Asymmetric decentralize approaches for key distribution
As key distribution based on a centralized key management server (i.e., Certification Authority) can leads the whole system to a single point of failure, the idea to share the :ask of key distribution in a distributed manner was attempted. The two schemes in the following sub sections, one is based on a partially distributed CA and another scheme uses a fully distributed certification authority (CA).
Partially distributed certification authority
A decentralized approach based on a public key infrastructure for key management where task of the CA is divided to a subset of nodes in the networks. Threshold Cryptography is used for establishing trust among the set of servers and the proposed key management service also uses share refreshing to achieve proactive security.
The task of the key management service is distributed over a certain number of nodes in the network called servers. The service as a whole has a service private key (skpriv) / public key (skpub). All the nodes in the system know the public key (skpub) of the service and trust any certificates that have been signed with the corresponding private key (skpriv). The normal nodes (i.e., client nodes), can requests to the key management service for other client's public key or for an update of its own public key. Fig shows the architecture of the key management services.
The n servers that are chosen arbitrarily, configured with an (n, H 1) threshold cryptographic scheme, where (n3t+ 1) and t is the maximum number of servers that can be compromised within a given period of time. Each server has its own public (Ki) / private key (ki) pair and knows the public key of all other servers. The private key of the service skpriv is divided into n shares (sl, s2, s3, s4 ..., sn) where each of the n servers gets one share each.
The key management scheme discussed ensures confidentiality as it uses threshold cryptography and the task of the CA is shared among some nodes. So, there is no single point of failure and authenticated nodes get the service done as and when requested. Thus, it ensures availability and by using share refreshing it keeps the shares of the secret key fresh. The key management service can changes its configuration to changing situations, which helps ensuring the scalability requirement.
Though the management technique is concrete and good one for distributing the task of a CA to a set of servers, it still have some lacking while implementing in a mobile ad hoc network environment from an efficiency point of view:
• The scheme do not addresses the issue of certificate revocation mechanism, which is very important for a service implementing public key infrastructure.
• It requires that all the server store certificates of all the nodes in the network. In that case, a new certificate is propagated to all the servers. Consider a segmentation of the network, and then a synchronization mechanism between the servers will be required.
• The use of public key and threshold cryptography requires a lot of computational tasks, which could consume the energies of small Energy constrained devices used in ad hoc networks.
• The availability of the key management service depends on an Assumption that in a given time at most t number of servers can be compromised, where t is the threshold parameter. So, higher the t is chosen, higher the security.
• The key management service requires that a given set of nodes do some specific task at a given time, which is suitable for a military environment. In a normal environment nodes may not behave in a pre- defined way