Cluster Based Key Management Scheme In Wireless Ad Hoc Network Without Trusted Center

Ad Hoc network is a multi-hop temporary autonomous system consisting of a group of mobile terminals with wireless receiving and transmitting device. Thanks to its characteristics of easy construction and supporting mobile users, Ad Hoc network has been widely used in real applications. However, due to the characteristics of non-fixed fundamental facilities, limited computational resources, dynamic topological and no center etc, it is vulnerable to attacks. Therefore, it is worthwhile to design of a secure, efficient and flexible key management scheme to ensure the security for Ad Hoc networks.This paper presents a new cluster based key management scheme without trusted center. The proposed scheme is based on a model with double-layer topological structure, and can manage the whole process from key generation to key destroy. It consists of several algorithms such as system initialization, session key generation, node joining and cancelling, key update, etc. The system initialization algorithm is one of the innovations in this paper: the distributed system key is generated by all of the core nodes instead of distributing by the Key Distribution Center (KDC). Thus it not only ensures the network's property of no trusted center, but also resolve the single point of failure problem. The generation of public/private keys for the nodes uses the technologies of elliptic curve cryptosystem (ECC), bilinear pairing, short blind signature and so on, which can effectively solve the trust problem for cluster nodes, and require less computational cost and communication overhead. The generation of session key involves the technology of group key agreement, which integrates the advantages of centralized management and distributed management, and hence improves the network expansibility and the efficiency of group key updates. In addition, the group key consistency management mechanism is added, so that it can prevent the inconsistency of network splitting key update due to the members moving and unreliable network transmission. The node joining and cancelling algorithms are also added to fit for the dynamic network topological. Furthermore, since it is impossible to totally prevent the intrusion during the system running, this paper introduces the mechanism of intrusion tolerance, which can choose the best key update strategy according to the response price and system security, so that the system can continue to provide services even if the intrusion is happen. This can be viewed as another innovation of this paper.Finally, the analysis of correctness, security and efficiency as well as the comparison with other schemes indicate that, the proposed scheme not only achieves the features of no center and fully self-organization in wireless Ad hoc network, but also enjoys the advantage of good expansibility. In addition, the proposed scheme can efficiently save the network communication overhead and computational cost, and at the same can ensure the security for wireless Ad hoc networks.