無線感測網路被廣泛使用於需要偵測並觀察環境變量的應用，例如早期地震偵測、建築物結構偵測、軍事偵察等用途。在本論文中，我們針對在使用隨機金鑰預分配機制，部屬於軍事環境的無線感測網路上，整理在網路遭受節點捕獲攻擊時的安全性分析。同時，我們提出了一個全新的攻擊方式，稱為捕獲金鑰重分配攻擊，並分析了相關的攻擊模式。此外，我們發現，當捕獲金鑰池的重疊指數超過0.05時，約有90%的機率，捕獲金鑰池的金鑰數目約略佔與原始金鑰池金鑰數目的10.5%。此項特性有利於攻擊者即使在不知原始金鑰池金鑰數目的情況下，透過計算捕獲金鑰池的重疊指數，來估測原始金鑰池金鑰數目的約略值，並進一步估算惡意節點與正常節點成功建立惡意連線的機率。

Wireless sensor networks (WSNs) have been widely used in many areas, such as early earthquake monitoring, building structure monitoring, and military surveillance. In this thesis, we focus on the wireless sensor network deployed in the battlefield, using random key predistribution scheme. Firstly we presented an analysis of the security impacts by node capture attack. Also, based on the node cloning attack, we proposed a new attack scheme, called compromised key redistribution attack, and discussed related attack scenarios. Besides, we have found out and conjectured that, when the overlapping factor of compromised key set is larger than 0.05, it is very possible (almost 90%) that the number of distinct compromised keys is 10.5% of the original key pool. This conjecture helps the adversary estimate the approximated size of original key pool by calculating the overlapping factor, thus calculate the probability that malicious nodes successfully establish connections with legitimate nodes.

1. Introduction 1
1.1 Organization 2
2. Backgrounds 3
2.1 Wireless Sensor Networks 3
2.2 Properties of the Wireless Sensor Networks 5
2.3 Key Management Schemes for Wireless Sensor Networks 6
3. Related Works 7
3.1 The Random Key Predistribution Scheme 9
3.2 q-composite Key Predistribution Scheme 12
3.3 Polynomial-based Key Predistribution Scheme 15
3.4 Polynomial-Pool Based Key Predistribution Scheme 16
3.5 Matrix-based Key Predistribution Scheme 18
3.6 Attacks on Wireless Sensor Network 20
4. Analysis of Node Capture Attack 21
4.1 Probability of Unsecure Link due to a Compromised Node 21
4.2 Analysis of the Average Number of Compromised Links 22
4.3 Analysis from Statistical Perspective 24
4.4 Cloned Nodes Detection Algorithms 25
5. The Proposed Scheme 27
5.1 Network Model 27
5.2 Adversary Model 27
5.3 Attack Scenarios 29
5.4 Model of the Compromised Key Set 30
5.5 Estimation of the Size of Original Key Pool 33
5.6 Simulation 35
6. Conclusions 40
7. Future Work 40
References 41

[1] K. Chintalapudi, T. Fu, J. Paek, N. Kothari, S. Rangwala, J. Caffrey, R. Govindan, E. Johnson, and S. Masri, "Monitoring civil structures with a wireless sensor network," Journal of Internet Computing, IEEE, vol. 10, pp. 26-34, 2006.
[2] G. Tia, D. Greenspan, M. Welsh, R. Juang, and A. Alm, "Vital Signs Monitoring and Patient Tracking Over a Wireless Network," in Conference of the Engineering in Medicine and Biology Society, 2005, pp. 102-105.
[3] C. Otto, C. Sanders, and E. Jovanov, "System architecture of a wireless body area sensor network for ubiquitous health monitoring," Journal of Mobile Multimedia, vol. 1, pp. 307-326, 2006.
[4] Smart Dust. Available: http://robotics.eecs.berkeley.edu/~pister/SmartDust/
[5] TinyOS. Available: http://www.tinyos.net/
[6] E. Shih, S.-H. Cho, N. Ickes, R. Min, A. Sinha, A. Wang, and A. Chandrakasan, "Physical layer driven protocol and algorithm design for energy-efficient wireless sensor networks," presented at the Proceedings of the 7th annual international conference on Mobile computing and networking, 2001.
[7] M. A. Simplicio Jr, P. S. L. M. Barreto, C. B. Margi, and T. C. M. B. Carvalho, "A survey on key management mechanisms for distributed Wireless Sensor Networks," Journal of Computer Networks, vol. 54, pp. 2591-2612, 2010.
[8] D. J. Malan, M. Welsh, and M. D. Smith, "A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography," in Conference of Sensor and Ad Hoc Communications and Networks (SECON), 2004, pp. 71-80.
[9] A. Liu and P. Ning, "TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks," in International Conference on Information Processing in Sensor Networks, 2008, pp. 245-256.
[10] L. Eschenauer and V. D. Gligor, "A key-management scheme for distributed sensor networks," in Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002, pp. 41-47.
[11] D. Liu, P. Ning, and R. Li, "Establishing pairwise keys in distributed sensor networks," ACM Transactions on Information and System Security (TISSEC), vol. 8, pp. 41-77, 2005.
[12] C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, "Perfectly-Secure Key Distribution for Dynamic Conferences," in Advances in Cryptology. vol. 740, ed: Springer Berlin / Heidelberg, 1993, pp. 471-486.
[13] J. Zhang and V. Varadharajan, "Wireless sensor network key management survey and taxonomy," Journal of Network and Computer Applications, vol. 33, pp. 63-75, 2010.
[14] C.-Y. Chen and H.-C. Chao, "A survey of key distribution in wireless sensor networks," Security and Communication Networks, 2011.
[15] Y. Xiao, V. K. Rayi, B. Sun, X. Du, F. Hu, and M. Galloway, "A survey of key management schemes in wireless sensor networks," Journal of Computer communications, vol. 30, pp. 2314-2341, 2007.
[16] A. S. K. Pathan, L. Hyung-Woo, and H. Choong Seon, "Security in wireless sensor networks: issues and challenges," in Internation Conference of Advanced Communication Technology(ICACT), 2006, pp. 1043 - 1048.
[17] D. Kundur, W. Luh, U. N. Okorafor, and T. Zourntos, "Security and Privacy for Distributed Multimedia Sensor Networks," Proceedings of the IEEE, vol. 96, pp. 112-130, 2008.
[18] W. Yong, G. Attebury, and B. Ramamurthy, "A survey of security issues in wireless sensor networks," IEEE Journal of Communications Surveys & Tutorials, vol. 8, pp. 2-23, 2006.
[19] S. V. A. Jeba, B. Paramasivan, and D. Usha, "Security Threats and its Countermeasures in Wireless Sensor Networks: An Overview," 2011.
[20] R. C. Merkle, "Secure communications over insecure channels," Communications of the ACM, vol. 21, pp. 294-299, 1978.
[21] J. H. Spencer, The strange logic of random graphs: Springer Verlag, 2001.
[22] H. Chan, A. Perrig, and D. Song, "Random key predistribution schemes for sensor networks," IEEE Symposium on Research in Security and Privacy, 2003.
[23] R. Blom, "An optimal class of symmetric key generation systems," 1985, pp. 335-338.
[24] Y. Chia-Mu, L. Chun-Shien, and K. Sy-Yen, "A Simple Non-Interactive Pairwise Key Establishment Scheme in Sensor Networks," in IEEE Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), 2009, pp. 1-9.
[25] J. Newsome, E. Shi, D. Song, and A. Perrig, "The sybil attack in sensor networks: analysis & defenses," in International symposium on Information processing in sensor networks, 2004, pp. 259-268.
[26] Y. C. Hu, A. Perrig, and D. B. Johnson, "Packet leashes: a defense against wormhole attacks in wireless networks," in IEEE International Conference on Computer Communications (INFOCOM), 2003, pp. 1976-1986 vol.3.
[27] C. Karlof and D. Wagner, "Secure routing in wireless sensor networks: attacks and countermeasures," Journal of Ad Hoc Networks, vol. 1, pp. 293-315, 2003.
[28] T. Bonaci, L. Bushnell, and R. Poovendran, "Probabilistic analysis of covering and compromise in a node capture attack," Network Security Lab (NSL), Seattle, WA, Techical Report, vol. 1, 2010.
[29] B. Parno, A. Perrig, and V. Gligor, "Distributed detection of node replication attacks in sensor networks," in IEEE Symposium on Security and Privacy, 2005, pp. 49-63.
[30] Z. Bo, S. Setia, S. Jajodia, S. Roy, and W. Lingyu, "Localized Multicast: Efficient and Distributed Replica Detection in Large-Scale Sensor Networks," IEEE Transactions on Mobile Computing, vol. 9, pp. 913-926, 2010.