A lightweight group-key management protocol for secure ad-hoc-network routing

AbstractSecure routing protocols for ad hoc networks use group keys for authenticating control messages without high energy consumption. A distributed and robust group-key management is, thus, essential. This paper proposes and specifies a protocol for distributing and managing group keys in ad hoc environments based on the Secure Optimized Link State Routing protocol (SOLSR). The proposed protocol manages group keys taking into consideration frequent network partitions/mergers and also reduces the impact of non-authorized users that try to illegitimately obtain the group key to use network resources. The analysis shows that our proposal provides high availability and presents low energy consumption for the two most important group events in ad hoc network: joining-node events and network-partition-merging events. Our protocol reduces both the number of control messages and the energy spent with cryptographic operations by up to three orders of magnitude when compared to contributory group-key agreement algorithms. The proposed protocol provides an efficient key management in a timely manner

Energy-Efficient ID-based Group Key Agreement Protocols for Wireless Networks

One useful application of wireless networks is for secure group communication, which can be achieved by running a Group Key Agreement (GKA) protocol. One well-known method of providing authentication in GKA protocols is through the use of digital signatures. Traditional certificate-based signature schemes require users to receive and verify digital certificates before verifying the signatures but this process is not required in ID-based signature schemes. In this paper, we present an energy-efficient ID-based authenticated GKA protocol and four energy-efficient ID-based authenticated dynamic protocols, namely Join, Leave, Merge and Partition protocol, to handle dynamic group membership events, which are frequent in wireless networks. We provide complexity and energy cost analysis of our protocols and show that our protocols are more energyefficient and suitable for wireless networks.

Fault-Tolerant Extension of Hypercube Algorithm for Efficient, Robust Group Communications in MANETs

Securing multicast communications in Mobile Ad Hoc Networks (MANETs) has become one of the most challenging research directions in the areas of wireless networking and security. MANETs are emerging as the desired environment for an increasing number of commercial and military applications, addressing also an increasing number of users. Security on the other hand, is becoming an indispensable requirement of our modern life for all these applications. However, the limitations of the dynamic, infrastructure-less nature of MANETs impose major difficulties in establishing a secure framework suitable for group communications. The design of efficient key management (KM) schemes for MANET is of paramount importance, since the performance of the KM functions (key generation, entity authentication, key distribution/agreement) imposes an upper limit on the efficiency and scalability of the whole secure group communication system. In this work, we contribute towards efficient, robust and scalable, secure group communications for MANETs, by extending an existing key agreement (KA) scheme (where all parties contribute equally to group key generation) ypercube - to tolerate multiple member failures with low cost, through its integration with a novel adaptively proactive algorithm. We assume that the participating users have already been authenticated via some underlying mechanism and we focus on the design and analysis of a fault-tolerant Hypercube, with the aim to contribute to the robustness and efficiency of Octopus-based schemes (an efficient group of KA protocols for MANETs using Hypercube as backbone). We compare our algorithm with the existing approach, and we evaluate the results of our analysis. Through our analysis and simulation results we demonstrate how the new Hypercube algorithm enhances the robustness of the Octopus schemes maintaining their feasibility in MANETs at the same time. Key terms: Key Management, Key Agreement, Hypercube Protocol, Fault-Tolerance, Octopus Schemes, Elliptic Curves Cryptograph

An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

A Conditional Privacy Preserving Authentication and Multi Party Group Key Establishment Scheme for Real-Time Application in VANETs

Vehicular Ad-hoc Networks (VANETs) are a cardinal part of intelligent transportation system (ITS) which render various services in terms of traffic and transport management. The VANET is used to manage growing traffic and manage data about traffic conditions, weather, road conditions, speed of the vehicle, etc. Even though, VANETs are self-sufficient and effective networks but they still suffer from various security and privacy issues. VANETs need to ensure that an adversary should not be able to breach user associated data and delete or modify the exchanged messages for its gains, as these messages comprise of sensitive data. In this paper, we have proposed an authentication and key-agreement protocol based on cryptographic hash functions which makes it lightweight in nature and also suitable for VANET environment. Moreover, to enhance the security and reliability of the entire system, the proposed key-agreement protocol makes use of random session modulus to compute a dynamic session key i.e. for every session, vehicles generate their session specific secret modulus which are then converged to form a common group session key. The formal verification of the proposed work is done using Real - or - Random oracle model, AVISPA and BAN Logic while informal security analysis shows that the proposed protocol can withstand various attacks. The simulation results and analysis prove that the proposed work is efficient and has a real-time application in VANET environment