LARK: A Lightweight Authenticated ReKeying Scheme for Clustered Wireless Sensor Networks

Group communication has proven a powerful paradigm for designing applications and services in Wireless Sensor Networks (WSNs). Given the tight interaction between WSNs and the physical world, a security infringement may translate into a safety infringement. Therefore, in order to fully exploit the group communication paradigm we need to secure it. Traditionally, this requirement has been formalized in terms of backward and forward security and fulfilled by means of rekeying. In WSNs, group rekeying becomes particularly a complex problem because communication takes place over an easily accessible wireless medium and because sensor nodes have severe limitations in terms of computing, storage, energy, and tamper-resistance capabilities for cost reasons. In this article we present a Lightweight Authenticated ReKeying (LARK) scheme for clustered WSNs. LARK guarantees backward and forward security, is scalable in terms of communication overhead, and efficient in terms of computing overhead for key authentiticy verification. LARK achieves security, efficiency, and scalability by exploiting two basic well-known mechanisms, namely key graph and key chain, and integrating them in an original way. LARK supports a general group model where groups can be hierachical and partially overlapping. In contrast to other WSN group rekeying schemes, LARK considers grouping a tool for designing and implementing applications and services rather than for network management. Consequently, LARK receives a group topology reflecting the application needs and manages rekeying at single-group level. In the article we describe LARK, formally argue that it meets the backward and forward security requirements, and, finally, evaluate its performance in terms of communication, computing, and storage overhead in limited-resources sensor nodes.