes if their distance is at most the radius , while a random graph is a graph with nodes in which each edge (out of the possible edges) is chosen independently at random with an edge probability . The acquaintanceship graph has both properties of random graph and random geometric graph. Initially, nodes are placed randomly on a plane, every node has acquaintances. In the view of acquaintanceship, it can be considered logically as a random graph without geographical position restriction. If graph is connected, everyone can make the acquaintance of arbitrary nodes in the graph. Intuitively, we think that there is a threshold value. If is larger than that value, the graph may be connected. If the communication between any pair of acquaintances is considered secure and trusted, through the introduction of acquaintances, any one can extend his circle of acquaintance and eventually get secure communication with arbitrary nodes in the graph .

Random graphs and random geometric graphs have been studied extensively, but in a separate way. Random graph and its variations have been used as models of social structure in, for example, epidemiology [3], while random geometric graph is always viewed as a wireless communication network [4, 5], such as Ad hoc, Mesh, or sensor networks. In fact, random graphs and random geometric graphs have different structural properties. Any two nodes in a random graph can be connected by a link with certain probability regardless of their geographical position. Random key graphs have been recently been used by Di Pietro et al. [6] to model the random key predistribution scheme of Eschenauer and Gligor [7]. The random key graph is a random graph obtained as follows: nodes, each assigned a subset of keys, are distributed uniformly at random on a given field. An edge is added if two nodes are within a radius and share at least one common key. Formally, the resulting graph, matching a random graph with identical link probability to a random geometric graph, can be considered as the initial graph of the acquaintanceship graph , if two nodes, sharing one common key, are referred to as acquaintances. Note that, unlike random key graphs, secrecy transfer is a growth model and can be considered as a stochastic process. We are interested in the crucial property, connectivity, of the resulting acquaintanceship graph. In [8], we use secrecy transfer to enhance the security performance of key infection [9]. In fact, secrecy transfer in [8] only focuses on key establishment between adjacent nodes who are in a connected component; otherwise, key infection is applied to establish a secret link key. Obviously, it is a tradeoff between key infection and secrecy transfer discussed in this paper. In this paper, some results are given and complemented by simulations, especially the connectivity threshold.

Organization. First, secrecy transfer is presented in Section 2. We derive the connectivity threshold of value in Section 3. Next, in Section 4, we present the analysis of secrecy transfer in heterogeneous networks. Section 5 gives an implementation method of secrecy transfer. In Section 6, some applications are given. Finally, we conclude the paper in Section 7.

2. Secrecy Transfer

Let nodes be distributed uniformly and independently at random in a field , each of them has acquaintances. A pair of nodes are adjacent only if the distance between them is at most the radius . Suppose nodes and are adjacent, that is, the distance between them . Initially, and are connected if they are acquainted with each other (initialization phase, see Figure 1(a)). If nodes and are connected by a path, an edge is added (see Figure 1(b)). As time goes on, the graph evolves continuously, and gradually consists of some components. If node belongs to a component , and has acquaint with at least one of nodes in the component , say node in , we connect and by a new edge (see Figure 1(c)). For the case where and belong to different component and , if there exist two acquaintance nodes and in and , respectively, we introduce an edge between and ; Otherwise, and are disconnected at present stage. If there is no new edge is added for any pair of adjacent nodes, secrecy transfer reaches the stable state and the algorithm terminates. Continuing this process, we can get a acquaintanceship graph .

Figure 1: Secrecy transfer.

As depicted in Figure 2, 100 nodes are randomly distributed over a field, , and the radius . At first, two adjacent nodes connect with the probability , and we get the initial acquaintanceship graph , as illustrated in Figure 2(a). After repeating secrecy transfer process on the graph , it gradually evolves into the graph shown in Figure 2(g), which approximates to the underly random geometric graph .

Figure 2: An example of secrecy transfer process, with nodes randomly distributed over a field, , and .

One of our goals is to design a security mechanism to enable any two adjacent nodes to establish a pairwise key after they are deployed in a field. More specifically, suppose that every node in the network has been preloaded before its deployment with secret keys, each of which is shared with one of its acquaintances. Let nodes and be two adjacent nodes, . If nodes and happen to be acquaintances, they share a key which can be used to protect their communication link. If and are not acquaintances, but are connected by a path (Figure 1(b)), can generate a new key and send it to along the path. As more secure edges are added to the graph , larger components emerge. Suppose node belongs to a component , (as plotted in Figure 1(c)) if node acquaints with a node , which means that nodes and have a shared key . In this case, node randomly generates a key and sends it along a path in the component to node . Node encrypts with the key , that is, and sends the result back to . Node , then, sends to via the unsecure channel. Finally, node can get key , for it has the key . In another case, where nodes and belong to different components and , but node acquaints with node , as shown in Figure 1(d). Node first sends a key to node . Node encrypts with key which is shared with node and sends to node via nodes and . For node has , it can decrypt the message to obtain .

Given a randomly deployed network with nodes, we can view it as a random geometric graph with each edge representing a possible communication link. Without the protection of a secret key, an adversary can eavesdrop conversations between nodes. If each node has several trusted nodes initially, the trust relationship can be considered as a random graph with each edge connecting a pair of nodes which have shared a secret key. However, random graph does not consider the transmission radius of nodes, but simply assumes any two nodes have the same probability to establish a connection. When the distance between two nodes is larger than the transmission radius , they cannot communicate directly. Roughly speaking, reflects the logical trust relationship between nodes, while depicts the physical communication structure of nodes in the network. Secrecy transfer constructs a graph from and (where ) and turns it to a secure random geometric graph by adding secure edges to it.

The construction of secrecy transfer above reveals that, the graph is robust against eavesdrop attack, for each edge is added via the existing trustiness between nodes. If cryptographic attacks are considered impractical, the adversary cannot break to get the key , for the key shared between and is loaded initially.

3. Connectivity Threshold

The component structure of the graph changes gradually as secrecy transfer is applied. As illustrated in Figure 2(a), after the initialization phase, the greatest component of is tree of small order. Gradually, a giant component emerges, swallowing the whole network, provided the underly random geometric graph is connected and is large enough.

Suppose two adjacent components, and , have, respectively, and vertices, nodes in and in are adjacent. We first estimate the probability that two adjacent components and may get connected to form a larger component.

Let random variable be the total number of nodes with whom nodes in component are familiar, be a bernoulli random variable, where when the circle of acquaintances of node includes at least one node in the component , otherwise. Therefore,

If component consists of nodes, we have the probability of , where .

Thus, the expectation of random variable is .

For are mutually independent, the expectation of is which means that, for a component of order , the circle of acquaintances of this component may consist of nodes on average. Let , the probability that there is at least one common acquaintance between components and is

For example, one may see that, for a network , , and , the probability tends to 1 when . This provides intuition that, a component of order 200 is attractive and will swallow nodes nearby to form a larger component, a kind of “rich get richer” phenomenon. For two components of order , the probability approximates 1 if . In general, the larger the components are, the more likely they are to be mixed together.

In a random graph with vertices and edges, if with , the greatest component has (with probability tending to 1 for ) approximately vertices [10]. As a special case, when , , such large component in graph will swallow the whole network with high probability.

Next, we investigate the relationship between the connectivity property of graph and value . To determine the value which will guarantee the connectivity of graph , we employ a well-known algorithm to generate random graphs with a given degree distribution [11]. Each graph generated has nodes and links per node. The algorithm may lead to a multigraph, either by connecting a node to itself or by connecting two nodes together more than once. However, as increases, these events become rare and their number becomes statistically insignificant.

We first generate a random graph with nodes and links per node, then deploy the nodes into a square region to obtain a random topology. For , , and varying, we repeat our simulations 50 times to yield an acceptable confidence of results. For each simulation, we measure empirical values for the maximum component and the second component for each trial, averaged over 50 random topologies. In Figure 3, an interesting phenomenon observed is a “phase transition” as increases. There is a critical value of , above which the graph will almost surely be connected. The maximum component grows rapidly from a component of small size to a giant component when . On the contrary, the size of the second component decreases as .

Figure 3: Size of the maximum and second components in graph for , .

Within this context, we want to know, under what conditions is the graph be connected? How can we choose such that the graph constructed by secrecy transfer will be connected with high probability? The answer to this question is crucial in determining the number of acquaintances that an arbitrary node should have initially.

3.1. Lower Bound of Connectivity Threshold

To get a fully connected graph , two conditions must be satisfied. First, the graph must be connected, which means that, given the value and a deployment region, the value should be large enough to guarantee a connected random geometric graph . Assume nodes are uniformly deployed in a unit square , the well-known connectivity threshold [5]. Second, the value must be large enough to get the random graph fully connected. Consider an arbitrary pair of adjacent nodes and in graph which have not established secret key between them. For is connected, there is at least one path in graph , say between nodes and . Given any adjacent nodes in path , say and , there must exist a path from to in graph , for graph is connected.

For a random graph , when is zero, the graph does not have any edge, whereas when is one, the graph is fully connected. Bolbbás showed that, for monotone properties, there exists a value of such that the property moves from “nonexistent” to “certainly true” in a very large random graph [1]. The function defining is called the threshold function of a property. Given a desired probability for graph connectivity, the threshold function of is defined by where and is any real constant.

Therefore, given we can find for which the resulting graph is connected with desired probability . Thus, the lower bound of connectivity threshold of is

3.2. Analysis Results of Connectivity Threshold

Notice that when is below the lower bound of connectivity threshold mentioned above, the graph is not connected with high probability, and hence the graph also is not connected with high probability. However, a greater above the lower bound cannot guarantee a connected graph when is small, where is the average number of neighbors of a node. For a tighter bound of , correlated with , , is not known yet, we only present some analysis results of below.

After the initialization phase of secrecy transfer, we get a random graph. Erdös and Rényi showed that for random graphs, a giant component exists if the average degree of node [10]. If only small components exist, and the size of the largest component is proportional to ( is the number of nodes in the graph). Exactly at the threshold, , a component whose size is proportional to emerges. In the sequel, when , , and , after the initialization phase of secrecy transfer, the average degree of nodes in the graph , . In this occasion, the initial graph only consists of small components, such as trees of small size. As the simulation results of initialization phase shown in Figure 2(a), the graph only contains small isolated trees. Our goal is to determine how many such components exist, and the probability that they will be connected to form a giant component.

Let the graph in the initialization phase contains components , such that the size of component is , and . For two components and of order and , if they are adjacent, the probability that they will be connected through secrecy transfer is where , .

When secrecy transfer is applied, the graph will evolve continuously. A larger component is more attractive and will swallow nodes nearby to form a larger component with high probability. Popularity is attractive. If a component can absorb nodes nearby by secrecy transfer, it is termed as expandable. Next we estimate the asymptotic probability that at least one component in is expandable. At first we estimate the number of neighbors of a component of size .

Suppose nodes distributed uniformly and independently at random in a unit area , that is, . Let a component of size lie inside a circle of radius , neighbors of the component lie outside the circle and be at distance at most from nodes in the component. Let be a subarea in the deployment area , . The probability that a node is placed within area is . Then, the probability that of nodes are placed in the area is

When and , we can approximate it with a Poisson distribution, and the average number of nodes within area is

In the initial graph , any component of size is small (), and the area it occupied is also small, that is, . Therefore, we have approximately


Therefore, the probability that a component of size is expandable is where , , .

For a set of components , , the probability can be calculated as

Note that for two sets of components () and (), if , ,, then

Therefore, the probability that at least one component in set is expandable is greater than that in set .

Given parameters , , and , after the initialization phase of secrecy transfer, the graph may contain some components . The expandable probability of this component set , implies that at least one component in is expandable and will grow larger with high probability. Let a component be expandable and become a larger component by swallowing nodes nearby. For , the expandable probability of components is greater than the expandable probability of components , that is,

Thus, if the expandable probability of the initial graph approximates 1, it will become even greater almost surely, and the graph will eventually evolve into a connected graph with high probability if both and are connected graphs. However, small expandable probability of the initial graph cannot guarantee a connected graph with high probability and secrecy transfer will terminate with isolated components.

However, exact results of the critical threshold are not known yet, we only present some analysis results below.

In an Erdös-Rényi random graph with nodes and links [10], if where , then the number of trees of order contained in has in the limit for a Poisson distribution with mean value

Among these trees, the probability that at least one tree of order is expandable is where is the probability that a tree of order is expandable, , , , , and .

For the graph after the initialization phase of secrecy transfer, the number of links in is which yields the result

Using the above considerations, we can estimate the expandable probability of the components (trees) of order .

We see that, for , , and , the probability ; for , the probability . This indicates that, in this occasion, for , the graph will eventually evolve into a connected graph by secrecy transfer with high probability. However, for , the graph may be fragmented and contains no giant component of order . Furthermore, the critical threshold of is rather sensitive to . For , , and , the probability . If we reduce to , then . This is because the decline in will result in the decline in the number of neighbors of a component, so does the expandable probability.

On the other hand, the probability that secrecy transfer cannot take place after the initialization phase is which is only dependent on and . Less or , higher the probability .

4. Heterogeneous Network

Consider graph of nodes with acquaintances per node randomly selected among the nodes in the graph, we are also interested in the number of rounds needed for secrecy transfer to reach a stable state. It is shown in Section 3 that a necessary condition for graph to be connected is that graphs and must be fully connected. However, the speed of the convergence of secrecy transfer depends on the values of , for given . To gain insight, we first consider the value and perform a simulation-based study of it. Employing a uniform random generator, we position nodes in a square planar region of , following our deployment from Section 3. For each random topology, we estimate the speed of the convergence of secrecy transfer as the number of rounds that it needs to perform to reach its stable state. At each round, each pair of adjacent nodes in the graph employ secrecy transfer to try to get connected. If there is no new edge is added in this round, secrecy transfer reaches its stable state and terminates. We observe from Figure 4 that, as the value increases, the stable state is reached with a faster speed, and for value , the number of rounds reaches its peak when approximates to its connectivity threshold.

Figure 4: Value versus. number of rounds of secrecy transfer for various values of the radius .

Conventionally, a wireless network consists of some nodes as supernodes with greater communication radius than normal nodes. The use of these supernodes lead to important characteristics of complex networks [12]: a small average shortest path length between all nodes, and a high-cluster coefficient, which help us saving network resources, avoiding excessive communication, and reducing the time to data delivery. Figure 5 depicts plots of secrecy transfer with nodes deployed over a field, , and , among them there are 25 supernodes (squares in the figures) with a larger communication radius and only bidirectional links are considered.

Figure 5: Secrecy transfer process in a heterogeneous network, , , , and .

From the simulation results illustrated in Figure 6, we conclude that, compared to the homogeneous network case, for a heterogeneous network with supernodes, as the radius of supernodes grows, the value of required to maintain connectivity of graph decreases, the speed of the convergence of secrecy transfer accelerates. Hierarchically, supernodes can form a higher layer, while normal nodes constitute a lower layer of the network. An implication of a heterogeneous network is that it has better performance with regard to improving energy, power and topology control, scalability, and fault-tolerance and routing efficiency.

Figure 6: The maximum component and rounds of secrecy transfer in heterogeneous networks.

One of the most important properties of a network is the degree distribution, or the fraction of nodes having connections (degree ). Although the degree distribution alone is not enough to characterize the network, it has great influence on the network's structure and behavior. A well-known result for Erdös-Rényi random graph is that the degree distribution is Poissonian, , where is the average degree. For many real networks, such as the Internet, WWW, citations of scientific articles, airline networks, and many more, they often exhibit a scale-free degree distribution, , , where is a normalization faction, and and are the lower and upper cutoffs for the degree of a node, respectively. A scale-free network with and nodes have diameter and can be considered as “ultra small-world” network. In fact, the diameter of network is relevant in many fields regarding communication and computer networks, such as routing, searching, and transport of information. All these processes become more efficient when the diameter is smaller.

Intuitively, compared to homogeneous networks, a heterogeneous network with supernodes has a degree distribution different from Poisson distribution. Next, we discuss the degree distribution of heterogeneous networks. Let nodes and supernodes be distributed uniformly and independently at random in a square of area 1, , the communication radii of nodes and supernodes are and (), respectively, and only bidirectional links are taken into considerations.

For a heterogeneous network, there are two degree distributions, one for each type of nodes. For normal nodes with radii , the degree distribution is Poissonian, whereas the degree distribution of supernodes is

Therefore, the degree distribution of the heterogeneous network is

From the degree distribution derived above, we depict and compare it with two different networks. In Figure 7(a) we show the degree distribution of a heterogeneous network with , , , and . In Figure 7(b), we compare with power law and Poisson distribution , where . As the figures shown, the degree distribution of a heterogeneous network with two peaks is different from a Poisson distribution and right-skewed to a power law. The results imply that the behavior of a heterogeneous network has some characteristics of scale-free network, such as small diameter.

Figure 7: Degree distributions for different networks. The horizontal axis is node degree (or ), and the vertical axis is the probability distribution (or ) of degrees, that is, the fraction of nodes that have degree greater than or equal to . The network shown in (a) is a heterogeneous network with two types of nodes, three networks (of power law, heterogeneous, and Poisson distribution) are depicted in (b) with a logarithmic degree scale.

Now consider the placement of nodes with more types. Suppose that the network contains types of nodes, denoted as . For nodes of type , the number of nodes in it and node's communication radius satisfy the conditions,

For simplicity, let denote the total number of nodes in the network, and

It is clear that when and ,

Recall that the degree of each type of nodes has a Poisson distribution with different mean value. To derive the degree distribution of the network, we first determine the degree distribution of nodes of type , where,

Therefore, the degree distribution of the heterogeneous network with types of nodes is

For is complicated, we present some numerical results on it. Figure 8 shows the degree distribution for , , , , , , , and . As expected, the degree distribution of the heterogeneous network approaches power law . This implies that heterogeneous network maintains some statistical properties of a scale-free network. Therefore, it is plausible that the convergence speed of secrecy transfer in a heterogeneous network is faster than that in a homogeneous network.

Figure 8: Degree distributions.

5. Implementation of Secrecy Transfer

In this section, we elaborate the implementation method of secrecy transfer. The method contains three phases: the initialization phase, the secrecy transfer phase, and the update phase. To implement secrecy transfer efficiently, we use Bloom Filter [13] for membership queries.

Bloom Filter
A Bloom Filter is a popular data structure used for membership queries. It represents a set using independent hash functions and a string of bits, each of which is initially set to 0. For each , we hash it with all the hash functions and obtain their values (). The bits corresponding to these values are then set to 1 in the string. To determine whether an item is in , bits are checked. If all these bits are 1s, is considered to be in .

Since multiple hash values may map to the same bit, Bloom Filter may yield false positives. That is, an element is not in but its bits are collectively marked by elements in . If the hash is uniformly random over values, the probability that a bit is 0 after all the elements are hashed and their bits marked is . Therefore, the probability for a false positive is . The right hand side is minimized when in which case it becomes .

5.1. Initialization Phase

We first generate a random graph with nodes and links per node. For each link a secret key is assigned to it. Each node stores the ID of its neighbors and the corresponding secret key between them. For instance, if node has neighbors , it constructs an acquaintanceship set where is the assigned secret key between node and its neighbor .

After that nodes are deployed randomly over a field.

5.2. Secrecy Transfer Phase

Suppose two adjacent components, and , have, respectively, and nodes, nodes and are adjacent. For component , a component head (at first after initialization phase, each node is a component head of its own since all nodes are isolated. After several rounds of secrecy transfer process, some large components emerge. To reduce the communication cost, a node is selected to be a component head according to its centrality in the component. To simply the procedure, the node with the highest degree is chosen to be the component head) is selected. He stores all the ID of nodes belonging to the component in a component member set where .

Each node stores a Bloom Filter which contains all the nodes in the acquaintance circle of . That is, the nodes in and the acquaintances of node for all . If an adjacent node is added to , the Bloom Filter of node is inserted into , that is, a new Bloom Filter for the new component is created, that is, .

If two components and get connected and melt into a larger component , a new Bloom Filter of component , , is created and stored in nodes of . To further improve the performance, not all nodes in or need to update its or to , only nodes whose neighbors are not all connected to them need to store the updated Bloom Filter of the new component . As depicted in Figure 9, and melt into a larger component , an isolated node is adjacent to nodes , , , and . After and get connected, only nodes , , , and in have unconnected neighbor. Therefore, they need to store the new and will broadcast it later.

Figure 9: Secrecy transfer phase.

Next, we give an overview of the operations of secrecy transfer. In general, the operation of secrecy transfer is initiated by a new created component. Let be a new component that has “swallowed” node , nodes and have already updated their (to insert the ID of node into it), and let be an adjacent component of . After that, nodes and broadcast to their adjacent nodes and . On receiving the from component , node sends a query message containing to the component head of , say node , where the component member set of , , is stored. The component head then determines whether the nodes in set are in the Bloom Filter . If a node, say , is found in the Bloom Filter , node answers node by sending to it. Node then tells that there is a node belonging to the acquaintance circle of component . After that, nodes broadcasts a query message with the ID of node in component . Each node in verifies whether node belongs to its acquaintanceship set. As illustrated in Figure 9, if the acquaintanceship set of node contains node , that is, , the node transmits a response message (, ) to node . After obtaining the acquaintance node pair (, ) from , node knows that nodes and are acquaint with each other (they have a shared key ). Now nodes and can establish a secret key as mentioned in Section 2.

5.3. Updated Phase

After the secret key between nodes and is established, two components become a larger component , we then should update the acquaintance circle of for nodes who have unconnected neighbors. A new component head is also need to be selected according to the degree distribution of nodes in . As to the network in Figure 9, if node is the new component head of , the component member set is updated to be Finally, if nodes have updated their Bloom Filter , they broadcast the new to their neighbors to find chances for new links. Recursively, this procedure is applied until there is no node has updated its Bloom Filter.

5.4. Security Analysis

As discussed in Section 2, secrecy transfer is robust against eavesdrop attack, for each edge is added via the existing trustiness between nodes. In this subsection, we study the resilience of secrecy transfer against the node compromise attack. Let denote the number of nodes that have been captured. Suppose the compromised nodes are independently and random distributed among the entire deployment region.

Theoretically, as depicted in Figure 9, if any node in the paths and is compromised, the key between nodes and is not secure. Suppose that the length of two paths are and , respectively. It is easy to estimate the probability that a new established key is compromised as the following: where is the number of node in the network.

Unfortunately, even if all nodes in two paths are not compromised, the key may be unsecure. For instance, let a path from to be , and all nodes in the path have not been compromised. Node sends to by sending , then transmits to node until reaches the last node . If are not compromised, is still secure after it is transmitted across the path. However, if a key, such as , is compromised, an adversary may eavesdrop on the communication flows between nodes and to obtain , thus is leaked.

In general, if there are compromised nodes in the network, any key established by secrecy transfer between two neighbors and may be unsecure unless nodes and are acquaint with each other initially. For any pair of acquaintance nodes, the secret key between them is preloaded before the network is deployed and is considered unbreakable (unless the node is compromised). As to any key established by secrecy transfer, compromised nodes may degrade its security since lots of nodes are involved in the process of the negotiation of a new link key.

In order to set up a more secure channel between nodes and , it is reasonable to use the acquaintanceship set of nodes. Suppose in a path , (, ), (, ), and (, ) are three pair of acquaintances. To send a secret key to , node can send to , then sends to . At last, node can get from . The advantage of this method is that all communications are encrypted with predistributed keys. If nodes , , , and are not compromised, the key is secure after the transmission. However, such a secure logical path in a set of nodes may not exist. For a path of nodes, their initial acquaintanceship can be viewed as a random graph , where and . If is connected, a logical path exists.

If an adversary is not present at the network before secrecy transfer has completed, or it takes more time than a secure interval to compromise nodes, the communication links established by secrecy transfer are secure; otherwise, undetected malicious nodes may degrade the security of secrecy transfer and jeopardize the network. In [14], authors investigated the potentially disastrous threat of node compromise spreading (via communication and preestablished mutual trust) in wireless sensor networks and proposed an epidemiological model to investigate the probability of a breakout. This model can be adapted to analyze the spread of malicious behavior of compromised nodes in the process of secrecy transfer. But how to design efficient countermeasures is still unknown.

5.5. Storage Overhead

A node, say , needs to store (1)an acquaintanceship set where are the acquaintances of node , are the corresponding secret keys with each acquaintance, respectively. (2) secret keys established with its neighbors,(3)a Bloom Filter ().

For a component head (), in addition to the secret values a normal node stores, it also stores a component member set where are the members of component , is the cardinality of the component.

6. Applications of Secrecy Transfer

The need for untethered distributed communications and computing continues to drive advances in mobile communications and wireless networking. To serve this purpose, wireless sensor networks have been envisioned to consist of groups of lightweight sensor nodes that may be randomly and densely deployed to observe data within a physical region of interest [15].

In many applications, such as target tracking, battlefield surveillance, and intruder detection, sensor networks are often deployed in hostile environments. To protect the sensitive data, secret keys should be established to achieve data confidentially, integrity, and authentication between communicating parties [1619]. The first practical key predistribution scheme for sensor network is random key predistribution scheme introduced by Eschenauer and Gligor [7]. Its operation can be briefly described as follows. A random pool of keys is selected from the key space. Each sensor node receives a random subset of keys (key ring) from the key pool before deployment. Any two nodes able to find one common key within their respective subsets can use that key as their shared secret to initiate communication. Moreover, the network can be viewed as a random graph , each edge added if two adjacent nodes can find one common key within their key rings. A major advantage of this scheme is the exclusion of base stations in key management, but a fixed number of compromised sensors causes a fraction of the remaining network to become insecure. Successive sensor captures enable the adversary to reveal network key pool and use them to attack other sensors. In addition, the storage overhead is still high for lightweight sensor nodes. As mentioned previously, secrecy transfer can turn a random graph to a secure random geometric graph. If secrecy transfer is applied with the random key predistribution scheme, the storage overhead of nodes is lower and it can achieve better resilience against node capture attack.

In [20], an asymmetric key predistribution scheme AKPS for sensor networks was proposed. Each nodes only store two secret values initially, a large amount of storage is shifted to keying material servers (KMS). Since AKPS needs to provide public keying material for any pair of nodes, a KMS should store public keying material for a network of nodes. Roughly speaking, AKPS is not viable for arbitrary large network. We find that, if secrecy transfer is used, a KMS does not need to be preloaded with public keying material. Specially, suppose out of public keying material are randomly picked, the initial probability that two arbitrary sensors can establish a secret key is , which means that, any nodes has “acquaintances” on average. As before, if is larger than the connectivity threshold, we can repeat the construction process of secrecy transfer to get a connected graph which will guarantee that any pair of adjacent nodes can establish secret keys.

7. Conclusion

This work presented a secrecy transfer algorithm which is directly based on the idea that networks form primarily by people introducing pairs of their acquaintances to one another. The resulting network, showing both properties of random graph and random geometric graph, cannot only model the introduction process in social networks, but also be used to protect the network.


This work is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), the Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S&T program (2011ZX03005-002), National Natural Science Foundation of China (61173135, 61100230, 61100233), and the Natural Science Basic Research Plan in Shaanxi Province of China (2011JM8004). It is also supported partly by Mobile Network Security Technology Research Center of Kyungpook National University, Republic of Korea.


  1. B. Bollobás, Random Graphs, Cambridge University Press, 2nd edition, 2001.
  2. M. Penrose, Random Geometric Graphs, Oxford Studies in Probability, Oxford University Press, Oxford, UK, 2003.
  3. M. Altmann, “Susceptible-infected-removed epidemic models with dynamic partnerships.,” Journal of Mathematical Biology, vol. 33, no. 6, pp. 661–675, 1995. View at Google Scholar · View at Scopus
  4. C. Bettstetter, “On the minimum node degree and connectivity of a wireless multihop network,” in Proceedings of the 3rd ACM International Symposium on Mobile Ad Hoc Networking and Computing (MOBIHOC '02), pp. 80–91, ACM, June 2002. View at Scopus
  5. P. Gupta and P. R. Kumar, “The capacity of wireless networks,” IEEE Transactions on Information Theory, vol. 46, no. 2, pp. 388–404, 2000. View at Google Scholar · View at Scopus
  6. R. Di Pietro, L. V. Mancini, A. Mei, A. Panconesi, and J. Radhakrishnan, “Redoubtable sensor networks,” ACM Transactions on Information and System Security, vol. 11, no. 3, article 13, 2008. View at Publisher · View at Google Scholar · View at Scopus
  7. L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 41–47, November 2002. View at Scopus
  8. Z. Liu, J. Ma, Q. Pei, L. Pang, and Y. Park, “Key infection, secrecy transfer, and key evolution for sensor networks,” IEEE Transactions on Wireless Communications, vol. 9, no. 8, pp. 2643–2653, 2010. View at Publisher · View at Google Scholar · View at Scopus
  9. R. Anderson, H. Chan, and A. Perrig, “Key infection: smart trust for smart dust,” in Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP '04), pp. 206–215, Berlin, Germany, October 2004. View at Scopus
  10. P. Erdös and A. Rényi, “On the evolution of random graphs,” Publication of the Mathematical Institute of the Hungarian Academy of Sciences, vol. 5, pp. 17–61, 1960. View at Google Scholar
  11. B. Bollobás, “A probability proof of an asymptotic formula for the number of labelled regular graphs,” European Journal of Combinatorics, vol. 1, pp. 311–316, 1980. View at Google Scholar
  12. M. E. J. Newman, “The structure and function of complex networks,” SIAM Review, vol. 45, no. 2, pp. 167–256, 2003. View at Google Scholar · View at Scopus
  13. B. H, Bloom, “Space/time trade-offs in hash coding with allowable errors,” Communications of the ACM, vol. 13, no. 7, pp. 422–426, 1970. View at Publisher · View at Google Scholar · View at Scopus
  14. P. De, Y. Liu, and S. K. Das, “Deployment-aware modeling of node compromise spread in wireless sensor networks using epidemic theory,” ACM Transactions on Sensor Networks, vol. 5, no. 3, pp. 1–33, 2009. View at Publisher · View at Google Scholar · View at Scopus
  15. N. M. Freris, H. Kowshik, and P. R. Kumar, “Fundamentals of large sensor networks: connectivity, capacity, clocks, and computation,” Proceedings of the IEEE, vol. 98, no. 11, pp. 1828–1846, 2010. View at Publisher · View at Google Scholar · View at Scopus
  16. V. C. Giruka, M. Singhal, J. Royalty, and S. Varanasi, “Security in wireless sensor networks,” Wireless Communications and Mobile Computing, vol. 8, no. 1, pp. 1–24, 2008. View at Publisher · View at Google Scholar · View at Scopus
  17. J. Jeong and Z. J. Haas, “Predeployed secure key distribution mechanisms in sensor networks: current state-of-the-art and a new approach using time information,” IEEE Wireless Communications, vol. 15, no. 4, pp. 42–51, 2008. View at Publisher · View at Google Scholar · View at Scopus
  18. L. Ma, X. Cheng, F. Liu, F. An, and J. Rivera, “iPAK: an in-situ pairwise key bootstrapping scheme for wireless sensor networks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 8, pp. 1174–1184, 2007. View at Publisher · View at Google Scholar · View at Scopus
  19. J. C. Lee, V. C. M. Leung, K. H. Wong, J. Cao, and H. C. B. Chan, “Key management issues in wireless sensor networks: current proposals and future developments,” IEEE Wireless Communications, vol. 14, no. 5, pp. 76–84, 2007. View at Publisher · View at Google Scholar · View at Scopus
  20. Z. Liu, J. Ma, Q. Huang, and S. Moon, “Asymmetric Key Pre-distribution Scheme for sensor networks,” IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1366–1372, 2009. View at Publisher · View at Google Scholar · View at Scopus