A Survey on Key Management of Identity-Based Schemes in Mobile Ad Hoc Networks
Total Page:16
File Type:pdf, Size:1020Kb
Journal of Communications Vol. 8, No. 11, November 2013 A Survey on Key Management of Identity-based Schemes in Mobile Ad Hoc Networks Kuo Zhao, Longhe Huang, Hongtu Li, Fangming Wu, Jianfeng Chu, and Liang Hu Jilin University, Chang Chun 130012, China Email: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—In mobile ad hoc networks (MANETs), the research scarce resources, and selfish nodes can drop data packets on key management of identity-based scheme is attracting more of other nodes. and more attention. In this paper, we study on four types of Cryptographic schemes with key management are identity-based schemes which resist key escrow problem at employed to provide a general design framework for different degrees, and introduce several schemes for each type. Then, we give an overview of the characteristics of their key secure MANETs. Traditional cryptographic systems can management, and made a summary of key generation and be divided into symmetric and asymmetric ones, distribution. Subsequently, to build a more secure identity-based depending on the way they use keys [4]. In symmetric scheme for MANET, we recommend some techniques to schemes, the secret keys must be shared either by a improve security and availability of its key management. secure pre-established channel or before network Finally, we point out some problems of identity-based schemes formation. If an attacker compromises the symmetric key in MANETs, which are not addressed and we will explore in the of a group of users, then all encrypted messages for that future. group will be exposed. Therefore, traditional symmetric Index Terms—MANETs, identity-based cryptography, key schemes are difficult to apply in MANETs. [5] The key management management schemes of traditional asymmetric schemes are usually based on Public Key Infrastructure (PKI). The success of certificate-based PKI depends on the I. INTRODUCTION availability and security of a Certificate Authority (CA), A mobile ad hoc network (MANET) is a cooperative a central control point that everyone trusts. In a MANET, wireless network of mobile hosts (which we call nodes or nodes have non-negligible probability to be compromised users) that can communicate with each other without any for the resource limitations of wireless devices and centralized administration or preexisting infrastructure [1], relatively poor physical protection. Once CA is [2]. The nodes of network operate both as communication compromised, the security of the network would be end points as well as routers, enabling multi-hop wireless subverted. Another obstacle of using PKI’s in MANETs communication. Because of the rapidity, self-organizing, is the heavy overhead of transmission and storage of self-configuring and low cost for forming network, Public Key Certificates (PKCs). [6] MANETs have attracted a lot of attention from both the As a powerful alternative to certificate-based PKI, research and industry communities, which are extensively identity-based cryptography (IBC) [7], [8] allows public employed in military, vehicle networks, disaster relief keys to be derived from entities’ known identity and emergency, where geographical or terrestrial information, thus there is no requirement of CA and constraints demand totally distributed networks. PKCs. Recent decade, IBC has attracted more and more However, due to the wireless, bandwidth-limited, attention from researcher, and a number of identity-based resource-constrained, and dynamic nature, MANETs are schemes [9]-[12] have been proposed. The advantages of more vulnerable to security attacks [3] than their wired identity-based key management: reducing the cost of counterparts. Wireless communication, for example, is storage, computation and communication, make IBC open to interference and interception, and malicious more suitable for bandwidth-limited and resource- nodes might create, alter, or replay routing information to constrained MANETs. interrupt network operation. Moreover, malicious nodes An identity-based scheme needs a Private Key may inject bogus data into the network to consume its Generator (PKG) to identify the user’s ID and compute private key, which results single point of failure. Furthermore, there exits key escrow problem (inherent in Manuscript received June 15, 2013; revised October 24, 2013. identity-based cryptosystems), since PKG knows the This work was supported in part by the National High Technology Research and Development Program of China (Grant No. private keys of all nodes. Similar to the CA in PKI, once 2011AA010101), and the National Natural Science Foundation of China PKG is not credible, system won’t be able to ensure (Grant No. 61103197). communication non-repudiation if the compromised PKG Corresponding author email: [email protected]. doi:10.12720/jcm.8.11.768-779 pretends to be user to send messages. In order to ©2013 Engineering and Technology Publishing 768 Journal of Communications Vol. 8, No. 11, November 2013 eliminate or reduce the risks of key escrow problem, master private key SK and public key PK. several revised types of identity-based schemes have been Extract: takes system parameters, master private key, made using multiple authority approaches. But and an identity as input, and returns a secret private meanwhile, they also cause some other new problems. key sk corresponding to the identity. For example, traditional threshold identity-based schemes Encrypt: takes the master public key, the public key [13] weaken the key escrow problem by distributing the of the receiver node (derived from its identity), and PKG’s service to multiple nodes, but they need to have a the message as input, and returns the corresponding trust authority (TA) and provide the secure distribution of ciphertext. secret shares. Decrypt: takes the master public key, a ciphertext In this survey, we study on four types of identity-based and the personal private key as input, and returns the key management schemes which resist key escrow decrypted message. problem at different degrees in MANETs: traditional PK threshold identity-based schemes, Secrete Shares as PKG Private Keys (SSPK) identity-based schemes, Upon receiving ID certificateless schemes, and hierarchical identity-based receiver schemes. Then, we discuss the approaches, strengths, and pkreceiver skreceiver weaknesses of key management of these schemes, and provide a comparison between their main features. The remainder of this paper is organized as follows: Ciphertext Message Encrypt Decrypt Message Section II presents an overview of some background knowledge. Next, we describe the multiple identity-based Sender Receiver key management schemes in section III, and then we present a comprehensive picture and discuss their Figure 1. Identity-based encryption strengths and weaknesses in following section. The final section draws our conclusion. In an IBS scheme, the singer first obtains a signing private key associated with its own identity from the II. PRELIMINARIES PKG. It then signs a message using the private key, and In this section, we start from reviewing the brief the verifier verifies the signature using the signer’s public history and basic concepts of IBC, and subsequently key. An IBS scheme can also be described using four introduce an identity-based encryption (IBE) scheme and randomized algorithms [14], [15]: Setup, Extract, Signing, an identity-based signature (IBS) scheme based on the and Verification. The former two steps are same to Setup bilinear pairing, a computational primitive widely used to and Extract of an IBE scheme. (Fig. 2 illustrates a build up various identity-based cryptographic schemes in schematic outline of an IBS scheme.) the current literature. Then we will present the basic idea Signing: uses own private key to create a signature of threshold cryptography, and describe one classical (t, n) on the message. threshold cryptography. Verification: takes the master public key, the signature, the message and the public key of sender A. Identity-Based Cryptography as input, checks whether the signature is a genuine As mentioned earlier, in the IBC, the public key/secret signature on the message. If it is, returns “Accept”. key pair is generated by a PKG service, and the public Otherwise, returns “Reject”. key based on the own identity is assumed to be known by PK everyone. The idea of IBC was first proposed by Shamir PKG [8] in 1984. Over years, a number of researchers tried to propose secure and efficient identity based encryption Upon receiving IDsigner algorithms, but with little success. Boneh and Franklin [7] presented first fully functional, efficient and provably sksigner pksigner secure IBE scheme in 2001. At the same year, Boneh, Lynn and Shacham [14] proposed a basic IBS scheme Message||Signature Accept using pairing. Message Signing Verification Or In an IBE scheme, the sender can use the receiver’s Reject identity of public key to encrypt message, and the Signer Verifier receiver can decrypt the ciphertext by his own private key Figure 2. Identity-based signature obtained from the PKG according to his identity. The functions that compose a generic IBE are specified by the Currently, most of IBC schemes for MANETs are following four randomized algorithms [13], [15]. (Fig. 1 based on the bilinear pairing technique and assumptions illustrates a schematic outline of an IBE scheme.) of hard problems in elliptic curves. Let G1 and G2 denote Setup: takes a security parameter and returns