An efficient location-based compromise-tolerant key management scheme for sensor networks

Location information has been paid much more attention in sensor network key management schemes. In 2006, Zhang et al. proposed a location-based key management scheme by binding private keys of individual nodes to both their identities and locations. In this Letter, however, we show that their scheme cannot resist key compromise impersonation (KCI) attack, and does not achieve forward secrecy. In fact, an adversary who compromises the location-based secret key of a sensor node A, can masquerade as any other legitimate node or even fake a node to establish the shared key with A, as well as decrypt all previous messages exchanged between A and its neighboring nodes. We then propose a new scheme which provides KCI resilience, perfect forward secrecy and is also immune to various known types of attacks. Moreover, our scheme does not require any pairing operation or map-to-point hash operation, which is more efficient and more suitable for low-power sensor nodes.