IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. XI (Mar-Apr. 2014), PP 146-158 www.iosrjournals.org www.iosrjournals.org 146 | Page Secure and Efficient Key Management Scheme in MANETs Abu Taha Zamani 1 , Syed Zubair 2 1 Lecturer,Deanship of Information Technology,Northern Border University,Kingdom of Saudi Arabia 2 Lecturer,Deanship of Information Technology,Northern Border University,Kingdom of Saudi Arabia Abstract: InMobile ad hoc networks (MANETs) security has become a primary requirements.Thecharacteristics capabilities of MANETsexposeboth challenges and opportunities in achieving key security goals,such as confidentiality,access control,authentication, availability, integrity, and non- repudiation.Cryptographic techniques are widely used for secure communications in both TCP and UDPnetworks. Most cryptographic mechanisms, such as symmetric and asymmetric cryptography,often involve the use of cryptographic keys. However, all cryptographic techniques will beunsecure or inefficient if the key management is weak. Key management is also a central component inMANET security. The main purpose of key management is to provide secure methods for handlingcryptographic keying algorithm. The tasks of key management includes keys for generation, distribution and maintenance. Key maintenance includes the procedures for key storage, keyupdate, key revocation, etc. In MANETs, the computational load and complexityfor key management are strongly subject to restriction by the node’s available resources and thedynamic nature of network topology. A number of key management schemes have beenproposed for MANETs. In this article, we present a survey of the research work on keymanagement in MANETs according to recent publications. Keywords: Mobile ad hoc networks, Key management, , Security, PKI, MOCA I. Introduction Key management is a basic part of any secure communication. Most cryptosystems rely on someunderlying secure, robust, and efficient key management system. Secure networkcommunications normally involve a key distribution procedure between communication parties,in which the key may be transmitted through insecure channels. A framework of trustrelationships needs to be built for authentication of key ownership in the key distributionprocedure. While some frameworks are based on a centralized trusted third party (TTP), otherscould be fully distributed. For example, a certification authority (CA) is the TTP in asymmetriccryptosystems, a key distribution center (KDC) is the TTP in the symmetric system, and in PGPno TTP is assumed. According to recent publications, the centralized approach is regarded asinappropriate for MANETs because of the dynamic environment and the transient relationshipsamong mobile nodes. Most researchers prefer the decentralized trust model for MANETs.Several decentralized solutions have been proposed in recent papers with differentimplementations, such as how the CA's responsibility is distributed to all nodes, or to a subset ofnodes. 1.1 Fundamentals of Key Management Cryptographic algorithms are security primitives that are widely used for the purposes ofauthentication, confidentiality, integrity, and non-repudiation. Most cryptographic systemsrequire an underlying secure, robust, and efficient key management system. Key management isa central part of any secure communication and is the weakest point of system security and theprotocol design.A key is a piece of input information for cryptographic algorithms. If the key was released, theencrypted information would be disclosed. The secrecy of the symmetric key and private keymust always be assured locally. The Key Encryption Key (KEK) approach [8] could be used atlocal hosts to protect the secrecy of keys. To break the cycle (use key to encrypt the data, and usekey to encrypt key) some non-cryptographic approaches need to be used, e.g. smart card, orbiometric identity, such as fingerprint, etc.Key distribution and key agreement over an insecure channel are at high risk and suffer frompotential attacks. In the traditional digital envelop approach, a session key is generated at one side and is encrypted by the public-key algorithm. Then it is delivered and recovered at the otherend. In the Diffie-Hellman (DH) scheme [8], the communication parties at both sides exchangesome public information and generate a session key on both ends. Several enhanced DH schemeshave been invented to counter man-in-the-middle attacks. In addition, a multi-way challengeresponse protocol, such as Needham-Schroeder [19], can also be used. Kerberos [19], which isbased on a variant of Needham-Schroeder, is an authentication protocol used in many realsystems, including Microsoft Windows. However, in MANETs, the lack of a central controlfacility, the limited computing resources, dynamic network topology, and the difficulty ofnetwork synchronization all