Secure and Efficient Key Management in Mobile Ad Hoc

NetworksBing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros

MagliverasDepartment of Computer Science and Engineering, Florida Atlantic U

niversity, Boca Raton, FL 33431, USADepartment of Mathematics, Florida Atlantic University, Boca Raton,

FL 33431, USAJournal of Network and Computer Application

Present: Jhoong-Wei Chen

Introduction

• The ad hoc networks security

• Introduce a secure and efficient key management scheme(SEKM)

• The basic idea is that server nodes form an underlying service group

Key Management in Ad Hoc Networks

• Trust models

Secure and Efficient Key Management (SEKM) Scheme

• Notation and assumption– that every node carries a valid certificate from off-line

configuration before entering the network

Secure and Efficient Key Management (SEKM) Scheme

• The overview of SEKM– Kca

-1 is distributed to m shareholders (server)

– A quorum of k(1<k≤m) servers (server group) can produce a valid certificate

– SEKM• group maintenance phases• share updating phases • certificate renew/revocation phases • handling new server nodes phases

Secure and Efficient Key Management (SEKM) Scheme

• Secure server group formation and maintenance– Use mesh structure– only server nodes initiate the group formation and

become members of the group– A subset of non-server nodes could be forwarding

nodes– the tree-based structure is easy to break in a high

dynamic situation and incurs excessive control traffic– Soft state

Secure and Efficient Key Management (SEKM) Scheme

• Group Creation– When a secret shareholder enters the network, it broa

dcasts a JoinServeReq: {IDi, SEQi, TTL} {[h(IDi, SEQi)]Ki

-1|(TTL)Ki-1}

– When a node– receives a non-duplicate JoinServerReq packet, it nee

ds to verify that the packet is from the authenticated source

– The TTL value decreases by 1 as the packet leaves intermediate node. The change of TTL is signed by intermediate nodes

Secure and Efficient Key Management (SEKM) Scheme

– If the server node receive JoinServerReq it will send a JoinServerReply packet as well as forwarding the request packet.

– JoinServerReply packet is also protected by the replier’s signature

Secure and Efficient Key Management (SEKM) Scheme

• Group maintenance– for a mesh structure, there are multiple possib

le paths between pairs of servers– the periodical message JoinServerRequest an

d JoinServerReply are sent out

Secure and Efficient Key Management (SEKM) Scheme

• Secret share updating– k servers within the server group initiate the share up

date phase– At every round every server i generates a random nu

mber βi between 0 and 1 and a threshold value τi. τi is defined as

Secure and Efficient Key Management (SEKM) Scheme

• Secret share updating

Secure and Efficient Key Management (SEKM) Scheme

• Handling new servers– server group updates shares periodically, a n

ew joining node could carry an outdated share from off-line configuration

– A message could be– A message sent out to notify requesting node

r by checking the version field in the certificate

Secure and Efficient Key Management (SEKM) Scheme

• Certificate updating

Secure and Efficient Key Management (SEKM) Scheme

•Certificate updating

Secure and Efficient Key Management (SEKM) Scheme

• Handling certificate expiration and revocation– A certificate will expire after a predetermined

period of time– In this paper, for simplicity, a– node with an expired certificate needs some o

ff-line or in-person reconfiguration– A node’s certificate could be revoked by the s

erver group within its validity period for several reasons

Performance evaluation

• Assumption– 100 X100 2-D free-space– from 40 to 100 nodes– transmission range r =25– 1024-bit RSA cryptographic key pairs– The coefficients of the polynomial are 512 bits

long.– hashed using MD5– implemented in Matlab.

Performance evaluation

Performance evaluation

Performance evaluation

Conclusion

• In this paper we propose a key management scheme, SEKM, which creates a PKI structure for this type of Ad Hoc Networks

• SEKM is that it is easier for a node to request service from a well maintained group rather than from multiple ‘‘independent’’ service providers which may be spread in a large area.

Appendix

• Key agreement protocol: A key agreement protocol or mechanism is a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no party can predetermine the resulting value.

• Key management protocol: