21
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ily as, Spyros Magliveras Department of Computer Science and Engineering, Flo rida Atlantic University, Boca Raton, FL 33431, USA Department of Mathematics, Florida Atlantic Univers ity, Boca Raton, FL 33431, USA Journal of Network and Computer Application Present: Jhoong-Wei Chen

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

  • View
    219

  • Download
    5

Embed Size (px)

Citation preview

Page 1: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management in Mobile Ad Hoc

NetworksBing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros

MagliverasDepartment of Computer Science and Engineering, Florida Atlantic U

niversity, Boca Raton, FL 33431, USADepartment of Mathematics, Florida Atlantic University, Boca Raton,

FL 33431, USAJournal of Network and Computer Application

Present: Jhoong-Wei Chen

Page 2: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Introduction

• The ad hoc networks security

• Introduce a secure and efficient key management scheme(SEKM)

• The basic idea is that server nodes form an underlying service group

Page 3: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Key Management in Ad Hoc Networks

• Trust models

Page 4: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Notation and assumption– that every node carries a valid certificate from off-line

configuration before entering the network

Page 5: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• The overview of SEKM– Kca

-1 is distributed to m shareholders (server)

– A quorum of k(1<k≤m) servers (server group) can produce a valid certificate

– SEKM• group maintenance phases• share updating phases • certificate renew/revocation phases • handling new server nodes phases

Page 6: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Secure server group formation and maintenance– Use mesh structure– only server nodes initiate the group formation and

become members of the group– A subset of non-server nodes could be forwarding

nodes– the tree-based structure is easy to break in a high

dynamic situation and incurs excessive control traffic– Soft state

Page 7: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Group Creation– When a secret shareholder enters the network, it broa

dcasts a JoinServeReq: {IDi, SEQi, TTL} {[h(IDi, SEQi)]Ki

-1|(TTL)Ki-1}

– When a node– receives a non-duplicate JoinServerReq packet, it nee

ds to verify that the packet is from the authenticated source

– The TTL value decreases by 1 as the packet leaves intermediate node. The change of TTL is signed by intermediate nodes

Page 8: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

– If the server node receive JoinServerReq it will send a JoinServerReply packet as well as forwarding the request packet.

– JoinServerReply packet is also protected by the replier’s signature

Page 9: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Group maintenance– for a mesh structure, there are multiple possib

le paths between pairs of servers– the periodical message JoinServerRequest an

d JoinServerReply are sent out

Page 10: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Secret share updating– k servers within the server group initiate the share up

date phase– At every round every server i generates a random nu

mber βi between 0 and 1 and a threshold value τi. τi is defined as

Page 11: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Secret share updating

Page 12: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Handling new servers– server group updates shares periodically, a n

ew joining node could carry an outdated share from off-line configuration

– A message could be– A message sent out to notify requesting node

r by checking the version field in the certificate

Page 13: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Certificate updating

Page 14: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

•Certificate updating

Page 15: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Secure and Efficient Key Management (SEKM) Scheme

• Handling certificate expiration and revocation– A certificate will expire after a predetermined

period of time– In this paper, for simplicity, a– node with an expired certificate needs some o

ff-line or in-person reconfiguration– A node’s certificate could be revoked by the s

erver group within its validity period for several reasons

Page 16: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Performance evaluation

• Assumption– 100 X100 2-D free-space– from 40 to 100 nodes– transmission range r =25– 1024-bit RSA cryptographic key pairs– The coefficients of the polynomial are 512 bits

long.– hashed using MD5– implemented in Matlab.

Page 17: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Performance evaluation

Page 18: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Performance evaluation

Page 19: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Performance evaluation

Page 20: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Conclusion

• In this paper we propose a key management scheme, SEKM, which creates a PKI structure for this type of Ad Hoc Networks

• SEKM is that it is easier for a node to request service from a well maintained group rather than from multiple ‘‘independent’’ service providers which may be spread in a large area.

Page 21: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer

Appendix

• Key agreement protocol: A key agreement protocol or mechanism is a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no party can predetermine the resulting value.

• Key management protocol: