Exploring Cryptographic Key Management Schemes for Enhanced Security in WSNs
Profil Orcid
Data publikacji: 28 lut 2025
Zakres stron: 18 - 37
DOI: https://doi.org/10.2478/ias-2025-0002
Słowa kluczowe
© 2025 Khushboo Jain, published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Key management is a foundation of security in Wireless Sensor Networks (WSNs) which enables secure communication for a wide range of real-world applications such as healthcare monitoring, military operations, and smart grid systems. WSNs consist of spatially distributed sensor nodes (SNs) that monitor physical or environmental conditions like temperature, humidity, and pressure [1,2]. These networks are integral to a wide array of applications which include healthcare, military operations, environmental monitoring, smart cities, and industrial automation [3]. The criticality of WSNs lies not only in their ability to facilitate real-time data collection but also in the sensitivity and security of the transmitted data [4,5]. Due to the resource-constrained nature of SNs, ensuring robust security in these networks presents significant challenges [6]. WSNs face unique challenges which include limited energy resources, the need for scalable key management to support large-scale networks, and resilience to node capture in hostile environments. For instance, in smart cities efficient energy use is critical for ensuring the longevity of SNs deployed for environmental monitoring, while military networks demand robust security against physical node capture.
Key management is considered the backbone of cryptographic security in WSNs which plays a pivotal role in ensuring data confidentiality, integrity, and authenticity across the network [7]. It encompasses the secure generation, distribution, storage, and revocation of cryptographic keys. Traditional key management schemes often struggle to balance security, energy efficiency, and scalability, particularly in large-scale deployments [8,9]. Recent advancements in lightweight cryptography and distributed schemes aim to address these challenges, paving the way for innovative solutions in key management tailored for resource-constrained environments.
Recent research has explored various key management schemes, including lightweight cryptography, hierarchical models, and distributed trust frameworks [10]. However, these surveys often focus on specific subsets of key management schemes and fail to comprehensively address challenges such as post-quantum resilience, scalability for large networks, and real-time adaptability to dynamic environments. This study aims to fill these gaps by providing a holistic analysis of key management schemes across different design principles, their trade-offs, and their suitability for evolving applications like IoT and smart cities.
This work provides a detailed review of key management schemes, categorizing them based on their design principles, such as symmetric, asymmetric, and hybrid approaches, and analyzing their suitability for diverse WSN applications. By examining the strengths and limitations of these schemes, the review aims to guide the selection of appropriate key management techniques for specific use cases in WSNs.
The rest of the work is organized as follows: Section 2 discusses the challenges in key management while highlighting the unique constraints and issues faced in these networks. Section 3 explores the various categories of key management schemes and provides a detailed analysis of their design principles and applications. Section 4 presents the role of the key pool and key size in key management schemes. Section 5 explores open issues and research directions in key management and identifies areas for future improvement and innovation. Finally, Section 6 concludes the discussion and summarizes key insights and findings.
Key management in WSNs faces several challenges due to the unique constraints and operational environments of these networks. Table 1 summarizes these challenges. Sensor nodes (SNs) in WSNs are typically limited in computational power, memory, and energy capacity. These constraints make it difficult to implement computationally intensive cryptographic algorithms and protocols. The need for lightweight and efficient cryptographic mechanisms is critical to prolonging network lifetime and ensuring security [11,12].
Challenges in key management in WSNs.
| SNs have limited computational power, memory, and energy, making it challenging to implement complex cryptographic algorithms. | [10,11] | |
| Large networks with thousands of SNs require scalability but key distribution and maintenance increase the complexity. | [12,13] | |
| SNs join or leave frequently due to mobility, failures, or environmental changes that require real-time key updates. | [14,15] | |
| SNs in hostile environments are prone to tampering and physical capture that can risk key exposure and network compromise. | [16,17] | |
| WSNs face eavesdropping, spoofing, and man-in-the-middle attacks which necessitate the need for robust key management protocols. | [18,19] | |
| Cryptographic operations consume significant energy, affecting the lifespan of battery-powered SNs. | [20,21,22] |
Energy efficiency is a critical consideration in key management for WSNs, as SNs are typically powered by limited-capacity batteries. To ensure prolonged network operation, it is essential to adopt energy-efficient cryptographic methods and leverage innovative energy sources.
Lightweight cryptographic algorithms are specifically designed to operate within the constraints of resource-limited devices. One such method is Elliptic Curve Cryptography (ECC), which offers strong security with smaller key sizes compared to traditional algorithms like RSA. For instance, a 256-bit ECC key provides equivalent security to a 3072-bit RSA key, significantly reducing computational overhead and energy consumption. Similarly, lightweight implementations of symmetric encryption, such as the AES with optimized key lengths, are widely used for secure and energy-efficient communication.
Other techniques, such as hash-based authentication and streamlined key distribution protocols, further reduce the energy cost of cryptographic operations by minimizing the number of computationally intensive tasks required during communication. These methods ensure that key management tasks are performed efficiently without compromising security.
Energy harvesting is an emerging solution to address the power limitations of WSNs. By utilizing ambient energy sources such as solar, thermal, or vibrational energy, sensor nodes can recharge their batteries and sustain cryptographic operations for longer durations. For example, solar-powered nodes equipped with small photovoltaic panels can harness sunlight to support energy-intensive processes, including key exchange and periodic rekeying.
Integrating energy harvesting with lightweight cryptographic protocols can further enhance the sustainability of WSNs. For instance, combining energy-aware clustering algorithms with solar-powered nodes ensures efficient key management in large-scale networks. This approach not only reduces reliance on battery power but also increases the operational lifespan of the network. Energy-efficient techniques are particularly relevant in real-world applications like environmental monitoring, where sensor nodes are deployed in remote areas and operate for extended periods without maintenance. Additionally, smart city infrastructures and military networks benefit from these methods by ensuring secure and uninterrupted communication despite energy constraints. By adopting lightweight cryptographic algorithms and leveraging energy harvesting methods, WSNs can achieve a balance between robust security and energy efficiency, making them more viable for long-term deployment in resource-constrained environments.
In this work, the key management schemes in WSNs can be categorized into six different types based on their design principles, each with specific characteristics, advantages, and limitations. Figure 1 presents the various categories of Key management schemes in WSNs.
Categories of Key management schemes in WSNs.
The Random Key Pre-distribution scheme is simple to implement and requires minimal computation, making it suitable for small networks with low-security needs where simplicity and cost-effectiveness are prioritized. However, it is vulnerable to node capture and offers limited security against node compromise. The Dynamic Key Management scheme is flexible and adaptable to network changes, making it ideal for dynamic networks where nodes frequently join or leave, such as mobile sensor networks or networks with changing topologies. However, it has high computational overhead and requires communication for key exchange. The Cluster-based Management scheme is scalable and enables efficient key management through centralized control by a cluster head, making it suitable for large-scale networks or hierarchical setups where SNs are grouped into clusters. However, it is vulnerable to a single point of failure if the cluster head is compromised.
The Hierarchical Management scheme allows efficient distribution and revocation of keys and is easy to scale in large networks, making it suitable for multi-tier networks such as military surveillance or critical infrastructure. However, it relies on a central authority, which introduces a single point of failure at higher tiers. The Pairwise Key Establishment scheme provides high security and is resilient to node capture, as each pair has a unique key. It is suitable for high-security applications such as military and defense, where confidentiality between specific node pairs is critical. However, it has a complex setup and faces scalability challenges in large networks. Lastly, Public Key Cryptography (PKC) offers strong security with asymmetric encryption and supports digital signatures for authenticity, making it ideal for critical infrastructure and applications requiring high security, such as IoT networks in healthcare and finance. However, it has high computational and memory overhead, making it unsuitable for resource-constrained devices. Table 2 presents the comparison of different types of Key Management Schemes in WSNs.
Comparative Analysis of Key Management Schemes in WSN
| Simple to implement | Vulnerable to node capture | Small networks with low-security needs, where simplicity and cost-effectiveness are more important than high-security | |
| Minimal computation required | Limited security against node compromise | ||
| Flexible | High computational overhead | Suitable for dynamic networks where nodes frequently join or leave, such as mobile sensor networks or networks with changing topologies | |
| Adaptable to changes in the network | Requires communication for key exchange | ||
| Scalable | Vulnerability of cluster head | Large-scale networks or hierarchical setups, where SNs are grouped into clusters and a cluster head controls key management | |
| Efficient key management due to centralized control by the cluster head | Single point of failure if the cluster head is compromised | ||
| Efficient distribution and revocation of keys | Requires a central authority | Multi-tier networks, such as military surveillance or critical infrastructure, where different levels of security are required. | |
| Easy to scale in large networks | Single point of failure at higher tiers | ||
| High security | Complex setup | High-security applications such as military and defense where confidentiality between specific node pairs is critical. | |
| Resilient to node capture, as each pair has a unique key | Scalability issues with large networks | ||
| Strong security with asymmetric encryption | High computational and memory overhead | Critical infrastructure and applications requiring high security, such as IoT networks in healthcare and finance. | |
| Can support digital signatures for authenticity | Not ideal for resource-constrained devices | ||
| High resilience to node capture | Computationally intensive Scalability challenges for very large networks | Small to medium-sized networks requiring high security, such as industrial IoT, military networks, or healthcare sensor systems. | |
| Enables secure pairwise communication | |||
| Scalable with small to medium networks | Higher memory requirements for matrix storage | ||
| High scalability, resilience to node capture | Complex key distribution | Large-scale WSNs with high-security requirements and limited storage capacity | |
| Efficient key discovery | The trade-off between security and connectivity | ||
| Reduced memory overhead | Limited adaptability |
Pre-distribution schemes involve assigning cryptographic keys to SNs before deployment, ensuring that nodes can establish secure communication upon entering the network [23,24,25,26,27]. Table 3 lists the major Pre-distribution Key Management Schemes of WSNs along with their description, advantages, and disadvantages.
Pre-distribution Key Management Schemes.
| Eschenauer-Gligor Scheme | 2002 | Randomly pre-distribute keys to nodes from a key pool to establish common keys post-deployment. | Simple, scalable for small networks. | Vulnerable to node capture. | [23] |
| Q-Composite Scheme | 2009 | Improves Eschenauer-Gligor by requiring multiple shared keys to establish communication. | Higher resilience against node capture. | Increased memory usage. | [24] |
| Enhanced Random Key Distribution | 2018 | Adds redundancy and hashing to random pre-distribution for better resilience. | Stronger security, low overhead. | Increased computational costs. | [25] |
| Multiple Key Pools | 2020 | Nodes are preloaded with keys from region-specific key pools to improve localization security. | Reduces key exposure. | Limited adaptability for mobility. | [26] |
| Hybrid Key Pre-distribution | 2022 | Combines deterministic and random methods to ensure both security and scalability. | Balances security and efficiency. | Implementation complexity. | [27] |
In random key pre-distribution schemes, each SN is assigned a random subset of keys drawn from a large key pool. After the deployment of the network, nodes can establish shared keys by identifying common keys within their assigned subsets. This approach has several advantages. It is simple to implement and requires minimal computational resources, making it suitable for resource-constrained environments, which is a typical characteristic of WSNs. However, this method also has notable disadvantages. One of the main drawbacks is its vulnerability to node capture attacks. If an attacker compromises a node, they can potentially extract the keys stored in that node, thereby compromising the security of the entire network, especially when the number of shared keys increases. This issue becomes more prominent in large-scale networks, where the probability of key sharing increases with the size of the key pool, making them more susceptible to adversarial exploitation. Thus, while the simplicity and low resource requirement make it appealing for some applications, the vulnerability to attacks limits its applicability in highly secure environments.
In probabilistic key pre-distribution schemes keys are distributed across nodes in such a way that each node has a probabilistic chance of sharing at least one key with another node. This approach allows for more flexible key management compared to simple random key pre-distribution by increasing the likelihood of nodes having shared keys while maintaining a reduced computational complexity. A notable example of this approach is the q-composite key scheme, which enhances network resilience by requiring nodes to share multiple keys to establish communication. This means that even if some keys are compromised, communication between nodes remains secure as long as at least one key remains intact. One of the key advantages of probabilistic key pre-distribution over random key pre-distribution is its improved network resilience. It provides a higher level of security by minimizing the risk that a single node compromise can lead to the breakdown of communication across the network. However, the scheme comes with some trade-offs. The complexity of key matching and key establishment is slightly increased, as nodes must find multiple shared keys, which may require additional processing. This added complexity can result in a modest increase in overhead, but the benefits in terms of resilience and security often outweigh the drawbacks, particularly in large-scale or high-security networks.
Dynamic schemes establish or update keys during the network’s operation, adapting to environmental changes or threats [28,29,30,31,32,33,34]. Table 4 lists the major Dynamic Key Management Schemes of WSNs along with their description, advantages, and disadvantages.
Dynamic Key Management Schemes in WSNs.
| LEAP (Localized Encryption and Authentication Protocol) | 2013 | Uses cluster heads for efficient key distribution in dynamic networks. | Scalable and efficient. | Cluster head compromise risk. | [28] |
| Diffie-Hellman Protocol | 2013 | Dynamically establishes keys post-deployment through public-private key exchanges. | No pre-shared keys are required. | High computational overhead. | [29] |
| Lightweight Key Update | 2019 | Reduces the cost of key updates in dynamic networks through periodic rekeying. | Energy-efficient updates. | Vulnerable to synchronization issues. | [30] |
| Cluster Key Negotiation | 2021 | Dynamic key management within clusters for better adaptability in mobile WSNs. | Better adaptability. | Increased cluster head workload. | [31] |
| An Efficient Secure Key Establishment Method in Cluster-Based WSNss | 2022 | Proposes lightweight key establishment using shared keys managed by cluster heads. | Low energy consumption and high efficiency. | Limited adaptability for heterogeneous networks. | [32] |
| Adaptive Key Management | 2023 | Adjusts key update intervals based on network topology changes and threats. | Dynamic and threat adaptive. | Complexity in threat assessment. | [33] |
| IHKM: An Improved Hierarchical Key Management Scheme | 2024 | An enhancement of hierarchical schemes, optimizing key distribution and security in cluster-based WSNs. | Better scalability and resilience to attacks. | Increased computational complexity. | [34] |
In key establishment protocols, nodes negotiate cryptographic keys after deployment, using protocols such as Diffie-Hellman to establish secure communication channels. This approach does not rely on pre-distributed keys, providing greater flexibility and adaptability to dynamic environments. Since the keys are generated during network operation, there is no need for pre-configuration, making this method ideal for networks where nodes may frequently join or leave, or where a centralized key distribution approach would be impractical. The flexibility of this method allows it to be commonly used in environments with highly dynamic network topologies, such as mobile ad hoc networks or emergency response. However, the primary disadvantage of key establishment protocols is their computational intensity. The cryptographic operations involved, such as key exchanges and encryption processes, require significant processing power and energy consumption. This makes the method less suitable for resource-constrained environments, where the nodes may have limited computational resources and battery life. Despite these challenges, the adaptability and security provided by key establishment protocols make them an attractive solution for dynamic and scalable WSNs, particularly when security and flexibility are paramount.
In cluster-based key management schemes, the network is divided into clusters, and each cluster has a designated cluster head responsible for managing key distribution within the cluster. This approach significantly reduces the overhead associated with managing keys across the entire network, as only the cluster head handles the key distribution for the nodes within its cluster, minimizing the need for global key management processes. Additionally, cluster-based management enhances the scalability of large WSNs by limiting the key management tasks to smaller, localized groups. This structure makes the network more manageable as it grows, improving the overall efficiency of key distribution and communication. However, a key disadvantage of this method is its vulnerability to the compromise of cluster heads. If a cluster head is captured or compromised by an attacker, all the keys within that cluster can be exposed, potentially leading to the failure of secure communication across the entire cluster. To mitigate this, some schemes implement mechanisms to rotate or reassign cluster heads periodically. An example of cluster-based key management is the LEAP (Localized Encryption and Authentication Protocol) scheme, which leverages localized communication to improve key management efficiency. LEAP minimizes the computational overhead by enabling secure communication within individual clusters, while also providing security mechanisms to address node compromises. Despite its advantages in scalability and efficiency, the vulnerability of cluster heads remains a challenge that requires careful attention in large-scale deployments.
Hierarchical schemes use a multi-tier architecture where keys are distributed and managed based on the network hierarchy [35,36,37,38]. Table 5 presents the major Hierarchical Key Management Schemes of WSNs along with their description, advantages, and disadvantages. In key tree-based management schemes, a hierarchical tree structure is employed, where higher-tier nodes manage the keys for their lower-tier counterparts. This method streamlines the key distribution and revocation processes, as key updates can be propagated efficiently through the tree structure. By structuring the network in a way that allows key management at different levels, this approach helps maintain security while minimizing the computational overhead on individual nodes. One of the key advantages of this method is its ability to efficiently handle the distribution and revocation of keys, ensuring that new keys can be quickly propagated when necessary. However, the scheme has a significant drawback: it requires a central authority to manage the tree structure. If this central authority is compromised, the security of the entire network can be jeopardized, as it can impact the management of keys across the hierarchy. An example of a widely adopted hierarchical key management scheme is the Logical Key Hierarchy (LKH). LKH uses a tree structure to organize keys and ensure that key distribution and revocation are performed efficiently. The method is often employed in large-scale wireless WSNs, where it helps reduce the complexity of managing keys for each node. While LKH is effective in providing secure and efficient key management, its reliance on a central authority means that mitigating the risk of compromise at higher levels of the hierarchy is crucial for the scheme’s overall security. Node location plays a vital role in cluster-based and hierarchical key management schemes. By grouping nodes based on proximity, communication overhead can be minimized, improving energy efficiency and scalability. For instance, region-specific key pools, as used in the Multiple Key Pools scheme leverage node location to localize security breaches and enhance network resilience.
Hierarchical Key Management Schemes in WSNs.
| Logical Key Hierarchy (LKH) | 2010 | Uses a tree structure where higher-level nodes manage key distribution to lower-level nodes. | Efficient key revocation. | Requires central authority. | [35] |
| Multi-Tier Key Management | 2015 | Divides the network into multiple tiers with different keys for different levels. | Scalable and secure. | Management complexity. | [36] |
| Role-Based Key Distribution | 2017 | Assigns keys based on node roles within the network (e.g., sensors, aggregators). | Efficient and role aware. | Static role assignment challenges. | [37] |
| Hybrid Hierarchical Scheme | 2022 | Combines LKH with cluster-based management to optimize scalability and security. | Balances hierarchy and efficiency. | Increased resource usage. | [38] |
In pairwise key establishment, each pair of nodes creates a unique shared key for secure communication [39,40,41,42]. Table 6 lists the few Pairwise Key Establishment Schemes of WSNs along with their description, advantages, and disadvantages. Blom’s Scheme is a matrix-based key management approach that enables nodes within a network to calculate a shared key with any other node without the need for pre-distribution. The system works by using a matrix to generate unique keys for node pairs, with each node possessing a row of the matrix. By combining its row with the row of another node, a shared key can be computed, ensuring that communication between any two nodes is encrypted with a unique key. One of the major advantages of Blom’s Scheme is its high resilience to node capture attacks. Even if one node is compromised, only a limited amount of information is exposed, reducing the overall risk to the network’s security. This feature makes it especially effective in environments where physical security is a concern, as compromising a single node does not allow attackers to access all the keys in the network. However, the scheme has scalability limitations. As the network grows, the need for carefully selecting and managing the matrix becomes more challenging, particularly in resource-constrained environments. The complexity of the matrix also introduces overhead in both computation and storage, making the scheme less suitable for large-scale networks. Blom’s Scheme is most suitable for small to medium-sized networks that require high security, such as in military or industrial applications, where the number of nodes is manageable, but security needs are paramount.
Pairwise Key Establishment in WSN.
| Blom’s Scheme | 2012 | Uses a matrix-based approach for generating unique pairwise keys between nodes. | High resilience to node capture. | Computationally intensive. | [39] |
| Polynomial-Based Scheme | 2017 | Employs polynomial functions for establishing secure pairwise keys among nodes. | Efficient for small groups. | Vulnerable to node tampering. | [40] |
| ECC-Based Pairing | 2019 | Utilizes elliptic curve cryptography for pairwise key establishment in resource-constrained WSNs. | Strong security. | High computational overhead. | [41] |
| ID-Based Key Agreement | 2019 | Leverages node identifiers for key establishment to reduce memory overhead. | Efficient and memory-saving. | Less flexible for dynamic networks. | [42] |
PKC approaches leverage asymmetric cryptographic methods, which, despite being resource-intensive, are applied in certain WSN contexts [43,44,45,46,47,48,49]. Table 7 lists the few PKC approaches of WSNs along with their description, advantages, and disadvantages. ECC is a widely used cryptographic technique that offers strong security with significantly smaller key sizes compared to traditional public key cryptography methods, such as RSA. This characteristic makes ECC particularly suitable for WSNs, where SNs are often constrained by limited computational power, memory, and energy resources. The main advantage of ECC lies in its ability to provide equivalent or even superior security with much smaller key sizes, which reduces the computational and memory demands on SNs, making it an attractive solution for resource-constrained environments. However, despite its efficiency in terms of key size, ECC still involves a higher computational overhead than symmetric key schemes, which may limit its suitability for applications requiring extremely low power consumption and minimal computational load. ECC is particularly effective in high-security applications such as military or healthcare networks, where securing communication and data integrity is of paramount importance. Given its relatively low computational requirements and high security, ECC is increasingly integrated into advanced WSNs where both security and energy efficiency are critical considerations.
Public Key Cryptography (PKC) Approaches in WSN.
| RSA-Based Encryption | 2010 | Uses large prime factorization for key generation in resource-constrained networks. | High security; well-established protocol. | High computational requirements. | [43] |
| ECC-Based Key Management | 2015 | Utilizes elliptic curve cryptography for secure communication with smaller keys. | High security with low resource usage. | Computationally expensive for real-time updates. | [44] |
| Hybrid PKC-Symmetric Schemes | 2019 | Combines PKC for initial key exchange with symmetric encryption for ongoing communication. | Efficient after initial exchange; scalable. | Vulnerable during the key negotiation phase. | [45] |
| Lightweight ECC | 2020 | Optimizes ECC for WSNs by reducing algorithm complexity. | Suitable for resource-limited nodes; strong encryption. | Still more complex than symmetric methods. | [46] |
| Quantum-Resilient PKC | 2022 | Adapts public key schemes to counter quantum computing attacks. | Future-proof against quantum threats. | Not yet standardized; higher energy consumption. | [47] |
| Blockchain-Based Key Management | 2023 | Uses blockchain to manage and distribute public keys securely. | Decentralized and tamper resistant. | High storage and energy requirements. | [48] |
| ECC with Energy-Aware Protocol | 2023 | Integrates ECC with energy-aware protocols to minimize power consumption. | Balances security and energy usage. | Limited testing in large networks. | [49] |
| Post-Quantum ECC | 2024 | Enhances ECC with post-quantum algorithms to future-proof against advanced attacks. | High security and forward compatibility. | Computationally heavy for small nodes. | [50] |
Asymmetric cryptography, such as RSA and ECC is highly secure due to its reliance on computationally intensive problems like prime factorization or elliptic curve discrete logarithms. While RSA remains popular, ECC has gained prominence for its strong security at smaller key sizes, making it suitable for resource-constrained WSNs. Recent advancements, such as lightweight ECC variants and hybrid approaches combining symmetric and asymmetric methods, have further enhanced their applicability in IoT and critical infrastructure [44,50].
Quantum-resistant cryptography, such as lattice-based encryption can be implemented in WSN by optimizing these algorithms for lightweight operations. For example, researchers focus on reducing the computational complexity of lattice-based schemes, allowing them to be applied in resource-constrained environments [47,50]. Techniques like reducing key sizes, simplifying encryption and decryption processes, or using hardware accelerators can ensure minimal resource overhead. By integrating these quantum-resistant methods into a hybrid cryptographic approach (e.g., combining asymmetric lattice-based encryption with symmetric encryption for data transmission), WSNs can maintain robust security against quantum threats without significantly impacting energy consumption or processing power.
Matrix-based key management schemes in WSN leverage mathematical constructs like matrices and polynomials to establish secure communication among nodes [39,40,51]. These schemes offer advantages such as scalability and resilience to node capture, but they also present challenges in terms of computational overhead and memory requirements. Table 8 presents a comparison of various matrix-based key management schemes that provide robust security through innovative approaches. Blom’s Scheme is a symmetric matrix-based approach that generates unique pairwise keys using a shared secret matrix, offering high resilience to node capture and efficiency for small to medium networks, though its memory and computation overhead increase with network size, limiting scalability [39]. The Attack Matrix Scheme employs dominance key sets in a cost-effective matrix design, making it resistant to various attacks and suitable for clustered WSNs, but its applicability is limited in highly dynamic networks and requires careful dominance set design. The Polynomial and Matrix-Based Scheme integrates polynomial-based key pre-distribution with matrix design, combining the advantages of both methods to achieve strong security against node capture. However, it incurs higher computational overhead due to polynomial calculations and has a complex setup for large networks.
Matrix-based key management schemes in WSN.
| Blom’s Scheme | 2012 | An asymmetric matrix-based scheme that generates unique pairwise keys using a shared secret matrix. | High resilience to node capture. | Memory and computation overhead increase with network size. Not scalable for large networks. | [39] |
| Efficient for small to medium networks. | |||||
| Triple Key Matrix Scheme | 2017 | Extends matrix-based schemes to provide triple key distribution for enhanced communication security. | High resilience to single-node capture. | Increased memory requirements. | [40] |
| Supports multi-tier security. | Computationally intensive for large networks. | ||||
| Attack Matrix Scheme | 2018 | Uses dominance key sets in a cost-effective matrix design to secure communication. | Cost-effective design. | Limited applicability in highly dynamic networks. | [52] |
| Resistant to various attacks. | Requires careful dominance set design. | ||||
| Suitable for clustered WSNs. | |||||
| Polynomial and Matrix-Based Scheme | 2019 | Combines polynomial-based key pre-distribution with matrix design for enhanced security. | Combines benefits of polynomial and matrix methods. | Higher computational overhead due to polynomial calculations. | [53] |
| Strong security against node capture. | Complex setup for large networks. |
Combinatorial-based key management schemes power mathematical combinatorial designs to distribute cryptographic keys efficiently among SNs in WSNs. These schemes aim to enhance security while maintaining scalability and minimizing key storage overhead. Unlike traditional random key pre-distribution schemes, combinatorial schemes provide deterministic key-sharing properties, ensuring controlled key overlap and reducing vulnerability to node capture attacks. Table 9 presents a comparison of various Combinatorial-based key management schemes that provide robust security, high scalability, and reduced memory overheads through innovative approaches. The Scalable and Storage-Efficient Dynamic Key Management scheme [54] focuses on optimizing storage while ensuring secure key distribution which makes it suitable for large-scale networks. However, it demands additional computational resources for key updates. The Key Updating for Combinatorial Design-Based Key Management scheme [55] enhances security by efficiently managing key updates, thereby improving resilience against key compromise, though it may introduce synchronization delays in large networks. The Combinatorial Design-Based Key Pre-Distribution scheme [56] ensures deterministic key assignment and scalability while reducing storage overhead but requires fine-tuned parameter selection to balance security and connectivity. Solari Esfehani & Haj Seyyed Javadi (2021) provide a comprehensive survey [57] on combinatorial design-based key management in IoT and WSNs, identifying emerging trends while acknowledging the adaptability limitations of some schemes in dynamic network environments. These combinatorial approaches collectively offer promising solutions for secure and efficient key management in resource-constrained WSNs.
Combinatorial-based key management schemes in WSN.
| 2021 | Proposes a scalable key management scheme that optimizes storage efficiency while ensuring secure key distribution in WSNs. | Reduces storage overhead, supports large-scale WSNs, and enhances security resilience. | Requires additional computational resources for key updates. | [54] | |
| 2014 | Introduces efficient key update methods for combinatorial-based key management schemes to enhance security. | Improves resilience against key compromise and reduces overhead for rekeying. | May introduce synchronization delays in large networks. | [55] | |
| 2019 | Develops a key pre-distribution scheme using combinatorial designs to optimize key sharing and security. | Enhances scalability, ensures deterministic key assignment, reduces storage requirements. | Requires careful parameter selection to balance security and connectivity. | [56] | |
| 2021 | Provides a comprehensive review of combinatorial design-based key management schemes for IoT and WSNs. | Identifies strengths and weaknesses of various combinatorial approaches, highlights emerging trends. | Some reviewed schemes may not be adaptable to dynamic network environments. | [57] |
Key pool size and key size are fundamental factors influencing the efficiency, security, and scalability of cryptographic key management schemes in WSN. These aspects directly affect how securely keys are distributed and stored across nodes and the computational overhead of cryptographic operations. This section presents a detailed discussion and comparison of their roles in various key management schemes.
The key pool refers to the collection of cryptographic keys preloaded into SNs before deployment. Its size determines the likelihood of nodes sharing common keys and the overall security of the network. Larger key pools reduce the chances of nodes sharing the same key, enhancing security by limiting the impact of node compromise. For example, in a pool of 1000 keys the probability of any two nodes sharing a key is significantly lower than in a pool of 100 keys. However, the trade-off is that a larger key pool demands more memory, which may strain resource-constrained WSN nodes. On the other hand, in Smaller key pools the probability of key sharing increases, simplifying the key establishment process. However, they also make the system more vulnerable to node capture attacks, as compromising one node could expose keys shared with others. This approach is better suited for small-scale networks where simplicity and cost-effectiveness are prioritized over high security. Probabilistic key pre-distribution schemes, such as Eschenauer-Gligor [23] and q-composite [24] schemes, illustrate the trade-offs of key pool size. The Eschenauer-Gligor scheme balances simplicity and security for small networks, while the q-composite scheme enhances resilience by requiring nodes to share multiple keys, a feature achievable only with sufficiently large key pools.
The key size refers to the length of cryptographic keys (measured in bits) and directly impacts the strength of encryption, storage requirements, and computational demands. Longer keys provide stronger encryption, making brute-force attacks computationally infeasible. For instance, a 128-bit AES key is secure against classical computers, while 256-bit keys offer additional protection [25]. However, these keys require more memory and processing power, which can strain energy-constrained SNs. On the other hand, the Shorter keys demand less storage and computational resources, making them suitable for low-security applications in resource-constrained networks. However, they are vulnerable to modern cryptanalysis and unsuitable for high-security scenarios. Symmetric cryptography often uses shorter keys (e.g., 128-bit AES) to maintain efficiency, while PKC, such as 2048-bit RSA [43] or 256-bit ECC [41,44], uses longer keys for stronger security. PKC schemes are more resource-intensive, limiting their applicability in typical WSNs.
Balancing key pool size and key size is critical in designing efficient key management schemes for WSN.
Comparison of Key Pool and Key Size in Key Management Schemes in WSN.
| High (low key-sharing probability) | Moderate (higher key-sharing probability) | High (strong encryption) | Low (vulnerable to brute force) | |
| High (requires more memory) | Low (minimal memory requirements) | High (large memory usage) | Low (minimal memory usage) | |
| Low (more keys to process) | High (fewer keys to process) | Low (computationally intensive) | High (less computational demand) | |
| Suitable for large networks | Suitable for small networks | Suitable for critical applications | Suitable for low-security setups |
Recent advancements in key management for WSN’s have introduced adaptive and hybrid approaches to address the limitations of traditional methods. These approaches aim to optimize the balance between security, scalability, and energy efficiency, which are critical in resource-constrained environments.
Adaptive Key Management schemes dynamically adjust parameters, such as key pool size, to accommodate changing network conditions. This adaptability enhances security by responding to emerging threats while minimizing resource usage. For example, Msolli et al. proposed an adaptive key pool design that modifies the key pool size based on real-time network requirements [33]. This reduces memory overhead and improves resilience to node capture without compromising security, making it suitable for large and dynamic WSN deployments. Hybrid Approaches combine the strengths of different key management strategies to achieve enhanced performance. By integrating smaller key pools with shorter cryptographic keys, hybrid schemes reduce computational overhead and energy consumption. Baburaj [40] demonstrated that supplementing these setups with rekeying mechanisms increases security and flexibility, particularly in networks with dynamic topologies. These methods ensure that resource-constrained nodes can efficiently manage keys while maintaining robust security. Post-Quantum Integration in adaptive and hybrid frameworks is another promising research direction. Lattice-based cryptographic techniques presented by Aydeger et al. offer quantum-resistant security with efficient resource usage [50]. These methods are particularly relevant as WSNs face the growing threat of quantum computing. By integrating post-quantum cryptography into adaptive and hybrid schemes, future WSNs can achieve resilience to advanced cryptographic attacks while remaining scalable and energy efficient.
As WSNs continue to evolve and expand, several open issues persist, hindering the full potential of secure communication in these networks. Researchers have identified the need to address these challenges to develop more efficient, secure, and scalable key management solutions. Four critical research directions stand out in the field of WSN security: energy efficiency, resilience to node capture, scalability, and post-quantum security. Table 11 presents the Research Directions and proposed Solutions along with the Optimization methods related to Key Management in WSN.
Research Directions, Proposed Solutions, and Optimisation Methods Related to Key Management in WSN.
| Lightweight cryptography | Energy-aware cryptographic protocols and duty-cycling techniques aim to reduce energy consumption while maintaining security levels. | |
| Symmetric encryption replacement | Replacing computationally expensive public-key cryptography with more energy-efficient symmetric algorithms. | |
| Energy-efficient key distribution | Use of localized or hierarchical key distribution techniques to reduce communication overhead. | |
| Dynamic key revocation | Adaptive protocols that revoke keys once a node is compromised, minimizing the impact on the overall network. | |
| Distributed trust models | Employing decentralized approaches to ensure that compromised nodes do not breach the entire network’s security. | |
| Physical-layer security | Incorporation of techniques such as secret sharing and random key pre-distribution to make key extraction harder. | |
| Cluster-based key management | Using a cluster-head model to divide responsibilities, minimize communication overhead, and enhance scalability in large networks. | |
| Hierarchical key management | Multi-tiered architecture that efficiently distributes keys among different levels of the network. | |
| Hierarchical revocation strategies | Improving scalability by implementing efficient key revocation and update mechanisms that can scale with the network size. | |
| Lattice-based cryptography | Exploring quantum-resistant algorithms, such as lattice-based encryption, that can be applied in WSNs. | |
| Hash-based signatures | Use of quantum-secure hash-based schemes for signing messages and managing key distributions. | |
| Hybrid cryptosystems | Developing hybrid cryptographic schemes that combine classical and quantum-resistant algorithms for backward compatibility. |
Energy consumption is a major limitation in WSNs due to the resource constraints of SNs. These nodes often rely on battery power and must minimize energy usage to extend their operational lifetime. Key management schemes, which include cryptographic operations and communication overhead, can be energy intensive. Developing lightweight key management schemes that minimize energy consumption remains a priority. Researchers are focusing on optimizing cryptographic protocols and reducing the number of communication rounds for key establishment and management, all while maintaining a high level of security. Solutions such as energy-aware key distribution and duty-cycling techniques are promising, as they aim to balance energy use with security needs [58,59,60]. For instance, more energy-efficient algorithms, such as those based on symmetric encryption techniques have been proposed to replace traditional public-key cryptography which is often too computationally expensive for low-power nodes. Lightweight cryptographic methods, such as symmetric encryption algorithms, reduce computational costs while maintaining security. Energy-harvesting technologies, which leverage ambient sources like solar energy, are increasingly integrated into key management processes to supplement battery power and enable continuous operation.
One of the major threats in WSNs is node capture. Since SNs are often deployed in open, potentially hostile environments, attackers may physically capture nodes to extract sensitive keys and compromise network security. Future key management schemes need to enhance their resilience to such attacks. This can be achieved by designing protocols that ensure that the compromise of a single or even multiple nodes does not jeopardize the entire network’s security. Techniques like dynamic key revocation, node authentication, and the use of distributed trust models can mitigate the damage caused by compromised nodes [61]. For example, schemes like those based on the hierarchical key management model provide better control over the distribution of keys and can quickly invalidate compromised keys to minimize risks. Additionally, the integration of physical-layer security methods such as secret sharing and random key pre-distribution may offer additional protection by making it more difficult for attackers to obtain the keys even after capturing a node.
As WSNs often consist of many SNs, key management schemes must be scalable to accommodate networks of varying sizes without experiencing performance degradation. Scalability challenges arise when the number of nodes increases, as the complexity of key management schemes, including the distribution, revocation, and updating of keys, grows exponentially [62,63]. The design of scalable key management solutions that can handle large-scale networks efficiently is thus an ongoing area of research. Cluster-based key management approaches, in which a subset of nodes (cluster heads) are responsible for managing key distribution within their respective clusters, have shown promise in improving scalability. By reducing the number of nodes involved in key management activities and localizing key-related operations, such schemes minimize communication overhead and maintain efficiency even in large networks. Further research is required to ensure that these methods remain effective as network sizes grow into thousands or even millions of nodes.
With the advent of quantum computing, many cryptographic algorithms used today may become vulnerable to attacks from sufficiently powerful quantum computers. Public-key cryptographic schemes such as RSA and ECC which are widely used for key management in WSNs, are particularly susceptible to quantum attacks. To address this looming threat, the development of post-quantum security solutions is becoming an urgent priority [64]. Post-quantum cryptography (PQC) aims to develop cryptographic schemes that are resistant to attacks from quantum computers [65]. Researchers are exploring the potential integration of quantum-resistant algorithms such as lattice-based cryptography and hash-based signatures into WSN key management protocols. These solutions need to be lightweight enough to fit within the constraints of SNs while offering robust protection against quantum threats [66]. Implementing post-quantum security in WSNs will not only safeguard the networks against future attacks but also ensure that the cryptographic methods used remain relevant in the quantum computing era.
Energy-efficient key management is critical in WSNs to extend their lifespan while maintaining security, given the limited energy resources of SNs. Resilience to node capture is equally important, requiring mechanisms like key revocation and distributed trust models to minimize damage from compromised nodes. As WSNs scale to thousands or millions of nodes, efficient key management strategies, such as cluster-based and hierarchical structures, address scalability challenges. Furthermore, with the advent of quantum computing, post-quantum security measures like lattice-based cryptography and hash-based signatures are essential to safeguard against future quantum attacks. These approaches collectively enhance WSN security, ensuring resilience, scalability, and protection against emerging threats.
Emerging research in WSN is focusing on innovative ways to balance security and resource efficiency. Table 12 presents such research solutions for key management in WSN One key area is hybrid cryptographic solutions, which involve combining lightweight cryptographic techniques, such as elliptic curve cryptography or lightweight block ciphers, with quantum-resistant algorithms like lattice-based encryption. This hybrid approach aims to provide a balance between robust security and minimal resource usage, with the possibility of dynamically switching between algorithms based on the network’s threat model or changing conditions [66,67]. Another promising direction is adaptive key management, where key parameters are dynamically adjusted in response to factors like communication traffic, network topology, or energy consumption. This adaptability enhances security without unnecessarily increasing the computational burden [68,69]. Lastly, machine learning for optimization is an exciting frontier, where AI can be utilized to predict energy usage, optimize key management protocols, and anticipate security threats based on the network’s behavior. This would lead to more intelligent systems that can autonomously adapt, optimizing both security and resource consumption. These combined research directions are laying the foundation for more efficient, secure, and scalable WSNs in real-world applications [70,71,72].
Research Solutions and description to Key Management in WSN.
| Hybrid Cryptographic Solutions | Combining lightweight cryptographic techniques with quantum-resistant algorithms for efficient security in WSNs. | [66,67] |
| Adaptive Key Management | Dynamically adjusting key parameters based on factors like network conditions, traffic, and energy usage. | [68,69] |
| Machine Learning for Optimization | Using AI to optimize energy usage, predict threats, and adjust cryptographic techniques in WSNs. | [70,71,72] |
Key management is fundamental to the security of WSNs, which are inherently resource-constrained and deployed in potentially hostile environments. As such, designing key management schemes that address the trade-offs between security, scalability, and resource constraints has become a key area of ongoing research. The variety of applications of WSNs—from military surveillance and environmental monitoring to healthcare and smart cities—necessitates the development of key management solutions that are tailored to the specific needs of each application.
In recent years, the need for energy-efficient key management has become even more critical as the energy consumption of SNs directly impacts their operational lifespan. Due to their limited battery resources, WSNs must implement key management schemes that minimize energy consumption while still providing adequate security. Research has focused on lightweight cryptographic techniques, such as symmetric-key cryptography and energy-aware algorithms, which can help mitigate the energy costs associated with traditional, more computationally demanding schemes. Some studies also explore energy harvesting techniques to support key management processes and extend the lifetime of WSNs.
Another significant challenge in WSN security is resilience to node capture. Since SNs are often deployed in unprotected, potentially hostile environments, an attacker could capture or compromise a node, exposing sensitive information. This vulnerability underscores the need for key management schemes that minimize the damage caused by node capture. Techniques such as dynamic key revocation, random key pre-distribution, and distributed key management have been proposed to address these concerns. By allowing the quick and efficient revocation of keys and the redistribution of secure keys, these methods aim to isolate compromised nodes without compromising the entire network’s security. Furthermore, schemes that employ multiple layers of security or integrate physical-layer security mechanisms have shown promise in increasing the resilience of WSNs to node capture.
The adaptive and hybrid approaches represent a significant advancement in key management, addressing both current challenges and future needs in WSN security. These methods align well with the evolving requirements of applications like IoT, smart cities, and critical infrastructure.
In addition, as WSNs are often large-scale networks, scalability becomes a critical design consideration. The challenge lies in creating key management schemes that can handle the vast number of nodes without introducing excessive overhead. To address this, researchers have proposed hierarchical key management and cluster-based key management models that reduce the complexity of key distribution by delegating tasks to cluster heads or tiered nodes. These approaches minimize communication and computation costs, making them suitable for large-scale deployments where centralized control could create bottlenecks.
Finally, as quantum computing emerges as a potential threat to current cryptographic schemes, post-quantum security is gaining attention. Quantum computers have the theoretical ability to break widely used public-key cryptographic methods, such as RSA and ECC, by using algorithms like Shor’s algorithm. As a result, researchers are exploring quantum-resistant cryptographic solutions, such as lattice-based cryptography, hash-based signatures, and other methods that remain secure in a quantum computing environment. These efforts aim to future-proof WSNs against the advent of quantum computing by integrating quantum-resistant algorithms into existing key management schemes without significantly increasing the computational burden on SNs.
Overall, balancing security, scalability, and resource constraints in key management schemes for WSNs is a complex challenge. The ongoing research is progressively advancing towards more robust and efficient solutions, exploring a combination of techniques ranging from lightweight cryptography to quantum-resistant methods. Addressing these open issues will enable the development of key management systems that can support a wide variety of WSN applications and ensure their security and efficiency in the long term.