Threshold and identity-based key management and authentication for wireless ad hoc networks
First Claim
1. A method of generating and distributing keys used to secure communications between a plurality of network nodes each having a unique identity in an ad hoc network having neither a centralized trusted authority nor dedicated nodes to generate and distribute the keys, said method comprising:
- distributing a key generation mechanism to each network;
using the distributed key generation mechanism to generate one unique master private key sub-share per each network node;
distributing the master private key sub-shares generated to the respective network nodes;
each network node using the distributed sub-shares to compute a share Si of a master private key S, wherein i is i=1, 2, . . . n such that Si represents a respective share of the ith node,wherein n is a total number of network nodes;
sharing the share Si of the master private key S among the network nodes along with a common parameter P;
using the distributed key generation to generate a master public key QM using the share Si of the master private key S along with the common parameter P;
generating and distributing an individual public key QID and an individual private key sk;
wherein the generating and distributing of the individual public key QID comprises hashing the unique identity of a network node with a time stamp;
wherein the generating of the individual private key sk comprises;
a requesting node requesting private key generation service from at least k neighbor nodes and presenting the individual public key QID and a temporary public key to said k neighbor nodes;
each of k neighbor nodes computing a share ski of the individual private key sk as SiQID, where Si(i=1, . . . , k) is the share of the master private key S of the neighbor node and QID is the individual public key of the requesting node;
each neighbor node encrypting its share ski of the individual private key sk using the requesting node'"'"'s temporary public key;
each neighbor node sending its encrypted share ski of the individual private key sk to the requesting node;
the requesting node decrypting the encrypted shares of the individual private key sk with a temporary private key corresponding to the temporary public key; and
the requesting node computing its individual private key sk as
1 Assignment
0 Petitions
Accused Products
Abstract
As various applications of wireless ad hoc network have been proposed, security has become one of the big research challenges and is receiving increasing attention. The present invention provides for a distributed key management and authentication approach by deploying the recently developed concepts of identity-based cryptography and threshold secret sharing. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management service, which effectively solves the problem of single point of failure in the traditional public key infrastructure (PKI)-supported system. The identity-based cryptography mechanism provided not only to provide end-to-end authenticity and confidentiality, but also saves network bandwidth and computational power of wireless nodes.
-
Citations
15 Claims
-
1. A method of generating and distributing keys used to secure communications between a plurality of network nodes each having a unique identity in an ad hoc network having neither a centralized trusted authority nor dedicated nodes to generate and distribute the keys, said method comprising:
-
distributing a key generation mechanism to each network; using the distributed key generation mechanism to generate one unique master private key sub-share per each network node; distributing the master private key sub-shares generated to the respective network nodes; each network node using the distributed sub-shares to compute a share Si of a master private key S, wherein i is i=1, 2, . . . n such that Si represents a respective share of the ith node, wherein n is a total number of network nodes; sharing the share Si of the master private key S among the network nodes along with a common parameter P; using the distributed key generation to generate a master public key QM using the share Si of the master private key S along with the common parameter P; generating and distributing an individual public key QID and an individual private key sk; wherein the generating and distributing of the individual public key QID comprises hashing the unique identity of a network node with a time stamp; wherein the generating of the individual private key sk comprises; a requesting node requesting private key generation service from at least k neighbor nodes and presenting the individual public key QID and a temporary public key to said k neighbor nodes; each of k neighbor nodes computing a share ski of the individual private key sk as SiQID, where Si(i=1, . . . , k) is the share of the master private key S of the neighbor node and QID is the individual public key of the requesting node; each neighbor node encrypting its share ski of the individual private key sk using the requesting node'"'"'s temporary public key; each neighbor node sending its encrypted share ski of the individual private key sk to the requesting node; the requesting node decrypting the encrypted shares of the individual private key sk with a temporary private key corresponding to the temporary public key; and the requesting node computing its individual private key sk as - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of generating and distributing keys used to secure communications between a plurality of network nodes each having a unique identity in an ad hoc network having neither a centralized trusted authority nor dedicated nodes to generate and distribute the keys, said method comprising:
-
distributing a key generation mechanism to each network; using the distributed key generation mechanism to generate one unique master private key sub-share per each network node; distributing the master private key sub-shares generated to the respective network nodes; each network node using the distributed sub-shares to compute a share Si of a master private key S, wherein i is i=1, 2, . . . n such that Si represents a respective share of the ith node, wherein n is a total number of network nodes; sharing the share Si of the master private key S among the network nodes along with a common parameter P, and using the distributed key generation to generate a master public key QM using the share Si of the master private key S along with the common parameter P; generating a master private key share for a node joining the network after network inception and; wherein the generation of a master private key share comprises; joining node Cp generating an individual public key QID; the joining node Cp presenting its unique identity, individual public key QID, and a required physical proof to k neighbor nodes; the joining node Cp requesting the master public key QM and a share SP of the master private key S; each of the k neighbor nodes verifying the unique identity of the joining node Cp; each of the k neighbor nodes generating a sub-share ssip of the master private key S for the joining node Cp as ssip=Si·
li(p), where li(p) is the Lagrange coefficient;each of the k neighbor nodes encrypting its sub-share ssip of the master private key S using the individual public key QID of the joining node Cp; each of the k neighbor nodes sending its sub-share of the master private key S to the joining node Cp; and the joining node Cp computing its new share of the master private key S as - View Dependent Claims (15)
-
Specification