Key management in mobile ad hoc networks

In mobile ad hoc networks (MANETs), providing secure communications is a big challenge due to unreliable wireless media, host mobility and lack of infrastructure. Usually, cryptographic techniques are used for secure communications in wired networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In MANETs, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We proposed a secure and efficient key management framework (SEKM) for MANETs. SEKM builds a PKI by applying a secret sharing scheme and using an underlying multicast server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. Motivated by the distributed key management service, we introduced k-Anycast concept and proposed three k-anycast routing schemes for MANETs. k-anycast is proposed to deliver a packet to any threshold k members of a set of hosts. Our goal is to reduce the routing control messages and network delay to reach any k servers. The first scheme is called controlled flooding. The second scheme, called component-based scheme I, is to form multiple components such that each component has at least k members. The third scheme, called component-based scheme II, in which the membership a component maintains is relaxed to be less than k. Collaborative and group-oriented applications in MANETs is an active research area. Group key management is a central building block in securing group communications in MANETs. However, group key management for large and dynamic groups in MANETs is a difficult problem. We propose a simple and efficient group key management scheme that we named SEGK for MANETs, which is based on n-party Diffie-Hellman (DH). The basic idea of our scheme is that a physical multicast tree is formed in MANETs for efficiency. To achieve fault tolerance, double multicast trees are constructed and maintained. A group coordinator computes and distributes intermediate keying materials to all members through multicast tree links. All group members take turns acting as group coordinator and distributing the workload of group rekeying during any change of group membership. Every group member computes the group key in a distributed manner.