| Mobile ad hoc networks (MANET) are more vulnerable to security attacks thantraditional wired networks due to their wireless channels, limited bandwidth, limitedresources and dynamic topology. Key management is the most essential issue and also one ofthe hotspots in MANET security research, because key management is the foundation ofencryption and authentication mechanisms which are used to protect the security of networkrouting, on-demand communication, and group communication.One part of current research on key management mechanism of MANET is focus onPKI/CA mechanism. However, its public key certificate management (including certificatesissued, storage, revocation), and the validity of the identification certificate also bringconsiderable computational and communication overhead. With respect to the PKI/CAtechnology, identity-based cryptography does not need the management or validity of publickey certificate, and makes great convenience for applications. In identity-based system, theprivate keys of all users are produced by a trusted private key generator (PKG) which holdsthe system master key. Thus, such a system will inevitably have an inherent defect: a singlepoint of failure as well as the key escrow problem. The combined share threshold or layeringtechnology solutions can weaken the key escrow problem, but cannot completely solve it.Motivated to overcome the key escrow problem in identity-based cryptography,certificateless public key cryptography and certificate-based cryptography are proposed. Incertificateless public key cryptography, each private key consists of two parts: a secret valuechosen by the user and a partial private key generated by the PKG/KGC, and public key isgenerated by its own private key and public parameters. In certificate-based cryptography,public private key pair is generated by its own, and the decryption key of each user consists ofindispensable parts, i.e., the private key selected by the user and the up-to-date certificateissued by the CA. Certificate-based cryptography does suffer from key escrow at the expenseof one of the biggest advantages in IBC, that is none-certificate management, but it is notapplicable to MANET where storage capacity is limited.We mainly focus on key management in MANET. Various existing public-keycryptography schemes are analyzed, then an efficient, fully distributed certificateless keymanagement scheme is proposed, taking into account the key management features of wireless ad hoc networks.The major contributions of this paper include:(1) At present, there is no general measure to judge the degree to solve key escrowproblem. This paper first proposes the concept of the degree of resistance to keyescrow (DRKE) to quantify the degree of resistance to key escrow.(2) According to the way of resisting key escrow, we analyze the degree and the principleof resistance to key escrow of existing schemes. Then we give an overview of thecharacteristics of their key management, and make a summary of key generation anddistribution.(3) After analyzing the key management deficiencies of Li et al. CLPKKM scheme, wepropose a fully distributed system private key generation, master private key sharerefreshing and improved key agreement. The improved key management scheme isfully based the nodes of network themselves without the support of trust center.Improved key agreement not only resists the middle attack, but also reduces theamount of computation. |
PDF Full Text Request