Intragroup and Intergroup Pairwise Key Predistribution for Wireless Sensor Networks

Abstract

The major task of a wireless sensor network (WSN) is data collection. Key predistribution (KP) is to establish pairwise keys for secure communication in a WSN, such that all collected data could be securely sent to a backend database. Most research on KP-like schemes is dedicated to enhancing resiliency against node capture attack (NA) and retaining the link connectivity in the meantime. For large-scale wireless sensor networks, a more common approach is to use a multiple-sink WSN (MWSN) to support a large number of sensor nodes. In MWSNs, there are different clusters (referred to as groups). We took the lead in studying KP in the MWSN environment. Based on the new MWSN environment, we present intragroup and intergroup KP (I²KP) to fulfill both requirements of security and energy efficiency when gathering data via various sink nodes in a large-scale WSN. Three types of I²KP with respective pros and cons are proposed. Theoretical analysis and numerical simulation demonstrate their effectiveness.

1. Introduction

A wireless sensor network (WSN) is a low-cost, short-distance, and easy-to-deploy wireless network architecture that is widely used in in various applications. For example, it can be applied to agricultural environments, smart metering in power transmission systems, and the Internet of Things [1,2,3,4]. The above applications basically require secure communication. Furthermore, security issues will become even more important if a WSN is deployed for certain mission-critical applications. Therefore, secure links must be established between sensor nodes to ensure data security and privacy in wireless sensor networks. In general, there are two types of key management protocols to secure communications in WSNs. One is pairwise key distribution to share a pairwise key between two sensor nodes [5,6,7,8,9,10,11,12,13,14,15], and the other is group key distribution to share a conference key for the sensor nodes in group communication [16,17,18]. As introduced in [5], key predistribution (KP) is firstly proposed for sharing a pairwise key between two neighbored nodes, where each node is pre-loaded with several keys selected from a key pool. There are two types of KP approaches: one is the random KP (RKP) [5,10,11,15] and the other is the deterministic KP (DKP) [8,9,14]. Generally, RKP uses light-weight cryptography, but DKP guarantees connectivity. Hybrid schemes [19] combined with RKP and DKP have both deterministic and probabilistic properties.

To enhance resiliency against node capture attacks (NAs), during which attackers capture and compromise nodes to collect keys for eavesdropping on communications among other uncompromised nodes, q-composite KP and hash chain-based KP (HKP) were accordingly proposed to resist NAs. However, these two approaches have their pros and cons. q-composite KP [12,13] does not need hash operation but reduces connectivity. On the other hand, HKP [6,7] retains the link connectivity, while it needs extra hash operations. Another approach to enhance NA resistance is unbalanced KP [15], which employs sensor nodes with different keyring sizes.

Because sensor nodes have a power limit constraint, it is a critical issue to save energy consumption in WSNs. This situation becomes more serious for a large-scale sensor network. One possible approach to reducing energy consumption is to deploy a multiple-sink WSN (MWSN) [20,21,22,23,24,25], for which most researchers adopt computation and topology techniques to improve connectivity between sensor nodes and sink nodes for energy reduction. In this paper, we study pairwise key predistribution in the MWSN environment to establish a short path collecting data via various sink nodes to improve energy efficiency in a large-scale WSN. The motivation of studying pairwise key predistribution in MWSNs will be further described in Section 3. Based on the new MWSN environment, where there are different clusters (groups), we formally define intragroup and intergroup conditions for our intragroup and intergroup key predistribution (I²KP). Three I²KP schemes are proposed, and each has its own advantages. The rest of this paper is organized as follows. Section 2 briefly reviews KP and HKP. In Section 3, the research motivation is described. Also, intragroup and intergroup conditions are defined. Three types of I²KP satisfying intragroup and intergroup conditions are proposed in Section 4. Comparisons and numerical simulations are given in Section 5 to show their pros and cons. A conclusion is drawn in Section 6.

2. Previous Works

2.1. Hash Chain

The one-way hash chain is an important cryptographic technology based on the hash function and can be used in many security applications. A hash function has the one-way property, which can undergo a collision attack and a preimage attack. Let the notation $h^i(x)=\stackrel{hash i times}{\overbrace{h(h(\cdots h(x)\cdots ))}}$ denote applying the hash function “i” times. We can create an L-length hash chain $(h^0(x), h^1(x), \dots , h^{L-1}(x))$, where $h^i(x)=h(h^{i-1}(x))$ for 1 ≤ i ≤ (L − 1) and $h^0(x)=x$. Suppose the two hash indices are $i_1$ and $i_2$ ($i_1<i_2$); one can perform the h(·) function $(i_2-i_1)$ times to obtain $h^{i_2}(x)$ from $h^{i_1}(x)$ via $h^{i_2-i_1}(h^{i_1}(x))=h^{i_2}(x)$. Obviously, we cannot compute the hash chain backwards, i.e., $h^{i_2}(x)\nrightarrow h^{i_1}(x)$.

2.2. KP and HKP

KP is a probabilistic scheme [5,10,11,15]. Each sensor is pre-loaded with m keys, where m is the key ring size. These keys are randomly selected from a key pool S with a size of $\left|S\right|$. The notions of various key predistribution schemes (HKP [6], HKP using a key-chain length L [7], q-composite KP [12,13], q-composite HKP (a hybrid of q-composite and HKP)) are briefly described as follows. q-composite KP establishes a secure link with at least q common keys between two neighboring nodes, and the q-composite KP with q = 1 is reduced as the conventional KP. Obviously, the large value of q more effectively resists NAs, but the link connectivity is reduced. Another way for improving NA resiliency is HKP. Each sensor node stores the hash key $h^i(x)$, where i is the node ID, unlike the KP that stores the raw key. HKP has the same link connectivity as KP, but it needs extra hash operations. This is because any two nodes (say node #a and node #b) storing $h^{i_a}(x)$ and $h^{i_b}(x)$, where $i_a<i_b$, may share a secret key $h^{i_b}(x)$. For this case, node #b uses its hashed key $h^{i_b}(x)$, while node #a obtains $h^{i_b}(x)$ from its hashed key $h^{i_a}(x)$ by using $h^{(i_b-i_a)}(h^{i_a}(k))=h^{i_b}(k)$. Meantime, HKP can improve NA resiliency. Suppose a captured node #c has a hashed key $h^{i_c}(x)$ in its key ring and that the hash index $i_c$ is greater than $i_b$. If node #c is compromised, the hashed key $h^{i_c}(k)$ cannot be used to eavesdrop in the link between nodes #a and #bc because attackers cannot compute $h^{i_b}(k)$ backward from $h^{i_c}(k)$. To further enhance NA resiliency, HKP using a parameter key-chain length L is introduced. Namely, we can store the hashed key in $h^i(k)$, where 0 ≤ i ≤ (L − 1), for a sensor node according to its node ID (mod L). When the key-chain length L is used, the number of hash operations is limited to L, thereby reducing the computational complexity.

Next, we use an example including six sensor nodes with IDs #7, #8, #9, #12, #14, and #27 to briefly describe q-composite KP and HKP. As illustrated in Figure 1, the key ring size is m = 4. Figure 1a is single-composite KP (q = 1). There are four links with q ≥ 1 for any two neighbor nodes: $(\#7\leftrightarrow \#8)$, $(\#9\leftrightarrow \#12)$, $(\#7\leftrightarrow \#27)$, and $(\#14\leftrightarrow \#27)$. For example, nodes #14 and #27 have the same two keys (k₂ and k₃) in their key rings. Since q = 1, these two nodes can use any one key (k₂ or k₃) to establish a secure link. Consider the case q = 2 (dual-composite KP). Two nodes need q′ ≥ 2 keys (say $k_1, k_2, \dots , k_{q^{\prime }}$) to establish a secure link. For dual-composite KP, only one link $(\#14\leftrightarrow \#27)$ with a hybrid of $k_2$ and $k_3$ (for example, using a hashed key $f(k_2||k_3)$) can be established. The large q enhances NA resiliency because attackers need more captured keys to obtain the hashed keys. However, this is also the reason that the connectivity is reduced, because the link is established by q keys. For the single-composite scheme in Figure 1a, when node #12 is captured, attackers having $k_9$ can compromise the link $(\#7\leftrightarrow \#8)$. But, for the case q = 2, attackers cannot compromise this link because this link $(\#7\leftrightarrow \#8)$ cannot be established.

q-composite HKP is q-composite KP but storing the hashed keys in a key ring. Figure 1b is single-composite HKP. Similarly to single-composite KP in Figure 1a, all the secure links for $(\#7\leftrightarrow \#8)$, $(\#9\leftrightarrow \#12)$, $(\#7\leftrightarrow \#27)$, and $(\#14\leftrightarrow \#27)$ can be established by using hashed keys instead of raw keys. For example, the link $(\#7\leftrightarrow \#27)$ in Figure 1a uses the raw key $k_2$, but the link $(\#7\leftrightarrow \#27)$ in Figure 1b uses the hashed key $h^{27}(k_2)$. It is observed that the connectivity of single-composite HKP is not reduced, but node #7 needs extra 20 hash operations to obtain $h^{27}(k_2)$ from $h^7(k_2)$. The NA resiliency of single-composite HKP is enhanced. For example, in Figure 1b, the hashed key $h^{12}(k_9)$ in the captured node #12 cannot be used to compromise the link $(\#7\leftrightarrow \#8)$ using $h^8(k_9)$ since attackers cannot backward- compute the hash chain. As described above, q-composite HKP needs hash operations between two nodes #i and #j to share a common key. Thus, the large scale of the WSN results in heavy computation overhead. To reduce hash operations, a parameter key-chain length L is introduced. The hashed keys $h^i(k)$ and $h^j(k)$ in nodes #i and #j are replaced by $h^{i(\mathrm{mod} L)}(k)$ and $h^{j(\mathrm{mod} L)}(k)$. Finally, the number of required hash operations $\left|i(\mathrm{mod} L\right)-j(\mathrm{mod} L\left)\right|$ for establishing a pairwise key is reduced and bounded by L. Single-composite HCKP using L = 10 is shown in Figure 1c, in which both nodes #7 and #27 use the hashed key $h^7(k_2)$ to establish a secure link. Compared with Figure 1b, using L = 10 does not need extra hash operations for the link $(\#7\leftrightarrow \#27)$. Although using L reduces hash operations, its resiliency against NAs is also degraded. We use the following case to show this reduction in resiliency. As shown in Figure 1c, the attacker can capture node #12 with $h^2(k_9)$ to obtain $h^8(k_9)$ and then compromise the link $(\#7\leftrightarrow \#8)$ using the hashed key $h^8(k_9)$. However, in Figure 1b, the attacker captures node #12 but cannot compromise the link $(\#7\leftrightarrow \#8)$ because he cannot obtain $h^8(k_9)$ from $h^{12}(k_9)$.

3. Motivation

Due to the power limit constraint of sensors, it is a critical issue to save energy consumption in WSNs, especially in a large-scale sensor network. One possible solution for reducing energy consumption and, in the meantime, maintaining performance with the increment in sensor nodes is to deploy a multiple-sink WSN (MWSN) [20,21,22,23,24,25]. The above implies that the MWSN approach could deal with concerns about “energy consumption” and “increment of sensor nodes” in WSNs. This motivates us to study secure communications in MWSNs.

An MWSN includes a number of clusters (groups) with a sink node for each group. As illustrated in Figure 2, there are six groups A~F in this MWSN.

The sensor nodes in a group can gather data and send them back to the backend database via a sink node in its group. In this paper, we study KP in an MWSN environment. We first consider an intragroup case with all the nodes in a group (say group A). Suppose any two neighbor nodes in the following links, $(\text{\#}3\leftrightarrow 1\leftrightarrow \#10\leftrightarrow \boxed{\mathrm{S}})$, $(\text{\#}5\leftrightarrow \#8\leftrightarrow \boxed{\mathrm{S}})$, and $(\text{\#}7\leftrightarrow \#11\leftrightarrow \#8\leftrightarrow \boxed{\mathrm{S}})$, have a common key; then, nodes #3, #5, and #7 can gather data and send them back to the sink node through these secure links, respectively. It is observed that nodes #5 and #11 are in two intersecting groups (A and B) and (A and C), and the node #7 is in three intersecting groups (A, B, and C). The nodes in intersecting groups can connect with nodes in different groups. For example, node #5 can send data back through the sink node in group B. Next, we discuss the intergroup case. The nodes in different groups which are not located in intersecting areas have no same key in their key rings. Thus, they cannot establish a secure link. For example, the following could not establish secure links: node #2 in group A and node #6 in group B (#2#6), node #4 in group B and node #13 in group D (#4#13), and node #12 in group E and node #9 in group F (#12#9). The reason we do not let the nodes in two groups establish secure links is to control the stream flow diversion from data collection for saving on energy consumption.

Based on the above observations, we formally define intragroup and intergroup conditions when dealing with I²KP in an MWSN environment.

(1)

Intragroup condition: The nodes in each group with a common sink node have a pairwise key predistribution ability like in KP. The nodes located in more intersecting groups have the highest probability to establish secure links with other neighboring nodes in the whole MWSN.

(2)

Intergroup condition: The nodes in different groups are disjointed pairwise for the key ring, and, thus, they do not have the same keys to establish secure links.

Condition (1) lets the node pairwisely share a common key between two neighbor nodes to gather data and send them back via the sink node within one group. If the nodes are in intersecting groups, the secure links and the sink nodes may be more than one. This condition assures I²KP has the capability of using multiple sink nodes to gather data. For this case, the nodes in intersecting groups could have different path selections (it has higher connectivity than others that are not in intersecting groups) to pass collected data via various sink nodes, and we can use path switching to improve energy efficiency. Regarding condition (2), node #2 in group A and node #6 in group C are in different groups (see Figure 2). Thus, nodes #2 and #6 are not in intersected groups and are disjointed pairwise for the key ring. Generally, the nodes in two pairwise-disjointed areas for the key ring are some distance away. If they cannot establish a link, we have a short path selection to improve energy efficiency. The above motivates us to study I²KP for large-scale MWSNs.

4. The Proposed I²KP

Three types of I²KP are designed. The first is I²KP using different key pools (I²KPDP). I²KPDP is a trivial way to use conventional pairwise key predistribution for each group. However, the key ring size will be expanded for the nodes in intersecting groups. To reduce the key ring size of the sensor node, I²KP using the same key pool for all groups (I²KPSP) is proposed. I²KPDP and I²KPSP cannot resist a location-based NA (LNA). Attackers may know which nodes belong to which group from their locations. If an attacker has knowledge of the geometric locations of sensor nodes, he may intentionally capture the nodes in intersected groups to aggravate the NA. Both I²KPDP and I²KPSP suffer from this LNA. We design I²KP using a hash chain (I²KPHC) to effectively tackle LNAs.

4.1. The Proposed I²KPDP

We propose I²KPDP by using different a key pool for each group. Figure 3 illustrates an example of three groups, A, B, and C. Suppose that the number of all possible key rings of size $m_x$ selected from a key pool $S_x$ of size $\left|S_x\right|$ with no identical keys in the key rings, where x∈{A, B, C}, i.e., $S_A\cap S_B=\varphi$, $S_A\cap S_C=\varphi$, and $S_B\cap S_C=\varphi .$ The key selection rules for I²KPDP are described below. For a node in group x, $m_x$ keys are randomly selected from the key pool $S_x$. Thus, if the node is in the group $(x\cap y)$, there are a total of $(m_x+m_y)$ keys in its key ring. Obviously, the node in the group $(x\cap y\cap z)$ will have $(m_x+m_y+m_z)$ keys. For simplicity, we use $m=m_x=m_y=m_z$ and $\left|S\right|=\left|S_x\right|=\left|S_y\right|=\left|S_z\right|$ to describe I²KPDP. Seven disjointed areas A_i, 1 ≤ i ≤ 7, with a size of $\left|A_i\right|=n_i$ in Figure 3 are represented in Equation (1). Finally, nodes #5, #6, and #7 in areas A₅, A₆, and A₇ have a key ring size of m. Nodes #2, #3, and #4 in areas A₂, A₃, and A₄ have a key ring size of 2m, while node #1 in the A₁ area has a key ring size of 3m.

$$\left\{\begin{array}{l}{A}_1=(A\cap B\cap C); A_2=(A\cap B)-(A\cap B\cap C); A_3=(A\cap C)-(A\cap B\cap C)\hfill \\ A_4=(B\cap C)-(A\cap B\cap C); A_5=A-(A\cap B)-(A\cap C)+(A\cap B\cap C)\hfill \\ A_6=B-(A\cap B)-(B\cap C)+(A\cap B\cap C); A_7=C-(A\cap C)-(B\cap C)+(A\cap B\cap C)\hfill \end{array}\right.$$

(1)

Via [6,7], we could derive Equation (2) expressing the probability that any two nodes in the network group x ∈{A, B, C} share exactly l independent keys from the key pool $S_x$, where $\left|S_x\right|=\left|S\right|$.

$$P_{Share}^{(x)}(l)=\left(\begin{array}{c}\left|S\right|\\ l\end{array}\right)\left(\begin{array}{c}\left|S\right|-l\\ 2(m-l)\end{array}\right)\left(\begin{array}{c}2(m-l)\\ m-l\end{array}\right)/{\left(\begin{array}{c}\left|S\right|\\ m\end{array}\right)}^2$$

(2)

Let $P_{Share}^{(x\cap y)}(l)$ be the probability that any two nodes in ($x\cap y$) share exactly l independent keys and $P_{Share}^{(x\cap y\cap z)}(l)$ be the probability that any two nodes in ($x\cap y\cap z$) share exactly l independent keys. Based on Equation (2), $P_{Share}^{(x\cap y)}(l)$ and $P_{Share}^{(x\cap y\cap z)}(l)$ are derived in Equation (3), where $P_{Share}^{(x)}(l)=P_{Share}^{(y)}(l)=P_{Share}^{(z)}(l)$.

$$\left\{\begin{array}{l}{P}_{Share}^{(x\cap y)}(l)={\displaystyle \sum _{0\le l_1, l_2\le l \mathrm{and} l_1+l_2=l}\left(P_{Share}^{(x)}(l_1)+P_{Share}^{(y)}(l_2)\right)}\\ P_{Share}^{(x\cap y\cap z)}(l)={\displaystyle \sum _{0\le l_1, l_2, l_3\le l \mathrm{and} l_1+l_2+l_3=l}\left(P_{Share}^{(x)}(l_1)+P_{Share}^{(y)}(l_2)+P_{Share}^{(z)}(l_3)\right)}\end{array}\right.$$

(3)

Obviously, any two nodes in x, $(x\cap y)$, and $(x\cap y\cap z)$ may share the common keys from the key pools $S_x$, $(S_x\cup S_y)$, and $(S_x\cup S_y\cup S_z)$, respectively. The following shows how any two nodes in the whole group $G=A\cup B\cup C$ share the common keys. However, if one node is in x and the other node is in $(x\cap y)$, they could only use the common key pool $S_x$. Figure 4 shows the cases between subgroups in group A.

The links $(\text{\#}5\leftrightarrow \#1)$, $(\text{\#}5\leftrightarrow \#2)$, $(\text{\#}5\leftrightarrow \#3)$, and $(\text{\#}2\leftrightarrow \#3)$ use the keys from $S_A$, while the links $(\text{\#}1\leftrightarrow \#2)$ and $(\text{\#}1\leftrightarrow \#3)$ use the keys from $(S_A\cup S_B)$ and $(S_A\cup S_C)$, respectively. Because we use the condition $m=m_x=m_y=m_z$ and $\left|S\right|=\left|S_x\right|=\left|S_y\right|=\left|S_z\right|$, we have $P_{Share}^{(x)}(l)=P_{Share}^{(y)}(l)$ $=P_{Share}^{(z)}(l)$ and $P_{Share}^{(x\cap y)}(l)=P_{Share}^{(y\cap z)}(l)=P_{Share}^{(x\cap z)}(l)$. To more simply denote the probabilities, we use $P_{Share}^{(1)}(l)$, $P_{Share}^{(2)}(l)$, and $P_{Share}^{(3)}(l)$ to represent the probabilities for single-intersected, double-intersected and triple-intersected groups, respectively (note: $P_{Share}^{(1)}(l)$ is the same as that in the conventional KP). The probabilities $P_{Share}^{(A)}(l)$, $P_{Share}^{(B)}(l)$, and $P_{Share}^{(C)}(l)$ using the keys from $S_A$, $S_B$, and $S_C$, respectively, share exactly l independent keys for I²KPDP as derived in Lemma 1.

Lemma 1.

The intragroup probabilities $P_{Share}^{(A)}(l)$, $P_{Share}^{(B)}(l)$, and $P_{Share}^{(C)}(l)$ for I²KPDP, as shown in Figure 2, are derived in Equations (4), (5), and (6), respectively.

Proof. 

As illustrated in Figure 3, we consider that one node i in $A_1$, $A_2$, $A_3$, and $A_5$ (note: $A=A_1\cup A_2\cup$ $A_3\cup A_5$), respectively, and one node j in A to communicate with each other (see Figure 4). All the possible choices of nodes i and j in A are $|A{|}^2=n^2$. Finally, the average probability $P_{Share}^{(A)}(l)$ is derived as follows.

$$\left\{\begin{array}{l}{P}_{Share}^{(A)}(l)=\left(\begin{array}{c}\stackrel{\mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_1}{\overbrace{{\displaystyle {\sum }_{i\in A_1}{\displaystyle {\sum }_{j\in A_1}{P}_{Share}^{(3)}(l)}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} \text{{}{A}_2, A_3\}}{\overbrace{{\displaystyle {\sum }_{i\in A_1}{\displaystyle {\sum }_{j\in \text{{}{A}_2, A_3\}}{P}_{Share}^{(2)}(l)}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_5}{\overbrace{{\displaystyle {\sum }_{i\in A_1}{\displaystyle {\sum }_{j\in A_5}{P}_{Share}^{(1)}(l)}}}}\\ +\stackrel{\mathrm{node} i \mathrm{in} A_2 \mathrm{node} j \mathrm{in} (A_1\cup A_2)}{\overbrace{{\displaystyle {\sum }_{i\in A_2}{\displaystyle {\sum }_{j\in (A_1\cup A_2)}{P}_{Share}^{(2)}(l)}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_2 \mathrm{node} j \mathrm{in} A-(A_1\cup A_2)}{\overbrace{{\displaystyle {\sum }_{i\in A_2}{\displaystyle {\sum }_{j\in \{A-(A_1\cup A_2)\}}{P}_{Share}^{(1)}(l)}}}}+\\ \stackrel{\mathrm{node} i \mathrm{in} A_3 \mathrm{node} j \mathrm{in} (A_1\cup A_3)}{\overbrace{{\displaystyle {\sum }_{i\in A_3}{\displaystyle {\sum }_{j\in (A_1\cup A_3)}{P}_{Share}^{(2)}(l)}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_3 \mathrm{node} j \mathrm{in} A-(A_1\cup A_3)}{\overbrace{{\displaystyle {\sum }_{i\in A_3}{\displaystyle {\sum }_{j\in \{A-(A_1\cup A_3)\}}{P}_{Share}^{(1)}(l)}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{{\displaystyle {\sum }_{i\in A_5}{\displaystyle {\sum }_{j\in A}{P}_{Share}^{(1)}(l)}}}}\end{array}\right)/|A{|}^2\\ =\left(\begin{array}{c}\left(n_5\times (2n-n_5)+2n_2{n}_3\right)\cdot P_{Share}^{(1)}(l)+\left(n_2^2+n_3^2\right.\\ \left.+2n_1(n_2+n_3)\right)\cdot P_{Share}^{(2)}(l)+n_1^2\cdot P_{Share}^{(3)}(l)\end{array}\right)/n^2\end{array}\right.$$

(4)

By the same argument, $P_{Share}^{(B)}(l)$ and $P_{Share}^{(C)}(l)$ are derived in Equations (5) and (6).

$$\left\{P_{Share}^{(B)}(l)=\left(\begin{array}{c}\left(n_6\times (2n-n_6)+2n_2{n}_4\right)\cdot P_{Share}^{(1)}(l)+\left(n_2^2+n_4^2\right.\\ \left.+2n_1(n_2+n_4)\right)\cdot P_{Share}^{(2)}(l)+n_1^2\cdot P_{Share}^{(3)}(l)\end{array}\right)/n^2\right.$$

(5)

$$\left\{P_{Share}^{(C)}(l)=\left(\begin{array}{c}\left(n_7\times (2n-n_7)+2n_3{n}_4\right)\cdot P_{Share}^{(1)}(l)+\left(n_3^2+n_4^2\right.\\ \left.+2n_1(n_3+n_4)\right)\cdot P_{Share}^{(2)}(l)+n_1^2\cdot P_{Share}^{(3)}(l)\end{array}\right)/n^2\right.$$

(6)

Based on $P_{Share}^{(x)}(l)$, the probability that two given intragroup nodes establish a secure link is $P_{Link-Est}^{(x)}={\displaystyle \sum _{l=q}^m{P}_{Share}^{(x)}(l)}$, where x, y, z∈{A, B, C}. Next, we prove that our I²KPDP satisfies the intragroup and intergroup conditions. □

Theorem 1.

The proposed q-composite I²KPDP in Figure 3 satisfies intragroup and intergroup conditions.

Proof. 

We first prove that q-composite I²KPDP satisfies the intragroup condition. In each group, we have the probability $P_{Link-Est}^{(A)}$, $P_{Link-Est}^{(B)}$, and $P_{Link-Est}^{(C)}$ to establish a secure link. The link connectivity is the same as the connection like in KP. Since the nodes in more intersecting groups have a higher probability of establishing a link, we consider the node in single-intersected (the nodes in A₅, A₆, and A₇), double-intersected (the nodes in A₂, A₃, and A₄), and triple-intersected (the nodes in A₁) groups. Let ${\mathbf{G}}_{Link-Area}^{(A_i\to \mathbf{G})}$, where $G=A\cup B\cup C={\displaystyle {\cup }_{i=1}^7{A}_i}$, be the set of subgroups that the nodes in $A_i$ could establish a secure link with the nodes in this set. Obviously, Equation (7) implies that the nodes in more intersected groups can establish a link with more nodes in the whole group G.

$$\begin{array}{l}\left\{\begin{array}{l}{\mathbf{G}}_{Link-Est}^{(A_5\to G)}=\{A_1, A_2, A_3, A_5\}\Rightarrow \left|{\mathbf{G}}_{Link-Est}^{(A_5\to G)}\right|=\left|A_1+A_2+A_3+A_5\right|\\ {\mathbf{G}}_{Link-Est}^{(A_2\to G)}=\{A_1, A_2, A_3, A_4, A_5, A_6\}\Rightarrow \left|{\mathbf{G}}_{Link-Est}^{(A_2\to G)}\right|=\left|A_1+A_2+A_3+A_4+A_5+A_6\right|\\ {\mathbf{G}}_{Link-Est}^{(A_1\to G)}=\{A_1, A_2, A_3, A_4, A_5, A_6, A_7\}\Rightarrow \left|{\mathbf{G}}_{Link-Est}^{(A_1\to G)}\right|=\left|A_1+A_2+A_3+A_4+A_5+A_6+A_7\right|\end{array}\right.\\ \Rightarrow \left|{\mathbf{G}}_{Link-Est}^{(A_1\to G)}\right|>\left|{\mathbf{G}}_{Link-Est}^{(A_2\to G)}\right|>\left|{\mathbf{G}}_{Link-Est}^{(A_5\to G)}\right|\end{array}$$

(7)

Next, we prove the intergroup condition. The nodes in the two groups A and B obtain the keys from key pools $S_A$ and $S_B$, respectively, where $S_A\cap S_B=\varphi$. Thus, the nodes in group A and the nodes in group B cannot establish secure links except in the intersected group $(A\cap B)$. The above implies that the proposed I²KPDP satisfies intragroup and intergroup conditions. □

The resiliency against NAs for our I²KPDP is described as follows. I²KPDP dealing with one group is reduced as in conventional KP. We first show NA resiliency for conventional KP and then give a formal analysis of our I²KPDP. Suppose that k nodes are captured in a random fashion, and the stored keys are compromised. Because each node contains m keys, the probability that a given key is uncompromised is ${\left(\begin{array}{c}1-m\end{array}/\left|S\right|\right)}^k$. On the contrary, the probability that a given key has been known is $1-{\left(\begin{array}{c}1-m\end{array}/\left|S\right|\right)}^k$. If the key of a link between two nodes is the hybrid of l shared keys, the probability of that link being compromised is ${\left(1-{\left(1-\begin{array}{c}m\end{array}/\left|S\right|\right)}^k\right)}^l$. Then, the probability that any secure link between two uncompromised nodes is compromised when k nodes are captured in group x is calculated in Equation (8), which is the same as in KP [6,7].

$$P_{Link-Com}^{(x)}={\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\begin{array}{c}m\end{array}/\left|S\right|\right)}^k\right)}^l\cdot P_{Share}^{(x)}(l)/{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(x)}(l)}}$$

(8)

For the proposed I²KPDP, the nodes in different areas have a different number of keys in their key rings. Thus, we should give different analyses for the probability that any secure link between two uncompromised nodes in $G=(A\cup B\cup C)$ is compromised when k nodes are captured. For k captured nodes, it is not reasonable to consider all k captured nodes are randomly distributed in the large-scale MWSN G with many groups (say 200 groups). The case “k captured nodes” in such a large-scale G does not work for an NA, because there is a very low probability that the k captured nodes are selected from the same key pool. An NA attack does not work in this case. The following scenario about an NA in I²KPDP is more possible and reasonable. The attacker could know the nodes belonging to which group, but he does not know whether the nodes are located in intersected groups. As we know, the probability $P_{Link-Com}^{(x\to x)}$ of I²KPDP is the same as $P_{Link-Com}^{(x)}$ in conventional KP. Therefore, we discuss the probabilities $P_{Link-Com}^{(x\to G)}$, where x∈{A, B, C}, for I²KPDP that any secure link between two uncompromised nodes is compromised in the whole group G when k nodes are captured in a random fashion in group x. All the probabilities $P_{Link-Com}^{(A\to G)}$, $P_{Link-Com}^{(B\to G)}$, and $P_{Link-Com}^{(C\to G)}$ are derived in Theorem 2. To simply represent the probabilities $P_{Link-Com}^{(A\to G)}$, $P_{Link-Com}^{(B\to G)}$, and $P_{Link-Com}^{(C\to G)}$, assume that the intersecting group does not have many sensors (note: this is a reasonable assumption). Suppose $n_1=n_2=n_3=n_4=$ $n/8$, and thus we have $n_5=n_6=n_7=5n/8$. By Equations (4)–(6), the values of $P_{Share}^{(A)}(l)=P_{Share}^{(B)}(l)=P_{Share}^{(C)}(l)$ are $\left(57P_{Share}^{(1)}+6P_{Share}^{(2)}+P_{Share}^{(3)}\right)/64$. The result implies that we can use $P_{Share}^{(x)}(l)\approx P_{Share}^{(1)}$ to simply derive $P_{Link-Com}^{(x\to G)}$, where x∈{A, B, C}.

Theorem 2.

In q-composite I²KPDP, when k nodes are captured randomly in groups A, B, and C, respectively, the probabilities $P_{Link-Com}^{(A\to G)}$, $P_{Link-Com}^{(B\to G)}$, and $P_{Link-Com}^{(C\to G)}$of a link being compromised are shown in Equations (9)–(11).

$$P_{Link-Com}^{(A\to G)}\approx \left({\displaystyle \frac{C_k^n+C_k^{n_1+n_2}+C_k^{n_1+n_3}}{3C_k^n}}\right)\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$$

(9)

$$P_{Link-Com}^{(B\to G)}\approx \left({\displaystyle \frac{C_k^n+C_k^{n_1+n_2}+C_k^{n_1+n_4}}{3C_k^n}}\right)\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$$

(10)

$$P_{Link-Com}^{(C\to G)}\approx \left({\displaystyle \frac{C_k^n+C_k^{n_1+n_3}+C_k^{n_1+n_4}}{3C_k^n}}\right)\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$$

(11)

Proof. 

Suppose that k captured nodes are selected in a random fashion in group A. There are a total of $C_k^n$ ways to select k captured nodes. As illustrated in Figure 3, we consider four cases: (i) all k captured nodes are in A₁, and there are $C_k^{n_1}$ types to select k captured nodes; (ii) all k captured nodes are in $A\cap B$ (i.e., $A_1\cup A_2$), excluding case (i), and there are $C_k^{n_1+n_2}-C_k^{n_1}$ types to select k captured nodes; (iii) all k captured nodes are in $A\cap C$ (i.e., $A_1\cup A_3$), excluding case (i), and there are $C_k^{n_1+n_3}-C_k^{n_1}$ types to select k captured nodes; (iv) all k captured nodes are in group A, excluding cases (i), (ii), and (iii), and there are $C_k^n-C_k^{n_1+n_2}-C_k^{n_1+n_3}+C_k^{n_1}$ types to select k captured nodes. The total number of these cases is $C_k^n$. For case (i), the captured keys from S_A, S_B, and S_C can be used to compromise the links in groups A, B, and C. By the same argument, when k nodes are captured for cases (ii) and (iii), the information of captured nodes can be used for compromising the links in A and B as well as A and C, respectively. The case (iv) is to compromise the links in group A excluding cases (i), (ii), and (iii). By the approximation $P_{Share}^{(x)}(l)\approx P_{Share}^{(1)}(l)$ and the derivation of $P_{Link-Com}^{(x)}$ in Equation (8), the probability $P_{Link-Com}^{(A\to G)}$ is approximately derived in Equation (12). This probability is divided by three because the size of the whole set G is about three times the size of group A, i.e., $\left|G\right|\approx 3\times \left|A\right|$. By the same argument, we could derive $P_{Link-Com}^{(B\to G)}$ and $P_{Link-Com}^{(C\to G)}$ in Equations (10) and (11).

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A\to G)}\approx {\displaystyle \frac{1}{3}}\cdot \{\stackrel{\mathrm{case} \left(\mathrm{i}\right)\text{:} \mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} 3 \mathrm{groups} A, B \mathrm{and} C}{\overbrace{{\displaystyle \frac{C_k^{n_1}}{C_k^n}}\cdot 3\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}}+\stackrel{\mathrm{case} \left(\mathrm{ii}\right)\text{:} \mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} 2 \mathrm{groups} A \mathrm{and} B}{\overbrace{{\displaystyle \frac{C_k^{n_1+n_2}-C_k^{n_1}}{C_k^n}}\cdot 2\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}}\\ +\stackrel{\mathrm{case} \left(\mathrm{iii}\right)\text{:} \mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} 2 \mathrm{groups} A \mathrm{and} C}{\overbrace{{\displaystyle \frac{C_k^{n_1+n_3}-C_k^{n_1}}{C_k^n}}\cdot 2\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}}+\stackrel{\mathrm{case} \left(\mathrm{iv}\right)\text{:} \mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} \mathrm{group} A}{\overbrace{{\displaystyle \frac{C_k^n-C_k^{n_1+n_2}-C_k^{n_1+n_3}+C_k^{n_1}}{C_k^n}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l}\right.}}\\ \left.\cdot {\displaystyle \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right))=\left({\displaystyle \frac{C_k^n+C_k^{n_1+n_2}+C_k^{n_1+n_3}}{3C_k^n}}\right)\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(12)

I²KPDP that adopts different key pools for different groups increases the key ring size. Sensor nodes in the intersected groups $(x\cap y)$ and $(x\cap y\cap z)$ must store 2m and 3m keys in the key ring, respectively. To reduce the storage sizes of sensors in intersected groups, we use the same key pool for all groups to design I²KPSP. □

4.2. The Proposed I²KPSP

The same key pool is used for all groups to reduce the key ring size. We also use three groups, A, B, and C, to describe I²KPSP (see Figure 5). For the key selection rules in I²KPSP, a nonce is randomly selected for a group. As illustrated in Figure 5, three nonces, r_A, r_B, and r_C, and one hash function $f(\cdot )$ are used in I²KPSP. For the nodes in $(x-(x\cap y)-(x\cap z))$, where x, y, z∈{A, B, C}, if m keys (say $K_i, 1\le i\le m$) are randomly selected from key pool S, then m hashed keys $(f(K_i+r_x), 1\le i\le m)$ are delivered to this node. For the nodes in $(x\cap y)$, (m + 2) values including m raw keys and two nonce $(\stackrel{m \mathrm{keys}}{\overbrace{K_i, 1\le i\le m}},\stackrel{2 \mathrm{nonce}}{\overbrace{r_x,r_y}})$ are given to the nodes, while the nodes in $(x\cap y\cap z)$ receive (m + 3) values including m raw keys and three nonces $(\stackrel{m \mathrm{keys}}{\overbrace{K_i, 1\le i\le m}},\stackrel{3 \mathrm{nonce}}{\overbrace{r_x,r_y,r_z}})$. Finally, as shown in Figure 5, nodes #5, #6, and #7 in areas A₅, A₆, and A₇ have a key ring of size m; nodes #2, #3, and #4 in areas A₂, A₃, and A₄ have a ring size of (m + 2); and node #1 in area A₁ has a key ring size of (m + 3). However, the key ring sizes of I²KPDP are 3m for A₁ and 2m for A₂, A₃, and A₄.

Suppose a key $K_{ID}$ with an identifier ID is selected from S given to a node. If node #a exists in the group $(x-(x\cap y)-(x\cap z))$, the node will receive the hashed key $f(K_{ID}+r_x)$. Suppose another node is also in $(x-(x\cap y)-(x\cap z))$. It may share the common key $f(K_{ID}+r_x)$ with node #a if it also has the same hashed key from key pool S. Consider the case that node #b is in $(x\cap y)$, $(x\cap z)$, or $(x\cap y\cap z)$ and has a key with the same identifier. It receives the raw key $K_{ID}$ with the nonce $(r_x, r_y)$, $(r_x, r_z)$, or $(r_x, r_y, r_z)$. For these cases, node #b has the nonce $r_x$, and it can calculate the hashed key $f(K_{ID}+r_x)$ to share the common key with node #a. In I²KPSP, we use an extra nonce to share the pairwise key between nodes.

In the same group x, both nodes share exactly l independent keys from the key pool S that have the probability $P_{Share}^{(x)}(l)$ like in I²KPDP. Suppose two nodes in the intersected group $(x\cap y)$ have one same key $K_{ID}$; they could have the hashed keys $f(K_{ID}+r_x)$ and $f(K_{ID}+r_y)$ for establishing links. Thus, the probabilities that two nodes have exactly l independent keys in intersected groups are $\left(\begin{array}{c}\left|S\right|\\ l/2\end{array}\right)\left(\begin{array}{c}\left|S\right|-l/2\\ 2(m-l/2)\end{array}\right)\left(\begin{array}{c}2(m-l/2)\\ m-l/2\end{array}\right)/{\left(\begin{array}{c}\left|S\right|\\ m\end{array}\right)}^2$, on which the $P_{Share}^{(x\cap y)}(l)$ and $P_{Share}^{(x\cap y\cap z)}(l)$ of I²KPSP are derived in Equation (13).

$$\left\{\begin{array}{l}{P}_{Share}^{(x\cap y)}(l)=P_{Share}^{(x)}(l/2), \mathrm{where} l \mathrm{is} \mathrm{even}\\ P_{Share}^{(x\cap y\cap z)}(l)=P_{Share}^{(x)}(l/3), \mathrm{where} l \mathrm{is} \mathrm{a} \mathrm{multiple} \mathrm{of} 3\end{array}\right.$$

(13)

Same as I²KPDP, we use $P_{Share}^{(1)}(l)$, $P_{Share}^{(2)}(l)$, and $P_{Share}^{(3)}(l)$ to represent the probabilities for single-intersected, double-intersected, and triple-intersected groups. Then, for our I²KPSP, we can get $P_{Share}^{(A)}(l)$, $P_{Share}^{(B)}(l)$, and $P_{Share}^{(C)}(l)$ using the keys from the same key pool S with different nonces $x_A$, $x_B$, and $x_C$. Consider the same case $n_1=n_2=n_3=n_4=n/8$ in I²KPDP. The $P_{Share}^{(A)}(l)$ for I²KPSP is derived in Equation (14), which is approximated to $P_{Share}^{(A)}(l)\approx P_{Share}^{(1)}(l).$

$$\left\{\begin{array}{l}{P}_{Share}^{(A)}(l)=\left(\begin{array}{c}\left(n_5\times (2n-n_5)+2n_2{n}_3\right)\cdot P_{Share}^{(1)}(l)+\left(n_2^2+n_3^2\right.\\ \left.+2n_1(n_2+n_3)\right)\cdot P_{Share}^{(1)}(l/2)+n_1^2\cdot P_{Share}^{(1)}(l/3)\end{array}\right)/n^2\\ =\left(57P_{Share}^{(1)}(l)+6P_{Share}^{(1)}(l/2)+P_{Share}^{(1)}(l/3)\right)/64\end{array}\right.$$

(14)

We can also prove that I²KPSP satisfies intragroup and intergroup conditions, and we calculate the probabilities of a link being compromised: $P_{Link-Com}^{(A\to G)}$, $P_{Link-Com}^{(B\to G)}$, and $P_{Link-Com}^{(C\to G)}$ (same as Theorem 2). Although I²KPSP does not use a hash chain, it uses a hash function f(·) to generate hashed keys in the area $x-(x\cap y)-(x\cap z)$. We use the approximation $P_{Share}^{(x)}(l)\approx P_{Share}^{(1)}(l)$ in Lemma 1, i.e., we do not consider the intersected groups $P_{Share}^{(2)}(l)$. For $n_1=n_2=n_3=n_4=n/8$, we have $P_{Share}^{(x)}(l)=\left(57P_{Share}^{(1)}+6P_{Share}^{(2)}+P_{Share}^{(3)}\right)/64$. This implies the fractions of intersected groups $P_{Share}^{(2)}(l)$ and $P_{Share}^{(3)}(l)$ are very small. In fact, there is already a large portion $57/64\cdot P_{Share}^{(1)}(l)$ in Equation (14) for $n_1=n_2=n_3=n_4=n/8$, and thus we consider using $P_{Share}^{(1)}(l)$ only. Four cases using $P_{Share}^{(1)}(l)$ in group A as deriving $P_{Share}^{(A)}(l)$ are (i) node i in $A_1$ and node j in $A_5$, (ii) node i in $A_2$ and node j in $A-(A_1\cup A_2)$, (iii) node i in $A_3$ and node j in $A-(A_1\cup A_3)$, and (iv) node i in $A_5$ and node j in A. Two hash operations are required when nodes i and j are in $A_2$ and $A_3$, respectively. Note: even though two nodes have raw keys, we use a hashed key to establish a link for keeping consistency in the whole group. The above concludes that the average number of hash operations per node to share a common key in group A is $N_{ave}^{(A)}=$ $(2n_5(n-n_5)+4n_2{n}_3)/n^2$ (see Equation (15)).

$$\left\{\begin{array}{l}{N}_{avg}^{(A)}={\displaystyle \frac{1}{n^2}}\cdot (\stackrel{\mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_5}{\overbrace{1 \mathrm{hash} \mathrm{ops}}}+\stackrel{\mathrm{node} i \mathrm{in} A_2 \mathrm{node} j \mathrm{in} A-(A_1\cup A_2)}{\overbrace{\stackrel{i \mathrm{in} A_2 j \mathrm{in} A_5}{\overbrace{1 \mathrm{hash} \mathrm{ops}}}+\stackrel{i \mathrm{in} A_2 j \mathrm{in} A_3}{\overbrace{2 \mathrm{hash} \mathrm{ops}}}}}+\stackrel{\mathrm{node} i \mathrm{in} A_3 \mathrm{node} j \mathrm{in} A-(A_1\cup A_3)}{\overbrace{\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_5}{\overbrace{1 \mathrm{hash} \mathrm{ops}}}+\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_2}{\overbrace{2 \mathrm{hash} \mathrm{ops}}}}}\\ +\stackrel{\mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{\stackrel{i \mathrm{in} A_5 j \mathrm{in} A_5}{\overbrace{0 \mathrm{hash} \mathrm{ops}}}+\stackrel{i \mathrm{in} A_5 j \mathrm{in} (A-A_5)}{\overbrace{1 \mathrm{hash} \mathrm{ops}}}}})=(2n_5(n-n_5)+4n_2{n}_3)/n^2\end{array}\right.$$

(15)

By the same argument, the average numbers of hash operations are $N_{avg}^{\left(B\right)}=$ $(2n_6(n-n_6)+4n_2{n}_4)/n^2$ and $N_{avg}^{\left(C\right)}=(2n_6(n-n_6)+4n_2{n}_4)/n^2$ for groups B and C. Each node in group x performs the hash function f(·) an average of $N_{avg}^{(x)}$ times on all the l shared keys where l ≥ q. Since $P_{Share}^{(1)}(l)/P_{Link-Est}^{(1)}$ is the probability that an established link is secured with l keys for a single-intersected group, the total average number $N_{{\mathrm{I}}^2\mathrm{KPSP}}^{\left(x\right)}, x\in \{A, B ,C\}$ of hash operations in group x for q-composite I²KPSP is calculated in Equation (16).

$$\left\{\begin{array}{l}{N}_{{\mathrm{I}}^2\mathrm{KPSP}}^{\left(x\right)}=N_{avg}^{(x)}\times {\displaystyle \sum _{l=q}^m\left(l\times \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}\right),} \mathrm{where} x\in \{A, B, C\}, N_{avg}^{(A)}=(2n_5(n-n_5)+4n_2{n}_3)/n^2\\ , N_{avg}^{(B)}=(2n_6(n-n_6)+4n_2{n}_4)/n^2 \mathrm{and} N_{avg}^{(C)}=(2n_7(n-n_7)+4n_3{n}_4)/n^2\end{array}\right.$$

(16)

I²KPDP and I²KPSP do not have resiliency against LNAs, since attackers may know the nodes belong to the intersected groups from their locations. By an LNA, attackers could intentionally capture k nodes in the intersected groups A₁, A₂, A₃, and A₄. Theorem 3 shows all the probabilities $P_{Link-Com}^{(A_1\to G)}$, $P_{Link-Com}^{(A_2\to G)}$, and $P_{Link-Com}^{(A_3\to G)}$ greater than $P_{Link-Com}^{(A\to G)}$, and this means that an LNA is more severe and damaging than an NA. When compared with the case where k nodes are captured in a random fashion in group A, the captured nodes in the intersected groups A₁, A₂, and A₃ aggravate the NA attack.

Theorem 3.

In q-composite I²KPDP and I²KPSP, when k nodes are captured randomly in the intersected groups $A_1$, $A_2$, and $A_3$ (i.e., using LNA), the probabilities $P_{Link-Com}^{(A_1\to G)}$, $P_{Link-Com}^{(A_2\to G)}$, and $P_{Link-Com}^{(A_3\to G)}$ of a link being compromised are greater than the probability $P_{Link-Com}^{(A\to G)}$.

Proof. 

Suppose k captured nodes are in $A_1$, and there are $C_k^{n_1}$ types to select k captured nodes. Because of using an LNA, attackers could capture all these k nodes in $A_1$. Thus, based on the notion of Equation (12), we can derive $P_{Link-Com}^{(A_1\to G)}$, $P_{Link-Com}^{(A_2\to G)}$, and $P_{Link-Com}^{(A_3\to G)}$ as follows.

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_1\to G)}\approx {\displaystyle \frac{1}{3}}\cdot (\stackrel{\begin{array}{c}\mathrm{attacker} \mathrm{intentionally}\\ \mathrm{capture} k \mathrm{nodes} \mathrm{in} A_1\end{array}}{\overbrace{{\displaystyle \frac{C_k^{n_1}}{C_k^{n_1}}}}}\cdot \stackrel{\mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} \mathrm{three} \mathrm{groups} A, B \mathrm{and} C}{\overbrace{3\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}})=\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ P_{Link-Com}^{(A_2\to G)}\approx {\displaystyle \frac{1}{3}}\cdot (\stackrel{\begin{array}{c}\mathrm{attacker} \mathrm{intentionally}\\ \mathrm{capture} k \mathrm{nodes} \mathrm{in} A_2\end{array}}{\overbrace{{\displaystyle \frac{C_k^{n_2}}{C_k^{n_2}}}}}\cdot \stackrel{\mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} \mathrm{two} \mathrm{groups} A \mathrm{and} B}{\overbrace{2\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}})={\displaystyle \frac{2}{3}}\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ P_{Link-Com}^{(A_3\to G)}\approx {\displaystyle \frac{1}{3}}\cdot (\stackrel{\begin{array}{c}\mathrm{attacker} \mathrm{intentionally}\\ \mathrm{capture} k \mathrm{nodes} \mathrm{in} A_3\end{array}}{\overbrace{{\displaystyle \frac{C_k^{n_3}}{C_k^{n_3}}}}}\cdot \stackrel{\mathrm{compromise} \mathrm{the} \mathrm{links} \mathrm{in} \mathrm{two} \mathrm{groups} A \mathrm{and} C}{\overbrace{2\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)}})={\displaystyle \frac{2}{3}}\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(17)

Via Equation (12), we have $P_{Link-Com}^{(A\to G)}\approx \left({\displaystyle \frac{C_k^n+C_k^{n_1+n_2}+C_k^{n_1+n_3}}{3C_k^n}}\right)\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$. Since $n_1<<n$, $n_2<<n$, and $n_3<<n$, $(C_k^{n_1+n_2}+C_k^{n_1+n_3})<C_k^n$. Finally, we have $P_{Link-Com}^{(A_1\to G)}$, $P_{Link-Com}^{(A_2\to G)}$, and $P_{Link-Com}^{(A_3\to G)}$ greater than $P_{Link-Com}^{(A\to G)}$. □

The above demonstrates that I²KPDP and I²KPSP do not have resiliency against LNAs. In addition, for I²KPSP, the nodes in intersected groups store the nonce in plaintext type. The attacker can capture only one node to obtain the nonce. Thus, if an attacker compromises one node in area A₁ to get r_C, he can capture nodes in A₂ for raw keys and then compromise the link in group C with the compromised raw keys in A₂. To effectively tackle LNAs and solve the above problem in I²KPSP, we adopt a hash chain to design I²KPHC.

4.3. The Proposed I²KPHC

We adopt the hash chain approach in [7] and, in the meantime, give the nodes in intersected groups the large node identifier “j” to resist LNAs, where 1 ≤ j ≤ n and the value n is the group size (the number of nodes for each group). In fact, we can use different key pools like in I²KPDP or a single pool like in I²KPSP to design the proposed I²KPHC. When using different key pools, we just need one hash function, while we need different hash functions for different groups when using one key pool. We also use three groups, A, B, and C, to describe I²KPHC. As illustrated in Figure 6, we adopt one key pool S and three hash functions, $h_A(\cdot )$, $h_B(\cdot )$, and $h_C(\cdot )$, for each group to describe our I²KPHC.

Consider a node with ID “j” for the following cases: (i) in group $(x-(x\cap y)-(x\cap z))$, (ii) in group $(x\cap y)$, and (iii) in group $(x\cap y\cap z)$, where x, y, z∈{A, B, C}. Suppose m random keys (say $K_1~K_m$) are selected from key pool S, then m hashed keys $(\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_x(\cdot )}{\overbrace{h_x^j(K_1)~h_x^j(K_m)}})$ are given to node #j in group $(x-(x\cap y)-(x\cap z))$. There are 2m hashed keys $(\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_x(\cdot )}{\overbrace{h_x^j(K_1)~h_x^j(K_m)}},\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_y(\cdot )}{\overbrace{h_y^j(K_1)~h_y^j(K_m)}})$ and 3m hashed keys $(\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_x(\cdot )}{\overbrace{h_x^j(K_1)~h_x^j(K_m)}},$ $\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_y(\cdot )}{\overbrace{h_y^j(K_1)~h_y^j(K_m)}},\stackrel{m \mathrm{hashed} \mathrm{keys} \mathrm{using} h_z(\cdot )}{\overbrace{h_z^j(K_1)~h_z^j(K_m)}})$ given to node #j in the intersected groups $(x\cap y)$ and $(x\cap y\cap z)$, respectively. Finally, as shown in Figure 5, nodes #5, #6, and #7 in areas A₅, A₆ and A₇ have a ring size of m; nodes #2, #3, and #4 in areas A₂, A₃, and A₄ have a ring size of 2m; and node #7 in A₁ area has a ring size of 3m.

Suppose a key $K_{ID}$ with an identifier ID is selected from S given to a node with node ID “$j_1$”. If the node is in the group $(x-(x\cap y)-(x\cap z))$, it receives the key $h_x^{j_1}(K_{ID})$. Suppose another node with node ID “$j_2$” is also in the group $(x-(x\cap y)-(x\cap z))$; it has $h_x^{j_2}(K_{ID})$. When $j_1>j_2$, the node #$j_2$ applies the hash function $h_x(\cdot )$ $(j_1-j_2)$ times on $h_x^{j_2}(K_{ID})$, and then both nodes may share a common key $h_x^{j_1}(K_{ID})$. Consider other cases for node #$j_2$ in (i) $(x\cap y)$, (ii) $(x\cap z)$, (iii) $(x\cap y\cap z)$, (iv) $(y-(x\cap y)-(y\cap z))$, and (v) $(z-(y\cap z)-(x\cap z))$. For cases (i), (ii), and (iii), node #$j_2$ also has $h_x^{j_2}(K_{ID})$ such that it can share the same key $h_x^{j_1}(K_{ID})$ with node #$j_1$. However, node #$j_2$ for cases (iv) and (v) only has $h_y^{j_2}(K_{ID})$ and $h_z^{j_2}(K_{ID})$, respectively, and thus it cannot share the common key with the node #$j_1$. Via the above observations, the approach using the hash function does not affect establishing a link, but it needs extra hash operations when establishing secure links. Although the I²KPHC in Figure 6 uses one key pool for all groups, it adopts different hash functions for different groups. All the properties of I²KPHC are more similar to those of I²KPSP, because both approaches use one key pool. However, I²KPHC has the same key ring sizes as I²KPDP. The probabilities $P_{Share}^{(x)}(l)$, $P_{Share}^{(x\cap y)}(l)$, $P_{Share}^{(x\cap y\cap z)}(l)$, $P_{Link-Est}^{(x)}$, $P_{Link-Est}^{(x\cap y)}$, and $P_{Link-Est}^{(x\cap y\cap z)}$, where x, y, and z∈{A, B, C}, are the same as in I²KPSP. And, the proposed I²KPHC also satisfies intragroup and intergroup conditions.

When compared with I²KPDP and I²KPDSP, the major difference of I²KPHC is resiliency against LNAs. LNA resiliency based on the hash chain is described as follows. The diagrammatic representation of key selection rules is illustrated in Figure 7. The number of nodes for each group is n ($\left|A\right|$=$\left|B\right|$=$\left|C\right|$=n). For simplicity, we use 1~n to represent the node ID “j”, where 1 ≤ j ≤ n. How to choose an encoded ID for sensor nodes for disjointed areas in groups A, B, and C to resist LNAs is given in Figure 7a–c, respectively.

Consider the key selections for group A, which is composed of four geometrically disjointed areas (A₁, A₂, A₃, A₅). From I²KPDP and I²KPSP, it is observed that the captured nodes in intersected groups, e.g., in $(x\cap y\cap z)$ and $(x\cap y)$, the NA will be seriously aggravated. Therefore, we define three levels of resiliency (high, medium, low) against NAs for the intersected groups: A₁ (triple-intersected), A₂ and A₃ (double-intersected), and A₅ (single-intersected)). We use medium resiliency for A₂ and A₃, because both areas have probabilities of compromised links in $(A\cap B)$ and $(A\cap C)$, respectively. The reason choosing high resiliency for A₁ is to resist the high probability of compromised links. The key selection for group A is illustrated in Figure 7a. We use the ID $j\in [n_2+n_3+n_5+1, n]$ to prepare a hashed key $h_A^j(Key)$ for $A_1$, the ID $j\in [n_2+n_5+1,$ $n_2+n_3+n_5]$ to prepare a hashed key $h_A^j(Key)$ for A₂, the ID $j\in [n_5+1, n_2+n_5]$ to prepare a hashed key $h_A^j(Key)$ for A₃, and the ID $j\in [1, n_5]$ to prepare a hashed key $h_A^j(Key)$ for A₅. When the nodes in A₁ are captured, an attacker has the hashed key $h_A^{j_1}(Key)$, where $j_1\in [n_2+n_3+n_5+1, n]$, but he cannot obtain the hashed key $h_A^{j_2}(Key)$ for node $\#j_2$ in areas A₂, A₃, and A₅ because $j_1>(n_2+n_3+n_5)\ge j_2$. We can also check another situation where if node $\#j_1$ is in areas A₂ and A₃ and node $\#j_2$ is in area $A_5$, both nodes $\#j_1$ and $\#j_2$ cannot share the common key. This is because $j_1\in [n_5+1, n_2+n_3+n_5]$ is greater than $j_2\in [1, n_5]$. Obviously, node $\#j_1$ in A₅ only has the probability to obtain the same hashed key $h_A^{j_2}(Key)$ with node $\#j_2$ also located in A₅. By the same argument, we can choose the hashed keys for sensor nodes in groups B and C. The key selections for groups B (including A₁, A₂, A₄, and A₆) and C (including A₁, A₃, A₄, and A₇) are shown in Figure 7b,c, respectively.

In [7], a parameter key-chain length L is introduced to reduce these hash operations. Each node #j applies one-way hash operation to their keys j (mod L) times instead of j times, namely storing ${h_x^j}^{ (\mathrm{mod} L)}(Key)$ instead of $h_x^j(Key)$. Finally, the number of hash operations for establishing a pairwise key is bounded by L. When adopting the notion of key-chain length L in I²KPHC to save energy consumption overhead, the key selections in Figure 7a–c should be a little modified. Here, we only use key selection for group A to describe the modification. We first define $L_1, L_2, L_3, \mathrm{and} L_5$, where $L=L_1+L_2+L_3+L_5$. The choice of these values can be determined according to the group size n and the reduction in computation overhead. After the key selection for group A in Figure 7a, let the node ID $j_{A_1}\in [n_2+n_3+n_5+1, n]$, $j_{A_2}\in [n_2+n_5+1, n_2+n_3+n_5]$, $j_{A_3}\in$ $[n_2+n_5+1, n_2+n_3+n_5]$, and $j_{A_5}\in [n_5+1, n_2+n_5]$. Next, we figure out the new modified ID ${j^{\prime }}_{A_1}$, ${j^{\prime }}_{A_2}$, ${j^{\prime }}_{A_3}$, and ${j^{\prime }}_{A_5}$ by Equation (18a). By the same argument, we may choose $L_4, L_6 \mathrm{and} L_7$ for $A_4, A_6 \mathrm{and} A_7$, and the new modified ID for groups B and C are given in Equations (18b) and (18c), respectively.

$$\left\{\begin{array}{l}{j^{\prime }}_{A_1}=j_{A_1} (\mathrm{mod} L_1)+(L_2+L_3+L_5);{j^{\prime }}_{A_2}=j_{A_2} (\mathrm{mod} L_2)+(L_3+L_5)\\ {j^{\prime }}_{A_3}=j_{A_3} (\mathrm{mod} L_3)+L_5;{j^{\prime }}_{A_5}=j_{A_5} (\mathrm{mod} L_5)\end{array}\right.$$

(18a)

$$\left\{\begin{array}{l}{j^{\prime }}_{A_1}=j_{A_1} (\mathrm{mod} L_1)+(L_2+L_4+L_6);{j^{\prime }}_{A_2}=j_{A_2} (\mathrm{mod} L_2)+(L_4+L_6)\\ {j^{\prime }}_{A_4}=j_{A_4} (\mathrm{mod} L_4)+L_6;{j^{\prime }}_{A_6}=j_{A_6} (\mathrm{mod} L_6)\end{array}\right.$$

(18b)

$$\left\{\begin{array}{l}{j^{\prime }}_{A_1}=j_{A_1} (\mathrm{mod} L_1)+(L_3+L_4+L_7);{j^{\prime }}_{A_3}=j_{A_3} (\mathrm{mod} L_3)+(L_4+L_7)\\ {j^{\prime }}_{A_4}=j_{A_4} (\mathrm{mod} L_4)+L_7;{j^{\prime }}_{A_7}=j_{A_7} (\mathrm{mod} L_7)\end{array}\right.$$

(18c)

We herein use the original node ID to more easily analyze the LNA resiliency of our I²KPHC. Actually, both have similar results. Lemma 2 shows the probability that a given key is known in the area $A_j$ when a node is randomly captured in the area $A_i$. And, the probability ${\alpha }_{A_i\to A_j}$, where $0\le {\alpha }_{A_i\to A_j}\le 1$, is referred to as an improvement in I²KPHC. Since each node has m keys from key pool S, the probability that a key has been discovered in $A_j$ when a node is compromised in $A_i$ is $({\alpha }_{A_i\to A_j}\cdot m/\left|S\right|)$ for I²KPHC. Thus, the value ${\alpha }_{A_i\to A_j}=1$ implies no improvement from using a hash chain, i.e., the probabilities of compromised links are unchanged. On the other hand, $({\alpha }_{A_i\to A_j}\cdot m/\left|S\right|)$ is 0 for ${\alpha }_{A_i\to A_j}=0$. Namely, the approach can completely tackle LNAs. The value ${\alpha }_{A_i\to A_j}$ ranging from 1 to 0 shows the attack mitigation of LNAs. A hash chain could reduce interception from the attacker, and that is why we call the value ${\alpha }_{A_i\to A_j}$ “improvement”.

Lemma 2.

When using the hash chain class with n ($h_x^j(Key), 1\le j\le n$ ) in I²KPHC, the probability ${\alpha }_{A_i\to A_j}$ is derived as follows.

$$\left\{\begin{array}{l}{\alpha }_{A_i\to A_j}=(n_i+1)/\left(2n_i\right); \mathrm{if} A_i=A_j\\ {\alpha }_{A_i\to A_j}=0 ; \mathrm{if} (\mathrm{node} \mathrm{ID} j_1\in A_i>j_2\in A_j)\vee (\mathrm{no} \mathrm{same} \mathrm{hash} \mathrm{function} \mathrm{in} A_i \mathrm{and} A_j)\\ {\alpha }_{A_i\to A_j}=1 ; \mathrm{if} (\mathrm{node} \mathrm{ID} j_1\in A_i\le j_2\in A_j)\wedge (\mathrm{one} \mathrm{same} \mathrm{hash} \mathrm{function} \mathrm{in} A_i \mathrm{and} A_j)\end{array}\right.$$

(19)

Proof. 

For the case $A_i=A_j$ with $\left|A_i\right|=n_i$ nodes in this area, suppose the node ID in $A_i$ ranges between $n_x$ and $(n_x+n_i-1)$. For any hashed key stored in the nodes in $A_i$, it is initially hashed $(n_x+w)$ times, where $0\le w\le (n_i-1)$, with a probability $1/n_i$. When a captured node is hashed $(n_x+w)$ times, the probability that a key has the same identifier can be figured out is $(n_i-w)/n_i$ (note: a hash function can only be accomplished forwardly). Thus, the probability to find a key having the same identifier with a compromised node is ${\displaystyle \sum _{w=0}^{n_i-1}1/n_i\cdot (n_i-w)/n_i}=(n_i+1)/(2n_i).$ Consider the case “(node ID j₁∈A_i > j₂∈A_j)$\vee$ (no same hash function in A_i and A_j)”. Firstly, the condition $j_1>j_2$ implies that even though both areas have same hash function $h_x(\cdot )$, the hashed key $h_x^{j_1}(Key)$ cannot be disclosed from $h_x^{j_2}(Key)$. Secondly, both areas with different hash function cannot have the same hashed key. Thus, we have ${\alpha }_{A_i\to A_j}=0$ for this case. Consider the other case “(node ID j₁∈A_i ≤ j₂∈A_j) $\wedge$ (one same hash function in A_i and A_j)”. Both areas have the same hash function $h_x(\cdot )$. Since $j_1$ ≤ $j_2$, the hashed key $h_x^{j_1}(Key)$ can be derived from $h_x^{j_2}(Key)$. This implies ${\alpha }_{A_i\to A_j}=1$. □

By LNAs, attackers could intentionally capture the nodes in intersected groups (A₁~A₄) to compromise the links. Consider intersected groups A₁, A₂, and A₃ in group A (note: the analysis for A₄ is the same as for A₂ and A₃ and is omitted here). In Theorem 4, the probabilities $P_{Link-Com}^{(A_1\to G)}$, $P_{Link-Com}^{(A_2\to G)}$, and $P_{Link-Com}^{(A_3\to G)}$ of I²KPHC are derived, where $P_{Link-Com}^{(A_1\to G)}$ and $P_{Link-Com}^{(A_2\to G)}$ are lesser than those in I²KPDP and I²KPSP, and $P_{Link-Com}^{(A_2\to G)}$ is almost the same. The result implies that the resiliency of I²KPHC against LNAs is enhanced.

Theorem 4.

In q-composite I²KPHC, k nodes are captured randomly in the intersected groups A₁, A₂, and A₃ (i.e., using LNA). When compared with I²KPDP and I²KPSP, I²KPHC has smaller $P_{Link-Com}^{(A_1\to G)}$and $P_{Link-Com}^{(A_2\to G)}$and almost the same $P_{Link-Com}^{(A_3\to G)}$.

Proof. 

Same as deriving the probabilities in Theorem 3, because there is already a large portion $57/64\cdot P_{Share}^{(1)}(l)$, we consider using $P_{Share}^{(1)}(l)$ only. Four cases using $P_{Share}^{(1)}(l)$ in group A as deriving $P_{Share}^{(A)}(l)$ are (i) node i in A₁ and node j in A₅, (ii) node i in A₂ and node j in $A-(A_1\cup A_2)$, (iii) node i in A₃ and node j in $A-(A_1\cup A_3)$, and (iv) node i in A₅ and node j in A. In case (i), two nodes can share a hashed key $h^i(Key)$ since i > j. Thus, the link may be compromised with the probability ${\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_1\to A_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}$ with the improvement ${\alpha }_{A_1\to A_1}=(n_1+1)/2n_1$. For cases (ii) and (iii), the improvements ${\alpha }_{A_1\to A_2}={\alpha }_{A_1\to A_3}=0$. Case (iv) is subdivided into node i in A₅ and node j in A₁, and node i in A₅ and node j in (A − A₁), and the improvement ${\alpha }_{A_1\to (A-A_1)}=0$. Based on the above observations, the probability $P_{Link-Com}^{(A_1\to A)}$ that k captured nodes are in A₁ is derived as follows.

$$\left(\begin{array}{l}{P}_{Link-Com}^{(A_1\to A)}\approx {\displaystyle \frac{1}{n^2}}\cdot (\stackrel{\mathrm{case} \left(\mathrm{i}\right)\text{:} \mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_5}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_1\to A_1}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}+\stackrel{\begin{array}{l}\mathrm{case} \left(\mathrm{ii}\right)\text{:} \mathrm{node} i \mathrm{in} A_2\\ \mathrm{node} j \mathrm{in} A-(A_1\cup A_2)\end{array}}{\overbrace{\begin{array}{c}0\\ (\because {\alpha }_{A_1\to A_2}=0)\end{array}}}+\stackrel{\begin{array}{l}\mathrm{case} \left(\mathrm{iii}\right)\text{:} \mathrm{node} i \mathrm{in} A_3\\ \mathrm{node} j \mathrm{in} A-(A_1\cup A_3)\end{array}}{\overbrace{\begin{array}{c}0\\ (\because {\alpha }_{A_1\to A_3}=0)\end{array}}}+\\ \stackrel{\mathrm{case} \left(\mathrm{iv}\right)\text{:} \mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{\stackrel{i \mathrm{in} A_5 j \mathrm{in} A_1}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_1\to A_1}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}+\stackrel{i \mathrm{in} A_5 j \mathrm{in} (A-A_1)}{\overbrace{\begin{array}{c}0\\ (\because {\alpha }_{A_1\to (A-A_1)}=0)\end{array}}}}})={\displaystyle \frac{2n_1{n}_5}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(20)

Same as deriving $P_{Link-Com}^{(A_1\to A)}$, we could derive $P_{Link-Com}^{(A_1\to B)}\approx {\displaystyle \frac{2n_1{n}_6}{n^2}}\cdot$ $\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$ and $P_{Link-Com}^{(A_1\to C)}\approx {\displaystyle \frac{2n_1{n}_7}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l}\right.$.$\left.{\displaystyle \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$. Then, the $P_{Link-Com}^{(A_1\to G)}$ is calculated as follows.

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_1\to G)}=P_{Link-Com}^{(A_1\to A)}+P_{Link-Com}^{(A_1\to B)}+P_{Link-Com}^{(A_1\to C)}\\ ={\displaystyle \frac{2n_1(n_5+n_6+n_7)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle \sum _{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(21)

For calculating $P_{Link-Com}^{(A_2\to G)}$ and $P_{Link-Com}^{(A_3\to G)}$, we first derive $P_{Link-Com}^{(A_2\to A)}$ in Equation (22). By the same argument, we also have $P_{Link-Com}^{(A_2\to B)}$, $P_{Link-Com}^{(A_3\to A)}$, and $P_{Link-Com}^{(A_3\to C)}$. Then, $P_{Link-Com}^{(A_2\to G)}$ and $P_{Link-Com}^{(A_3\to G)}$ are derived in Equations (23) and (24).

$$\left(\begin{array}{l}{P}_{Link-Com}^{(A_2\to A)}\approx {\displaystyle \frac{1}{n^2}}\cdot (\stackrel{\mathrm{case} \left(\mathrm{i}\right)\text{:} \mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_5}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_2\to A_1}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}+\stackrel{\begin{array}{l}\mathrm{case} \left(\mathrm{ii}\right)\text{:} \mathrm{node} i \mathrm{in} A_2\\ \mathrm{node} j \mathrm{in} A-(A_1\cup A_2)\end{array}}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_2\to A_2}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}\\ +\stackrel{\begin{array}{l}\mathrm{case} \left(\mathrm{iii}\right)\text{:} \mathrm{node} i \mathrm{in} A_3\\ \mathrm{node} j \mathrm{in} A-(A_1\cup A_3)\end{array}}{\overbrace{\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_2}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_2\to A_2}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}+\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_5}{\overbrace{\begin{array}{c}0\\ (\because {\alpha }_{A_2\to A_3}=0)\end{array}}}}}+\stackrel{\mathrm{case} \left(\mathrm{iv}\right)\text{:} \mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{\stackrel{i \mathrm{in} A_5 j \mathrm{in} A_1}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_2\to A_1}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}}}\\ \stackrel{\mathrm{case} \left(\mathrm{iv}\right)\text{:} \mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{+\stackrel{i \mathrm{in} A_5 j \mathrm{in} A_2}{\overbrace{{\displaystyle \sum _{l=q}^m{\left(1-{\left(1-{\alpha }_{A_2\to A_2}\cdot \frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}}}+\stackrel{i \mathrm{in} A_5 j \mathrm{in} (A_3\cup A_5)}{\overbrace{\begin{array}{c}0\\ (\because {\alpha }_{A_2\to (A_3\cup A_5)}=0)\end{array}}}}})\\ ={\displaystyle \frac{2n_1{n}_5}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(22)

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_2\to G)}=P_{Link-Com}^{(A_2\to A)}+P_{Link-Com}^{(A_2\to B)}\\ \approx {\displaystyle \frac{2n_1{n}_5}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ +{\displaystyle \frac{2n_1{n}_6}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_2(n_4+n_6)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ ={\displaystyle \frac{2n_1(n_5+n_6)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{4n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(23)

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_3\to G)}=P_{Link-Com}^{(A_3\to A)}+P_{Link-Com}^{(A_3\to C)}\\ \approx {\displaystyle \frac{2(n_1{n}_5+n_2{n}_3+n_2{n}_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_3{n}_5}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_3+1)}{2n_3}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ +{\displaystyle \frac{2n_1{n}_7}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_3(n_4+n_7)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_3+1)}{2n_3}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ ={\displaystyle \frac{2n_1(n_5+n_7)+2n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_3(n_4+n_5+n_7)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_3+1)}{2n_3}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(24)

For the case using $P_{Share}^{(1)}(l)$ only (a large portion $57/64\cdot P_{Share}^{(1)}(l)$ in Equation (4)), $P_{Share}^{(2)}(l)$ and $P_{Share}^{(3)}(l)$ are very small (note: choosing the values $n_1=n_2=n_3=n_4=n/8$ is a reasonable choice). Equations (25)–(27) show that the probabilities $P_{Link-Com}^{(A_1\to G)}$ and $P_{Link-Com}^{(A_2\to G)}$ of I²KPHC are lesser than those in I²KPDP and I²KPSP, and $P_{Link-Com}^{(A_3\to G)}$ is almost the same as $P_{Link-Com}^{(A_3\to G)}$ in I²KPDP and I²KPSP. □

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_1\to G)}\approx {\displaystyle \frac{2n_1(n_5+n_6+n_7)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ ={\displaystyle \frac{30}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_1+1)}{2n_1}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)<{\displaystyle \frac{30}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ <\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(25)

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_2\to G)}\approx {\displaystyle \frac{2n_1(n_5+n_6)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{4n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ ={\displaystyle \frac{20}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{24}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_2+1)}{2n_2}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ \approx {\displaystyle \frac{20}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{24}{64}}\cdot {\displaystyle \frac{(n_2+1)}{2n_2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ (\because 1-{\left(1-{\displaystyle \frac{(n_2+1)}{2n_2}}{\displaystyle \frac{m}{\left|S\right|}}\right)}^k\approx {\displaystyle \frac{(n_2+1)}{2n_2}}\times \left(1-{\left(1-{\displaystyle \frac{(n_2+1)}{2n_2}}{\displaystyle \frac{m}{\left|S\right|}}\right)}^k\right) (\mathrm{while} k \mathrm{is} \mathrm{reasonably} \mathrm{low} \mathrm{and} m\ll |S|)\\ \approx {\displaystyle \frac{20}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{12}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ ={\displaystyle \frac{32}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)<{\displaystyle \frac{2}{3}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(26)

$$\left\{\begin{array}{l}{P}_{Link-Com}^{(A_3\to G)}\approx {\displaystyle \frac{2n_1(n_5+n_7)+2n_2(n_3+n_5)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{2n_3(n_4+n_5+n_7)}{n^2}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_3+1)}{2n_3}\frac{m}{\left|S\right|}\right)}^k\right)}^l}\right.\\ \left.\cdot {\displaystyle \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)={\displaystyle \frac{32}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)+{\displaystyle \frac{22}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{(n_3+1)}{2n_3}\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\\ \approx ({\displaystyle \frac{32}{64}}+{\displaystyle \frac{11}{64}})\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right) (\mathrm{note}\text{:} \mathrm{use} \mathrm{the} \mathrm{approximation} \mathrm{in} \mathrm{derivng} \mathrm{Equation} \left(26\right))\\ ={\displaystyle \frac{33}{64}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\approx {\displaystyle \frac{2}{3}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)\end{array}\right.$$

(27)

In the proposed I²KPHC, extra hash operations are required to share the common key between two nodes. The following evaluates the computation overhead in our I²KPHC. Similar to deriving the number of hash operations for I²KPSP, we use the approximation $P_{Share}^{(x)}(l)\approx P_{Share}^{(1)}(l)$ and ignore $P_{Share}^{(2)}(l)$ and $P_{Share}^{(3)}(l)$ (it is reasonable for $n_1=n_2=n_3=n_4=$$n/8$). We still consider four cases using $P_{Share}^{(1)}(l)$ in group A as deriving $P_{Share}^{(A)}(l)$: (i) node i in A₁ and node j in A₅, (ii) node i in A₂ and node j in $A-(A_1\cup A_2)$, (iii) node i in A₃ and node j in $A-(A_1\cup A_3)$, and (iv) node i in A₅ and node j in A. Thus, the average number ${N^{\prime }}_{avg}^{(A)}$ of hash operations to share a common key is determined in Equation (28).

$$\left\{\begin{array}{l}{N^{\prime }}_{avg}^{(A)}={\displaystyle \frac{1}{n^2}}\cdot (\stackrel{\begin{array}{c}\mathrm{case} \left(\mathrm{i}\right)\text{:}\\ \mathrm{node} i \mathrm{in} A_1 \mathrm{node} j \mathrm{in} A_5\end{array}}{\overbrace{{\displaystyle \sum _{j=1}^{n_5}{\displaystyle \sum _{i=(n_2+n_3+n_5+1)}^n(i-j)}}}}+\stackrel{\begin{array}{c}\mathrm{case} \left(\mathrm{ii}\right)\text{:}\\ \mathrm{node} i \mathrm{in} A_2 \mathrm{node} j \mathrm{in} A-(A_1\cup A_2)\end{array}}{\overbrace{{\displaystyle \sum _{j=1}^{n_3+n_5}{\displaystyle \sum _{i=(n_3+n_5+1)}^{n_2+n_3+n_5}(i-j)}}}}+\stackrel{\mathrm{case} \left(\mathrm{iii}\right)\text{:} \mathrm{node} i \mathrm{in} A_3 \mathrm{node} j \mathrm{in} A-(A_1\cup A_3)}{\overbrace{\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_5}{\overbrace{{\displaystyle \sum _{j=1}^{n_5}{\displaystyle \sum _{i=(n_5+1)}^{n_3+n_5}(i-j)}}}}+\stackrel{i \mathrm{in} A_3 j \mathrm{in} A_2}{\overbrace{{\displaystyle \sum _{i=(n_5+1)}^{n_3+n_5}{\displaystyle \sum _{j=(n_3+n_5+1)}^{n_2+n_3+n_5}(j-i)}}}}}}\\ +\stackrel{\mathrm{case} \left(\mathrm{iv}\right)\text{:} \mathrm{node} i \mathrm{in} A_5 \mathrm{node} j \mathrm{in} A}{\overbrace{\stackrel{i \mathrm{in} A_5 j \mathrm{in} A_5}{\overbrace{{\displaystyle \sum _{i=1}^{n_5}{\displaystyle \sum _{j=1}^{n_5}|i-j|}}}}+\stackrel{i \mathrm{in} A_5 j \mathrm{in} (A-A_5)}{\overbrace{{\displaystyle \sum _{i=1}^{n_5}{\displaystyle \sum _{j=(n_5+1)}^n(j-i)}}}}}})=\stackrel{\mathrm{case} \left(\mathrm{i}\right)}{\overbrace{{\displaystyle \frac{n_1(n+n_2+n_3)}{2n^2}}}}+\stackrel{\mathrm{case} \left(\mathrm{ii}\right)}{\overbrace{{\displaystyle \frac{n_2(n_2+n_3+n_5)}{2n^2}}}}+\stackrel{\mathrm{case} \left(\mathrm{iii}\right)}{\overbrace{{\displaystyle \frac{(n_2^2+n_2{n}_3+n_3^2+n_3{n}_5)}{2n^2}}}}+\\ \stackrel{\mathrm{case} \left(\mathrm{iv}\right)}{\overbrace{{\displaystyle \frac{{n_5}^3-n_5}{3n^2}}+{\displaystyle \frac{(n_1+n_2+n_3)n}{2n^2}}}}\end{array}\right.$$

(28)

Similar to deriving ${N^{\prime }}_{avg}^{(A)}$, we can figure out ${N^{\prime }}_{avg}^{(B)}$ and ${N^{\prime }}_{avg}^{(C)}$. Finally, in q-composite I²KPHC, both nodes should apply the average hash operations $N_{{\mathrm{I}}^2\mathrm{KPHC}}^{(x)}={N^{\prime }}_{avg}^{(x)}\times$ ${\displaystyle \sum _{l=q}^m\left(l\times \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}\right)}$ in group x when establishing a secure link.

5. Comparison and Numerical Simulations

5.1. Comparison

A comparison of various types of pairwise key predistribution schemes including KP, HKP, and our three types of I²KP—I²KPDP, I²KPSP, and I²KPHC—is shown in

Table 1. Comparison of various KP schemes.

Scheme	Key Ring Size	I2-Cond.	LNA Resiliency	Improvement Against LNA	Prob. of Compromised Link	Num. of Hash Operations
KP	m	NO	NO	–	${P_{\left(\mathrm{KP}\right)}}^{\#2}$	–
HKP	m	NO	NO	–	${P_{\left(\mathrm{HKP}\right)}}^{\#3}$	${N_{\mathrm{HKP}}^{(x)}}^{\#6}$
I2KPDP	m/2m/3m	YES	NO	–	${P_{{(\mathrm{I}}^2\mathrm{KPDP})}}^{\#4}$	–
I2KPSP	m/(m + 2)/(m + 3)	YES	NO	–	${P_{{(\mathrm{I}}^2\mathrm{KPSP})}}^{\#4}$	${N_{{\mathrm{I}}^2\mathrm{KPSP}}^{(x)}}^{\#7}$
I2KPHC	m/2m/3m	YES	YES	${{\alpha }_{A_i\to A_j}}^{\#1}$	${P_{{(\mathrm{I}}^2\mathrm{KPHC})}}^{\#5}$	${N_{{\mathrm{I}}^2\mathrm{KPHC}}^{(x)}}^{\#8}$

$\#1:\mathrm{improvent} \mathrm{for} \mathrm{LNA} {\alpha }_{A_i\to A_j}=(n_i+1)/\left(2n_i\right), 0, \mathrm{or} 1 (\mathrm{Lemma} 2) \#2: P_{\left(\mathrm{KP}\right)}=P_{Link-Com}^{(x)}={\displaystyle \sum _{l=q}^{m_x}{\left(1-{\left(1-\frac{m_x}{\left|S_x\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(x)}(l)}{P_{Link-Est}^{(x)}}}$; $\#3: P_{\left(\mathrm{HKP}\right)}=P_{Link-Com}^{(x)}={\displaystyle \sum _{l=q}^{m_x}{\left(1-{\left(1-\frac{n+1}{2n}\frac{m_x}{\left|S_x\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(x)}(l)}{P_{Link-Est}^{(x)}}} \text{\#}4\text{:} P_{{(\mathrm{I}}^2\mathrm{KPDP})}=P_{{(\mathrm{I}}^2\mathrm{KPSP})}=P_{Link-Com}^{(A_i\to G)} (\mathrm{Theorem} 3)$; $\#5: P_{{(\mathrm{I}}^2\mathrm{KPHC})}=P_{Link-Com}^{(A_i\to G)} (\mathrm{Theorem} 4) \text{\#}6:N_{\mathrm{HKP}}^{(x)}={\displaystyle \frac{(n^2-1)}{6n}}\times {\displaystyle \sum _{l=q}^m\left(l\times P_{Share}^{(1)}(l)/{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}\right)}$; $\text{\#}7:N_{{\mathrm{I}}^2\mathrm{KPSP}}^{(x)}=N_{avg}^{(x)}\times {\displaystyle \sum _{l=q}^m\left(l\times P_{Share}^{(1)}(l)/{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}\right)} \text{\#}8:N_{{\mathrm{I}}^2\mathrm{KPHC}}^{(x)}={N^{\prime }}_{avg}^{(x)}\times {\displaystyle \sum _{l=q}^m\left(l\times P_{Share}^{(1)}(l)/{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}\right)}$.

. We compare these schemes by the following items: (i) the key ring size, (ii) intragroup and intergroup conditions, (iii) the resiliency against LNA, (iv) the improvement in resiliency using a hash chain, (v) the probability of compromising a link, and (vi) the number of hash operations for establishing a link. After that, we will give some numerical simulations for resiliency and computation overhead.

As illustrated in Table 1, there are two schemes using hash chains: HKP and I²KPHC. Although I²KPSP uses one hash function f(·), it is not based on a hash chain. The hash function in I²KPSP is used to separate the raw key and hashed key, such that the key ring sizes in intersected groups can be reduced. About the form of the key, the keys in sensors are the raw keys in KP, I²KPDP, and the intersected groups of I²KPSP. Other schemes store the hashed keys in their key rings. Our three I²KP schemes have large key ring sizes, but they satisfy I²-conditions (intragroup and intergroup conditions). I²KPDP and I²KPSP suffer with LNAs. I²KPHC uses the large ID for sensor nodes in intersected areas to tackle LNAs.

5.2. Numerical Simulation

The resiliency (i.e., 1–the probability of a compromised link) and the network connectivity are two major terms we use to evaluate the performance key predistribution for WSNs. As defined in the intragroup condition, the nodes in one group with a common sink node have a pairwise key predistribution ability like KP. On the other hand, the intergroup condition shows that the nodes in different groups are pairwise-disjointed for the key ring, and thus they do not have the same keys to establish secure links. This is why we do not evaluate the connectivity, since the intergroup nodes cannot connect with each other, and it is the same as KP in the intragroup. In simulations, we only show the resiliency performance. We compare I²KPDP, I²KPSP, and I²KPHC when the compromised nodes are in different locations to check whether they meet intragroup and intergroup conditions, and we also evaluate their resiliencies against NAs and LNAs.

5.2.1. Resiliency

Resiliency against NAs is defined as the fraction of uncompromised links when k nodes are compromised, i.e., the resiliency is “1–(the probability of compromised link when k nodes are captured)”. The resiliencies against NAs and LNAs of I²KPDP, I²KPSP, and I²KPHC are tested. In the numerical simulation, we use $\left|S\right|$ = 1000, m = 40, n = 160, and $n_1=n_2=n_3=20$. I²KPSP has the same performance as I²KPDP, and thus we use I²KPDP for comparison only. The probability $P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(NA: A\to A)}=$ ${\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}$ is the same as $P_{\mathrm{KP}}^{(NA)}=P_{Link-Com}^{(A)}={\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot }{\displaystyle \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}$. Considering the effect on G, the probability is $P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(NA: A\to G)}\approx {\displaystyle \frac{C_k^n+C_k^{n_1+n_2}+C_k^{n_1+n_3}}{3C_k^n}}\cdot \left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$ (see Equation (9)). We plot the resiliencies depending on the number of captured nodes in group A with the compromised links in A and G, respectively, for q-composite I²KPDP and I²KPSP. As illustrated in Figure 8a–c, the values of q are 1, 2, and 3, respectively. This figure shows clearly that the resiliency against NA is better when using our approach. This is because the k captured nodes in group A may be ineffective to compromise the links in other groups of G. The notation $(\sout{ ■ } \mathrm{A}\to \mathrm{G})$ in Figure 8 implies that the captured nodes in set A and the compromised links are located in the whole group $G=(A\cup B\cup C)$. The notation $(\sout{ ▲ } \mathrm{A}\to \mathrm{A})$ implies that the captured nodes in set A and the compromised links are also located in the set A. The case $(\sout{ ▲ } \mathrm{A}\to \mathrm{A})$ is the same as applying KP in a single set, i.e., I²KPDP for the case $(\sout{ ▲ } \mathrm{A}\to \mathrm{A})$ is reduced as in conventional KP. For NAs, it is observed that I²KPDP (I²KPSP) with higher resiliency is really better than conventional KP. The above results also demonstrate that the intragroup condition is satisfied. Our I²KPDP (I²KPSP) is just KP for the intragroup case. On the other hand, the intergroup condition is also satisfied, since the nodes in $\mathrm{A}-(A_1\cup A_2\cup A_3)$ cannot be used for compromising the link in sets B and C. Thus, the resiliency of $(\sout{ ■ } \mathrm{A}\to \mathrm{G})$ is better than that of $(\sout{ ▲ } \mathrm{A}\to \mathrm{A})$.

When applying LNAs on I²KPDP (I²KPDP), we have $P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_1\to G)}>P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_2\to G)}$ $(=P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_3\to G)})>P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(NA: A\to G)}$, implying that I²KPDP and I²KPSP cannot resist LNAs. Namely, an LNA is more severe than an NA. The $P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_1\to G)}$ is ${\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}$ and the $P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_2\to G)}$$(=P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_3\to G)})$ is ${\displaystyle \frac{2}{3}}\left({\displaystyle \sum _{l=q}^m{\left(1-{\left(1-\frac{m}{\left|S\right|}\right)}^k\right)}^l\cdot \frac{P_{Share}^{(1)}(l)}{{\displaystyle {\sum }_{l=q}^m{P}_{Share}^{(1)}(l)}}}\right)$ (see Equation (17)). Figure 9 shows the resiliencies of I²KPDP (I²KPSP) against LNAs when the captured nodes are in sets $A_1$, $A_2$, and $A_3$, respectively, as shown Figure 9a–c. Sets $A_2$ and $A_3$ have two intersected groups. If attackers intentionally compromise the nodes in $A_1$ with three intersected groups to aggravate the NA (actually, this is an LNA), I²KPDP (I²KPSP) does not have resiliency. Thus, it is observed that $(\sout{ ▲ }{ \mathrm{A}}_1\to \mathrm{G})$ is worse than $(\sout{ ■ }{ \mathrm{A}}_2\to \mathrm{G},{ \mathrm{A}}_3\to \mathrm{G})$. The above shows that I²KPDP (I²KPSP) cannot resist LNAs.

On the other hand, for I²KPHC, we have $P_{{\mathrm{I}}^2\mathrm{KPHC}}^{(LNA: A_1\to G)}<P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_1\to G)}$, $P_{{\mathrm{I}}^2\mathrm{KPHC}}^{(LNA: A_1\to G)}<P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_1\to G)}$, and $P_{{\mathrm{I}}^2\mathrm{KPHC}}^{(LNA: A_3\to G)}\approx P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_3\to G)}$ (see Theorem 4), and this implies that I²KPHC enhances the resilience against LNAs. Figure 10a–c demonstrates the probabilities $P_{{\mathrm{I}}^2\mathrm{KPHC}}^{(LNA: A_i\to G)} \mathrm{and} P_{{\mathrm{I}}^2\mathrm{KPDP}}^{(LNA: A_i\to G)}$ of single-composite schemes for I = 1, 2, and 3, respectively. Figure 10 compares the LNA resiliency between I²KPDP (I²KPSP) and I²KPHC. The key selection of I²KPHC (Figure 7a) is consistent with the LNA resiliency of I²KPHC when the compromised nodes are in $A_1$, $A_2$, and $A_3$. As shown in Figure 10a,b, the $(\sout{ ■ } I^{2}KPHC)$ has higher LNA resiliency than $(\sout{ ▲ } I^{2}KPDP, I^{2}KPSP)$ when compromised nodes are located in $A_1$ and $A_2$. Furthermore, I²KPHC has more LNA resiliency when compromised nodes are in area $A_1$ since the hashed keys in $A_1$ are $h_A^j(Key),$ $j\in [n_2+n_3+n_5+1, n].$ When captured nodes are in $A_3$, the hashed keys $h_A^j(Key),$ $j\in [n_5+1, n_3+n_5]$ have small j values. Thus, I²KPHC has almost the same LNA resiliency compared with I²KPDP (I²KPSP) (see Figure 10c).

5.2.2. Computation Overhead

For the three I²KP models, there is no need to use hash operations for I²KPDP. Other schemes need hash operations when sharing a common key between nodes. Although I²KPSP uses a hash function, this function f(·) is just used to reduce the key ring size. I²KPHC is based on the hash chain, and thus this scheme has more hash operations than I²KPSP. As described in the above, we use $\left|S\right|$ = 1000, m = 40, n = 160, and $n_1=n_2=n_3=20$ (i.e., =n/8) in this numerical simulation. From Equation (16), we have $N_{avg}^{(x)}=17/32$, x∈{A, B, C}, for I²KPSP. Thus, in q-composite I²KPSP, the average number of hash operation is 1.048, 1.399, and 1.829 for q = 1, 2, and 3, respectively.

Next, we adopting the key-chain length L to save energy consumption overhead and test I²KPHC. We use L = 1, L = 8, L = 16, L = 24, and L = 32, and the values L₁ = L₂ = L₃ = L₄ = L/8. Because L = L₁ + L₂ + L₃ + L₅, L = L₁ + L₂ + L₄ + L₆ and L = L₁ + L₂ + L₄ + L₇, we have L₅ = L₆ = L₇ = (5 L)/8. Then, for L = 8, 16, 24, and 32, we have L₁ = L₂ = L₃ = L₄ = 1, 2, 3, and 4, and L₅ = L₆ = L₇ = 5, 10, 15, and 20, respectively. Based on these values, we summarize the average number of hash computations of q-composite I²KPHC (q = 1, 2, and 3), ${N^{\prime }}_{avg}^{(x)}$ (from Equation (28)) in

Table 2. Average number of hash operations for I²KPHC.

L	${{\mathit{N}}^{\prime }}_{\mathit{a}\mathit{v}\mathit{g}}^{(\mathit{x})}$	${\mathit{N}}_{{\mathit{I}}^2\mathit{K}\mathit{P}\mathit{H}\mathit{C}}^{(\mathit{x})}$
		q = 1	q = 2	q = 3
1	0	0	0	0
8	0.487	0.961	1.283	1.677
16	0.500	0.986	1.317	1.722
24	0.504	0.995	1.328	1.737
32	0.507	0.999	1.334	1.744

. As described in Section 4.3, when calculating ${N^{\prime }}_{avg}^{(x)}$, the values of n and $n_i, 1\le i\le 7,$ should be replaced by L and $L_i$. This table shows that the average number of hash computations remains reasonable when L ≤ 32. Note that with L = 1, we exactly have conventional KP, where sensor nodes store raw keys but not hashed keys. Thus, the value ${N^{\prime }}_{avg}^{(x)}$ is zero.

6. Conclusions

We can use an MWSN to implement a scalable WSN and gradually deploy a large-scale WSN as the number of sensor nodes increases. Therefore, it is indeed necessary to study pairwise key predistribution in MWSNs. In this paper, we propose three types of I²KP: I²KPDP, I²KPSP, and I²KPHC. These three schemes all meet the intragroup and intergroup conditions. Each has its own advantages and disadvantages, and they are all suitable for the MWSN environment. We discuss two attacks, NAs and LNAs, based on the amount of information known to the attacker. In actual use, we can choose one of these three types of I²KP for the MWSN according to the resiliency against variants of node capture attacks, the link connectivity, the required hash operations, and the key ring size of the sensor node. Finally, the three types of I²KP not only provide security but also retain the advantages of using an MWSN.