Cluster-based Group Key Agreement for Wireless Ad hoc Networks Elisavet Konstantinou Department of Information and Communication Systems Engineering University of the Aegean, 83200 Samos, Greece ekonstantinou@aegean.gr Abstract The establishment of a group key in wireless ad hoc net- works is considered a difficult task from both an algorithmic and computational point of view. The reason is the special nature and the constraints posed by these networks. In this paper, we present an efficient group key agreement protocol which is particularly suitable for energy constrained, dy- namically evolving wireless ad hoc networks. The topology of the network is reflected in a structure composed by small clusters. This clustering allows the synchronous execution of efficient tripartite key agreement protocols based on pair- ings. The required computations are simple for the devices to implement, the size of the exchanged messages is mini- mum and the storage memory required in every node is very small. The proposed protocol also avoids the usage of a TTP or a central authority and achieves a good energy bal- ance. Finally, we compare the communication/computation complexity of our protocol with previously known protocols and show that it compares favourably with them. 1. Introduction Wireless ad hoc networks are dynamic, peer-to-peer, self-organizing networks which are currently deployed in many areas of interest (ranging from homes, schools and universities to inaccessible terrains, disaster places, etc.). The unique characteristics of such systems give rise to very different design trade-offs compared to current general- purpose systems, while the ad hoc networking topology makes them susceptible to link attacks ranging from passive eavesdropping to active interference. Therefore, key estab- lishment is critical for the protection in wireless ad hoc net- works and the prevention of adversaries from attacking the network. Moreover, the choice of a key establishment pro- tocol for the creation of a shared, secret key must be done very carefully taking into consideration all possible limita- tions of wireless ad hoc networks. In particular, the nodes in an ad hoc network are energy constrained and they have limited physical security. More- over, the network topology may change frequently since the nodes are mobile and the use of wireless communication implies a limited bandwidth. Thus, the execution of any protocol which involves all the nodes in the network must be carefully selected to be computationally and communi- cationally efficient. It is clear that the realization of such ef- ficient, robust and secure ad hoc networking environments and protocols is a challenging algorithmic and technologic task. Group key management mainly includes activities for the establishment and the maintenance of a group key. A secret key for data encryption must be distributed with a secure and efficient way to all members of the group. Potentially, group key establishment is more suitable than pairwise key establishment as devices do not waste energy every time they wish to communicate with another device by establish- ing a new shared secret key. In group key agreement proto- cols, all the nodes of the group collaborate and finally form a shared secret key. Key distribution techniques require a central authority or an on-line trusted third party (TTP) to distribute the session keys which is not usually a realistic scenario in wireless ad hoc networks. Group key establishment can be either centralized or dis- tributed. In the first case, a member of the group is respon- sible for the generation and the distribution of the key. In distributed group key establishment all group members con- tribute to the generation of the key. Clearly, the second ap- proach is suited for ad hoc networks because problems with centralized trust and the existence of single point of failure can be avoided. We will say that a protocol is contributory when each group member contribute its part to the global group key. Otherwise, the protocol will be referred as non- contributory. Most of the traditional group key management protocols reported in the literature can not cope with the dynamic na- ture and limitations of wireless ad hoc networks. In partic- The Third International Conference on Availability, Reliability and Security 0-7695-3102-4/08 $25.00 © 2008 IEEE DOI 10.1109/ARES.2008.106 550 The Third International Conference on Availability, Reliability and Security 0-7695-3102-4/08 $25.00 © 2008 IEEE DOI 10.1109/ARES.2008.106 550 The Third International Conference on Availability, Reliability and Security 0-7695-3102-4/08 $25.00 © 2008 IEEE DOI 10.1109/ARES.2008.106 550 Authorized licensed use limited to: Agean University. Downloaded on February 22, 2009 at 06:45 from IEEE Xplore. Restrictions apply.