Power proximity based key management for secure multicast in ad hoc networks

As group-oriented services become the focal point of ad hoc network applications, securing the group communications becomes a default requirement. In this paper, we address the problem of group access in secure multicast communications for wireless ad hoc networks. We argue that energy expenditure is a scarce resource for the energy-limited ad hoc network devices and introduce a cross-layer approach for designing energy-efficient, balanced key distribution trees to perform key management. To conserve energy, we incorporate the network topology (node location), the “power proximity” between network nodes and the path loss characteristics of the medium in the key distribution tree design. We develop new algorithms for homogeneous as well as heterogeneous environments and derive their computational complexity. We present simulation studies showing the improvements achieved for three different but common environments of interest, thus illustrating the need for cross-layer design approaches for security in wireless networks. Loukas Lazos received the B.S. and M.S. degrees from the Electrical Engineering Department, National Technical University of Athens, Athens, Greece, in 2000 and 2002, respectively. He is currently working towards the Ph.D. degree in the Electrical Engineering Department, University of Washington, Seattle. His current research interests focus on cross-layer designs for energy-efficient key management protocols for wireless ad-hoc networks, as well as secure localization systems for sensor networks. Radha Poovendran received the Ph.D. degree in electrical engineering from the University of Maryland, College Park, in 1999. He has been an Assistant Professor in the Electrical Engineering Department, University of Washington, Seattle, since September 2000. His research interests are in the areas of applied cryptography for multiuser environment, wireless networking, and applications of information theory to security. Dr. Poovendran is a recipient of the Faculty Early Career Award from the National Science Foundation (2001), Young Investigator Award from the Army Research Office (2002), Young Investigator Award from the Office of Naval Research (2004), and the 2005 Presidential Early Career Award for Scientists and Engineers, for his research contributions in the areas of wired and wireless multiuser security.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

An enhanced performance through agent-based secure approach for mobile ad hoc networks

This paper proposes an agent-based secure enhanced performance approach (AB-SEP) for mobile ad hoc network. In this approach, agent nodes are selected through optimal node reliability as a factor. This factor is calculated on the basis of node performance features such as degree difference, normalised distance value, energy level, mobility and optimal hello interval of node. After selection of agent nodes, a procedure of malicious behaviour detection is performed using fuzzy-based secure architecture (FBSA). To evaluate the performance of the proposed approach, comparative analysis is done with conventional schemes using performance parameters such as packet delivery ratio, throughput, total packet forwarding, network overhead, end-to-end delay and percentage of malicious detection.     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

Partitioning QoS management for secure tactical wireless ad hoc networks

Addressing quality of service in military wireless ad hoc communication networks involves unique challenges due to imposed tactical requirements and,conditions, such as heterogeneous traffic with stringent-real-time and survivability requirements, mobile wireless nodes in hostile environments, and limited spectrum availability. Encryption adds another layer of complexity because of the partitioning of the network into plain text (unencrypted) and cipher text (encrypted) parts that, by definition, cannot communicate QoS information to one another. A typical communication shelter is composed of unencrypted LANs connected to a packet-encrypted backbone network. This article presents a partitioned QoS approach, focusing on QoS management at the unencrypted LAN that complements QoS management done at the encrypted backbone. Some of the unencrypted LAN QoS techniques being considered for the Warfighter Information Network-Tactical (the future Army tactical backbone network) are outlined.     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

An efficient mesh‐based multicast routing protocol in mobile ad hoc networks

Mesh‐based multicast routing protocols for mobile ad hoc networks (MANETs) build multiple paths from senders to receivers to deliver packets even in the presence of links breaking. This redundancy results in high reliability/robustness but may significantly increase packet overhead. This paper proposes a mesh‐based multicast protocol, called centered protocol for unified multicasting through announcements (CPUMA), that achieves comparable reliability as existing mesh‐based multicast protocols, however, with significantly much less data overhead. In CPUMA, a distributed core‐selection and maintenance algorithm is used to find the source‐centric center of a shared mesh. We leverage data packets to center the core of each multicast group shared mesh instead of using GPS or any pre‐assignment of cores to groups (the case of existing protocols). The proposed centering scheme allows reducing data packet overhead and creating forwarding paths toward the nearest mesh member instead of the core to reduce latency. We show, via simulations, that CPUMA outperforms existing multicast protocols in terms of data packet overhead, and latency while maintaining a constant or better packet delivery ratio, at the cost of a small increase in control overhead in a few scenarios. Copyright © 2010 John Wiley & Sons, Ltd.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

Probabilistic reliable multicast in ad hoc networks

When striving for reliability, multicast protocols are most commonly designed as deterministic solutions. Such an approach seems to make the reasoning about reliability guarantees (traditionally, binary, “all-or-nothing”-like) in the face of packet losses and/or node crashes. It is however precisely this determinism that tends to become a limiting factor when aiming at both reliability and scalability, particularly in highly dynamic networks, e.g., ad hoc networks. Gossip-based multicast protocols appear to be a viable path towards providing multicast reliability guarantees. Such protocols embrace the non-deterministic nature of ad hoc networks, providing analytically predictable probabilistic reliability guarantees at a reasonable overhead.

This paper presents the Route Driven Gossip (RDG) protocol, a gossip-based multicast protocol designed precisely to meet a more practical specification of probabilistic reliability in ad hoc networks. Our RDG protocol can be deployed on any basic on-demand routing protocol, achieving a high level of reliability without relying on any inherent multicast primitive. We illustrate our RDG protocol by layering it on top of the “bare” Dynamic Source Routing protocol, and convey our claims of reliability and scalability through both analysis and simulation.     

An efficient and attack‐resistant key agreement scheme for secure group communications in mobile ad‐hoc networks

As a result of the growing popularity of wireless networks, in particular mobile ad hoc networks (MANET), security over such networks has become very important. Trust establishment, key management, authentication, and authorization are important areas that need to be thoroughly researched before security in MANETs becomes a reality. This work studies the problem of secure group communications (SGCs) and key management over MANETs. It identifies the key features of any SGC scheme over such networks. AUTH‐CRTDH, an efficient key agreement scheme with authentication capability for SGC over MANETs, is proposed. Compared to the existing schemes, the proposed scheme has many desirable features such as contributory and efficient computation of group key, uniform work load for all members, few rounds of rekeying, efficient support for user dynamics, key agreement without member serialization and defense against the Man‐in‐the‐Middle attack, and the Least Common Multiple (LCM) attack. These properties make the proposed scheme well suited for MANETs. The implementation results show that the proposed scheme is computationally efficient and scales well to a large number of mobile users. Copyright © 2007 John Wiley & Sons, Ltd.     

An efficient load balancing method for ad hoc networks

Routing is the most basic and essential operation of any ad hoc network. A mobile ad hoc network presents many challenges, because of the severe resource limitations such as dynamic and varying topology, lack of centralized control, insecure medium, and limited battery power, among others. Therefore, optimization and conservation is the key to success of any ad hoc network operation. In this paper, we propose and define 2 new metrics for ad hoc networks: bandwidth utilization ratio and load index. These metrics can be used as an indicator to measure and monitor the network usability and to improve its efficiency by efficient load distribution. They can be used to predict the additional load that can be accommodated in the network, without causing any congestion or overflows. We also propose a new load balancing routing scheme for ad hoc networks, called efficient load balancing method. This method tries to offset the load on different paths using load index as a metric. Load index is defined as a measure of a node's degree of involvement in the message routing process, which is indicative of its load. To make this algorithm efficient, we limit our routes to a few efficient ones only. This number of alternate routes used, out of the pool of all available routes, is defined as degree of distribution. Simulation results adequately prove the efficiency of proposed method, vis‐à‐vis 2 other load balancing approaches, and these are verified statistically at 99% confidence interval. A p × q factorial design is used to verify that simulation results are the actual measurements and not due to some unknown errors.     

Provably secure hybrid key agreement protocols in cluster-based wireless ad hoc networks

Wireless ad hoc networks support rapid on-demand and adaptive communication among the nodes due to their self-configurable and autonomous nature and lack of fixed infrastructure. Security is a crucial factor for such systems. Since ad hoc networks rely on the collaboration principle, the issue of key distribution and efficient group key management in such networks represents two of the most important problems. We describe hybrid solutions to the problem of key distribution and key management by reflecting ad hoc networks in a topology composed of a set of clusters. To date no security proofs exist for these types of protocols. We present two dynamically efficient schemes. We show that both our hybrid schemes are provably secure in the standard model under Decision Diffie–Hellman (DDH) assumption. The proposed protocols avoid the use of a trusted third party (TTP) or a central authority, eliminating a single point of attack. We analyse the complexity of the schemes and differentiate between the two approaches based on performance in a wireless setting. In comparison with the existing cluster-based hybrid key agreement protocols, our proposed approaches individually provide better performance in terms of both communication and computation, handle dynamic events efficiently, and are supported by sound security analysis in formal security models under standard cryptographic assumptions.     

An ad hoc networking scheme in hybrid networks for emergency communications

This paper describes an ad hoc networking scheme and routing protocol for emergency communications. The objective of the network is to collect damage assessment information quickly and stably in a disaster. The network is configured with a hybrid wireless network, combining ad hoc networks and a cellular network to maintain connectivity between a base station (BS) and nodes even in a disaster. In the event that a direct link between the BS and a node is disconnected due to damage or obstacles, the node switches to the ad hoc mode, and accesses the BS via neighboring nodes by multihopping. The routing protocol proposed in this paper discovers and builds a route by way of monitoring neighbors’ communications instead of broadcasting a route request packet. The network employs a dedicated medium access control protocol based on TDM (Time Division Multiplexing) for multihopping in ad hoc networks to maintain accessibility and to perform a short delay. Experiments showed that approximately 90% of nodes are capable of reaching the BS within a few hops, even in conditions where only 20% of nodes maintain direct connections to the BS. In addition, the results showed that it is feasible for the network to operate in a short delay for delivering a packet to the BS. However, throughput is not retrieved sufficiently due to the restriction of the access protocol, whereas reachability does improve sufficiently. Therefore, the network is suitable for collecting damage assessment information and transmitting urgent traffic quickly and stably, while the data is restricted to a small amount.     

移动ad hoc网络预分配非对称密钥管理方案

为了降低移动ad hoc网络非对称密钥管理中的通信开销,基于组合公钥思想,将ElGamal方案与预分配密钥方式相结合,提出一种基于身份的预分配非对称密钥管理方案(PAKMS)。该方案通过私钥生成中心为节点预分配主密钥子集及基于时间获得节点密钥更新的方式,从方法上降低了移动ad hoc网络非对称密钥管理中的通信开销;私钥生成中心为节点预分配主密钥子集的方式也使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥。由此,弱化了基于身份密钥管理中存在的私钥托管问题对网络安全的影响。与典型方案对比分析表明,该方案在提供节点密钥更新服务的情况下能够有效降低网络通信开销。此外,对方案的安全性进行了详细证明。     

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.     

An adaptive management architecture for ad hoc networks

Ad hoc networks, where mobile nodes communicate via multihop wireless links, facilitate network connectivity without the aid of any preexisting networking infrastructure. The intrinsic attributes of ad hoc networks, such as dynamic network topology, limited battery power, constrained wireless bandwidth and quality, and large number of heterogeneous nodes, make network management significantly more challenging than stationary and wired networks. In particular, the conventional client/server-based manager/agent management paradigm falls short of addressing these issues. We describe the Guerrilla management architecture to facilitate adaptive and autonomous management of ad hoc networks. The management capability of Guerrilla is scalable to accommodate the sheer number and heterogeneity of nodes, autonomous and survivable to adapt to network dynamics, and economical to minimize management overhead.     

An efficient key predistribution scheme for ad hoc network security

We introduce hashed random preloaded subsets (HARPS), a highly scalable key predistribution (KPD) scheme employing only symmetric cryptographic primitives. HARPS is ideally suited for resource constrained nodes that need to operate for extended periods without active involvement of a trusted authority (TA), as is usually the case for nodes forming ad hoc networks (AHNs). HARPS, a probabilistic KPD scheme, is a generalization of two other probabilistic KPDs. The first, random preloaded subsets (RPSs), is based on random intersection of keys preloaded in nodes. The second, proposed by Leighton and Micali (LM) is a scheme employing repeated applications of a cryptographic hash function. We investigate many desired properties of HARPS like scalability, computational and storage efficiency, flexibility in deployment modes, renewability, ease of extension to multicast scenarios, ability to cater for broadcast authentication, broadcast encryption, etc., to support its candidacy as an enabler for ad hoc network security. We analyze and compare the performance of the three schemes and show that HARPS has significant advantages over other KPDs, and in particular, over RPS and LM.     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.