Exploring Cryptographic Key Management Schemes for Enhanced Security in WSNs
Orcid profileFeb 28, 2025
About this article
Published Online: Feb 28, 2025
Page range: 18 - 37
DOI: https://doi.org/10.2478/ias-2025-0002
Keywords
© 2025 Khushboo Jain, published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Figure 1.
Pre-distribution Key Management Schemes_
| Eschenauer-Gligor Scheme | 2002 | Randomly pre-distribute keys to nodes from a key pool to establish common keys post-deployment. | Simple, scalable for small networks. | Vulnerable to node capture. | [ |
| Q-Composite Scheme | 2009 | Improves Eschenauer-Gligor by requiring multiple shared keys to establish communication. | Higher resilience against node capture. | Increased memory usage. | [ |
| Enhanced Random Key Distribution | 2018 | Adds redundancy and hashing to random pre-distribution for better resilience. | Stronger security, low overhead. | Increased computational costs. | [ |
| Multiple Key Pools | 2020 | Nodes are preloaded with keys from region-specific key pools to improve localization security. | Reduces key exposure. | Limited adaptability for mobility. | [ |
| Hybrid Key Pre-distribution | 2022 | Combines deterministic and random methods to ensure both security and scalability. | Balances security and efficiency. | Implementation complexity. | [ |
Challenges in key management in WSNs_
| SNs have limited computational power, memory, and energy, making it challenging to implement complex cryptographic algorithms. | [ |
|
| Large networks with thousands of SNs require scalability but key distribution and maintenance increase the complexity. | [ |
|
| SNs join or leave frequently due to mobility, failures, or environmental changes that require real-time key updates. | [ |
|
| SNs in hostile environments are prone to tampering and physical capture that can risk key exposure and network compromise. | [ |
|
| WSNs face eavesdropping, spoofing, and man-in-the-middle attacks which necessitate the need for robust key management protocols. | [ |
|
| Cryptographic operations consume significant energy, affecting the lifespan of battery-powered SNs. | [ |
Public Key Cryptography (PKC) Approaches in WSN_
| RSA-Based Encryption | 2010 | Uses large prime factorization for key generation in resource-constrained networks. | High security; well-established protocol. | High computational requirements. | [ |
| ECC-Based Key Management | 2015 | Utilizes elliptic curve cryptography for secure communication with smaller keys. | High security with low resource usage. | Computationally expensive for real-time updates. | [ |
| Hybrid PKC-Symmetric Schemes | 2019 | Combines PKC for initial key exchange with symmetric encryption for ongoing communication. | Efficient after initial exchange; scalable. | Vulnerable during the key negotiation phase. | [ |
| Lightweight ECC | 2020 | Optimizes ECC for WSNs by reducing algorithm complexity. | Suitable for resource-limited nodes; strong encryption. | Still more complex than symmetric methods. | [ |
| Quantum-Resilient PKC | 2022 | Adapts public key schemes to counter quantum computing attacks. | Future-proof against quantum threats. | Not yet standardized; higher energy consumption. | [ |
| Blockchain-Based Key Management | 2023 | Uses blockchain to manage and distribute public keys securely. | Decentralized and tamper resistant. | High storage and energy requirements. | [ |
| ECC with Energy-Aware Protocol | 2023 | Integrates ECC with energy-aware protocols to minimize power consumption. | Balances security and energy usage. | Limited testing in large networks. | [ |
| Post-Quantum ECC | 2024 | Enhances ECC with post-quantum algorithms to future-proof against advanced attacks. | High security and forward compatibility. | Computationally heavy for small nodes. | [ |
Research Solutions and description to Key Management in WSN_
| Hybrid Cryptographic Solutions | Combining lightweight cryptographic techniques with quantum-resistant algorithms for efficient security in WSNs. | [ |
| Adaptive Key Management | Dynamically adjusting key parameters based on factors like network conditions, traffic, and energy usage. | [ |
| Machine Learning for Optimization | Using AI to optimize energy usage, predict threats, and adjust cryptographic techniques in WSNs. | [ |
Matrix-based key management schemes in WSN_
| Blom’s Scheme | 2012 | An asymmetric matrix-based scheme that generates unique pairwise keys using a shared secret matrix. | High resilience to node capture. | Memory and computation overhead increase with network size. Not scalable for large networks. | [ |
| Efficient for small to medium networks. | |||||
| Triple Key Matrix Scheme | 2017 | Extends matrix-based schemes to provide triple key distribution for enhanced communication security. | High resilience to single-node capture. | Increased memory requirements. | [ |
| Supports multi-tier security. | Computationally intensive for large networks. | ||||
| Attack Matrix Scheme | 2018 | Uses dominance key sets in a cost-effective matrix design to secure communication. | Cost-effective design. | Limited applicability in highly dynamic networks. | [ |
| Resistant to various attacks. | Requires careful dominance set design. | ||||
| Suitable for clustered WSNs. | |||||
| Polynomial and Matrix-Based Scheme | 2019 | Combines polynomial-based key pre-distribution with matrix design for enhanced security. | Combines benefits of polynomial and matrix methods. | Higher computational overhead due to polynomial calculations. | [ |
| Strong security against node capture. | Complex setup for large networks. |
Dynamic Key Management Schemes in WSNs_
| LEAP (Localized Encryption and Authentication Protocol) | 2013 | Uses cluster heads for efficient key distribution in dynamic networks. | Scalable and efficient. | Cluster head compromise risk. | [ |
| Diffie-Hellman Protocol | 2013 | Dynamically establishes keys post-deployment through public-private key exchanges. | No pre-shared keys are required. | High computational overhead. | [ |
| Lightweight Key Update | 2019 | Reduces the cost of key updates in dynamic networks through periodic rekeying. | Energy-efficient updates. | Vulnerable to synchronization issues. | [ |
| Cluster Key Negotiation | 2021 | Dynamic key management within clusters for better adaptability in mobile WSNs. | Better adaptability. | Increased cluster head workload. | [ |
| An Efficient Secure Key Establishment Method in Cluster-Based WSNss | 2022 | Proposes lightweight key establishment using shared keys managed by cluster heads. | Low energy consumption and high efficiency. | Limited adaptability for heterogeneous networks. | [ |
| Adaptive Key Management | 2023 | Adjusts key update intervals based on network topology changes and threats. | Dynamic and threat adaptive. | Complexity in threat assessment. | [ |
| IHKM: An Improved Hierarchical Key Management Scheme | 2024 | An enhancement of hierarchical schemes, optimizing key distribution and security in cluster-based WSNs. | Better scalability and resilience to attacks. | Increased computational complexity. | [ |
Research Directions, Proposed Solutions, and Optimisation Methods Related to Key Management in WSN_
| Lightweight cryptography | Energy-aware cryptographic protocols and duty-cycling techniques aim to reduce energy consumption while maintaining security levels. | |
| Symmetric encryption replacement | Replacing computationally expensive public-key cryptography with more energy-efficient symmetric algorithms. | |
| Energy-efficient key distribution | Use of localized or hierarchical key distribution techniques to reduce communication overhead. | |
| Dynamic key revocation | Adaptive protocols that revoke keys once a node is compromised, minimizing the impact on the overall network. | |
| Distributed trust models | Employing decentralized approaches to ensure that compromised nodes do not breach the entire network’s security. | |
| Physical-layer security | Incorporation of techniques such as secret sharing and random key pre-distribution to make key extraction harder. | |
| Cluster-based key management | Using a cluster-head model to divide responsibilities, minimize communication overhead, and enhance scalability in large networks. | |
| Hierarchical key management | Multi-tiered architecture that efficiently distributes keys among different levels of the network. | |
| Hierarchical revocation strategies | Improving scalability by implementing efficient key revocation and update mechanisms that can scale with the network size. | |
| Lattice-based cryptography | Exploring quantum-resistant algorithms, such as lattice-based encryption, that can be applied in WSNs. | |
| Hash-based signatures | Use of quantum-secure hash-based schemes for signing messages and managing key distributions. | |
| Hybrid cryptosystems | Developing hybrid cryptographic schemes that combine classical and quantum-resistant algorithms for backward compatibility. |
Pairwise Key Establishment in WSN_
| Blom’s Scheme | 2012 | Uses a matrix-based approach for generating unique pairwise keys between nodes. | High resilience to node capture. | Computationally intensive. | [ |
| Polynomial-Based Scheme | 2017 | Employs polynomial functions for establishing secure pairwise keys among nodes. | Efficient for small groups. | Vulnerable to node tampering. | [ |
| ECC-Based Pairing | 2019 | Utilizes elliptic curve cryptography for pairwise key establishment in resource-constrained WSNs. | Strong security. | High computational overhead. | [ |
| ID-Based Key Agreement | 2019 | Leverages node identifiers for key establishment to reduce memory overhead. | Efficient and memory-saving. | Less flexible for dynamic networks. | [ |
Combinatorial-based key management schemes in WSN_
| 2021 | Proposes a scalable key management scheme that optimizes storage efficiency while ensuring secure key distribution in WSNs. | Reduces storage overhead, supports large-scale WSNs, and enhances security resilience. | Requires additional computational resources for key updates. | [ |
|
| 2014 | Introduces efficient key update methods for combinatorial-based key management schemes to enhance security. | Improves resilience against key compromise and reduces overhead for rekeying. | May introduce synchronization delays in large networks. | [ |
|
| 2019 | Develops a key pre-distribution scheme using combinatorial designs to optimize key sharing and security. | Enhances scalability, ensures deterministic key assignment, reduces storage requirements. | Requires careful parameter selection to balance security and connectivity. | [ |
|
| 2021 | Provides a comprehensive review of combinatorial design-based key management schemes for IoT and WSNs. | Identifies strengths and weaknesses of various combinatorial approaches, highlights emerging trends. | Some reviewed schemes may not be adaptable to dynamic network environments. | [ |
Comparison of Key Pool and Key Size in Key Management Schemes in WSN_
| High (low key-sharing probability) | Moderate (higher key-sharing probability) | High (strong encryption) | Low (vulnerable to brute force) | |
| High (requires more memory) | Low (minimal memory requirements) | High (large memory usage) | Low (minimal memory usage) | |
| Low (more keys to process) | High (fewer keys to process) | Low (computationally intensive) | High (less computational demand) | |
| Suitable for large networks | Suitable for small networks | Suitable for critical applications | Suitable for low-security setups |
Comparative Analysis of Key Management Schemes in WSN
| Simple to implement | Vulnerable to node capture | Small networks with low-security needs, where simplicity and cost-effectiveness are more important than high-security | |
| Minimal computation required | Limited security against node compromise | ||
| Flexible | High computational overhead | Suitable for dynamic networks where nodes frequently join or leave, such as mobile sensor networks or networks with changing topologies | |
| Adaptable to changes in the network | Requires communication for key exchange | ||
| Scalable | Vulnerability of cluster head | Large-scale networks or hierarchical setups, where SNs are grouped into clusters and a cluster head controls key management | |
| Efficient key management due to centralized control by the cluster head | Single point of failure if the cluster head is compromised | ||
| Efficient distribution and revocation of keys | Requires a central authority | Multi-tier networks, such as military surveillance or critical infrastructure, where different levels of security are required. | |
| Easy to scale in large networks | Single point of failure at higher tiers | ||
| High security | Complex setup | High-security applications such as military and defense where confidentiality between specific node pairs is critical. | |
| Resilient to node capture, as each pair has a unique key | Scalability issues with large networks | ||
| Strong security with asymmetric encryption | High computational and memory overhead | Critical infrastructure and applications requiring high security, such as IoT networks in healthcare and finance. | |
| Can support digital signatures for authenticity | Not ideal for resource-constrained devices | ||
| High resilience to node capture | Computationally intensive Scalability challenges for very large networks | Small to medium-sized networks requiring high security, such as industrial IoT, military networks, or healthcare sensor systems. | |
| Enables secure pairwise communication | |||
| Scalable with small to medium networks | Higher memory requirements for matrix storage | ||
| High scalability, resilience to node capture | Complex key distribution | Large-scale WSNs with high-security requirements and limited storage capacity | |
| Efficient key discovery | The trade-off between security and connectivity | ||
| Reduced memory overhead | Limited adaptability |
Hierarchical Key Management Schemes in WSNs_
| Logical Key Hierarchy (LKH) | 2010 | Uses a tree structure where higher-level nodes manage key distribution to lower-level nodes. | Efficient key revocation. | Requires central authority. | [ |
| Multi-Tier Key Management | 2015 | Divides the network into multiple tiers with different keys for different levels. | Scalable and secure. | Management complexity. | [ |
| Role-Based Key Distribution | 2017 | Assigns keys based on node roles within the network (e.g., sensors, aggregators). | Efficient and role aware. | Static role assignment challenges. | [ |
| Hybrid Hierarchical Scheme | 2022 | Combines LKH with cluster-based management to optimize scalability and security. | Balances hierarchy and efficiency. | Increased resource usage. | [ |