A collusion attack on pairwise key predistribution schemes for distributed sensor networks

Key predistribution schemes are a favoured solution for establishing secure communication in sensor networks. Often viewed as the safest way to bootstrap trust, the main drawback is seen to be the large storage overhead imposed on resource-constrained devices. In this paper, we argue that predistribution schemes can actually be quite insecure: pre-loading global secrets onto exposed devices strengthens the incentive for attackers to compromise nodes. Furthermore, lack of coordination between nodes arising front localised communication helps attackers hide misbehaviour We consider one scheme in particular-Chan et al.'s random pairwise key predistribution [3] - and demonstrate an attack where colluding nodes reuse selected pairwise keys to create many false identities. We find that a small, colluding minority can hijack a majority of node communication channels. Finally, we consider countermeasures, from improved detection to scrapping predistribution altogether.