Elsevier

Ad Hoc Networks

Volume 6, Issue 4, June 2008, Pages 560-577
Ad Hoc Networks

A secure group key management scheme for hierarchical mobile ad hoc networks

https://doi.org/10.1016/j.adhoc.2007.04.006Get rights and content

Abstract

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.

Introduction

A hierarchical mobile ad hoc network (HMANET) architecture is formed by multiple groups in a hierarchical network structure in which each group consists of multiple mobile nodes. The HMANET architecture has been extensively studied [1], [2], [3]. In this paper, we focus on the security aspect of the HMANET architecture, especially on developing an efficient secure group key management scheme. It may be noted that wireless mobile devices usually have limited energy capacity, which restricts their communication abilities [4]. Thus, compared to the fixed network infrastructure, an efficient group keying scheme in an HMANET that can address reduction of both communication and computation overhead is desirable. A critical issue in key management in the HMANET framework is whether a scheme allows movement of mobile nodes from one group to another without unduely increasing overhead, which impacts power consumption cost. Furthermore, in a real-time application environment, a device that is visiting another group should be able to communicate without unduely incurring heavy key establishment cost.

In this paper, we focus on a HMANET environment in which devices (i.e., users with devices) may frequently move from one group to another. We have developed a keying scheme that allows such movement without requiring a new key generation and establishment for each communication session. To reduce both communication and computation overhead of group key management schemes for HMANET, we present a shared-key-based group-key management scheme in which the group key management includes two phases: (1) a key predistribution phase and (2) a group communication phase. In order to discuss these phases, we first introduce a few terminology: an add means a new user becomes a member of an existing group; this is distinguished from a join when a group member joins an existing group/subgroup communication session. When a member leaves a group permanently, we refer to it as a delete or hard eviction; if a member leaves an existing group communication session, it is referred to as a leave or soft eviction.

It is assumed that each group forms initially with a stable group population for which a key pre-distribution phase is initially invoked. In each such group, a group manager is assumed to be in charge of the key distribution for its group. If a new user is added to an existing group, then a new key distribution is invoked; this is not to be confused with a user from another group visiting an existing group. To avoid frequent key pre-distribution, a group can be formed that allows some empty slots. For instance, suppose a group is of size 50, but is anticipated to grow to 60 soon; in this case, the group can be started with 60 slots in our group keying scheme, so that the empty slots can be filled with if a new user is added to the group, yet not requiring another key distribution unless the group size actually goes over 60. It should be noted that key pre-distribution is not required for the following three cases: (1) a subset of existing group members need to communicate impromptu for a secure subgroup communication session, (2) a member is to be excluded from an existing communication session, and (3) a member is involved in multiple subgroup communications simultaneously (subgroups can be overlapped). This three scenarios fall under the communication phase and operations involved fall under join or leave, as defined earlier. Furthermore, our keying scheme has the property that a user can be in multiple subgroup communications sessions without requires news keys.

It may be noted that a hierarchical group structure improves the scalability of key management for large-scale heterogenous MANETs. The drawbacks of a hierarchical structure are: (1) it reduces the flexibility of the group formations, and (2) it requires an additional mechanism to handle roaming of group members. For example, a mobile user may travel to other groups and might not be able to set up communication back to its original group members, or if the group manager fails, then a new group manager needs to be assigned either by the higher-level nodes or elected by other group members. To solve such issues, we present a source-routing-based roaming protocol which utilizes a computational efficient multicast-tree encoding scheme using Prüfer sequence [5].

We next comment on security policy. The Bell-La Padula (BLP) confidentiality security model provides a basis for us to build a security model for HMANET [6]. Briefly, the BLP model describes a secure computer system abstractly, without regard to the system’s applications. Our hierarchical structure follows a modified Bell-La Padula confidentiality security policy model to accommodate a distributed hierarchical environment; in this model, the key derivation relation is downward in which the higher-level group members can decrypt the lower-levels’ ciphertext. We address applicability of the BLP model from its abstract form to the secure group key management framework in an HMANET environment.

Several secure group communication key management schemes have been presented in the past decade. The previous work can be broadly classified into distributed schemes and centralized schemes [7]. The most well-known distributed scheme is the Group Diffie–Hellman (GDH) method [8], [9], [10]. This approach requires a linear number of expensive public-key operations, while there have been efforts to reduce the number of public-key operations [8], [11]. However, due to the computational overhead imposed by public-key operations, each user needs to negotiate with its communication peers to maintain the communication group. In general, this class of schemes is not suitable for delay sensitive and real-time interactive applications.

Centralized secure group communication keying schemes (which are all non-public key solutions) have been approached by two different research communities: one from the information theory community, and the other from the Internet community. In the approach that stems from the information theory community, the Key Pre-distribution Scheme (KPS) plays a critical role [12], [13]. KPS requires a trust authority to distribute secret information before group communication; then during group communication, only privileged subsets (pre-specified) of participants are able to compute certain keys. For instance, the Broadcast Encryption Scheme (BES) [14] consists of a key pre-distribution phase, followed by a broadcast message which is to be decrypted only by a privileged subset (pre-specified) of participants. In the approach that stems from the Internet community, the Framework Oriented Schemes (FOS) [15], [16], [17], [18] is a popular scheme, which uses hierarchical group relations to set up group keys. FOS can be either a single flat group under one management center or multi-level groups with multiple group management centers. For instance, the Key Oriented Schemes (KOS) use key derivation relations to build up the keying scheme. Group members use their secrets to generate the desired group key (see [19], [20], [21], [22]). Centralized scheme requires the key server to be always online to maintain the group changes. In our previous work, we have shown that the group management overhead is prohibitively high if the group member join or leave during the communication phase is frequent [23].

Approaches such as key pre-distribution and pairwise key establishment schemes (e.g., [24], [25]) have been proposed in recent years for sensor networks. A set of secrets are pre-installed in each sensor before deployment. After they are deployed, each sensor can set up pairwise keys with its neighboring nodes. Although the key distribution mechanism is somewhat similar to our approach, the goal is different. We target to set up all possible subgroup keys instead of pairwise keys such that during the communication phase there is no key verification cost – a desirable property for real-time interactive applications.

Basagni et al [26] proposed a shared key based solution for key management in large scale ad hoc networks. Their approach assumes that each mobile node is a good node and behaves properly. By combining mobility-adaptive clustering and an effective probabilistic selection of the key-generating node, a shared key is periodically updated among all mobile nodes.

Rhee et al. [27] have presented a secure group key management architecture in HMANET environment. They create two levels of groups: a cell group located at the bottom of the hierarchy uses centralized group key management, and a control group located on top of cell groups uses distributed group key management. In each cell group, the group key management is managed by the group manager, which is not suitable for frequent subgroup formation/deletion and delay sensitive applications. In addition, the group member migration will invoke heave public-key operations.

In current research literature, there are no security models for the HMANET. In a hierarchical structure, the Bell-La Padula (BLP) security model [28], [29] is a possible choice. However, the BLP security model was originally designed for computer systems, not distributed hierarchical networks. Although, the BLP model has been extended to traditional multi-level secure message systems [30], its suitability to the HMANET has not be addressed so far.

Our work focuses on the following directions in a HMANET framework: (1) we present a multi-level security model, (2) we have developed a hierarchical secure group keying scheme to decentralize the group key management overhead to multiple group managers, and (3) we present an inter-group roaming protocol for inter-group key management to improve the survivability when group managers fail or members from one group roam in another group. Specifically, we present a unique solution by integrating the group keying and group management within a hierarchical networking framework that allows scalability of group key management.

We also discuss how our approach is applicable to the BLP confidentiality security model. In each group, the group keying scheme follows the same group formation structure. As a result, the group keying scheme can be applied to every group in the multi-level hierarchical group structure. A second advantage is that due to the decentralized group management structure in HMANET, our approach is resilient to any single point failure problem. In addition, our roaming protocol is able to provide secure group communication for group members in different groups and it is able to provide continuous group communication when a group manager fails. We present performance assessment of our scheme to support our claims.

The rest of the paper is organized as follows: in Section 2.1, the HMANET architecture is presented along with the security model and the attack model. In Section 3, the hierarchical group key management keying scheme and the roaming protocol are described in details. The performance issues are given in Section 4. Finally, we summarize our work in Section 5.

Section snippets

Overall architecture

We first describe the hierarchical mobile ad hoc network architecture. It consists of three levels: root level, mobile backbone network level, and mobile user network level; in each level, there can be multiple nodes. Thus, we can envision a root network followed by multiple mobile backbone networks (MBNs), which is associated with a node in the root network; in turn, a mobile user network (MUN) is associated with each MBN node. For example, MBNs can be based on unmanned ariel vehicles (UAVs).

Secure group key management for HMANET

In this section, we present our secure group key management scheme for HMANET. This approach is built on our previous keying scheme for a flat architecture [23]. Briefly, our extended scheme is a multi-level, multi-group keying structure. In this scheme, each group member maintains the same number of pre-installed keys and each group member can serve as the group manager for a lower-level group. We present two roaming protocols to solve the roaming issues in a hierarchical secure multi-group

Performance assessments

We present performance assessments from two perspectives: group key management (i.e., storage requirements, the communication overhead of group key management, and the complexity of group and subgroup key derivation) and the roaming protocol.

Summary

In this paper, we present a secure group key management framework for hierarchical mobile ad hoc networks. Our approach considers (1) a security model, 2) a hierarchical group keying scheme using a key-chain approach, and 3) a roaming protocol between host groups and home groups. Our framework is suitable for ad hoc network applications where the overall group population is stable, the subgroup communication is frequent and highly dynamic, and the mobility of a mobile node is not restricted

Acknowledgement

The authors would also like to thank anonymous reviewers for their valuable, detailed comments that improve both the content and representation of this paper.

Dijiang Huang received his B.S. degree from Beijing University of Posts & Telecommunications, China 1995. He received his M.S., and Ph.D. degrees from the University of Missouri–Kansas City, in 2001 and 2004, respectively. He is an Assistant Professor in the Computer Science & Engineering Department at the Arizona State University. His current research interests are computer networking, security, and privacy.

References (37)

  • C. Blundo et al.

    Perfectly-Secure Key Distribution for Dynamic Conferences

    Information and Computation

    (1998)
  • C. Karlof et al.

    Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

    Elsevier’s AdHoc Networks Journal, Special Issue on Sensor Network Applications and Protocols

    (2003)
  • S. Basagni et al.

    Dependable Multicast for Mobile Ad-Hoc Networks

    Computer Networks

    (2001)
  • A. Iwata et al.

    Scalable Routing Strategies for Ad Hoc Wireless Networks

    IEEE Journal on Selected Areas in Communications

    (1999)
  • G. Pei, M. Gerla, X. Hong, C.-C. Chi, A Wireless Hierarchical Routing Protocol with Group Mobility, in: Proceedings of...
  • R. Ramanathan et al.

    Hierarchically-Organized, Multihop Mobile Wireless Networks for Quality-of-Service Support

    Mobile Networks and Applications

    (1998)
  • C.E. Jones et al.

    A Survey of Energy Efficient Network Protocols for Wireless Networks

    Wirel. Netw.

    (2001)
  • H. Prüfer

    Neuer Beweis eines Satzes ueber Permutationen

    Archiv für Mathematik und Physik

    (1918)
  • M. Bishop

    Computer Security: Art and Science

    (2002)
  • S. Rafaeli et al.

    A Survey of Key Management for Secure Group Communication

    ACM Computing Surveys

    (2003)
  • Y. Kim, A. Perrig, G. Tsudik, Simple and fault-tolerant key agreement for dynamic collaborative groups, in: Proceedings...
  • G. Ateniese et al.

    Authenticated group key agreement and friends

  • M. Burmester et al.

    Efficient and Secure Conference-key Distribution

  • J. Alves-Foss

    An Efficient Secure Authenticated Group Key Exchange Algorithm for Large and Dynamic Groups

  • R. Blom

    An Optimal Class of Symmetric Key Generation Systems

  • A. Fiat et al.

    Broadcast Encryption

  • T. Ballardie, Scalable Multicast Key Distribution, RFC 1949, 1996....
  • L. Gong et al.

    Elements of Trusted Multicasting

  • Cited by (47)

    • A secure and efficient group key agreement approach for mobile ad hoc networks

      2017, Ad Hoc Networks
      Citation Excerpt :

      Mobile devices are mostly resource constrained due to fast battery depletion problem. For instance, protocols in [44,45] are well-known group key distribution protocols that the energy efficiency is a primary concern. In this study, we mostly concentrate on group key agreement protocols and we analyze protocols with respect to computational and communications costs rather than energy efficiency.

    • Polynomial-based key management for secure intra-group and inter-group communication

      2013, Computers and Mathematics with Applications
      Citation Excerpt :

      Both intra- and inter-group key management are considered to secure the group communication. Huang et al. [20] proposed an inter-group roaming protocol for inter-group key management to improve the survivability when group controllers fail or members from one group roam into another group. But it is not suitable for our applications.

    • Analysis for Detection in MANETs: Security Perspective

      2023, Lecture Notes in Electrical Engineering
    • Clustering based trust and group key management for secure communications in MANET

      2021, International Journal of Services Operations and Informatics
    • A Memory-efficient Group Key Managment for Communicating Things

      2020, Q2SWinet 2020 - Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks
    View all citing articles on Scopus

    Dijiang Huang received his B.S. degree from Beijing University of Posts & Telecommunications, China 1995. He received his M.S., and Ph.D. degrees from the University of Missouri–Kansas City, in 2001 and 2004, respectively. He is an Assistant Professor in the Computer Science & Engineering Department at the Arizona State University. His current research interests are computer networking, security, and privacy.

    Deep Medhi is Professor of Computer Networking, Computer Science and Electrical Engineering Department at the University of Missouri-Kansas City, USA. He received B.Sc. (Hons) in Mathematics from Cotton College/Gauhati University, India, M.Sc. in Mathematics from the University of Delhi, India, and Ph.D. in Computer Sciences from the University of Wisconsin-Madison, USA. Prior to joining UMKC in 1989, he was a member of technical staff at AT& T Bell Laboratories. He was an invited visiting professor at the Technical University of Denmark and a visiting research fellow at Lund Institute of Technology, Sweden. He is a Fulbright senior specialist. His research interests are resilient multi-layer network design, network routing and design, sensor networks. He has published over seventy papers, and is co-author of the books Routing, Flow, and Capacity Design in Communication and Computer Networks (2004), and Network Routing: Algorithms, Protocols, and Architectures (2007), both published by Morgan Kaufmann Publishers.

    View full text