KPsec: Secure End-to-End Communications for Multi-Hop Wireless Networks

Abstract

The security of cyber-physical systems, from self-driving cars to medical devices, depends on their underlying multi-hop wireless networks. Yet, the lack of trusted central infrastructures and limited nodes' resources make securing these networks challenging. Recent works on key pre-distribution schemes, where nodes communicate over encrypted overlay paths, provide an appealing solution because of their distributed, computationally light-weight nature. Alas, these schemes share a glaring security vulnerability: the two ends of every overlay link can decrypt---and potentially modify and alter---the message. Plus, the longer overlay paths impose traffic overhead and increase latency. We present a novel routing mechanism, KPsec, to address these issues. KPsec deploys multiple disjoint paths and an initial key-exchange phase to secure end-to-end communications. After the initial key-exchange phase, traffic in KPsec follows the shortest paths and, in contrast to key pre-distribution schemes, intermediate nodes cannot decrypt it. We measure the security and performance of KPsec as well as three state-of-the-art key pre-distribution schemes using a real 10-node testbed and large-scale simulations. Our experiments show that, in addition to its security benefits, KPsec results in 5-15\% improvement in network throughput, up to 75\% reduction in latency, and an order of magnitude reduction in energy consumption.