398 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 1,JANUARY 2009 A Pyramidal Security Model for Large-Scale Group-Oriented Computing in Mobile Ad Hoc Networks: The Key Management Study Bo Rong, Member, IEEE, Hsiao-Hwa Chen, Senior Member, IEEE, Yi Qian, Senior Member, IEEE, Kejie Lu, Senior Member, IEEE, Rose Qingyang Hu, Senior Member, IEEE, and Sghaier Guizani Abstract—In mobile ad hoc networks (MANETs), many appli- cations require group-oriented computing among a large number of nodes in an adversarial environment. To deploy these large- scale cooperative applications, secure multicast service must be provided to efficiently and safely exchange data among nodes. The existing literature has extensively studied security protection for a single multicast group, in which all nodes are assumed to have the same security level. However, such an assumption may not be valid in practice because, for many applications, different users can play different roles and thus naturally be classified into multiple secu- rity levels. In this paper, we propose a pyramidal security model to safeguard the multisecurity-level information sharing in one cooperation domain. As a prominent feature, a pyramidal security model contains a set of hierarchical security groups and multi- cast groups. To find an efficient key management solution that covers all the involved multicast groups, we develop the follow- ing three schemes for the proposed security model: 1) separated star key graph; 2) separated tree key graph, and 3) integrated tree key graph. Performance comparison demonstrates that the scheme of integrated tree key graph has advantages over its counterparts. Index Terms—Group-oriented computing, key management, mobile ad hoc network (MANET), multicast, pyramidal security model. I. I NTRODUCTION A MOBILE ad hoc network (MANET) is an economic so- lution for wireless networking because it does not require any prior investment in a fixed infrastructure. In MANETs, it Manuscript received July 14, 2007; revised November 24, 2007, January 8, 2008, and March 15, 2008. First published April 18, 2008; current version pub- lished January 16, 2009. This work was supported in part by the United States National Science Foundation (US NSF) under Grant 0424546, by US NSF EPSCoR under a startup grant in Puerto Rico, and by the Taiwan National Science Council under Grant NSC 97-2219-E-006-004. The review of this paper was coordinated by Dr. J. Misic. B. Rong is with the International Institute of Telecommunications, Montreal, QC H5A 1K6, Canada (e-mail: bo.rong@ieee.org). H.-H. Chen is with the Department of Engineering Science, National Cheng Kung University, Tainan 701, Taiwan (e-mail: hshwchen@ieee.org). Y. Qian is with the National Institute of Standards and Technology, Gaithersburg, MD 20899-1070 USA (e-mail: yqian@nist.gov). K. Lu is with the Department of Electrical and Computer Engineering, University of Puerto Rico at Mayagüez, Mayagüez 00681-9042, Puerto Rico (e-mail: lukejie@ece.uprm.edu). R. Q. Hu is with Nortel Networks, Richardson, TX 75082 USA (e-mail: rosehu@ieee.org). S. Guizani is with the Math and Computer Department, Qatar University, Doha 2713, Qatar (e-mail: sguizani@qu.edu.qa). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TVT.2008.923666 is important to support large-scale group-oriented applications, such as audio/video conferencing and one-to-many data dis- semination in battlefield or disaster rescue scenarios. In these applications, users working for the same mission form a coop- eration domain. To construct the information-sharing platform in such a cooperation domain, the following two issues must be addressed. First, MANETs should provide multicast service, which can efficiently support group-oriented computing in a wireless environment of limited bandwidth resource and com- puting power [1], [2]. Second, MANETs are often deployed in a hostile workplace, where security protection is a major concern. The first issue makes group-oriented computing in MANETs a typical scenario of dynamic multicast, since wireless nodes are free to move and are thus likely to frequently join or leave the cooperation domain. The second issue requires a successful deployment of security protocols, which further depends on the underlying key management solution. To address both issues, this paper aims to design an efficient key management scheme for a dynamic multicast environment. In the literature, a number of key management schemes [1]–[19] have been proposed for single-security-level group communication, where one cooperation domain only contains one multicast group. Those reported schemes include the fol- lowing: 1) Diffie–Hellman algorithm extended contributory key management; 2) computational number theoretic approach; and 3) logical key hierarchy (LKH). The schemes developed in [3]–[5] belong to the Diffie– Hellman algorithm extended contributory key management. Instead of utilizing a trusted server to generate and distrib- ute group keys, these schemes extend the well-known Diffie– Hellman key exchange algorithm [6] to support group key agreement and thus lead to a rekeying cost proportional to the group size. Differently, the authors of [7] and [8] suggested a computational number theoretic approach that allows group members to compute a shared group key based on some key information from other members or from the trusted server. This approach also has a rekeying cost proportional to the group size. To achieve a better performance than the preceding two approaches, the LKH scheme was proposed in [9] and [10] and was further enhanced in [11]–[15]. LKH uses the logical tree key graph on the trusted server to conduct key management and thus achieves a rekeying cost that linearly increases with the logarithm of group size. 0018-9545/$25.00 © 2009 IEEE