Key Management and Secure Software Updates in Wireless Process Control Environments

Paper in proceeding, 2008

Process control systems using wireless sensor nodes are large and complex environments built to last for a long time. Cryptographic keys are typically preloaded in the wireless nodes prior to deployment and used for the rest of their lifetime. To reduce the risk of successful cryptanalysis, new keys must be established (rekeying). We have designed a rekeying scheme that provides both backward and forward secrecy. Furthermore, since these nodes are used for extensive periods of time, there is a need to update the software on the nodes. Different types of sensors run different types and versions of software. We therefore establish group keys to update the software on groups of nodes. The software binary is split into fragments to construct a hash chain that is then signed by the network manager. The nodes can thus verify the authenticity and the integrity of the new software binary. We extend this protocol by encrypting the packets with the group key such that only the intended receivers can access the new software binary.