Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
5Activity
0 of .
Results for:
No results containing your search query
P. 1
Policy based Decentralized Group key Security for Mobile Ad-hoc Networks

Policy based Decentralized Group key Security for Mobile Ad-hoc Networks

Ratings: (0)|Views: 164|Likes:
Published by IJCSI Editor
Volume 7, Issue 3, May 2010, Computer Science Issues, International Journal, Computer Science, IJCSI, http://www.IJCSI.org, Open Access, refereed journal
Volume 7, Issue 3, May 2010, Computer Science Issues, International Journal, Computer Science, IJCSI, http://www.IJCSI.org, Open Access, refereed journal

More info:

Published by: IJCSI Editor on Jun 20, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/17/2011

pdf

text

original

 
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 3, No 10, May 2010ISSN (Online): 1694-0784ISSN (Print): 1694-0814
 
Policy based Decentralized Group key Security forMobile Ad-hoc Networks
Mrs. Sugandha Singh
1
, Dr. Navin Rajpal
2
, Dr. Ashok Kale Sharma
3
and Mrs. Ritu Pahwa
4
 
1
Associate Professor, C.S.E. Department, Jodhpur Institute of Engineering and Technology, JIET,Jodhpur, Rajasthan, 342001, India
2
Professor, I.T. Deptt., University School of Information Technology, USIT,Delhi, India
3
Professor & Head, C.S.E. Departt., YMCA College of EngineeringFaridabad, India
4
Lecturer, E.C.E. Deptt., Vaish College of EngineeringRohtak, 124001 India
Abstract
The unique characteristics and constraints of MANET have made the traditional approach tosecurity inadequate. With this view in minddecentralized group key management is taken intoconsideration. A novel structure of the node is proposed and each entity holds a secret share SS
i
 of each node in cluster is controlled by its cluster head, the policy enforcer decides for the workingof intelligent agent, which is assigned to do themanagement, which allows two or more parties toderive shared key as a function of informationassociated with the protocol and so no party can predetermine the resulting value. Groupmembership certificate is used for groupauthentication and by the use threshold keyscheme secret data is transferred. The SS
i
of eachnode is calculated by use of Polynomialinterpolation and cluster head key by modular arithmetic, and information is carried by the policy based agents named intelligent agents.
 Keywords:
 
 Mobile Adhoc Network, Group keymanagement, Decentralized group key, Verifiablesecret sharing.
 
1. Introduction
 Network contamination describes the situationwhere a network is polluted with unsolicitedcommercial, political and/or malicious software. Italso degrades the utility of belonging of thenetwork in that it imposes negative effects to thesystems, networks and the users and today’snetworks are mobile adhoc networks, where everynode act as a router also and can route the trafficto other nodes. They are highly dynamic in natureand susceptible to failures. Such networks posestringent requirements for security and reliability.Unlike typical internet application, mostapplications of MANET involve one-to-many andmany-to-many communication patterns. Groupcommunication is typical mode in MANET andhigh level security is required in it.The new requirements in security are arisen inMANET because of its characteristics [3], and thesecure group key management meets somechallenges as below:1)
 
It is hard to securely distribute and update thegroup key because there is lack of fixedinfrastructure.2)
 
The solutions based on fixed topology structure of nodes and unpractical because all the locations of the nodes might change at any moment.3)
 
Multi-hop relaying and hidden attack make groupre-keying hard to achieve satisfied performance.4)
 
The lack of an online CA or trusted third partyadds the difficulty to deploy security mechanism.5)
 
Mobile devices tend to have limited power consumption and computation capabilities, whichmake it more vulnerable to denial of serviceattacks and incapable to execute computationheavy algorithms like public key algorithms.6)
 
There is more probability for trusted node beingcompromised and then being used by adversary tolaunch attacks on networks. It is difficult todistinguish between stale routing information andfaked routing information. So it is necessary todeal with attacker inside the network.There are five main security services for MANET’s:
authentication, confidentiality,integrity, non-repudiation & availability
. Inorder to address these needs, a policy basednetwork management system that has providedthe capability to express network requirements at
44
 
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 3, No 10, May 2010ISSN (Online): 1694-0784ISSN (Print): 1694-0814
 
a high level and have them automatically realizedin the network by configuration agents. Thisapproach provides the network administrator withthe capability to specify high-level policies that:
 
Specify long-term, network-wideconfiguration objectives, e.g. all privatecommunications must be encrypted.
 
Provide an automated feedback loop so thatinformation reported by monitoring agentscan be used to automatically trigger correction of network problems based on policies.Once policies such as those described above aredefined, they are automatically enforced by the policy enforcer. These capabilities can providemilitary personnel with very powerful tools toconfigure and control their network, andreconfigure their network, in response to network conditions [4]. In general Group Key managementsecurity in ad-hoc networks is divided into threemain classes:1.
 
Centralized group key managementprotocols:
A single entity called the keydistribution center (KDC) is employed for controlling the whole group.2.
 
Decentralized group key managementprotocols:
The management of the largegroup is divided among subgroup managers,trying to minimize the problem of concentrating the work in a single place.3.
 
Distributed group key managementprotocols:
There is no explicit KDC, and allthe members participate in the generation of the group key and each member contributesto a portion of the key.
Fig.1 Summary of Area of work 
This paper concentrates on decentralized groupkey management protocol. As it is assumed thatthe adversary can attack any node at any time, butnot every node every time, so an efficient groupkey distribution or group key agreement is madethat addresses the special needs posed by mobilead-hoc networks and the system provides thecapability to express networking requirements at ahigh level. They are then automatically released inthe network by agents. Network managementfunctionality is released by policy agents that areorganized in a hierarchy to provide bothscalability and autonomy. Survivability isachieved by enabling any component to take over the role of another component in case of failure.The rest of the paper is organized as follows: InSection 2, a review of the related work is given. Insection 3 the proposed policies on Group keysecurity is explained. Finally the discussion onsome performance issues is shown in Section 4.Section 5 considers the further work and finallyacknowledgments for helping hands.
2. Related Work
Decentralized Group key Management Protocols:In the decentralized subgroup approach, the largegroup is split into small subgroups, minimizingthe problem of concentrating the work on a single place. In this approach, more entities are allowedto fail before the whole group is affected.Following attributes are used to evaluate theefficiency of decentralized frameworks: keyindependence, decentralized controller, Local re-key [5], keys vs. data and Re-key per membership protocol is based on password authenticated multi party Diffie-Hellman Key exchange. Protocoldescribed in [6] does not give any idea about thestructure of Ad-hoc network and described in avague way and the structure of the final sessionkey is not the same as explained in the protocol.Scalable multicast key distribution [7], Kronos[8], Intra-Domain Group key management [9],Hydra [10] are some of the popular protocols thatfollow the decentralized architecture. [10] givesthe contributory group key agreement gives thegroup key protocol: K = H (N
1
,N
2
,……..,N
n
)where H( ) is a one way collision hash functionand N
i
is the secret key share of group member P
.Each group member P
i
chooses a secret X
i
andcomputes: Z
i
= g
xi
and each group member  broadcast Z
i
to all other group members. Each
Ad-Hoc Network 
SecurityKeyManagement
Peer to Peer KeyManagement
Group KeyManagement
Key Agreement
KeyTransport
Contributory keyAgreementKey pre-distributionCentralizedKeyDistribution
DecentralizedKey Distribution
45
 
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 3, No 10, May 2010ISSN (Online): 1694-0784ISSN (Print): 1694-0814
 
group member computes and broadcast: X
i
=(Z
i+1
/Z
i-1
)
xi
[11]. Consider the security mechanismin from the system architecture view. It depictsthe five layer security architecture for MANET’sas: Layer 5 SL
5
, End to End security layer. Layer 4 SL
4
Network Security Layer. Layer 3 SL
3
,Routing security Layer. Layer 2 SL
2
,Communication security layer. Layer 1 SL
1
, TrustInfrastructure Layer. [12] has implemented keymanagement service and described the use of RSA key generation technique to create athreshold certificate authority. The creation of thisscalable key management solution does not relyon prior infrastructure for its inception. Public keyInfrastructure (PKI) is the most scalable form of key management. Several different PKItechniques exist: [13], [14], and [15]. Aura [16] proposes the use of a group oriented Public keyinfrastructure for large group formation. Theleader of the group acts as a certificate authority(CA), which issues group membershipcertificates. Zhou [17] suggests the use of threshold cryptography to create a distributedthreshold certificate authority.
3. Proposed Work
A dynamically adjustable multi-tier hierarchy isused which enhances the scalability of themanagement system by expanding or shrinking of number of tiers in hierarchy depending on thenetwork conditions. The basic idea is to form theclusters and implement the threshold scheme (K,i) for the management of cryptographic keys,which are used for the security of the data whilemovement.
Threshold scheme
are ideally suitedto the applications in which a group of mutuallysuspicious individuals or must say here the nodeswith conflicting interests cooperate. Differenttypes of agents are used and detailed according totheir property to do specific jobs.
Intelligentagents/Policy agents
are the agents who are to behave intelligently. This
 policy agent 
isresponsible for enforcing the policies of the policydomain. The policy agent of an atomic policydomain is referred to as
 Local Policy Agent(LPA).
The policy agent of top level policydomain is referred to as
Global Policy Agent(GPA).
Intermediate Policy agents are called
 Domain Policy Agents (DPA).
Assumptions
The GPA, DPA and LPA of all the networks havethe same basic structure and consist of same code base. They have similar functionality but differentscope. Different agents can be installed within theGPA, DPA’s or LPA’s to enable differentfunctionality.
Policy Enforcer
is the entityresponsible for enforcing policies. It monitorsevents and evaluates conditions to decide whichagent should be instructed to perform itsmanagement action. They can receive events published by other system components via anevent bus. Each agent implements a
standardinterface
that enables the policy enforcer tocommunicate with agents.
Policy distributor
isused to receive policy updates from the remotenode and to send these updates to the LPA's on itsnode.The network considered is not very highlyvolatile.
3.2 Working of System
Ideally it is considered that the cooperation is based on mutual consent, but practically the veto power this mechanism gives to each member or each node can paralyze the activities of thecluster. By properly choosing the
 k
and
 x
  parameters we can give sufficiently large majorityof authority to take some action while giving anysufficiently large minority the power to block it.The proposed new structure of each node isshown below. This includes the nodeidentification number (n), current location of thenode (X
n
,Y
n
) which is calculated with the GPSwhich is on each and every node. It also helps in predicting the direction on movement of the node.Cluster Head Identification number (CH) is usedto specify the cluster leader and different number of clusters in one network. The threshold schemeconsidered is the dynamic threshold scheme because let’s say threshold minimum number of votes is say
 t
then proactive secret sharing doesn’thelp as resultant size of the group is less than t i.e.
(n-t) <= t
so in such a case it is necessary toreduce
 t
. Similar condition is if larger member of the group leaves. Similar condition arises when atgroup inception time first few members join. Insuch special cases the group needs some specialadmission rules. In dynamic threshold theminimum number of votes is a fraction of thenumber of current group member. As it isdecentralized Scheme one network (N) is dividedin different clusters, which carries the informationof all the members present in the cluster and whena member node becomes mobile it informs thecluster head (CH) about its migration and ontraveling to a new region boundary it will send
46

Activity (5)

You've already reviewed this. Edit your review.
1 hundred reads
benzzef liked this
sid1029 liked this
sid1029 liked this
veluramet liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->