More Related Content Similar to Advanced Data Protection and Key Organization Framework for Mobile Ad-Hoc Networks (20) Advanced Data Protection and Key Organization Framework for Mobile Ad-Hoc Networks1. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://ijiris.com
_________________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 35
Advanced Data Protection and Key Organization Framework for
Mobile Ad-Hoc Networks
Dr. S.K. Mahendran
Director, Department of Master of Computer Applications,
SVS Institute of Computer Applications,
Coimbatore, Tamil Nadu, India
Abstract-- Key organization and protect routing are two major subjects for Mobile Ad-hoc Networks nonetheless preceding
explanations tend to contemplate them distinctly. This indicates to Key organization and protects routing inters dependency
cycle problem. In this paper, we recommend a Key organization and protection of routing integrated scheme that speeches Key
organization and protection of routing inter dependency cycle problem. By using identity based cryptography this scheme
delivers produced including confidentiality, honesty, verification, cleanness, and non-repudiation. Connected to symmetric
cryptography and conventional asymmetric cryptography as well as preceding IBC arrangements, this arrangement has
developments in many features. We deliver hypothetical resistant of the refuge of the scheme and validate the efficiency of the
scheme with applied simulation.
1. INTRODUCTION
Exploration on sanctuary of Mobile Ad-hoc Networks remains active, in vindictiveness of years of consideration, in both
academia and productiveness. It is incompletely due to the fact that no established solution is extensively accepted and the
mounting accessibility of slight, modified mobile devices with peer to peer communication competence through wireless channels.
Key organization (KO) and protected routing (PR) are two most significant issues for MANETs. Protected routing guarantees
fruitful routing among trustworthy nodes with opponent nodes remaining around or confidential the network, and forms the
substratum of a protected MANET system. A protected routing arrangement should at smallest meet these supplies: Data
Confidentiality, Data Truthfulness, Data Cleanness, Data Obtainability, Data &IndividualityVerification, and Non-repudiation.
Cryptographically explanations can satisfy the above requirements except Data Availability which requires assistance of other
skills. Key organization is indispensable to cryptography.
The consequence is the KO–PR inters dependency cycle problem [1], which means that Key organization relies on protected
routing for key age group, and protected routing relies on safe keys to setup an authentic routing table. Thus, the Key organization
schemes cannot be used in protected routing protocols that would require protected keys. The public key of IBC is self-proving
and can carry much useful information. The arrangement utilizes system limits of IBC to derive node specific transmission keys.
System restrictions are distributed to genuine nodes through public channels, based on which the assimilated node-specific
transmission keys are generated and secure direction-finding can be set up. Note that the genuine distribution of system limitations
and routing setup are all carried out through public frequencies, and generation of integrated node-specific broadcast keys does not
require any extra communication between nodes; thus there is no KO–PR inters dependency cycle. The Key organization
combined routing procedure starts with an important and genuine network. Such an important and genuine network is
accomplished with a genuine parameter delivery process to be presented later. With the secret system parameters, the nodes
communicate with each other securely and set up routing table. The only way of communication before routing setup is
distribution. The scheme uses system parameters of IBC to derive node-specific transmission keys. These node-specific
transmission keys are used to transmission routing messages to all neighbors of a node or all other nodes in the network. The
routing protocol decides the terminuses of the routing messages.
2. RELATED WORK
In this section, we for a short time review some preceding work associated to our work. Due to a large number of works on this
topic in the literature, we limit the scope to major work on asymmetric key cryptography and especially focus on IBC schemes.
For a complete survey on this topic, please refer to [2]. Previous Key organization schemes and secure routing schemes tend to
discuss these two issues separately. Most of Key organization schemes based on asymmetric cryptography employ threshold
cryptography originated from Shamir [9] to generate public keys and private keys online. At first, Zhou and Haas [14] suggest
using this scheme to establish a Key organization service using a single CA in ad hoc networks. The authors propose a distributed
CA architecture and PKI used in ad hoc networks. The CA service, as a whole, has a public/private key pair K/k. The public key K
is known to all nodes in the network, whereas the private key k is divided into n shares v1, v2... , and one share for each server.
Khalilietal [8] Propose a distributed PKG scheme for IBC. The participating nodes form a threshold PKG, and generate in a
distributed fashion a master public key. The master secret key is shared in a t out of n threshold manner by this initial set of n
nodes.
Deng et al. implemented this idea in their work [3, 4]. Li and Han [15] propose a sign-crypt scheme that provides a way for secure
transmission, by using periodic private keys, multicast group of PKGs, and key proxy. The PKG nodes form a multicast group,
2. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://ijiris.com
_________________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 36
and share a group key. The solution to break the KO–PR inters dependency cycle is to have a Key organization not trusting on
protected routing because protected routing should not be employed without safe keys. Chien et al. in, [6, 7], propose a group key
agreement protocol based on 2-party or 3-party Diffie–Hellman key exchange protocol. In their scheme, they divide the whole
group into several cell groups and a control group, and each cell group is managed by its cell group controller independently of the
other cell groups. Nodes within the same cell group share a cell group key, which can be generated in a distributive or contributory
way. On the basis of the pair wise communication, they propose a tripartite key agreement protocol which allows three parties
establish their session keys. The scheme is modified from Hess’ signature [12] for traditional public key setting. The protocol has
two rounds. In the first round, the entities broadcast their ephemeral public keys; in the second round, the entities broadcast their
confirmation (signatures) on the session and ephemeral public keys. After authenticating the message from the other two nodes,
the three nodes share these session keys. We here propose a KO–PR combined scheme that breaks the inters dependency cycle.
The grain of this agenda is a key organization integrated steering protocol which KO–PR inters dependency cycle. The enterprise
of this protocol is based on these notions:
Key organization should not trust on secure routing. Protected keys should be obtainable before a routing procedure starts
working. To stop routing occurrences, a routing procedure must scramble and substantiate every message and container, not only
end-to-end, but also hop-by-hop. Some routing protocols have produced or efficiency faintness.
The Key organization combined routing protocol starts with an important and authentic network. Such a trusted and genuine
network is accomplished with an authentic parameter circulation process to be presented later. With the secret system limitations,
the nodes transfer with each other firmly and set up routing table. The only way of communication before routing setup is
dissemination. The scheme utilizes system restrictions of IBC to derive node-specific broadcast keys. These node- specific
broadcast keys are used to broadcast routing messages to all neighbors of a node or all other nodes in the network. The routing
protocol decides the destinations of the routing messages. The node-specific broadcast keys, or in other words, 1-to-m keys, are
essential for secure routing: pair wise, or One-to-One, keys cannot be used in routing protocols, because there is no routing
between any two nodes; GroupWise, or m-to-m, keys are not secure sufficient, because there is no confirmation or non-
repudiation, and Features and disadvantages of symmetric cryptography, PKI and IBC. KO scheme Number of keys to store per
node Produced features KO–PR inters dependency Symmetric key v (n) (n: the number of nodes in the network) Confidentiality,
integrity No PKI V (n) (n: the number of nodes in the network) Confidentiality, truthfulness, verification, non-repudiation Yes
IBC Constant Confidentiality, truthfulness, verification, non-repudiation Yes Our goal Constant Confidentiality, truthfulness,
substantiation, non-repudiation is particularly susceptible to negotiation because one negotiated key reveals all encrypted
communications for the whole group. In this structure, secure keys are obtainable before a routing protocol starts working, so that
a secure routing that meets the requirements mentioned in Section 1 can be set up.
To prevent various routing attacks, the routing protocol encrypts and authenticates every message and packet, not only end-to-end,
but also hop-by-hop. In previous schemes, there are three steps to set up routing and we see four problems in these schemes: Inters
dependency cycle between step 2 and 3.There is no protection in secure key setup messages, thus generated keys are not
guaranteed secure. The system is subject to mobile occurrences, and can be taken over by the opponent. The system is subject to
mobile attacks, and can be taken over by the adversary [5]. Park et al. [10]’s work is similar to [15], except that the signature and
verification procedures are different. Park and Lee [13], Park et al. in [14], Lee and Sriborrirux [16] present similar work
separately.
3. Proposed Work
The anticipated new organization addresses these four difficulties. The important point in the scheme is combined key generation.
There is no an unambiguous key conversation message or key group phase. Associated to previous schemes, the only new
obligation is more work in circulation of system parameters. We authenticate participating nodes and dispense system parameters
only to authentic nodes. The system parameters are M=(m,x,a, ,X,X0,X1) where X:{1,2}*→ is a random oracle hash
function for mapping an identity string to a point.Every authenticated node gets the system parameters and its private key from the
PKG before the network starts up. Traditionally, this can be achieved by gathering authentic nodes and distributing secret securely
right be- for deploying, for example, by face-to-face communication, infrared, or Radio Frequency (RF) communication in a small
and protected area. N node N generates a node-specific broadcast key in this way: A computes
= ( ,X)
= ( )
Produced of the proposed scheme is based on assumptions well established and theorems proved in this paper.
Assumption: 1 System parameters are distributed only to authentic nodes of the network and kept secret to adversaries at network
startup
Assumption 2: AES cryptosystem used in this scheme is hard enough, so that adversaries cannot break the system and learn the
plaintext if they do not know the key.
3. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://ijiris.com
_________________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 37
Assumption 3: Static Diffie–Hellman (SDH) problem is hard in group S1, i.e.: Given (X, Y, Z w) where B, W € k1 and l € O*h
there is no efficient algorithm to computer .
Hence, the proposed scheme precludes opponents from sending false direction-finding messages, garbling genuine routing
messages, and masquerading authenticated nodes. The scheme is thus immune to the following shared routing attacks, with
inconsequential or deprived of modifications or improvements: Spoofing and Sybil Occurrences: With this type of occurrences, an
challenger node attempts to take over the identity of additional node. These attacks can be prevented by substantiation feature of
the cryptographic scheme.
Due to wireless communication features of MANETs, an adversary may eavesdrop and analyze traffic in the air. These types of
attacks are prevented by confidentiality feature of the scheme. This is disallowed by honesty feature of the scheme. Greatest and
reiterationOccurrences: A node can record a communication or a packet from some place and replay it anywhere else, or record a
package at some time and replay it sometime later. Greatest and replay occurrences on message level are not obtainable in the
proposed KO–PR incorporated background, subsequently every packet is retained and verified and there is no opportunity to
replace a memorandum in a container. If we only signed the communications but not the containers, the challenger would be able
to apply record and replay occurrences by exchanging a message with a verified valid message. On packet level, the enemy may
record and replay aperfect packet which contains sin proper routing communications.
To notice an out of date direction-finding communication, we can include in the contracted direction-finding communications time
based material. To detect a local routing message dispersed out of neighborhood is similar to noticing wormhole occurrences, we
can use position based information as is to be designated in Wormhole Occurrences. Wormhole Occurrences: In wormhole
occurrences, opponents can conspire to transport routing packages out of band. In a routing package, there are two types of routing
messages: the local messages and the global messages. The global messages are meant to be propagandized to all nodes; so
wormhole attacks to these messages are not harmful, but actually favorable.
Only messages that are meant to be exchanged locally, for example, neighbor advertisement, should not be distributed out of
neighborhood. To detect the local routing messages distributed out of neighborhood, we can use time based method and location
based method. Time based method if precise timestamps is available in routing messages; our KO–PR framework has them signed
in the message by the message originators. In our scheme, when a node receives a packet R’ from node N, it verifies the signature
in the way described below:
Calculate L = l (R’), and L
Calculate ^
(R, ) = ^
(R, (L + r) ) =X^ ( ,(L +r +))
If the signature is valid, it further processes messages in the packet. It checks message header, and accepts messages destined to it,
and re-broadcasts messages to others if any. In addition, we have considered measures to address weaknesses and limitations of
IBC in this scheme, such as Identity Disclosure, Key Escrow and Identity Revocation Difficulty. The scheme is compatible with
these measures as explained in our previous papers [13–16].
4. RESULTS AND DISCUSSION
We appraise the broadcast overhead of protected routing protocol, compared to standard OLPR. The average size of a standard
HELLO packet is 488 + 40n bits, and of a standard TC packet is 384 + 32n bits, where n is the number of advertised neighbors of
this node, considering the IPv4 header (160 bits), the UDP header (64 bits), and the OLPR packet header (32 bits + 96 bits per
message) [8,11]. We assume each OLPR packet contains only HELLO or TC messages. This is the worst case scenario, as
including more control messages in a packet would reduce the overhead. In the proposed scheme, a signature is a point on an
elliptic curve. To save space, we can transmit only the x coordinate and a sign bit. The overhead added by a packet signature is
513 bits with 512-bit IBC, and 257 bits with 256-bit IBC.
Fig.1: Mobility Speed vs Packet Delivery Ratio
4. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://ijiris.com
_________________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 38
Fig.2: Mobility Speed vs Throughput
Fig.3: Mobility Speed vs Control Overhead
Fig.4: Mobility Speed vs Delay
5. Conclusion
In this broadside, we suggest a novel important organization and protected direction-finding scheme without inters dependency to
each other. We demonstrate the refuge of the scheme hypothetically and determine the efficiency of the scheme with applied
simulation and compared with DSDV, DSR, SODV and MAODV, with the metrics Packet Delivery Ratio, Throughput, Control
Overhead and Delay. This arrangement brings these aids: compared to symmetric key solutions, it has more functionality resulting
from unequal keys, and is more protect due to use of node-specific broadcast key instead of only 1 group transmission key, and has
less solutions to store per node due to use of a symmetric keys instead of pair wise symmetric keys; equated to PKI solutions, the
storage and communication supplies are lower due to IBC belongings; compared to aforementioned IBC solutions, it has no KO–
PR inters dependency cycle problem, and is resistant to insider attacks and mobile occurrences and many other direction-finding
occurrences. Also the proposed protocol DPKO performs better than the existing protocols namely DSDV, DSR, AODV and
MAODV. It’s a common thing that the data packet which secured takes much bandwidth and energy. But the proposed protocol
consumes less bandwidth and energy when compared with the other. The consequence of this exertion presents a practicable
produced explanation to a wide variety of MANETs where the PKG produces and distributes initial organization limitations to all
nodes, substantiates the individuality of a node and dispenses an initial private key to it.
5. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://ijiris.com
_________________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 39
Reference
[1] J.V.D. Merwe, D. Dawoud, S. McDonald, A survey on peer-to-peer Key organization for mobile ad hoc networks, ACM
Comput. Surv. 39 (1) (2007) 1–45.
[2] S. Zhao, A. Akshai, R. Frost, X. Bai, A survey of applications of identity-based cryptography in mobile ad-hoc networks, IEEE
Commun. Surv. Tutorials Early Access (2011) 1–21.
[3] H. Deng, A. Mukherjee, D.P. Agrawal, Threshold and identity-based key management and authentication for wireless ad hoc
networks, in: Proc. ITCC, IEEE, 2004, pp. 107–111.
[4] H. Deng, D.P. Agrawal, TIDS: threshold and identity-based producedscheme for wireless ad hoc networks, Ad Hoc Netw. 2
(3) (2004) 291–307.
[5] S. Zhao, A. Aggarwal, Against mobile attacks in ad-hoc networks, in: Proc. International Conference on Information Theory
and Information Security, IEEE, 2010, pp. 499–502.
[6] H.-Y. Chien, R.-Y. Lin, Identity-based key agreement protocol for mobile ad-hoc networks using bilinear pairing, in: Proc.
Sensor Networks, Ubiquitous, and Trustworthy Computing, IEEE, 2006, pp. 520–529.
[7] H.-Y. Chien, R.-Y. Lin, Improved id-based producedframework for ad hoc network, Ad Hoc Netw. 6 (1) (2008) 47–60.
[8] A. Khalili, J. Katz, W.A. Arbaugh, Toward secure key distribution in truly ad-hoc networks, in: Proc. SAINT Workshops,
IEEE, 2003, pp. 342–346
[9] A. Shamir, How to share a secret, Commun. ACM 22 (1) (1979) 612– 613.
[10] S. Zhao, A. Aggarwal, General-purpose identity hiding schemes for ad-hoc networks, in: Proc. International Symposium on
Intelligent Ubiquitous Computing and Education, IEEE, 2009, pp. 349–353.
[11] S. Zhao, A. Aggarwal, PAPA-UIC: a design approach and a framework for secure mobile ad hoc networks, J. Secur.
Commun. Netw. 3 (2010) 371–383.
[12] B.-N. Park, W. Lee, ISMANET: a secure routing protocol using identity-based signcryption scheme for mobile ad-hoc
networks, J. IEICE Trans. Commun. (2005) 2548–2556.
[13] B.-N. Park, J. Myung, W. Lee, ISSRP: a secure routing protocol using identity-based signcryption scheme in ad-hoc
networks, in: Proc. 5th International Conference on Parallel and Distributed Computing, LNCS, Springer, 2004, pp. 711–714.
[14] L. Zhou, Z.J. Haas, Securing ad hoc networks, J. IEEE Netw. 13 (6) (1999) 24–30.
[15] G. Li, W. Han, A new scheme for key management in ad hoc networks, in: Proc. 4th International Conference on Networking
Proceedings, LNCS, Springer, 2005, pp. 242–249.
[16] W. Lee, W. Sriborrirux, Optimizing authentication mechanisms using ID-based cryptography in ad hoc wireless mobile
networks, in: Proc. Information Networking, Networking Technologies for Broadband and Mobile Networks, LNCS, Springer,
2004, pp. 925– 934.