seminar keymgmt

8/8/2019 Seminar Keymgmt

1/31

Key Management (MANET)

1

Abstract

The aim of this Seminar is to navigate different key management techniques used in

MANET. Here Peer to Peer Key Management, Group Key Management as well as Key

Management in Heterogeneous sensor networks such different schemes in MANET are

discussed.

Special hybrid group key management scheme for MANET is part of Group key

management. This is combination of LKH & TGDH algorithms. This scheme is called as

Parallel Key Management.

In Peer to peer key management there are various protocols are discussed e.g partially

distributed certificate authority, Mobility based key management etc.

In Heterogeneous Sensor networks formation of clusters form H-Sensor & L-Sensor

sensor nodes. Managing key in such situations is part of this section.

Aim is to choose any scheme suitable for MANET which is cost effective.


2/31


2

CHAPTER 1

INTRODUCTION

1. INTRODUCTION

Todays information systems and the information that they contain are considered to be major

assets that require protection. The information used by government and business is contained in

computer systems consisting of groups of interconnected computers that make use of shared

networks, often referred to as the Internet. Since the Internet is shared by diverse and often

competing organizations and individuals, information systems should protect themselves and

the information that they contain from unauthorized disclosure, modification and use. Even the

denial of service to legitimate users is considered a significant threat. The information used by

these systems requires protection when it is at rest within a protected facility, and also when it

is transported from one location to another.

Cryptography is the practice & study of hiding the information. It is combination of

Algorithm & Key .Algorithm is the process or function which has Plaintext & Key as input &

produces Cipher text as Output. This Cipher text is not easily readable. So, nobody can analyze

the content of Cipher. In Cryptographic world one issue raised that whether to keep Algorithm

secret or Key. But generally the Key has to be Secret. According to OSI security architecture it

is made up of following constraints:

1) Key Generation.

2) Key Distribution.

3) Key Maintenance.

1.1. Key Generation:Key generation is the process of generating keys for Cryptography. A key is used to

encrypt & decrypt whatever data is being encrypted or decrypted. Modern

CryptographicSystems include Symmetric Key algorithms & Public Key algorithms.Symmetric-key

algorithms use a single shared key; keeping data secret requires keeping this key secret.

Public-key algorithms use a public key and a private key. The public key is made


3/31


3

available to anyone (often by means of a digital certificate). A sender will encrypt data

with the public key; only the holder of the private key can decrypt this data.

1.2. Key Distribution:There are various key distribution mechanisms such as DiffeHelman key exchange

algorithm which is used to share a secret key in secure manner.

For public key Dustribution there are several techniques:

1.3. Key Maintenace:Maintaining a key which can be symmetric key or public key. In groups single shared

key is used which has to keep consistent. Because at any time members of Group can

leave or join the group.In such cases the key must be changed & updates must be

forwarded to every member of the group.

Among above key constraints we are going to consider only two. Key Distribution

&Key Maintenance .Key generation is separate area of consideration. In following section we

will see purpose & goal of key management.


4/31


4

CHAPTER 2

Purpose &Goal

2.1Purpose:

The Security protocol needs Key management solution to exchange keys and security

parameters, manage and refresh keys, etc.A key management protocol is executed prior to the

security protocols execution.

2.2Goal:

The Key management protocols main goal is to,in secure and reliable way establish a security

association for the security protocol.This includes one or more cryptographic keys and the set

of necessary parameters for the security protocol, e.g., cipher and authentication algorithms to

be used.

This is we have seen about what is need of key management & what goals it has to accomplish.

In next section we will see Different keys & their distribution techniques.


5/31


5

CHAPTER 3

Cryptographic Keys & Their Distribution

3.1Symmetric Key:

Symmetric key management is the key management of

cryptographic symmetric encryption keys. In a symmetric key algorithm the

keys involved are identical for both encrypting and decrypting a message. Such

keys must be chosen carefully, and distributed and stored securely. In any

system there may be multiple keys for various purposes. Accordingly, key

management is central to the successful and secure use of symmetric key

algorithms.

However distributed, symmetric keys must be stored securely to maintain

communications security. There are various techniques in use to assist with

this. Likely the most common is that an encryption application manages keys

for the user and depends on an access password to control use of the key. It is

rare to use keys in 'raw' form, that is as a string of bits, most probably because

such strings often generate mistakes when handled by humans.

The major issue is length of key use, and therefore frequency of replacement.

Because it increases any attackers required effort, keys should be frequently

changed. This also limits loss of information, as the number of stored encrypted

messages which will become readable when a key is found will be decrease as

the frequency of key change increases. Historically, symmetric keys have been

used for long periods in situations in which key exchange was very difficult or

only possible intermittently. Ideally, the symmetric key should change with

each message or interaction, so that only that message will become readable if

the key is learned (e.g., stolen, cryptanalyzed, or social engineered).

3.2 PrivateKey & Public Key:


6/31


6

Private Key is private & does not need distribution.

There are various ways for public key distribution:

1. Public Announcement :Public key announcement any sender suppose A will publicly announce his

own key so that anybody want to communicate with that person can use that

key. But, there is one problem with this system. Anyone can forge such

announcement. Suppose anybody can forge that he is Sender A so other

persons can create secret messages intended to A with forged key therefore

forger can get secret information intended to A easily.

2. Public Key Directory:Public Key directory is Directory server which stores publicly all public keys.

The authority maintains a directory with {name, public key} entry for each

participant. Each participant registers public key with directory authority my

person or by some form secure authenticated communication. Participant may

change his public key due to comprised of private key some way. Periodically

authority publishes the entire directory.(same as telephone directory).

3. Public Key Certificates:Here participants can exchange keys without contacting public Key Authority.

Each Certificate contains public key & other information is created by Certificate Authority&

is given to the participant matching private key.A participant conveys its key information to

another by transmitting certificates.Therfore any participant can read a certificate to determine

the name and public key of the certificates owner.Also,any participant can verify that the

certificate originated from the Certificate authority and is not counterfit.Only the Certificate

authority can create and update certificates.The participant can verify the currency of the

certificate.

4. Public Key Authority:Central authority maintains dynamic directory of public keys of all

participants.In addition each participant reliably knows a public key for the

authority,with the only authority knowing the corresponding private key.


7/31


7

These are the basic key distributionstechniques we have considered. There are

various different techniques are also available such as PGP, Kerberos

etc.Uptil now we have seen about peer to peer key distribution or management.

In next section we will see Group Key management.


8/31


8

CHAPTER 4

Group Key Management

4.1Group key Management Protocol:

The GKMP creates key for cryptographic groups, distributes key to the

group members, ensures (via peer to peer reviews) rule based access control of keys, denies

access to known compromised hosts, and allow hierarchical control of group actions.

The key generation concept used by the GKMP is cooperative generation between two

protocol entities. There are several key generation algorithms viable for use in the GKMP (i.e.,

RSA, Diffe-Hellman,elliptic curves). All these algorithms use asymmetric key technology

to pass information between two entities to create a single cryptographic key.

The GKMP then distributes the group keys to qualified GKMP entities.This distribution

process is a mutually suspicious process (all actions and identities must be verified).The GKMP

provides a peer to peer review process. Protocol entities pass permission certificates (PC) as

part of the group key distribution process. The PCs contain access control information about a

particular site. This access control information is assigned by a higher authority which then

signs the PC. Therefore each entity can verify the permissions of any other GKMP entity but

can modify none. Each protocol entity checks the permissions and compares them the level of

service requested. If the permissions do not exceed or equal the request, the service is denied.

The GKMP supports compromise recovery. A list of compromised GKMP entities is

distributed to group members during key management actions. In essence, a Compromise

Recovery List (CRL) allows group members to drop connections with compromised entities.

The GKMP delegates control of groups to specific group controllers so it will be somewhat

easier to distribute the CRL to the most important GKMP entities. During each key

management action the CRL version number is passed, when a CRL update is detected it isdownloaded and verified (it is signed by a higher authority).The GKMP allows control of group

actions. In certain networks it is desirable for a higher authority to strictly control the

generation of groups. These networks usually have a central network operations authority. The


9/31


9

GKMP allows these authorities to remotely order group actions. These orders are signed by

that authority and verified by all entities involved with the group.

The GKMP is an application layer protocol. It's independent of the underlying communication

protocol. However, if multicast service is available it will speed the rekey of the cryptographic

groups. Hence, the GKMP does use multicast services if they are available

2 Overview: GKMP Roles

Creation and distribution of grouped key require assignment of roles. These identify what

functions the individual hosts perform in the protocol. The two primary roles are those of key

distributor and member. The controller initiates the creation of the key, forms the key

distribution messages, and collects acknowledgment of key receipt from the receivers. The

members wait for a distribution message, decrypt, validate, and acknowledge the receipt of

new key.

4.2 Group controller

The group controller (GC) is the a group member with authority to perform critical protocol

actions (i.e., create key, distribute key, create group rekey messages, and report on the

progress of these actions). All group members have the capability to be a GC and could

assume this duty upon assignment.

The GC helps the cryptographic group reach and maintain key synchronization. A

group must operate on the same symmetric cryptographic key. If part of the group loses or

inappropriately changes it's key, it will not be able to send or receive data to another host

operating on the correct key. Therefor, it is important that those operations that create or

change key are unambiguous and controlled (i.e., it would not be appropriate for multiple

hosts to try to rekey a net simultaneously). Hence, someone has to be in charge -- that is

the controller.

4.3 Group member


10/31


10

Simply stated a group member is any group host who is not acting as the controller. The

group members will: assist the controller in creating key, validate the controller authorization

to perform actions, accept key from the controller, request key from the controller, maintain

local CRL lists, perform peer review of key management actions, and manage local key.

The Group key management or peer to peer key management is easy with wired networks. But

what happens if it in wireless network where nodes are not fixed(i.e mobile) & nodes do not

have same computing power. We have considered such a wireless network MANET. In

following section we will see what is MANET? its characteristics & diff key management

schemes in MANET.


11/31


12/31


12

given characteristics. For example, an open or public MANET will take on aself-organized

nature, and hence the end-users will set up and manage the network themselves. This means

that an offline authority may not be available. In contrast, MANETs used in military

applications will not have a self-organized characteristic, but will make use of an offline

authority to initialize the nodes; the authority-basedapproach allows for robust access

control to the network services.

Another example of varying characteristics emerges from MANETs formed by sensor

nodes or laptop computers. Clearly schemes designed for MANETs formed by laptop

computers will not have the same limitation on memory, energy (battery), and computational

resources as those formed by sensor nodes.It is thus apparent that a clear description of a key

management schemes intended application is necessary. The application may dictate the

characteristics of the MANET and the degree to which some characteristics will influence the

design of a suitable scheme.

5.1.1. Network Infrastructure

There is no fixed or preexisting infrastructure in an ad hoc network: all network functions

(routing, security, network management, etc.) are performed by the nodes themselves.Due to

the nodes limited transmission range, data dissemination is achieved in a multihop fashion;

nodes can therefore be considered as hosts and routers. Although the lack of infrastructure

opens a new window of opportunity for attacks, the authors believe that the lack of

infrastructure can help to ensure the survivability of the network in a very hostile environment.

This holds true not only from a network security perspective, but also when the users of the

network are under physical attack.Ad hoc networks may be spontaneously formed with no a

priori knowledge of the physical location and networking environment. MANETs lack of

infrastructure thus makes it suitable for various applications where conventional networks fall

short. Hybrid ad hoc networks combine conventional network infrastructure with multihopping.

This derivative of ad hoc networks will find useful application where fixed infrastructure can

be extended through multihop networks or where the functionality (and performance) of

multihop networks can be enhanced by relying on some infrastructure.

5.1.2. Network Topology

Nodes in ad hoc networks may be mobile resulting in a dynamic, weakly connected topology.

Since node mobility is unrestricted, the topology may be unpredictable. The network will,


13/31


13

however, demonstrate global mobility patterns which may not be completely random.The

topology is weakly connected due to transient, errorprone, wireless connectivity. The users may

therefore experience unavailability of essential networking services.Node mobility and wireless

connectivity allow nodes to spontaneously join and leave the network, which makes the

network amorphous. Security services must be able to scale seamlessly and remain available

with changes in network topology.

5.1.3. Self-Organization

MANETs cannot rely on any form of central administration or control; this is essential

to avoid a single point of attack. Aself-organizedMANET cannot rely on any form ofoffline

trusted third party (TTP); the network can thus be initialized by a distributed online TTP.

Apure orfully self-organizedMANET does not rely on any form of TTP whatsoever, that is,

the online TTP is also eliminated. Nodes will therefore only have compatible devices with the

same software installed. In the extreme case, the nodes will not even share a common set of

security system parameters. The lack of a TTP may force the end-users to actively participate in

the set up of security associations. A (fully) self-organized MANET has some inherent security

implications:

Fully self-organized MANETs are open in nature: similar to the Internet, any user

can join the network at random. Access control to applications will have to be provided

at the application layer with a varying degree of user interaction.

Each user will be its own authority domain, and hence responsible for generating and

distributing its own keying material. Any node can generate more than one identity when there

is no offline TTP. It is thus clear that it will be very difficult (if not impossible) to limit users to

one and only one unique identity in a (fully) self-organized setting.

The network will always be vulnerable to the active insider adversary.for example, it fails to

capture information an adversary may gain from detailed knowledge of the protocols in use. An

interesting topic for future research will be the adversary model in open ad hoc networks.

It will be difficult to hold malicious nodes accountable for their actions, since they can

always rejoin the network under a different (new) identity.

5.1.4. Limited Resources

Nodes have limited computational, memory, and energy resources in contrast to their wired

predecessors. Nodes are small hand-held devices (possibly off-the-shelf consumer


14/31


14

electronics) that do not hinder user mobility. In an attempt to keep the cost of these devices

low, they are normally powered by a small CPU, accompanied by limited memory resources.

As the devices are mobile, they are battery operated. This often results in short on times and the

possibility of power failure due to battery exhaustion, perhaps during execution of a network-

related function.

Devices may have limited bandwidth and transmission ranges. If it is assumed that

advances in integrated circuit (IC) technology will keep on following Moores law,

computational

and memory limitations will be alleviated in a matter of time. Bandwidth and

transmission range (in the case of communication via radio transmissions) are unlikely

to improve dramatically with respect to power consumption as both are dependent on

Shannons law and thus limited . In order to achieve a higher

bandwidth, a higher signal-to-noise ratio (SNR) is required, which in turn requires

higher transmission power. Higher transmission power significantly

depletes battery power, which is unlikely to improve significantly given the

current rate of advancement in battery technology.

A security protocol that fails to optimize node and network resources will simply not

be adopted in practice.

5.1.5. Poor Physical Security

Nodes are mobile and therefore cannot be locked up in a secure room or closet. These small

hand-held devices are easily compromised by either being lost or stolen. It is therefore highly

probable than an adversary can physically compromise one or more nodes and perform any

number of tests and analysis. The adversary can also use the nodes to attack distributed network

services, such as a distributed online certificate . Poor physical security is not as relevant in

openMANETs: the adversaries do not have to physically capture nodes to become an insider

or to perform analysis on the protocols. The poor physical security of mobile devices may

result in serious problems in closed, military-type MANETs where physically compromised

nodes can be used to launch active, insider attacks on the network.

5.1.6. Shared Physical Medium

The wireless communication medium is accessible to any entity with the appropriate equipment

and adequate resources. Accordingly, access to the channel cannot be restricted. Adversaries


15/31


15

are therefore able to eavesdrop on communications and inject bogus messages into the network

without limitation. The shared channel and the nodespoor physical security again emphasize

that security mechanisms must be able to deal with the worst-case active, insideradversary.

In this section we have briefly introduced MANET architecture. Next section will contain

different key management schemes in MANET.


16/31


16

CHAPTER 6

Different Key Management Schemes used in MANET

There are several key management schemes present in MANET.Out of which we will see here

following three schemes:

y Peer to Peer Key Management in MANET.y Hybrid Group Key Management in MANET.y Key Management scheme in Heterogeneous MANET.

We will see each scheme in detail here.

6.1 Peer to Peer Key Management in MANET:

This article focuses on peer-to-peer key management for mobile ad hoc networks (MANETs).

Investigations by the authors within the available publications have led to the classification of

the current protocols into the following subsets:

(1) partially distributed certificate authority;

(2) fully distributed certificate authority

(3) identity-based key management;

(4) certificate chaining-based key management;(5) cluster-based key management;

(6) predeployment-based key management;

(7) mobility-based key management, and

(8) parallel key management.

Most of the above subsets use public key cryptography due to its superiority in distributing

keys, providing authentication, and achieving integrity and nonrepudiation.

Symmetric key systems need a channel that provides both data integrity and confidentiality: the

latter property may not always be

readily available without any form of trusted authority or secure side channel (such as

an infrared interface).

1) The partially distributedcertificate authority group of protocols distributes the trust


17/31


17

in the certificate authority to a subset of the network communication entities. The

approach mitigates the single point of vulnerability inherent to the centralizedcertificate

authority.

2) Thefully distributed certificate authorityprotocol subset preserves the symmetric

relationships

between the communication entities in MANETs by distributing the burden

of key management to allcommunication entities. Each authorized node in the network

receives a share of the certificate authoritys secret key, allowing neighbors to service

requests for certification. The protocol that introduced this method was presented in

Luo et al. [2002] (Section 7).

3) The identity-based key managementapproach borrows concepts from thepartially

distributed certificate authorityprotocols, but uses an identity-based cryptosystem to

reduce the storage requirement compared to conventional public key cryptosystems.

The protocol will be considered as representative of this protocol

group .

4) In the certificate chaining-based key managementapproach, communication entities

can authenticate certificates by means of finding certificate chains between them.

Certificate chaining can be explained by the following example: partyA wants to communicate

with party C, which requires partyA to authenticate party Cs certificate.

The two parties have no communication history, but partyA trusts the certificate of a third

entity, partyB. PartyB informs partyA that it trusts the certificate of party C.PartyA that trusts

partyB will thus also trust party Cas a result of partyBs recommendation.There is thus a fully

connected certificate chain between partyA and Cthrough partyB, which enables partyA to

authenticate the certificate of party Cwithout any previous communication.

5) The cluster-based key managementsubset relies on a clustering algorithm to subdivide

the network into smaller groups. Group members in the same proximity can monitor their

neighbors and make recommendations to members from other groups on the authenticity of

their neighbors certificates. The cluster-based subset is introduced by investigating the

protocol.

6) The predeployment-based key managementsubset makes use of an offline authority to

issue each node with keying material prior to network formation. It is widely agreed that key


18/31


18

predistribution techniques are ideally suited for establishing secure connectivity in large-scale

distributed sensor networks. The limitations of sensor networks render conventional key

establishment techniques (such as public key cryptography) unsuitable .

7)The mobility-based key managementsubset exploits mobility and node encounters to

establish security associations and to warrant mutual authentication between users.

In contrast to the previously discussed subsets, the protocols in this group introduce

a shift in paradigm with respect to previous attempts to provide key management for

fully self-organized MANETs. Rather than trying to adapt solutions suited for conventional

wireline networks, the protocols in this subset use the unique characteristics of

MANETs to their advantage.

8)The combination of any of the above key management approaches gives rise to what

the authors call the parallel key managementsubset. By using two or more of the

above approaches in parallel, the advantages of the one scheme is used to mitigate the

disadvantages of the other. The subset which combines apartially distributed certificate

authority and the certificate chaining-based key management approach.

6.2Hybrid Group Key Management in MANET:

Let us see how the group key is managed in MANET by combining two group key

management schemes into one to form Hybrid scheme.

Network Model ofMANET:

MANET has two model including constitutive model and heterogeneous model. The difference

between is that the heterogeneous model is not a peer-to-peer node, that is, they do not

necessarily have the same computing, communications ability. All individual nodes form a

hierarchical structure in a heterogeneous MANET.

Figure depicts a heterogeneous MANET model supported by an unmanned aircraft

(UAV).All of the terrestrial mobile nodes are in a separate area, the region from 50 to 60 a

1000 feet height to the diameter of the circle is 8 nautical miles of the UAV to maintain flight.

From

the UAV to the ground node of the beam to form a shared access network UAV was used to

create it from the UAV to the ground mobile backbone communications between nodes.


19/31


19

HybridKeymanagement Architecure:

A heterogeneous MANET forms a two-tier structure, UAV could serve as a trusting center onthe ground mobile backbone nodes and ordinary nodes certification services. On the ground

floor, each cluster head node is responsible for the management of a local sub-group of all the

ordinary nodes,these nodes can be seen as a common internal node cluster,constitutes the focus

on the management of clusters. Cluster head node is generally stronger than ordinary node

computing power and stability, and other anti-attack capability, the general node cluster head

node to accept a variety of command and in accordance with the directives for action. All the

cluster head nodes constitute the first layer of distributed contributory agreement.

For the heterogeneous characteristics of MANET, a hybrid strategy is adopted to design

a heterogeneous MANET Group Key Management Architecture. In the structure, each cluster

node can all share a common local group key. Each cluster head node generates and distributes

it to all ordinary cluster nodes for encryption and decryption within the cluster communication

message. Generally, every cluster has a small number of members. The cluster head node with

more than ordinary computing nodes, consider using a centralized group key management

program LKH as a cluster within the Group Key Management Protocol, which is a group of

key advantages of the calculation and distribution of the completion by the group controller,

when the smaller group, the common node to join or leave the key updates to maintain

high efficiency.

Throughout the MANET, the ground mobile backbone nodes servers as a cluster head node in

all sub-groups. The cluster head nodes are distributed in the entire MANET and form a


20/31


20

distributed collaborative relationship. To complete the secure communications between all

nodes, the cluster head must adopt a common group key. Because each cluster head node has

an equal relation, there is no centralized control node.TGDH is a good distributed group key

agreement protocol for the generations of common key of cluster head nodes as the group key.

Its advantages are the group key generated through a share provided by each member and each

cluster head node with more than ordinary members of the computing nodes. A contributory

key agreement approach can effectively avoid the single point failure. A Situation is assumed

in the paper before the start of the group communication. The cluster members and cluster head

nodes in each group before communications have been received through the UAV between the

public key certificate, and by ensuring that the key security to offer implicit key authentication.

y Key Management Protocol within MANET Cluster:The binary tree LKH protocol is used as the key management within the cluster. Every cluster

member has a common group key. Only the cluster key need to be updated when the

membership changes. In order to keep the secure cluster communication, the key must be

update when one member joins or leaves the cluster.

Fig. Logical key hierarchy in each Cluster

As shown in figure, Suppose there are 8 members within cluster.In LKH these members are

located at laves of the tree. Let us consider m3 is the holder of the key {K3, K14, K18}.Here

the root node of the cluster group key is K18.For each node of apply to join the cluster, it

unicasts request message of an authentication information to the cluster head node. New

members to receive the request message, the

cluster head node to check the legality of authentication information, which agreed to decide

whether to add it to the group communication cluster. For each application for a new member

to join (such as m3) by adding sub-group, cluster head node to create a new group key K


21/31


21

shared with only m3, the previous sub-group K is used to encrypt the new key K and multicast

it to all of the current nodes within the cluster. Every cluster head node maintains a logical

auxiliary key tree. The new members to join need to create a logical key tree leaf node, if the

auxiliary key in the current tree to find a location free of leaves, on the arrangements for the

new adding members to the vacant position, if there is no idle position,

could be left from the bottom of the leaf node to start to create a new level, to accommodate

more new members apply to join.

When a member leaves the cluster, in order to ensure the security, the cluster head node need

to update the leaving member that holding all the keys, because these keys may be used by

other members. In order to ensure that the leaving group members cannot decrypt the

communication from the group, cluster head nodes need to update some keys on the key path

which is from the leaving node to the root node. As shown in Figure , if m3 leaves the cluster,

cluster head node must be updated K14, K18. First of all, the cluster node send (K14) K1,

(K14) K2, (K14) K4 to the m1, m2, m4 to update the K14, and then send (K18) K14 to the

m1, m2, m4, (K18) K58 to m5 ~ m8 to update the group key K18.

6.2 TGDH(Tree Based Graph Diffe-Hellman):

Because there is no centralized control structure, all cluster head nodes form a control node

group. They need to communicate with each other and keep a distributed partnership. All

cluster nodes are equal. We think TGDH as a key agreement protocol of cluster head node is

appropriate.

The TGDH cryptographic algorithm relies on the Diffie-Hellman solution adapted to the group

problem. Thus, the arithmetic operations are performed in a group of prime order p with the

generator , where p

(prime integer) and (exponentiation base) are the ones described in the Diffie-Hellman

protocol.

The notion of Group Diffie-Hellman is due to the fact that the group key is generated using the

Diffie-Hellman problem.

Each member possesses two personal keys:

y a private partial-key Kvy a public one BKv,


22/31


22

where,

BKv = Kv mod p.

The public group key is a function of the other nodes public keys and the current node private

key. Lets say: for v, groupkey =f(Kv,BK0, ...,BKv1,BKv+1, ...BKn),

where n is the group size and f is the group key function.

When the number of nodes increases, the number of parameters for f raises up too. However,

the evaluations f(Kv,BK1,BK2, ...,BKw) and f(Kw,BK1,BK2, ...,BKv) may perform similar

partial

calculi (on BK1 and BK2). In order to prevent several nodes to perform similar calculi, we use

the cryptographic tree to dispatch the global key evaluation.The following example explain

how the group key is computed and how the calculi are dispatched on the groups nodes.

Lets suppose we have 6 members. One of trees that TGDH can produce is represented in the

figure 1. One should remember that the intermediate nodes (i.e the ones that are not leaves)

such as are virtual nodes, which means that they have no real existence and that their

keys are computed

from their children : Kl,v = (BKl+1,2v+1)Kl+1,2v mod p.


23/31


23

In this figure, the copath of the node M1 is represented (in dark line). The copath of a member

is the set of neighbor nodes (virtual or not) associated to the path we get when we want to reach

the root of the tree.The important aspect is that only the BKs on the copath are needed to

evaluate the group key. When we use keys of virtual nodes, it means that the BK is already a

computation of childrens BKs. For instance, the BK of is a computation of those of M5

and M6. Thus,the function f(Kv, ..BK5,BK6, .BKw) is replaced by f(Kv, ..BKparent, ...BKw),

which reduces the number of operations a node has to perform. By comparison, when M1

wants to compute the group key it needs to perform f with

3 BKs, and not 5 (the other members).

In TGDH specifications, we have following membership events:

Join: a new member is added to the group

Leave: a member is removed from the group

Join protocol:

Lets suppose we have n nodes in the group.The new member Mn+1 initiates the join protocol

by sending a join request message that contains its own blinded key BK.When current group

members receive this message, they first determine the insertion node in the tree. If the

cryptographic tree is well balanced, Mn+1 joins at the root node. Otherwise,the insertion node

is the shallowest rightmost node, where the join does not increase the height of the key tree.

The sponsor is the rightmost leaf node in the sub-tree designed by the insertion node (see figure

2).When the sponsor is found, it creates a new intermediate node, and promotes the new

intermediate node to be the parent of both the insertion node and the new member node.The

sponsor broadcasts then the new tree, which contains all

blinded keys.


24/31


24

Leave protocol:

Lets suppose that a member Ml leaves the group. In this case, the sponsor is the right-most

leaf node

of the sub-tree rooted at the leaving members sibling node,as shown in figure 3. The former

sibling of Ml is promoted to replace Mls parent node. The sponsor picks a new

secret,computes all keys on its copath, and broadcasts the new set of blinded keys to the group.

This information allows all

members to recompute the new group key.

Such type of algorithm is used where there is no Centralized approach. So there is no problem of single

point of failure.For distributed approach TGDH is the best solution.


25/31


25

6.3 Key Management inHeterogeneous Sensor Networks:

Most existing research on sensor networks considers homogeneous sensor networks, i.e., all

sensor nodes have the same capabilities in terms of communication,computation, memory

storage, energy supply, reliability, etc. However, a homogeneous ad hoc network suffers from

poor performance and scalability. Recent research has demonstrated its performance bottleneck

both theoretically,and through simulation experiments and testbed measurement.

In this Section, we present a key management scheme specifically designed for Heterogeneous

Sensor Networks. We consider an HSN consisting of two types of sensors:

a small number of powerful H-sensors and

a large number of L-sensors.

First,we list the assumptions of HSN below.

1. Due to cost constraints, L-sensors are not equipped with tamper-resistant hardware.

Assume that if an adversary compromises an L-sensor, she can extract all key material, data,

and code stored on that node.

2. H-sensors are equipped with tamper-resistant hardware. It is reasonable to assume that

powerful H-sensors are equipped with this technology.

3. Each L-sensor (and H-sensor) is static and aware of its own location. Sensor nodes can use

location services such as to estimate their locations,and no GPS receiver is required at each

node.

4. Base stations are trusted.Clusters are formed in an HSN.

Clustering-base schemes are promising techniques for sensor networks because of their good

scalability and support for data aggregation. For an HSN, it is natural to let powerful H-sensors

serve as cluster heads and form clusters around them.

The cluster formation:

In this subsection, we briefly describe the cluster formation scheme in HSN. Details of the

clustering scheme. Both L-sensors and H-sensors are distributed in the network. For simplicity,

we assume that both L-sensors and H-sensors are uniformly and randomly distributed in the


26/31


26

network. Note that our key management schemes also work for other sensor distributions.

During sensor network initialization, each H-sensor broadcasts a Hello message to nearby L-

sensors using the maximum power and with a random delay. The random delay is to avoid the

collision of Hello messages from two neighbor H-sensors. A Hello message includes the ID

and location of the H-sensor. Given the large transmission range of H-sensors and a sufficient

number of H-sensors distributed in the network, most L-sensors can receive Hello messages

from one or more H-sensors. Then each L-sensor chooses the H-sensor whose Hello message

has the best signal strength as the cluster head. Each L-sensor also records other H-sensors

from which it receives the Hello messages, and these H-sensors will serve as backup cluster

heads in case the cluster head fails. A HSN is divided into multiple clusters, where each H-

sensor serves as the cluster head. If the network is a two-dimension plane,each L-sensor will

select the closest H-sensor as the cluster head (except when there is an obstacle in between),

and this leads to the formation of a Voronoi diagram where the cluster heads are the

nuclei of the Voronoi cells. An example of the cluster formation is shown in Fig. 1, where the

small squares are L-sensors, large rectangular nodes are H-sensors, and the large square at the

top-right corner is the base station (BS).


27/31


27

Fig. 1. The Cluster structure in HSN.

The asymmetric pre-distribution keymanagement scheme

In this subsection, we present an effective key management scheme for HSN. The main idea is

to pre-load only a small number of keys in each L-sensor while pre-load a relatively large

number of keys in each H-sensor, since an H-sensor has much larger storage space than an L-

sensor. Furthermore, Hsensors have tamper-resistant hardware to protect a large number of

keys. Since the number of pre-distributed keys in an H-sensor is quite different from that in an

L-sensor, we refer to this scheme as asymmetric pre-distribution (AP) key management

scheme.

The AP scheme includes three phases:

Key pre-distribution phase,

shared-key discovery phase,

and H-sensor based pairwise key setup phase.

We discuss the three phases below.

Key pre-distribution phase includes several steps.First a large pool of P keys and the

corresponding key IDs are generated. Then each L-sensor is preloaded with l keys, randomly

selected from the key pool without replacement. The l keys form a key ring in each L-sensor.

Each H-sensor is pre-loaded with M (M _ l) keys, also randomly selected from the key pool

without replacement. In addition, each H-sensor is pre-loaded with a special key KH. KH is

also known to the BS, but not to any L-sensor. Shared-key discovery phase can be done in

either a centralized way or a distributed way.

The shared key discovery phase begins after cluster formation.

In the distributed way, each L-sensor communicates with its neighbors and find out the shared

keys (if any). The simplest way for any two L-sensors to discover if they share a key is that

each node broadcasts,in clear text, the list of key IDs on its key ring.In the centralized way,

each L-sensor (say u) sends to its cluster head (say H) a clear (un-encrypted) Key-list message,

which includes the L-sensor ID u, key IDs in u, and us location. Then H discovers the shared-

keys between each pair of neighboring L-sensors. H can determine if two L-sensor u and v are

(one-hop) neighbors based on their locations:if the distance between u and v is less than the

trans mission range of an L-sensor, H assumes that u and v are neighbors. Of course sometimes


28/31


28

this is not true, e.g., there is an obstacle between two nodes.However, this will not affect the

security of our key management scheme.After discovering shared-keys between each pair

of neighboring L-sensors, H disseminates the shared-key information to L-sensors using

Sharedkey messages. A Shared-key message includes a list of triple {shared-key ID s, u,v},

which means that L-sensor u and v share key s. If u and v have more than one shared key, only

one will be included in the Shared-key message to reduce overhead. If the number of L-sensors

in the cluster is not very large, one Shared-key message can include the triples for all pairs of

neighbors. Aggregating all the triples in one packet can reduce both the packet header

overhead and delay caused by multiple transmissions .Otherwise, the H-sensor could send a

short Shared-key message with one triple to each pair (e.g., multicasting to only u and v).

Another way to distribute the shared-key information is to divide the cluster into several

sections. For example, the center-right cluster in Fig. 1 is divided into four sections

(by the dashed lines). Then the H-sensor can send to each section one Shared-key message,

which includes the triples for all L-sensors in the corresponding section.

H-sensor based pairwise key setup phase

Some L-sensors may not share any pre-loaded key with neighbors. For each pair of L-sensors

(denoted as x and y) that do not share any key, H first obtains a shared-key between H and x

and a shared-key between H and y, and then H generates a pairwise key for each pair (e.g., x

and y) and sends the key to them securely. First H checks if it has a pre-loaded key shared with

the L-sensor (e.g., x).H is pre-loaded with a large number of keys so there is a high probability

that H can find at least one shared key with x. If H does not share any key with x, the following

scheme is used to set up pairwise key for x and y.

Definition 1. An L-sensor that shares at least one pre-loaded key with its cluster head is

referred to as a 1st-degree neighbor of the cluster head.In case that an L-sensor (say x) does not

share any pre-loaded key with the cluster head H, H will check if any 1st-degree neighbor

shares a key with x. Since every L-sensor sends the Key-list message to H, H knows the pre-

loaded keys in each L-sensor in its cluster. If there is one (or more) 1st-degree neighbor (say z)

that shares a key (say Kx) with x, then H can ask z to send the key Kx to H, encrypted by the

shared key between z and H (say Kz), i.e.,z ! H:{Kx}Kz. Then Hhas a shared-key (Kx) with x.


29/31


29

Definition 2. An L-sensor that shares a key with its cluster head by the help of a jth-degree

neighbor (j = 1 as above) is referred to as a (j + 1)th-degree neighbor of the cluster head, where

j = 1, 2, 3,. . .If none of the 1st-degree neighbors have a shared key with x, H will try the 2nd-

degree neighbors, the 3rd-degree neighbors, up to dth-degree neighbors, where d is a system

parameter. If none of the 1st _ dth degree neighbors have a shared key with x, H sends to the

BS a Request message, which includes one key ID of node x; then the BS sends H the

corresponding key, encrypted by KH. To reduce the communication overhead, H can collect

the IDs of the keys that need to be obtained from the BS, and sends only one Request message

to the BS. After obtaining the keys from the BS, H can generate a pairwise key Kx,y for each

pair of L-sensors x and y,and unicasts the key Kx,y to node x and y, encrypted by the shared

key between H and x, and H and y,respectively, i.e., H ! x:{Kx,y}Kx and H ! y:{Kx,y}

Ky. Then x and y have a pairwise shared key Kx,y,and they can start secure communications.

These are the 3 schemes we have discussed in various scenarios such as in peer to peer

network, in UAV aided cluster based,& Heterogeneous sensor networks. The above schemes

are suitable for respected MANET result in cost effectiveness.

CHAPTER 7Conclusion

Such various schemes are available for key management in MANET .The main aim is to follow

the scheme which significantly improves communication cost with respect to MANET

categorization.


30/31


30

BIBLIOGRAPHY

[1] A Hybrid Group Key Management Architecture forHeterogeneous MANET

By WEI Chu-yuan (Department of Computer Instruction and Network InformationBeijing University of Civil Engineering and Architecture

BeijingChina.)

[2] RFC2093 Group key management protocol.

[3] S-TGDH, secure enhanced group management protocol in ad hoc networks

Author manuscript, published in "CRiSIS'2007 : International Conference on Risksand Security of Internet and Systems, colocated

with IEEE GIIS, Marrakech : Morocco (2007)"byFrederic Cuppens, Nora Cuppens, and Julien Thomas GET/ENST Bretagne, 2 rue de

la Chataigneraie, 35576 Cesson-Sevigne Cedex, France


31/31


[4]Hybrid Group key Management Scheme for Secure Wireless Networks(IEEE paper by Yiling,PhuDung Le,Balasubramaniam.2007)

[5] A survey on Peer to Peer Key management for mobile Ad-hoc Networks(by Johann van

merwe,Dawoud dawoud &Stephen McDonald)

[6]Secure group key management scheme for hierarchical mobile ad hoc networks.[7]An effective key management scheme for heterogeneous sensor networks by Xiaojiang Du a,*,Yang Xiao b, Mohsen Guizani c, Hsiao-Hwa Chen d

seminar keymgmt

Documents