secure and efficient key management in mobile ad hoc networks bing wu, jie wu, eduardo b. fernandez,...
Post on 19-Dec-2015
219 views
TRANSCRIPT
![Page 1: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/1.jpg)
Secure and Efficient Key Management in Mobile Ad Hoc
NetworksBing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros
MagliverasDepartment of Computer Science and Engineering, Florida Atlantic U
niversity, Boca Raton, FL 33431, USADepartment of Mathematics, Florida Atlantic University, Boca Raton,
FL 33431, USAJournal of Network and Computer Application
Present: Jhoong-Wei Chen
![Page 2: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/2.jpg)
Introduction
• The ad hoc networks security
• Introduce a secure and efficient key management scheme(SEKM)
• The basic idea is that server nodes form an underlying service group
![Page 3: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/3.jpg)
Key Management in Ad Hoc Networks
• Trust models
![Page 4: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/4.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Notation and assumption– that every node carries a valid certificate from off-line
configuration before entering the network
![Page 5: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/5.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• The overview of SEKM– Kca
-1 is distributed to m shareholders (server)
– A quorum of k(1<k≤m) servers (server group) can produce a valid certificate
– SEKM• group maintenance phases• share updating phases • certificate renew/revocation phases • handling new server nodes phases
![Page 6: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/6.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Secure server group formation and maintenance– Use mesh structure– only server nodes initiate the group formation and
become members of the group– A subset of non-server nodes could be forwarding
nodes– the tree-based structure is easy to break in a high
dynamic situation and incurs excessive control traffic– Soft state
![Page 7: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/7.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Group Creation– When a secret shareholder enters the network, it broa
dcasts a JoinServeReq: {IDi, SEQi, TTL} {[h(IDi, SEQi)]Ki
-1|(TTL)Ki-1}
– When a node– receives a non-duplicate JoinServerReq packet, it nee
ds to verify that the packet is from the authenticated source
– The TTL value decreases by 1 as the packet leaves intermediate node. The change of TTL is signed by intermediate nodes
![Page 8: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/8.jpg)
Secure and Efficient Key Management (SEKM) Scheme
– If the server node receive JoinServerReq it will send a JoinServerReply packet as well as forwarding the request packet.
– JoinServerReply packet is also protected by the replier’s signature
![Page 9: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/9.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Group maintenance– for a mesh structure, there are multiple possib
le paths between pairs of servers– the periodical message JoinServerRequest an
d JoinServerReply are sent out
![Page 10: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/10.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Secret share updating– k servers within the server group initiate the share up
date phase– At every round every server i generates a random nu
mber βi between 0 and 1 and a threshold value τi. τi is defined as
![Page 11: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/11.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Secret share updating
![Page 12: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/12.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Handling new servers– server group updates shares periodically, a n
ew joining node could carry an outdated share from off-line configuration
– A message could be– A message sent out to notify requesting node
r by checking the version field in the certificate
![Page 13: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/13.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Certificate updating
![Page 14: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/14.jpg)
Secure and Efficient Key Management (SEKM) Scheme
•Certificate updating
![Page 15: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/15.jpg)
Secure and Efficient Key Management (SEKM) Scheme
• Handling certificate expiration and revocation– A certificate will expire after a predetermined
period of time– In this paper, for simplicity, a– node with an expired certificate needs some o
ff-line or in-person reconfiguration– A node’s certificate could be revoked by the s
erver group within its validity period for several reasons
![Page 16: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/16.jpg)
Performance evaluation
• Assumption– 100 X100 2-D free-space– from 40 to 100 nodes– transmission range r =25– 1024-bit RSA cryptographic key pairs– The coefficients of the polynomial are 512 bits
long.– hashed using MD5– implemented in Matlab.
![Page 17: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/17.jpg)
Performance evaluation
![Page 18: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/18.jpg)
Performance evaluation
![Page 19: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/19.jpg)
Performance evaluation
![Page 20: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/20.jpg)
Conclusion
• In this paper we propose a key management scheme, SEKM, which creates a PKI structure for this type of Ad Hoc Networks
• SEKM is that it is easier for a node to request service from a well maintained group rather than from multiple ‘‘independent’’ service providers which may be spread in a large area.
![Page 21: Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer](https://reader030.vdocuments.site/reader030/viewer/2022032800/56649d265503460f949fd908/html5/thumbnails/21.jpg)
Appendix
• Key agreement protocol: A key agreement protocol or mechanism is a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no party can predetermine the resulting value.
• Key management protocol: