A Hierarchical Key Management Scheme in Mobile Ad hoc Networks

This paper proposes a hierarchical key management scheme in the mobile Ad hoc networks. In this scheme, there are two kinds of server nodes: the special server nodes and the ordinary server nodes, such that only when two kinds of server nodes collaborate can they provide a certificate service. In order to satisfy this special application, we design a new secret sharing scheme for splitting the system private key, in which it generates two different kinds of shares of the system private key: the special share and the ordinary share, where it needs at least one special share and t ordinary shares to recover the system private key, thus we call it threshold scheme. Furthermore, we present a distributed signature scheme for a user’s certificate in the mobile Ad hoc networks based on this secret sharing.


Introduction
With the development of the mobile computing and wireless communication technology these years, Mobile Ad hoc networks (MANETs) had were widely used in military, emergency and civil occasions, but most of these applications required the highly security.Nowadays, many official documents required to be approved by the different departments hierarchically.For example, before the bank approved a lending proposition, the staff must have investigated and approved the economic conditions of the applicant first and then submitted the lending proposition for approval to the leaders hierarchically.In this paper, we mainly consider how to provide such services in MANETs.
To solve the problem above, we proposed a hierarchical key management scheme and extended its applications for the digital signature in MANETs.In such scheme, a group of server nodes, which collaborate to play the part of Certificate Authority (CA), are partitioned to two different kinds of server nodes: the special server node (SN) and the ordinary server node (ON).Furthermore, we correspondingly designed a threshold secret sharing scheme, in which it generated two kinds of shares: the special shares (Ss) and the ordinary shares (Os), and distributed them to SN and ON respectively.To recover the private key of the system, it needed one SN and t ONs at least.Here we called it (1, , ) t n threshold scheme, which not only had good practicability for the affairs such as the hierarchical approval, but also improved the security of the whole system compared with the traditional ( , ) t n threshold schemes.

Related Works
Because of the features of self organize and dynamic topology of MANETs, the centralized key management schemes in the traditional network are no longer fit for it.There are three main reasons [1][2]: firstly, there is a key management center (KMC) in the centralized key management schemes, which may induces the single point failure; secondly, MANETs have a limited bandwidth, and furthermore have certain restriction for the node computation, storage capacity and energy, so if each node in the network applies for certificate service to KMC it will cause the network congestion and the resources of KMC will be exhausted; thirdly, the routing information of each node needs to renew frequently since MANETs' topology changes dynamic and wireless multi-hop communication itself has high bit error rate, which will lead to increase the delay of key management service ultimately.
To solve the first two problems above, it requires to distribute trust to the server node sets and to let all nodes perform key management jointly.As a result, two different methods, partially distributed key management scheme and fully distributed key management scheme, are proposed early or late.Zhou, Hass et al. [3] presented partially distributed key management scheme [4][5][6], which used ( , ) t n threshold secret sharing scheme [7] to distribute the services of the CA to a set of specialized server nodes.Each of these nodes is capable of generating a partially certificate using their shares of the system private key, but only by combining t such partial certificates can a valid certificate be obtained.It is obvious that it can decrease the delay of key management service when we accomplish certificate service between one-hop neighbor nodes instead of multi-hop communication.Later, Luo, Lu et al. [8] presented fully distributed key management scheme [9][10], which distributed the services of the CA to all the nodes.Any operations requiring the system private key can only be performed by a coalition of t or more nodes, the availability of the service is based on the assumption that every node will have a minimum of t one-hop neighbors.These schemes decrease the delay of service, but increase the risk to expose the system private key.
No matter partially, or fully, distributed key management scheme, there is a common problem that the service nodes are entirely peer, and they have the same ability to recover the secret message.Thus both of them aren't fit for providing a hierarchical key management and service in MANETs.

Proposed Scheme
Network Model.There are three kinds of nodes in our network model: special server nodes sv , ordinary server nodes ( 1, 2, , ) , and user nodes u v .The scheme is divided into two phases: the secret sharing phase and the service phase.In the secret sharing phase, the off-line CA selects the relevant parameters, computes and distributes the shares of the system private key to the different server nodes.In the service phase, SN and ON provide certificate services for user nodes jointly.Notations used in the paper are defined as follows: ; [5] Finally, he chooses a degree ( 1) t − polynomial ( ) Step2.Given from the above polynomial, the off-line CA computes ( ) and sends it to the ordinary server node i v as his share, respectively.Furthermore, he privately sends the integer d to the special server node sv as his share.In addition, he selects a primitive root g in N Z , computes: ( 1, 2, , 1) j a j v g j t = = − , and announces them over the public channel.Finally, he deletes all secret messages.
Step3.After receiving the respective share, sv checks its validity by the following verified Eq.1, i v verifies the Eq.2.If one fails, they cancel this protocol and restarts; or else they complete the secret sharing phase successfully.
( ) where The Service Phase.In the service phase, if a user node u v wants to apply for a certificate, the request information, called CREQ, will be broadcasted.After receiving CREQ, one SN and t ON collaborate to sign a certificate for the user node u v .Without loss of generality, let i v ( 1, 2 , ) i t = be t members of all ON that want to collaboratively generate the certificate for the user node u v with the help of the special server node sv .
Step1.After receiving the request information of the user node u v for the certificate, the ordinary node i v authenticates the legality of the user, and furthermore provides the certificate services for the legal user as follows ( 1, 2 , ) i t = : [1] The ON i v computes the ordinary sub-key of the signature key: (0) [2] The ON i v (  , u v will accept it.Otherwise, the user u v will broadcast a complaint and another request for certificate again.

Scheme Analysis
Now we first prove that the present scheme is correct and secure, and then give a performance analysis.
Theorem 1.The user node u v will get a correct certificate sk u Cert signed by sk if two kinds of server nodes honestly execute the protocols.
Proof.Without loss of generality, we assume the partial signed certificates received by u v are u i Cert ( Theorem 2. No matter how many ONs there are, they can't recover the system private key sk .
Proof.According to threshold secret scheme of Shamir [7], we know that t or more than ONs can recover the secret information Cert in a polynomial time, that is, it is the computational security.Give from Theorem 1, 2 and 3, we can see that our scheme is correct and secure.Further more, our scheme combines the advantages of partially distributed key management scheme and fully distributed key management.In our scheme, there are two kinds of shares of the system private key: Ss and Os, which are distributed to SN and ON separately.In order to provide the certificate services for the user nodes, it needs one SN and at least t ONs to collaborate to play the role of CA.On the one hand, there always exist some nodes with higher performance of computing capability,

298
Emerging Engineering Approaches and Applications memory space and wireless transmission capability in MANETs, which can be selected as SNs.The appointment of SNs makes our scheme have the same security as partially distributed key management; On the other hand, given from Theorem 2, no matter how many ONs there are, they can't recover the system private key.Thus we can select lots of nodes as ONs, in such a way that there are at least t ONs in neighbors of each user node, that is, the certificate services can be accomplished among one-hop neighbor nodes.That is, our scheme has the same availability as fully distributed key management scheme.In addition, our scheme has the same communication complexity and computational complexity as almost all the existing distributed key management scheme based on RSA cryptography.

Conclusions
In this paper, we have proposed a hierarchical key management scheme for MANETs, designed a new secret sharing scheme for splitting the system private key, and presented a distributed digital signature scheme based on this secret sharing scheme.Our scheme has advantages of both partially distributed scheme and fully distributed scheme, such as security and availability.Thus our scheme is very fit to provide secure services to some affairs such as hierarchical approval in MANETs.

Table 1 . The definition of all notations
[1]ording to the requirement of RSA cryptosystems, the off-line CA first generates the following parameters: sk , pk , d and ( ) f x .[1]Hefirst selects two large prime integers: p and q , and computes N pq Please note that the values of p and q must satisfy the equations: pk System public key sk System private key d Interference factor, special share of sk (Ss) * Select from ( ) n Z φ * randomlyThe Secret Sharing Phase.In the secret sharing phase, the off-line CA selects the relevant parameters, calculates and distributes the shares of the system private key to all server nodes.Now, let us describe it in detail as follows: Step2.After the SN sv receives the request information CREQ for certificate, He first authenticates the legality of u v .If u v isn't legal, sv will discard CREQ, otherwise, sv will sign u id represents the ID of u v , u pk denotes the public key of u v , and T is the expiry date of the certificate.u Cert using his sharing sub-key d, and generate a special partial signed certificate , and the system private key sk are not obtained and revealed only from the partial signed certificate at the service phrase.
u sk