Key Management in

Mobile Ad Hoc Networks

Fundamentals of Cryptography

Mahdi Kefayati
Summer 2005
Sharif University of Technology, CE
Agenda

• Introduction to Mobile Ad Hoc Networks

• Principles of Key Management
• Key Management in MANET
– Secret sharing methods
– Distributed CA methods
– Error-code based methods
• Conclusion
• References

Key Management in MANET 2

Mobile Ad Hoc Networks (MANET)

• Self-configuring
– No prior infrastructure (i.e. AP’s, BTS’s)
– On-Demand formation and communication
• Mobile Autonomous Nodes
– Wireless links
– Dynamic topology
– Limited capability of nodes (power and computation)
• Multi-hop routing
– Each node is potentially a router
– Collaborative communication

Key Management in MANET 3

MANET Applications

• Personal area networking

– Cell phones, Laptops, PDAs, Health sensors
• Military environments
– Soldiers, Vehicles, Planes
• Civilian environments
– Airports, hotels
– Conference rooms
– Home and small offices
• Emergency operations
– Crisis management and disaster recovery
– Search and rescue missions
– Policing and fire fighting

Key Management in MANET 4

Principals of Key Management

• Key management as the base for every

cryptographic system
• The security of the keys is equal to the
security of the whole system
• OSI standard, part 2: “the generation,
storage, distribution, deletion, archiving
and application of keys in accordance with
a security policy”
• The matter of trust

Key Management in MANET 5

Key Management System
• Combination of Algorithms and Protocols
• Dependences:
– The functionality of the security measures
– The quality of the security measures
– Some amount of trust into security managers, builders of the
system, etc.
– The physical security of some devices and/or communication
channels
• Design criteria:
– Minimize the number and complexity of trusted mechanisms
involved.
– Minimize physical activity
– Minimize the need for physical security
– Achieve maximum flexibility with regard to specific key
distribution protocols and specific cryptographic algorithms.
– Achieve maximum robustness
– Ensure that if any one entity is dishonest, that entity may be
exposed.
Key Management in MANET 6
KM Challenges in MANET

• Dynamic topology and environment

• Lack of trust
• Node failures
• Bounded computational and operational
power
• Connectivity problems
• Node autonomity

Key Management in MANET 7

Secret Sharing Methods

• (n,k) secret sharing scheme based on

polynomials [Shamir]
• Distributed KDC concept [Gong]
• Distributed pseudo random function [Naor]
• Distributed RSA key generation and
digital signature
• Group key management (at least t sig’s on
a pubic value)
• Distributed PKI and SKI
Key Management in MANET 8
Gong’s Method

KDC1

KDC2

A B

KDC3

KDC4

Key Management in MANET 9

Distributed Digital Signature

KDC1

KDC2

A
B
KDC3

KDC4

Key Management in MANET 10

Secret Sharing Methods - pros and cons

• Pros
– Distributed
– Scalable
– No less than t malicious/captured nodes can
lunch a severe attack
– Local decisions for group-wide decisions
• Cons
– At least t assistants are needed; Not well
suited for partitioned networks
– Trust pre-distribution and private key share
holders
Key Management in MANET 11
Distributed CA Method

• Considering a modified PKI hierarchy

– RCA: Root CA
– DCA: Delegate CA
– TCA: Temporary CA
• SA establishment and TPs
– Certificate acquisition (DCAs and TPs)
– Signed transactions
– Peer verification of transactions
• Behavior grading
– Positive reputation
– Negative reputation
– Complaint counter

Key Management in MANET 12

Distributed CA Method – pros and cons

• Pros
– Well suited for highly partitioned networks
– Certificate cashing
– Behavior grading
• Multi trust levels
• Possible cooperation with IDS’ to countermeasure
malicious/captured nodes
• Cons
– System synchronization
– Certificate reissuing and control overhead [against
what mentioned by the authors]
– (Excessive) use of out-of-band methods
– Need for peer access for behavior grading
• A note on topological simulations

Key Management in MANET 13

Error-code based methods

• The Byzantine Generals problem

[Lamport]
• Byzantine attacks in MANET (active and
passive)
• Using multi node-disjoint paths for secure
message exchange
• Using Reed-Solomon error codes

Key Management in MANET 14

Byzantine Resilient Method based
on RS Codes on Multiple Node-
disjoint paths
N1

N5
N3
N2
N8
N6

A N7
N9 N4 B
N12

N10
N12

Key Management in MANET 15

Error-code based methods

• Pros
– Byzantine resilient
– Can tolerate up to t=(n-k)/2 faulty/malicious paths
– Can detect faulty/malicious paths
– Possible detection of malicious/captured nodes by
correlating multiple faulty paths
• Cons
– Required degree of connectivity is high for
effectiveness of the method
– Calculating multiple node-disjoint paths might be
heavy or even impossible
– RS codes are some how heavy
– Higher BW usage
Key Management in MANET 16
Conclusion
• Security is one of the basic requirements of
MANETs
• Key management is one of the foundations
of establishing cryptographic based
security
• Any KMS to suite MANET shall be
distributed, resilient to active and passive
attacks and lightweight
• The effective design of a KMS for ad hoc
networks is really ad hoc (i.e. context
dependent)
Key Management in MANET 17
References
1. B. Lehane, L. Dolye and D.O’Mahony “Ad Hoc Key Management Infrastructure”, Proceedings of the
International Conference on Information Technology: Coding and Computing (ITCC’05), Volume 2, 2005, pp.
540 - 545.
2. George C. Hadjichristofi, et. all “A Framework for Key Management in Mobile Ad Hoc Networks”, Proceedings
of the International Conference on Information Technology: Coding and Computing (ITCC’05), Volume 2, 2005,
pp. 568 - 573.
3. Dijiang Huang and Deep Medhi “A Byzantine Resilient Multi-path Key Establishment Scheme and Its
Robustness Analysis for Sensor Networks”, Proceedings of the 19th IEEE International Parallel and
Distributed Processing Symposium (IPDPS’05), 4 - 8 April 2005, pp. 240b - 240b.
4. Aruna Balasubramanian, et. all “Analysis of a Hybrid Key Management Solution for Ad hoc Networks”, IEEE
Wireless Communications and Networking Conference (WCNC 2005), Volume 4, 13-17 March 2005, pp. 2082 -
2087.
5. Bing Wu, et all “Secure and Efficient Key Management in Mobile Ad Hoc Networks”, Proceedings of the 19th
IEEE International Parallel and Distributed Processing Symposium (IPDPS’05), 4 - 8 April 2005, pp. 240b -
240b.
6. Mohammad Ilyas, et all “The Handbook of Ad hoc Wireless Networks”, CRC Press LLC, 2003.
7. Walter Fumy and Peter Landrock “Principles of Key Management”, Journal of Selected Areas in
Communications, Vol. 11 No. 5, June 1993, pp. 785 - 793.
8. ISO International Standard 7498-2: “Open Systems Interconnection Reference Model-Part 2: Security
Architecture,” 1988.
9. M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” DEC Syst. Res. Center Rep. Vol. 39, 1990.
10. A. Shamir “How to Share a Secret”, Communications of the ACM, Vol. 22, 1979, pp. 612 - 613.
11. L. Gong “Increasing Availability and Security of an Authentication Service”, IEEE Journal on Selected Areas in
Communications, Vol.11, No. 5, 1993, pp. 657 - 662.

Key Management in MANET 18

References (contd.)
12. M. Naor, B. Pinkas and O. Reingold “Distributed Pseudo-Random Functions and KDCs”, Advances in
Cryptology - Eurocrypt '99 Proceedings, LNCS 1592, Springer-Verlag, 1999, pp. 327 - 346.
13. B. Lehane , L. Doyle, D. O’Mahony, “Shared RSA Key Generation In A Mobile Adhoc Network”, In proceedings
of IEEE 2003 Military Communications Conference (MILCOM2003), Boston, MA, USA, Oct 2003.
14. D. Boneh and M. Franklin “Efficient Generation of Shared RSA Keys”, Proceedings of the Annual International
Cryptology Conference on Advances in Cryptology – Crypto ‘97, 1997, Springer-Verlag, LNCS 1294, pp. 425 -
439.
15. V. Shoup “Practical Threshold Signatures”, Proceedings of the Advances in Cryptology – Eurocrypt 2000:
International Conference on the Theory and Application of Cryptographic Techniques, May 2000, Springer-
Verlag, LNCS 1807, pp. 207 - 220.
16. W. Diffie and M. E. Hellman “New directions in cryptography”, IEEE Transactions on Information Theory, vol.
22, 1976, pp. 644.
17. J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang “Providing Robust and Ubiquitous Security Support for Mobile
Ad Hoc Networks,” in Proceedings of the 9th International Conference on Network Protocols (ICNP), November
2001.
18. J. Douceur “The Sybil Attack”, in Proceedings of the 1st International Workshop on Peer-to-Peer Systems
(IPTPS), 2002.
19. S. Capkun, L. Buttyan, and J. Hubaux “Self-organized Public-key Management for Mobile Ad Hoc Networks”,
IEEE Transactions on Mobile Computing, vol. 2, 2003, pp. 52 - 64.
20. W. Adams, G. Hadjichristofi, and N. Davis “Calculating a Node's Reputation in a Mobile Ad Hoc Network”,
Proc. Int'l Performance Computing and Communications Conference, AZ, April 2005.
21. L. Lamport, R. Shostak and M. Pease “The Byzantine Generals Problem”, ACM Transactions on Programming
Languages and Systems, Vol. 4, No. 3, 1982, pp. 382 - 401.
22. H. Chan, A. Perrig and D. Song “Random Key Predistribution schemes for sensor networks”, In Proceedings of
2003 Symposium on Security and Privacy, Los Alamitos, CA, IEEE Computer Society, pp. 197 – 215, 2003.
23. S. Zhu, S. Xu, S. Setia and S. Jajodia “Establishing Pair-wise Keys for Secure Communication in Ad Hoc
Networks: A Probabilistic Approach”, In Proceedings of 11th IEEE International Conference on Network
Protocols (ICNP), November 2003.

Key Management in MANET 19

Questions

That’s all folks!

Thanks ☺

Key Management in MANET 20