ISSN1000-9825,CODENRUXUEWE-mail:jos@iscas.ac.cnJournalofSoftware,Vol.18,No.5,May2007,pp.1218−1231:+86-10-62562563©2007byJournalofSoftware.Allrightsreserved.∗+,,,(,100084)KeyManagementSchemesandProtocolsforWirelessSensorNetworksSUZhong+,LINChuang,FENGFu-Jun,RENFeng-Yuan(DepartmentofComputerScienceandTechnology,TsinghuaUniversity,Beijing100084,China)+Correspondingauthor:Phn:+86-10-62772487,E-mail:zsu@csnet1.cs.tsinghua.edu.cn,(5):1218−1231.:Thedesignofkeymanagementschemesandprotocols,whosemainobjectiveistoprovidesecureandreliablecommunication,isoneofthemostimportantaspectsandbasicresearchfieldofsecurewirelesssensornetworks.Thekeymanagementinwirelesssensornetworksmeetsmanynewchallengesduetoitsintrinsicproperties.Inthispaper,thesecureandperformanceevaluationcriterionofkeymanagementisintroduced,thetaxonomyforthekeymanagementschemesandprotocolsisproposed,theclassickeymanagementschemesandprotocolsarediscussedandcomparedindetailed,andfinallytheopenresearchproblemsandthepossiblesolutionarealsopointedout.Recentrelatedworkindicatesthatfutureworkwillfocusonsomekeyissuessuchasfullydistributed,self-organized,fault-toleranceandintrusion-tolerance,andlocation-awareetc.Keywords:wirelesssensornetwork;security;keymanagement;keypre-distribution;pair-wisekey:..;;;.,.:;;;;:TP393:A(wirelesssensornetworks,WSN),,[1,2],[3−6].WSN,WSN,∗SupportedbytheNationalNaturalScienceFoundationofChinaunderGrantNos.90412012,60673187,60429202,60573122,60672118();theNationalHigh-TechResearchandDevelopmentPlanofChinaunderGrantNos.2006AA01Z218,2006AA01Z225((863))Received2006-11-09;Accepted2006-12-15:1219WSN[7,8].WSN,,[9][10][11][12].,[13−18].WSN,WSN.:(1)WSN().,UCB(UniversityofCaliforniaBerkeley)MICA2mote[19],87.3828MHzATmega128L,SRAM4KB,ROM128KB,916MHz,10Kbps.[13−15]WSN.(2),WSN.,(keydistributioncenter,KDC)[16]WSN.(3).WSN,,,[17,18]WSN.,WSN,,.WSN,WSN,.1,WSN(availability)(integrity)(confidentiality)(authentication)(non-reputation)[20,21].,WSN,WSN:(1)(scalability).WSN,.,,WSN.(2)(efficiency)..,:(storagecomplexity),;(computationcomplexity),;(communicationcomplexity),.(3)(keyconnectivity)..WSN.,WSN,,.(4)(resilience)..,.,.,.2,WSN[22].,..2.1,WSN.,,,,WSN,WSN.,,.1220JournalofSoftwareVol.18,No.5,May2007,WSN,[23,24],WSN.,.2.2,WSN.[25−33],..WSN[34−37],,(clusterhead)..,.,.2.3,WSN[38].[25−33],,,;[36,37],.,,.,.,,.2.4,WSN.,,[25],[27].,,,[28],BIBD(balancedincompleteblockdesign)[33][39].,0,1,1.,;,,.,,;,[28],[33,39].33.1Eschenauer[25]EschenauerGligorWSN(E-G).3.1.,P,k(kP),.2.,,(pair-wisekey);,3.3,.[40],dn:))lnln((ln1cPnnnd−−−=,,Pc.n′(n′n),1−′=′ndp.:1221p′,Pk:!)!2())!((12PkPkPp−−−=′∑==tjijiijyxayxf0,),(.E-G3WSN:,,10000WSN,100000250;();Sink,.3.2E-GE-GWSN,..3.2.1q-Composite[26]Chanq-composite(q-composite),|S|m,q.t(t≥q),K=hash(k1||k2||…||kt)().,,.,q.[26],,E-G,,.3.2.2[27]Blom[41],,.Du[27].N,,GF(q)(q)(λ+1)×NG(Gλ+1)ω(λ+1)×(λ+1)D1,D2,…,Dω,(Di,G)i=1,2,…,ω.Ai=(Di×G)T.τ(2≤τω),jDi,jAij,,,Gj().,,Ai.1.KijKjiNN(D⋅G)TGjiNGNjiA=(D⋅G)Tλ+1×=Fig.1Generatingpairwisekey[27]1[27]ωτ.[27],10%,E-Gq-composite5..Blom,,.3.2.3[28]Blundo[39](f(x,y)=f(y,x)).Liu[28].,Fqst{fi(x,y)}i=1,2,…,s;,s′.,,.[28],,E-Gq-composite,(60%),.1222JournalofSoftwareVol.18,No.5,May20073.2.4[29−31],.LiuWSN(CPKS(closestpairwisekeysscheme))[29].,c.,uv,ku,v,(v,ku,v)(u,ku,v)uv.,.CPKS,,;,.,.,Liu[29](LBKP(location-basedkeypredistribution))..,t,.,,45.,1.CPKS.E-Gq-compositeBlundo,LBKP,.[30],Gaussian.t×n,Gi,j(i=1,…,t,j=1,…,n).(|S|)(|Sc|),.,a|Sc|;,b|Sc|(a,b:0a,b0.254a+4b=1).,.2.,m.,,.[30],,.,100,E-G0.095,0.687.,..Liu[29Du[30],.,Huang[31].b|Sc|b|Sc|b|Sc|b|Sc|a|Sc|a|Sc|b|Sc|b|Sc|b|Sc|b|Sc|a|Sc|a|Sc|a|Sc|a|Sc|a|Sc|a|Sc|Fig.2Sharedkeysbetweenneighboringkeypools23.2.5[26]E-G,AB,,AB.Liu[26].ABj,Ajv1,v2,…,vj,jB,Bj,K=k⊕v1⊕v2⊕…⊕vj.j,K.E-G,.,NP.3.3[28,32],,.LiuChan.:1223:Nm×m,,Nm=.Liu(GBKP(grid-basedkeypredistribution))[28],,2m,,.,,3(a);,,.ChanPIKE(peerintermediariesforkeyestablishment)[32],,,)1(2−N,,3(b);,,.c0001020304050908070610111213141519181716202122232425292827263031323334353938373690919293949599989796............................................................),(1yxfrm−),(2yxfrm−),(2yxfr),(1yxfr),(0yxfr),(1yxfcm−),(0yxfc),(1yxc),(2yxfc),(2yxfm−…f…(a)GBKPscheme(a)GBKP(b)PIKEscheme(b)PIKEFig.3Grid-Basedkeypredistribution3GBKPPIKE,,.,,.3.4[33]Camtepe(combinatorialdesigntheory)WSN[33].N,n(finiteprojectiveplane)(nn2+n+1≥N)(n2+n+1,n+1,1)BIBD,n2+n+1,n2+n+1,n2+n+1n+1,1,n+1.,1.n.,Nn2+n+1,n,,WSN.(generalizedquadrangles,GQ),GQ(n,n),GQ(n,n2)GQ(n2,n3)O(n3),O(n5)O(n8),n.,CamtepeBIBDGQ:BIBDGQb(bBIBDGQ,bN),BIBDGQ(complementarydesign)N−b,bN.,1.BIBD,GQ,E-G,.3.5SPINS(securityprotocolsforsensornetworks)[34]LEAP(localizedencryptionandauthenticationprotocol)[35]PerrigSink.SPINS:SNEP(securenetworkencryptionprotocol)µTESLA(timedefficientstream1224JournalofSoftwareVol.18,No.5,May2007loss-tolerantauthentication).SNEP(counter)(mess