A convenient method to bootstrap secure connections is public-key cryptography protocols for symmetric-key setup [2, 15]. Unfortunately, our resource-constrained sensor nodes prevent us from using computationally expensive public-key cryptography. Therefore, we need to construct our protocols solely from symmetric-key algorithms. Hence we design a symmetric protocol that uses the base station as a trusted agent for key setup.
Assume that the node wants to establish a shared secret session key with node . Since and do not share any secrets, they need to use a trusted third party , which is the base station in our case. In our trust setup, both and share a secret key with the base station, and , respectively. The following protocol achieves secure key agreement as well as strong key freshness:
The protocol uses our SNEPprotocol with strong freshness. The nonces and ensure strong key freshness to both and . The SNEPprotocol is responsible to ensure confidentiality (through encryption with the keys and ) of the established session key , as well as message authentication (through the MAC using keys and ) to make sure that the key was really generated by the base station. Note that the MAC in the second protocol message helps defend the base station from denial-of-service attacks, so the base station only sends two messages to and if it received a legitimate request from one of the nodes.
A nice feature of the above protocol is that the base station performs most of the transmission work. Other protocols usually involve a ticket that the server sends to one of the parties which forwards it to the other node, which requires more energy for the nodes to forward the message.
The Kerberos key agreement protocol achieves similar properties, except that it does not provide strong key freshness [19, 23]. However, it would be straightforward to implement it with strong key freshness by using SNEPwith strong freshness.