DOI QR코드

DOI QR Code

Secure Private Key Revocation Scheme in Anonymous Cluster -Based MANETs

  • Park, YoHan (Department of Electronics Enginerring, Kyungpook National University) ;
  • Park, YoungHo (School of Electronics Engineering, Kyungpook National University)
  • Received : 2014.11.27
  • Accepted : 2015.03.13
  • Published : 2015.04.30

Abstract

Security supports are a significant factor in the design of mobile ad hoc networks. In the dynamic topology where the node changes frequently, private key generation and revocation for newly joining and leaving nodes must be considered. In addition, the identities of individual nodes must be protected as well in mobile networks to avoid personal privacy concerns. This paper proposes ID-based private key revocation scheme and non-interactive key agreement scheme in anonymous MANETs. The proposed scheme provides the user privacy using pseudonyms and private key generation and revocation schemes with consideration of dynamic user changes. Therefore, our schemes can be applied in dynamic and privacy-preserving MANETs which are helpful to share multimedia data.

Keywords

1. INTRODUCTION

Mobile ad hoc networks (MANETs) are infrastructure-less, autonomous, and stand-alone wireless networks with dynamic topologies. Unlike conventional wireless networks, such as wireless cellular networks and wireless LANs, MANETs are rapidly deployable with self-organizing and self-maintaining capabilities. Because of the advantages of these features, MANETs usually refer to networks created for a special purpose. Recently, MANETs have been extended to cluster-based architectures to enhance the efficiency and security of MANETs. And this structure helps users in MANETs to share multimedia data efficiently [1,2]

However, MANETs are subject to various types of attacks because of the wireless and infrastructure-less environment. Moreover, these network structures make it difficult to apply conventional security mechanisms in MANETs directly. In traditional certificate-based cryptography (CBC), a user's public key is certified with a certificate, which is issued by a certification authority (CA). Even though it is feasible to support on-line public key infrastructure (PKI) services, the cost is very high, and this limits their application when the dynamic property and the poor connectivity are considered. As a powerful alternative to CBC, ID-based cryptography (IBC) [3,4], which was proposed by Shamir, has been gaining momentum in recent years. This is enabled by a trusted private key generator (PKG), which issues a private key corresponding to each user's identity before users first join the networks. Recently, Boneh and Franklin [5] suggested spreading the PKG using threshold cryptography to counter key escrow problem. Research on distributed PKGs (D-PKGs) is applied to ad hoc networks, called cluster-based ad hoc networks [1,6]. Most studies about cluster-based MANETs have been based on hierarchy topology structures which classify nodes into two types, representative nodes, which perform the role of D-PKGs, called clusterheads (CHs), and common nodes.

This paper proposes an ID-based private key generation and revocation schemes for newly joining and leaving nodes. And we also proposes noninteractive key agreement scheme using key pairs of pseudonyms. Our schemes are compatible with anonymous cluster-based MANETs [7] and suitable for dynamic and practical MANETs.

The rest of the paper is organized as follows. In Section 2, we present preliminaries and review the anonymous cluster-based MANETs. In Section 3, we describe ID-based private key generation and revocation schemes for newly joining and leaving nodes. Finally, we analyze the security of the proposed scheme in Section 4 and have conclusions in Section 5.

 

2. PRELIMINARIES

In this section, we present cryptographic techniques and notations used as building blocks. Then we review the anonymous cluser-based MANET [7].

2.1 ID-Based Cryptosystem

Recently IBC has its rapid development taken place due to the application of the pairing technique outlined below.

Let p,q be the large primes and E/Fp indicate an elliptic curve y2 = x3 + ax + b over the finite field Fp. We denote by G1 a q-order subgroup of the multiplicative group of the finite field The discrete logarithm problem (DLP) is required to be hard in both G1 and G2. For us, a pairing a map with the following properties:

Note that is also symmetric, i. e., for all P,Q∈G1, which follows immediately from the bilinearity and the fact that G1 is a cyclic group. Modified Weil [4] and Tate [8] pairing are examples of such bilinear maps for which the bilinear diffie-hellman problem (BDHP) is believed to be hard.

2.2 Threshold Scheme

Secret sharing schemes were independently introduced by the Blakley [9] and the Shamir [10] in 1979. They introduced a way to split a secret K into n shares. And only t or more than t shares among n can reconstruct a secret K. It is called (t,n)-secret sharing, denoted as (t,n)-SS.

Shamir's (t,n)-SS. Shamir's (t,n)-SS is based on polynomial interpolation. The scheme consists of two algorithms:

where is called a Lagrange coefficient. The secret is recovered by f(0) = K.

For more information on this scheme, readers can refer to the original paper [10].

2.3 Notations

Table 1 lists some important notations. whose concrete meanings will be further explained.

Table 1.Notations

2.4 Anonymous Cluster-Based MANETs

In this section, we review the anonymous cluster-based MANETs [7]. The network architecture of the anonymous cluster-based MANETs is illustrated on Fig. 1. Each cluster is composed of a clusterheader (CH) and common nodes (users in Fig. 1).

Fig. 1.Cluster Configuration and Pseudonym Generation.

2.4.1 Configuration of clusters

Before the network is established, each CH has received secret sharings gm(chj), where 0 ≤ m ≤ U, 1 ≤ j ≤ n from the PKG. To recover a cluster key, CHs, at least t, gather their secret sharing at the same update phase m. Using these secret sharings, CHs can compute cluster key Km. And the initial secure channel between a CH and a user is established using their private/public key pairs. In here, the system cannot support user's anonymity, that is, adversaries can guess and find users what they want to attack.

2.4.2 Generation of pseudonyms

To generate pseudonyms for users within a cluster, each CH initially generates it's polynomial, called respective polynomial with a cluster key Km. And they generate pseudonyms for common nodes using their respective polynomials. Common nodes receive private/public key pairs of pseudonyms using channel previously established. By using these pseudonym key pairs, a CH and a user or between users can establish secure channels without exposing their real identities. The pseudonyms are generated as follows,

For more information on anonymous clusterbased MANETs, readers can refer to the original paper [7].

 

3. PRIVATE KEY GENERATION/REVOCATION SCHEME AND KEY AGREEMENT SCHEME

In practical MANETs, new nodes which are not member of networks join networks and registered nodes at networks could leave networks frequently. Furthermore, some registered nodes could be compromised by adversaries. Therefore, the security system must provide private key generation for joining nodes and private key revocation for leaving or corrupted nodes. In this section, we propose private key generation and revocation schemes for newly joining and leaving nodes.

3.1 Private Key Generation for Newly Joining Nodes

Private key generations for newly joining nodes are same as [7]. Because of the property of threshold scheme, pseudonyms are generated by respective polynomials, the added private keys do not affect the security of system as long as newly joining nodes are uncorrupted ones and the networks can accept unbounded nodes academically. Thus we do not describe private key generation for newly joining nodes in detail in this paper.

3.2 Private Key Revocation for Leaving or Misbehaving nodes

In the anonymous security system using pseudonyms, each node can verify the validity of a pseudonym with a pair-wise key because only registered nodes who have received pseudonyms from CHs can have a group secret key SG. However, these registered nodes have the possibility of being subject to attacks and consequently could compromise the security of networks; therefore, the system should provide a priavate key revocation process to protect lasting attacks against those nodes. Y. Zhang et al. [11] proposed a key revocation using secret sharings. To provide node revocation, we modified their scheme to adopt to our system. Node revocation is carried out when more than Γ = {1,...,γ} misbehavior revocations are reported to a CH to protect innocent nodes against false accusations. The pseudonym revocation scheme is carried out as follows;

where are called a Lagrange coefficient. Although the number of notifications is not as high as the number of t1, it works properly because CHk can generate arbitrary pseudonyms,

The revocation of a CH is similar to the process described above. If CHs (assume that nodes report a misbehaving CH to its CH) find a misbehaving CH, they report it to the revocation leader, one of the most powerful CHs, with their secret sharings. If the misbehavior notifications are more than γ, the revocation leader starts the revocation generation and computes gm(x). If gm(0) = Km, the revocation leader publishes the accused CH as a compromised CH, and then other CHs update the cluster key except the accused CH. Finally, the accused CH is isolated from the networks.

3.3 Non-interactive Key Agreement Scheme Using Pseudonyms

Key agreement is an essential process to exchange messages securely. The non-interactive key agreement scheme which happens under different clusters is the same as the scheme which happens under the same cluster, as long as the clusters are in the same update phase. We slightly modify the key agreement scheme in [7]. Our key agreement scheme with pseudonym between nodes is carried out as follows;

 

4. SECURITY ANALYSIS

In this section, we describe an analysis of our system with respect to security.

 

5. CONCLUSIONS

Concerns for personal privacy and security in wireless environments are increasing rapidly as mobile devices are becoming more popular. Cluster-based MANETs are being considered to pioneer new markets; however, there are urgent unresolved security problems. Fundamental security services, such as authentication and key agreement, are challenging for secure security systems. Especially, private key update for newly joining and leaving or corrupted nodes should be supported considering dynamic topologies of MANETs. In addition, the protection of the user privacy becomes more important with wider use of wireless networks; therefore, the design of secure private key generation and revocation in privacy-preserving MANETs are required.

We presented private key generation and revocation schemes for privacy-preserving MANETs under practical assumptions. According to our protocol analysis, our proposed method provides most security requirements for dynamic MANETs by using the anonymity. Our schemes can be effectively applied in the dynamic environments with relatively better efficiency by using secret sharing schemes. Our proposed schemes improve security and widens the possible application area compared to previously proposed security systems. It could be usefully applied to preserve privacy in dynamic MANETs, where a trusted entity is not available. Such examples include military battlefields, emergency areas, mobile marketplaces, and VANETs.

References

  1. L. Li and R. Liu, "Securing Cluster-Based Ad Hoc Networks with Distributed Authorities," IEEE Transactions on Wireless Communications, Vol. 9, No. 10, pp. 3072-3081, 2010. https://doi.org/10.1109/TWC.2010.080610.090759
  2. M. Bechler, H.J. Hof, D. Kraft, F. Pahlke, and L. Wolf, "A Cluster-Based Security Architecture for Ad Hoc Networks," Proceeding of IEEE Infocom., pp. 2393-2403, 2004.
  3. A. Shamir, "Identity-Based Cryptosystems and Signature Schemes," Proceeding of CRYP TO 84. LNCS 196, pp. 47-53, 1984.
  4. S.I. Kang, N.H. Lee, and I.Y. Lee, "A Study on Group Key Management based on Mobile Device ID in Ad-hoc network," Journal of Korea Multimedia Society, Vol. 12, No.4, pp. 540-549, 2009.
  5. D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," Proceeding of CRYP TO 01. LNCS, Vol. 2139, pp. 213-229, 2001.
  6. Y. Zhang, W. Liu, W. Lou, and Y. Fang, "Securing Mobile Ad Hoc Networks with Certificateless Public Keys," IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 4, pp. 386-399, 2006. https://doi.org/10.1109/TDSC.2006.58
  7. Y.H. Park, Y.H. Park, and S.J. Moon, "Anonymous Cluster-Based MANETs with Threshold Signature," International Journal of Distributed Sensor Networks, pp. 1-9, 2013.
  8. P. Barreto, H. Kim, B. Bynn, and M. Scott, "Efficient Algorithms for Pairing-Based Cryptosystems," Proceeding of CRYP TO 02. LNCS 2442, pp. 354-369, 2002.
  9. G.R. Blakley, "Safeguarding Cryptographic Keys," American Federation of Information Processing Societies 79, pp. 313-317, 1979.
  10. A. Shamir, "How to Share a Secret," Communication, Vol. 22, No. 11, pp. 612-613, 1979.
  11. Y. Fang, X. Zhu, and Y. Zhang, "Securing Resource-Constrained Wireless Ad Hoc Networks," IEEE Wireless Communications 16, Vol. 16, No. 2, pp. 24-30, 2007. https://doi.org/10.1109/MWC.2009.4907556
  12. M. Raya and J. Hubaux, "Securing Vehicular Ad Hoc Networks," Journal of Computer Security, Vol. 15 No. 1, pp. 39-68, 2007. https://doi.org/10.3233/JCS-2007-15103
  13. R. Dupont and A. Enge, "Provably Secure Non-Interactive Key Distribution based on Pairings," Discrete Applied Mathematic, Vol. 154, No. 2, pp. 270-276, 2006. https://doi.org/10.1016/j.dam.2005.03.024

Cited by

  1. An ID-Based Remote User Authentication Scheme in IoT vol.18, pp.12, 2015, https://doi.org/10.9717/kmms.2015.18.12.1483
  2. Malicious node prevention and mitigation in MANETs using a hybrid security model vol.27, pp.2, 2018, https://doi.org/10.1080/19393555.2017.1415399