Probabilistic key predistribution schemes (P-KPSs) which place modest demands on hardware are good candidates for securing interactions between resource limited computers. Collusion susceptible P-KPSs are trade-offs between security and complexity. Some facets of complexity include computation, bandwidth, and storage overhead. Metrics for security include resistance to passive eavesdropping attacks, and active message injection attacks. The contributions of this paper are three-fold: 1) a novel P-KPS, the subset keys and identity tickets (SKIT) scheme; 2) a generic KPS model to facilitate comparison of various facets of the complexity of key predistribution schemes; and 3) a new security model to describe the resistance of P-KPSs to active message-injection attacks. The two models are used to show why SKIT has many compelling advantages over existing P-KPSs in the literature. In particular, while placing lower demands on computation, bandwidth and storage overhead, SKIT realizes substantial improvements in resistance to passive and active attacks.