2010 2nd International Conference on Signal Processing Systems (ICSPS)

A Cross-Layer key management scheme in Ad hoc network

Zeng-Ping
Department of Communication Engineering Beijing Electronic Science and Technology Institute Beijing, China, 100070 Zengping69@sina.com

Hu-Ronglei
Department of Communication Engineering Beijing Electronic Science and Technology Institute Beijing, China, 100070 hrl@besti.edu.cn

Yang-Yatao
Department of Communication Engineering Beijing Electronic Science and Technology Institute Beijing, China, 100070 yyt@besti.edu.cn

Song-Jie
Department of Communication Engineering Beijing Electronic Science and Technology Institute Beijing, China, 100070 songjiebimo@126.com management in the certificated encryption management system. In this system, each user has an identity, such as email, telephone number and IP address. User's public key of his own identity can be got by anybody while his private key was generated by KDC (Key Distribution Center) or PKG (private key generator). There is no doubt that this cryptography system has so many advantages. Cross-layer solutions are becoming less promising and due to the limitation of scalability, gathering of the controlling information and implementation complexity. It is essential to deal with information exchange timely and accurate using distributed solutions for these delay-sensitive applications. The advantages of cross-layer design are not only to improve the performance of a system but also can decline energy loss, improving operates speed. Because of the limited resources of the character in Adhoc network, its design of the key management scheme causes the additional energy consumption, communication and calculation. Which should be considerate primary, therefore, the security of a cross-layer approach to the design to Ad hoc network is particularly necessary. This paper proposes a cross-layer key management scheme for solving in the process of the key updating due to the complexity of the algorithm and node authentication traffic. This may result in network performance declining compared with before, finally ultimately lead to the failure of the key issues and high bit-error-rate problems which generated by key updating information in an accurate transmission. The rest of this paper is organized as follows. In section II, key management schemes, cross-layer design in Ad hoc network are briefly described. In section III, a new cross-layer threshold based on distributed CA key management Scheme is introduced. In section IV, the security and performance of our scheme are analyzed. II. RELATED WORKS Ad hoc network of cross-layer design is a relatively new research topic. The current articles are not many. But the key of the discussion always focused on optimization of

Abstract: Wireless Ad hoc network is vulnerable to various security threats and key management is one important means to solve security problems of Ad hoc network. But the higher the security of key management mechanisms, the easier to consume more energy and network resources. An cross-layer key management model is proposed to resolve the questions due to the shortage of network resources and energy, both think of network security and network performance factors. The constraint conditions of each layer include providing the network performance parameters, network security and network requirements. On the basis of this model, a cross-layer key management scheme is given based on threshold cryptography. In key update process of the scheme, the function of each layer involved in the update was clearly. The algorithms and the exchange of the node to authenticate the complexity may be caused by a decline in network, the network performance would ultimately lead to failure of the key updates or updated key information in an accurate Transmission of information that exist in the high bit error rates. Scheme analysis shows that the scheme is suitable for wireless Ad hoc network. Keywords: Ad hoc network, cross-layer key management; threshold cryptography

I.

INTRODUCTION

As the characteristics of the Ad hoc network its security problems are more difficult than traditional wireless networks, based on the security problem, Note Key Management has became a hotspot research topic. And now, the study of key management scheme uses a hierarchical structure mostly. The resolution of IDBS (Identity Based public key System) is an important part of Ad hoc network Key Management Schemes. One of the pioneers is Shamir[1], who first proposed Identity-based cryptography system. A more recent work is carried out by Bnoeh and Franklin in the reference [2], who introduces the first practical identity based on security encryption scheme. Compared with original intention of Shamirs, identity based on cryptography system reduced the cost of certificate

978-1-4244-6893-5/$26.00 C 2010 IEEE

V1-132

2010 2nd International Conference on Signal Processing Systems (ICSPS)

a conduct objective which is generally single at the traditional layers [3]. Literature [4] studied on the design of the physical layer and MAC layer cross-layer, the optimization goal is important in the respect of routing protocols. Literature [5] focuses on the effective integration of physical layer, MAC layer and network layer. The emphasis of study is channel estimation and location information. The optimization goal is wireless bandwidth. Literature [6] focuses on the cross-layer design of MAC layer and network layer to realize differential service targets. Literature [7] discussed the entire stack protocol in the cross-layer design, but paying more attention on the power efficiency. Literature [8] studies on transmitting from application layer to the link layers under constraints condition of delay, so that link layer can determine the packet priority. Literature [9] solves the congestion problems of wireless network designing a cross-layer congestion avoidance mode which collects the capacity information of each layer such as bandwidth, link propagation delay and so on at the transport layer. Transport layer which gets capacity information from lower layer adjusts the output of the data stream, and then the network congestion will be avoided. To satisfy the translating of real-time video streaming, Literature [10] adopts to the cross-layer design, throwing the load information from the network layer to the transport layer and data link layer, while the capacity information of the data link layer is transmitted to the network layer and transport layer. Cross-layer will be applied to the key management scheme. Their related researches are very few. Based on pre-distribution random key management scheme, Literature [11] puts the hopping frequency parameters of the physical layer and encryption key of application-layer into a unified framework. According to the security demands of the service level, the sender adopts random hopping frequency parameter for encryption or selecting encryption key, or both. Literature [12] introduces an infinite multicast based on Cross-layer key management scheme, which involves the transport efficiency of physical layer, multicast routing tree of network layer and the final optimization objectives. It is established that a high energy-efficient key distribution scheme in application layer. Self-Adaptive design can be considered in key management program, the security level, congestion and residual energy also considered. The core is constraint conditions derived to optimize object from eachlayer. III. PROPOSED SCHEME

It is so-called (n, k) threshold cryptography. The algorithm uses the characteristics of threshold cryptography, concentrating network initialization. Its private key of network is divided into n copies specifying the n nodes, which n nodes act as a single distributed CA. When the CA needs publish certificate, arbitrary k nodes of this n notes co-generate a valid certificate. When a new node joins the network, these n nodes can make the certificate application using any of the k nodes, each node return to the signatures certificate, together formed a complete certificate. In order to prevent attacking on mobile adversaries, the node which have been attacked by the enemy move to the next nodes, it can break a lot of nodes as the time going, even up to k nodes. By this it can be shared updating algorithm periodically, that is, new n copies are generated from the old n copies of the private key. Though the new private key is independent of the old private key, so as long as obtain the right updating cycle, you can attack against mobile adversaries. B. detail scheme We use (n, t +1) threshold cryptography design generating n copies of (S1, S2, , Sn) based on the k copies key of the management services. Each server share one copy and use the key shared generated part of the signatures and then submitted to a combiner. As long as there are T +1correct part of the signatures, combiner will be able to fully calculate the correct signature. Figure 1 shows that the server use the (3,2) threshold cryptography designed to produce signatures: Given a server consisting of three servers, setting K / k is the public /private key pair of the serve. Using the design of (3,2) threshold cryptography, put the k keys divided into three parts. Each server I will get a si. For a message M, the server I can use the S generating parts of the signatures PS (M, si). Normal servers 1 and 3 could produce part of the signatures and send it to the combiner C. Even if the server 2 has failed to submit part of the signatures, combination server C can still generate the message M's signature using service key k.

Figure 1. the signature of threshold K / k

A. threshold-Based Distributed CA Key Management Scheme In this paper, we use threshold theory based on Distributed CA Key Management Scheme. The design thoughts are as follows: Lidong Zhou and Zygmunt J. Haas propose algorithms based on threshold theory cryptography to achieve distributed CA carrying out key management [13].

In order to adapt to changes in the structure of their own networks and the uncertainty of the enemy, we have also used the key updating for the design of active defense. Active defense is designed for mobile enemy (originally proposed by Ostrovsky and Yung, mainly describe that the enemy attacks on the server in the form of a virus attacks network) concerned. It uses shared updating technology that collaborate in case of exposing the key services to any server, if not, the server could calculate the new key copies

V1-133

2010 2nd International Conference on Signal Processing Systems (ICSPS)

according to the old one and re-form sharing service private key(n, t +1). After the updating, the server generates part of the signatures using new sharing copies. As the new shares is independent of the old, the enemy can not calculate the key binding the ways on the share copies of old and new, but the enemy is also possible to attack the t +1 servers successfully in the cycle of updating. Share updating technology has the following nature. If (S1, S2, S3, , Sn) is a (n, t +1) structure to the sharing of the k1, (S1 ', S2', S3 ', , Sn') is a (n, t +1) structure to the sharing of k2, then (S1 + S1 ', S2 + S2', S3 + S3 ', , Sn + Sn') is a structure (n, t +1) to the sharing of k1 + k2. Given n servers, (S1, S2, S3, , Sn) is a (n, t +1) structure to the sharing of key management service key k, server of the copy i corresponding sub-Si. Assumption that all servers are working, sharing updating according to the following manner: First, each server generates an arbitrary (Si1, Si2, Si3, , Sin), we call these new emerging Sij for sub-component of the server Si (shown in Figure 4.2 the first J columns). Then, each subcomponent Sij is securely transmitted to the server Sj, when the server J are (S1j, S2j, S3j, , Snj) (the composition of Figure 1, the first j rows) it can calculate a new sJ '= Sj + (S1j + S2j + + Snj) based on these sub-applications, as well as the original old shared. In order to allow the server to detect the incorrect subcopies, we can use verifiable key sharing design. We use the non-reversible function to generate additional sub-public information for each copy. Using this information, we can judge the correctness of the corresponding sub-copies. Share updating technology could adapt to the changes of the structure in key management services, for instance, the key management service of the structure was changed from (n, t +1) into a (n ', t' +1). If a server is no longer credible, or a new server is added in, the key management service is necessary to change its structure correspondingly. For example, a key management service starting its structure (7,3), after a period of time a server is attacked, and then key management service should be revised its structure to (6,2) automatically. Note that updating did not change the key pair. It is also certificated nodes using the same public key in the network.This feature makes the sharing of refresh for all nodes are transparent, so guaranteed to be scalable.

IV.

A CROSS-LAYER KEY MANAGEMENT SCHEME

A. Cross-layer key management model Firstly, a cross-layer key management model should be established, as shown in Figure 3. Consideration of network security and network performance which is guarantied by QoS comprehensively, it includes the various protocol layers, multiple parameters of cross-layer key management model. Entity arrow of the diagram indicates that each floor layer sent parameters of status information which are from its own layer and related key management to database and then stored it. The control center remove the data-related from the database and analysis, afterwards, according to the results which is analyzed by parameters of the state information, it send consequential orders to the corresponding layer (dashed arrows indicates). The layers correspondingly adjust the corresponding state according to the order related key management which ensures the step correspondingly progressing smoothly.

Figure 3. Cross-layer key management model

B. Key Distribution To obtain a frequency hopping sequences from Ad hoc network node, we commonly use the technology of which monitoring The rate of change of the hopping sequence in gear-box, so we have to ensure the safety of hopping sequences and change it within a shorter period of time before the frequency-hopping sequences changed as long as the enemy was found hopping sequence [11]. In this article we assume that the time of changing the frequency-hopping sequence is short enough but it is as a prerequisite that the both sides of the communication could complete the synchronization. General, frequency hopping parameters include: Frequency hopping setting: Available frequency value within the available bandwidth Residence time: Interval of the time between hopping frequencies Hopping frequency pattern: set the order of the hopping frequency point which was changing. Each node of the Ad hoc network shares the hopping parameters above together. The changing order of each hopping frequency node in the hopping frequency pattern is using random order. Though

Figure 2. Sharing the key which have been updated

V1-134

2010 2nd International Conference on Signal Processing Systems (ICSPS)

the assumption at beginning of this section, we can see that point of change in hopping frequency sequence is a secret. Using the values of the frequency node as a key encryption, if only guarantee that hopping frequency have been completed when the enemy monitoring get the value of the frequency. And then communicate using the next value of the frequency. At the same time, the initialization process of the key management has been completed when the enemy obtained the random sequence of the whole changing frequency node can be. As mentioned earlier, based on threshold theory of distributed CA key management scheme, the data is not encrypted at the transmission proceeding of which the primary key is divided into n copies and distributed to n random nodes, that is transmit at the channel of insecurity. Shown in Figure 4, we ensure the security of key distribution adopting that current frequency value of the key parameters at the random frequency-hopping between the sharing physical layers regard as data which is encrypted at the transmission proceeding of the key distribution. When the key management program initializes the distribution key, the application layer will transmit the information needed preceding the key distribution transmit to the database, and then control center get this information, afterwards inform the physical layer in which will start cross-layer mechanism of the random hopping frequency. Transmitting parameters of the random frequency-hopping to the database, the control center gets the database sent to application layer which encrypted key transmission data adopted current frequency value of the frequency-hopping parameter and then transmitted.

bandwidth of the link, the quality of the link, data types, the number and length of the retransmission data frame, available time information in wireless channel, switching to launch and completion time, delay, delay jitter, etc., which can be expressed as L (var1 , var2 ,...). At the network layer, the routing information, address information, mobile switching information, physical network interfaces which is currently being used and so on, which can be expressed as N (var1, var2...). At the transport layer, error control, roundtrip time, retransmission timeout, maximum transmission unit, the receiver window, congestion window, packet loss rate, the actual throughput, which can be expressed as T (var1, var2...)? At the application layer, operating characteristics, topology control algorithm, packet loss statistics, QoS requirements, key algorithm, which can be expressed as A (var1, var2...) Optimization objective in this article is to set out the next that is QoS service quality assurance in the key update phase of the key management, which can be expressed as Q. System constraints, S (var1, var2 ...) represent that it is the necessary parameters to ensure that system design does not diffuse, for instance of the constraints of adhoc network resources and dynamic topology. In this way, cross-layer design process can be expressed using a function as O = f (P, L, N, T, A, S) As the network characteristics and the requirements of which people designed the network is various, the function does not have a fix solution or the form of determined and can not have, but it gives method how to analysis the problem in the design proceeding of the cross-layer network. The right side of the formula set out the various network information which are handled by cross-layer module and the left shows the optimization goals in the cross-layer design. Key Renew As mentioned earlier, based on threshold theory of distributed CA key management programs are generally adopt non-symmetric cryptosystem such as RSA public key algorithm or key algorithm of the elliptic curve. And this leads to certification nodes needed a heavy amount of the computation and the calculating in the key updating phase of the nodes. Whereas the Ad hoc network resource constrained, it likely to cause communication bottlenecks in process of the key transmission and consultation. Therefore, the problems are that how to ensure the absolute accuracy of the key information in the high bit error rate wireless network also exist. To solve these problems, we use crosslayer mechanisms which are granted by QoS service quality optimizing the process of updating the key and reducing data traffic, consumption of limited resources in the Ad hoc network and ensuring the accuracy of key information. In general, the key management algorithm should be performed at the application layer regarded as a kind of service needs, while the key transmission and consultation

Figure 4. Key Distribution

3) Key Renew Cross layer mechanism which was granted by QoS (quality of service) Cross-layer design can be summarized as two aspects of the state and optimization [20]. State includes 5 layers which various state information from physical layer to application layer. For the sake of clarity, it can be distinguished according to levels, Such as the node position at the physical layer, movement parameters (such as speed, direction, etc.), transmission power, hopping frequency, bit error rate , SNR and other state parameters, which can be expressed as P (var1, var2 ,...). At the link layer, the

V1-135

2010 2nd International Conference on Signal Processing Systems (ICSPS)

can be viewed as highly demanding service needs of the QoS. When the key is needed for update, you can use crosslayer mechanism. The specific process as shown in Figure 4.5, the application layer will transmit information of needed special QoS service requirements back to the database at the time of the key updating. Control center will get the information extracted from the database and then notify the protocol layer; each protocol layer is to start the corresponding Cross-layer mechanism of the QoS service quality: the physical layer selection physical network interface which is relatively safe, efficient to transmit data that contains the key information; link layer priority hand the data frame that contains key information, at the same time using a stronger error correction coding and more retransmission times to the data that contains key information in order to ensure the accuracy and inerrability of key information which send to the destination node and send the parameter of the link-layer throughput, link connection status information to the database. Control center sent the information reflecting of throughput which is provided by link layer to the application layer, application layer adjust sending speed based on this information, the control center will transmit the information reflecting the parameters of link connection status to the transport layer, transport layer adjust TCP packet round-trip time (RTT) and retransmission timer (RTO)based on this information in order to control the retransmission mechanism in the link layer to ensure that key information smoothly transmit to its destination and when the channel connection is lower they can not be easily discarded database packet and have sufficient retransmission times; network layer chooses the best route quickly and securely transmitting the key information to the destination. Each protocol layer cross-layer that interacts together ensures the smooth progress of key updates providing QoS service quality assurance which the key updating required.

management control center as the core model of a whole are saved, through databases and key management control centers, each protocol layer is organically linked together, the model is a basic cross-layer mechanism which could optimize in a key management program. Figure 4 key distributions is according to theoretical basis for randomness of the frequency hopping parameters in the wireless Ad hoc networks, in Figure 4.3, within the framework of cross-layer model, cross-layer mechanism from the physical layer to application layer achieve encryption key in the phase of key distribution used of current frequency value through random frequency hopping parameters. Figure 5 Key update is based on QoS to optimize objectives of quality service and the key updated as a special request of the QoS service features in application layer, as Figure 4.3, within the framework of cross-layer model for exchange status information, every protocol layer and other layers exchange status information and according to these status information from other layer they can adjust the level of its own state and moves. For this, it would be solved communication bottlenecks in the key update phase owing to complexity of the algorithm and accurate transmission in a high bit-error-rate. In the model above, the key management control center plays a crucial role as a coordinator of intermediary. Obtaining state information from the database and analyzing these information, and then determine based on an analysis, finally sending some instructions from some protocol layer correspondingly, it can be said, the key management control center is the heart of the whole model. We need to further research on the writing of the control center commands language and making the occupying of storage capacity of algorithm orders as small as possible, the algorithm is as simple as possible and so on. VI. CONCLUSION The key management scheme of the Ad hoc network security was researched. Node certification has great computation and communications, data transmission channel is insecurity. At the same time the problem of higher error rate in wireless network also exists. Focusing on the issue which mentioned above, a cross-layer key management scheme based on threshold cryptography is proposed. Firstly, a framework structure in cross-layer model is proposed in which the state information of every layer, characteristics requirements and constraints condition of interaction are achieved through the supporting of the database and control. In which, as the core of the model, key management control center played a crucial role; Then, it has given scheme called threshold based on cross-layer of distributed CA which describes the proceed of master key divided n copies distributing n random key management. This scheme solves the security problem distribution of the transmission in the non-secure channel. Finally we have

Figure 5. Updating of the Key

V.

SCHEME ANALYSIS

Figure 3 Cross-layer model is a theoretical framework, including its entire protocol layer, involving multiple parameters. The model proposed that the settings of every node about parameters database of the key management information which are sent from each layer and the key

V1-136

2010 2nd International Conference on Signal Processing Systems (ICSPS)

given detailed the model of cross-layer mechanism about security QoS service quality based on a threshold theory of distributed key management scheme in the process of CA key updating. This model solves the issue of performance degradation in the network which caused by complexity of the algorithm and higher node authenticated communication and this finally lead to the failure of key updating and accurate transmission of the key information in high biterror-rate. The scheme in the design based on cross-layer key management which proposed above is applied to a specific Ad hoc network, but it also necessary to further improve for the cross-layer model, such as the settings of database capacity, the command parameters of the control center, whether the algorithm of the control center could cause significant additional burden, it is due to some timeliness issues of the dynamic network state parameters. In this process it has many problems needed to be solved. ACKNOWLEDGEMENT This research was supported by The Key Laboratory Foundation of Beijing Electronic Science and Technology Institute (YZDJ0805) and Beijing Municipal Education Commission build a special project funded. REFERENCES
[1] J.W.Byun, S.M.Lee, and D.H.Lee, et al. Constant-round passwordbased group key generation for multi-layer Ad hoc networks.

[2]

[3]

[4]

[5]

[6] [7] [8] [9] [10]

[11] [12]

[13]

LNCS3934, Security in Pervasive Computing - Third International Conference, SPC 2006, Proceedings, 2006, pp.3-17 Junghyun Nam, Juryon Paik, Ung Mo Kim, et al. Security Enhancement to a Password Authenticated Group Key Exchange Protocol for Mobile Ad-hoc Networks[J]. IEEE Communications letters, vol12, no2, february 2008:127-129. Tian H T, Bose S K, Law C L, et al. CLA- QOS: a cross- layer QoS provisioning approach for mobile Ad hoc networks. TENCON 2005IEEE Region 10, 2005 Yuen W H,Lee H,Andersen T D.A simple and effective cross layer networking system for mobile Ad hoc networks.IEEE International Symposium,2002 Kyamakya K,Nguyen V D.Cross-layer optimization,especially combination of channel estimation and position determination in multi-hop wireless networks,Vehicular Technology Conference,2003 Yao Z,Fan P,Cao Z,et al.Cross Layer design for service differentiation in mobile Ad hoc networks.IEEE Proceedings ,2003 Li X,Zheng B.Study on cross-layer design and power conservation in Ad hoc network.PDCAT,2003 Xylomenos G Polyzos G C.Quality of service support over multiservice wireless internet links.Computer Networks,2001. Kliazovich D,Granelli F.Cross-layer Congestion Cpmtrolin Multi-hop Wireless Local Area Networks.WICON,2005 Setton E,Yoo T,Zhu Xiaoqing.Cross-layer Design of Ad Hoc Networks For Real-time Video Streaming.IEEE Wireless Communications.2005 K Jones,A Wadaa, et al. towards a new paradigm for securing wireless sensor networks. IEEE Proceedings ,2004 Loukas L , Radha P .Cross-Layer Design for Energy-Efficient Secure MulticastCommunications in Ad Hoc Networks.IEEE Communications Society,2004 Lidong Zhou and Zygmunt J. Haas ,Securing Ad Hoc Networks,IEEE Nclwork Novcmbcd, 1999

V1-137