Safe renewal of a random key pre-distribution scheme for trusted devices

Evolving application scenarios involving ubiquitous, heterogeneous devices (some of which may be severely resource constrained) forming cooperative ad hoc networks, calls for a different model for "trust". It is the devices that are trusted - not the operators or the "owners" of the devices. Any security solution based on trusted devices demands mechanisms for read-proofing the secrets stored in tamper-resistant devices. However, as perfect tamper-resistance may not be feasible, for long-lived security of such deployments, it is essential that the stored secrets be renewed periodically. This paper addresses issues involved safe renewal of secrets stored in trusted devices. For safe renewal of keys, (irrespective of the key distribution scheme used) some assurances from technology for tamper-resistance is needed. In this paper the author address issues involved in safe renewal of a recently proposed random key pre-distribution scheme, HARPS (hashed random preloaded subsets) (Ramkumar, et al., 2005). The authors discuss: 1) some "reasonable" assurances that technology could provide (like partial tamper resistance and circuit-delay based authentication), and 2) possible security precautions and policies (like use of a pass-phrase, use of an additional stored secret, and rest encryption), and their effect on the security of HARPS.