GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS

US 20100329463A1
Filed: 06/24/2009
Published: 12/30/2010
Est. Priority Date: 06/24/2009
Status: Active Grant

First Claim

Patent Images

1. A method for providing group key management, the method comprising:

provisioning each of a plurality of network nodes with at least one group distribution key;

deploying the plurality of network nodes as a ad-hoc network; and

electing at least one first network node as a first group key manager.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET.

Citations

20 Claims

1. A method for providing group key management, the method comprising:
- provisioning each of a plurality of network nodes with at least one group distribution key;
  
  deploying the plurality of network nodes as a ad-hoc network; and
  
  electing at least one first network node as a first group key manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - determining whether a network disruption has occurred between the at least one first network node and a second network node; and
      
      in response to determining that the network disruption has occurred between the at least one first network node and the second network node, electing a third network node as a second group key manager.
  - 3. The method of claim 2, wherein the second network node and the third network node participate in the election of the second group key manager.
  - 4. The method of claim 2, wherein the network disruption comprises the at least one first network node being out of range of the second network node and the third network node.
  - 5. The method of claim 1, further comprising:
    - issuing, by the first group key manager, a new group key to each of the plurality of network nodes.
  - 6. The method of claim 5, wherein the first group key manager issues the new group key on a periodic basis.
  - 7. The method of claim 1, further comprising:
    - determining, by a second network node, whether a third network node comprises a compromised network node; and
      
      in response to determining that the third network node comprises a compromised network node, banning the compromised network node from communicating with the second network node.
  - 8. The method of claim 7, further comprising:
    - assigning a weight to each node of the plurality of network nodes;
      
      determining whether a number of nodes banning the compromised network node comprises a predetermined weight requirement to revoke the compromised network node'"'"'s access; and
      
      in response to determining that the number of nodes banning the compromised network node comprises the predetermined weight requirement to revoke the compromised network node'"'"'s access, issuing a new group key to at least one non-compromised node of the plurality of network nodes.
  - 9. The method of claim 7, further comprising:
    - determining whether the compromised network node is no longer compromised; and
      
      in response to determining that the compromised network node is no longer compromised, issuing a new member identifier to the compromised network node.
  - 10. The method of claim 1, wherein each of the plurality of network nodes comprises a list of each of the plurality of network nodes and wherein the list comprises, for each of the plurality of network nodes, a member identifier, a priority, a public key, and a banning weight.
  - 11. The method of claim 9, further comprising removing at least one of the others of the plurality of network nodes from the list in response to banning the at least one of the others of the plurality of network nodes.

12. A system for providing group key management, the system comprising:
- a memory storage; and
  
  a processing unit coupled to the memory storage, wherein the processing unit is operative to;
  
  communicate over an ad-hoc network comprising at least one authorized network node, wherein being operative to communicate over the ad-hoc network comprises being operative to;
  
  elect a group key manager,encrypt a first data packet using a group key,send the first data packet to the at least one authorized network node,receive a second data packet encrypted using the group key, anddecrypt the second data packet using the group key; and
  
  receive a new group key from the group key manager.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein being operative to encrypt the first data packet and decrypt the first data packet comprises being operative to utilize a symmetric key algorithm.
  - 14. The system of claim 13, wherein the symmetric key algorithm comprises at least one of the following:
    - Advanced Encryption Standard (AES), Data Encryption Standard (DES), triple-DES, RC4, RC5, and Secure Hash Algorithm (SHA) used with a Hash Message Authentication Code (HMAC) construction.
  - 15. The system of claim 12, further operative to:
    - receive a group distribution key common to the system and the at least one authorized network node; and
      
      authenticate the new group key using the group distribution key.
  - 16. The system of claim 12, wherein the group key manager is operative to issue the new group key.
  - 17. The system of claim 16, wherein being operative to elect the group key manager comprises being operative to select a network node of the ad-hoc network to serve as the group key manager according to at least one of the following:
    - a degree of connectivity between the network node and the system and a priority assigned to the network node.
  - 18. The system of claim 12, further operative to:
    - determine whether the new group key has not been received within a key distribution period; and
      
      in response to determining that the new group key has not been received within the key distribution period, elect the system as the group key manager and issue the new group key to the at least one authorized network node.
  - 19. The system of claim 12, further operative to:
    - determine whether the group key manager is no longer connected to the ad-hoc network; and
      
      in response to determining that the group key manager is no longer connected to the ad-hoc network, initiate an election of a new group key manager.

20. A computer-readable medium which stores a set of instructions which when executed performs a method for providing group key management in an ad-hoc network, the method executed by the set of instructions comprising:
- receiving a first group key from a group key manager;
  
  using the first group key to encrypt and decrypt data communications among a plurality of network nodes, wherein each of the plurality of network nodes comprises at least one of a plurality of authorized member identifiers;
  
  receiving a second group key from the group key manager;
  
  using the second group key to encrypt and decrypt data communications among the plurality of network nodes;
  
  determining whether the group key manager is no longer communicatively connected to the ad-hoc network;
  
  in response to determining that the group key manager is no longer communicatively connected to the ad-hoc network, electing a new group key manager;
  
  determining whether at least one of the plurality of network nodes comprises a compromised network node; and
  
  in response to determining that at least one of the plurality of network nodes comprises a compromised network node, revoking the authorized member identifier associated with the compromised network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
SICHITIU, MIHAIL L., RATLIFF, STANLEY, RETANA, ALVARO, WEIS, BRIAN E.

Granted Patent

US 8,452,014 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/065   for group communications cr...

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GROUP KEY MANAGEMENT FOR MOBILE AD-HOC NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links