Towards k-connectivity of the random graph induced by a pairwise key predistribution scheme with unreliable links A short version of this paper (without any proofs) will be presented at IEEE International Symposium on Information Theory, (ISIT 2014), Honolulu (HI).

Towards -connectivity of the random graph induced by a pairwise key predistribution scheme with unreliable links thanks: A short version of this paper (without any proofs) will be presented at IEEE International Symposium on Information Theory, (ISIT 2014), Honolulu (HI).

Faruk Yavuz    Jun Zhao    Osman Yağan    Virgil Gligor
{fyavuz,junzhao,oyagan,gligor}@andrew.cmu.edu
Department of Electrical and Computer Engineering and CyLab
Carnegie Mellon University, Pittsburgh, PA 15213.
Abstract

We study the secure and reliable connectivity of wireless sensor networks. Security is assumed to be ensured by the random pairwise key predistribution scheme of Chan, Perrig, and Song, and unreliable wireless links are represented by independent on/off channels. Modeling the network by an intersection of a random -out graph and an Erdős-Rényi graph, we present scaling conditions (on the number of nodes, the scheme parameter , and the probability of a wireless channel being on) such that the resulting graph contains no nodes with degree less than with high probability, when the number of nodes gets large. Results are given in the form of zero-one laws and are shown to improve the previous results by Yağan and Makowski on the absence of isolated nodes (i.e., absence of nodes with degree zero). Via simulations, the established zero-one laws are shown to hold also for the property of -connectivity; i.e., the property that graph remains connected despite the deletion of any nodes or edges.

Keywords: Wireless Sensor Networks, Key Predistribution, Random Graphs, Minimum Node Degree, -connectivity, Zero-one Laws.

1 Introduction

1.1 Motivation and Background

Wireless sensor networks (WSNs) are distributed collection of small sensor nodes that gather security-sensitive data and control security-critical operations in a wide range of industrial, home and business applications [1]. Many applications require deploying sensor nodes in hostile environments where an adversary can eavesdrop sensor communications, and can even capture a number of sensors and surreptitiously use them to compromise the network. Therefore, cryptographic protection is required to secure the sensor communication as well as to detect sensor capture and to revoke the compromised keys. Given the limited communication and computational resources available at each sensor, security is expected to be a key challenge in WSNs [6, 3, 14].

Random key predistribution is one of the approaches proposed in the literature for addressing security challenges in resource constrained WSNs. The idea of randomly assigning secure keys to the sensor nodes prior to network deployment was first introduced by Eschenauer and Gligor [6]. Following their original work, a large number of key predistribution schemes have been proposed; see the survey articles [14, 15] (and references therein).

Here we consider the random pairwise key predistribution scheme proposed by Chan et al. in [3]: Before deployment, each of the sensor nodes is paired (offline) with distinct nodes which are randomly selected from amongst all other nodes. For each sensor and any sensor paired to it, a unique (pairwise) key is generated and stored in their memory modules along with their ids. Two nodes can then secure an existing wireless communication link if at least one of them is paired to the other so that the two nodes have at least one pairwise key in common. Precise implementation details are given in Section 2.

Let denote the undirected random graph on the vertex set where distinct nodes and are adjacent if they have a pairwise key in common as described earlier; this random graph models the random pairwise predistribution scheme under full visibility (whereby all nodes have a wireless link in between). The random graph is known in the literature on random graphs as the random -out graph [2, 7, 8], and is typically defined in the following equivalent manner: For each of the vertices assign exactly arcs to distinct vertices that are selected uniformly at random, and then ignore the orientation of the arcs. Several properties of this graph have been recently analyzed by Yağan and Makowski [19, 20, 23, 22].

Recently, there has been a significant interest [10, 21, 17, 25, 24] to drop the full visibility assumption and to model and analyze random key predistribution schemes under more realistic situations that account for the possibility that communication links between nodes may not be available – This could occur due to the presence of physical barriers between nodes or because of harsh environmental conditions severely impairing transmission. With this in mind, several authors [21, 17, 25, 24] have started with a simple communication model where wireless links are represented by independent channels that are either on (with probability ) or off (with probability ). This suggests an overall modeling framework that is constructed by intersecting the random -out graph , with an Erdős-Rényi (ER) graph [2].

1.2 Contributions

In this paper, we initiate an analysis towards the -connectivity for the resulting intersection graph . A network (or graph) is said to be -connected if its connectivity is preserved despite the failure of any nodes or links [11]. Therefore, the property of -connectivity provides a guarantee of network reliability against the possible failures of sensors or links due to adversarial attacks or battery depletion; a much needed property given the key application areas of sensor networks such as health monitoring, battlefield surveillance, and environmental monitoring. Finally, -connectivity has important benefits in mobile wireless sensor networks. For instance, if a network is known to be -connected, then any nodes in the network are free to move anywhere in the network while the rest of the network remains at least 1-connected.

Our main result is a zero-one law for the property that the minimum node degree of is at least . Namely, we present scaling conditions on the parameters and with respect to , such that the resulting graph contains no nodes with degree less than with probability approaching to zero, or one, respectively, as the number of nodes gets large. The established results already imply the zero-law for the -connectivity, since a graph can not be -connected unless all nodes have degree at least . Further, in most random graph models in the literature, including ER graphs, random geometric graphs [11], and random key graphs [24], the conditions that ensure -connectivity coincide with those ensuring minimum node degree to be at least . This is often established by showing the improbability of a graph being not -connected when all nodes have at least neighbors. Here, we demonstrate this phenomenon via simulations which suggest that our zero-one laws hold also for the property of -connectivity.

Furthermore, our results with constitute an improvement of the previous results by Yağan and Makowski [18, 21] on the absence of isolated nodes (i.e., absence of nodes with degree zero) in . Namely, we show that the threshold for absence of isolated nodes (which is also the threshold for 1-connectivity) characterized in [18, 21] is not valid unless the limit exists, a condition that was enforced throughout in [18, 21]. Instead, our main result indicates a new threshold function which does not require the existence of . More importantly, we show that the new threshold function is stronger in that it indicates a sharper transition of the graph (as the parameters and increase) from having at least one isolated to having no isolated nodes almost surely; see Section 4.2 for details. We believe that the precise characterization of the threshold for absence of isolated will also pave the way to improving the results of [18, 21] for 1-connectivity of .

Finally, our main contributions include a key confinement result that not only eases the proof of our main result, but is likely to play a key role in studying any monotone increasing111A graph property is called monotone increasing if it holds under the addition of edges in a graph. property of the graph ; e.g., -connectivity, existence of certain subgraphs, etc. In a nutshell, this confinement result shows that when seeking results for the asymptotic -connectivity of with the parameters and scaled with number of nodes , we can restrict our attention to a subclass of structured scalings (referred throughout as admissible scalings). In other words, we show that the aforementioned results (and others in the same vein) need only be established for such strongly admissible scalings. See Section 5.1 for details of the confinement argument, followed in Section 5.2 by its several useful consequences that arise in our context.

1.3 Notation and conventions

A word on the notation: All statements involving limits are understood with going to infinity. The random variables (rvs) under consideration are all defined on the same probability triple . Probabilistic statements are made with respect to this probability measure , and we denote the corresponding expectation operator by . The indicator function of an event is denoted by . Distributional equality is denoted by . In comparing the asymptotic behaviors of the sequences , we use , , , and , with their meaning in the standard Landau notation. Namely, we write as a shorthand for the relation , whereas means that there exists such that for all sufficiently large. Also, we have if , or equivalently, if there exists such that for all sufficiently large. Finally, we write if we have and at the same time.

1.4 Organization of the Paper

The paper is organized as follows: In Section 2, we give a formal model for the random pairwise key predistribution scheme of Chan et al., and introduce the induced random -out graph. In particular, the main model considered in this paper, i.e., the intersection of a random -out graph with an Erdős-Rényi graph, is introduced in Section 2.3. The main result of the paper concerning the minimum node degree of is presented in Section 3. In Section 4, we compare our results against the classical results of Erdős-Rényi and then against earlier results by Yağan and Makowski [21] on the absence of isolated nodes in . Also in Section 4.3, we provide numerical results in support of our analytical results. The proof of the main result is initiated in Section 5 where we establish an important confining result that significantly eases the rest of the proof; there we also establish some preliminary scaling results to be used throughout. The proof of our main result is outlined in Section 6 and the necessary steps are established in Sections 7 through 11.

2 Model

2.1 The random pairwise key predistribution scheme

Interest in the random pairwise key predistribution scheme of Chan et al. [3] stems from the following advantages over the original Eschenauer - Gligor scheme: (i) Even if some nodes are captured, the secrecy of the remaining nodes is perfectly preserved; (ii) Unlike earlier schemes, this pairwise scheme enables both node-to-node authentication and quorum-based revocation. See also [16] for a detailed comparison of these two classical key predistribution schemes.

We parametrize the pairwise key distribution scheme by two positive integers and such that . There are nodes, labelled , with unique ids . Write and set for each . With node , we associate a subset of nodes selected uniformly at random from , We say that each of the nodes in is paired to node . Thus, for any subset , we require

(1)

Put differently, the selection of is done uniformly amongst all subsets of which are of size and we further assume that rvs are mutually independent.

Once this offline random pairing has been created, we construct the key rings , one for each node, as follows: Assumed available is a collection of distinct cryptographic keys . Fix and let denote a labeling of . For each node in paired to , the cryptographic key is associated with . For instance, if the random set is realized as with , then an obvious labeling consists in for each so that key is associated with node . Of course other labelings are possible. Finally, with node paired to node , the pairwise key is constructed and inserted in the memory modules of both nodes and . The key is assigned exclusively to the pair of nodes and , hence the terminology pairwise predistribution scheme. The key ring of node is the set

Two nodes and , can secure an existing communication link if and only if which holds if at least one of the events or takes place. Namely, it is plain that

Both events can take place, in which case the memory modules of node and both contain the distinct keys and . It is plain by construction that this scheme supports distributed node-to-node authentication.

2.2 Random -out graphs

The pairwise key predistribution scheme naturally gives rise to the following class of random graphs: With and positive integer , we say that the distinct nodes and are K-adjacent, written , if and only if they have at least one key in common in their key rings, namely

(2)

Let denote the undirected random graph on the vertex set induced by the adjacency notion (2). This ensures that edges in represent pairs of sensors that have at least one cryptographic key in common, and thus that can securely communicate over an existing communication channel. Let define the edge assignment probability in ; i.e., we have

(3)

for any distinct . It is easy to check that

(4)

The random graph is known in the literature on random graphs as the random -out graph [2, 8], or random -orientable graph [7]. Those references adopt the following definition, which can easily be seen to be equivalent to the adjacency condition (2): For each of the vertices assign exactly arcs to distinct vertices that are selected uniformly at random, and then ignore the orientation of the arcs. The directed version of this graph (i.e., with the orientation of the arcs preserved) has also been studied; e.g., see the work by Philips et al. [12], who showed that the diameter of the directed -out graph concentrates almost surely on two values.

2.3 Intersection of random graphs

As mentioned earlier, we assume a simple wireless communication model that consists of independent channels, each of which can be either on or off. Thus, with in , let denote i.i.d. -valued rvs with success probability . The channel between nodes and is available (resp. up) with probability and unavailable (resp. down) with the complementary probability .

Distinct nodes and are said to be B-adjacent, written , if . B-adjacency defines the standard Erdős-Rényi (ER) graph on the vertex set [2]. Obviously,

The random graph model studied here is obtained by intersecting the random graphs induced by the pairwise key predistribution scheme, and by the on-off communication model, respectively. Namely, we consider the intersection of with the ER graph . In this case, distinct nodes and are said to be adjacent, written , if and only they are both K-adjacent and B-adjacent, namely

(5)

The resulting undirected random graph defined on the vertex set through this notion of adjacency is denoted . The relevance of in the context of secure WSNs is now clear. Two nodes that are connected by an edge in share at least one cryptographic key and have a wireless link available to them, so that they can establish a secure communication link.

Throughout we assume the collections of rvs and to be independent, in which case the edge occurrence probability in is given by

(6)

3 The result

Our main technical result is given next. To fix the terminology, we refer to any mapping as a scaling (for random -out graphs) provided it satisfies the natural conditions

(7)

Similarly, we let any mapping define a scaling for Erdős-Rényi graphs.

To lighten the notation we often group the parameters and into the ordered pair . Hence, a mapping defines a scaling for the intersection graph provided that the condition (7) holds.

Theorem 3.1

Consider scalings and such that and . With the sequence defined through

(8)

we have

(9)

The proof of Theorem 3.1 passes through the method of first and second moments [8], applied to the random variable counting the number of nodes with degree , with . Although this technique is standard in the literature, its application to the intersection graph is far from being straightforward due to intricate dependencies amongst the degrees of nodes. The proof of Theorem 3.1 is given in Sections 6 through 11.

The extra conditions enforced by Theorem 3.1 are required for technical reasons; i.e., for the method of moments to be applied successfully to the aforementioned count variables. However, we remark that these conditions are mild and do not preclude their application in realistic WSN scenarios. First, the condition enforces that wireless communication channels between nodes do not become available with probability one as gets large. The situation that is not covered by our result is reminiscent of the full visibility case considered in [22], and is not likely to hold in practice. In fact, as the number of nodes gets large, it may be expected that goes to zero due to interference associated with a large number of nodes communicating simultaneously. Second, the condition will already follow if for some . Given that is equal to the mean number of keys stored per sensor in the pairwise scheme [23], this condition needs to hold in any practical WSN scenario due to limited memory and computational capability of the sensors. In fact, Di Pietro et al. [4] noted that key ring sizes on the order of are feasible for WSNs.

We now present a simple corollary of Theorem 3.1, that will help in comparing our main result with the classical results of Erdős-Rényi [5].

Corollary 3.2

Consider scalings and such that and . With the sequence defined through

(10)

we have

(11)

Proof.  Pick scalings and such that and . Define the sequence through (8). For this scaling, we have

(12)

Comparing (12) with (10), we get the desired result (11) from (9) as we note that

 

4 Comments and Discussion

4.1 Comparison with Erdős-Rényi Graphs

For each in and , let denote the Erdős-Rényi graph on the vertex set with edge probability . It is known that edge assignments are mutually independent in , whereas they are strongly correlated in in that they are negatively associated in the sense of Joag-Dev and Proschan [9]; see [21] for details. Thus, cannot be equated with even when the parameters and are selected so that the edge assignment probabilities in these two graphs coincide, say . Therefore, cannot be equated with an ER graph either, and the results obtained here are not mere consequences of classical results for ER graphs.

However, some similarities do exist between and ER graphs. We start by presenting the following well-known zero-one law for -connectivity in ER graphs [5]: For any scaling satisfying

(13)

for some , it holds that

(14)

We now compare this with our main result by means of Corollary 3.2. Notice that the right-hand sides of the scalings (10) and (13) are exactly the same, and so are the corresponding zero-one laws (11) and (14), respectively. In the case of the ER graph , the left-hand side of (13) corresponds to the edge probability . We now explore how the left-hand side of (10) is related to the corresponding edge probability (viz. (6)) of the graph . First, we recall (4) and use the fact that to get

Hence, in ER graphs the threshold of -connectivity, and of minimum node degree being at least , appears when the link probability is compared against . In , our result shows that the threshold appears when a quantity that is always larger than the link probability is compared against . This indicates that tends to exhibit the property that all nodes have at least neighbors easier than ER graphs; i.e., this property can be ensured by a smaller link probability between nodes (which leads to smaller average node degree).

The situation is more intricate if it holds that , whence we have

This leads to

(15)
(16)

where in (15), we used the fact that since . Thus, in the practically relevant case when the wireless channels become weaker as gets large, the threshold for minimum node degree of to be at least appears when a quantity that is asymptotically equivalent to link probability is compared against ; a situation that is reminiscent of the ER graphs. A similar observation was made in [21] for the threshold of -connectivity and absence of isolated nodes.

Nevertheless, it is worth mentioning that even under , the zero-one laws for the minimum node degree being at least in ER graphs and are not exactly analogous. This is because, the term in (16) may change the behavior of the sequence appearing in (10) as it is given by

as we note that . It is now clear that, even under , the two results, (14) under (13) and (11) under (10), may be deemed analogous if and only if is bounded, i.e., . Combining, we can conclude that for the two graphs, and , to exhibit asymptotically the same behavior for the property that their minimum node degrees are at least , the parameter scalings should satisfy

4.2 Comparison with results by Yağan and Makowski for

We now compare our results with those by Yağan and Makowski [21] who established zero-one laws for 1-connectivity, and for the absence of isolated nodes (i.e., absence of nodes with degree zero) in . Here, we present their result in a slightly different form: Consider scalings and such that

(17)

for some . Assume also that exists. Then, we have

(18)

To better compare this result with ours, we set and rewrite our scaling condition (8) as

(19)

under which Theorem 3.1 gives

We now argue how our result on absence of isolated nodes constitutes an improvement on the result of [21]. The assumption that limit exists was the key in establishing (18) under (17) and our results in this paper explains why. First, it is clear that if , then

so that the left hand sides of (19) and (17) are asymptotically equivalent. Next, if , then it follows that (see [21]) under (17). This again yields the asymptotical equivalence of the left hand sides of (19) and (17). Therefore, under the assumption that has a limit, a scaling condition that is equivalent to (17) is given by

(20)

with the results (18) unchanged.

Comparing (19) with (20), we see that our absence of isolated nodes result is more fine-grained than the one given in [21]. In a nutshell, the scaling condition (20) enforced in [21] requires a deviation of (from the threshold ) to get the zero-one law, whereas in our formulation (19), it suffices to have an unbounded deviation; e.g., even will do. Put differently, we cover the case of in (18) under (20) and show that could be almost surely free of or not free of isolated nodes, depending on the limit of ; in fact, if (20) holds with , we see from Theorem 3.1 that is not only free of isolated nodes but also all of its nodes will have degree larger than for all .

4.3 Numerical results and a conjecture

We now present some numerical results to check the validity of Theorem 3.1, particularly in the non-asymptotic regime, i.e., when parameter values are set in accordance with real-world wireless sensor network scenarios. In all experiments, we fix the number of nodes at . Then for a given parameter pair , we generate independent samples of the graph and count the number of times (out of a possible 200) that the obtained graphs i) have minimum node degree no less than and ii) are -connected, for . Dividing the counts by , we obtain the (empirical) probabilities for the events of interest.

In Figure 1, we depict the resulting empirical probability that each node in has degree at least as a function of for various values. For each value, we also show the critical threshold of having minimum degree at least asserted by Theorem 3.1 (viz. (8)) by a vertical dashed line. Namely, the vertical dashed lines stand for the minimum integer value of that satisfies

(21)

Even with , we can observe the threshold behavior suggested by Theorem 3.1; i.e., the probability that has minimum node degree at least transitions from zero to one as varies very slightly from a certain value. Those values match well the vertical dashed lines suggested by Theorem 3.1, leading to the conclusion that numerical experiments are in good agreement with our theoretical results.

Figure 1: a) Probability that all nodes in have degree at least 2 as a function of for , , , and with . b) Probability that is 2-connected as a function of for , , , and with . The two figures being indistinguishable suggests that an analog of Theorem 3.1 holds also for the property of -connectivity.
Figure 2: a,b) With and , the probability that all nodes in have degree at least , and the probability that is -connected are plotted, respectively, as a function of . c,d) With and , the probability that all nodes in have degree at least , and the probability that is -connected are plotted, respectively as a function of .

Figure 1 is obtained in the same way with Figure 1, this time for the probability that is -connected.222The definition of -connectivity given here coincides with the notion of -vertex-connectivity used in the literature. -vertex-connectivity formally states that the graph will remain connected despite the deletion of any vertices, and -edge-connectivity is defined similarly for the deletion of edges. Since -vertex-connectivity implies -edge-connectivity [5], we say that a graph is simply -connected (without referring to vertex-connectivity) to refer to the fact that it will remain connected despite the deletion of any nodes or edges. It is clear that two figures show a strong similarity with curves corresponding to each value being almost indistinguishable. This raises the possibility that an analog of the zero-one law given in Theorem 3.1 holds also for the property of -connectivity in . This would be reminiscent of several other random graph models from the literature where the two graph properties (min. node degree and -connectivity) shown to be asymptotically equivalent; e.g., see ER graphs [5] (viz. (14)), random key graphs and their intersection with ER graphs [13, 24], and random geometric graphs over a unit torus [11].

To drive this point further, we have conducted an extensive simulation study and compared the empirical probabilities for the properties of minimum node degree is at least , and -connectivity in graph . Some of the results are reported in Figures 2-2, and they strongly suggest the equivalence of these two properties in as well. This leads us to cast the following conjecture, which is the analog of Theorem 3.1 for -connectivity.

Conjecture 4.1

Consider scalings and such that and , and a sequence defined through (8). Then,

We close this section with a few comments on Conjecture 4.1, before we start the proof of our main result in the next section. First, it is clear that if a graph has minimum node degree less than , i.e., it has at least one vertex whose degree is less than or equal to , then it will be not -connected. This is because the graph can be made disconnected by taking all the neighbors of the node with degree ; i.e., by taking less than or equal to nodes. Therefore, Theorem 3.1 already establishes the zero-law of the Conjecture 4.1. Namely, it is clear under the enforced assumptions on the scalings that

Therefore, it only remains to establish the one-law in Conjecture 4.1. In view of Theorem 3.1, this will follow if it is shown that

(22)

Exploring the validity of (22) is one of the main directions to be followed in the future work.

5 Preliminaries

Before we give a proof of Theorem 3.1, we collect in this section some preliminary results that will be used throughout.

5.1 A reduction step: Confining

A key step in proving Theorem 3.1 is to restrict the deviation function defined through (8) to satisfy ; i.e., that

(23)

Some useful consequences of (23) are established in Section 5.2. In this section, we will show that (23) can be assumed without loss of generality in establishing Theorem 3.1. More precisely, we will show that

Theorem 3.1 under Theorem 3.1 (24)

First, we establish the fact that defined through (8) is monotone increasing in both parameters and .

Proposition 5.1

With in and a positive integer , the function

(25)

is monotone increasing in and .


Proof.  We first show that is monotone increasing in . Taking the derivative of (25) with respect to , we get

where, in (5.1) we used the fact that .

Next, we show that is monotone increasing in as well. To see this, take the derivative of (25) with respect to to get

(29)
(30)

where in (29) and (30), we used the facts that and , respectively.  

Recall that any mapping defines a scaling provided that the condition (7) is satisfied. We now introduce the notion of an admissible scaling.

Definition 5.2

A mapping is said to be an admissible scaling if (7) holds, and the sequence defined through (8) satisfies (23).

The relevance of the notion of admissibility flows from the following two results.

Proposition 5.3

Consider a scaling such that , , and the sequence defined through (8) satisfying

Then, there always exists an admissible scaling with , and such that

(31)

whose deviation function defined through

(32)

satisfies both conditions

(33)

and

(34)

Proof.  Under the enforced assumptions on the scaling and the deviation sequence associated with it, pick , for each , and define the sequence through

(35)

Note that since is monotone increasing in (see Proposition 5.1), the relation (35) will uniquely define . Since by construction, we have in view of of the fact that deviation sequences are monotone increasing in . Thus, the pair satisfies (31). It is also plain from and the fact that , that we have (33) and (34). Finally, it is clear that (since ) and since .  

The next result is an analog of Proposition 5.3 for the case .

Proposition 5.4

Consider a scaling such that , , and the sequence defined through (8) satisfying

Then, there always exists an admissible scaling with , and such that

(36)

whose deviation function defined through (