A Cross-Layer Key Management Scheme in Ad Hoc Network

8/6/2019 A Cross-Layer Key Management Scheme in Ad Hoc Network

1/6

A Cross-Layer key management scheme in Ad hoc network

Zeng-Ping

Department of Communication EngineeringBeijing Electronic Science and Technology Institute

Beijing, China, [email protected]

Yang-Yatao

Department of Communication Engineering

Beijing Electronic Science and Technology Institute

Beijing, China, 100070

[email protected]

Hu-Ronglei

Department of Communication EngineeringBeijing Electronic Science and Technology Institute

Beijing, China, [email protected]

Song-Jie

Department of Communication Engineering

Beijing Electronic Science and Technology Institute

Beijing, China, 100070

[email protected]

Abstract: Wireless Ad hoc network is vulnerable to various

security threats and key management is one important means

to solve security problems of Ad hoc network. But the higher

the security of key management mechanisms, the easier toconsume more energy and network resources. An cross-layer

key management model is proposed to resolve the questions

due to the shortage of network resources and energy, both

think of network security and network performance factors.

The constraint conditions of each layer include providing the

network performance parameters, network security and

network requirements. On the basis of this model, a cross-layer

key management scheme is given based on threshold

cryptography. In key update process of the scheme, the

function of each layer involved in the update was clearly. The

algorithms and the exchange of the node to authenticate the

complexity may be caused by a decline in network, the network

performance would ultimately lead to failure of the key

updates or updated key information in an accurate

Transmission of information that exist in the high bit error

rates. Scheme analysis shows that the scheme is suitable for

wireless Ad hoc network.

Keywords: Ad hoc network, cross-layer key management;

threshold cryptography

I. INTRODUCTIONAs the characteristics of the Ad hoc network its

security problems are more difficult than traditional wireless

networks, based on the security problem, Note Key

Managementhas became a hotspot research topic.

And now, the study of key management scheme uses a

hierarchical structure mostly. The resolution of IDBS(Identity Based public key System) is an important part of

Ad hoc network Key Management Schemes. One of the

pioneers is Shamir[1], who first proposed Identity-basedcryptography system. A more recent work is carried out by

Bnoeh and Franklin in the reference [2], who introduces the

first practical identity based on security encryption scheme.Compared with original intention of Shamirs, identity

based on cryptography system reduced the cost of certificate

management in the certificated encryption management

system. In this system, each user has an identity, such as

email, telephone number and IP address. User's public key

of his own identity can be got by anybody while his private

key was generated by KDC (Key Distribution Center) orPKG (private key generator). There is no doubt that this

cryptography system has so many advantages.

Cross-layer solutions are becoming less promising anddue to the limitation of scalability, gathering of the

controlling information and implementation complexity. It

is essential to deal with information exchange timely and

accurate using distributed solutions for these delay-sensitive

applications. The advantages of cross-layer design are not

only to improve the performance of a system but also candecline energy loss, improving operates speed.

Because of the limited resources of the character in

Adhoc network, its design of the key management schemecauses the additional energy consumption, communication

and calculation. Which should be considerate primary,

therefore, the security of a cross-layer approach to the

design to Ad hoc network is particularly necessary. This

paper proposes a cross-layer key management scheme forsolving in the process of the key updating due to the

complexity of the algorithm and node authentication traffic.

This may result in network performance declining comparedwith before, finally ultimately lead to the failure of the key

issues and high bit-error-rate problems which generated by

key updating information in an accurate transmission.

The rest of this paper is organized as follows. In

section II, key management schemes, cross-layer design inAd hoc network are briefly described. In section III, a new

cross-layer threshold based on distributed CA key

management Scheme is introduced. In section IV, the

security and performance of our scheme are analyzed.

II. RELATED WORKSAd hoc network of cross-layer design is a relatively

new research topic. The current articles are not many. Butthe key of the discussion always focused on optimization of

2010 2nd International Conference on Signal Processing Systems (ICSPS)

V1-132978-1-4244-6893-5/$26.00 2010 IEEEC


2/6

a conduct objective which is generally single at the

traditional layers [3]. Literature [4] studied on the design of

the physical layer and MAC layer cross-layer, the

optimization goal is important in the respect of routing

protocols. Literature [5] focuses on the effective integrationof physical layer, MAC layer and network layer. The

emphasis of study is channel estimation and location

information. The optimization goal is wireless bandwidth.Literature [6] focuses on the cross-layer design of MAC

layer and network layer to realize differential service

targets. Literature [7] discussed the entire stack protocol in

the cross-layer design, but paying more attention on the

power efficiency. Literature [8] studies on transmitting fromapplication layer to the link layers under constraints

condition of delay, so that link layer can determine the

packet priority. Literature [9] solves the congestion problems of wireless network designing a cross-layer

congestion avoidance mode which collects the capacity

information of each layer such as bandwidth, link

propagation delay and so on at the transport layer. Transport

layer which gets capacity information from lower layeradjusts the output of the data stream, and then the networkcongestion will be avoided. To satisfy the translating of

real-time video streaming, Literature [10] adopts to the

cross-layer design, throwing the load information from thenetwork layer to the transport layer and data link layer,

while the capacity information of the data link layer is

transmitted to the network layer and transport layer.

Cross-layer will be applied to the key management

scheme. Their related researches are very few. Based onpre-distribution random key management scheme, Literature

[11] puts the hopping frequency parameters of the physical

layer and encryption key of application-layer into a unified

framework. According to the security demands of theservice level, the sender adopts random hopping frequency

parameter for encryption or selecting encryption key, or

both. Literature [12] introduces an infinite multicast based

on Cross-layer key management scheme, which involves thetransport efficiency of physical layer, multicast routing tree

of network layer and the final optimization objectives. It is

established that a high energy-efficient key distribution

scheme in application layer. Self-Adaptive design can beconsidered in key management program, the security level,

congestion and residual energy also considered. The core is

constraint conditions derived to optimize object from each-

layer.

III. PROPOSED SCHEMEA. threshold-Based Distributed CA Key Management

Scheme

In this paper, we use threshold theory based onDistributed CA Key Management Scheme. The design

thoughts are as follows: Lidong Zhou and Zygmunt J. Haas

propose algorithms based on threshold theory cryptographyto achieve distributed CA carrying out key management [13].

It is so-called (n, k) threshold cryptography. The algorithm

uses the characteristics of threshold cryptography,

concentrating network initialization. Its private key of

network is divided into n copies specifying the n nodes,

which n nodes act as a single distributed CA. When the CAneeds publish certificate, arbitrary k nodes of this n notes

co-generate a valid certificate. When a new node joins the

network, these n nodes can make the certificate applicationusing any of the k nodes, each node return to the signatures

certificate, together formed a complete certificate. In order

to prevent attacking on mobile adversaries, the node which

have been attacked by the enemy move to the next nodes, it

can break a lot of nodes as the time going, even up to knodes. By this it can be shared updating algorithm

periodically, that is, new n copies are generated from the old

n copies of the private key. Though the new private key isindependent of the old private key, so as long as obtain the

right updating cycle, you can attack against mobile

adversaries.

B.

detail schemeWe use (n, t +1) threshold cryptography design

generating n copies of (S1, S2, , Sn) based on the k copies

key of the management services. Each server share one copy

and use the key shared generated part of the signatures and

then submitted to a combiner. As long as there are T

+1correct part of the signatures, combiner will be able tofully calculate the correct signature. Figure 1 shows that the

server use the (3,2) threshold cryptography designed to

produce signatures: Given a server consisting of threeservers, setting K / k is the public /private key pair of the

serve. Using the design of (3,2) threshold cryptography, put

the k keys divided into three parts. Each server I will get a

si. For a message M, the server I can use the S generatingparts of the signatures PS (M, si). Normal servers 1 and 3

could produce part of the signatures and send it to thecombiner C. Even if the server 2 has failed to submit part of

the signatures, combination server C can still generate the

message M's signature using service key k.

Figure 1. the signature of threshold K / k

In order to adapt to changes in the structure of their

own networks and the uncertainty of the enemy, we havealso used the key updating for the design of active defense.

Active defense is designed for mobile enemy (originally

proposed by Ostrovsky and Yung, mainly describe that the

enemy attacks on the server in the form of a virus attacks

network) concerned. It uses shared updating technology thatcollaborate in case of exposing the key services to any

server, if not, the server could calculate the new key copies


V1-133


3/6

according to the old one and re-form sharing service private

key(n, t +1). After the updating, the server generates part of

the signatures using new sharing copies. As the new shares

is independent of the old, the enemy can not calculate the

key binding the ways on the share copies of old and new, but the enemy is also possible to attack the t +1 servers

successfully in the cycle of updating. Share updating

technology has the following nature. If (S1, S2, S3, , Sn) is

a (n, t +1) structure to the sharing of the k1, (S1 ', S2', S3 ',

, Sn') is a (n, t +1) structure to the sharing of k2, then (S1 +

S1 ', S2 + S2', S3 + S3 ', , Sn + Sn') is a structure (n, t +1)

to the sharing of k1 + k2. Given n servers, (S1, S2, S3, ,

Sn) is a (n, t +1) structure to the sharing of key managementservice key k, server of the copy i corresponding sub-Si.

Assumption that all servers are working, sharing updating

according to the following manner: First, each server

generates an arbitrary (Si1, Si2, Si3, , Sin), we call these

new emerging Sij for sub-component of the server Si(shown in Figure 4.2 the first J columns). Then, each sub-

component Sij is securely transmitted to the server Sj, whenthe server J are (S1j, S2j, S3j, , Snj) (the composition of

Figure 1, the first j rows) it can calculate a new sJ '= Sj +

(S1j + S2j + + Snj) based on these sub-applications, as

well as the original old shared.

In order to allow the server to detect the incorrect sub-

copies, we can use verifiable key sharing design. We use the

non-reversible function to generate additional sub-publicinformation for each copy. Using this information, we can

judge the correctness of the corresponding sub-copies. Share

updating technology could adapt to the changes of the

structure in key management services, for instance, the key

management service of the structure was changed from (n, t

+1) into a (n ', t' +1). If a server is no longer credible, or anew server is added in, the key management service is

necessary to change its structure correspondingly. Forexample, a key management service starting its structure

(7,3), after a period of time a server is attacked, and then

key management service should be revised its structure to

(6,2) automatically. Note that updating did not change the

key pair. It is also certificated nodes using the same publickey in the network.This feature makes the sharing of refresh

for all nodes are transparent, so guaranteed to be scalable.

Figure 2. Sharing the key which have been updated

IV. ACROSS-LAYER KEY MANAGEMENT SCHEMEA. Cross-layer key management model

Firstly, a cross-layer key management model should be

established, as shown in Figure 3. Consideration of network

security and network performance which is guarantied by

QoS comprehensively, it includes the various protocol

layers, multiple parameters of cross-layer key managementmodel. Entity arrow of the diagram indicates that each floor

layer sent parameters of status information which are from

its own layer and related key management to database andthen stored it. The control center remove the data-related

from the database and analysis, afterwards, according to the

results which is analyzed by parameters of the state

information, it send consequential orders to the

corresponding layer (dashed arrows indicates). The layerscorrespondingly adjust the corresponding state according to

the order related key management which ensures the step

correspondingly progressing smoothly.

Figure 3. Cross-layer key management model

B. Key Distribution

To obtain a frequency hopping sequences from Ad hoc

network node, we commonly use the technology of which

monitoring The rate of change of the hopping sequence ingear-box, so we have to ensure the safety of hopping

sequences and change it within a shorter period of time

before the frequency-hopping sequences changed as long asthe enemy was found hopping sequence [11].

In this article we assume that the time of changing the

frequency-hopping sequence is short enough but it is as a

prerequisite that the both sides of the communication couldcomplete the synchronization.

General, frequency hopping parameters include:

Frequency hopping setting: Available frequency valuewithin the available bandwidth

Residence time: Interval of the time between hoppingfrequencies

Hopping frequency pattern: set the order of the hopping

frequency point which was changing.Each node of the Ad hoc network shares the hopping

parameters above together.

The changing order of each hopping frequency node in the

hopping frequency pattern is using random order. Though


V1-134


4/6

the assumption at beginning of this section, we can see that

point of change in hopping frequency sequence is a secret.

Using the values of the frequency node as a key encryption,

if only guarantee that hopping frequency have been

completed when the enemy monitoring get the value of thefrequency. And then communicate using the next value of

the frequency. At the same time, the initialization process of

the key management has been completed when the enemyobtained the random sequence of the whole changing

frequency node can be.

As mentioned earlier, based on threshold theory of

distributed CA key management scheme, the data is not

encrypted at the transmission proceeding of which the primary key is divided into n copies and distributed to n

random nodes, that is transmit at the channel of insecurity.

Shown in Figure 4, we ensure the security of keydistribution adopting that current frequency value of the key

parameters at the random frequency-hopping between the

sharing physical layers regard as data which is encrypted at

the transmission proceeding of the key distribution.

When the key management program initializes thedistribution key, the application layer will transmit theinformation needed preceding the key distribution transmit

to the database, and then control center get this information,

afterwards inform the physical layer in which will startcross-layer mechanism of the random hopping frequency.

Transmitting parameters of the random frequency-hopping

to the database, the control center gets the database sent to

application layer which encrypted key transmission data

adopted current frequency value of the frequency-hopping

parameter and then transmitted.

Figure 4. Key Distribution

3) Key Renew

Cross layer mechanism which was granted by QoS

(quality of service)Cross-layer design can be summarized as two aspects

of the state and optimization [20]. State includes 5 layers

which various state information from physical layer toapplication layer. For the sake of clarity, it can be

distinguished according to levels, Such as the node position

at the physical layer, movement parameters (such as speed,

direction, etc.), transmission power, hopping frequency, biterror rate , SNR and other state parameters, which can be

expressed as P (var1, var2 ,...). At the link layer, the

bandwidth of the link, the quality of the link, data types, the

number and length of the retransmission data frame,available time information in wireless channel, switching to

launch and completion time, delay, delay jitter, etc., which

can be expressed as L (var1 , var2 ,...). At the network layer,the routing information, address information, mobile

switching information, physical network interfaces which is

currently being used and so on, which can be expressed as N

(var1, var2...). At the transport layer, error control, round-

trip time, retransmission timeout, maximum transmission

unit, the receiver window, congestion window, packet lossrate, the actual throughput, which can be expressed as T

(var1, var2...)? At the application layer, operatingcharacteristics, topology control algorithm, packet loss

statistics, QoS requirements, key algorithm, which can be

expressed as A (var1, var2...)Optimization objective in

this article is to set out the next that is QoS service quality

assurance in the key update phase of the key management,which can be expressed as Q. System constraints, S (var1,

var2 ...) represent that it is the necessary parameters to

ensure that system design does not diffuse, for instance ofthe constraints of adhoc network resources and dynamic

topology. In this way, cross-layer design process can be

expressed using a function as

O = f (P, L, N, T, A, S)

As the network characteristics and the requirements ofwhich people designed the network is various, the function

does not have a fix solution or the form of determined and

can not have, but it gives method how to analysis the problem in the design proceeding of the cross-layer

network. The right side of the formula set out the various

network information which are handled by cross-layer

module and the left shows the optimization goals in the

cross-layer design.

Key Renew

As mentioned earlier, based on threshold theory of

distributed CA key management programs are generallyadopt non-symmetric cryptosystem such as RSA public key

algorithm or key algorithm of the elliptic curve. And this

leads to certification nodes needed a heavy amount of thecomputation and the calculating in the key updating phase

of the nodes. Whereas the Ad hoc network resource

constrained, it likely to cause communication bottlenecks in

process of the key transmission and consultation. Therefore,

the problems are that how to ensure the absolute accuracy of

the key information in the high bit error rate wirelessnetwork also exist. To solve these problems, we use cross-

layer mechanisms which are granted by QoS service quality

optimizing the process of updating the key and reducingdata traffic, consumption of limited resources in the Ad hoc

network and ensuring the accuracy of key information.

In general, the key management algorithm should be

performed at the application layer regarded as a kind ofservice needs, while the key transmission and consultation


V1-135


5/6

can be viewed as highly demanding service needs of the

QoS. When the key is needed for update, you can use cross-

layer mechanism. The specific process as shown in Figure

4.5, the application layer will transmit information of

needed special QoS service requirements back to thedatabase at the time of the key updating. Control center will

get the information extracted from the database and then

notify the protocol layer; each protocol layer is to start thecorresponding Cross-layer mechanism of the QoS service

quality: the physical layer selection physical network

interface which is relatively safe, efficient to transmit data

that contains the key information; link layer priority hand

the data frame that contains key information, at the sametime using a stronger error correction coding and more re-

transmission times to the data that contains key information

in order to ensure the accuracy and inerrability of keyinformation which send to the destination node and send the

parameter of the link-layer throughput, link connection

status information to the database. Control center sent the

information reflecting of throughput which is provided by

link layer to the application layer, application layer adjustsending speed based on this information, the control centerwill transmit the information reflecting the parameters of

link connection status to the transport layer, transport layer

adjust TCP packet round-trip time (RTT) and retransmissiontimer (RTO)based on this information in order to control the

retransmission mechanism in the link layer to ensure that

key information smoothly transmit to its destination and

when the channel connection is lower they can not be easily

discarded database packet and have sufficient

retransmission times; network layer chooses the best routequickly and securely transmitting the key information to the

destination. Each protocol layer cross-layer that interacts

together ensures the smooth progress of key updates providing QoS service quality assurance which the key

updating required.

Figure 5. Updating of the Key

V. SCHEME ANALYSISFigure 3 Cross-layer model is a theoretical framework,

including its entire protocol layer, involving multiple

parameters. The model proposed that the settings of every

node about parameters database of the key managementinformation which are sent from each layer and the key

management control center as the core model of a whole aresaved, through databases and key management control

centers, each protocol layer is organically linked together,

the model is a basic cross-layer mechanism which could

optimize in a key management program.Figure 4 key distributions is according to theoretical

basis for randomness of the frequency hopping parameters

in the wireless Ad hoc networks, in Figure 4.3, within the

framework of cross-layer model, cross-layer mechanismfrom the physical layer to application layer achieve

encryption key in the phase of key distribution used of

current frequency value through random frequency hopping

parameters.Figure 5 Key update is based on QoS to optimize

objectives of quality service and the key updated as a

special request of the QoS service features in application

layer, as Figure 4.3, within the framework of cross-layermodel for exchange status information, every protocol layer

and other layers exchange status information and according

to these status information from other layer they can adjust

the level of its own state and moves. For this, it would besolved communication bottlenecks in the key update phaseowing to complexity of the algorithm and accurate

transmission in a high bit-error-rate.

In the model above, the key management controlcenter plays a crucial role as a coordinator of intermediary.

Obtaining state information from the database and analyzing

these information, and then determine based on an analysis,

finally sending some instructions from some protocol layer

correspondingly, it can be said, the key management control

center is the heart of the whole model. We need to furtherresearch on the writing of the control center commands

language and making the occupying of storage capacity of

algorithm orders as small as possible, the algorithm is assimple as possible and so on.

VI. CONCLUSIONThe key management scheme of the Ad hoc network

security was researched. Node certification has great

computation and communications, data transmissionchannel is insecurity. At the same time the problem of

higher error rate in wireless network also exists. Focusing

on the issue which mentioned above, a cross-layer key

management scheme based on threshold cryptography is

proposed.

Firstly, a framework structure in cross-layer model is

proposed in which the state information of every layer,characteristics requirements and constraints condition of

interaction are achieved through the supporting of thedatabase and control. In which, as the core of the model, key

management control center played a crucial role; Then, it

has given scheme called threshold based on cross-layer of

distributed CA which describes the proceed of master key

divided n copies distributing n random key management.This scheme solves the security problem distribution of the

transmission in the non-secure channel. Finally we have


V1-136


6/6

given detailed the model of cross-layer mechanism about

security QoS service quality based on a threshold theory of

distributed key management scheme in the process of CA

key updating. This model solves the issue of performance

degradation in the network which caused by complexity ofthe algorithm and higher node authenticated communication

and this finally lead to the failure of key updating and

accurate transmission of the key information in high bit-error-rate.

The scheme in the design based on cross-layer key

management which proposed above is applied to a specific

Ad hoc network, but it also necessary to further improve for

the cross-layer model, such as the settings of databasecapacity, the command parameters of the control center,

whether the algorithm of the control center could cause

significant additional burden, it is due to some timelinessissues of the dynamic network state parameters. In this

process it has many problems needed to be solved.

ACKNOWLEDGEMENT

This research was supported by The Key LaboratoryFoundation of Beijing Electronic Science and TechnologyInstitute (YZDJ0805) and Beijing Municipal EducationCommission build a special project funded.

REFERENCES

[1] J.W.Byun, S.M.Lee, and D.H.Lee, et al. Constant-round password- based group key generation for multi-layer Ad hoc networks.

LNCS3934, Security in Pervasive Computing - Third InternationalConference, SPC 2006, Proceedings, 2006, pp.3-17

[2] Junghyun Nam, Juryon Paik, Ung Mo Kim, et al. SecurityEnhancement to a Password Authenticated Group Key ExchangeProtocol for Mobile Ad-hoc Networks[J]. IEEE Communicationsletters, vol12, no2, february 2008:127-129.

[3] Tian H T, Bose S K, Law C L, et al. CLA- QOS: a cross- layer QoS provisioning approach for mobile Ad hoc networks. TENCON

2005IEEE Region 10, 2005

[4] Yuen W H,Lee H,Andersen T D.A simple and effective cross layernetworking system for mobile Ad hoc networks.IEEE InternationalSymposium,2002

[5] Kyamakya K,Nguyen V D.Cross-layer optimization,especiallycombination of channel estimation and position determination inmulti-hop wireless networks,Vehicular Technology Conference,2003

[6] Yao Z,Fan P,Cao Z,et al.Cross Layer design for servicedifferentiation in mobile Ad hoc networks.IEEE Proceedings ,2003

[7] Li X,Zheng B.Study on cross-layer design and power conservation inAd hoc network.PDCAT,2003

[8] Xylomenos G Polyzos G C.Quality of service support overmultiservice wireless internet links.Computer Networks,2001.

[9] Kliazovich D,Granelli F.Cross-layer Congestion Cpmtrolin Multi-hopWireless Local Area Networks.WICON,2005

[10] Setton E,Yoo T,Zhu Xiaoqing.Cross-layer Design of Ad Hoc Networks For Real-time Video Streaming.IEEE WirelessCommunications.2005

[11] K Jones,A Wadaa, et al. towards a new paradigm for securingwireless sensor networks. IEEE Proceedings ,2004

[12] Loukas L , Radha P .Cross-Layer Design for Energy-Efficient SecureMulticastCommunications in Ad Hoc Networks.IEEECommunications Society,2004

[13] Lidong Zhou and Zygmunt J. Haas ,Securing Ad Hoc Networks,IEEENclwork Novcmbcd, 1999


V1-137

A Cross-Layer Key Management Scheme in Ad Hoc Network

Documents

Transcript of A Cross-Layer Key Management Scheme in Ad Hoc Network