#### Abstract

During the lifecycle of sensor networks, making use of the existing key predistribution schemes using deployment knowledge for pairwise key establishment and authentication between nodes, a new challenge is elevated. Either the resilience against node capture attacks or the global connectivity will significantly decrease with time. In this paper, a new deployment model is developed for multiphase deployment sensor networks, and then a new key management scheme is further proposed. Compared with the existing schemes using deployment knowledge, our scheme has better performance in global connectivity, resilience against node capture attacks throughout their lifecycle.

#### 1. Introduction

Due to limited energy capacity of batteries and the possibility of node capture, the functional lifetime of sensor networks (SNs) generally is longer than the operational lifetime of single node. To keep networks working efficiently, multiple deployments of nodes are needed. In the paper, multiphase SNs (MSNs) are studied, in which new nodes are periodically redeployed with certain intervals, called multiphase, to replace the dead or compromised nodes.

When SNs are deployed in a hostile environment, security becomes extremely important as they are vulnerable to different types of malicious attacks [1–4]. Hence, it is important to protect communications among sensor nodes to maintain message confidentiality and integrity. As one of the most fundamental security services, pairwise key establishment enables sensor nodes to communicate securely with each other using cryptographic techniques.

Public-key operations (both software and hardware implementations), albeit computationally feasible [5, 6], consume energy approximately* three orders of magnitude* higher than symmetric key encryption [7]. Therefore, in the last few years, different key distribution schemes using symmetric key algorithms have been developed for SNs [8–26].

However, the security issue is still not solved for MSNs by using deployment knowledge. In the schemes [16, 17], a fraction of keys known by an attacker increases with the capture of nodes due to the repeated use of a fixed key pool. As a result, network security significantly declines with time. When a certain number of these nodes are captured, the adversary has enough keys to compromise a large number of links making the network ineffective. Addition of new nodes to the network with keys from the same key pool will not help because the keys in the new nodes are compromised. In [20], a multiphase key management scheme is proposed, in which a multiphase deployment model is used. However, it has the following shortcomings. (1) In a cell, only a few nodes which are not captured are working in a long time. (2) Nodes must know their location information. (3) The number of new nodes added to the network is fixed in every deployment, which will give rise to the number of nodes uncaptured in the network with time. Also, the key management scheme proposed based on the deployment model has the following shortcomings. (1) Nodes which reside in the same cell but are deployed in different phases cannot communicate with each other. As a result, the local connectivity is low. (2) The* global connectivity* will significantly decrease with time.

##### 1.1. Outline of Our Scheme

To sum up, the problem of authentication and pairwise key establishment between nodes is still not solved for MSNs. In this paper, the main focus is twofold. (1) A new multiphase deployment model is proposed for sensor networks. In the model, the deployment field is divided into hexagonal cells, each cell has a deployment point, and nodes which have the same point form a group. When the proportion of uncaptured nodes in a group is less than the threshold , new nodes are needed to be added to the cell. (2) A new key management scheme is proposed based on the deployment model. In our scheme, network deployment includes phases. For a cell, a disjoint and association phases’ key pool is created, which is generated by two-dimension backward key chains [21]. Key pool of each phase is divided into 7 equal size subkey pools. And nodes deployed in the th phase and deployed in a cell pick keys from the th-phase key pool of the cell and key pools which are created by neighbors cells of the cell .

##### 1.2. Main Contributions

The main contributions of this paper are summarized as follows.(1)A multiphase deployment model is presented. The model has the following two main advantages: (1) the number of nodes which are not captured in a cell can be controlled by adjusting the parameter ; (2) nodes do not need to know their location information.(2)A new method to construct key pools is proposed and a new key predistribution scheme is presented. The scheme can provide good performances in local connectivity, global connectivity, and resilience against node capture.

##### 1.3. Organization

The remainder of the paper is organized as follows. The existing schemes are summarized in Section 2. The model of deployment is introduced in Section 3. Our approach is proposed in Section 4 and the analysis and simulation results are provided in Section 5. Conclusion and future work are given in Section 6.

#### 2. Related Work

To improve the performance of key establishment, Du et al. [16] and Yu and Guan (YG scheme) [17] developed a scheme using predeployment knowledge, respectively. In [16], the network area is divided into a grid and information on the associated matrices is stored in the sensors based on deployment knowledge. In [17], the network area is divided into hexagonal cells. Compared with [16], the scheme achieves a higher connectivity with a much lower memory requirement and a shorter transmission range. In the two schemes, all nodes choose their keys from the same key pool. An attacker can easily obtain a large number of keys by capturing a small fraction of nodes, which can make SNs ineffective. The addition of new nodes to the network with keys from the same key pool will not help because the keys in the new nodes are already compromised. Therefore, for MSNs, the above two schemes are ineffective.

For MSNs, in [20], a scheme (ESPK scheme) is proposed using deployment knowledge, in which a multiphase deployment model is presented. In the model, the deployment field is divided into a grid. Each cell has a deployment point. Nodes which have the same deployment point form a group. The number of nodes in a group is . And it is supposed that a new group of nodes are needed to be added to a cell only when 90% of nodes in the cell are captured. The model has the following shortcomings. (1) To know the number of nodes in each cell, location information of nodes is needed. (2) If just 80% of nodes in a cell are captured, there are a few nodes in the cell that are working in a long time. (3) The number of new nodes added to the network is measured in a group, and the number of nodes in a group is fixed, which will give rise to the number of nodes in the network with time. On the other hand, the proposed key management scheme can provide good resilience against node capture by using disjoint key pools. However, nodes which come from different phases but are deployed in the same cell cannot establish shared keys. As a result, the local connectivity is low, and the global connectivity decreases significantly with time. So, the problem of secure is still not solved for MSNs using deployment knowledge.

#### 3. Deployment Knowledge and Threat Models

##### 3.1. Multiphase Deployment Knowledge Model

As shown in Figure 1, a target field is partitioned into hexagon cells, and each cell has a deployment point that resides in the center of the cell. Node distribution follows two-dimensional Gaussian distributions [27] with the deployment point as center.

Nodes which are deployed in the same cell form a group. And nodes deployed in the cell are denoted by . The number of nodes in is . is clustered into phases according to the deployment time. The -phase subgroup of is denoted by . In our scheme, represents the set of nodes whose deployment point locate in the cell and that are not captured, and (several schemes have been proposed to identify the compromised sensors in prior studies, such as [28]). When is less than the threshold , we should add new nodes to the cell. The can be calculated as follows:

In a deployment phase, if no new nodes are needed to be added to a cell, then the number of deployment phase of the cell remains unchanged. For example, in the second deployment phase, no new nodes are needed to be added to the cell ; the number of recent deployment phase of the cell is 1 not 2.

##### 3.2. Threat Model

Due to the short time period of the direct key establishment phase, it is reasonable to believe that only a limited number of sensor nodes may be compromised by an attacker [2, 20–23]. We further assume that if an attacker captures a node, all the keying information it holds will also be compromised.

In the scheme, the attack model is similar with [16], when an attacker locates in a cell, he can capture nodes around it.

#### 4. Our Scheme

##### 4.1. Two-Dimensional Backward Key Chain

In [21], a two-dimensional backward key chain is constructed (see Figure 2). For a two-dimensional backward key chain , if the key is known, the key (), the generation key , and the first key of the second dimensional key chain can be calculated as follows, respectively: , , and , where and are two independent hash functions. So, the key can be computed as follows: If the keys and are known, the key () can be computed using the following equation:

##### 4.2. Key Pool

In our scheme, the key pool is made up by two-dimensional backward key chains [21]. The key pool of the cell , namely, , which consists of two-dimensional backward hash key chains, is divided into phases according to the generation of the keys. represents the th-phase key pool of the cell . is divided into seven equal size subkey pools, and represents the th pool (see Figure 3). consists of the following two parts: one is a generation key pool and the other is an ordinary key pool .

##### 4.3. Our Scheme

Our scheme consists of three phases: key predistribution phase, shared-key discovery phase, and path-key establishment phase. Although path-key establishment phase is the same as, key predistribution phase and share-key discover phase are different in the previous schemes [16, 17, 20]. The details of our scheme are described below.

###### 4.3.1. Key Predistribution Phase

This phase is conducted offline before sensor nodes are deployed. A node deployed in the* i*th deployment phase and its deployment point locates in the cell , is predistributed the following keys.

*Step **1*. Select randomly and uniformly ( is a system parameter) keys from . In this step, the total number of predistribution keys of the node is .

*Step **2*. Select randomly and uniformly ( is a system parameter) keys from .

*Step **3*. Select randomly and uniformly ( is a system parameter) keys from , and meet the following condition: the number of keys from a two-dimensional backward hash key chain is no more than 1. For example, it is supposed that has been predistributed to and cannot be predistributed to .

*Step **4*. Select randomly and uniformly keys from , where is the neighbor cell of , represents the generation key pool of the cell , and denotes the recent deployment phase. For example, if the deployment phase of cells and is 2 and 3, respectively, and new nodes are needed to be added to cell , but no new nodes are needed to be added to cell ; then should pick keys from (see Figure 3). But if both cells and need to add new nodes, then and should pick keys from and (see Figure 3), respectively.

###### 4.3.2. Shared-Key Discovery Phase

In our scheme, after shared key establishment, each node should save the hashed keys in its key ring. For example, it is supposed that an sensor is pre-distributed two keys and . As soon as the shared keys establishment between and other nodes is finished, saves the two following hashed keys: and , where is the identity of node .

Next, we will describe the method for any two nodes and (in the following analysis, and are short for and ) to establish a shared key at length. Similarly, in the following analysis, it is supposed that , where and represent the deployment time of nodes and , respectively. And in our scheme, if nodes and are deployed in the same cell or the neighboring cells, then they can establish a pairwise key, otherwise, they cannot.

If and , when , the values of and are equal. The pairwise key between them consists of the following three parts (see Figure 4(a)): (1) generation keys, , which come from the generation key pools; (2) ordinary keys, , which come from the ordinary key pools ; (3) ordinary keys, which come from the ordinary key pool . For example, let keys and be predistributed to nodes and , respectively. Nodes and can calculate the keys and by using the keys and and the method described in Section 4.1. When (without loss of generality, it is supposed that ), the pairwise key between them consists of the following two parts (see Figure 4(b)). (1) hashed generation keys, . Node can calculate these keys by using the predistributed keys and the method described in Section 4.1 and in Section 4.3.2. (2) hashed ordinary keys, . Node can calculate these keys by using the predistributed keys from the key pool and the same method as the previous.

**(a)**

**(b)**

If cells and are neighbor cells, the values of and are equal to 0. When , shared keys between them include and ordinary keys (see Figure 5(a)), and , which come from the ordinary key pool () and (), respectively. Nodes and can calculate these keys by using these predistributed keys and , respectively. When (without loss of generality, it is supposed that ), common keys between them contain hashed ordinary keys (see Figure 5(b)), . Node can calculate these keys by using the generation keys of these keys and the same method as the previous.

**(a)**

**(b)**

As a result, if the number of shared keys is larger than 0, that is, , the shared key between them is hashed by all common keys.

#### 5. Performance Analysis and Simulation

In this section, we will analyze and simulate the performances of our scheme, including deployment model, local connectivity, communication overhead, and network resilience against node capture.

In the following experiments, the involved main parameters subsequent are defined as follows.(1)We consider a SN deployed over fields of 475 m by 520 m.(2)The area is divided into a hexagon and* len* is 50.(3)The center of each cell is the deployment point (see Figure 1).(4)The number of nodes in a is 50 .(5)The wireless communication range for a node is 40 m.(6)We assume that node deployment follows a two-dimensional Gaussian distribution [27], and its standard deviation is .(7)We assume that node deployment includes 5 phases. The value of is 0.7.(8)The number of key pool of a cell, namely, , is 175, and the length of a forward key chain is 30 .

##### 5.1.

In the capture model, when an attacker locates in a cell, he can capture nodes around it. In this paper, it is supposed that compromised nodes can be identified by using schemes proposed by some scholars, such as [28]. But how can we determine the value of when we do not know nodes’ location information? The value of and the actual number of uncaptured nodes in a cell are closely related. For example, in the first phase, if nodes in cell is 50, 50% of these nodes are captured, and the number of these captured nodes whose deployment points reside in cells , , , , , and is 16, 3, 2, 2, 1, and 1, respectively. Here, it is supposed that these captured nodes can be identified. Therefore, , , , , , and are equal to 0.68, 0.94, 0.96, 0.96, 0.98, and 0.98, respectively. When , no new nodes are needed to be added to these cells, which will cause that only a few uncaptured nodes in cell are working in a long time.

Figure 6 shows that the relation between the number of uncaptured nodes in a cell and the standard deviation of two-dimension normal distributions and . In our simulations, the number of nodes in each cell is about 48, and if a cell is compromised, about 50% nodes in the cell are captured. When the ratio of nodes uncaptured in the set is less than , new nodes are needed to be added to cell . The larger the σ, the smaller the number of new nodes which actually reside in cell . Therefore, when σ increases, the number of nodes captured in cell which come from decreases. To ensure that nodes uncaptured in each cell are many, we must increase . For example, after nodes are captured and new nodes are added to the network, to ensure that the average number of nodes in the captured cells is larger than 35, when and , the value of should be set to 0.6 and 0.7, respectively. However, when , even if equals 0.8, the above goal cannot be achieved. In addition, the frequency of adding new nodes to the network increases with the increase of . Therefore, the value of should be set in accordance with the specific condition. For example, when and , we can set to 0.7.

##### 5.2. Local Connectivity

For multiple deployment sensor networks, local connectivity is not only affected by the key predistribution method but also affected by the deployment model and the capture model. In this paper, only the analysis that local connectivity is affected by the key predistribution method is presented, that is, the probability of shared key between nodes and .

If and , when , the probability can be calculated as follows: and have different ways of picking their keys from the ordinary key pools and the generation key pools. It is supposed that and have two-dimensional backward key chains in common. The number of ways to pick* x*1 generation keys from generation key pools of neighbor cells and + ordinary keys from ordinary key pools (see Section 4.3.2) can be calculated as follows:
where can be calculated as

When (without loss of generality, it is supposed that ), . The number of ways to pick* x*1 generation keys from generation key pools of neighbor cells and the* x*3 ordinary keys from ordinary key pools (see Section 4.3.2) can be calculated as follows:
where can be calculated as

Hence, if and , we have

If cells and are neighbor cells, . When , and have different ways of picking ordinary keys from the ordinary key pool and ordinary keys from the generation key pool. The number of ways to pick the common keys can be calculated as follows: When (without loss of generality, it is supposed that ), . The number of ways to pick the keys can be calculated as follows:

Hence, if cells and are neighbor cells, we have

If cell and cell are not neighbor cells, the probability is equal to 0.

Figure 7 shows that local connectivity of our scheme is high. For example, when , , and , the local connectivity in the first phase is 0.936. And in this case, the number of keys predistributed to a node is only. In addition, Figure 7 shows that the larger the value of* t*1 and* t*3, the higher the local connectivity. For example, the value of increases from 5 to 15 and increases from 1 to 3; local connectivity increases by 0.135 and 0.117, respectively. However, in this case, for a node, the storage overheads increase by 60 and 14, respectively. As a result, we can have a conclusion that the parameter has a great influence on local connectivity. The larger the value of is, the higher the local connectivity is. However, the larger the value of , the more keys compromised when nodes are captured. If a node is captured, the number of keys compromised can be calculated by , where represents the deployment phase of node . When and are 5 and 30, respectively, increases from 1 to 3; the number of keys compromised increases by . Therefore, concerning safety, should be as small as possible. On the other hand, Figure 7 shows that the larger the number of deployment phases, the smaller the local connectivity. However, after multiple deployments, local connectivity can keep basically stable. For example, from the 4th phase to the 5th phase, local connectivity decreases by less than 0.01.

(a) , |

(b) , |

(c) , |

##### 5.3. Communication Overhead

If direct key establishment fails, two sensor nodes need to start on path-key establishment phase to establish a pairwise key with the help of other sensor nodes. To establish a pairwise key with node , node needs to find a sequence of nodes between itself and node such that any two adjacent nodes in this sequence can establish a direct key. For the sake of presentation, we call such a sequence of nodes a* key path.*

In this section, we investigate the number of hops required on this path for various parameters of our scheme. Let ph() be the probability that the smallest number of hops needed to connect two neighboring nodes is . Obviously, is local connectivity.

In our scheme, after the 5th deployment, the local connectivity keeps basically stable. So, we plot the values of , , , and of the four phases (see Figure 8). From the figure, we can observe that (i.e., the probability that at most 2 hops are required is essentially 1).

##### 5.4. Comparisons

In this section, performance and security between our scheme and YG scheme [17] and ESPK scheme [20], are compared. For the sake of fairness, in YG and ESPK, the method for processing keys is same as our scheme. In this simulation, , , and of our scheme is 10, 20, and 2, respectively. The predistribution keys of YG and ESPK scheme is same as our scheme. Other parameters are same as Section 5.

###### 5.4.1. Local Connectivity

With the same storage overhead, Figure 9 shows that, in each deployment phase, local connectivity of our scheme is higher than YG scheme and* ESPK scheme*. In* ESPK scheme*, nodes which come from different deployment phase but reside in the same cell cannot communicate with each other. Its local connectivity is the lowest. Fox example, in the fifth phase, local connectivity of our scheme, YG scheme, and ESPK scheme is 0.88, 0.86, and 0.46, respectively.

###### 5.4.2. Global Connectivity

If local connectivity is less than 1, nodes in SNs may be divided into one or more isolated components. Any two nodes in an isolated component can securely communicate with each other directly or indirectly (Figure 10). Global connectivity refers to the ratio of the number of nodes in the largest isolated component to the size of the whole network. If the ratio equals 98%, it means that 98% of the sensor nodes are connected securely and the remaining 2% are unreachable from the largest isolated component. So, global connectivity metric indicates the percentage of nodes that are wasted because of their unreachability.

In this work, we use simulation to estimate it. In* ESPK scheme*, nodes which reside in the same cell but are deployed in different deployment phases can establish shared keys only by using path keys. For a node, if it cannot find a path to establish shared key with neighbouring nodes, then it is an isolated node. Therefore, the global connectivity of the scheme is the lowest. Fox example, in the fifth phase, global connectivity of our scheme, YG scheme, and ESPK scheme is 0.99955, 0.99941, and 0.94499, respectively.

###### 5.4.3. Resilience

A scheme’s resilience toward node capture is evaluated by estimating the fraction of total network communications that are compromised by a capture of nodes* not including *the communications in which the compromised nodes are directly involved.

We conducted simulation tests on network resilience against node capture of the above three schemes. In our simulations, it is supposed that only a few nodes are compromised during the shared-key discovery phase. In ESPK scheme, the key pools of nodes from different deployment phase are different. Therefore, its network resilience against node capture is the best. In YG scheme, the key pool is fixed. Therefore, increases in the number of captured nodes will diminish network resilience. For example, when , Figure 11 shows the probability that a shared key is compromised in the first phase and the 5th phase is 0.04 and 0.31, respectively. In our scheme, the subkey pool of the th phase and the phase is disjoint, that is, (). Therefore, compared with YG scheme, our scheme can improve the performance in network resilience against node capture attacks. For example, when , in our scheme, the probability that shared keys are compromised in the 5th phase is 0.09.

#### 6. Conclusion and Future Work

In this paper, we proposed a new deployment model for multiple deployment sensor networks, based on which a new key management scheme is further presented. We conducted a comprehensive study on connectivity, network resilience of our scheme. The results showed that our scheme can significantly improve network resilience over the YG scheme [17]. Compared with the ESPK scheme [20], our scheme can significantly improve its local connectivity and global connectivity, although the resilience of our scheme is poorer than that of the scheme. We have presented both the analytical and numerical results. In our future work, we will study different attack models and the accuracy how attack model affects the results.

#### Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

#### Acknowledgments

This paper is partially supported by the National Natural Science Foundations of China (61232001 and 61173169), the Research Foundation of Education Committee of Hunan Province, China (13B057, 09A046 and 10A062), the Hunan Provincial Natural Science Foundation of China (12JJ2040), the Construct Program of the Key Discipline in Hunan Province, China, the Aid program for Science and Technology Innovative Research Team in Higher Educational Institute of Hunan Province, and the Construct Program of the Key Discipline in Hunan University of Humanities, Science and Technology.