seminar keymgmt
TRANSCRIPT
-
8/8/2019 Seminar Keymgmt
1/31
Key Management (MANET)
1
Abstract
The aim of this Seminar is to navigate different key management techniques used in
MANET. Here Peer to Peer Key Management, Group Key Management as well as Key
Management in Heterogeneous sensor networks such different schemes in MANET are
discussed.
Special hybrid group key management scheme for MANET is part of Group key
management. This is combination of LKH & TGDH algorithms. This scheme is called as
Parallel Key Management.
In Peer to peer key management there are various protocols are discussed e.g partially
distributed certificate authority, Mobility based key management etc.
In Heterogeneous Sensor networks formation of clusters form H-Sensor & L-Sensor
sensor nodes. Managing key in such situations is part of this section.
Aim is to choose any scheme suitable for MANET which is cost effective.
-
8/8/2019 Seminar Keymgmt
2/31
Key Management (MANET)
2
CHAPTER 1
INTRODUCTION
1. INTRODUCTION
Todays information systems and the information that they contain are considered to be major
assets that require protection. The information used by government and business is contained in
computer systems consisting of groups of interconnected computers that make use of shared
networks, often referred to as the Internet. Since the Internet is shared by diverse and often
competing organizations and individuals, information systems should protect themselves and
the information that they contain from unauthorized disclosure, modification and use. Even the
denial of service to legitimate users is considered a significant threat. The information used by
these systems requires protection when it is at rest within a protected facility, and also when it
is transported from one location to another.
Cryptography is the practice & study of hiding the information. It is combination of
Algorithm & Key .Algorithm is the process or function which has Plaintext & Key as input &
produces Cipher text as Output. This Cipher text is not easily readable. So, nobody can analyze
the content of Cipher. In Cryptographic world one issue raised that whether to keep Algorithm
secret or Key. But generally the Key has to be Secret. According to OSI security architecture it
is made up of following constraints:
1) Key Generation.
2) Key Distribution.
3) Key Maintenance.
1.1. Key Generation:Key generation is the process of generating keys for Cryptography. A key is used to
encrypt & decrypt whatever data is being encrypted or decrypted. Modern
CryptographicSystems include Symmetric Key algorithms & Public Key algorithms.Symmetric-key
algorithms use a single shared key; keeping data secret requires keeping this key secret.
Public-key algorithms use a public key and a private key. The public key is made
-
8/8/2019 Seminar Keymgmt
3/31
Key Management (MANET)
3
available to anyone (often by means of a digital certificate). A sender will encrypt data
with the public key; only the holder of the private key can decrypt this data.
1.2. Key Distribution:There are various key distribution mechanisms such as DiffeHelman key exchange
algorithm which is used to share a secret key in secure manner.
For public key Dustribution there are several techniques:
1.3. Key Maintenace:Maintaining a key which can be symmetric key or public key. In groups single shared
key is used which has to keep consistent. Because at any time members of Group can
leave or join the group.In such cases the key must be changed & updates must be
forwarded to every member of the group.
Among above key constraints we are going to consider only two. Key Distribution
&Key Maintenance .Key generation is separate area of consideration. In following section we
will see purpose & goal of key management.
-
8/8/2019 Seminar Keymgmt
4/31
Key Management (MANET)
4
CHAPTER 2
Purpose &Goal
2.1Purpose:
The Security protocol needs Key management solution to exchange keys and security
parameters, manage and refresh keys, etc.A key management protocol is executed prior to the
security protocols execution.
2.2Goal:
The Key management protocols main goal is to,in secure and reliable way establish a security
association for the security protocol.This includes one or more cryptographic keys and the set
of necessary parameters for the security protocol, e.g., cipher and authentication algorithms to
be used.
This is we have seen about what is need of key management & what goals it has to accomplish.
In next section we will see Different keys & their distribution techniques.
-
8/8/2019 Seminar Keymgmt
5/31
Key Management (MANET)
5
CHAPTER 3
Cryptographic Keys & Their Distribution
3.1Symmetric Key:
Symmetric key management is the key management of
cryptographic symmetric encryption keys. In a symmetric key algorithm the
keys involved are identical for both encrypting and decrypting a message. Such
keys must be chosen carefully, and distributed and stored securely. In any
system there may be multiple keys for various purposes. Accordingly, key
management is central to the successful and secure use of symmetric key
algorithms.
However distributed, symmetric keys must be stored securely to maintain
communications security. There are various techniques in use to assist with
this. Likely the most common is that an encryption application manages keys
for the user and depends on an access password to control use of the key. It is
rare to use keys in 'raw' form, that is as a string of bits, most probably because
such strings often generate mistakes when handled by humans.
The major issue is length of key use, and therefore frequency of replacement.
Because it increases any attackers required effort, keys should be frequently
changed. This also limits loss of information, as the number of stored encrypted
messages which will become readable when a key is found will be decrease as
the frequency of key change increases. Historically, symmetric keys have been
used for long periods in situations in which key exchange was very difficult or
only possible intermittently. Ideally, the symmetric key should change with
each message or interaction, so that only that message will become readable if
the key is learned (e.g., stolen, cryptanalyzed, or social engineered).
3.2 PrivateKey & Public Key:
-
8/8/2019 Seminar Keymgmt
6/31
Key Management (MANET)
6
Private Key is private & does not need distribution.
There are various ways for public key distribution:
1. Public Announcement :Public key announcement any sender suppose A will publicly announce his
own key so that anybody want to communicate with that person can use that
key. But, there is one problem with this system. Anyone can forge such
announcement. Suppose anybody can forge that he is Sender A so other
persons can create secret messages intended to A with forged key therefore
forger can get secret information intended to A easily.
2. Public Key Directory:Public Key directory is Directory server which stores publicly all public keys.
The authority maintains a directory with {name, public key} entry for each
participant. Each participant registers public key with directory authority my
person or by some form secure authenticated communication. Participant may
change his public key due to comprised of private key some way. Periodically
authority publishes the entire directory.(same as telephone directory).
3. Public Key Certificates:Here participants can exchange keys without contacting public Key Authority.
Each Certificate contains public key & other information is created by Certificate Authority&
is given to the participant matching private key.A participant conveys its key information to
another by transmitting certificates.Therfore any participant can read a certificate to determine
the name and public key of the certificates owner.Also,any participant can verify that the
certificate originated from the Certificate authority and is not counterfit.Only the Certificate
authority can create and update certificates.The participant can verify the currency of the
certificate.
4. Public Key Authority:Central authority maintains dynamic directory of public keys of all
participants.In addition each participant reliably knows a public key for the
authority,with the only authority knowing the corresponding private key.
-
8/8/2019 Seminar Keymgmt
7/31
Key Management (MANET)
7
These are the basic key distributionstechniques we have considered. There are
various different techniques are also available such as PGP, Kerberos
etc.Uptil now we have seen about peer to peer key distribution or management.
In next section we will see Group Key management.
-
8/8/2019 Seminar Keymgmt
8/31
Key Management (MANET)
8
CHAPTER 4
Group Key Management
4.1Group key Management Protocol:
The GKMP creates key for cryptographic groups, distributes key to the
group members, ensures (via peer to peer reviews) rule based access control of keys, denies
access to known compromised hosts, and allow hierarchical control of group actions.
The key generation concept used by the GKMP is cooperative generation between two
protocol entities. There are several key generation algorithms viable for use in the GKMP (i.e.,
RSA, Diffe-Hellman,elliptic curves). All these algorithms use asymmetric key technology
to pass information between two entities to create a single cryptographic key.
The GKMP then distributes the group keys to qualified GKMP entities.This distribution
process is a mutually suspicious process (all actions and identities must be verified).The GKMP
provides a peer to peer review process. Protocol entities pass permission certificates (PC) as
part of the group key distribution process. The PCs contain access control information about a
particular site. This access control information is assigned by a higher authority which then
signs the PC. Therefore each entity can verify the permissions of any other GKMP entity but
can modify none. Each protocol entity checks the permissions and compares them the level of
service requested. If the permissions do not exceed or equal the request, the service is denied.
The GKMP supports compromise recovery. A list of compromised GKMP entities is
distributed to group members during key management actions. In essence, a Compromise
Recovery List (CRL) allows group members to drop connections with compromised entities.
The GKMP delegates control of groups to specific group controllers so it will be somewhat
easier to distribute the CRL to the most important GKMP entities. During each key
management action the CRL version number is passed, when a CRL update is detected it isdownloaded and verified (it is signed by a higher authority).The GKMP allows control of group
actions. In certain networks it is desirable for a higher authority to strictly control the
generation of groups. These networks usually have a central network operations authority. The
-
8/8/2019 Seminar Keymgmt
9/31
Key Management (MANET)
9
GKMP allows these authorities to remotely order group actions. These orders are signed by
that authority and verified by all entities involved with the group.
The GKMP is an application layer protocol. It's independent of the underlying communication
protocol. However, if multicast service is available it will speed the rekey of the cryptographic
groups. Hence, the GKMP does use multicast services if they are available
2 Overview: GKMP Roles
Creation and distribution of grouped key require assignment of roles. These identify what
functions the individual hosts perform in the protocol. The two primary roles are those of key
distributor and member. The controller initiates the creation of the key, forms the key
distribution messages, and collects acknowledgment of key receipt from the receivers. The
members wait for a distribution message, decrypt, validate, and acknowledge the receipt of
new key.
4.2 Group controller
The group controller (GC) is the a group member with authority to perform critical protocol
actions (i.e., create key, distribute key, create group rekey messages, and report on the
progress of these actions). All group members have the capability to be a GC and could
assume this duty upon assignment.
The GC helps the cryptographic group reach and maintain key synchronization. A
group must operate on the same symmetric cryptographic key. If part of the group loses or
inappropriately changes it's key, it will not be able to send or receive data to another host
operating on the correct key. Therefor, it is important that those operations that create or
change key are unambiguous and controlled (i.e., it would not be appropriate for multiple
hosts to try to rekey a net simultaneously). Hence, someone has to be in charge -- that is
the controller.
4.3 Group member
-
8/8/2019 Seminar Keymgmt
10/31
Key Management (MANET)
10
Simply stated a group member is any group host who is not acting as the controller. The
group members will: assist the controller in creating key, validate the controller authorization
to perform actions, accept key from the controller, request key from the controller, maintain
local CRL lists, perform peer review of key management actions, and manage local key.
The Group key management or peer to peer key management is easy with wired networks. But
what happens if it in wireless network where nodes are not fixed(i.e mobile) & nodes do not
have same computing power. We have considered such a wireless network MANET. In
following section we will see what is MANET? its characteristics & diff key management
schemes in MANET.
-
8/8/2019 Seminar Keymgmt
11/31
-
8/8/2019 Seminar Keymgmt
12/31
Key Management (MANET)
12
given characteristics. For example, an open or public MANET will take on aself-organized
nature, and hence the end-users will set up and manage the network themselves. This means
that an offline authority may not be available. In contrast, MANETs used in military
applications will not have a self-organized characteristic, but will make use of an offline
authority to initialize the nodes; the authority-basedapproach allows for robust access
control to the network services.
Another example of varying characteristics emerges from MANETs formed by sensor
nodes or laptop computers. Clearly schemes designed for MANETs formed by laptop
computers will not have the same limitation on memory, energy (battery), and computational
resources as those formed by sensor nodes.It is thus apparent that a clear description of a key
management schemes intended application is necessary. The application may dictate the
characteristics of the MANET and the degree to which some characteristics will influence the
design of a suitable scheme.
5.1.1. Network Infrastructure
There is no fixed or preexisting infrastructure in an ad hoc network: all network functions
(routing, security, network management, etc.) are performed by the nodes themselves.Due to
the nodes limited transmission range, data dissemination is achieved in a multihop fashion;
nodes can therefore be considered as hosts and routers. Although the lack of infrastructure
opens a new window of opportunity for attacks, the authors believe that the lack of
infrastructure can help to ensure the survivability of the network in a very hostile environment.
This holds true not only from a network security perspective, but also when the users of the
network are under physical attack.Ad hoc networks may be spontaneously formed with no a
priori knowledge of the physical location and networking environment. MANETs lack of
infrastructure thus makes it suitable for various applications where conventional networks fall
short. Hybrid ad hoc networks combine conventional network infrastructure with multihopping.
This derivative of ad hoc networks will find useful application where fixed infrastructure can
be extended through multihop networks or where the functionality (and performance) of
multihop networks can be enhanced by relying on some infrastructure.
5.1.2. Network Topology
Nodes in ad hoc networks may be mobile resulting in a dynamic, weakly connected topology.
Since node mobility is unrestricted, the topology may be unpredictable. The network will,
-
8/8/2019 Seminar Keymgmt
13/31
Key Management (MANET)
13
however, demonstrate global mobility patterns which may not be completely random.The
topology is weakly connected due to transient, errorprone, wireless connectivity. The users may
therefore experience unavailability of essential networking services.Node mobility and wireless
connectivity allow nodes to spontaneously join and leave the network, which makes the
network amorphous. Security services must be able to scale seamlessly and remain available
with changes in network topology.
5.1.3. Self-Organization
MANETs cannot rely on any form of central administration or control; this is essential
to avoid a single point of attack. Aself-organizedMANET cannot rely on any form ofoffline
trusted third party (TTP); the network can thus be initialized by a distributed online TTP.
Apure orfully self-organizedMANET does not rely on any form of TTP whatsoever, that is,
the online TTP is also eliminated. Nodes will therefore only have compatible devices with the
same software installed. In the extreme case, the nodes will not even share a common set of
security system parameters. The lack of a TTP may force the end-users to actively participate in
the set up of security associations. A (fully) self-organized MANET has some inherent security
implications:
Fully self-organized MANETs are open in nature: similar to the Internet, any user
can join the network at random. Access control to applications will have to be provided
at the application layer with a varying degree of user interaction.
Each user will be its own authority domain, and hence responsible for generating and
distributing its own keying material. Any node can generate more than one identity when there
is no offline TTP. It is thus clear that it will be very difficult (if not impossible) to limit users to
one and only one unique identity in a (fully) self-organized setting.
The network will always be vulnerable to the active insider adversary.for example, it fails to
capture information an adversary may gain from detailed knowledge of the protocols in use. An
interesting topic for future research will be the adversary model in open ad hoc networks.
It will be difficult to hold malicious nodes accountable for their actions, since they can
always rejoin the network under a different (new) identity.
5.1.4. Limited Resources
Nodes have limited computational, memory, and energy resources in contrast to their wired
predecessors. Nodes are small hand-held devices (possibly off-the-shelf consumer
-
8/8/2019 Seminar Keymgmt
14/31
Key Management (MANET)
14
electronics) that do not hinder user mobility. In an attempt to keep the cost of these devices
low, they are normally powered by a small CPU, accompanied by limited memory resources.
As the devices are mobile, they are battery operated. This often results in short on times and the
possibility of power failure due to battery exhaustion, perhaps during execution of a network-
related function.
Devices may have limited bandwidth and transmission ranges. If it is assumed that
advances in integrated circuit (IC) technology will keep on following Moores law,
computational
and memory limitations will be alleviated in a matter of time. Bandwidth and
transmission range (in the case of communication via radio transmissions) are unlikely
to improve dramatically with respect to power consumption as both are dependent on
Shannons law and thus limited . In order to achieve a higher
bandwidth, a higher signal-to-noise ratio (SNR) is required, which in turn requires
higher transmission power. Higher transmission power significantly
depletes battery power, which is unlikely to improve significantly given the
current rate of advancement in battery technology.
A security protocol that fails to optimize node and network resources will simply not
be adopted in practice.
5.1.5. Poor Physical Security
Nodes are mobile and therefore cannot be locked up in a secure room or closet. These small
hand-held devices are easily compromised by either being lost or stolen. It is therefore highly
probable than an adversary can physically compromise one or more nodes and perform any
number of tests and analysis. The adversary can also use the nodes to attack distributed network
services, such as a distributed online certificate . Poor physical security is not as relevant in
openMANETs: the adversaries do not have to physically capture nodes to become an insider
or to perform analysis on the protocols. The poor physical security of mobile devices may
result in serious problems in closed, military-type MANETs where physically compromised
nodes can be used to launch active, insider attacks on the network.
5.1.6. Shared Physical Medium
The wireless communication medium is accessible to any entity with the appropriate equipment
and adequate resources. Accordingly, access to the channel cannot be restricted. Adversaries
-
8/8/2019 Seminar Keymgmt
15/31
Key Management (MANET)
15
are therefore able to eavesdrop on communications and inject bogus messages into the network
without limitation. The shared channel and the nodespoor physical security again emphasize
that security mechanisms must be able to deal with the worst-case active, insideradversary.
In this section we have briefly introduced MANET architecture. Next section will contain
different key management schemes in MANET.
-
8/8/2019 Seminar Keymgmt
16/31
Key Management (MANET)
16
CHAPTER 6
Different Key Management Schemes used in MANET
There are several key management schemes present in MANET.Out of which we will see here
following three schemes:
y Peer to Peer Key Management in MANET.y Hybrid Group Key Management in MANET.y Key Management scheme in Heterogeneous MANET.
We will see each scheme in detail here.
6.1 Peer to Peer Key Management in MANET:
This article focuses on peer-to-peer key management for mobile ad hoc networks (MANETs).
Investigations by the authors within the available publications have led to the classification of
the current protocols into the following subsets:
(1) partially distributed certificate authority;
(2) fully distributed certificate authority
(3) identity-based key management;
(4) certificate chaining-based key management;(5) cluster-based key management;
(6) predeployment-based key management;
(7) mobility-based key management, and
(8) parallel key management.
Most of the above subsets use public key cryptography due to its superiority in distributing
keys, providing authentication, and achieving integrity and nonrepudiation.
Symmetric key systems need a channel that provides both data integrity and confidentiality: the
latter property may not always be
readily available without any form of trusted authority or secure side channel (such as
an infrared interface).
1) The partially distributedcertificate authority group of protocols distributes the trust
-
8/8/2019 Seminar Keymgmt
17/31
Key Management (MANET)
17
in the certificate authority to a subset of the network communication entities. The
approach mitigates the single point of vulnerability inherent to the centralizedcertificate
authority.
2) Thefully distributed certificate authorityprotocol subset preserves the symmetric
relationships
between the communication entities in MANETs by distributing the burden
of key management to allcommunication entities. Each authorized node in the network
receives a share of the certificate authoritys secret key, allowing neighbors to service
requests for certification. The protocol that introduced this method was presented in
Luo et al. [2002] (Section 7).
3) The identity-based key managementapproach borrows concepts from thepartially
distributed certificate authorityprotocols, but uses an identity-based cryptosystem to
reduce the storage requirement compared to conventional public key cryptosystems.
The protocol will be considered as representative of this protocol
group .
4) In the certificate chaining-based key managementapproach, communication entities
can authenticate certificates by means of finding certificate chains between them.
Certificate chaining can be explained by the following example: partyA wants to communicate
with party C, which requires partyA to authenticate party Cs certificate.
The two parties have no communication history, but partyA trusts the certificate of a third
entity, partyB. PartyB informs partyA that it trusts the certificate of party C.PartyA that trusts
partyB will thus also trust party Cas a result of partyBs recommendation.There is thus a fully
connected certificate chain between partyA and Cthrough partyB, which enables partyA to
authenticate the certificate of party Cwithout any previous communication.
5) The cluster-based key managementsubset relies on a clustering algorithm to subdivide
the network into smaller groups. Group members in the same proximity can monitor their
neighbors and make recommendations to members from other groups on the authenticity of
their neighbors certificates. The cluster-based subset is introduced by investigating the
protocol.
6) The predeployment-based key managementsubset makes use of an offline authority to
issue each node with keying material prior to network formation. It is widely agreed that key
-
8/8/2019 Seminar Keymgmt
18/31
Key Management (MANET)
18
predistribution techniques are ideally suited for establishing secure connectivity in large-scale
distributed sensor networks. The limitations of sensor networks render conventional key
establishment techniques (such as public key cryptography) unsuitable .
7)The mobility-based key managementsubset exploits mobility and node encounters to
establish security associations and to warrant mutual authentication between users.
In contrast to the previously discussed subsets, the protocols in this group introduce
a shift in paradigm with respect to previous attempts to provide key management for
fully self-organized MANETs. Rather than trying to adapt solutions suited for conventional
wireline networks, the protocols in this subset use the unique characteristics of
MANETs to their advantage.
8)The combination of any of the above key management approaches gives rise to what
the authors call the parallel key managementsubset. By using two or more of the
above approaches in parallel, the advantages of the one scheme is used to mitigate the
disadvantages of the other. The subset which combines apartially distributed certificate
authority and the certificate chaining-based key management approach.
6.2Hybrid Group Key Management in MANET:
Let us see how the group key is managed in MANET by combining two group key
management schemes into one to form Hybrid scheme.
Network Model ofMANET:
MANET has two model including constitutive model and heterogeneous model. The difference
between is that the heterogeneous model is not a peer-to-peer node, that is, they do not
necessarily have the same computing, communications ability. All individual nodes form a
hierarchical structure in a heterogeneous MANET.
Figure depicts a heterogeneous MANET model supported by an unmanned aircraft
(UAV).All of the terrestrial mobile nodes are in a separate area, the region from 50 to 60 a
1000 feet height to the diameter of the circle is 8 nautical miles of the UAV to maintain flight.
From
the UAV to the ground node of the beam to form a shared access network UAV was used to
create it from the UAV to the ground mobile backbone communications between nodes.
-
8/8/2019 Seminar Keymgmt
19/31
Key Management (MANET)
19
HybridKeymanagement Architecure:
A heterogeneous MANET forms a two-tier structure, UAV could serve as a trusting center onthe ground mobile backbone nodes and ordinary nodes certification services. On the ground
floor, each cluster head node is responsible for the management of a local sub-group of all the
ordinary nodes,these nodes can be seen as a common internal node cluster,constitutes the focus
on the management of clusters. Cluster head node is generally stronger than ordinary node
computing power and stability, and other anti-attack capability, the general node cluster head
node to accept a variety of command and in accordance with the directives for action. All the
cluster head nodes constitute the first layer of distributed contributory agreement.
For the heterogeneous characteristics of MANET, a hybrid strategy is adopted to design
a heterogeneous MANET Group Key Management Architecture. In the structure, each cluster
node can all share a common local group key. Each cluster head node generates and distributes
it to all ordinary cluster nodes for encryption and decryption within the cluster communication
message. Generally, every cluster has a small number of members. The cluster head node with
more than ordinary computing nodes, consider using a centralized group key management
program LKH as a cluster within the Group Key Management Protocol, which is a group of
key advantages of the calculation and distribution of the completion by the group controller,
when the smaller group, the common node to join or leave the key updates to maintain
high efficiency.
Throughout the MANET, the ground mobile backbone nodes servers as a cluster head node in
all sub-groups. The cluster head nodes are distributed in the entire MANET and form a
-
8/8/2019 Seminar Keymgmt
20/31
Key Management (MANET)
20
distributed collaborative relationship. To complete the secure communications between all
nodes, the cluster head must adopt a common group key. Because each cluster head node has
an equal relation, there is no centralized control node.TGDH is a good distributed group key
agreement protocol for the generations of common key of cluster head nodes as the group key.
Its advantages are the group key generated through a share provided by each member and each
cluster head node with more than ordinary members of the computing nodes. A contributory
key agreement approach can effectively avoid the single point failure. A Situation is assumed
in the paper before the start of the group communication. The cluster members and cluster head
nodes in each group before communications have been received through the UAV between the
public key certificate, and by ensuring that the key security to offer implicit key authentication.
y Key Management Protocol within MANET Cluster:The binary tree LKH protocol is used as the key management within the cluster. Every cluster
member has a common group key. Only the cluster key need to be updated when the
membership changes. In order to keep the secure cluster communication, the key must be
update when one member joins or leaves the cluster.
Fig. Logical key hierarchy in each Cluster
As shown in figure, Suppose there are 8 members within cluster.In LKH these members are
located at laves of the tree. Let us consider m3 is the holder of the key {K3, K14, K18}.Here
the root node of the cluster group key is K18.For each node of apply to join the cluster, it
unicasts request message of an authentication information to the cluster head node. New
members to receive the request message, the
cluster head node to check the legality of authentication information, which agreed to decide
whether to add it to the group communication cluster. For each application for a new member
to join (such as m3) by adding sub-group, cluster head node to create a new group key K
-
8/8/2019 Seminar Keymgmt
21/31
Key Management (MANET)
21
shared with only m3, the previous sub-group K is used to encrypt the new key K and multicast
it to all of the current nodes within the cluster. Every cluster head node maintains a logical
auxiliary key tree. The new members to join need to create a logical key tree leaf node, if the
auxiliary key in the current tree to find a location free of leaves, on the arrangements for the
new adding members to the vacant position, if there is no idle position,
could be left from the bottom of the leaf node to start to create a new level, to accommodate
more new members apply to join.
When a member leaves the cluster, in order to ensure the security, the cluster head node need
to update the leaving member that holding all the keys, because these keys may be used by
other members. In order to ensure that the leaving group members cannot decrypt the
communication from the group, cluster head nodes need to update some keys on the key path
which is from the leaving node to the root node. As shown in Figure , if m3 leaves the cluster,
cluster head node must be updated K14, K18. First of all, the cluster node send (K14) K1,
(K14) K2, (K14) K4 to the m1, m2, m4 to update the K14, and then send (K18) K14 to the
m1, m2, m4, (K18) K58 to m5 ~ m8 to update the group key K18.
6.2 TGDH(Tree Based Graph Diffe-Hellman):
Because there is no centralized control structure, all cluster head nodes form a control node
group. They need to communicate with each other and keep a distributed partnership. All
cluster nodes are equal. We think TGDH as a key agreement protocol of cluster head node is
appropriate.
The TGDH cryptographic algorithm relies on the Diffie-Hellman solution adapted to the group
problem. Thus, the arithmetic operations are performed in a group of prime order p with the
generator , where p
(prime integer) and (exponentiation base) are the ones described in the Diffie-Hellman
protocol.
The notion of Group Diffie-Hellman is due to the fact that the group key is generated using the
Diffie-Hellman problem.
Each member possesses two personal keys:
y a private partial-key Kvy a public one BKv,
-
8/8/2019 Seminar Keymgmt
22/31
Key Management (MANET)
22
where,
BKv = Kv mod p.
The public group key is a function of the other nodes public keys and the current node private
key. Lets say: for v, groupkey =f(Kv,BK0, ...,BKv1,BKv+1, ...BKn),
where n is the group size and f is the group key function.
When the number of nodes increases, the number of parameters for f raises up too. However,
the evaluations f(Kv,BK1,BK2, ...,BKw) and f(Kw,BK1,BK2, ...,BKv) may perform similar
partial
calculi (on BK1 and BK2). In order to prevent several nodes to perform similar calculi, we use
the cryptographic tree to dispatch the global key evaluation.The following example explain
how the group key is computed and how the calculi are dispatched on the groups nodes.
Lets suppose we have 6 members. One of trees that TGDH can produce is represented in the
figure 1. One should remember that the intermediate nodes (i.e the ones that are not leaves)
such as are virtual nodes, which means that they have no real existence and that their
keys are computed
from their children : Kl,v = (BKl+1,2v+1)Kl+1,2v mod p.
-
8/8/2019 Seminar Keymgmt
23/31
Key Management (MANET)
23
In this figure, the copath of the node M1 is represented (in dark line). The copath of a member
is the set of neighbor nodes (virtual or not) associated to the path we get when we want to reach
the root of the tree.The important aspect is that only the BKs on the copath are needed to
evaluate the group key. When we use keys of virtual nodes, it means that the BK is already a
computation of childrens BKs. For instance, the BK of is a computation of those of M5
and M6. Thus,the function f(Kv, ..BK5,BK6, .BKw) is replaced by f(Kv, ..BKparent, ...BKw),
which reduces the number of operations a node has to perform. By comparison, when M1
wants to compute the group key it needs to perform f with
3 BKs, and not 5 (the other members).
In TGDH specifications, we have following membership events:
Join: a new member is added to the group
Leave: a member is removed from the group
Join protocol:
Lets suppose we have n nodes in the group.The new member Mn+1 initiates the join protocol
by sending a join request message that contains its own blinded key BK.When current group
members receive this message, they first determine the insertion node in the tree. If the
cryptographic tree is well balanced, Mn+1 joins at the root node. Otherwise,the insertion node
is the shallowest rightmost node, where the join does not increase the height of the key tree.
The sponsor is the rightmost leaf node in the sub-tree designed by the insertion node (see figure
2).When the sponsor is found, it creates a new intermediate node, and promotes the new
intermediate node to be the parent of both the insertion node and the new member node.The
sponsor broadcasts then the new tree, which contains all
blinded keys.
-
8/8/2019 Seminar Keymgmt
24/31
Key Management (MANET)
24
Leave protocol:
Lets suppose that a member Ml leaves the group. In this case, the sponsor is the right-most
leaf node
of the sub-tree rooted at the leaving members sibling node,as shown in figure 3. The former
sibling of Ml is promoted to replace Mls parent node. The sponsor picks a new
secret,computes all keys on its copath, and broadcasts the new set of blinded keys to the group.
This information allows all
members to recompute the new group key.
Such type of algorithm is used where there is no Centralized approach. So there is no problem of single
point of failure.For distributed approach TGDH is the best solution.
-
8/8/2019 Seminar Keymgmt
25/31
Key Management (MANET)
25
6.3 Key Management inHeterogeneous Sensor Networks:
Most existing research on sensor networks considers homogeneous sensor networks, i.e., all
sensor nodes have the same capabilities in terms of communication,computation, memory
storage, energy supply, reliability, etc. However, a homogeneous ad hoc network suffers from
poor performance and scalability. Recent research has demonstrated its performance bottleneck
both theoretically,and through simulation experiments and testbed measurement.
In this Section, we present a key management scheme specifically designed for Heterogeneous
Sensor Networks. We consider an HSN consisting of two types of sensors:
a small number of powerful H-sensors and
a large number of L-sensors.
First,we list the assumptions of HSN below.
1. Due to cost constraints, L-sensors are not equipped with tamper-resistant hardware.
Assume that if an adversary compromises an L-sensor, she can extract all key material, data,
and code stored on that node.
2. H-sensors are equipped with tamper-resistant hardware. It is reasonable to assume that
powerful H-sensors are equipped with this technology.
3. Each L-sensor (and H-sensor) is static and aware of its own location. Sensor nodes can use
location services such as to estimate their locations,and no GPS receiver is required at each
node.
4. Base stations are trusted.Clusters are formed in an HSN.
Clustering-base schemes are promising techniques for sensor networks because of their good
scalability and support for data aggregation. For an HSN, it is natural to let powerful H-sensors
serve as cluster heads and form clusters around them.
The cluster formation:
In this subsection, we briefly describe the cluster formation scheme in HSN. Details of the
clustering scheme. Both L-sensors and H-sensors are distributed in the network. For simplicity,
we assume that both L-sensors and H-sensors are uniformly and randomly distributed in the
-
8/8/2019 Seminar Keymgmt
26/31
Key Management (MANET)
26
network. Note that our key management schemes also work for other sensor distributions.
During sensor network initialization, each H-sensor broadcasts a Hello message to nearby L-
sensors using the maximum power and with a random delay. The random delay is to avoid the
collision of Hello messages from two neighbor H-sensors. A Hello message includes the ID
and location of the H-sensor. Given the large transmission range of H-sensors and a sufficient
number of H-sensors distributed in the network, most L-sensors can receive Hello messages
from one or more H-sensors. Then each L-sensor chooses the H-sensor whose Hello message
has the best signal strength as the cluster head. Each L-sensor also records other H-sensors
from which it receives the Hello messages, and these H-sensors will serve as backup cluster
heads in case the cluster head fails. A HSN is divided into multiple clusters, where each H-
sensor serves as the cluster head. If the network is a two-dimension plane,each L-sensor will
select the closest H-sensor as the cluster head (except when there is an obstacle in between),
and this leads to the formation of a Voronoi diagram where the cluster heads are the
nuclei of the Voronoi cells. An example of the cluster formation is shown in Fig. 1, where the
small squares are L-sensors, large rectangular nodes are H-sensors, and the large square at the
top-right corner is the base station (BS).
-
8/8/2019 Seminar Keymgmt
27/31
Key Management (MANET)
27
Fig. 1. The Cluster structure in HSN.
The asymmetric pre-distribution keymanagement scheme
In this subsection, we present an effective key management scheme for HSN. The main idea is
to pre-load only a small number of keys in each L-sensor while pre-load a relatively large
number of keys in each H-sensor, since an H-sensor has much larger storage space than an L-
sensor. Furthermore, Hsensors have tamper-resistant hardware to protect a large number of
keys. Since the number of pre-distributed keys in an H-sensor is quite different from that in an
L-sensor, we refer to this scheme as asymmetric pre-distribution (AP) key management
scheme.
The AP scheme includes three phases:
Key pre-distribution phase,
shared-key discovery phase,
and H-sensor based pairwise key setup phase.
We discuss the three phases below.
Key pre-distribution phase includes several steps.First a large pool of P keys and the
corresponding key IDs are generated. Then each L-sensor is preloaded with l keys, randomly
selected from the key pool without replacement. The l keys form a key ring in each L-sensor.
Each H-sensor is pre-loaded with M (M _ l) keys, also randomly selected from the key pool
without replacement. In addition, each H-sensor is pre-loaded with a special key KH. KH is
also known to the BS, but not to any L-sensor. Shared-key discovery phase can be done in
either a centralized way or a distributed way.
The shared key discovery phase begins after cluster formation.
In the distributed way, each L-sensor communicates with its neighbors and find out the shared
keys (if any). The simplest way for any two L-sensors to discover if they share a key is that
each node broadcasts,in clear text, the list of key IDs on its key ring.In the centralized way,
each L-sensor (say u) sends to its cluster head (say H) a clear (un-encrypted) Key-list message,
which includes the L-sensor ID u, key IDs in u, and us location. Then H discovers the shared-
keys between each pair of neighboring L-sensors. H can determine if two L-sensor u and v are
(one-hop) neighbors based on their locations:if the distance between u and v is less than the
trans mission range of an L-sensor, H assumes that u and v are neighbors. Of course sometimes
-
8/8/2019 Seminar Keymgmt
28/31
Key Management (MANET)
28
this is not true, e.g., there is an obstacle between two nodes.However, this will not affect the
security of our key management scheme.After discovering shared-keys between each pair
of neighboring L-sensors, H disseminates the shared-key information to L-sensors using
Sharedkey messages. A Shared-key message includes a list of triple {shared-key ID s, u,v},
which means that L-sensor u and v share key s. If u and v have more than one shared key, only
one will be included in the Shared-key message to reduce overhead. If the number of L-sensors
in the cluster is not very large, one Shared-key message can include the triples for all pairs of
neighbors. Aggregating all the triples in one packet can reduce both the packet header
overhead and delay caused by multiple transmissions .Otherwise, the H-sensor could send a
short Shared-key message with one triple to each pair (e.g., multicasting to only u and v).
Another way to distribute the shared-key information is to divide the cluster into several
sections. For example, the center-right cluster in Fig. 1 is divided into four sections
(by the dashed lines). Then the H-sensor can send to each section one Shared-key message,
which includes the triples for all L-sensors in the corresponding section.
H-sensor based pairwise key setup phase
Some L-sensors may not share any pre-loaded key with neighbors. For each pair of L-sensors
(denoted as x and y) that do not share any key, H first obtains a shared-key between H and x
and a shared-key between H and y, and then H generates a pairwise key for each pair (e.g., x
and y) and sends the key to them securely. First H checks if it has a pre-loaded key shared with
the L-sensor (e.g., x).H is pre-loaded with a large number of keys so there is a high probability
that H can find at least one shared key with x. If H does not share any key with x, the following
scheme is used to set up pairwise key for x and y.
Definition 1. An L-sensor that shares at least one pre-loaded key with its cluster head is
referred to as a 1st-degree neighbor of the cluster head.In case that an L-sensor (say x) does not
share any pre-loaded key with the cluster head H, H will check if any 1st-degree neighbor
shares a key with x. Since every L-sensor sends the Key-list message to H, H knows the pre-
loaded keys in each L-sensor in its cluster. If there is one (or more) 1st-degree neighbor (say z)
that shares a key (say Kx) with x, then H can ask z to send the key Kx to H, encrypted by the
shared key between z and H (say Kz), i.e.,z ! H:{Kx}Kz. Then Hhas a shared-key (Kx) with x.
-
8/8/2019 Seminar Keymgmt
29/31
Key Management (MANET)
29
Definition 2. An L-sensor that shares a key with its cluster head by the help of a jth-degree
neighbor (j = 1 as above) is referred to as a (j + 1)th-degree neighbor of the cluster head, where
j = 1, 2, 3,. . .If none of the 1st-degree neighbors have a shared key with x, H will try the 2nd-
degree neighbors, the 3rd-degree neighbors, up to dth-degree neighbors, where d is a system
parameter. If none of the 1st _ dth degree neighbors have a shared key with x, H sends to the
BS a Request message, which includes one key ID of node x; then the BS sends H the
corresponding key, encrypted by KH. To reduce the communication overhead, H can collect
the IDs of the keys that need to be obtained from the BS, and sends only one Request message
to the BS. After obtaining the keys from the BS, H can generate a pairwise key Kx,y for each
pair of L-sensors x and y,and unicasts the key Kx,y to node x and y, encrypted by the shared
key between H and x, and H and y,respectively, i.e., H ! x:{Kx,y}Kx and H ! y:{Kx,y}
Ky. Then x and y have a pairwise shared key Kx,y,and they can start secure communications.
These are the 3 schemes we have discussed in various scenarios such as in peer to peer
network, in UAV aided cluster based,& Heterogeneous sensor networks. The above schemes
are suitable for respected MANET result in cost effectiveness.
CHAPTER 7Conclusion
Such various schemes are available for key management in MANET .The main aim is to follow
the scheme which significantly improves communication cost with respect to MANET
categorization.
-
8/8/2019 Seminar Keymgmt
30/31
Key Management (MANET)
30
BIBLIOGRAPHY
[1] A Hybrid Group Key Management Architecture forHeterogeneous MANET
By WEI Chu-yuan (Department of Computer Instruction and Network InformationBeijing University of Civil Engineering and Architecture
BeijingChina.)
[2] RFC2093 Group key management protocol.
[3] S-TGDH, secure enhanced group management protocol in ad hoc networks
Author manuscript, published in "CRiSIS'2007 : International Conference on Risksand Security of Internet and Systems, colocated
with IEEE GIIS, Marrakech : Morocco (2007)"byFrederic Cuppens, Nora Cuppens, and Julien Thomas GET/ENST Bretagne, 2 rue de
la Chataigneraie, 35576 Cesson-Sevigne Cedex, France
-
8/8/2019 Seminar Keymgmt
31/31
Key Management (MANET)
[4]Hybrid Group key Management Scheme for Secure Wireless Networks(IEEE paper by Yiling,PhuDung Le,Balasubramaniam.2007)
[5] A survey on Peer to Peer Key management for mobile Ad-hoc Networks(by Johann van
merwe,Dawoud dawoud &Stephen McDonald)
[6]Secure group key management scheme for hierarchical mobile ad hoc networks.[7]An effective key management scheme for heterogeneous sensor networks by Xiaojiang Du a,*,Yang Xiao b, Mohsen Guizani c, Hsiao-Hwa Chen d