Article Preview
Top1. Introduction
To protect a network against attacks by using encryption, it is necessary that the nodes must share a secret key or have exchanged public keys. For unstable ad hoc networks, the encryption keys may have to be exchanged on demand without using previous negotiated secrets. Key establishment (Menezes, van Oorschot, & Vanstone, 1996) enables two or more users to get access to a common secret key, for later cryptographic use. Key transport or Key agreement methods are typically used to establish keys over electronic communications networks. When keys are transported, one entity generates the key to be shared, and the same is distributed to the other entity. When keys are agreed upon, both entities supply data that is used to determine a shared key so that no individual entity can predetermine it. The main focus of this paper is to develop 2P-NCKA (Two-Party Non-Central authority Key Agreement) protocol, applicable in situations where two users do not have contact to TTP and do not share any prior password or secret. On the other hand, MANET (Cheng et al., 2016; Swain, Pattanayak, & Pati, 2018) consists of several mobile nodes which communicate via wireless channels, and there exists no fixed infrastructure or centralized administration. Indeed, MANETs being a wireless network enables it more prone to active and passive attacks. Further to prevent these attacks the established key can act as symmetric key to ensure security services like integrity, confidentiality, and authentication. Lack of central administration nature of MANETs leads to the challenge of developing security protocols without support of central authority. The current protocol is very much appropriate for MANETs due to lack of central authority. It can also be used to establish a key between a user and TTP where Identity-based, certificateless protocols assume the presence of a secure channel between a user and TTP say private key generator (PKG).
The public key cryptography (PKC) protocols for key conformity, as shown in Fig. 1 can be of two kinds: Central Authority Dependent and Central Authority Independent. Central authority dependent AKAPs are further classified into Public Key Infrastructure (PKI), Identity Based Cryptography (IBC), Certificateless Cryptography (CLC) and Certificate Based Cryptography (CBC). All these techniques involve the use of TTP say PKI and CBC uses Certification Authority (CA), IBC and CLC uses Key Generation Centre (KGC). These protocols also use ECC (Elliptic Curve Cryptography) and pairing based arithmetic but with the support of central authority. Yet there are protocols with Password, ECC and pairing operations without the use of central authority and are called central authority independent AKAPs.
Conventional PKI (Wang & Cao, 2007) suffers from heavy certificate management involving certificate revocation whereas IBC suffer from the key escrow problem and CLC resolves these problems but requires a secret channel between user and KCG and CBC resolves all these issues. Alike PKI, CBC also suffers certificate managing but without certificate revocation; alike IBC, CBC derives the public key from user’s identity. However, as shown in Table 1, all these four kinds of AKAPs suffer from the use of central administration which is infeasible to establish in MANET environment.
Table 1. Limitations of existing mechanisms
Mechanism | Limitations for Ad Hoc Networks |
PKI | Use of TTP called CA leading to cumbersome certificate management |
IBC | • Every user must totally trust the TTP called KCG • Suffers from key escrow problem as the private key of a user is known not only to him but also to KCG • If KCG is compromised the private keys of all registered user’s under that KCG are revealed to the unauthorized users. • Existence of secure channels between KCG and participants or users for KCG to securely transmit the corresponding private key to each registered user. |
CLC | Except key escrow problem, all other problems of IBC retain in this mechanism |
CBC | Alike PKI, use of CA leading to cumbersome certificate management |
ECC | Assume the presence of Secure channel during registration phase |
Password | Presence of pre-shared password and/or secure channel |
Li (2011) Pairing | Man-in-the-middle attack in Sec. 4 |