23

CHAPTER-3

Key Management and threshold schemes in Mobile

Ad-hoc Networks
3.1 Introduction of secret sharing scheme in key management

Shamir had proposed a method for dividing a data sequence D into n fragments in

such a way that D can be easily reconstructed from any k pieces using Lagranges

Interpolation. This technique enables the construction of robust key management for

cryptographic system.

A secret sharing scheme for a access structure is a method in which a dealer

distributes shares of a secret to participants such that (1) any subset in can reconstruct the

secret from its shares, and (2) any subset not in cannot obtain any partial information

about the secret in the information theoretic sense. A secret sharing scheme is called ideal

if shares of shareholders are taken from the same domain as the secret.

The requirement of the key being secret brings several problems. Storing a secret

key with only one person or server or database reduces the security of the system to the

security and credibility of that agent. Besides, not having a backup of the key introduces

the problem of losing the key if a mischief occurs. On the other hand, if the key is held by

more than one agent an adversary with a desire for the key has more flexibility of

choosing the target. Hence the security is reduced to the security of the least secure or
 24

least credible of these agents. Secret sharing schemes are introduced to solve these

problems of key management. The main idea of these schemes is to share a secret among

a set of agents such that only the predefined coalitions can come together and reveal the

secret, while no other coalition can obtain any information about the secret. Thus, the

keys used in areas requiring vital secrecy like large-scale finance applications and

command control mechanisms of nuclear systems, can be stored by using secret sharing

schemes.

Here secret is shared to detect malicious nodes in the network. The original secret

key can be reconstructed by applying private key for their corresponding public key

encrypted data.

Detection of cheaters:

A verifiable secret-sharing scheme [Stadler, 1996] provides its shareholders with

an ability to verify that (a) the secret shadows obtained from the dealer are derived

consistently from the same secret and (b) the secret shadows obtained from the other

shareholder in the secret reconstruction process are genuine shadows. These abilities are

very important. For example, a dishonest dealer can cheat some shareholders by giving

them fake shadows. Communication errors (i.e., noise) can also result in fake shadows. A

shareholder may also cheat others in the secret reconstruction process by presenting a

fake shadow to prevent others from obtaining the real secret.

 25

3.2 System Setting

The motivation of Threshold cryptography is to share the secret value among

multiple individuals called participants (or shareholders) that are engaged in encryption

or decryption. The objective is to distribute the secret value in a distributed architecture.

This architecture follows the dynamic topology of the networks, in which the participants

reside. The secret value is redundantly split into n pieces and is distributed among

participants such that t or more than t pieces can recover the original secret value. This is

secured message transmission (SMT) between two nodes over n multiple paths in

MANET. There are various applications of MANETs, in which Thresh-old Cryptography

may be implemented. Applications include coordinating e orts of military attacks in the

battle field or in disaster-struck area, establishing wireless connectivity among various

home appliances, and establishing communication among wireless devices such as

laptops, PDAs and other at conferences/meetings.

3.3 Key Management in Ad-hoc Networks

Key management in ad hoc networks Key management is a basic part of any

secure communication structure. Most secure communication protocols rely on a secure,

robust, and efficient key management system. General Key management primitives and

trust models are described below. The key is a piece of input information for

cryptography algorithms. First, if the key is discovered, the encrypted information can be

revealed. The secrecy of the private key must be assured locally. The key encryption key

(KEK) approach could be used at local hosts. Second, key distribution and key agreement
 26

over an insecure channel are risky and suffer from potential attacks. In the traditional

digital envelope approach, a session key is generated at one side encrypted by the public-

key algorithm, and then delivered and recovered at other end. In the Diffie Hellman (DH)

scheme, the communication parties at both sides exchange some public information and

generate a common session key. Several enhanced DH schemes have been proposed to

counter the man-in-the-middle attack. Many complicated key exchange or distribution

protocols and frameworks have been designed and built. However, in mobile ad hoc

networks the computational load and complexity of the key agreement protocol are

strongly restricted by the nodes available resources, the dynamic network topology, and

network synchronization difficulty.

These keys or certificates can be distributed to the nodes automatically via a key

management system. Key management entails the secure generation, distribution,

revocation, reissuance, and storage of keys on network nodes. A MANET environment is

characterized by unpredictable connectivity, node failures, and security vulnerabilities

that hinder the proper operation of a key management system.

In our work we address the secret distribution to achieve the privacy and

distribution aspects of key management. There exist many dimensions of research on

security in MANETs [Crescenzo, 2005]. However, there are some basic aspects that are

common to all security protocols. Avoiding those crucial system events is carried out

under the responsibility of a single node. Every node will be authorized, authenticated,

and non-repudiated. Data should be confidential and it cannot be modified easily [Hu,
 27

2004]. Threshold cryptography can provide solutions of fundamental help for aspects of

MANET security. There is no computationally secured threshold cryptography in the

literature considering such aspects. In this work, we implement a scheme which would be

competent with respect to the mentioned security aspects and it would be computationally

secured as well.

3.4 Related work

Secret sharing was first proposed by Blakley, 1979 and Shamir, 1979. The scheme

by Shamir relies on the standard Lagrange polynomial interpolation, whereas the

scheme by Blakley, 1979 is based on the geometric idea that uses the concept of

intersecting hyper planes.

Sarkar et.al, 2009 proposed Chinese Remainder Theorem-Based RSA Threshold

cryptography in MANET using Verifiable secret sharing scheme. It implements

Threshold cryptography based schemes for MANET. The Chinese Remainder Theorem

has been in use for quite a long time in the field of deterministic key pre-distribution.

Ravi K. et.al ,2009 proposed efficient and attack resistant key agreement scheme for

secure group communications in Mobile Ad hoc Networks. This scheme also used CRT

for group key generation. The concept of group key generation suffered from updation

overhead due to the dynamic nature of MANET. Amuthan et.al, 2011 proposed secure

routing scheme in MANETs using Secret Sharing. This protocol proposes a secret

sharing scheme using Shamir's secret sharing scheme approach. Papadimitoras and Hass,

2003 design Secure Data Transmission in Mobile Ad hoc Network which is based on
 28

multiple paths for mobile ad hoc networks. The scheme focused its attention on privacy

and robustness in communication. For privacy, a coding scheme using XOR operation

was established to strengthen the data confidentiality.

3.5 Proposed Code-based threshold scheme

A scheme to distribute k secrets si where 1 i  n into ti shares where

1  i  n such that following conditions satisfied:

 Given any set of k shares can determined the secret s where s  (s1 , s2 ,..., sk )

 Given any set of k-1 and lesser shares gives no information about the secret s.

Let there are Pi participants where 1  i  n . Let S is secret space and T be the share

space be the vector spaces over field F. Assume that f : S  T be the one to one share

function to compute shares for n participants. Let s  (s1 , s2 ,..., sk ) be the vector space

consisting of k secrets and T  (t1 , t2 ,..., tn )  f (s) the share given only to ith participant

is ti .

Initialization Phase

 Choose a random prime number F as field.

 Choose maximum number of participants n and threshold value k  F .

 Choose arbitrarily si  F , 1  i  k such that si is the ith element in the secret

space s.
 29

Distribution Phase

 Let ei  F k be the vector with the ith entry being identity element 1 and other

entries being the zero element of F such that every vector s  F k can be

k
expressed as s   si ei .
i 1

 Compute the shares of participants by using the following share function:

 k  k
f ( s)  f   si ei    si f (ei )  sG  (t1 , t2 ,..., tn ) where G is k  n generator
 i 1  i 1

matrix , the rank of G is k. and (t1 , t2 ,..., tn )  T is the share vector.

 Distribute the shares to the n participants such that ith participant gets the ti th

share for 1  i  n .

 Publish the generator matrix.

 Choose any k (threshold value) columns of generator matrix to form a sub matrix

G(i1 , i2 ,..., iu ) where i1 , i2 ,..., iu are the i1th , i2th ,..., iu th columns of given generator

matrix and 1  u  n .

 Obtain the shares ti1 , ti2 ,..., tiu

 Recover the secret vector s by solving the following linear equation:

sG(i1 , i2 ,..., iu )  (ti1 , ti2 ,..., tiu )

 30

3.6 Proposed Hierarchical Dynamic Threshold Scheme

Initialization:

Dealer uses a Shamir scheme to distribute shares of an initial secret 1 with threshold

t0 among players P   p1 , p2 ,..., pn  and then he leaves the scheme. Suppose there are

m levels L1 , L2 ,..., Lm  with set of players n1 , n2 ,..., nm  and thresholds t1 , t2 ,..., tm 
corresponds to field Fq

Sharing Phase:

For each i [1, m  1] repeat the following steps:

 The Players in P use polynomial production protocol, to generate shares of a

random secret  i with threshold t  min[ti , ti 1 ,..., tm ] .

 Players ni keeps shares of  i as their final shares.

 Now P  P  ni 

For level Lm:

Players in P will calculate the following constant.

For i [1, m  1] , i 1  i  i

After calculating { 2 , 3 ,....,  m } they keep only shares of  m as their final shares.

Changing the Threshold dynamically at each level: Apply Threshold Modification

 31

Technique by Lagrange Method at each level from ti to ti , where i [1, m  1] .

Recovery of the secrets at each level:

For i [1, m  1]

Now, if a set  i of at least ti players cooperates, they can recover the secret by using the

Lagrange interpolation method: Secreti  

j 
 j i   j
i
.

Recovery of the master secret named 1

Now we got level wise secrets i.e  m from level m,  m1 from level (m-1),

 m2 from level (m-2),……. 1 from level 1.

They then solve the following system of linear congruences:

i 1  i  i mod q for i  (m  1) down from level i  1.

Therefore,  m1 ,...., 1 are recovered.

Polynomial production:

 Initially, t players from P are selected at random.

 Each from the t players Pi shares a secret, say  i , i [1, t ] among all the players

using a Shamir scheme, where the degree of the secret sharing polynomial is t-1.

 Every player adds his shares of the  i s together. As a result, each players has a
 32

share on a polynomial g(x) of degree t-1 with a constant term     i .

3.7 Threshold Modification Algorithm By Lagrange Method

 A set is determined such that it consists of the identifiers of at least t

selected players. Each player Pi   selects a random polynomial gi ( x) of

degree at most t-1 such that gi (0)  f (i) .He then gives gi ( j ) to Pj for

1  j  n , i.e., resharing the original shares by auxiliary shares.

 The following public constants are computed:

j
 j   j , j i for all i  .
j 1

 Each player Pj (1  j  n) erase his old shares, and then combines the

auxiliary shares he has received from other players to compute his new

share as follows:  j  i  j  gi ( j ) .

3.8 Analysis of Proposed scheme

In our scheme, generally, every participating node and its share were verified by

the verification scheme all the shares for participating nodes are consistent. In the sharing

phase, the dealer cannot generate inconsistent shares. At least one of the verification

equations does not satisfy if the dealer generates an inconsistent share. All the

participating nodes also cannot repudiate in the reconstruction phase, as there is a

verification scheme, which is validated by the member of coalition S. If some node is

 33

repudiated, then at least one verification equation will not be satisfied. In such a case, the

cheated node is treated as malicious nodes. This is a cooperative approach where the i th

nodes share would be verified by the other coalition member. Hence, there is no scope of

cheating by any nodes which acts as maliciously. If all the shares are valid, then the

participating nodes would obtain the secret value. It always satisfies the validity of the

shared secret values, because no adversary is able to participate in the coalition easily.

When the verification equation is not satisfied for any node, then it is identified as an

adversary.

Discussion

In this chapter we proposed a key management scheme, we make use of secret

sharing schemes which is based on code based secret sharing schemes and dynamical

secret sharing schemes based on polynomial interpolation pro-posed by shamir's. The

inner components of key management scheme are made by these secret sharing schemes.

This key management is based on the secret sharing scheme, where the system secret is

distributed to a group of server nodes. The server group creates a view of a

CA(certification authority). The advantage of key management is that it is easier for a

node to request service from a well maintained group rather than from multiple

independent service providers which may be spread in a large area. It is much easier for

servers to coordinate within the group rather than with the entire network during the

secret share updating phase. Future, we integrate our proposed scheme to the key

management approach.