Secure and efficient key management in mobile ad hoc networks (original) (raw)

2007, Journal of Network and Computer Applications

In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge in this unique network environment. Usually cryptography techniques are used for secure communications in wired and wireless networks. The asymmetric cryptography is widely used because of its versatileness (authentication, integrity, and confidentiality) and simplicity for key distribution. However, this approach relies on a centralized framework of public key infrastructure (PKI). The symmetric approach has computation efficiency, yet it suffers from potential attacks on key agreement or key distribution. In fact, any cryptographic means is ineffective if the key management is weak. Key management is a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management is strongly subject to restriction of the node's available resources and the dynamic nature of network topology. In this paper, we propose a secure and efficient key management framework (SEKM) for mobile ad hoc networks. SEKM builds PKI by applying a secret sharing scheme and an underlying multicast server group. In SEKM, the server group creates a view of the certification authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The secret can be recovered by combining k pieces based on Lagrange interpolation. Secret splitting, reconstruction, and verification is quickly reviewed in Section 3. These cryptography tools are widely used in wired and wireless networks, obviously they could also be used in mobile ad hoc networks. Key management is a basic part of any secure communication. Most cryptosystems rely on some underlying secure, robust, and efficient key management system. Key management deals with key generation, storage, distribution, updating, revocation, and certificate service, in accordance with security policies. Key management primitives and a trust model are presented in Section 3. The outline of key management is described below. First, secrecy of key itself must be assured in the local host system. Second, secure network communications involve key distribution procedure between communication parties, in which the key may be transmitted through insecure channels. Key confidentiality, integrity, and ownership must be enforced in the whole procedure. Third, a framework of trust relationships needs to be built for authentication of key ownership. While some frameworks are based on a centralized Trusted Third Party (TTP), others could be fully distributed. For example, a Certificate Authority is the TTP in PKI, Key Distribution Center (KDC) is the TTP in the symmetric system, meanwhile in PGP, no such a trusted entity is assumed.