Pairwise key establishment enables sensor nodes to communicate securely with each other using cryptographic techniques. Due to the resource constraints on sensor nodes, it is not desirable, and sometimes infeasible, for them to use traditional pairwise key establishment techniques such as public key cryptography and key distribution center (KDC). We developed a number of key pre-distribution techniques to deal with this problem. We first presented a general framework for pairwise key establishment based on the polynomial-based key pre-distribution and the probabilistic key distribution. By instantiating the components in this framework, we developed two novel pairwise key pre-distribution schemes: a random subset assignment scheme and a hypercube-based scheme. Both of them can achieve better performance than the previous methods. In addition, We also studied how to take advantage of the deployment knowledge of sensor nodes to improve the performance of existing key pre-distribution techniques

In sensor networks, it is usually desirable for base stations to broadcast commands and data to sensor nodes. µTESLA protocol has been proposed to remove the dependency on expensive public key operations for broadcast authentication in wireless sensor networks. However, to bootstrap receivers, the base station has to unicast initial parameters to sensor nodes individually. This feature severely limits the application of µTESLA in large sensor networks. By constructing a multi-level key chain structure, we developed a series of techniques to extend the capabilities of µTESLA. In this research, we develop techniques to bootstrap the initial parameters efficiently by constructing a multi-level µTESLA structure where a high level one is use to authenticate the parameters of the low level one. We also develop techniques to support a large number of senders over a long period of time by using Merkle hash trees.

This work studied the group key distribution problem in the context of a large and dynamic group over unreliable channels. Based on secret sharing techniques, we first developed a novel personal key distribution technique, which is able to distribute distinct keys to different group members in a single message. With this novel personal key distribution scheme, we then developed an efficient unconditionally secure self-healing group key distribution scheme, which is superior to the previous unconditionally secure self-healing group key distribution techniques.

Fundamental services such as location discovery and time synchronization are critical for the normal operations of sensor networks. However, these services are vulnerable to malicious attacks in hostile environments. Sensors' locations are of particular importance in many sensor network applications. A number of techniques have been proposed recently to discover the locations of sensors based on a few special nodes called beacon nodes, which are assumed to know their locations (e.g., through GPS receivers or manual configuration). However, most of these techniques cannot work properly when there are malicious attacks, especially when some of the beacon nodes are compromised. In this research, we develop a number of techniques to survive malicious attacks and detect the compromised beacon nodes that supply misleading location information to regular sensor nodes.