Determining the Number of Accusations for Decision Making in Key ...

January 2016, Volume 3, Number 1 (pp. 63–72)

http://www.jcomsec.org Journal of Computing and Security

Determining the Number of Accusations for Decision Making in Key Revocation Protocol for MANET Maryam Zarezadeh a,∗ , Mohammad Ali Doostari a , Hamid Haj Seyyed Javadi a a Department

of Computer Engineering, Shahed University, Tehran, Iran.

ARTICLE

I N F O.

Article history: Received: 10 August 2014 Revised: 22 December 2014 Accepted: 20 January 2017 Published Online:

Keywords: Ad Hoc Network, Key Revocation, Accusation Packet, Key Management.

ABSTRACT Considering the dynamic and wireless topology of the mobile ad hoc networks (MANETs), the implementation of security in such networks is an important problem. Key revocation is a solution for this challenge which prevents the continuous presence of the attacker in the network and disclosure of confidential information. In some suggested key revocation protocols such as Liu et al.’s scheme, each node monitors the network and will send an accusation packet to the authority center if it receives a suspicious behavior from the neighboring nodes.Then, the authority center decides to revoke the key of the accused node based on the number of received accusations. Due to the fact that the participation of the nodes is time consuming, the threshold for the number of accusations is an important factor for key revocation procedure. In this paper, a stochastic model is presented to determine the optimal threshold for the number of accusations and the appropriate time for decision making in the key revocation protocol. Based on some assumptions, the threshold parameter is used in key revocation scheme of Liu et al. and results are evaluated by simulation. Simulation results show that the proposed threshold for the number of accusation packets enhances the efficiency and effectiveness of the key revocation protocol for MANET. c 2016 JComSec. All rights reserved.

1

Introduction

Recently, the study of wireless networks has been considered an interesting problem in computer networks. Mobile ad hoc network (MANET) is a new type of wireless networks which includes mobile nodes. This network does not use any fixed infrastructure or centralized communication between the nodes. In fact, due to the mobility of the nodes, MANETs have inherently dynamic topology. In MANET, there is no phys∗ Corresponding author. Email addresses: [email protected] (M. Zarezadeh), [email protected] (M. A. Doostari), [email protected] (H. H. S. Javadi) c 2016 JComSec. All rights reserved. ISSN: 2322-4460

ical protection of transmission media and hence the network is under eavesdropping and vulnerable to attacks. Therefore, establishing the security of MANETs is an essential subject. A malicious node may corrupts a router node in MANET. So, a malicious node can cause interference in the network [1]. Several solutions such as cryptography were proposed for the security of MANETs. In critical applications of ad hoc networks, the active and passive attackers try to snoop on some private network information or destroy the network operations [2]. So, encryption keys are used to encrypt the exchanged data and to preserve the data confidentiality. Therefore, the encryption keys should be secret and the

64

Determining the Number of Accusations for Decision Making in . . . — M. Zarezadeh, M. A. Doostari, et al.

revoking of compromised keys should be possible. In such situation, designing a key revocation protocol is critical to maintaining the network security. The key revocation includes mechanisms for revoking the key of attacker node. If a node is detected as an attacker or a malicious node, it must be immediately removed from the network. In fact, the key revocation prevents the further presence of malicious node and the disclosure of the network confidential information. So far, a variety of techniques has been proposed for key revocation for MANETs. Some key revocation protocols are based on the interaction and opinions of adjacent nodes; see, e.g., [3, 4]. In these schemes, on detecting the attacks, MANET nodes will inform the presence of the attacker by sending accusation packets (APs). When the number of received APs reaches a threshold, the key revocation protocol acts based on the suggested policies. Therefore, in these methods, determining the threshold for the number of accusations and the time of policy application are important. In this paper, we consider the key revocation scheme of Liu et al. [4]. Then, the optimal threshold for APs for key revocation scheme will be investigated. The remainder of the paper is organized as follows. In Section 2, we review the researches on key revocation for MANETs. In Section 3, the details of the desired key revocation scheme are investigated. Section 4 describes the proposed model and suggests a proper threshold for APs and the appropriate time for decision making in a key revocation protocol. In Section 5, the results are illustrated using the simulation of the key revocation based on the proposed threshold value. The paper is concluded in Section 6.

2

Related Work

In this section, we review some studies on the key revocation for MANETs. Luo et al. [3] introduced a key revocation method. The authors proposed that each node monitors the behavior of the neighboring nodes. If a node detects a malicious node, it should send a signed AP to the nodes within the m-hop distance. The receivers of AP then evaluate this packet and update their accusation lists. When the number of APs exceeds the threshold, the certificate of the malicious node will be revoked. The researchers in [5] have investigated the certificate revocation scheme for MANET. This scheme assumes that an online certificate authority (CA) distributes the corresponding certificate for each node before connecting to the network. The threshold-based method is used to revoke the keys and the certificate of the node will be revoked when the number of received APs exceeds a certain value. Luo et al. [6] presented a method which is called

“strong and ubiquitous access control (URSA)”.URSA uses a voting-based method to remove the attacker nodes from the network and the certificate of a new node is issued by the neighboring nodes. The certificate of the attacker node will be revoked based on the votes of the adjacent nodes. Each node monitors the network in a one-hop distance and exchanges the resultant information with other nodes. When the number of accusations exceeds the threshold, the certification will be revoked. Zhang et al. [7] suggested a key revocation scheme based on the identity-based cryptography (IBC) for MANETs. In this scheme, the offline key generation center (KGC) initializes each node with public/private key pairs before joining the network. In addition, there is an online KGC called the distributed key generation center (D-KGC) that consists of n nodes in the network. The D-KGC is responsible for key updating and key revocation. Each node monitors the behavior of its neighbors. If the monitoring node detects a malicious node, it will send an AP to the specified b D-KGC nodes. When the maximum number of APs reaches a certain amount, a group of nodes including k D-KGC nodes sign the revocation message. Hoeper et al. [8] have proposed a key revocation and key updating scheme. In this scheme, it is assumed that a bidirectional communication link is established between the nodes. Furthermore, each node has a unique identity (ID) and is aware of the IDs of other nodes within one-hop distance. Each node is able to monitor the behavior of other nodes and sends its observations to nodes within m-hop distance. If the minimum number of accusations reaches the threshold, the public key of the accused node will be revoked. Park et al. [9] proposed a cluster-based certificate revocation scheme and nodes are self-organized to form the clusters. In this scheme, a CA is responsible for managing the control messages and maintaining the accusing node and the accused node in a Warning List (WL) and a Black List (BL), respectively. The certificate of an attacker node can be revoked only by an adjacent node. In addition, to address the false accusation problem, a cluster head can remove a node from WL. In [10], the pair of public and private keys will be revoked after a specific period. The neighboring nodes verify a node in one-hop. The private key of verified node is detected as a compromised node based on the majority of votes. When a node detects the disclosure of its private key, it will inform all nodes. Liu et al. [4] suggested a revocation scheme in which an attacker key will be immediately revoked upon receiving the first accusation from other nodes. The scheme maintains two lists, BL and WL so that the malicious

65

January 2016, Volume 3, Number 1 (pp. 63–72)

nodes can not present themselves as legitimate nodes. If a CA receives more than a specific number of accusations against the attacker, then it will remove the accuser node from WL. Researches proposed other key revocation schemes for ad hoc network; see [11], and [12].

Node join YES

Be CH Can be CH?

As seen in the aforementioned research works, the threshold for APs is a significant factor for some key revocation protocols and the performance of revocation procedure depends on this parameter. In the sequel, Liu et al.’s scheme [4] is considered and an appropriate threshold value of APs is determined based on a stochastic model.

3

NO

Wait X seconds

Are there more than 1 CHs in its neighter?

Details of the Key Revocation Scheme

Our purpose is to determine the threshold for the number of APs for key revocation in MANETs. Hence, the key revocation scheme of Liu et al. [4] is considered. We assume that the network nodes are able to detect the attacks within their transmission range. In other words, the attacks such as wormhole attack [13] and SYN flooding attack [14] are considered. These attacks can be detected by neighboring nodes of the attacker. In the key revocation mechanism, the key of the attacker is revoked only with one AP from the neighboring nodes. This scheme consists of a WL for separating malicious nodes from legitimate nodes. The nodes in BL are removed from the network and their corresponding keys are revoked. The nodes in WL can communicate with other nodes but they can not send APs. In the key revocation scheme, we use IBC system and the KGC is responsible for key distribution and key revocation. This paper focuses on key revocation issue and does not consider key distribution. So, it is assumed that all nodes have received the public and private key pair from KGC before joining the network. Upon receiving an AP, KGC adds the ID of accuser node to WL. The KGC removes the accuser node from WL when the number of APs reach a threshold. The optimal threshold for APs and the appropriate time to remove a node from WL are determined based on the proposed model. 3.1

NO

Nodes Clustering

In the key revocation scheme, nodes are discriminated according to their behavior. The normal nodes have high trustworthiness, the warned nodes are suspected as potential attackers, and the attacker nodes have been accused by the normal nodes. Warned nodes and attacker nodes are listed in the WL and the BL, respectively. The key revocation scheme uses node clustering. By classifying nodes into clusters, a cluster head (CH) monitors its cluster members (CMs) and

YES

Select 2 CHs randomly

End of join algorithm

Figure 1. Node Join Algorithm [9].

detects any false accusation [9]. So, clustering is a solution to reduce false accusations because the CH monitors their CMs and each CH knows which CM executes attacks within its transmission range. Each cluster consists of one CH and several CMs in the transmission range of CH. Some CMs may not be a member of a cluster which the CMs are within its transmission range but be the member of another cluster. Only normal nodes with high trustworthiness can be a CH. When nodes join the network, they are assumed to be normal nodes. Each node except the CH node belongs to two different clusters. Therefore, the risk of CH absence due to node mobility decreases. To maintain the clusters, CH and CMs continuously confirm their presence by exchanging messages. In other words, the CH periodically broadcasts a CH Hello packet to the CMs which are within its transmission range and each CM replies with a CM Hello packet. Figure 1 shows the algorithm for joining a node to a cluster. It is possible that a new node becomes a CH with a fixed rate. A new node searches the CH nodes. If there are more than two neighboring CH nodes, the CM randomly selects two CHs and will join them. Then, the CH sends a CM Hello packet to the CM. When a CM leaves the cluster, a similar procedure is executed to find new CHs. 3.2

Key Revocation Procedure

According to [4], the key revocation procedure begins with the detection of an attack. The attacker node attacks the network and the neighboring nodes detect

66

Determining the Number of Accusations for Decision Making in . . . — M. Zarezadeh, M. A. Doostari, et al.

the attacker node. Then, the neighboring nodes search their local BLs. If the attacker ID is not in the BL, the node sends an AP to KGC in the format that is shown in Figure 2a. It should be noted that each node can participate in key revocation procedure and send AP to KGC. When KGC receives the first AP, it validates the ID of the accuser to make sure that the accuser is not a member of the revoked nodes. Then, KGC puts the accused node as a malicious node in BL and it adds the ID of the accuser node to WL. The KGC finally broadcasts a key revocation packet in the format that is shown in Figure 2b. A revocation packet includes WL and BL. The nodes which are in BL, their keys are successfully revoked.

4

Determining the Number of Accusation Packets

This section investigates the key revocation scheme of Liu et al. [4]. Then, a model is proposed to determine the proper threshold for the number of APs. 4.1

Motivation

According to the previous section, some network nodes will be added to the WL in the key revocation procedure. These nodes can not participate in key revocation operations or send packets to KGC. Liu et al. [4] argued that the number of nodes in the WL increases with time and the number of network nodes may not be sufficient to detect other attacks. To cope with this problem, Liu et al. [4] suggested that if KGC receives a specific number of APs within the voting time, the accuser node will be removed from WL. Hence, Liu et al. [4] determined the threshold for the number of APs based on some assumptions. First, they estimated the number of neighboring nodes of each node based on the node density, transmission range and node velocity. They have called the resultant value N . Also, it is assumed that each node may send false accusation with a probability of p. Two policies are considered to determine the threshold value. The first one is to minimize the probability of falsely releasing a node from the WL and the other one is to maximize the probability of correctly releasing a node from the WL. Based on the mentioned assumptions and policies, they determined the threshold value as N 2. The method proposed by Liu et al. [4] to determine the threshold value for the number of APs has significant problems. As previously mentioned, they approximated that the number of neighboring nodes is equal to N . In other words, for reaching the threshold to N2 , the number of neighboring nodes around the attacker

within the voting period must be N . However the location of nodes changes due to their mobility and N nodes may not be within the transmission range of attacker. Furthermore, in this method determination of voting time is not specified. On one hand, if the chosen value for the voting time is high, the accuser node is placed in WL for a long time and the number of network nodes for detecting next attacks will decrease. On the other hand, if the voting time is shorter than the attack time, not enough network nodes will detect the attack and the number of APs does not reach the threshold. In this section, the stochastic model is proposed to determine the optimal value for APs threshold. In the method proposed by Liu et al. [4], the time interval between the reception of consecutive APs was not taken into account. One of the important aspects of proposed model is the time interval. Reception of APs with short time intervals means that the scope of the attack has increased and many nodes have detected the attack. Therefore, these nodes will send APs to KGC and KGC receives APs with short intervals. The probability of false accusation also decreases through receiving APs at short intervals. In other words, KGC can be confident about the accuracy of the accusation and it realizes that there is a serious attack in the network. So, the assumption of false accusation probability p in the Liu et al.’s method [4] is considered. In the proposed stochastic model, the time interval between the reception of two consecutive APs is taken into account and it is compared to parameter δ. Based on the key revocation method, upon receiving the first AP, KGC adds the accuser node to WL. If the time interval between the reception of two consecutive APs is less than δ, the KGC removes the accuser node from WL. Therefore, the proposed model is independent of voting time to count the number of APs. In addition, there is no limit to the number of neighboring nodes. In the following section, a proper value for APs threshold based on the stated assumptions is determined which is denoted by τ . Also, the time to remove the accuser node from WL is estimated proportional to this value. 4.2

Proposed Model

Some researchers have studied and modeled the attack process for MANETs. Wang et al. [15], Zhang et al. [7] assumed that the attacks occur based on Poisson process. Haibing et al. [16] also deduced that the attack process on MANET can be approximated by Poisson process. We also assume that the attacks occur based on the Poisson process. Moreover, the network nodes send APs to KGC upon attack detection. Hance, it can be infer that the KGC receives APs based on Poisson process. Before describing the details of the

67

Basic Data Block

January 2016, Volume 3, Number 1 (pp. 63–72)

83 bits

Nodes in BL

32 bits

Packet Type

3 bits

Sender ID

32 bits

3 bits

Packet Type

32 bits

Sender ID

32 bits

Data Information

8 bits

Number of Nodes in BL

8 bits

Number of Nodes in WL

-----

32bits

Accuser ID

32 bits

Accused ID

32 bits

32bits Nodes in WL

32 bits

Destination ID

32 bits

----

32bits

Data Information

(a) Accusation Packet [4].

(b) Key Revocation Packet [4]. Figure 2. Format of Packets.

P (Yi > δ) = e−λδ ,

Figure 3. Process of attack announcements.

proposed model, we present some notations in Table 1. The notations are introduced in the following. Suppose {N (t) , t ≥ 0} is the number of received APs in interval [0, t). {N (t) , t ≥ 0} occurs in a Poisson process at the rate of λ. N (t) = 0 means that the KGC receives no APs until time t. Consider Yi , i = 1, 2,. . ., indicates the time interval between the reception of (i − 1)th AP and ith AP. Also, Y1 , Y2 , . . . are independent, identical, and exponentially distributed with the following distribution: D(t) = 1 − e

−λt

,

t>0

(1)

If APk indicates the time of occurrence of kth AP, then APk is: APk =

k X

Yi ,

k = 1, 2, . . .

(2)

i=1

Hence {N (t) = k} if and only if {APk = t < APk+1 }. Figure 3 shows the process of attack announcements. In this model, we propose that Yi is compared to value δ. If Yi < δ, the node will be removed from WL. Probability of Yi is according to the following Equation (3):

P (Yi < δ) = 1 − e−λδ

(3)

Suppose N is a random variable that specifies the number of received APs to remove node from WL. According to equation (3), the probability of recieving n APs is:
n−1
P (N = n) = eλδ 1 − eλδ = q n−1 (1 − q), n = 1, 2, 3, . . . (4) In this equation q = e−λδ . Using geometric series the mathematical expectation E(N ) is calculated by Equation (5). E(N ) =

∞ X

nP (N = n) =

n=1

= (1 − q)

∞ X

nq n−1 (1 − q)

n=1 ∞ X

nq n−1 =

n=1

1 1 = (5) 1−q 1 − e−λδ

So on average, KGC removes the accuser node from WL after receiving 1−e1−λδ APs. Thus τ is equal to: τ=

1 1 − e−λδ

(6)

Suppose T indicates the time that KGC decides to remove a node from WL. Based on the proposed mechanism N (t) is the number of APs in [0, t) i.e., until time t. In this case, we have:

68

Determining the Number of Accusations for Decision Making in . . . — M. Zarezadeh, M. A. Doostari, et al.

Table 1. List of Notations Symbol Description

P (T > t) =

∞ X

τ

Threshold value of APs

δ

Time parameter for determining threshold value of APs

λ

Average rate of received APs

Yi

Time interval between reception of (i − 1)th AP and ith AP

P (T > t, N (t) = k)

k=0

= = =

∞ X k=0 ∞ X k=0 ∞ X

P (There are k APs and t isn’t the removing time)

Note that in calculation of probability (11), lackof-memory property in Passion process is considered. For more details refer to [17]. From Equations (10) and (11) we have: k

P (N (t) = k | Y ∗ >δ) P (Y ∗ >δ) =e−λt P (There are k APs and Y1 , Y2 , . . . , Yk > δ) P (There are k APs and min{Yi }ki=1 > δ) (7)

So, according to Equations (9) and (12), the probability P (T > t) is equal to:

k=0

P (T > t) =

If we consider the following equation:

=

∞ X k=0 ∞ X

P (N (t)=k,Y ∗ >δ) P (N (t) = k|Y ∗ >δ)P (Y ∗ >δ)

(9)

P (Y ∗ >δ) =P (Y1 > δ, Y2 > δ, . . . , Yk > δ) =P (Y1 >δ)P (Y2 >δ). . .P (Yk >δ)=e−kλδ (10) Also, the probability P (N (t) = k|Y ∗ > δ) is: P (N (t) = k|Y ∗ > δ) = P (APk ≤ t < APk+1 |Y ∗ > δ) k k+1 X X =P ( Yi ≤ t < Yi |Y1 > δ, . . . , Yk > δ) i=1

k k X X =P ( Yi ≤ t − kδ < Yi + Yk+1 )

=P (

Yi ≤ t − kδ
δ) and P (Y ∗ > δ). The probability P (Y ∗ > δ) is calculated according to Equation (10):

i=1 k X

(λ(t−kδ)) k!

It is known that between E (T) and P (T > t) the following relationship is established [17]. Z ∞ E (T ) = P (T > t) dt (14)

k=0

i=1

e−λt

(8)

Equation (7) will be expressed as: P (T > t) =

∞ X k=0

Y ∗ = min{Yi }ki=1

(λ(t−kδ)) k! (12)

(λ(t − kδ))k k!

(11)

Therefore, according to Equation (13) and (14) we have: 1 E (T ) = (15) λ(1 − e−λδ ) We will present the proof of E(T ) in the Appendix A. Thus on average, KGC removes the accuser node ID from WL after time λ(1−e1 −λδ ) . So, KGC removes ID of accuser node after time T . 1 T = (16) λ(1 − e−λδ )

5

Performance Evaluation

In this section, the threshold value τ in the key revocation scheme is considered and the scheme is simulated. A MANET is developed in an area of 1000m × 1000m in OMNET++ 4.3 simulator 1 . Nodes are developed in a random uniform distribution and they have a transmission power of 25mW. The routing protocol is ad hoc on-demand distance vector (AODV) [18]. The random way-point mobility model [19] is used to model the mobility of nodes with a pause time of 5 seconds. It is assumed that each node has a variable velocity between 1m/s and 10m/s. A new node 1

https://omnetpp.org/

69

January 2016, Volume 3, Number 1 (pp. 63–72)

1

Table 2. Network Simulation Parameters

Field

1000m×1000m

Maximum Transmission Power

25mW

Number of Nodes

80 nodes

Routing Protocol

AODV

Node Speed

1m/s-10m/s

Parameter δ

5 sec

Removing time

0.8

Value Time [sec]

Parameter

0.6

0.4

0.2

0 2

4

6

8

10

Value of δ [sec]

Threshold Value t

1.336

Simulation Time

Figure 5. Impact of δ on the Removing Time of Accuser Node

500 sec

1

Removing time

Time [sec]

0.8

0.6 0.4

0.2

0 10

12

14

16

18

20

22

24

Attacker rate [%]

Figure 4. Removing Time of the Accuser Node From WL.

becomes a CH with a probability 0.3. The CH and CMs periodically send Hello packets every 20 seconds. Table 2 shows the important simulation parameters. To calculate the threshold value τ based on Equation (6), we need to determine the average rate of received APs, λ. Also, the time interval between the reception of two consecutive APs must be compared with parameter δ. Hence, we consider the data of Kaaniche et al.’s research [20]. They deployed many honeypot platforms on the Internet and modeled an attack process. Based on data collected from honeypot which was placed in Germany, the attacks occurred with a rate of 0.276/sec. Therefore, according to this attack rate, the average number of received APs is set to λ= 0.276/sec. Moreover, the parameter δ is set to 5 seconds. So, according to Equation (6), the threshold value τ is equal to: τ= 5.1

1 1 = ' 1.336 −λδ −0.276∗5 1−e 1−e

Simulation results

The effect of threshold value τ on the key revocation scheme is investigated. Hence, the removing time of an accuser node from WL is evaluated and the results are shown in Figure 4. The removing time of a node from WL is equal to the difference between the time that KGC puts a node in WL and the time that the

node is removed from WL with receiving τ APs. As mentioned in the previous sections, upon receiving the first accusation, the KGC adds the ID of the accuser node to WL. This node can not participate in key revocation operations while its ID is in WL. Thus, the removing time is important. Therefore, the simulation is carried out with a variable number of attackers. In addition, the node velocity is set to 5m/s. In each simulation, the average of the removing time of a node from WL is measured. As the results in Figure 4 show, this time is short based on the attacker rate. Therefore, the accuser node remains in WL and is restricted from participating in network operations for short time. In the proposed model, the time interval between the reception of two successive APs is compared to parameter δ. The effect of the value of δ on the removing time of a node from WL is also examined. We run the simulation with 30 attackers and the values for δ are set to (2,5,10) seconds. In addition, the node velocity is set to 5m/s. Figure 5 shows that the removing time of a node from WL decreases with increasing the value of δ. In fact, a small value for δ means that the KGC removes a node from WL with the reception of APs after a short interval. In this case, many nodes should detect the attack and APs should be received with short time interval. Therefore, the accuser node remains longer in WL. If the value of δ is large, KGC decides based on receiving two consecutive APs with long time interval. So, a node is removed from WL after a short time of the beginning of the attack. The detection time is an important factor to evaluate the performance of a desired key revocation scheme based on Liu et al.’s scheme [4]. The detection time is defined as the time which attackers are detected and the related keys are revoked. To assess the effect the number of attackers on detection time, 80 legitimate nodes are used in the simulation while the attacker nodes exist in the network with a variable rate (5%25%). In order to compare the detection time, a votingbased scheme such as URSA [6] is applied. Figure 6 shows that the desired key revocation scheme detects

70

Determining the Number of Accusations for Decision Making in . . . — M. Zarezadeh, M. A. Doostari, et al.

90

80

Desired key revocation scheme

Detection time [sec]

70

Voting-based scheme [5]

60 50

40 30

20 10

0 5

10

15

20

25

Attacker rate [%]

Figure 6. Comparison of Detection Time. 14

Detection time [sec]

2m/s 12

5m/s

10

10m/s

8 6

4 2 0

10

12

14

16

18

20

22

24

Attacke rate [%]

Figure 7. Relationship Between Node Mobility and Detection Time.

the attacker nodes faster than a voting-based method such as URSA [6]. In the voting-based method, the number of APs must reach a certain value to revoke the attacker key. So, the detection time in URSA method is long. However, according to Liu et al.’s scheme [4], the key of the attacker is revoked upon the first AP. Furthermore, the effect of node mobility on the detection time is examined and the performance of the key revocation scheme is evaluated. Figure 7 shows that the detection time changes according to the mobility of nodes. Node velocity is set to 2m/s, 5m/s and 10m/s in simulation. As the results show, the detection time decreases when the node mobility increases. In fact, when the node mobility in MANET increases, the nodes will enter the transmission area of an attacker and they quickly detect the attack.

6

Conclusion

In this paper, we have investigated the key revocation as a significant problem in secure communications. In the methods of key revocation which are based on the collected opinions from network nodes, the required time for key revocation process depends on the number of received APs. So, determining the threshold for the number of APs and the decision time in revocation protocol are two important factors. For this purpose, a stochastic model has been proposed to determine the optimum value of the APs threshold. In this model, it has been assumed that the attack in

MANET is announced by sending APs and the time interval between receiving APs is also taken into account. The short time interval between the attack announcements implies that the number of attacks has been increased and hence many nodes will detect the attacks. When this time interval takes a value less than a certain amount, the key revocation policy will be applied. The proposed model is independent of the voting time in comparison with the voting-based key revocation methods. In addition, in proposed model there is no limit for the number of neighboring nodes. Based on this model, the threshold for the number of APs and the time of applying the specified key revocation mechanism is determined. The key revocation scheme of Liu et al. [4] is used to evaluate the proposed threshold for APs. Based on this scheme, the attacker key is revoked upon receiving the first AP and the accuser node is put in WL. When the number of accusations reaches the proposed threshold, the accuser node will be removed from WL. As the results show, the attacker is immediately detected and its key is revoked. Furthermore, according to the proposed threshold for APs, the accuser node remains in WL for a short time and resumes its activities in the network again. Thus, if the suggested threshold is applied in the Liu et al.’s scheme [4], the revocation process will accelerate and the number of false accusations will also decrease.

References [1] Yuh-Min Tseng. A scalable key-management scheme with minimizing key storage for secure group communications. International Journal of Network Management, 13(6):419–425, 2003. [2] Walter Fumy and Peter Landrock. Principles of key management. IEEE Journal on selected areas in communications, 11(5):785–793, 1993. [3] Haiyun Luo, Petros Zerfos, Jiejun Kong, Songwu Lu, and Lixia Zhang. Self-securing ad hoc wireless networks. In ISCC, volume 2, page 567. Citeseer, 2002. [4] Wei Liu, Hiroki Nishiyama, Nirwan Ansari, Jie Yang, and Nei Kato. Cluster-based certificate revocation with vindication capability for mobile ad hoc networks. IEEE Transactions on parallel and distributed systems, 24(2):239–249, 2013. [5] Claude Crepeau and Carlton R Davis. A certificate revocation scheme for wireless ad hoc networks. In Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, pages 54–61. ACM, 2003. [6] Haiyun Luo, Jiejun Kong, Petros Zerfos, Songwu Lu, and Lixia Zhang. URSA: ubiquitous and robust access control for mobile ad hoc networks. IEEE/ACM Transactions on Networking (ToN), 12(6):1049–1063, 2004.

71

January 2016, Volume 3, Number 1 (pp. 63–72)

[7] Yanchao Zhang, Wei Liu, Wenjing Lou, and Yuguang Fang. Securing mobile ad hoc networks with certificateless public keys. IEEE transactions on dependable and secure computing, 3(4), 2006. [8] Katrin Hoeper and Guang Gong. Key revocation for identity-based schemes in mobile ad hoc networks. In International Conference on Ad-Hoc Networks and Wireless, pages 224–237. Springer, 2006. [9] Kyul Park, Hiroki Nishiyama, Nirwan Ansari, and Nei Kato. Certificate revocation to cope with false accusations in mobile ad hoc networks. In Vehicular technology conference (VTC 2010Spring), 2010 IEEE 71st, pages 1–5. IEEE, 2010. [10] Jin-Hee Cho, Kevin S Chan, and Ing-Ray Chen. Composite trust-based public key management in mobile ad hoc networks. In Proceedings of the 28th annual ACM symposium on applied computing, pages 1949–1956. ACM, 2013. [11] Pallavi Khatri. Using identity and trust with key management for achieving security in Ad hoc Networks. In Advance Computing Conference (IACC), 2014 IEEE International, pages 271–275. IEEE, 2014. [12] Mengmeng Ge and Kim-Kwang Raymond Choo. A novel hybrid key revocation scheme for wireless sensor networks. In International Conference on Network and System Security, pages 462–475. Springer, 2014. [13] Viren Mahajan, Maitreya Natu, and Adarshpal Sethi. Analysis of wormhole intrusion attacks in MANETS. In Military Communications Conference, 2008. MILCOM 2008. IEEE, pages 1–7. IEEE, 2008. [14] Albandari Alsumayt and John Haggerty. A survey of the mitigation methods against dos attacks on manets. In Science and Information Conference (SAI), 2014, pages 538–544. IEEE, 2014. [15] Xun Wang, Wenjun Gu, Kurt Schosek, Sriram Chellappan, and Dong Xuan. Sensor network configuration under physical attacks. In Networking and Mobile Computing, pages 23–32. Springer, 2005. [16] Mu Haibing and Zhang Changlun. Security evaluation model for threshold cryptography applications in MANET. In Computer Engineering and Technology (ICCET), 2010 2nd International Conference on, volume 4, pages V4–209. IEEE, 2010. [17] Sheldon Ross. Stochastic processes, ser, 2008. [18] C. Perkins, E. Belding-Royer, and S. Das. Ad hoc On-Demand Distance Vector (AODV) Routing. RFC 3561, RFC Editor, July 2003. URL http: //www.rfc-editor.org/rfc/rfc3561.txt. [19] Tracy Camp, Jeff Boleng, and Vanessa Davies.

A survey of mobility models for ad hoc network research. Wireless communications and mobile computing, 2(5):483–502, 2002. [20] Mohamed Kaaniche, Yves Deswarte, Eric Alata, Marc Dacier, and Vincent Nicomette. Empirical analysis and statistical modeling of attack processes based on honeypots. arXiv preprint arXiv:0704.0861, 2007.

A

Proof of E(T ) in Equation (15)

R∞ It is well known that E (T ) = 0 P (T > t) dt. Then, according to Equation (13) we have Z ∞X ∞ k (λ(t−kδ)) dt (A.1) E (T ) = e−λt k! 0 k=0

For calculating the integral the indicator function can be used IA (x) which is defined as follows:  1 x∈A IA (x) = (A.2) 0 x∈ /A Mathematical expectation E(T) based on the equations (A.1) and (A.2) is equal to: Z ∞ E (T ) = P (T > t) dt 0

Z =

∞ ∞X

0

= =

k

e−λt

k=0

∞ X k=0 ∞ X k=0

1 k!

Z

(λ (t − kδ)) I[k,∞) (t)dt k!

∞

e−λt (λ(t − kδ))k dt

kδ

1 −kδλ e k!

Z

∞

e−λ(t−kδ) (λ(t − kδ))k dt

kδ

(A.3) To compute the integral, consider this variable change: u =λ (t − kδ) t : kδ → ∞ du =λdt

(A.4)

u:0→∞

By applying the Equation (A.4), the integral in Equation (A.3) converts as following: Z ∞ X 1 −kδλ ∞ −u k du E(T ) = e e u (A.5) k! λ kδ k=0

Based on a geometrical theorem, this relationship is satisfied: ∞ X pa px = , 0