Criptography approach using magnetsDocument Transcript
A Cryptographic approach for MANET’sMrJ.C.Lokanath1, Mr. M. Shiva Kumar2, Dr. K. Krishnamoorthy3, Ms.R.Subalakshmi41III/I Sem/Dept of IT/Kuppam Engineering College,/Kuppam/A.P2Resarch Scholar/Dept of CSE/Karpagam University/Coimbatore/T.N,3Professor/cse/sona college of technology/salem/T.N.4Asst. Prof/IT/Kuppam Engineering College/Kuppam/A.PEmail-id : email@example.com, Phone: +91-9449611552AbstractSecurity of mobile ad hoc networks isbuilt upon a reliable key management system togenerate and distribute symmetricencryption/decryption keys for communicatingparties. While central servers generate anddistribute the keys in traditional wired networks,Distributive key management systems are used inmobile ad hoc networks where central approacheswill fail in such dynamic, high mobility networks.Threshold cryptography1 has been proposed toprovide a reliable, distributive key management fornetworks. In an (n, t+1) threshold system, there aren servers to provide key generation anddistribution when needed for the whole network.From these n servers, any x servers (t<x≤n) canco-operate and generate a key for any node. Untilnow, threshold cryptography has remained only atheory. No practical key management system hasbeen proposed to use threshold cryptography thatmentioned what kind of shares servers will have incommon and the practical way of creating the keyfrom these shares. In this paper, we will constructa practical (n, t+1)-threshold key managementsystem using maximum distance separable codes(MDS). Index Terms—ad hoc networks, MDS code,mobile security, symmetric key, thresholdcryptography.Keywords : MANET, Kerberos, MDS,TTP, SKGS, Reed Solmon code.1. IntroductionMobile ad hoc networks(MANETs) are new paradigms in wirelesscommunication. A MANET is anautonomous system of mobile nodesconnected by wireless links. Each nodeoperates not only as an end system, butalso as a router to forward packets onbehalf of others. The nodes are free tomove and organize themselves into adynamic network. A MANET does notrequire any fixed infrastructure such asbase stations, and therefore, it is anattractive networking 1We will use theterm threshold cryptography and (n, t+1) -threshold cryptography interchangeably.Option for connecting mobile devicesquickly and spontaneously toenvironments such as military battle fieldsand rescue operations. Networks securityis an important factor in constructing anynetwork. In traditional wired networks,central servers are available to providesecurity services for the users inside thenetwork system. In Kerberos, a centralserver will generate the keys and distribute
them securely to the nodes in the network.In MANETs, absence of fixedinfrastructure creates new challenges insecurity measurements. Secure mobilenetwork necessities like privacy,authentication, integrity and non-repudiation rely on secure keymanagement framework. For MANETs,the existence of a secure key managementprotocol is a prerequisite for networkestablishment. Central key managementprotocols based on trusted third party(TTP) technology works well fortraditional wired networks, because all thenodes can access the TTP to retrieve thekey needed for communication with anyother node. In contrast, due to mobility andtopology changes, mobile networks cannotrely on central approaches: onlydistributive key management protocols(e.g., threshold key managementprotocols) can operate in such mobilenetworks efficiently. The thresholdapproach for key Management assignsnumber of nodes to be servers. Anynumber of these servers greater than thethreshold value can co-operate to generatekeys for any node in the network. Bloom proposed a distributed symmetric keygeneration system (SKGS) based on thekey redistribution scheme. In SKGS, acentral server is responsible for thecreation and distribution of nodal keychains. Nodes can derive any future keyfrom the key chain they received from themain server. SKGS provides securityagainst cooperative malicious attacks: toretrieve the key of the node the attackerhas to compromise a minimum number ofnodes (t+1), and with any number less thant+1, the attacker can not retrieve the keychain for the attacked node. The mainproblem in the SKGS approach is thesingle point of failure of the central server:if an attacker compromises the centralnode, all the keys it has can be retrieved,and the security of the network is exposed.Threshold cryptography  is a proposedcryptography scheme suited for mobilenetworks to provide robustness anddefense against single point of failure inthe central server. In thresholdcryptography, the central server unction isdistributed among a group of servers.When one of these servers is compromisedor fails, the rest of the group can take placeof this single server. This distributionprovides a co-operative security model androbustness against the single point offailure. The main drawback in thresholdcryptography is the difficulty in applyingthe distributive function. Until now, therehas been no practical security model thatcould use threshold cryptographyefficiently. In this paper we will propose adistributed co-operative key managementsystem to generate and deliver the keysbased on SKGS and threshold
cryptography. This paper is organized asfollows. Section 2 gives an overview ofthe MDS code that will be usedextensively in this paper. Thresholdcryptography will be defined in section 3.Section 4 summarizes the previous work.Section 4 proposes our approach.Conclusion and future work will come insection 6.2. Maximum Distance Separable(Mds) CodesCoding theory and its applications havelong been used extensively in thecommunication field to provide paritychecking and an error detectionmechanism. In coding theory, we define“code” as a group of code words withknown length, such that the mappingbetween the data we are going to transmitand the code words is a one-to-onefunction . If we have data mi of lengthk, by using codes, we can convert it to acode word ci with length n, where n > kusing some defined encoding scheme. Thecode word ci will have n − k redundantelements. Those elements are used forparity checking and error detectionpurposes on the decoding side. We definethe distance d of the code C [n, k] as thenumber of different elements between anytwo code words. Singleton  found thatthe minimum distance for code C [n, k]must satisfy d(C) ≤ n−k +1. WhenSingleton bound is at maximum (i.e., d(C)= n−k+1), the code C [n, k] will be anMDS code. MDS codes are a class of errorcontrol codes created to deal with theproblem of communication over a noisychannel, where some of the bits of themessage may be corrupted on route. Suchcodes are used in cryptography and codingtheory applications  . The MDS codesatisfies the Singleton Bound requirement. The value of distance ddetermines the maximum error t that canbe corrected using this code (d ≥ 2t+1).We can view MDS codes as a linearindependent set of vectors that form asubspace in the vector space GF (qk). Thebasis of these vectors can form thegenerator matrix (G) for that MDS code.All MDS code words (i.e., the key chainsfor the nodes) can be generated using acarefully chosen special matrix called agenerator matrix G, a [n, k] - MDS codewith k rows and n columns. The relationbetween G and code words C can beexpressed asC = v.Gwhere v is the message represented as avector and C is the code word generatedfor that message v.Let C be a [n, k] linearcode in GF (qk) with minimum distance d.We can assume C to be MDS if thefollowing properties were satisfied :1) Generator matrix G for this code is anMDS code.
2) The code G_| dual to C is an MDScode.3) Any k columns of a generator matrix forG are Linearly independent.4) If a generator matrix for C is in standardform [I, A], then every square sub matrixof A is Nonsingular.5) Given any d (G) coordinate positions,there is A minimum weight code wordwhose non-zero Entries are in preciselythese positions. Using matrixtransformation on MDS code to generatecode C from a secret symmetric matrix D,each node does not need large amounts ofmemory space to save all its keys. Thesecurity of MDS codes relies on the ideathat all the columns of C are linearlyindependent and any coalition of less thank nodes can not retrieve the secret. Reedand Solomon  have found an equationto generate G matrix for any MDS-[n, k, d]in GF (qk) by using the value α which is aprimitive root of GF (q). Reed-Solomoncodes are very common MDS codes in thecommunication world. They are famousfor their optimized generator matrix G inGF (q). Using α, which is a primitive rootof q (i.e., ax ≡ 1 mod q, the least value ofx is q-1), we define the generator matrixfor Reed-Solomon codes asGi,j = α(i−1)(j−1) mod q.3. Threshold CryptographyThe basic idea of threshold cryptographyis to protect encryption keys by making agroup of nodes (servers) to co-operate toprovide fault-tolerant distribution of keyswithin the security model. Thresholdcryptography allows one to distribute apiece of secret information (keys) amongseveral servers in a way that meets thefollowing two requirements:1) No group of compromised servers(smaller than a given threshold) can figureout what the secret is, even if theycooperate.2) When it becomes necessary that thesecret information be reconstructed, anylarge enough Number of servers (a numberlarger than the Above threshold) canalways do it. The primary objective ofsharing of a key by multiple servers(shareholders) in threshold cryptographysystem is to have distributed architecturein a hostile Environment. Other thansharing keys or working in a distributedmanner, threshold cryptography can beimplemented to redundantly split themessage into n pieces s much that with t ormore pieces the original message can berecovered. This ensures secure messagetransmission between two nodes over nmultiple paths. An (n, t + 1)-thresholdcryptography scheme allows n parties toshare the ability to perform a
cryptographic operation (e.g., creating adigital signature), so that any t + 1 partiescan perform this operation jointly, while itis infeasible for at most t parties to do thesame operation even by collusion. In ourproposed key management scheme, the nservers of the key management serviceshare the ability to create the key chain forthe node. For the service to tolerate tcompromised servers, we employ an (n,t+1) threshold cryptography scheme anddivide the secret symmetric matrix D. Thematrix is used in conjunction of thegenerator matrix of the MDS code togenerate the key chains for the participantnodes in the network into n shares (s1, s2,……, sn), assigning one share to eachserver. We call (s1, s2, ……., sn) shares ofthe secret matrix D. In order for a node tohave its key chain, it will ask t+1 on nshareholder to generate a partial share ofthe key chain. Each one of those k serversgenerates a partial sum for this key chainand sends it to the sender, who will in turnperform the operation of complete keychain retrieval from these partial sums.4. Previous WorkBloom proposed a symmetric keygeneration system (SKGS)  based onsecret sharing systems. In SKGS, nodesare supplied with a relatively small amountof secret data that is used to derive all thenode’s keys. A central server (trustedauthority) generates a global matrix G ofsize k x n that is known to all the nodes inthe network, and a symmetric secret matrixD of size k x n. The central node calculatesthe key atrix for the network as K = (D .G) T. G. Because D is symmetric, K willbe also symmetric, for rows i and j in K,we have Ki,j = Kj,i. So, Ki,j is commonbetween the rows i, j. If row i is the keychain for node i, and row j is the key chainfor node j, the element Ki,j will be thesymmetric key betweenThem. Because G is known by all theparticipant in the networks, while externalnodes (malicious nodes) do not know thismatrix G, the central server delivers the ithrow of (D. G)T to node i. Upon reception,node I will calculates its key chain ki = ithrow of (D.G)T .G. This division of keygeneration into more than one step addsmore secrecy to their key chains, andmakes it harder for the intruder to retrieveany information about other nodes. Bloomshowed in his paper that by using SKGSscheme, at least k users have to co-operateto get any information about keys they donot have. Thus, any coalition of less than knodes can not reveal any informationabout the key chain of any other node. Theproblem of this approach is that it relies ona central point to do all the work, makingit vulnerable as a single point of failure.Another problem arising from key request
and delivery is that some nodes may not beable to reach the central server due toexistence of broken links or untrustworthyrouting information.5.Proposed ApproachThe assumptions we made and thenotation we will use are as follows: •Symmetric matrix D is of size k x k. •MDS code generator matrix G is of size kx n with k < n.• Number of servers is equal to n.• All the keys value is in GF (q).• Any node is able to reach k server whenit requests a key.• K denotes key matrix.In order to construct a practical keymanagement system for MANETs, weused Blom’s SKGS in conjunction withtheory of threshold cryptographic systems.In addition, we also used coding theory toovercome the shortcomings of centralapproaches in SKGS, and to provide apractical threshold cryptographic systemcapable of operating in a dynamicenvironment. In our proposed approach,each node will be provided with a group ofkeys (key chain) when it joins the network.This key chain will be used to derive allthe future keys for this node such that anytwo nodes can calculate symmetric keysbetween them based on these key chains.Key authority servers are distributedamong the network in a threshold way.There are n key authority servers with kthreshold value. Generator matrix (G) forthe MDS code used in our distributive keymanagement system (with code distanced=n-k+1) will be distributed among the nkey authority servers. Recall from MDScode properties that every set of k columnsin G are linearly independent. Thus, it isenough to know k columns of G toconstruct it . Now, any k servers chosenfrom the n authority serversAre capable of reconstructing G. Each ofthe n servers in the network will beinitialized with a column r of G during thenetwork setup, such that any k nodes cancollaborate with each other and reconstructG, while any number less than thisthreshold value k will not be able toreconstruct G. On the other hand, sincematrix D is known only to the authorityservers, regular nodes do not know anyinformation about D except what theyreceive from the servers during the keygeneration’s phase. Now, each of the nservers knows what is the secret matrix D,but knows only a part of G. When a nodedemands a key, it will initialize the keygeneration system, and k servers will beasked to communicate with. One serverwill be elected as a collector, and everyselected server (within the k group) willsend its share of G to the collector, who inturn will construct G and then calculate K
which contains shares from the otherservers. Since the key chain of node i willbe row i, the collector will send the keychain to node i.6. Conclusion and Future WorkIn this paper, we proposed adistributive key management systemsuitable for ad hoc networks. Based onthreshold cryptography and MDS codeswith SKGS, the proposed system isapplicable and practical. The future workwill include the simulation of the proposedapproach in addition to the study of theeffect of dishonest nodes on the security ofthe proposed system.BiographyThe Paper Entitled “ACryptographic approach for MANET’s”is a research paper prepared by Mr.J.C.Lokanath, III/I Sem Dept. of IT, KuppamEngineering College, Kuppam, A.P, underthe guidance of Mr. M .Shiva Kumar,HOD/Asst. Prof .Dept of MCA, KuppamEngineering College, Kuppam, A.P, Dr. K.Krishnamoorthy, Professor, Dept of CSE,Sona College of Technology, Salem, T.Nand Ms.R.Subalakshmi, AssistantProfessor ,Dept of MCA, KuppamEngineering College, Kuppam, A.P.References R. Blom, “Optimal class of symmetrickey generation systems”, Proc. of theEUROCRYPT 84 workshop on Advancesin cryptology: theory and application ofcryptographic techniques, p.335-338,December 1985, Paris, France. L. Zhou, Z. Haas “Securing ad hocnetworks ” , IEEE Network Magazine, vol.13, no.6, 1999. S. Yamiolkoski,“The Road toMaximum Distance Separable Codes ”,Lecture notes in projective geometry. I.S. Reed, G. Solomon, “Polynomialcodes over certain finite fields”, Journal ofthe Society for Industrial and AppliedMathematics (SIAM), vol. 8, no. 2, pp.300-304, 1960. A. Jeffrey, “Advanced EngineeringMathematics” , ISBN 012382592X,Academic Press Publisher, London, 2001. L. Xu, “A general encryption schemebased on MDS code”,Proceedings of IEEEInternational Symposium on InformationTheory, 2003. T. Matsumoto, H. Imai, “On the KeyPredistribution System: A PracticalSolution to the Key Distribution Problem”,A Conference on the Theory andApplications of Cryptographic Techniqueson Advances in Cryptology, vol. 293, pp.185-193, 1987.
 H. K. Kim, V. Lebedev, “On optimalsuperimposed codes” , Journal ofCombinatorial Designs, Vol. 12, Issue 2 ,pp. 79 91, 2003. 536