A hierarchical key management scheme for secure group communications in mobile ad hoc networks

doi:10.1016/j.jss.2006.12.564

Journal of Systems and Software

Volume 80, Issue 10, October 2007, Pages 1667-1677

https://doi.org/10.1016/j.jss.2006.12.564 Get rights and content

Abstract

A mobile ad hoc network (MANET) is a kind of wireless communication infrastructure that does not have base stations or routers. Each node acts as a router and is responsible for dynamically discovering other nodes it can directly communicate with. However, when a message without encryption is sent out through a general tunnel, it may be maliciously attacked. In this paper, we propose a hierarchical key management scheme (HKMS) for secure group communications in MANETs. For the sake of security, we encrypt a packet twice. Due to the frequent changes of the topology of a MANET, we also discuss group maintenance in this paper. Finally, we conducted the security and performance analysis to compare the proposed scheme with Tseng et al.’s [Tseng, Y.-M., Yang, C.-C., Liao, D.-R., 2007. A secure group communication protocol for ad hoc wireless networks. In: Advances in Wireless Ad Hoc and Sensor Networks and Mobile Computing. Book Series Signal and Communication Technology. Springer] and Steiner et al.’s [Steiner, M., Tsudik, G., Waidner, M., 1998. CLIQUES: a new approach to group key agreement. In: Proceedings of the 18th IEEE International Conference on Distributed Computing System. Amsterdam, Netherlands, pp. 380–387] schemes.

Introduction

A mobile ad hoc network (MANET) (Macker and Corson, 1998, Marwaha et al., 2002) is a kind of wireless communication infrastructure that does not have base stations or routers. Its investment cost is less, and each mobile node acts as a router on the Internet. A MANET can be deployed rapidly, and it can be used in remote places and battlefields, etc.

In a MANET, a group can hasten message delivery and prevent bandwidth waste effectively. But if a message is sent out through a general tunnel without encryption, it may suffer malicious attacks (Mirkovic et al., 2002, Mishra et al., 2004, Patwardhan et al., 2005, Russell, 2001, Schmoyer et al., 2004). Because of these attacks, Internet security may be seriously affected. So in our scheme, a packet to be delivered will be encrypted, and only the receiver can decrypt the packet.

Key management schemes usually focus on improving security and reducing the memory storage of keys, as presented in MANETs (Chang and Chung, 2003, Jablon, 1996, Rafaeli and Hutchison, 2003). Two of the most common schemes for group structures are clustering (Tseng et al., 2007) and hierarchical trees (Amir et al., 2004, Chiang and Huang, 2003, Liu and Zhou, 2002, Steiner et al., 1996, Wong et al., 2000, Yang and Zheng, 2001). The advantage of clustering is that rekeying can be done quickly. The total cost of rekeying will increase greatly when members join or leave a larger group. Most group structures adopt a hierarchical tree. The main goal of a hierarchical tree is to decrease the cost of rekeying and to make management easy when changes in the group membership occur. The disadvantage of a hierarchical tree is that the maintenance cost increases when group membership increases.

Due to frequent changes of the network topology in a MANET, group maintenance of infrastructure wireless networks is not suitable. Therefore, we can use a common encryption key in a dynamic environment by following two rules. The first rule is forward secrecy. In this rule, when a new user joins a group, it cannot decrypt past encrypted messages. The second rule is backward secrecy. In this rule, when a group member leaves a group, it cannot decrypt future encrypted messages. If the two rules are followed, there will be better security for group key updating or protection. Managing keys efficiently within a group and reducing the amount of rekeying are the main goals we want to achieve. In this paper, we propose a hierarchical key management scheme (HKMS) for secure group communications in MANETs. A secure group can manage members efficiently and reduce the amount of rekeying.

The rest of the paper is organized as follows. In Section 2, we introduce the related work. The proposed scheme is presented in Section 3. In Section 4, we discuss the security analysis and time complexity analysis. In Section 5, we present the performance evaluation. Finally, conclusions are given in Section 6.

Section snippets

Related work

MANETs are typically dynamic peer networks (DPNs). The specific security requirements of DPNs (in particular, key management) are still considered to be open research challenges. Recently, several key agreement protocols for DPNs were proposed (Pieprzyk and Li, 2000, Steiner et al., 1996, Steiner et al., 1998, Tseng et al., 2007, Yang and Zheng, 2001). In Steiner et al. (1996), the key agreement protocols were obtained by extending the well-known Diffie–Hellman (DH) key exchange scheme to

The hierarchical key management scheme

In this section, we will introduce the key management concept and describe the group key maintenance in detail. First, Table 1 summarizes the notation used.

The topology changes frequently caused node’s moving in MANET. How to create and maintain one group is very important. We suppose the range which one node broadcast hello message to adjacent node is 2-hop. The hello message is to collect all information of nodes in the range of 2-hop. According to the information, we design the path and

Security analysis and time complexity analysis

Nodes in a subgroup are usually considered to be part of the security issue. It should be noted that nodes in a subgroup are secure because faster calculating speeds and various hacking methods may compromise their security. But, there are no fixed nodes to perform the service of authentication. We assume that all of the nodes of incoming subgroups in a MANET have already been acknowledged and have their own safety nodes with public and private keys. Therefore, the L1-head will generate L1GK

Performance model

We develop a performance model based on the model developed in Chen et al. (2006) to evaluate the communication cost for secure group key management. The performance metric used in our simulation is based on the total communication cost per unit time incurred in response to secure group key management events including group join and group leave. Thus, the total cost communication consists of two components:

(1)
Group join cost C_join: The cost for handling group join event. This cost also includes

Conclusions

It is very important to reduce bandwidth and protect the packet security during data transmission. In this paper, we proposed a hierarchical key management scheme (HKMS) for secure group communications in MANETs. For security, we protect our information from attacks by double encryption. We generate an L1-subgroup key for each L1-subgroup and an L2-subgroup key for each L2-subgroup. When the source node wants to send data to the destination node, they also will generate their own private key.

Acknowledgements

This work was supported by the National Science Council of Republic of China under grants NSC-94-2213-E-324-025 and NSC-95-2221-E-239-052.

References (27)

Y. Amir et al.
Secure group communication using robust contributory key agreement
IEEE Transactions on Parallel and Distributed Systems
(2004)
K.-C. Chan et al.
Key management approaches to offer data confidentiality for secure multicast
IEEE Network
(2003)
Chang, C.-C., Chung, C.-Y., 2003. An efficient session key generation protocol. In: Proceedings of the 2003 IEEE...
Chen, I.-R., Cho, J.-H., Wang, D.-C., 2006. Performance characteristics of region-based group key management in mobile...
Chiang, T.-C., Huang, Y.-M., 2003. Group keys and the multicast security in ad hoc networks. In: Proceedings of the...
Choudhary, M., Sharma, P., Sanghi, D., 2004. Secure multicast model for ad-hoc military networks. In: Proceedings of...
Dhurandher, S.K., Singh, G.V., 2005. Weight based adaptive clustering in wireless ad hoc networks. In: Proceedings of...
Huang, C.-C., Chang, R.-S., Guo, M.-H., 2003. Weight-based clustering multicast routing protocol for mobile ad hoc...
Jablon, P.D., 1996. Strong password-only authenticated key exchange. In: Proceedings of the 1996 Computer...
Liu, J., Zhou, M., 2002. Key management and access control for large dynamic multicast group. In: Proceedings of the...

J.P. Macker et al.

Mobile ad hoc networking and the IETF

ACM SIGMOBILE Mobile Computing and Communications Reviews

(1998)

Marwaha, S., Chen, K.T., Srinivasan, D., 2002. A novel routing protocol using mobile agents and reactive route...

Mirkovic, J., Prier, G., Reiher, P., 2002. Attack DDoS at the source. In: Proceedings of the 2002 IEEE International...

Cited by (44)

A secure and efficient group key agreement approach for mobile ad hoc networks
2017, Ad Hoc Networks
Citation Excerpt :
Mobile devices are mostly resource constrained due to fast battery depletion problem. For instance, protocols in [44,45] are well-known group key distribution protocols that the energy efficiency is a primary concern. In this study, we mostly concentrate on group key agreement protocols and we analyze protocols with respect to computational and communications costs rather than energy efficiency.
Mobile ad hoc networks have been used in many application areas such as sensors, file sharing and vehicle-to-vehicle communications. Providing secure communications among the users in such networks is a significant issue. Group key agreement protocols are frequently used to provide security in mobile ad hoc networks. There is a number of problems related to the use of group key agreement protocols in mobile ad hoc networks, such as adaptation in cluster-based communications, securely selecting the cluster head for inter-cluster communications, providing secure group key update mechanism for dynamic groups and reducing costs of communications and computations. In this study, we propose a secure and efficient group key agreement protocol that is adaptive for cluster-based communications in mobile ad hoc networks. We describe a novel secure cluster-head selection mechanism in the proposed protocol. The protocol provides security for dynamic group operations in addition to the basic security properties. The proposed protocol also provides better performance in terms of reducing the communications and computational costs. Finally, we present a set of simulations for the proposed protocol in mobile ad hoc networks scenario.
Toward secure group communication in wireless mobile environments: Issues, solutions, and challenges
2015, Journal of Network and Computer Applications
Group communication has been increasingly used as an efficient communication mechanism for facilitating emerging applications that require packet delivery from one or many sources to multiple recipients. Due to insecure communication channel, group key management which is a fundamental building block for securing group communication, has received special attention recently. Developing group key management in highly dynamic environments particularly in wireless mobile networks due to their inherent characteristics faces additional challenges. On one hand, the constraint of wireless devices in terms of resources scarcity, and on the other hand the mobility of group members increase the complexity of designing a group key management scheme. The article illustrates a survey of existing group key management schemes that specifically consider the host mobility issue in secure group communication in wireless mobile environments. The primary constraints and challenges introduced by wireless mobile environments are identified in order to show their critical influence in designing a secure group communication. The investigated schemes are then compared and analyzed against some pertinent criteria. Finally, the remaining challenges that should be tackled are outlined, and future research directions are also discussed.
Key management paradigm for mobile secure group communications: Issues, solutions, and challenges
2015, Computer Communications
Group communication has been increasingly used as an efficient communication mechanism for facilitating emerging applications that require packet delivery from one or more sources to multiple recipients. Due to insecure communication channels, group key management which is a fundamental building block for securing group communication, has received increasing attention recently. Developing group key management in highly dynamic environments faces additional challenges particularly in wireless mobile networks due to their inherent complexities. On one hand, the constraints of wireless devices in terms of resources scarcity, and on the other hand the mobility of group members increase the complexity of designing a group key management scheme. This article illustrates a survey of existing group key management schemes that specifically consider the host mobility issue in secure group communications in wireless mobile environments. The primary constraints and challenges introduced by wireless mobile environments are identified in order to show their critical influence in designing a secure group communication. The explored schemes are scrutinized and then compared against some pertinent criteria. Finally, the remaining challenges that should be tackled are outlined, and future research directions are also discussed.
Improved migration for mobile computing in distributed networks
2014, Computer Standards and Interfaces
Citation Excerpt :
A key management scheme can improve security and reduce the memory storage of keys, as presented in MANETs [5–7]. Recently, many scholars proposed various key management and access control schemes for MANETs [8–14]. In 1998, Volker and Mehrdad proposed a tree-based key management and access control scheme for the mobile agents to manage rights to access its own resources for the visited mobile nodes [8].
A mobile ad hoc network (MANET) is a special type of wireless network in which a collection of mobile nodes with wireless network interfaces may form a temporary network, without the aids of any fixed infrastructure. Security has become a hot research topic in mobile ad hoc networks. In 1998, Volker and Mehrdad proposed a tree-based key management and access control scheme for the mobile agents to manage rights to access its own resources for the visited mobile nodes. Latter, Huang et al. showed that Volker and Mehrdad's scheme needs a large amount of storage and costs for managing and storing secret keys. Huang et al. further proposed a new and efficient scheme based on the elliptic curve cryptosystems to reduce costs and gain better efficiency. However, there is a security leak inherent in Huang et al.'s scheme that the malicious node can overstep his authority to access unauthorized information. This paper will propose a secure, robust, and efficient hierarchical key management scheme for MANETs. Some practical issues and solutions about dynamic key management are also considered and proposed. As compared with Huang et al.'s scheme, our proposed scheme can provide better security assurance, while requiring smaller key-size, lower computational complexities, and constant key management costs which is independent on the number of the confidential files and the visited nodes.
Secure QoS-Based routing using hierarchical key ranking model in manet
2014, Journal of Circuits, Systems and Computers
A dynamic key management paradigm for secure wireless ad hoc network communications
2021, International Journal of Information and Computer Security

View all citing articles on Scopus

Nen-Chung Wang received the B.S. degree in Information and Computer Engineering from Chung Yuan Christian University, Taiwan, in June 1990, and the M.S. and Ph.D. degrees in Computer Science and Information Engineering from National Cheng Kung University, Taiwan, in June 1998 and June 2002, respectively. From 2002 to 2006, he was an Assistant Professor in the Department of Computer Science and Information Engineering, Chaoyang University of Technology, Taiwan. Since August 2006, he joined the faculty of the Department of Computer Science and Information Engineering, National United University, Taiwan. He is a member of the Phi Tau Phi Society. His current research interests include computer networks, wireless networks, parallel and distributed computing, e-learning, and bioinformatics. He is a member of the IEEE Computer Society.

Shian-Zhang Fang received the B.S. degree in Communication and Computer from Da Yeh University, Taiwan, in June 2003, and the M.S. degree in Computer Science and Information Engineering from Chaoyang University of Technology, Taiwan, in June 2005. His research interests include wireless networks, mobile computing, and wireless security.

View full text