View
219
Download
5
Tags:
Embed Size (px)
Citation preview
Secure and Efficient Key Management in Mobile Ad Hoc
NetworksBing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros
MagliverasDepartment of Computer Science and Engineering, Florida Atlantic U
niversity, Boca Raton, FL 33431, USADepartment of Mathematics, Florida Atlantic University, Boca Raton,
FL 33431, USAJournal of Network and Computer Application
Present: Jhoong-Wei Chen
Introduction
• The ad hoc networks security
• Introduce a secure and efficient key management scheme(SEKM)
• The basic idea is that server nodes form an underlying service group
Key Management in Ad Hoc Networks
• Trust models
Secure and Efficient Key Management (SEKM) Scheme
• Notation and assumption– that every node carries a valid certificate from off-line
configuration before entering the network
Secure and Efficient Key Management (SEKM) Scheme
• The overview of SEKM– Kca
-1 is distributed to m shareholders (server)
– A quorum of k(1<k≤m) servers (server group) can produce a valid certificate
– SEKM• group maintenance phases• share updating phases • certificate renew/revocation phases • handling new server nodes phases
Secure and Efficient Key Management (SEKM) Scheme
• Secure server group formation and maintenance– Use mesh structure– only server nodes initiate the group formation and
become members of the group– A subset of non-server nodes could be forwarding
nodes– the tree-based structure is easy to break in a high
dynamic situation and incurs excessive control traffic– Soft state
Secure and Efficient Key Management (SEKM) Scheme
• Group Creation– When a secret shareholder enters the network, it broa
dcasts a JoinServeReq: {IDi, SEQi, TTL} {[h(IDi, SEQi)]Ki
-1|(TTL)Ki-1}
– When a node– receives a non-duplicate JoinServerReq packet, it nee
ds to verify that the packet is from the authenticated source
– The TTL value decreases by 1 as the packet leaves intermediate node. The change of TTL is signed by intermediate nodes
Secure and Efficient Key Management (SEKM) Scheme
– If the server node receive JoinServerReq it will send a JoinServerReply packet as well as forwarding the request packet.
– JoinServerReply packet is also protected by the replier’s signature
Secure and Efficient Key Management (SEKM) Scheme
• Group maintenance– for a mesh structure, there are multiple possib
le paths between pairs of servers– the periodical message JoinServerRequest an
d JoinServerReply are sent out
Secure and Efficient Key Management (SEKM) Scheme
• Secret share updating– k servers within the server group initiate the share up
date phase– At every round every server i generates a random nu
mber βi between 0 and 1 and a threshold value τi. τi is defined as
Secure and Efficient Key Management (SEKM) Scheme
• Secret share updating
Secure and Efficient Key Management (SEKM) Scheme
• Handling new servers– server group updates shares periodically, a n
ew joining node could carry an outdated share from off-line configuration
– A message could be– A message sent out to notify requesting node
r by checking the version field in the certificate
Secure and Efficient Key Management (SEKM) Scheme
• Certificate updating
Secure and Efficient Key Management (SEKM) Scheme
•Certificate updating
Secure and Efficient Key Management (SEKM) Scheme
• Handling certificate expiration and revocation– A certificate will expire after a predetermined
period of time– In this paper, for simplicity, a– node with an expired certificate needs some o
ff-line or in-person reconfiguration– A node’s certificate could be revoked by the s
erver group within its validity period for several reasons
Performance evaluation
• Assumption– 100 X100 2-D free-space– from 40 to 100 nodes– transmission range r =25– 1024-bit RSA cryptographic key pairs– The coefficients of the polynomial are 512 bits
long.– hashed using MD5– implemented in Matlab.
Performance evaluation
Performance evaluation
Performance evaluation
Conclusion
• In this paper we propose a key management scheme, SEKM, which creates a PKI structure for this type of Ad Hoc Networks
• SEKM is that it is easier for a node to request service from a well maintained group rather than from multiple ‘‘independent’’ service providers which may be spread in a large area.
Appendix
• Key agreement protocol: A key agreement protocol or mechanism is a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no party can predetermine the resulting value.
• Key management protocol: