Secure Key Distribution Using Fragmentation and Assimilation in Wireless Sensor and Actor Networks

Secure key distribution is one of the most important building blocks to ensure confidentiality in wireless sensor and actor networks (WSANs). However, the key distribution becomes a challenging task when keys have to be relayed by compromised nodes in order to establish secure communication between distant nodes. To deal with this issue, we propose in this paper a key distribution scheme, named key distribution using fragmentation and assimilation (KDFA). In this scheme, the sender node splits the actual key into fragments and sends them through intermediate actor nodes towards the receiver node. The latter assimilates these key fragments using XOR operation to reconstruct the actual key. In this case, attacker cannot retrieve the actual key and only gets the key fragment. KDFA is composed of two parts: (a) key distribution protocol (KDP) to distribute the key using intra-actor and interactor communication scenarios and (b) key fragmentation algorithm (KFA) to slice the key using binary calculations. KDFA execution has been specified and formally verified using Rubin logic. Moreover, the performance and the resilience of the proposed protocol are further analyzed through extensive simulations using ns-2.35. Results show that KDFA is resilient against actor node compromise and key exposure.


Introduction
A wireless sensor and actor network (WSAN) is a distributed system of sensor and actor nodes that are interconnected through wireless links [1,2]. The sensor nodes gather information about the environment such as temperature and vibration and send them a base station (or sink) using a hopby-hop communication. On the other hand, the actor nodes perform actions in response to some specific events. Such networks are widely used in applications like buildings/house monitoring [3], water sprinkling on fire detection [4], surveillance and intruder detection, traffic monitoring, health and habitat monitoring, and so forth [5,6]. Actor nodes play a vital role at taking actions to change the behavior of the environment by analyzing and responding to the events [7]. They also communicate with ordinary sensor nodes to collect data as shown in Figure 1.
Secure key distribution in WSAN is mandatory because most of the applications require confidentiality of data exchanged between nodes located in different regions [8,9]. In the literature, some secure key establishment schemes have been proposed to enhance security and ensure confidentiality. In existing symmetric key management schemes [10][11][12], if a node is compromised then the new key distribution messages passing through that node are also compromised. Therefore, the links are compromised before their establishment, and it is not possible to establish end-to-end key between the sender and the receiver as messages can be decrypted and then reencrypted at the intermediate nodes.
An intermediate malicious node can interpret these keys and help other malicious nodes at joining the network using valid keys. The problem becomes more complex when indirect keys are exchanged between distant nodes in different regions because more intermediate nodes are involved and the probability of the key to be relayed by malicious intermediate nodes increases.
In the existing key distribution schemes, all the keys that pass through compromised nodes also become compromised. The issue studied in this paper is how to exchange  secret keys among distant nodes in the presence of malicious intermediate nodes. To deal with this issue, we propose a key distribution using fragmentation and assimilation (KDFA) scheme for establishing indirect keys between two distant sensor nodes. The main contribution offered by KDFA is that the sender node slices the actual key into fragments and sends them via intermediate actor nodes towards the receiver node. The distant receiver node assimilates the key fragments using XOR operation to obtain the original key. In this case, the attacker can only get the key fragment because the original key is never transmitted. The condition for successful attack is to capture all the fragment key packets related to one key, which is not a trivial task. If an attacker succeeds at identifying the intermediate nodes and subverting the key fragments then only one key is exposed. Therefore, KDFA is expected to provide better secure key distribution scheme and achieve better resilience against malicious nodes in comparison to other schemes.
KDFA is composed of two parts: (a) key fragmentation algorithm (KFA), which divides the keys of different sizes into an appropriate number of key fragments, and (b) key distribution protocol (KDP) provides a stepwise description for exchanging secure messages to distribute pairwise keys. In addition, we have formally specified and verified KDFA using Rubin logic [13]. The latter validates the protocol as per standard requirements of cryptographic operations like authentication, message integrity, message freshness, encryption, decryption, and so forth. It also helps at identifying the deficiencies in the protocol and possibilities of node compromise attacks, and it is also near to real implementation. KDFA is further simulated under ns-2.35 to assess its effectiveness in terms of resilience against compromised nodes. Results show that two uncompromised nodes can distribute a key securely even if a large number of intermediate nodes are compromised.
The rest of paper is organized as follows: system model and problem statement are provided in Section 2. Section 3 presents related work. Section 4 details KDFA operations for key distribution. Section 5 provides a detailed formal specification and analysis of KDFA using Rubin logic. Simulation scenarios and results in terms of resilience, fragmentation computation, and communication overhead are given in Section 6. Finally, Section 7 concludes the work and outlines future research directions.

System Model and Problem Statement
We consider a model of WSAN, in which the nodes composing the networks (i.e., sensors, actors, and the sink) are randomly deployed in the network field. We assume that each actor knows the keys of all the sensor nodes in the network and can move around within the network field to collect data from sensors. We also assume that nodes within communication range of each other have already established keys among them.
During indirect key establishment between ordinary distant nodes, the sender node transmits a pairwise key via intermediate nodes. The message that contains a new key is encrypted by the preestablished key between the sender and the intermediate node. The latter decrypts the key and then reencrypts it using the preestablished key with the next intermediate node and so on. By following the same process, the new key reaches the receiver node. The problem in this scenario is that any new secret key is available to intermediate nodes in a plain text form. If one of the intermediate nodes is compromised then that key is compromised before its establishment. Similarly, future key passed through that nodes become also compromised. The same problem holds in [10][11][12][14][15][16][17] for WSN and [9,16,[18][19][20] for WSAN.
This allows the attacker to perform illegal activities by either code alteration or falsifying the broadcast messages. New indirect keys can also be established with that malicious node. An adversary can also introduce new node to the network by preloading the compromised keys onto it along with a duplicate ID of a sensor node that was expired by the attacker. This new duplicated node can receive the packets destined for the actual node. In a similar way the situation can be worse if a large number of new compromised actor nodes are introduced to the network.

Related Work
Key management schemes have been extensively investigated in the context of indirect key establishment between nodes in WSNs and WSANs. In this scenario, a symmetric key is transmitted by the sender node to the receiver node using intermediaries. Intermediate nodes in the literature are called agent [15], gateway [10], bridge [12], or proxy [17]. These nodes play a vital role for intercluster communication in WSN. We will use the name gateway to represent such nodes. Also, the similar role is played by actors for indirect key establishment in WSAN [9,16,[18][19][20].
3.1. Gateway Node Based Schemes. Zhou et al. [15] provided a pairwise intergroup key distribution scenario where an agent node pair is used to share keys between senders and receivers.
International Journal of Distributed Sensor Networks   Sensor node Gateway/actor This scenario is depicted in Figure 2 where the sender node n2 sends the message via an agent node pair n7 and n23 to the receiver node n30. This scheme uses an agent pair to transmit a single key whereas in our proposed scheme (i.e., KDFA) actor pairs are used instead. Addya and Turuk [10] proposed a scheme, which required the gateway node to set up an intergroup path key between nodes of two clusters. A single node is acting as a gateway node instead of a node pair because it has shared keys of both clusters. This node should be located at a common region of two clusters similar to the locations of nodes 5, 11 as illustrated in Figure 3. Intercluster communication between cluster 1 and cluster 2 is established through node 5. There could be multiple gateway nodes in a common region. The scheme uses a gateway node to transmit a single key which is similar to the intra-actor communication scheme proposed in KDFA.
Zhou and Fang [21] proposed a symmetric polynomial based scheme where polynomial shared keys are preloaded in each sensor to calculate the direct key after deployment. Nodes located at the junction of two clusters receive two polynomials and can play the role of gateway. To achieve satisfactory level of security, coefficient degree must satisfy (1) where is the size of group , is the degree of polynomial, and is the count of preloaded security credentials: In this scheme, if a new node joins the network or existing node leaves the network then new polynomial is calculated to refresh the existing keys. It requires a large amount of communication overhead. It could be reduced by adopting XOR based key freshness scheme [22] where a magic word is shared among all member nodes to refresh the key in an efficient manner.
Huang's scheme [14] mitigated the effects of compromised nodes by applying the Reed-Solomon encoding scheme to divide the seed of a key into codewords and transmit each codeword via different node-disjoint path. KDFA applies the idea of partitioning on indirect keys as in [14]. However, instead of using some encoding scheme, it just uses a lightweight fragmentation mechanism to partition the key into small-sized fragments.

Actor Node Based Schemes.
Du et al. [9] proposed a distributed key establishment scheme for WSAN, in which actors are preloaded with symmetric keys and public key certificates as well. After deployment, node A can request from its neighbors to sign its certificate where an actor can also be one of the signers. Neighboring nodes sign the received certificate by using their self-generated private key −1 and return the signatures {Cert } −1 back to node A.
Afterwards, communicating nodes can exchange a key by sharing symmetric session key encrypted using public keys. If a node is captured then its certificates are also removed from the list of neighboring nodes. It claims to achieve guaranteed security if a small number of nodes are malicious. In this scheme, nodes are relying on ordinary intermediate nodes for signing the certificates where a malicious node can also take part in establishing keys. KDFA is a reliable scheme that ensures the resilience and the secure key distribution in case a large number of nodes are compromised. Mármol et al. [19] proposed WSANRep to maintain node reputation to detect the malicious nodes and exclude from the network. Global reputation of a network WSAN can be calculated by a group at the th transaction using (2) where , , and are weights assigned based on previous experiences: 4 International Journal of Distributed Sensor Networks Kashi and Sharifi [23] illustrated a categorical comparison for weak coordination and connectivity between actors and sensor nodes. It recommends that powerful actor nodes can help sensor nodes in routing and forwarding data to the sink. KDFA provides a strong resilience to protect the key exposure at intermediate compromised nodes. Interactor connectivity is the mandatory part for this communication; therefore, connectivity restoration [24][25][26] should also be considered to achieve sustainable communication and coordination [27] in different regions using actor nodes.
Y. Lee and S. Lee [20] proposed a scheme to establish pairwise keys between two sensors and between sensors and actors for secure communication in WSAN. A region key is also distributed by actor nodes to its neighboring sensor nodes for a specific task and keys expire after a fixed time quanta. Public key cryptography was proposed only for upper layer communication between actors and the sink nodes. Key distribution through public key cryptography is an expensive task in terms of computation and a central KDC could be a single point of failure. KDFA does not require a KDC and it ensures secure key distribution as compared to the existing schemes.

Key Distribution Using Fragmentation and Assimilation (KDFA)
The proposed scheme KDFA provides a reliable solution to the key exposure problem at compromised intermediate nodes.
A sender node transmits a request to nearby actors for establishing key with a distant receiver node that is located outside the communication range. Actors can play a vital role at routing keys between sender and receiver nodes. Key distribution process begins when a sender uses a light weight fragmentation mechanism to divide the key into fragments and transmits them through intermediate actor nodes in the paths towards the receiver. The receiver calculates the actual key by taking XOR of these key fragments. In this process, number of key fragments " " is decided by the administrator and it depends on the safety of deployment region and the security level required by the application. In most of the cases, the recommended value for is either 2 or 3. In KDFA, the attacker can only get the key fragment by capturing intermediate nodes and not the complete original key. It provides an efficient way to secure the pairwise key establishment scheme by improving the resilience against the node capture attacks. Actor nodes can distribute the key fragments using one of the following communication scenarios. In the first scenario, the sender requests to establish an indirect key with a node located outside its transmission range but exist within the communication range of nearby actor nodes. The actor node has keys of all the nodes in the network and can act as an intermediate node to establish a secret key between sender and receiver . This scenario is shown in Figure 4 where = 2 fragments are transmitted using actor nodes and . Afterwards, and can exchange encrypted messages via ordinary intermediate sensor nodes.   In the second scenario, the sender node transmits two key fragments to the actor node pair to establish indirect key with a distant node that is not within transmission range of actor and . Actors request the adjacent actor to distribute the key fragments to . It requires interactor communication between two actor pairs for = 2 fragments, as illustrated in Figure 5.
In the third scenario, the sender node requests from nearby actor node pair to establish indirect key with a distant node by distributing key fragments. Actor is within the transmission range of and directly sends the key fragment to . But the receiver node is out of the transmission range of the second actor , which requires interactor communication to distribute the key fragment to . Figure 6 depicts the key establishment for the = 2 key fragments using hybrid communication scenario.
During the key distribution process, if there is only one actor in the range of the sender node and the second actor node is not available within a threshold value of time then key fragment messages are sent via a single actor node. An upper-bound on the delay between consecutive transmissions of fragments can be imposed so that the Interactor link Sensor-actor link  New key established between distant nodes and receiver node will wait for the next fragment. An extra functionality can be added to the receiver code to manage the freshness as different messages originated by the same node reach the receivers at different time instants. During the waiting phase, another actor can visit the sender node's area to transmit other fragments because the actors frequently visit areas to collect data from the sensor nodes. In all case, the property ensured by KDFA is that a single key is never sent in one message. KDFA is applicable for static and mobile sensor nodes. In war field, two or more distant soldiers can exchange their current positions securely to move together towards the target. In industry, big machines are turned on in a sequential manner to avoid power hazards. Distant machines can be synchronized to turn on or off by exchanging secure messages. There exist a number of similar application scenarios where our scheme can effectively provide secure messaging.
A list of notations used in KDFA is provided with brief description in Table 1.

Key Fragmentation Algorithm (KFA).
It is used by the sender node to divide the key into fragments. If the key size is divisible by then equal-sized fragments are produced like 32-bit key is divided into 2 fragments of size 16-bit each, but in case of 3 fragments the result will be two fragments of size 10 and the last fragment of size 12. The size of the last fragment is calculated as per line 7 in Pseudocode 1.
Step 1, 2. If a selected key size in bits is completely divisible by , for example, a 32-bit key with = 2, then the remainder Rem(32, 2) is zero. It produces 2 fragments of 16-bit each.
Step 3. Last fragment size is equal to the fragment size because the key size is completely divisible.
Step 4, 5. If the key size is not completely divisible by , for example, a 32-bit key with = 3. In this case, the remainder Rem(32, 3) is not zero. It will create three fragments of 10-bit each with a total of 30 bits and an extra fourth fragment of size 2-bit is also created. The last fragment is smaller than the selected fragment size, which is 10 in this case.
Step 6. This problem is mitigated by calculating additional bits and then padded them to the last fragment. Initially a fragment size is calculated by dividing the key size by and the floor is taken to get the lower value for the fragment size. If a key size is 32 with = 3 then the fragment size is 10. It will create ( − 1) fragments of (fragment Size × ( − 1)) bits. It will produce two fragments of 20 bits when key size = 32, = 3 and fragment Size = 10. Additional number of bits required for padding for the last fragment is calculated by multiplying the fragment size by to get the total size in bits of all fragments. Then, we ignore extra bits left due to floor operation. It will result into 32 − 30 = 2 bits.
Step 7. The last fragment size LF is calculated by adding the number of padded additional bits to the fragment size. In the case of above scenario, fragment size is 10 and additional bits are 2; therefore, the last fragment size equals 12 bits.
Bitwise representation of this technique is elaborated in the following example where a 16-bit key 1110011101010101 is divided into = 2 fragments that are 1110011100000000 and 0000000001010101. In this case the remainder Rem(16, 2) = 0 that satisfies the if condition where fragment size is equal to (3) In another scenario, 16-bit key 1110011101010101 is divided into = 3 fragments including 1110000000000000, 0000011101000000, and 0000000000010101. It is obvious that the first two fragments contain 5 key bits and 11 padded zeros whereas the last fragment contains one extra bit from the original key, that is, 6 bits of key and 10 zeros. In this case the remainder Rem(16, 3) = 1 which is not equal to zero. Therefore the else part of algorithm (i.e., line (4)) is executed where the fragment size equals 5 and the last fragment size equals 6. By applying the XOR operation on these fragments, the original key is obtained as follows: (4)

Key Distribution Protocol (KDP).
The sender and receiver nodes establish the secret keys using KDP protocol. In this section, all the protocol steps are elaborated along with description of message contents for intra-actor distribution scenario. It includes sender , actors , , and receiver node . KDP starts when the sender node randomly selects an actor node for sending one key fragment and sends it to actor encrypted with the association key it shares with . Key fragment represents the th key fragment where 1 ≤ ≤ .
is the actor node where represents the randomly selected actor ID. The value of could be any number from 1 to , which represents the total number of actors in the network. Node will encrypt the message ( , , , , MAC( ‖ ‖ )) using a shared preestablished key with the actor node as described in (5). In the message, is nonce value, is timestamp, MAC( ‖ ‖ ) is hash of concatenated strings of , and and are used to ensure integrity protection of key fragment and also guard against replay attacks: Sender node sends the message (ID , 1 ) to actor node . After receiving the message, actor decrypts the message, as per Actor reencrypts the retrieved message using the association key shared with the receiver node , as shown in 2 = -( , , , MAC ( ‖ ‖ )) .
Actor sends the message (ID , 2 ) to the receiver node . Upon receiving the message, the receiver node decrypts the message using its preestablished key with , as illustrated in Actor also reencrypts the message according to (9) by using the preestablished key between actor and the receiver node : Actor sends the message (ID , 3 ) to the receiver Node .
then recovers +1 as identified in (10) by using its preloaded association key established with : Finally receives key fragments and assimilates the pairwise key using (11) where × represents XOR operation: For Interactor distribution scenario, transmits the message to and then sends it to the receiver node . Similarly transmits via to the receiver node . Following additional messages are sent for interactor scenario:

KDFA Formal Specification
We have performed formal modeling using nonmonotonic cryptographic protocol (NCP) also called Rubin logic [13] to analyze and verify the KDFA protocol as per formal specifications. It validates the protocol as per standard requirements of cryptographic operations like authentication, message integrity, message freshness, encryption, decryption, and so forth. It also helps to identify the deficiencies in the proposed protocol and possibilities of compromise attacks. It is close to the actual implementation and flow of programming functions. In Rubin logic, the entities are assigned roles and a global set is also maintained where information about the protocol is maintained in these sets and it also maintains Hash calculated at for reply to 10 Concatenated string at for reply 11 Message count at updated states of the users after each updateable operation. Global sets are accessible to all the member nodes and can be categorized into secret, observer, rule, and principal sets. A detailed discussion on formal specification for WSAN protocols is provided in [25,28] along with appropriate case studies.
We have reutilized the notations of KDFA predefined earlier in Table 1 and a brief description is provided in Table 2 for all notations used in the following local set for formal specifications.
A local set is maintained at each entity or node and can be categorized into possession POSS(), belief BEL(), and seen and behavior sets BL(). Detailed specification of this sets can be explored from [13,16]. By applying Rubin logic on KDKF-AN, the local set is elaborated as follows and then its verification and analysis part provides a detailed overview of all sets maintained under the category of local set.

Local Set for KDFA
Local sets for all the entities including sender, receiver, and actor nodes are separately maintained. A possession set POSS(entity) contains all the parameters involved in encryption, decryption, and other operations performed at local memory of each entity as described in section below. A Behavior List BL() contains the list of operations and input arguments that are performed in near to implementation steps by entities , , , and .

KDFA Analysis and Verification.
In this section, KDFA is analyzed for intra-actor distribution scenario as discussed in Section 4. In this scenario, the key distribution is initiated by the sender node ( ) by transmitting message 1 and 2 to actor node and , respectively, and by considering = 2 fragments. receives the fragments and calculates the secret key. After sending operation, an update operation is performed to refresh the observer list as shown below.
Sender node further unicasts another message to actor node for transmitting the second key fragment using message . Related parameters including messages, ciphers, nonce values, actual key, key fragments, and hashes are saved in possession set at during the key establishment phase as shown below.
After sending two messages, control is passed to receive operation in appropriate actor node where messages are decrypted to retrieve concatenated message that are further split to get actual parameters. Freshness of message is checked by subtracting timestamp received , +1 from the actor's timestamp , and if the answer is greater than the threshold Δ then further calculations are proceeded. Otherwise, message is discarded. MAC is also calculated as MAC({Concat( , , )}) for concatenated parameters including , , and compared to the hash values to ensure integrity protection. These operations, as shown in the following steps, are executed at actor node and similar steps are followed by with different parameters. Actor nodes and further send these key fragments towards the receiver node by encrypting with the preestablished key with receiver node .
Possession set at actor nodes and contains the following parameters during execution of the above-mentioned operations as shown below.
Forget operation will result in removing these temporary values ( , , , , , 3 , 3 , * ) from the possession set at . Actor node also performs the same operation with different parameters.
The receiver node checks the freshness of message after decryption. Node maintains a count in for key fragment messages, if is less than number of fragments then will continue to receive messages as shown in following steps. If is equal to then will apply the XOR operation on all the key fragments to calculate the actual key and then sends the acknowledgement message to the sender node as shown below.
After execution of all steps, secure key is saved in belief set. Unnecessary values are removed by using Forget( , , , , , 5 , 5 ) operation after successful transmission of message from receiver back to sender .
The sender node receives the acknowledgement message 5 encrypted with currently established key -. Node decrypts the cipher text C5 to get [ * , , ] and verify the nonce value as shown in the following steps.
. Possession set at is refreshed after the completion of key distribution process and receiving the acknowledging message from the receiver node . Secret key is also saved in the belief set. executes the above-mentioned Forget ( , , , , , 1 , 1 , +1 , +1 , +1 , +1 , +1 , 2 , 2 ) operation to clear the unnecessary values from possession set that is shown below.

Simulation and Results
For simulation, we have used ns-2.35 on Fedora Core 12. During simulation scenarios, C language is used for providing send and receive functionalities along with packet formats for sensor nodes, actors, and sink. Encryption, decryption, fragmentation, and hash functions are also provided in C. Tcl is used to create nodes, deployment of network field, and linking the nodes. Messages scenarios are also exchanged as per KDP specifications. In WSAN, nodes and actors are randomly deployed in a region of 1200 × 1200 meters where nodes were static and actors can move within the network field. We have focused on providing key distribution services and data collection scenario is left for future work. Transmission range of nodes is set to 40 meters with different network sizes from 100 to 1000 nodes. It also includes 5 to 20 powerful actor nodes. Queue type is set to Queue/DropTail/PriQue as shown in Table 3.

Resilience.
During interactor communication (IAC) two ordinary nodes from different regions communicate using two actor nodes. The probability that an actor node being compromised in the path can be calculated using (12), where is the network size and cp is the number of nodes captured by an attacker in the network: The total number of uncompromised nodes − 2 means that 2 ordinary nodes are excluded from compromised nodes in network whereas − 3 represents the further exclusion of one actor node. The probability that a certain actor node is captured at either sender or receiver side can be calculated using Considering the scenario of dividing a key into two fragments, we can calculate the probability of capturing exactly = 2 actor nodes that are randomly selected for IAC as ACF=2 = AC × AC . We simulated KDFA scheme for a network of 1000 ordinary nodes with a transmission range of 40 meters and 50 actor nodes with transmission range of 250 meters.
Results in Figure 7(a) show that if 150 nodes are captured then there are 15% of chances to capture one actor node in the path. In case of fragmentation, there are only 2% for = 2 and 0.3% for = 3, which are exactly those actor nodes that are randomly selected to transmit the key fragments. Figure 7(b) further evaluates the scenario when more than 60% of the nodes are compromised. If 600 nodes are compromised then there are only 13% of chances for = 4, 21.7% for = 3, and 36% for = 2 scenario that Actor nodes are captured. Hence resilience is very much improved due to fragmentation.

Fragmentation Computation Cost.
A key fragment size is calculated using KFA as discussed in Section 4.1 where the size of the last fragment varies in case of odd number of fragments. Additional bits are added to last fragment as illustrated in step 7 and that is used to generate (14), where is the size of the last fragment, is the key size, and is the number of fragments. The last key fragment size dependents on the remainder of ⌊ / ⌋ operation: Figure 8(a) shows the size of the last fragment by selecting = 2, 3 and 4 key fragmentation scenarios for distributing the keys of sizes 16 bits, 32 bits, 64 bits, and 128 bits. In case of = 3 fragments, last fragment size is 24 bits whereas initial two fragments are 20 bits for distributing a 64-bit key. These 4 extra bits are produced because is indivisible by . Figure 8(b) illustrates the size of the initial key fragments. By considering a 32-bit bit scenario for = 3 fragments, the size of the initial two fragments is 10 bits. In case of even value for , the last fragment size is the same as the initial key fragments.

Communication Overhead Analysis.
In KDFA, the number of messages ( ) transmitted during intra-or interactor communication scenarios can be calculated using (15) where represents the number of fragments. In this equation, and represent the number of messages transmitted by ordinary node and actor, respectively, during intra-or interactor communication scenario without fragmentation: In case of intra-actor communication, = = 1 because the actual key was sent in single message like NEKM [20]. By applying fragmentation, the value of = 4 for = 2 fragments using (15). Similarly, in interactor communication scenario, = 1 and = 2 and = 6 for = 2 fragments using (15). Our main concern is to calculate the communication cost incurred by ordinary nodes. Therefore, we have ignored the value of . A sender transmits ( × ) messages to actor nodes, and hence ( − 1) extra messages are sent by ordinary node due to fragmentation. If 2 key fragments are exchanged then only 2 messages are sent by the ordinary nodes to actors where 1 message is extra as compared to fragmentation less scenarios.
An ordinary node can establish indirect keys with distant sensor nodes in outer circle of its transmission range as illustrated in Figure 9(a). The total communication cost for indirect keying ( ) can be calculated using (16) where OC represents the total number of nodes in outer circle:    Figure 9(a) illustrates that if an ordinary node establishes keys with 6 nodes in its outer circle then 12 messages are exchanged by that node for = 2 key fragments. The same number of messages was sent in STSK [10] where an ordinary node was used as intermediary to exchange a single actual key per message without fragmentation. In NEKM [20], only 6 messages were sent to 6 nodes for key distribution using single actor without fragmentation. Message size for exchanging key fragment is 14 bytes that contains 16-bit sender ID, 32-bit key fragment, 16-bit nonce value, 16-bit timestamp, and 32-bit hash value according to (5). Our scheme requires extra 14 bytes to transmit one extra message in case of = 2 but such a little amount of overhead ensures the secure key distribution in severe environments even when a large number of nodes or actors are compromised. Fragmentation is only required for indirect key establishment that is less frequent as compared to direct keying. Once the key is distributed then that key is reused for future communication between these two nodes.
intra and inter represent the values of communication cost ( ) for both scenarios. In this case, ordinary node transmits 12 messages for OC = 6 and = 2 in both intra-and interactor communication scenarios. The sender transmits the same number of messages to actors whether intra-, interactor, or hybrid communication scenarios is adopted by actors.
If there are actor nodes in the network then Actor = ( −1 −1 ) / ( ) is the probability that a certain node is an actor. A node being an ordinary node could be identified with a probability (1 − Actor ). The probability of establishing links with gateway nodes at one end is Actor × (1 − Actor ). Figure 9(b) elucidates that in case of 50 actors in a network of 1000 nodes, only 9.5% links are established between actors and nodes, 90% between nodes, and only 0.2% between actors. By referring to these probabilities, we can claim that the chances of intra-actor communication are higher than the interactor communication scenarios.

Conclusion
Key distribution schemes require agent nodes as intermediaries to establish keys between distant nodes. A compromised actor node can reveal all the keys passing through that node. Therefore, we have proposed a lightweight key fragmentation and assimilation scheme to mitigate the key exposure problem. Rubin logic is applied to model the proposed scheme KDFA and analysis is also performed to evaluate its accuracy of cryptographic operations and transmissions. Simulation results show the effectiveness of the proposed scheme over contemporary schemes in literature. According to results, 75% of communication is compromised in existing schemes whereas the proposed KDFA has the probability of exposing only 13% of communication when 60% of nodes are compromised. In the proposed scheme, sender transmits extra 14 bytes during key distribution process but using powerful actor nodes reduces the overhead for those messages exchanged through actors. In future, the proposed scheme will be analyzed to measure the effects of poor interactor connectivity on data extraction and aggregation.