A New Region based Group Key ManagementProtocol for MANETs
N. Vimala
Senior Lecturer, Department of Computer ScienceCMS College of Science and CommerceCoimbatore, India
.
vimalarmd@rediffmail.com
Dr. R. BalasubramanianDean Academic AffairsPPG Institute of TechnologyCoimbatore, India.ramamurthybala2@gmail.com
Abstract-
Key management in the ad hoc network is a challengingissue concerning the security of the group communication. Group keymanagement protocols can be approximately classified into threecategories; centralized, decentralized, and distributed. The most suitable solution to provide the services like authentication, dataintegrity and data confidentiality is the establishment of a keymanagement protocol. This paper proposes an approach for thedesign and analysis of region-based key management protocols for scalable and reconfigurable group key management in Mobile Ad Hoc Networks (MANETs). Most of the centralized key management protocols arises an issue on data security on group communication.The proposed region-based group key management protocol dividesa group into region-based subgroups based on decentralized keymanagement principles. This region-based group key management protocols deal with outsider attacks in MANETs to preserve thesecurity properties. A performance model to evaluate the network traffic cost generated for group key management in the proposed region-based protocol for MANETs is developed. Cost for joining or leaving the group and the cost for group communication areconsidered in evaluating the performance of the proposed region-based group key management scheme
.
Keywords-
Cluster Head, Group Key, Key Management Protocol, Mobile Ad Hoc Networks (MANETs), Region-based, and Rekeying.
I.
I
NTRODUCTION
Generally, an ad hoc network is an assortment of independent nodes that communicate with each other, mostregularly using a multi-hop wireless network. Nodes do notinevitably know each other and come together to form an adhoc group for some particular reason. Key distribution systemstypically involve a trusted third party (TTP) that acts as anintermediary between nodes of the network. A node in an adhoc network has straight connection with a set of nodes, calledneighboring nodes, which are in its communication range. Thenumber of nodes in the network is not essentially preset. Newnodes may join the network while existing ones may becompromised or become un-functional [1]. Key managementin the ad hoc network is a challenging issue concerning thesecurity of the group communication. Group key management protocols can be approximately classified into threecategories; centralized, decentralized, and distributed [2].MANET is one where there is no predeterminedinfrastructure such as base stations or mobile switchingcenters. Mobile nodes that are within each other’s radio rangecommunicate directly by means of a wireless network,whereas those far apart rely on other nodes to act as routers torelay its messages [3]. The most suitable solution to providethe services among which authentication, data integrity anddata confidentiality is the establishment of a key management protocol. This protocol is liable for the generation and thedistribution of the traffic encryption key (TEK) to all themembers of a group. This key is used by the source to encryptmulticast data and by the receivers to decrypt it. Thereforeonly legitimate members are able to receive the multicast flowsent by the group source [4]. The elemental security services provided by every key management system are keysynchronism, secrecy, freshness, independence,authentication, confirmation, forward and backward secrecy[7].Clustering is the concept of dividing the multicast groupinto a number of sub-groups. Each sub-group is managed by alocal controller (LC), accountable for local key managementwithin its cluster. Furthermore, not many solutions for multicast group clustering did think about the energy problemto realize an efficient key distribution process, whereas energyconstitutes a foremost concern in ad hoc environments [5] [6].The group key is generated by the cluster head andcommunicated to other members through a secure channel thatuses public key cryptography [14]. Clusters may be used for achieving different targets [8]. Some of them are clustering for transmission management, clustering for backbone formationand clustering for routing efficiency. Group key managementmust be opposing to an extensive range of attacks by bothoutsiders and rouge members. In addition, group keymanagement must be scalable, i.e., their protocols should beefficient in resource usage and able to decrease the effects of amembership change.This paper proposes an approach for the design and analysisof region-based key management protocols for scalable andreconfigurable group key management in MANETs. Thisregion-based group key management protocols deal withoutsider attacks in MANETs to preserve the security properties. A performance model to evaluate the network traffic cost generated for group key management in the proposed region-based protocol for MANETs is developed.The remainder of this paper is structured as follows. Section2 of this paper discusses some of the earlier proposed cluster based group key management techniques. Section 3 describesour proposed method of new region based group keymanagement protocol for MANETs. Section 4 explains the
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, May 2010194http://sites.google.com/site/ijcsis/ISSN 1947-5500
performance evaluation of the proposed approach and section5 concludes the paper with fewer discussions.II.
B
ACKGROUND
S
TUDY
Key management is an indispensable part of any securecommunication. Most cryptosystems rely on some underlyingsecure, robust, and efficient key management system. Thissection of the paper discusses some of the earlier proposed keymanagement schemes for secure group communication inwireless ad hoc networks.Maghmoumi et al. in [9] proposed a cluster based scalablekey management protocol for Ad hoc networks. Their proposed protocol is based on a new clustering technique. Thenetwork is partitioned into communities or clusters based onaffinity relationships between nodes. In order to ensure trustedcommunications between nodes they proposed two types of keys generated by each cluster head. The protocol is adaptiveaccording to the limitation of the mobile nodes battery power and to the dynamic network topology changes. Their proposedapproach of clustering based scalable key management protocol provided secured communications between the nodesof the Ad hoc networks.A key management scheme for secure group communicationin MANETs was described by Wang et al. in [10]. Theydescribed a hierarchical key management scheme (HKMS) for secure group communications in MANETs. For the sake of security, they encrypted a packet twice. They also discussedgroup maintenance in their paper in order to deal with changesin the topology of a MANET. Finally, they carried out a performance analysis to compare their proposed scheme withother conventional methods that are used for key managementin MANETs. The results showed that their proposed method performed well in providing secure group communication inMANETs.George et al. in [11] projected a framework for keymanagement that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes in MANETs. They used a modified hierarchical trustPublic Key Infrastructure (PKI) model in which nodes candynamically assume management roles. Moreover theyemployed non-repudiation through a series of transactionschecks to securely communicate new nodes informationamong Certificate Authorities (CAs). They assumed thatnodes could leave and join the network at any time. Nodescould generate their own cryptographic keys and were capableof securing communication with other nodes. In order to balance the flexibility and increased availability of the KeyManagement Scheme (KMS), security was provided byintroducing two concepts in addition to revocation andsecurity alerts: non-repudiation and behavior grading. TheKMS sustained sufficient levels of security by combiningnode authentication with an additional element, node behavior.A behavior grading scheme required each node to grade the behavior of other nodes.A new group key management protocol for wireless ad hocnetworks was put forth by Rony et al. in [12]. They put forthan efficient group key distribution (most commonly known asgroup key agreement) protocol which is based on multi-partyDiffie-Hellman group key exchange and which is also password-authenticated. The fundamental idea of the protocolis to securely construct and distribute a secret session key, ‘K,’among a group of nodes/users who want to communicateamong themselves in a secure manner. The proposed protocolstarts by constructing a spanning tree on-the-fly involving allthe valid nodes in the scenario. It is understood, like all other protocols that each node is distinctively addressed and knowsall its neighbors. The password ‘P’ is also shared among eachvalid member present in the scenario. This ‘P’ helps in theauthentication process and prevents man-in-the-middle attack.Unlike many other protocols, the proposed approach does notneed broadcast/multicast capability.Bechler et al. in [13] described cluster-based securityarchitecture for Ad hoc networks. They proposed andestimated a security concept based on a distributedcertification facility. A network is separated into clusters withone special head node for each cluster. These cluster headnodes carry out administrative functions and shares a network key among other members of the cluster. Moreover the samekey is used for certification. In each cluster, exactly onedistinguished node–the cluster head (CH)–is responsible for establishing and organizing the cluster. Clustering is also usedin some routing protocols for ad hoc networks.Decentralization is achieved using threshold cryptography anda network secret that is distributed over a number of nodes.The architecture addresses problems of authorization andaccess control, and a multi-level security model helps to adjustthe complexity to the capabilities of mobile end systems.Based upon their authentication infrastructure, they provided amulti level security model ensuring authentication, integrity,and confidentiality.A scalable key management and clustering scheme was proposed by Jason et al. in [15]. They projected a scalable keymanagement and clustering scheme for secure groupcommunications in ad hoc networks. The scalability problemis solved by partitioning the communicating devices intosubgroups, with a leader in each subgroup, and further organizing the subgroups into hierarchies. Each level of thehierarchy is called a tier or layer. Key generation, distribution,and actual data transmissions follow the hierarchy. TheDistributed Efficient Clustering Approach (DECA) providesrobust clustering to form subgroups, and analytical andsimulation results demonstrate that DECA is energy-efficientand resilient against node mobility. Comparing with mostother schemes, their approach is extremely scalable andefficient, provides more security guarantees, and is selective,adaptive and robust.Apart from the above mentioned numerous researches have been conducted in the field of cluster-based group keymanagement for mobile ad hoc networks (MANETs).
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, May 2010195http://sites.google.com/site/ijcsis/ISSN 1947-5500
III.
A
N
EW
R
EGION
B
ASED
G
ROUP
K
EY
M
ANAGEMENT FOR
M
ANETS
The proposed region-based group key management protocoldivides a group into region-based subgroups based ondecentralized key management principles using WeightedClustering Algorithm (WCA). This partitioning of region intosubgroups improves scalability and efficiency of the keymanagement scheme in providing a secure groupcommunication. Figure 1 shows the partitioning of region intosubgroups on the basis of decentralized key management principles [16, 18]. It is assumed that each member of thegroup is equipped with Global Positioning System (GPS) andtherefore each one knows its location as it moves across theregions. For secure group communications, all members of agroup share a secret group key, K
G
. In addition to ensuresecurity in communication between the members of eachsubgroup all the members of the subgroups in the region ‘i’hold a secret key K
Ri
. This shared secret key is generated andmanaged by a distributed group key management protocol thatenhances robustness. This region-based group keymanagement protocol will function at the optimal regional sizerecognized to reduce the cost of key management in terms of network traffic.
Figure 1 Region-based Group Key ManagementThe average number of nodes in the system is N=
λ
p
A,where
λ
p
denotes the node density of the randomly distributednodes and A indicates the operational area with radius ‘r’. Therandom distribution of nodes is according to a homogeneousspatial Poisson process. The nodes can join or leave a group atany point of time. A node may leave a group at any time withrate
μ
and may rejoin any group with rate
λ
. Therefore, the probability that a node is in any group is
λ
/(
λ
+
μ
) and the probability that it is not in any group is
μ
/ (
λ
+
μ
). Let A
J
andA
L
be the aggregate join and leave rates of all nodes,respectively. Then, A
J
and A
L
, can be calculated as follows,)(
μ λ μ λ
+× Ν×=Α
J
μ λ λ μ
+× Ν×=
L
A
Nodes in a group must satisfy the forward/backwardsecrecy, confidentiality, integrity and authenticationrequirements for secure group communications in the presenceof malicious outside attackers. The important requirement for secure group communication is reliable transmission. This can be achieved by using acknowledgement (ACK) packets and packet retransmission upon timeout. Hexagon is used to modela region [17]. Let R(n) denote the number of regions (i.e. 3n
2
+ 3n + 1) in the operational area. For n=3, the number of regions in the operational area is 37, for n=2 and n=1, thenumber of regions in the operational area are 19 and 7respectively. Figure 2 shows the representation of the regionsin the operational area for n=1, 2, and 3.
n=1, Number of Regions=7
n=2, Number of Regions=19
n=3, Number of Regions=37
Figure 2. Representation of Regions in operational area
A.
Protocol Description
This describes the working of our proposed region-basedgroup key management for MANETs.
1.
Bootstrapping
In this initial bootstrapping process, a node within a regioncan take the responsibility of a regional “leader” to carry outGroup Diffie Hellman (GDH). If there are multiple initiators,then the node with the smallest id will prevail as the leader and will implement GDH to completion to generate a regionalkey. Once a leader is generated in each region, all leaders inthe group will execute GDH to agree on a secret leader key,
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, May 2010196http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
A New Region based Group Key Management Protocol for MANETs
1.8K
Reads
4
Readcasts
2
Embed Views
Recommended
More From This User
Notes
Load more
