Download A REVIEW ON EFFICIENT KEY MANAGEMENT SCHEMES FOR SECURE ROUTING IN MOBILE AD HOC NETWORKS and more Lecture notes Wireless Sensor Networks in PDF only on Docsity!
International Journal of Computer Engineering and Applications, Volume V, Issue I, Jan 14
A REVIEW ON EFFICIENT KEY MANAGEMENT SCHEMES FOR
SECURE ROUTING IN MOBILE AD HOC NETWORKS
C.Krishna Priya^1 , Prof.B.Satyanarayana 2
(^1) Research Scholar, Department of Computer Science & Technology, Sri Krishnadevaraya University, Anantapur (^2) Professor, Department of Computer Science & Technology, Sri Krishnadevaraya University, Anantapur krishnapriyarams@gmail.com, bachalasatya@yahoo.com
ABSTRACT:
Mobile Ad Hoc Networks (MANETs) have become ubiquitous in revolution of computing as they are suitable for on demand communication scenarios. However, they are vulnerable to attacks due to their multi-hop, dynamic, mobility and resource constrained nature. It is the most sensitive issue faced by MANETs. Especially, it is so in the absence of key management system. Therefore reliable key management scheme is indispensable to secure communication between the nodes in MANET besides ensuring authentication, non repudiation, confidentiality and integrity. Key management schemes play a pivotal role in distributing keys among routing protocol, and participating nodes in communication. As the network lacks infrastructure and central server, efficient key management is a challenging and open problem to be addressed. Moreover nodes in MANET are dynamically configured without a fixed topology which causes less than ideal trust relationship among nodes. As a matter of fact every node in the network plays a role of an intermediate router. This makes the nodes to be more responsible, reliable and able to participate in key management schemes for robust, highly efficient and secure communication. The knowledge of the present state-of-the-art on efficient key management in MANETs can help in securing networks and move on to further enhancements in the area. Towards this end, in this paper, we analyze various key management schemes and evaluate them in terms of their utility, and performance in the real world networks.
KEYWORDS - Mobile Ad Hoc Networks, secure routing, key management schemes
[1] INTRODUCTION
MANET is an infrastructure less network which is established automatically on demand. It
is a set of wireless nodes that are configured automatically on the fly thus making it suitable
candidate as it is useful in emergency situations [1], [2]. In other words it is a multi-hop
communication network organized temporarily with nodes that have receivers and transmitters [3].
The topology of network is dynamic which is created and modified on the fly [4]. MANET
supports many routing protocols such as Dynamic MANET On-demand routing protocol (DYMO),
Optimized Link State Routing protocol (OLSR), Destination Sequenced Distance Vector (DSDV),
Dynamic Source Routing (DSR) and Ad Hoc On-demand Vector Routing (AODV). Mobility is the
fundamental difference between other networks and MANET [5]. Wireless Sensor Network (WSN)
traffic also can be relayed over MANET. It does mean that WSN communications are possible
between devices of MANET [6]. MANET supports TCP/IP protocol to integrate communication
with wired networks as well [1]. Every node in MANET acts as a host in the network and also
A Review on Efficient Key Management Schemes for Secure Routing in Mobile Ad hoc Networks
router which can cooperate in communication [7]. As MANET topology is dynamic in nature
which makes the procedure of routing more difficult and vulnerable to Denial of Service (DoS)
attacks such as flooding which results in network congestion [8]. MANETs are vulnerable to
attacks such as location disclosure, black hole, replay, work hole, blackmail, denial of service and
routing table poisoning.
Secure key management is essential in MANETs to protect sensitive communications in the
network besides withstanding various kinds of attacks specified earlier. The key management
protocols are classified into many types as shown in figure 1.
Fig. 1 – Classification of key management approaches
Pairwise key approach is the approach in which key server provides pairwise keys to every
participant. One such model is GKMP. Apart from pairwise key the participants also know group
key and group key encryption key. Secure Locks is a key management protocol where a key server
uses only one broadcast to make a new group key or change existing one for all members in the
group. Hierarchy of keys approach is most efficientbut has tradeoff with storage. Here, in addition
to pairwise keys, the key server also shares keys with subgroups. Ring based cooperation is found
in CLIQUES protocol. It treats group members as controllers. One of the controllers collects
contributions from group members and then adds its own contribution. Afterwards it broadcasts it
to all group members to enable them generate group key. In hierarchical based cooperation a
structure is followed to group members. For instance STR protocol uses a tree structure that is used
in the cooperative communications. Broadcast based cooperation has fixed number of rounds. In
BD protocol [10] intermediate values are broadcasted to all participants and the load is shared
across parties. Based on the way clusters are formed the decentralized approaches are named static
clustering and dynamic clustering. A consequence based classification of attacks in MANET
includesdenial of service, sleep deprivation, selfishness, network partition, routing loops, and black
hole [11]. Reputation Trust (RT) model is proposed by Rizivi et al. in order to increase credibility
of nodes and reduce malicious behavior in MANET [12].
A Review on Efficient Key Management Schemes for Secure Routing in Mobile Ad hoc Networks
As summarized in figure 3, the components in multifense security solution belong to either
link-layer security solutions or network layer security solutions. Secure ad hoc routing, proactive
protection throughmessage authentication primitives, secure packet forwarding, reactive
protection through detection and reaction, source routing, link-state routing, distance vector
routing, misbehavior detection, misbehavior reaction are the solutions that can be made in
network layer. Whereas the link layer security solutions include using next generation WEP,
altering cryptographic primitives to fix loop holes. In this paper we provide the present state of
the art with respect to key management schemes. Our contribution in this paper is the survey of
various key management schemes existed for security MANET communications. The remainder
of the paper is structured as follows. In section II, we review literature on key management
schemes in MANETs. In section III we evaluate the schemes that have been reviewed while
section IV concludes the paper.
[2] KEY MANAGEMENT SCHEMES FOR MANETs
This sectionreviews availablekey management schemesfor secure routing in mobile ad hoc
networks. It focuses on the cluster based key management schemes, threshold secret sharing,
besides many other key management schemes that are suitable for various MANET applications in
varied mobility scenarios.
Cluster Based Key Management for MANET
Hai-tao [14] proposed cluster based key management scheme. It is builtin a distributed
network as soon as the network is initialized. The network is divided into clusters with cluster
head (CH) in each cluster. At the time of initialization CH generates share key for the cluster.
The shadow of cluster key is securely distributed to every other node in the cluster through
nonce. CH is also capable of determining whether a node originally joins cluster or comes from
other cluster (roaming node). If that is a roaming node, CH gets its history through its old CH
node and then makes a decision to allow the node or deny it. This key management scheme is
proved to be efficient, secure, fault tolerant and expansive in nature.
Threshold Secret Sharing
Cho et al. [15] proposed a secure mechanism for key management. They achieved it
throughregeneration of Cryptographically Generated Addresses (CGA). The CGA regeneration is
done using threshold secret sharing. They considered MANET with IP v6 addressing scheme.
Certificate Authorities are not used in MANETs. Instead of CA Threshold Secret Sharing (TSS)
is used. The TSS facilitates dividing of cryptographic primitives into n number of pieces and
associatesthem with n participants. Out of the n pieces if t number of pieces are gathered it is
possible to establish secret data. However, if t-1 pieces are gathered it is impossible to reconstruct
secret data. As the secret data is distributed it gives more security. For secure neighbor discovery
here is based on CGA and digital signature. The CGA format is as shown in figure 4.
International Journal of Computer Engineering and Applications, Volume V, Issue I, Jan 14
Fig. 4 – Format of CGA [15]
When a private key is compromised, the CGA regenerates address. The regeneration
process is done based on TSS which provides certificate issuing service. The TSS mechanism can
help nodes to identify compromised nodes in the network. As per this security mechanism each
node in MANET can have a secret share, public key pair and a certificate. Without the presence
of CAs, this mechanism obtains certificates using the TSS mechanism. Authentication of a sender
and the message is done by the security mechanism. Public key cryptography, IP v6 and CGA
work together to make the security more robust to attacks.The security mechanism has provision
for preventing brute-force attacks. This approach is capable of providing fool proof security.CGA
can also prevent IP address spoofing attack.
Threshold ID-Based Public-Key Management
A threshold ID based public key management scheme was proposed by Deng et al. [16].
The nodes initially existed in MANET generate security keys in collaborative fashion. The keys
are not kept in any single node. An assumption made in this scheme is that each node in the
network has a unique ID. The whole system private key is made up of all partial keys of all nodes
in the network. Each node obtains partial system private key with respect to its own identity. A
part of system private key is shared to each node based on the ID of the node in the network. A
threshold is used nodes while generating private keys of other nodes. To the given identity a set
of nodes together can generate security key. The generated secret keys are securely transmitted.
While sending a request message, the requesting node is supposed to present self generated
public key which is temporary. Such public key is used by t issuing nodes.
Public Key Management Scheme for MANETs
Yuh-Min Tseng [17] proposed a scheme for key management in MANETs. This scheme
has two phases namely initial phase and certificate distribution phase. In the first phase the
MANET is established using cluster-based networking where the nodes form clusters with cluster
heads. In the second phase actually takes care of certificate distribution that will ensure secure
International Journal of Computer Engineering and Applications, Volume V, Issue I, Jan 14
is with MANET nodes. Here secure key distribution is made possible through transitive trust
among all participating nodes in the communication. Non-hierarchical applications of MANET
can also use the key management scheme proposed which works in high mobility environment.
The security is initiated trusted authority by distributing private key shares to t + 1 node. Private
Key shares are associated with identity keys that cannot be changed by nodes participating in
secure communications. Proposed a scheme specially meant for MANETs which are used in
military applications or such emergency applications. This scheme supports medium mobility
support. The scheme is very secure. A Trusted Authority (TA) is part of the scheme. The nodes in
MANET are provided private key shares which are from CA. The TA coordinates the security
mechanism. Within two consecutive share refreshing processes, t+1 CA nodes cannot be
compromised by a mobile attacker. Thus it provides fool proof security.
Vennila and Duraisamy [19] proposed a multi-level group key management scheme. Their
scheme is used for secure multicasting in MANETs. The technique works in hierarchical fashion
by giving priority to cluster heads over cluster members. Cluster heads (CHs) are formed based
on the highest bandwidth availability and residual energy. The cluster head which has been
elected acts as group leader (GL) for multicasting. One way function chain is used to generate
keys. Using shuffle algorithm, key distribution is done. Assuming the presence of attackers,
experiments are made in terms of delivery ratio, drop of packets, energy, and resilience. This
scheme is energy efficient and improves packet delivery ratio.
Lakshmi, Sajid and Ramana [20] studied energy efficiency and security in MANETs. They
have provided details of various protocols such as Ad Hoc On-demand Vector Routing (AODV),
Temporally Ordered Routing (TORA), Dynamic Source Routing (DSR), and Destination-
Sequenced Distance Vector protocol (DSDV). Yang et al. [21] proposed identity – based
broadcast encryption (IBBE) for efficient key management. The solution is lightweight and fast
key agreement scheme. The scheme combines bilinear map and identity – based cryptosystem to
achieve efficient group key agreement. The salient feature of the scheme is that member of a
group has broadcasting capabilities. Each member will be able to find valid receivers and sends
messages securely.
An anonymous secure routing using cryptography for MANETs was proposed by Aghaie
and Adibnia [22]. The authors built a protocol to demonstrate the efficiency of the new security
model they proposed. Their empirical results revealed that in the presence of latency the scheme
achieved improved latency. In the presence of high traffic load, the scheme revealed significant
improvement in data packet latency. Shobha and Jadhav [23] studied security problems in
networks and proposed a scheme for secure communication in wireless networks. From the
simulation experiments the scheme is proved to be effective as it could improve throughput
besides being cost effective. Labbai and Rajani [24] proposed a secure group key management
protocol that is based on message authentication code. The proposed scheme is named as variable
bit rate on-demand routing protocol (VBOR). The message authentication code works in such a
way that it does not allow malicious nodes to get messages. Only group members who know
A Review on Efficient Key Management Schemes for Secure Routing in Mobile Ad hoc Networks
MAC value can get messages. Residual energy of the nodes is considered for making this scheme
to ensure the proposed scheme is energy efficient.
Pandya and Srivastava [25] studied the AODV protocol and made an extension to it. With
this they concluded that the key management schemes can be avoided by extending AODV
protocol efficiently. The reason behind is that the AODV is a popular routing protocol for mobile
networks and that can accommodate more secure communication with some changes. Digital
signature and secure hash algorithm are the two techniques used to improve security with AODV.
Devaraju and Ganapathi [26] proposed a QoS based secure multicast key distribution
inMANETs. A dynamic clustering approach is followed in order to achieve this. The
methodology used to distribute key includes DSDV [27] and OMCT integration, then enhancing
the integration, MDSDV [28] and CBMT, and efficient CBMT. The authors focused on phase 4
and achieved reduction of packet drop rate, end to end delay besides improving key delivery ratio
and reduction of energy consumption. Sanghavi and Tada [29] proposed cluster based topology
based secure key distribution scheme which is based on cryptographic function and network
coding approaches. This scheme is secure and robust which incurs less communication cost. Zhu
et al. [30] proposed an efficient group key management scheme named “GKMPAN” which will
improve scalability, efficiency, and partially stateless.
[3] DISCUSSION OF SCHEMES
The PKI based scheme proposed by Capkun et al. [18] avoids the usage of CA and third
party. Instead they use self-singed certificates. For room meeting scenarios the suitable key
management scheme is the one proposed by which makes use of a common password. Instead of
using the password directly, it is derived from a secret key. This provision is for preventing brute
force attacks. It also exhibits two party key exchange and group key exchange. For master slave
relationships proposed a scheme in which the master nodes exchange shared keys to slave nodes
then the slaves use common secret key to authenticate master node. Thus the communication takes
place securely. When all the participants are in the same physical space, the scheme proposed by is
suitable. In this approach a MAC is attached to each packet by the sender. The receiver waits until
all packets are buffered. Then the receiver takes the key disclosed by the sender thus it reduces one
MAC operation for each outgoing packet. For reliable communication almost all schemes use pre-
established key management schemes. Presented a scheme suitable for military operations. For
complete security it does not use a single CA. Instead it makes use of multiple replicated CAs at
various nodes arbitrarily. It can tolerate up to t compromised CA nodes. This is because it needs
t+1 partial signatures are required in order to break it. Two protocols are used by the scheme
proposed by Yuh-Min Tseng [17] for ensuring security in MANET. Collaborative key generation is
used by in their scheme. It is a threshold public key management scheme. Cho et al. [15] used TSS
for Cryptographically Generated Addresses (CGA) that ensures unbreakable security in MANET.
The scheme of cluster based and provides efficient, fault tolerant and expandable key management
scheme. Table1 summarizes all the key management schemes applied for MANETs.
A Review on Efficient Key Management Schemes for Secure Routing in Mobile Ad hoc Networks
and Tada [29]
topology based secure key distribution
method and network coding approach
impersonation attacks, eavesdropping, authentication and confidentiality, less communication overhead
distribution has not been evaluated
made in cluster- based ad hoc hierarchical network topology
Deng, Mukharji and Agarwal[ 6]
Threshold and identity based key management
Distributed key management and authentication
Saves network bandwidth, and computational power besides providing end-to-end confidentiality and authenticity
N/A Distributed key generation and identity based Authentication is the two important features of the research. Zhu et al. [30]
GKMPAN Probabilistic key sharing scheme.
Efficiency, scalability (with less revoked nodes), and partially stateless
It has scalability problem especially when number of revoked nodes exist
It is a group key management protocol evaluated in MANETs. Table 1 – Summary of key management schemes for MANETs
[4] CONCLUSIONS
In this paper we studied key management schemes in MANET that provide secure key
exchange for reliable communication among the nodes which are vulnerable to various kinds of
attacks such as location disclosure, black hole, replay, work hole, blackmail, denial of service and
routing table poisoning. As the usage of MANETs became ubiquitous, it is essential to have
complete security scheme in place to secure sensitive communications over MANET. As every
node in the MANET is also responsible to cooperate in communications they are targets to
attackers who launchattacks.The technical knowhow about various existing key management
schemes can help in securing MANETs efficiently. In this paper we discussed various key
management schemes found in the literature. This paper also throws light into various routing
protocols and security challenges at various layers of protocol stacks.
International Journal of Computer Engineering and Applications, Volume V, Issue I, Jan 14
REFERENCES
[1] Pratap K. Meher and P. J. Kulkarni.(2011). Analysis and Comparison of Performance of TCP- Vegas in MANET. IEEE .p67-70. [2] Dinesh Singh, Ashish K. Maurya, Anil K. Sarje. (2011). Comparative Performance Analysis of LANMAR, LAR1, DYMO and ZRP Routing Protocols in MANET using Random Waypoint Mobility Model. IEEE .p62-66. [3] Xia Wen-jie, Yan Han and Liu Feng-yu. (2011). The analysis of M/M/1 queue model with N policy for damaged nodes in MANET. IEEE .p289-294. [4] Sudharson Kumar and Parthipan.V. (2011). SOPE: Self-Organized Protocol for Evaluating Trust in MANET using Eigen Trust Algorithm. IEEE. p155-159. [5] FahimMaan, NaumanMazhar. (2011). MANET Routing Protocols vs Mobility Models: A Performance Evaluation. IEEE.p179-184. [6] Giuseppe Cardone, Antonio Corradi, Luca Foschini. (2011). Reliable Communication for Mobile MANET-WSN Scenarios. IEEE.p1085-1091. [7] Jian-Ming Chang, Po-Chun Tsou, Han-Chieh Chao and Jiann-Liang Chen. (2011). CBDS: A Cooperative Bait Detection Scheme to Prevent Malicious Node for MANET Based on Hybrid Defense Architecture. IEEE.p1-5. [8] AlokparnaBandyopadhyay, SatyanarayanaVuppala and PrasenjitChoudhury.(2011). A Simulation Analysis of Flooding Attack in MANET using NS-3. IEEE.p1-5. [9] Mike Burmester and YvoDesmedt.A secure and scalable group key exchange system.Information Processing Letters, May 2005. [10] Q. Zhou, L. Li, S. Wang, S. Xu, and W. Tan, " A Novel Approach toManage Trust in Ad Hoc Networks", IEEE Xplore, ICCIT, 0-7695-3038, 2007. [11] S. S. Rizvi, S. Poudyal, V. Edla, and R. Nepal, " A Novel Approachfor Creating Trust to Reduce Malicious Behavior in MANET", ACM978-1-59593-770-4., 2007. [12] UMANG SINGH. (2011). SECURE ROUTING PROTOCOLS IN MOBILE ADHOC NETWORKS-A SURVEY AND TAXANOMY. IEEE.p9-17. [13] H Yang H Y. Luo F Ye S W. Lu L Zhang. (2004). Security in mobile ad hoc networks: Challenges and solutions. IEEE.p1-12. [14] XieHai-tao. (2011). A Cluster-Based Key Management Scheme for MANET. IEEE.p1-4. [15] Shin-Young Cho, Dong-Min Kang, Hun-Jung Lim, Hun-Jung Lim, Jung-Ho Emo and Tai- Myoung Cho. (2011). Mechanism for Regenerating CGA Using Threshold Secret Sharing in MANET. IEEE.p891-895. [16] Deng H, Agrawal DP. TIDS: threshold and identity-based security scheme for wireless ad hoc networks. Ad HocNetworks 2004; 2(3): 291–307. [17] Yuh-Min Tseng. (2005). A heterogeneous-network aided public-key management scheme for mobile ad hoc networks. IEEE.0 (0), p3-15. [18] S. Capkun and J.-P.Hubaux, “BISS: Building Secure Routingout of an Incomplete Set of Security Associations,” Proc. ACMWksp. Wireless Security, ACM Press, 2003, pp. 21–29.
