Decentralized key generation scheme for cellular-based heterogeneous wireless ad hoc networks

►Gupta, Ananya; Mukherjee, Anindo; Xie, Bin; Agrawal, Dharma P.►Journal of Parallel and Distributed Computing Volume: 67, Issue: 9, September, 2007, pp. 981-991

97/09/12 H.-H. Ou

H.-H. Ou2

Introduction (1/2) Cause

The key generation programs on the traditional MANET. No prior trust relationships among ad hoc nodes due to absence of any centralized

authority. In a mobile environment, it is difficult to identify an MS. Opinion

Integration of MANET with cellular network It enables availability of a trustable infrastructure (i.e., BS) so that validation of MS’s

identify is feasible before any actual key generation. Prerequisite

A dual-mode mobile station (MS) variety of mediums (e.g., Bluetooth, Infrared, Wi-Fi) Infrastructure-based (cellular, access point) networks.

Proposal Support cellular system with a cellular-based mobile ad hoc network (MANET).

Flexible peer-to-peer communication between two MSs by utilizing a high-speed interface without passing through the BS.

Releases the traffic load in cellular wireless systems.

2008/9/12

H.-H. Ou3

Introduction (2/2) The challenges

Multiple BSs The MS may be associated with several BSs.

Secured channel Maintain a secured channel between any pair of MSs in the MANET with minimal

intervention of the BSs. Scalability of key generation and distribution

Logically segregates the key management/distribution entities and group memberships. Group key management infrastructure

MANET members may join or leave at any time.

2008/9/12

H.-H. Ou4

The features of the proposed Decentralized key generation scheme Using a cellular backbone for initial key setup and distribution The BS only distributes a piece of keying material (i.e., a polynomial) to

each MS so that every pair of MSs can compute the shared key between them, rather than directly managing the key with an intensive interaction.

Every pair of MSs, with the ability to calculate a shared symmetric key as required by using secure symmetric polynomial.

Symmetric polynomial key generating scheme in a hierarchical and distributed manner for communication in a MANET.

2008/9/12

H.-H. Ou5

Polynomial-based conference key Polynomial-based conference key

A trust server selects a polynomial function f(x,y), which satisfies the property f(x,y) = f(y,x), and keeps it secretly. Ex: f(x,y) = 1+2(x+y)+3xy

The trust server securely transmits the f(i,y) to the corresponding node i. Node1: f(1,y) = 3+5y Node2: f(2,y) = 5+8y Node3: f(3,y) = 7+11y

When two of the nodes initiate the communication, each node just using the ID of the another node to establish a pairwise key. Node1 & Node2: f(1,2) = f(2,1) = 13 Node1 & Node3: f(1,3) = f(3,1) = 18 Node2 & Node3: f(2,3) = f(3,2) = 29

2008/9/12

f(3,y)

f(1,y) f(2,y)

f(1,3)

= f(3,1)

f(2,3) = f(3,2)

f(1,2) = f(2,1)

Node3

Node1

Node2

Trust Server

H.-H. Ou6

The Terms of the proposed NG (Node group) ： The group of MSs in a local MANET with the same

polynomial distributors and derives its keying material from these leaders. AHN (Ad Hoc node) ： An MS that belongs to an NG. PD (Polynomial distributer) ： A BS that acts as a polynomial supplier to

an NG.

2008/9/12

PD1

NG

AHN1

AHN2

AHN3PD2

H.-H. Ou7

Concept of the proposed Polynomial-based conference key

A polynomial function f(w, x, y, z), which satisfies the property f(w, x, y, z) = f(x, w, y, z) and f(w, x, y, z) = f(w, x, z, y)

w&x represent the AHNs’ ID, and y&z represent the PDs’ ID.

2008/9/12

PD4

PD2

PD3

PD1

Decentralized key generation scheme Each PDi selects his polynomial function fi

Every PDi exchanges their fi with the neighbor PDs

Each PDi can obtains the group polynomial Pi by f

PDi distribute the polynomial Sj to his member AHNj, which the Sj is construct from Pi and AHNj’s ID.

Each AHNs just using the polynomial S with the ID of the another AHN to establish a pairwise key.

8

Procedures of the proposed Group-based polynomial selection (PDs PDs)

Exchange their polynomial f and establish the group polynomial g

2008/9/12H.-H. Ou

PD1

AHN1

AHN2

AHN3

PD2

AHN5

AHN4

Polynomial for AHN (PDAHN) Generate the user polynomial s

from the group polynomial g, and distribute to AHNs.

Pairwise key generation (AHN) Calculate the pairwise key with

the communication AHN by polynomial s

Group key establishment (AHNAHN)

H.-H. Ou9

Procedures of the group-based polynomial selection Each PDi independently generates a t-degree symmetric polynomial

fi(w, x, y, z) = fi(x, w, y, z) and fi(w, x, y, z) = fi(w, x, z, y) Wixj = xjwi and ymzn = znym w and x represent the AHNs y and z denote the variables associated with PDs Send fi(w, x, y, j) PDj

The group polynomial Pi =

2008/9/12

, , , 0

( , , , )t

i j m ni ijmn

i j m n

f w x y z a w x y z

1

( , , ) ( , , , )n

i kk

P w x y f w x y i

H.-H. Ou10

Procedures of the polynomial for MS PDi AHNki

Ski(x,y) = Pi(ID(AHNki), x, y) =

2008/9/12

ki1

(ID(AHN ), , , )n

kk

f x y i

H.-H. Ou11

Procedures of the pairwise key generation & Group key establishment pairwise key generation

MSai

MSbi

Key =

Group key establishment Peer-to peer communication Group communication

2008/9/12

1

( , ) ( , , , )n

ai kk

S x y f a x y i

1

( , ) ( , , , )n

ai kk

S b j f a b j i

1

( , ) ( , , , )n

bj kk

S a i f b a i j

1

( , ) ( , , , )n

bj kk

S x y f b x y j

1 1

( , ) ( , , , ) ( , , , ) ( , )n n

ai k k bjk k

S b j f a b j i f b a i j S a i

H.-H. Ou12

Conclusions

2008/9/12

ADNaADNb

PDiPDj

fi(w, x, y, j) fj(w, x, y, i)

1

( , , ) ( , , , )n

i kk

P w x y f w x y i

1

( , , ) ( , , , )n

j kk

P w x y f w x y j

1 1

( , ) ( , , , ) ( , , , ) ( , )n n

ai k k bjk k

S b j f a b j i f b a i j S a i

Ski(x,y) = Pi(ID(AHNki), x, y, i) Skj(x,y) = Pj(ID(AHNki), x, y, j)

H.-H. Ou13

Comments Symbol disorder (MS, ADH, BS, PD…) and unclear definition. Decentralized?? Distributed (PDs) + Decentralized (ADNs) Revocation? Multi-group? Join or leave

2008/9/12