(IJCNS) International Journal of Computer and Network Security, 103

Vol. 2, No. 5, May 2010

An Efficient Key Management Scheme for Mobile

Ad hoc Networks with Authentication
N.Suganthi1, Dr. V.Sumathy2
1
Asst.Professor, Dept. of Information Technology
Kumaraguru College of Technology,
Coimbatore, Tamil Nadu.
suganthiduraisamy@yahoo.co.in
2
Asst.Professor, Dept. of ECE
Government College of Technology,
Coimbatore, Tamil Nadu.
sumi_gct2001@yahoo.co.in

Abstract: mobile ad hoc networks (MANETs) are dynamically
reconfigured networks in which security is a major concern.
MANETs face serious security problems due to their unique
characteristics such as mobility, dynamic topology and lack of
central infrastructure support. Key management is crucial part
of security, this issue is even bigger in MANETs. The
distribution of encryption keys in an authenticated manner is a
difficult task. Because of dynamic nature of MANETs, when a
node leaves or joins it need to generate new session key to
maintain forward and backward secrecy. In this paper we divide
the network into clusters. Cluster head will maintain the group
key, it will also update the group key whenever there is a change
in the membership. Here the re-keying process will be
performed only if there is any movement of nodes within the
clusters. So the computation and communication cost will be
reduced. And also we provide authentication between
communicating nodes both in inter and intra cluster. The
network life time will be extended with the help of monitoring
node. The performance results prove the effectiveness of our key
management scheme.
Keywords: Network Security, Key Management, Key Update,
Mobile Networks, clusters
1. Introduction
We encounter new types of security problems in ad hoc
networks because these networks have little or no support of
infrastructure. The network has no base stations, access
points, remote servers etc. All network functions are
performed by the nodes itself. Each node performs the
functionality of host & router. In mobile ad hoc networks,
nodes within their wireless transmission range can
communicate with each other directly, while nodes outside
the range have to rely on some other nodes to relay message.
MANET is autonomous, multihop networks interconnected
via wireless links. Thus a multi-hop scenario occurs, where
the packets sent by the source node are relayed by several
intermediate nodes before reaching the destination. The
success of communication highly depends on the other
nodes’ cooperation. While mobile ad hoc networks can be
quickly and inexpensively setup as needed, security is a
critical issue compared to wire or other wireless
counterparts. Many passive and active security attacks could
be launched from the outside by malicious hosts or from the
inside by compromised hosts. Without the appropriate
security precautions, critical applications for commercial or
military use cannot employ networking technologies.
Key management is an essential cryptographic
primitive upon which other security primitives such as
privacy, authenticity and integrity are built. However, none
of the existing key management schemes are suitable for ad
hoc networks. The major limitation of these schemes is that
most of them rely on a trusted third party (TTP), thus not
fulfilling the self-organization requirement of an ad hoc
network. Special mechanisms and protocols designed
specifically for ad hoc networks are necessary. Key
management deals with key generation, storage,
distribution, updating, and revocation and certificate service
in accordance with security policies.
Due to dynamic behavior of the MANET, secret
key used for communication is need to be updated whenever
any node joins or leaves the network in order to maintain
the forward and backward secrecy with in the network. If
the network is large and also the mobility is higher,
updating of the key will be more frequent. It will consume
more computation power and also communication power of
nodes. So in our proposal we divide the network into
clusters consisting of small group of nodes. Here the re-
keying process will be performed only if there is any
movement of nodes with in the clusters.
The re-keying process will be distributed between
cluster heads. And also using monitoring node the life time
of the network is extended. The monitoring node is
continuously checking the cluster head for its energy. If the
cluster head has less energy next high capability node will
be elected as cluster head.
And also the details contained in the CH will be shifted to
new CH and this process will be informed to all other nodes
by monitoring nodes.
2. Previous Work
Majority of research on security of ad hoc networks
emphasize the secure routing protocols, there are some
proposals on key generation and distribution issues.
Zhou et al [7] proposed a technique to distribute
certificate authority (CA) functionality. In this method, the
104 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 5, May 2010

networks includes n servers providing the certificates, out of

which t + 1 are needed for creation of the valid certificate
but t is not enough.
Seung Yi et al [11] proposed an efficient and
effective distributed CA by selecting physically and
computationally more secure nodes as MOCAs(Mobile
Certificate Authority) and they used threshold cryptography
to distribute the CA’s private key among these MOCA
nodes.
Caner Budakoglu et al [12] proposed a modified
form of distributing the certificate authority functionality.
They proposed a hierarchical threshold level, so that it offers
a different level of security to satisfy the needs for a wide
variety of applications.
Bing Wua et al [4] propose a secure and efficient
key management (SEKM) framework for mobile ad hoc
networks. They build a public key infrastructure (PKI) by .
applying a secret sharing scheme and using an underlying Figure 1. Cluster formation
multi-cast server groups. They gave detailed information on
the formation and maintenance of the server groups. Each
server group creates a view of the certificate authority (CA) 3.1 Group Key Generation And Distribution:
and provides certificate update service for all nodes,
including the servers themselves. Whenever a node comes within the radius of any cluster,
In the case of self organized public key first it will send hello message along with its id and public
management, the system does not need any kind of key.
infrastructure to authenticate keys. S. Capkun et al [3] Cluster head receive this message and initiate the group
suggested a method based on the users issuing certificates to key calculation. It uses the entire nodes public key to
each other based on personal acquaintance. These calculate group key as follows.
certificates are used to bind a public key and a node id. CH : grpkey =(α) p1+p2+….pn+ kCH mod p X Srv -----(1)
Every node should collect and maintain an up-to-date where α – primitive root of p
certificate repository. Certificate conflict is just another kCH -secret key of cluster head,
example of a potential problem in this scheme. p1,p2 …pn – public keys of individual nodes within
the cluster,
3. Proposed Scheme p – prime number and
We had divided the networks into clusters and each Srv – secret random value generated every time while
cluster will have 1- hop nodes and cluster head. Some re-keying.
efficient existing algorithm can be used to group the users
into clusters and generate a cluster head for each one. The Algorithm for the group key generation:
users in each cluster are in a flat network topology and the Procedure:
local key management policy is centralized. BEGIN
The users in the group are classified into two types: Precondition:
cluster heads and ordinary users. The cluster head is Node should present within the cluster
responsible for cluster management, membership if CH gets public keys of all nodes
maintenance and group key distribution and updating. calculate group key as follows:
Initially, all nodes are assigned an id, status code (for CH : grpkey =(α) p1+p2+….pn+ kCH mod p X Srv
cluster head differentiation), its private key and public key. endif
Cluster head is selected based on lowest id algorithm. To
cope up with the dynamic nature of the ad hoc nodes //comment: Encryption
security is enhanced by providing re-keying concept. Re- CH à nodes within the cluster : E (grpkey)
keying is done by cluster head when ever any node joins or using RSA algorithm where
leaves the network to ensure backward secrecy (i.e., a new E(grpkey) = ((grpkey)e mod n) in which
member should not know the previous information that was {e,n} are public key pair.
exchanged) and forward secrecy (i.e., an existing member
should not receive the information exchanged after it leaves Nodes: D(grpkey) = (E(grpkey)d mod n) in which
the network) {d,n} are private key pair.
END
 (IJCNS) International Journal of Computer and Network Security, 105
Vol. 2, No. 5, May 2010

The distribution of group key is done using RSA algorithm.

Cluster head having (e,n) public key and every node C = (M)e mod n (e,n) – public key ---(2)
maintains (d,n) private key. When ever any new node joins M = (C)d mod n (d,n) – private key ---(3)
into the cluster, cluster head calculates new group key and
multicast to already existing nodes. And cluster head unicast Suppose if any node leaves the cluster to maintain
the group key to new node along with private key for RSA forward secrecy, cluster head calculate new group key and
algorithm. also it will change key encryption key also.
And using individual node’s public key, key encryption
3.2 New Node Joins key will be transmitted and using that key group key will be
encrypted. Cluster head will unicast this information to all
When ever a node A joins in the network the following the nodes.
messages are exchanged.
CH à all node: E(Pbnode , (E(e,[Ko]) || (d,n) ) )
Node A joins CH already where
existing nodes Pbnode - public key of new node,
{e, n } - Public key pair of RSA algorithm and
(hello msg, {d, n } - Private key pair of RSA algorithm.
ida, pka,N) calculates new
group key 3.4 Providing Authentication

multicast group
key to all nodes
unicast
(grp key,
private key(d,n))
First group key will be encrypted using RSA algorithm and
it is again encrypted using new node public key.
CH à new node: E(Pbnode , (E(e,[Ko]) || (d,n) ) ) where
Pbnode - public key of new node,
{e, n } - Public key pair of RSA algorithm and
{d, n } - Private key pair of RSA algorithm.
Initially the new node gets the RSA private key pair by
decrypting received key information using its own private
key, after then it decrypts using RSA private key to get
group key.
All other already existing nodes receive encrypted
information and decrypt using RSA algorithm to get the
updated group key.
3.3 Existing Node Leaves
Whenever an existing node B leaves the cluster the
following messages are exchanged.
Node B leaves CH already
existing nodes
Within the network, if any two nodes A and B want to
communicate first it will authenticate each other. The
authentication steps are as follows.
1. Node A calculate hash value using its (id, public
key, group key) and transmit the hash value, id
and public key to node B
2. Node B receive hash value and also it calculate new
hash value from A’s id, public key and group key.
3. Node B will check the received values and
calculated value both are equal or not.
4. If the hashed values are equal, it identifies the peer
node as authenticated node.
Algorithm for authentication:
Procedure:
BEGIN
Precondition:
The nodes must wish to communicate with each other.
if
get the peer nodes public key and ID.
calculate the hash value and transmit to the peer one.
A à B : hash (ida ,pka, group key) || ida ,pka
peer node : calcuate the same hash value.
endif
if both hash values are same
both are authenticated nodes
endif
END

(leave msg, idb) calculates 3.5 To maintain network connectivity

new group key
unicast group key to
all individual nodes
(grp key, private key(d,n))
The group key is encrypted first using RSA algorithm and
then using individual nodes public keys.
After clustering, the cluster head has to do more
computation and so its energy may drain fast.
To check this we can use periodic hello message. If the
cluster head is not done any re-keying operation for the
threshold time of 20 s, it has to broadcast hello message.
This network maintenance can be done with the help of
monitoring nodes. This node can be next highest resource
available node after the cluster head.
This node will maintain a timer, it will check for any
communication from CH. If it does not receive any message
(or) rekeying information, it will send hello message to CH
106 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 5, May 2010

to check for it's presence and wait for it's reply. Suppose if it ii) With respect to transmission delay:
does not receive reply, it will inform to other nodes to
initiate Cluster head selection process.
The monitoring node will wait for a period T and then it
will send hello message.
T= threshold time + propagation delay --- (4)

4. Implementation and performance

comparison

The simulations are performed using Network simulator

(Ns-2), particularly popular in ad hoc networks. The MAC
layer protocol IEEE 802.11 is used in all simulations. The
Destination Sequence Distance Vector (DSDV) routing
protocol is chosen for the simulations. The simulation
parameters used are summarized in Table 1:

Table 1: Simulation Parameters

Figure 3. graphs showing the transmission delay from
Parameter Value central node to individual node (19) during the distribution
Simulation time 1000 sec of group key.
Topology size 750m X 750m
No. of nodes 20
Routing protocol DSDV
Transmission Range 250m
Mobility Model Random Waypoint
MAC IEEE 802.11
Node Mobility 0 to 20 m/sec

Without clusters, the computation time, time delay and

packets transferred from central node are more. Whereas
with the formation of clusters, it is greatly reduced due to
it’s distributed behavior. The performance comparison is as
follows:

i) With respect to communication cost:

Figure 4. graphs showing the transmission delay from
central node to individual node (12) during the distribution
of group key.

5. Conclusion:

The cluster based key management provides the

distribution of computation needed for re-keying process.
Re-keying will be performed within the cluster. And also
using hash function, authentication is provided between
communicating nodes. Inter cluster communication is done
in efficient manner. To maintain network connectivity, a
node called monitoring node is used.

Figure 2. graphs showing the no of packets handled to

distribute the group key during the rekeying process
 (IJCNS) International Journal of Computer and Network Security, 107
Vol. 2, No. 5, May 2010

References Systems, IEEE Transactions on Volume 19, Issue 5,

Page(s):577 – 587, 2008.
[1] Aftab Ahmad, Mona El-Kadi Rizvi, Stephan Olariu [16]Kejie Lu, Yi Qian, Mohsen Guizani, and Hsiao-Hwa
“Common Data Security Network (CDSN)” Chen, “A Framework for a Distributed Key
Q2SWinet’05, Montreal, Quebec, Canada, 2005. Management Scheme in Heterogeneous Wireless Sensor
[2] P.Papadimitratos and Z.J. Haas. "Secure Data Networks”, IEEE Transactions on Wireless
Communication in Mobile Ad Hoc Networks" IEEE Communications, Vol 7, No. 2, Feb’ 2008
Journal on Selected Areas in Communications (JSAC),
Special Issue on Security in Wireless Ad Hoc Networks,
2nd Quarter of 2006.
[3] S.Capkun, L. Butty´an, and J.-P. Hubaux. “Self-
organized public-key management for mobile ad hoc
networks” IEEE Transactions on MobileComputing,
2(1), January-March 2003.
[4] Bing Wu, Jie Wu, Eduardo B. Fernandez, Spyros
Magliveras. “Secure and Efficient Key Management in
Mobile Ad Hoc Networks” Proceedings of the 19th
IEEE International Parallel and Distributed Processing
Symposium (IPDPS’05) IEEE, 2005
[5] Ozkan M.Erdem.” Efficient Distributed Key
Management for Mobile Ad Hoc Networks”0-7803-
8623-W04, IEEE, 2004
[6] YANG Ya-tao, ZENG Ping, FANG Yong, CHI Ya-Ping.
“A Feasible Key Management Scheme in Adhoc
Network” Eighth ACIS International Conference on
Software Engineering, Artificial Intelligence,
Networking, and Parallel/Distributed, IEEE, 2007
[7] Zhou, L. and Z. Haas. “Securing Ad Hoc Networks”,
IEEE Network Magazine, Vol. 13, 1999.
[8] Aldar C-F. Chan, “Distributed Symmetric Key
Management for Mobile Ad hoc Networks”, IEEE
INFOCOM, 2004.
[9] Atef Z. Ghalwash, Aliaa A. A. Youssif, Sherif M.
Hashad and †Robin Doss “Self Adjusted Security
Architecture for Mobile Ad Hoc Networks (MANETs)”
6th IEEE/ACIS International Conference on Computer
and Information Science (ICIS 2007)
[10] Yanchao Zhang, Wei Liu, Wenjing Lou, and Yuguang
Fang, “Securing Mobile Ad Hoc Networks with
Certificateless Public Keys”, IEEE Transactions on
Dependable and Secure Computing, vol. 3, No. 4, Oct-
Dec 2006.
[11] Seung Yi, Robin Kravets, “Key Management for
Heterogeneous Ad Hoc Wireless Networks ”, Proc. of
the 10th IEEE International conference on Network
Protocols (ICNP’02), pages 202-203, Nov. 2002.
[12] Caner Budakoglu and T.Aaron Gulliver, “Hierarchical
Key Management for Mobile Ad Hoc Networks”, 0 -
7803-8521-7/04 IEEE, 2004.
[13]Renuka. A and Shet K.C, “Cluster Based Group Key
Management in Mobile Ad hoc Networks”,
International Journal of Computer Science and Network
Security, Vol 9, No 4, 2009.
[14] Patrick P.C.Lee, John C.S Lui, and David K.Y. Yau,
“Distributed Collaborative Key Agreement and
Authentication Protocols for Dynamic Peer Groups”,
IEEE/ACM Transactions on Networking (TON)
Volume 14, Issue 2 Pages: 263 – 276, 2006.
[15]Lihao Xu, and Cheng Huang, “Computation Efficient
Multicast Key Distribution”, Parallel and Distributed