Research ArticleMobility Based Key Management Technique forMulticast Security in Mobile Ad Hoc Networks
B Madhusudhanan1 S Chitra2 and C Rajan3
1Department of Computer Science ErPerumal Manimekalai College of Engineering Hosur 635117 India2ErPerumal Manimekalai College of Engineering Hosur 635117 India3Department of Information Technology KSR College of Technology Tiruchengode 637211 India
Correspondence should be addressed to C Rajan crajanksrgmailcom
Received 12 September 2014 Accepted 1 January 2015
Academic Editor Hai Jiang
Copyright copy 2015 B Madhusudhanan et al This is an open access article distributed under the Creative Commons AttributionLicense which permits unrestricted use distribution and reproduction in any medium provided the original work is properlycited
In MANET multicasting forward and backward secrecy result in increased packet drop rate owing to mobility Frequent rekeyingcauses large message overhead which increases energy consumption and end-to-end delay Particularly the prevailing group keymanagement techniques cause frequent mobility and disconnections So there is a need to design a multicast key managementtechnique to overcome these problems In this paper we propose the mobility based key management technique for multicastsecurity in MANET Initially the nodes are categorized according to their stability index which is estimated based on the linkavailability andmobility Amulticast tree is constructed such that for every weak node there is a strong parent node A session key-based encryption technique is utilized to transmit a multicast data The rekeying process is performed periodically by the initiatornodeThe rekeying interval is fixed depending on the node category so that this technique greatlyminimizes the rekeying overheadBy simulation results we show that our proposed approach reduces the packet drop rate and improves the data confidentiality
1 Introduction
A set of wireless communication nodes performing self-configuration in a dynamic mode for formation of networkexcluding fixed infrastructure or centralized supervision istermed as mobile ad hoc network (MANET) [1] It definesthe set of wireless heterogeneous mobile nodes that performscommunication with each other over multihop paths devoidof fixed infrastructure [2] The key aim of MANETs is toextend the mobility criteria in autonomous mobile andwireless domain The nodes in MANET perform as bothhosts as well as routers for sending the packet to each other[3] During ad hoc routing every node in the network ispermitted to discover its multihop path via the network toany other node [1] The application of the MANET includesmilitary battlefields emergency search and rescue locationsand so forth which requires quick deployment and activereconfiguration Here the members make use of mobiledevices for sharing the information [1]
The process of broadcasting the packets to a group ofzero or more hosts recognized by a single destination addressis termed as multicasting [1] This implies that message istransmitted from one sender to several receivers or frommultiple senders to multiple receivers The merit of multicasttechnique is that it offers service tomultiple users exclusive ofnetwork and resources overloading in the server [4]Themul-ticast technique is utilized by the application such as routingneighbor discovery key distribution and topology controlThis technique is also used in identical data transmissionfrom a single sender to several receivers that minimizes thenetwork traffic and energy consumption [5]
The multicasting approach can enhance the efficiencyof the wireless links for transmitting the multiple copies ofmessages in order to utilize the inbuilt broadcast nature ofwireless transmissionThusmulticast takes amajor responsi-bility inMANETThemajor aimofmulticast routing protocolis to reduce the control overhead and processing overheadenhancing the potentiality of multicast routing protocol
Hindawi Publishing Corporatione Scientific World JournalVolume 2015 Article ID 801632 10 pageshttpdxdoiorg1011552015801632
2 The Scientific World Journal
upholding the dynamic topology and avoids network loopsand so on
Security in Multicasting in MANET The basic features ofsecurity in MANET are as follows confidentiality guaranteesthat the network information cannot be revealed to the illegalunit Integrity is essential to maintain the data to be transmit-ted among nodes without any change or degradation Avail-ability means that the services are demanded are availablein timely manner without any potential issues in the systemThe lack of authentication can cause the attacker masqueradeany node and rules over the whole network Nonrepudiationguarantees that the message forwarded cannot be refused bythe message instigator [3]
Key ManagementThe methods of making distributing andupdating the keys for a secure group communication applica-tion are termed as keymanagement [6] Encryption and reen-cryption are completed with the assistance of Traffic Encryp-tion Keys (TEKs) and Key Encryption Keys (KEKs) In asecure multicast communication each member possesses akey to encode and decrypt the multicast data The methodof updating and distributing the keys to the group memberscorresponds to rekeying operation When each membershipchanges the rekey process is performedHowever throughoutcontinual membership modulation key management needsseveral exchanges per unit time for upholding forward andbackward secrecies [7]The securemulticasting is categorizedinto two types such as centralized and distributed schemeTheGroupController (GC) performs group keymanagementand only small loads are applied on the users of the group incase of centralized scheme For distributed scheme the keymanagement is performed by each user to reinforce the loadon the user [4]
2 Related Work
Chang and Kuo [8] have proposed a two-step secure authen-tication approach for multicast MANETs A Markov chaintrust model determines the Trust Value (TV) and the nodewith the highest TV is selected as CA server The securityanalysis guarantees that this approach achieves a secure reli-able authentication in multicast MANETs Numerical resultsshow that the analytical TV is very close to that of simulationunder various situations The speed of convergence of theanalytical TV shows that the analyzed result is independentof initial values and trust classes Huang and Medhi [9] haveprojected a secure group key management scheme for hier-archical mobile ad hoc networks to enhance each scalabilityand survivability of group key management for large-scalewireless ad hoc networks A multilevel security model and adecentralized group key management infrastructure to comeback through such amulti-level security model are projectedThis approach reduces the key management overhead andimproves resilience to any single point failure problem
Bouassida and Bouali [10] have introduced an evaluationmethod for group key management protocols (GKMP)Theyhave compared four main existing group key protocols
namely scalable and efficient group rekeying protocol (GKM-PAN) for ad hoc networks Distributed Multicast GroupSecurity Architecture (DMGSA) BALADE and Hierarchi-cal group key management protocol (Hi-GDH) In theabove approaches GKMPAN is an example for centralizedapproach DMGSA approach belongs to distributed typekey management scheme BALADE protocol and Hi-GDHstand for decentralized approach They have discussed theneed for performance evaluation of GKMPrsquos in the contextof MANETrsquos Lin et al [11] have proposed a new groupkey management protocol to reduce the communicationand computation overhead of group key rekeying caused bymembership changes The protocol can handle synchronousand asynchronous rekeying operations and a new 119896-nodeinsertion algorithm is designed to further optimize the keytree in batch update operationsWith strong encryption func-tion and key derivation function this protocol is provablysecure Simulation result shows that compared to LKH OFTand ELK SKD requires the least communication bandwidthand computation power and it is efficient with binary keytrees and asynchronous rekeying
3 Proposed Work
The proposed technique uses Link Quality (LQ) and Rep-utation of nodes to identify them as strong or weak nodesThemulticast tree constructed with secure communication isbased on the classified nodes and described in the subsectionsin detail
31 Estimating Received Signal Strength Here the proposedwork makes use of the Friis free space propagation model tomeasure the received signal strength value The received sig-nal strength (RSS) is computed using the following formula[12]
RSS = 120572 lowast 120579 lowast 119878tx (1)
where 120572 is a constant that relies on the wavelength and theantennas 120579 is the channel gain 119878tx is the signal power of thetransmitter
RSS can be expressed in terms of the dB and dBm (dBmilliWatts) as follows
311 Link Quality Link Quality (LQ) is estimated by ratio ofthe number of bits in error to the number of bits received (biterror rate) [13]
LQ =119887rx119887error
(3)
This value gets updated for every packet received at anode over a certain period It depends on parameters such asthe interference effect of the wireless channel additive whiteGaussian noise and signal transmission range
The Scientific World Journal 3
312 Stability Index Stability index (SI119894119895) is computed for
a link to a neighbor based on the received signal strengthmobility and link quality (using Sections 311 312 and 313)[13] SI
119894119895of a link between node 119894 and node 119895 is defined as
follows
SI119894119895=RSSLQ
(4)
313 Estimation of Reputation of Nodes Consider nodes 119894and 119895
The recent satisfaction index (119875119894119895) for node 119894 about node 119895
is computed as follows
119875119894119895= 119891 (119894 119895) minus 119890 (119894 119895) (5)
where 119891(119894 119895) is the percentage of packets originated from119894 that were forwarded by node 119895 over the total number ofpackets offered to node 119895
119890(119894 119895) is the percentage of packets that were expired overthe total number of packets offered to node 119895
Thus 119875119894119895can be considered as the direct reputation of
where Rep119894119895-prev is the reputation value that node 119894 had for
node 119895 before incorporating the most recent satisfactionindex
119882hist is a constant that reflects the level of confidence thatnode 119894 has in the past observed reputation for its neighbor 119895
The reputation index REP119894119895
is normalized using thefollowing equation
REP119894119895=
REP119894119895
max119905(REP119894119895) (7)
max119905is the function that reports the maximum observation
of REP119894119895over time [14]
32 Classifying the Nodes Thenodes are categorized into twotypes namely strong and weak nodes The steps involved inselecting the nodes are as follows
(1) Each node deployed in the network periodicallyexchanges a HELLO packet with its neighbor nodes
(2) By exchanging the hello packets every nodemeasuresthe RSS link quality and mobility119872
119895(119894) of its neigh-
bor nodes (explained in Sections 311 and 312)(3) Based on the measurement of RSS link quality and
119872119895(119894) each node computes the stability index (SI) of
its neighbor nodes (explained in Section 313) and thevalues are stored in the neighbor table (NT)
(4) The SI of each neighbor119873119894is checked such that
Let SIth be the predefined threshold value of StabilityIndexIf SI119894lt SIth
1
3
7
2
6
5
4
9
8 10
17
12
15
14
11
2013
1618
19
Strong nodes
Weak nodes
Figure 1 Selection of strong and weak nodes
ThenThe nodes are marked as weak nodes (119873119908119894) and
stored in NTElse The nodes are marked as strong nodes (119873
119904119894) and
stored in NTEnd if
For example consider the network in Figure 1 The nodes 78 15 and 16 are marked as strong nodes as their stabilityindex is greater than the threshold value Remaining nodesare marked as weak nodes as their stability index is less thanthe threshold value
33Multicast Tree Construction Themulticast tree construc-tion phase involves two phases
Upon receiving the CREQ message 119873119904119895sends a child
reply message (CREP) to119873119908119894
119873119908119894
CREPlarr997888997888997888997888 119873
119904119895 (9)
Every 119873119908119894
upon receiving CREP joins with 119873119904119895as child
nodes and respective119873119904119895becomes the parent node Thus for
every weak node there is at least a strong parent 119873119904119895then
stores its child nodes information in a table
For example consider the network in Figure 2 The weaknodes 2 and 5 get attachedwith the strong node 7Thus nodes2 and 5 become the child nodes for the strong parent node7 In the similar manner other strong nodes 8 15 and 16chooses their child nodes
Phase 2 Amulticast tree can be constructed and maintainedusing the periodic ldquoJOIN TREErdquo messages
Each strong node119873119904119895periodically sends a ldquoJOIN TREErdquo
119878 constructs a multicast tree consisting of the paths thatldquoJOIN TREErdquo pass through There is only one path from the119878 to each119873
119904119895of the multicast group
Figure 3 shows an example of amulticast tree constructedon a MANET The parent nodes 7 8 15 and 16 sendsJOIN TREE message to 119878 119878 constructs a multicast treeconsisting of the paths traversed by ldquoJOIN TREErdquo message
331 Secure Multicast Communication When any node 119873119894
wants to transmitmulticast data to destination119863 in a securedmanner it performs the following steps
(1) Initially 119873119894bounds the multicast data with hash
message authentication code (119876) for ensuring the dataintegrity which is represented as 119876(data)
(2) 119873119894and 119863 cooperatively compute the session key 119870
119894119863
and119873119894utilizes119870
119894119863to encrypt119876[data]This encrypted
data is represented as119870119894119863[119876(data)] Here the session
key is generated using Elliptic Curve Diffie-HellmanKey Management Agreement protocol (ECDH) [15]
(3) Every member node holds a group key GK119894119873119894again
encrypts119870119894119863[119876(data)] with GK
119894and it is represented
as GK119894119870119894119863[119876(data)] GK
119894is the multicast group key
where 119894 = 1 2 119899(4) When any node along the path 119873
119894-119863 receives the
GK119894119870119894[119876(data)] it decrypts the data using GK
119894
and encrypts it with GK119894again and forwards the
encrypted data
7
2 5
SGK7KN2S[Q(data)]
GK2KN2S[Q(data)]
Q(data)
Figure 4 Secure data transmission
(5) When 119863 receives the encrypted data it decrypts thedata using its respective GK
119894and session key119870
119894119863and
verifies the integrity of 119876(data)For example consider the network in Figure 4
The node1198732wants to transmit the data packet to 119878 The data
to be transmitted will be in the form 119876(data)Initially119873
2and 119878 cooperatively compute the session key
1198701198732119878
and 1198732encrypts 119876(data) with 119870
1198732119878which is repre-
sented as 1198701198732119878
[119876(data)] 1198732again encrypts 119870
1198732119878[119876(data)]
with group key GK2which is given as GK
21198701198732119878
[119876(data)]This encrypted data is forwarded to119873
7
1198737decrypts the data using the GK
2and encrypts again
with GK7and forwards it to 119878which will be in following form
GK71198701198732119878 [119876 (data)] (11)
When 119878 is receiving the encrypted data it decryptsthe information victimization GK
7and session key KN2S
and verifies the integrity of 119876(data) If any changes happenthroughout the transmissions the receiving node detects themodifications in real time by validating the 119876 The securedtransmission of information between a node and thereforethe supply is illustrated in Figure 4
34 Detection of Attacker Nodes When the data is notdelivered at a reliable rate and optimum path quality itis predicted that attack is detected The attack detectiontechnique depends on the capacity of 119868 to detect the differenceamong the predicted PDR (PrP) and recognized PDR (ReP)The estimation of PrP and ReP is as follows
PrP can be estimated from the Success Probability Prod-uct metric (SPP) at the concerned route
SPP for a path of 119899 links among 119878 and119863 is given by
SPP119878rarr119863
=
119894
prod
119894=1
SPP119894 (12)
where the metric for each link 119894 on the path is SPP119894= Prsucc
ReP of a route is determined by testing the continuityof the sequence number in received data packets That is by
The Scientific World Journal 5
dividing the number of received packets by the number ofpackets sent by the source over an interval of time
ReP in terms of performance of packet delivery is givenby the following equation
ReP =119875119903
119875119904
(13)
where 119875119903is the average number of packets received by all
receivers and 119875119904is the number of packets sent by the source
Even if the attacker nodes drop all data packets initiatornodes have the capacity to determine the ReP with theinclusion of the backup data packet authenticated by thesource
If |PrP minus ReP| gt 120578
ThenThe malicious behavior is detected by 119868 since theparticular route does not deliver the data at consistentlevel with optimal path qualityEnd if
341 Isolation of Attacker Nodes The steps involved in theisolation of attacker nodes are as follows
Step 1 While detecting themalicious behavior it temporarilyrecriminates the suspicious node by flooding a failure noticein the network that includes ID of recriminated and recrimi-nator nodes and the period of recrimination
Step 2 Until the recrimination is valid metrics broadcastedby the recriminated node will not be taken into account andwill be discarded during routing process
Step 3 In case of transient network variations the temporaryrecrimination scheme is taken into consideration
Step 4 In temporary recrimination strategy initially thetime period of recrimination is computed in relative to theobserved difference among PrP and ReP This is performedwith the intention that the recriminations caused by increaseinmetric values aswell asmalicious data dropping rate retainsfor longer duration than the recriminations caused by thetransient network variations
Step 5 In order to avoid the recrimination caused by attack-ers a node is not permitted to announce a new recriminationprior to the expiry of the already announced recrimination
Step 6 If the best metric is broadcasted by a recriminatednode
Then the initiator node activates the recriminated nodein addition to the best nonrecriminated node
Step 6 reveals that the valid paths can still be utilized inspite of false recrimination of the strong nodes
35 Rekeying Technique Among the chosen119873119904119895 some nodes
have to be designated as initiators which initiates the
Rkyint Rkymin Rkymax Rkyt
Figure 5 Rekeying time interval
re-process In this section suppose that initiators are selectedby centralized node considering reputation index (RI) ofnodes The initiators are selected based on the RI of nodes(explained in Section 313)
The direct reputation of node119873119904119895is given as
Rep119908119904
= Rep119908119904-pr lowast 119911 + 119875
119908119904lowast (1 minus 119911) (14)
where Rep119908119904-pr is the reputation value of 119873
119904119895contained in
119873119908119894prior to the addition of recent satisfaction index 119911 is the
constant that replicates the level of confidence possessed by119873119908119894
for its 119873119904119895 119875119908119904
is the recent satisfaction index for 119873119908119894
about119873119904119895
Thus119873119904119895with high Rep
119908119904values are selected as initiators
The selected initiator starts the rekeying process periodicallyusing the rekeying interval Rkyint Rkyint is the fixed param-eter and rekeying procedure is demonstrated as follows
Let Rkyint be the initial timeLet Rkymax represent the maximum thresholds forrekeying intervalLet Rkymin indicate the minimum thresholds forrekeying intervalLet Rky
119905represent the stop time
According to the rekeying interval rekeying process isperformed using the following cases Figure 5 shows therekeying time interval
Case 1If Rkyint gt Rkymin
thenthe rekeying is performed for requested weaknodes from NT by the initiator
End if
Case 2If Rkyint gt Rkymax
thenthe rekeying is performed for requested strongnodes from NT by the initiator
End if
Case 3If Rkyint = Rky
119905
ThenRekeying is stopped and the timer is refreshedto start the new session
End if
6 The Scientific World Journal
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
upholding the dynamic topology and avoids network loopsand so on
Security in Multicasting in MANET The basic features ofsecurity in MANET are as follows confidentiality guaranteesthat the network information cannot be revealed to the illegalunit Integrity is essential to maintain the data to be transmit-ted among nodes without any change or degradation Avail-ability means that the services are demanded are availablein timely manner without any potential issues in the systemThe lack of authentication can cause the attacker masqueradeany node and rules over the whole network Nonrepudiationguarantees that the message forwarded cannot be refused bythe message instigator [3]
Key ManagementThe methods of making distributing andupdating the keys for a secure group communication applica-tion are termed as keymanagement [6] Encryption and reen-cryption are completed with the assistance of Traffic Encryp-tion Keys (TEKs) and Key Encryption Keys (KEKs) In asecure multicast communication each member possesses akey to encode and decrypt the multicast data The methodof updating and distributing the keys to the group memberscorresponds to rekeying operation When each membershipchanges the rekey process is performedHowever throughoutcontinual membership modulation key management needsseveral exchanges per unit time for upholding forward andbackward secrecies [7]The securemulticasting is categorizedinto two types such as centralized and distributed schemeTheGroupController (GC) performs group keymanagementand only small loads are applied on the users of the group incase of centralized scheme For distributed scheme the keymanagement is performed by each user to reinforce the loadon the user [4]
2 Related Work
Chang and Kuo [8] have proposed a two-step secure authen-tication approach for multicast MANETs A Markov chaintrust model determines the Trust Value (TV) and the nodewith the highest TV is selected as CA server The securityanalysis guarantees that this approach achieves a secure reli-able authentication in multicast MANETs Numerical resultsshow that the analytical TV is very close to that of simulationunder various situations The speed of convergence of theanalytical TV shows that the analyzed result is independentof initial values and trust classes Huang and Medhi [9] haveprojected a secure group key management scheme for hier-archical mobile ad hoc networks to enhance each scalabilityand survivability of group key management for large-scalewireless ad hoc networks A multilevel security model and adecentralized group key management infrastructure to comeback through such amulti-level security model are projectedThis approach reduces the key management overhead andimproves resilience to any single point failure problem
Bouassida and Bouali [10] have introduced an evaluationmethod for group key management protocols (GKMP)Theyhave compared four main existing group key protocols
namely scalable and efficient group rekeying protocol (GKM-PAN) for ad hoc networks Distributed Multicast GroupSecurity Architecture (DMGSA) BALADE and Hierarchi-cal group key management protocol (Hi-GDH) In theabove approaches GKMPAN is an example for centralizedapproach DMGSA approach belongs to distributed typekey management scheme BALADE protocol and Hi-GDHstand for decentralized approach They have discussed theneed for performance evaluation of GKMPrsquos in the contextof MANETrsquos Lin et al [11] have proposed a new groupkey management protocol to reduce the communicationand computation overhead of group key rekeying caused bymembership changes The protocol can handle synchronousand asynchronous rekeying operations and a new 119896-nodeinsertion algorithm is designed to further optimize the keytree in batch update operationsWith strong encryption func-tion and key derivation function this protocol is provablysecure Simulation result shows that compared to LKH OFTand ELK SKD requires the least communication bandwidthand computation power and it is efficient with binary keytrees and asynchronous rekeying
3 Proposed Work
The proposed technique uses Link Quality (LQ) and Rep-utation of nodes to identify them as strong or weak nodesThemulticast tree constructed with secure communication isbased on the classified nodes and described in the subsectionsin detail
31 Estimating Received Signal Strength Here the proposedwork makes use of the Friis free space propagation model tomeasure the received signal strength value The received sig-nal strength (RSS) is computed using the following formula[12]
RSS = 120572 lowast 120579 lowast 119878tx (1)
where 120572 is a constant that relies on the wavelength and theantennas 120579 is the channel gain 119878tx is the signal power of thetransmitter
RSS can be expressed in terms of the dB and dBm (dBmilliWatts) as follows
311 Link Quality Link Quality (LQ) is estimated by ratio ofthe number of bits in error to the number of bits received (biterror rate) [13]
LQ =119887rx119887error
(3)
This value gets updated for every packet received at anode over a certain period It depends on parameters such asthe interference effect of the wireless channel additive whiteGaussian noise and signal transmission range
The Scientific World Journal 3
312 Stability Index Stability index (SI119894119895) is computed for
a link to a neighbor based on the received signal strengthmobility and link quality (using Sections 311 312 and 313)[13] SI
119894119895of a link between node 119894 and node 119895 is defined as
follows
SI119894119895=RSSLQ
(4)
313 Estimation of Reputation of Nodes Consider nodes 119894and 119895
The recent satisfaction index (119875119894119895) for node 119894 about node 119895
is computed as follows
119875119894119895= 119891 (119894 119895) minus 119890 (119894 119895) (5)
where 119891(119894 119895) is the percentage of packets originated from119894 that were forwarded by node 119895 over the total number ofpackets offered to node 119895
119890(119894 119895) is the percentage of packets that were expired overthe total number of packets offered to node 119895
Thus 119875119894119895can be considered as the direct reputation of
where Rep119894119895-prev is the reputation value that node 119894 had for
node 119895 before incorporating the most recent satisfactionindex
119882hist is a constant that reflects the level of confidence thatnode 119894 has in the past observed reputation for its neighbor 119895
The reputation index REP119894119895
is normalized using thefollowing equation
REP119894119895=
REP119894119895
max119905(REP119894119895) (7)
max119905is the function that reports the maximum observation
of REP119894119895over time [14]
32 Classifying the Nodes Thenodes are categorized into twotypes namely strong and weak nodes The steps involved inselecting the nodes are as follows
(1) Each node deployed in the network periodicallyexchanges a HELLO packet with its neighbor nodes
(2) By exchanging the hello packets every nodemeasuresthe RSS link quality and mobility119872
119895(119894) of its neigh-
bor nodes (explained in Sections 311 and 312)(3) Based on the measurement of RSS link quality and
119872119895(119894) each node computes the stability index (SI) of
its neighbor nodes (explained in Section 313) and thevalues are stored in the neighbor table (NT)
(4) The SI of each neighbor119873119894is checked such that
Let SIth be the predefined threshold value of StabilityIndexIf SI119894lt SIth
1
3
7
2
6
5
4
9
8 10
17
12
15
14
11
2013
1618
19
Strong nodes
Weak nodes
Figure 1 Selection of strong and weak nodes
ThenThe nodes are marked as weak nodes (119873119908119894) and
stored in NTElse The nodes are marked as strong nodes (119873
119904119894) and
stored in NTEnd if
For example consider the network in Figure 1 The nodes 78 15 and 16 are marked as strong nodes as their stabilityindex is greater than the threshold value Remaining nodesare marked as weak nodes as their stability index is less thanthe threshold value
33Multicast Tree Construction Themulticast tree construc-tion phase involves two phases
Upon receiving the CREQ message 119873119904119895sends a child
reply message (CREP) to119873119908119894
119873119908119894
CREPlarr997888997888997888997888 119873
119904119895 (9)
Every 119873119908119894
upon receiving CREP joins with 119873119904119895as child
nodes and respective119873119904119895becomes the parent node Thus for
every weak node there is at least a strong parent 119873119904119895then
stores its child nodes information in a table
For example consider the network in Figure 2 The weaknodes 2 and 5 get attachedwith the strong node 7Thus nodes2 and 5 become the child nodes for the strong parent node7 In the similar manner other strong nodes 8 15 and 16chooses their child nodes
Phase 2 Amulticast tree can be constructed and maintainedusing the periodic ldquoJOIN TREErdquo messages
Each strong node119873119904119895periodically sends a ldquoJOIN TREErdquo
119878 constructs a multicast tree consisting of the paths thatldquoJOIN TREErdquo pass through There is only one path from the119878 to each119873
119904119895of the multicast group
Figure 3 shows an example of amulticast tree constructedon a MANET The parent nodes 7 8 15 and 16 sendsJOIN TREE message to 119878 119878 constructs a multicast treeconsisting of the paths traversed by ldquoJOIN TREErdquo message
331 Secure Multicast Communication When any node 119873119894
wants to transmitmulticast data to destination119863 in a securedmanner it performs the following steps
(1) Initially 119873119894bounds the multicast data with hash
message authentication code (119876) for ensuring the dataintegrity which is represented as 119876(data)
(2) 119873119894and 119863 cooperatively compute the session key 119870
119894119863
and119873119894utilizes119870
119894119863to encrypt119876[data]This encrypted
data is represented as119870119894119863[119876(data)] Here the session
key is generated using Elliptic Curve Diffie-HellmanKey Management Agreement protocol (ECDH) [15]
(3) Every member node holds a group key GK119894119873119894again
encrypts119870119894119863[119876(data)] with GK
119894and it is represented
as GK119894119870119894119863[119876(data)] GK
119894is the multicast group key
where 119894 = 1 2 119899(4) When any node along the path 119873
119894-119863 receives the
GK119894119870119894[119876(data)] it decrypts the data using GK
119894
and encrypts it with GK119894again and forwards the
encrypted data
7
2 5
SGK7KN2S[Q(data)]
GK2KN2S[Q(data)]
Q(data)
Figure 4 Secure data transmission
(5) When 119863 receives the encrypted data it decrypts thedata using its respective GK
119894and session key119870
119894119863and
verifies the integrity of 119876(data)For example consider the network in Figure 4
The node1198732wants to transmit the data packet to 119878 The data
to be transmitted will be in the form 119876(data)Initially119873
2and 119878 cooperatively compute the session key
1198701198732119878
and 1198732encrypts 119876(data) with 119870
1198732119878which is repre-
sented as 1198701198732119878
[119876(data)] 1198732again encrypts 119870
1198732119878[119876(data)]
with group key GK2which is given as GK
21198701198732119878
[119876(data)]This encrypted data is forwarded to119873
7
1198737decrypts the data using the GK
2and encrypts again
with GK7and forwards it to 119878which will be in following form
GK71198701198732119878 [119876 (data)] (11)
When 119878 is receiving the encrypted data it decryptsthe information victimization GK
7and session key KN2S
and verifies the integrity of 119876(data) If any changes happenthroughout the transmissions the receiving node detects themodifications in real time by validating the 119876 The securedtransmission of information between a node and thereforethe supply is illustrated in Figure 4
34 Detection of Attacker Nodes When the data is notdelivered at a reliable rate and optimum path quality itis predicted that attack is detected The attack detectiontechnique depends on the capacity of 119868 to detect the differenceamong the predicted PDR (PrP) and recognized PDR (ReP)The estimation of PrP and ReP is as follows
PrP can be estimated from the Success Probability Prod-uct metric (SPP) at the concerned route
SPP for a path of 119899 links among 119878 and119863 is given by
SPP119878rarr119863
=
119894
prod
119894=1
SPP119894 (12)
where the metric for each link 119894 on the path is SPP119894= Prsucc
ReP of a route is determined by testing the continuityof the sequence number in received data packets That is by
The Scientific World Journal 5
dividing the number of received packets by the number ofpackets sent by the source over an interval of time
ReP in terms of performance of packet delivery is givenby the following equation
ReP =119875119903
119875119904
(13)
where 119875119903is the average number of packets received by all
receivers and 119875119904is the number of packets sent by the source
Even if the attacker nodes drop all data packets initiatornodes have the capacity to determine the ReP with theinclusion of the backup data packet authenticated by thesource
If |PrP minus ReP| gt 120578
ThenThe malicious behavior is detected by 119868 since theparticular route does not deliver the data at consistentlevel with optimal path qualityEnd if
341 Isolation of Attacker Nodes The steps involved in theisolation of attacker nodes are as follows
Step 1 While detecting themalicious behavior it temporarilyrecriminates the suspicious node by flooding a failure noticein the network that includes ID of recriminated and recrimi-nator nodes and the period of recrimination
Step 2 Until the recrimination is valid metrics broadcastedby the recriminated node will not be taken into account andwill be discarded during routing process
Step 3 In case of transient network variations the temporaryrecrimination scheme is taken into consideration
Step 4 In temporary recrimination strategy initially thetime period of recrimination is computed in relative to theobserved difference among PrP and ReP This is performedwith the intention that the recriminations caused by increaseinmetric values aswell asmalicious data dropping rate retainsfor longer duration than the recriminations caused by thetransient network variations
Step 5 In order to avoid the recrimination caused by attack-ers a node is not permitted to announce a new recriminationprior to the expiry of the already announced recrimination
Step 6 If the best metric is broadcasted by a recriminatednode
Then the initiator node activates the recriminated nodein addition to the best nonrecriminated node
Step 6 reveals that the valid paths can still be utilized inspite of false recrimination of the strong nodes
35 Rekeying Technique Among the chosen119873119904119895 some nodes
have to be designated as initiators which initiates the
Rkyint Rkymin Rkymax Rkyt
Figure 5 Rekeying time interval
re-process In this section suppose that initiators are selectedby centralized node considering reputation index (RI) ofnodes The initiators are selected based on the RI of nodes(explained in Section 313)
The direct reputation of node119873119904119895is given as
Rep119908119904
= Rep119908119904-pr lowast 119911 + 119875
119908119904lowast (1 minus 119911) (14)
where Rep119908119904-pr is the reputation value of 119873
119904119895contained in
119873119908119894prior to the addition of recent satisfaction index 119911 is the
constant that replicates the level of confidence possessed by119873119908119894
for its 119873119904119895 119875119908119904
is the recent satisfaction index for 119873119908119894
about119873119904119895
Thus119873119904119895with high Rep
119908119904values are selected as initiators
The selected initiator starts the rekeying process periodicallyusing the rekeying interval Rkyint Rkyint is the fixed param-eter and rekeying procedure is demonstrated as follows
Let Rkyint be the initial timeLet Rkymax represent the maximum thresholds forrekeying intervalLet Rkymin indicate the minimum thresholds forrekeying intervalLet Rky
119905represent the stop time
According to the rekeying interval rekeying process isperformed using the following cases Figure 5 shows therekeying time interval
Case 1If Rkyint gt Rkymin
thenthe rekeying is performed for requested weaknodes from NT by the initiator
End if
Case 2If Rkyint gt Rkymax
thenthe rekeying is performed for requested strongnodes from NT by the initiator
End if
Case 3If Rkyint = Rky
119905
ThenRekeying is stopped and the timer is refreshedto start the new session
End if
6 The Scientific World Journal
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
312 Stability Index Stability index (SI119894119895) is computed for
a link to a neighbor based on the received signal strengthmobility and link quality (using Sections 311 312 and 313)[13] SI
119894119895of a link between node 119894 and node 119895 is defined as
follows
SI119894119895=RSSLQ
(4)
313 Estimation of Reputation of Nodes Consider nodes 119894and 119895
The recent satisfaction index (119875119894119895) for node 119894 about node 119895
is computed as follows
119875119894119895= 119891 (119894 119895) minus 119890 (119894 119895) (5)
where 119891(119894 119895) is the percentage of packets originated from119894 that were forwarded by node 119895 over the total number ofpackets offered to node 119895
119890(119894 119895) is the percentage of packets that were expired overthe total number of packets offered to node 119895
Thus 119875119894119895can be considered as the direct reputation of
where Rep119894119895-prev is the reputation value that node 119894 had for
node 119895 before incorporating the most recent satisfactionindex
119882hist is a constant that reflects the level of confidence thatnode 119894 has in the past observed reputation for its neighbor 119895
The reputation index REP119894119895
is normalized using thefollowing equation
REP119894119895=
REP119894119895
max119905(REP119894119895) (7)
max119905is the function that reports the maximum observation
of REP119894119895over time [14]
32 Classifying the Nodes Thenodes are categorized into twotypes namely strong and weak nodes The steps involved inselecting the nodes are as follows
(1) Each node deployed in the network periodicallyexchanges a HELLO packet with its neighbor nodes
(2) By exchanging the hello packets every nodemeasuresthe RSS link quality and mobility119872
119895(119894) of its neigh-
bor nodes (explained in Sections 311 and 312)(3) Based on the measurement of RSS link quality and
119872119895(119894) each node computes the stability index (SI) of
its neighbor nodes (explained in Section 313) and thevalues are stored in the neighbor table (NT)
(4) The SI of each neighbor119873119894is checked such that
Let SIth be the predefined threshold value of StabilityIndexIf SI119894lt SIth
1
3
7
2
6
5
4
9
8 10
17
12
15
14
11
2013
1618
19
Strong nodes
Weak nodes
Figure 1 Selection of strong and weak nodes
ThenThe nodes are marked as weak nodes (119873119908119894) and
stored in NTElse The nodes are marked as strong nodes (119873
119904119894) and
stored in NTEnd if
For example consider the network in Figure 1 The nodes 78 15 and 16 are marked as strong nodes as their stabilityindex is greater than the threshold value Remaining nodesare marked as weak nodes as their stability index is less thanthe threshold value
33Multicast Tree Construction Themulticast tree construc-tion phase involves two phases
Upon receiving the CREQ message 119873119904119895sends a child
reply message (CREP) to119873119908119894
119873119908119894
CREPlarr997888997888997888997888 119873
119904119895 (9)
Every 119873119908119894
upon receiving CREP joins with 119873119904119895as child
nodes and respective119873119904119895becomes the parent node Thus for
every weak node there is at least a strong parent 119873119904119895then
stores its child nodes information in a table
For example consider the network in Figure 2 The weaknodes 2 and 5 get attachedwith the strong node 7Thus nodes2 and 5 become the child nodes for the strong parent node7 In the similar manner other strong nodes 8 15 and 16chooses their child nodes
Phase 2 Amulticast tree can be constructed and maintainedusing the periodic ldquoJOIN TREErdquo messages
Each strong node119873119904119895periodically sends a ldquoJOIN TREErdquo
119878 constructs a multicast tree consisting of the paths thatldquoJOIN TREErdquo pass through There is only one path from the119878 to each119873
119904119895of the multicast group
Figure 3 shows an example of amulticast tree constructedon a MANET The parent nodes 7 8 15 and 16 sendsJOIN TREE message to 119878 119878 constructs a multicast treeconsisting of the paths traversed by ldquoJOIN TREErdquo message
331 Secure Multicast Communication When any node 119873119894
wants to transmitmulticast data to destination119863 in a securedmanner it performs the following steps
(1) Initially 119873119894bounds the multicast data with hash
message authentication code (119876) for ensuring the dataintegrity which is represented as 119876(data)
(2) 119873119894and 119863 cooperatively compute the session key 119870
119894119863
and119873119894utilizes119870
119894119863to encrypt119876[data]This encrypted
data is represented as119870119894119863[119876(data)] Here the session
key is generated using Elliptic Curve Diffie-HellmanKey Management Agreement protocol (ECDH) [15]
(3) Every member node holds a group key GK119894119873119894again
encrypts119870119894119863[119876(data)] with GK
119894and it is represented
as GK119894119870119894119863[119876(data)] GK
119894is the multicast group key
where 119894 = 1 2 119899(4) When any node along the path 119873
119894-119863 receives the
GK119894119870119894[119876(data)] it decrypts the data using GK
119894
and encrypts it with GK119894again and forwards the
encrypted data
7
2 5
SGK7KN2S[Q(data)]
GK2KN2S[Q(data)]
Q(data)
Figure 4 Secure data transmission
(5) When 119863 receives the encrypted data it decrypts thedata using its respective GK
119894and session key119870
119894119863and
verifies the integrity of 119876(data)For example consider the network in Figure 4
The node1198732wants to transmit the data packet to 119878 The data
to be transmitted will be in the form 119876(data)Initially119873
2and 119878 cooperatively compute the session key
1198701198732119878
and 1198732encrypts 119876(data) with 119870
1198732119878which is repre-
sented as 1198701198732119878
[119876(data)] 1198732again encrypts 119870
1198732119878[119876(data)]
with group key GK2which is given as GK
21198701198732119878
[119876(data)]This encrypted data is forwarded to119873
7
1198737decrypts the data using the GK
2and encrypts again
with GK7and forwards it to 119878which will be in following form
GK71198701198732119878 [119876 (data)] (11)
When 119878 is receiving the encrypted data it decryptsthe information victimization GK
7and session key KN2S
and verifies the integrity of 119876(data) If any changes happenthroughout the transmissions the receiving node detects themodifications in real time by validating the 119876 The securedtransmission of information between a node and thereforethe supply is illustrated in Figure 4
34 Detection of Attacker Nodes When the data is notdelivered at a reliable rate and optimum path quality itis predicted that attack is detected The attack detectiontechnique depends on the capacity of 119868 to detect the differenceamong the predicted PDR (PrP) and recognized PDR (ReP)The estimation of PrP and ReP is as follows
PrP can be estimated from the Success Probability Prod-uct metric (SPP) at the concerned route
SPP for a path of 119899 links among 119878 and119863 is given by
SPP119878rarr119863
=
119894
prod
119894=1
SPP119894 (12)
where the metric for each link 119894 on the path is SPP119894= Prsucc
ReP of a route is determined by testing the continuityof the sequence number in received data packets That is by
The Scientific World Journal 5
dividing the number of received packets by the number ofpackets sent by the source over an interval of time
ReP in terms of performance of packet delivery is givenby the following equation
ReP =119875119903
119875119904
(13)
where 119875119903is the average number of packets received by all
receivers and 119875119904is the number of packets sent by the source
Even if the attacker nodes drop all data packets initiatornodes have the capacity to determine the ReP with theinclusion of the backup data packet authenticated by thesource
If |PrP minus ReP| gt 120578
ThenThe malicious behavior is detected by 119868 since theparticular route does not deliver the data at consistentlevel with optimal path qualityEnd if
341 Isolation of Attacker Nodes The steps involved in theisolation of attacker nodes are as follows
Step 1 While detecting themalicious behavior it temporarilyrecriminates the suspicious node by flooding a failure noticein the network that includes ID of recriminated and recrimi-nator nodes and the period of recrimination
Step 2 Until the recrimination is valid metrics broadcastedby the recriminated node will not be taken into account andwill be discarded during routing process
Step 3 In case of transient network variations the temporaryrecrimination scheme is taken into consideration
Step 4 In temporary recrimination strategy initially thetime period of recrimination is computed in relative to theobserved difference among PrP and ReP This is performedwith the intention that the recriminations caused by increaseinmetric values aswell asmalicious data dropping rate retainsfor longer duration than the recriminations caused by thetransient network variations
Step 5 In order to avoid the recrimination caused by attack-ers a node is not permitted to announce a new recriminationprior to the expiry of the already announced recrimination
Step 6 If the best metric is broadcasted by a recriminatednode
Then the initiator node activates the recriminated nodein addition to the best nonrecriminated node
Step 6 reveals that the valid paths can still be utilized inspite of false recrimination of the strong nodes
35 Rekeying Technique Among the chosen119873119904119895 some nodes
have to be designated as initiators which initiates the
Rkyint Rkymin Rkymax Rkyt
Figure 5 Rekeying time interval
re-process In this section suppose that initiators are selectedby centralized node considering reputation index (RI) ofnodes The initiators are selected based on the RI of nodes(explained in Section 313)
The direct reputation of node119873119904119895is given as
Rep119908119904
= Rep119908119904-pr lowast 119911 + 119875
119908119904lowast (1 minus 119911) (14)
where Rep119908119904-pr is the reputation value of 119873
119904119895contained in
119873119908119894prior to the addition of recent satisfaction index 119911 is the
constant that replicates the level of confidence possessed by119873119908119894
for its 119873119904119895 119875119908119904
is the recent satisfaction index for 119873119908119894
about119873119904119895
Thus119873119904119895with high Rep
119908119904values are selected as initiators
The selected initiator starts the rekeying process periodicallyusing the rekeying interval Rkyint Rkyint is the fixed param-eter and rekeying procedure is demonstrated as follows
Let Rkyint be the initial timeLet Rkymax represent the maximum thresholds forrekeying intervalLet Rkymin indicate the minimum thresholds forrekeying intervalLet Rky
119905represent the stop time
According to the rekeying interval rekeying process isperformed using the following cases Figure 5 shows therekeying time interval
Case 1If Rkyint gt Rkymin
thenthe rekeying is performed for requested weaknodes from NT by the initiator
End if
Case 2If Rkyint gt Rkymax
thenthe rekeying is performed for requested strongnodes from NT by the initiator
End if
Case 3If Rkyint = Rky
119905
ThenRekeying is stopped and the timer is refreshedto start the new session
End if
6 The Scientific World Journal
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
119878 constructs a multicast tree consisting of the paths thatldquoJOIN TREErdquo pass through There is only one path from the119878 to each119873
119904119895of the multicast group
Figure 3 shows an example of amulticast tree constructedon a MANET The parent nodes 7 8 15 and 16 sendsJOIN TREE message to 119878 119878 constructs a multicast treeconsisting of the paths traversed by ldquoJOIN TREErdquo message
331 Secure Multicast Communication When any node 119873119894
wants to transmitmulticast data to destination119863 in a securedmanner it performs the following steps
(1) Initially 119873119894bounds the multicast data with hash
message authentication code (119876) for ensuring the dataintegrity which is represented as 119876(data)
(2) 119873119894and 119863 cooperatively compute the session key 119870
119894119863
and119873119894utilizes119870
119894119863to encrypt119876[data]This encrypted
data is represented as119870119894119863[119876(data)] Here the session
key is generated using Elliptic Curve Diffie-HellmanKey Management Agreement protocol (ECDH) [15]
(3) Every member node holds a group key GK119894119873119894again
encrypts119870119894119863[119876(data)] with GK
119894and it is represented
as GK119894119870119894119863[119876(data)] GK
119894is the multicast group key
where 119894 = 1 2 119899(4) When any node along the path 119873
119894-119863 receives the
GK119894119870119894[119876(data)] it decrypts the data using GK
119894
and encrypts it with GK119894again and forwards the
encrypted data
7
2 5
SGK7KN2S[Q(data)]
GK2KN2S[Q(data)]
Q(data)
Figure 4 Secure data transmission
(5) When 119863 receives the encrypted data it decrypts thedata using its respective GK
119894and session key119870
119894119863and
verifies the integrity of 119876(data)For example consider the network in Figure 4
The node1198732wants to transmit the data packet to 119878 The data
to be transmitted will be in the form 119876(data)Initially119873
2and 119878 cooperatively compute the session key
1198701198732119878
and 1198732encrypts 119876(data) with 119870
1198732119878which is repre-
sented as 1198701198732119878
[119876(data)] 1198732again encrypts 119870
1198732119878[119876(data)]
with group key GK2which is given as GK
21198701198732119878
[119876(data)]This encrypted data is forwarded to119873
7
1198737decrypts the data using the GK
2and encrypts again
with GK7and forwards it to 119878which will be in following form
GK71198701198732119878 [119876 (data)] (11)
When 119878 is receiving the encrypted data it decryptsthe information victimization GK
7and session key KN2S
and verifies the integrity of 119876(data) If any changes happenthroughout the transmissions the receiving node detects themodifications in real time by validating the 119876 The securedtransmission of information between a node and thereforethe supply is illustrated in Figure 4
34 Detection of Attacker Nodes When the data is notdelivered at a reliable rate and optimum path quality itis predicted that attack is detected The attack detectiontechnique depends on the capacity of 119868 to detect the differenceamong the predicted PDR (PrP) and recognized PDR (ReP)The estimation of PrP and ReP is as follows
PrP can be estimated from the Success Probability Prod-uct metric (SPP) at the concerned route
SPP for a path of 119899 links among 119878 and119863 is given by
SPP119878rarr119863
=
119894
prod
119894=1
SPP119894 (12)
where the metric for each link 119894 on the path is SPP119894= Prsucc
ReP of a route is determined by testing the continuityof the sequence number in received data packets That is by
The Scientific World Journal 5
dividing the number of received packets by the number ofpackets sent by the source over an interval of time
ReP in terms of performance of packet delivery is givenby the following equation
ReP =119875119903
119875119904
(13)
where 119875119903is the average number of packets received by all
receivers and 119875119904is the number of packets sent by the source
Even if the attacker nodes drop all data packets initiatornodes have the capacity to determine the ReP with theinclusion of the backup data packet authenticated by thesource
If |PrP minus ReP| gt 120578
ThenThe malicious behavior is detected by 119868 since theparticular route does not deliver the data at consistentlevel with optimal path qualityEnd if
341 Isolation of Attacker Nodes The steps involved in theisolation of attacker nodes are as follows
Step 1 While detecting themalicious behavior it temporarilyrecriminates the suspicious node by flooding a failure noticein the network that includes ID of recriminated and recrimi-nator nodes and the period of recrimination
Step 2 Until the recrimination is valid metrics broadcastedby the recriminated node will not be taken into account andwill be discarded during routing process
Step 3 In case of transient network variations the temporaryrecrimination scheme is taken into consideration
Step 4 In temporary recrimination strategy initially thetime period of recrimination is computed in relative to theobserved difference among PrP and ReP This is performedwith the intention that the recriminations caused by increaseinmetric values aswell asmalicious data dropping rate retainsfor longer duration than the recriminations caused by thetransient network variations
Step 5 In order to avoid the recrimination caused by attack-ers a node is not permitted to announce a new recriminationprior to the expiry of the already announced recrimination
Step 6 If the best metric is broadcasted by a recriminatednode
Then the initiator node activates the recriminated nodein addition to the best nonrecriminated node
Step 6 reveals that the valid paths can still be utilized inspite of false recrimination of the strong nodes
35 Rekeying Technique Among the chosen119873119904119895 some nodes
have to be designated as initiators which initiates the
Rkyint Rkymin Rkymax Rkyt
Figure 5 Rekeying time interval
re-process In this section suppose that initiators are selectedby centralized node considering reputation index (RI) ofnodes The initiators are selected based on the RI of nodes(explained in Section 313)
The direct reputation of node119873119904119895is given as
Rep119908119904
= Rep119908119904-pr lowast 119911 + 119875
119908119904lowast (1 minus 119911) (14)
where Rep119908119904-pr is the reputation value of 119873
119904119895contained in
119873119908119894prior to the addition of recent satisfaction index 119911 is the
constant that replicates the level of confidence possessed by119873119908119894
for its 119873119904119895 119875119908119904
is the recent satisfaction index for 119873119908119894
about119873119904119895
Thus119873119904119895with high Rep
119908119904values are selected as initiators
The selected initiator starts the rekeying process periodicallyusing the rekeying interval Rkyint Rkyint is the fixed param-eter and rekeying procedure is demonstrated as follows
Let Rkyint be the initial timeLet Rkymax represent the maximum thresholds forrekeying intervalLet Rkymin indicate the minimum thresholds forrekeying intervalLet Rky
119905represent the stop time
According to the rekeying interval rekeying process isperformed using the following cases Figure 5 shows therekeying time interval
Case 1If Rkyint gt Rkymin
thenthe rekeying is performed for requested weaknodes from NT by the initiator
End if
Case 2If Rkyint gt Rkymax
thenthe rekeying is performed for requested strongnodes from NT by the initiator
End if
Case 3If Rkyint = Rky
119905
ThenRekeying is stopped and the timer is refreshedto start the new session
End if
6 The Scientific World Journal
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
dividing the number of received packets by the number ofpackets sent by the source over an interval of time
ReP in terms of performance of packet delivery is givenby the following equation
ReP =119875119903
119875119904
(13)
where 119875119903is the average number of packets received by all
receivers and 119875119904is the number of packets sent by the source
Even if the attacker nodes drop all data packets initiatornodes have the capacity to determine the ReP with theinclusion of the backup data packet authenticated by thesource
If |PrP minus ReP| gt 120578
ThenThe malicious behavior is detected by 119868 since theparticular route does not deliver the data at consistentlevel with optimal path qualityEnd if
341 Isolation of Attacker Nodes The steps involved in theisolation of attacker nodes are as follows
Step 1 While detecting themalicious behavior it temporarilyrecriminates the suspicious node by flooding a failure noticein the network that includes ID of recriminated and recrimi-nator nodes and the period of recrimination
Step 2 Until the recrimination is valid metrics broadcastedby the recriminated node will not be taken into account andwill be discarded during routing process
Step 3 In case of transient network variations the temporaryrecrimination scheme is taken into consideration
Step 4 In temporary recrimination strategy initially thetime period of recrimination is computed in relative to theobserved difference among PrP and ReP This is performedwith the intention that the recriminations caused by increaseinmetric values aswell asmalicious data dropping rate retainsfor longer duration than the recriminations caused by thetransient network variations
Step 5 In order to avoid the recrimination caused by attack-ers a node is not permitted to announce a new recriminationprior to the expiry of the already announced recrimination
Step 6 If the best metric is broadcasted by a recriminatednode
Then the initiator node activates the recriminated nodein addition to the best nonrecriminated node
Step 6 reveals that the valid paths can still be utilized inspite of false recrimination of the strong nodes
35 Rekeying Technique Among the chosen119873119904119895 some nodes
have to be designated as initiators which initiates the
Rkyint Rkymin Rkymax Rkyt
Figure 5 Rekeying time interval
re-process In this section suppose that initiators are selectedby centralized node considering reputation index (RI) ofnodes The initiators are selected based on the RI of nodes(explained in Section 313)
The direct reputation of node119873119904119895is given as
Rep119908119904
= Rep119908119904-pr lowast 119911 + 119875
119908119904lowast (1 minus 119911) (14)
where Rep119908119904-pr is the reputation value of 119873
119904119895contained in
119873119908119894prior to the addition of recent satisfaction index 119911 is the
constant that replicates the level of confidence possessed by119873119908119894
for its 119873119904119895 119875119908119904
is the recent satisfaction index for 119873119908119894
about119873119904119895
Thus119873119904119895with high Rep
119908119904values are selected as initiators
The selected initiator starts the rekeying process periodicallyusing the rekeying interval Rkyint Rkyint is the fixed param-eter and rekeying procedure is demonstrated as follows
Let Rkyint be the initial timeLet Rkymax represent the maximum thresholds forrekeying intervalLet Rkymin indicate the minimum thresholds forrekeying intervalLet Rky
119905represent the stop time
According to the rekeying interval rekeying process isperformed using the following cases Figure 5 shows therekeying time interval
Case 1If Rkyint gt Rkymin
thenthe rekeying is performed for requested weaknodes from NT by the initiator
End if
Case 2If Rkyint gt Rkymax
thenthe rekeying is performed for requested strongnodes from NT by the initiator
End if
Case 3If Rkyint = Rky
119905
ThenRekeying is stopped and the timer is refreshedto start the new session
End if
6 The Scientific World Journal
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
The rekeying is performed in the weak node withinminimum rekeying interval since they possess minimumstability index which causes them to frequently join orleave the network In the strong nodes rekeying is per-formed at the maximum rekeying interval since they havemaximum stability index and their possibility to join orleave the network is less This periodic rekeying reduces therepeated rekeying process that further reduces the overheadIn rekeying technique the multicast group key (GK
119894) is
rekeyed considering the three cases given aboveThe rekeyingalgorithm functions as follows [16]
According to the cases given above rekeying processis triggered Initially node 119873
119894performs the ECDH key
management agreement from leaf node to the source ofmulticast tree to obtain subgroup key cooperatively as
119870119873119894
+ 119870119873119894+1
+ sdot sdot sdot + 119870119873119899minus1
119875 (15)
Here 119870119873119894
is the leaf node 119870119873119899minus1
is the source and 119875 isthe key generator in Diffe-Hellman Finally the generatedsubgroup chain reaches the source and it computes the newgroup key for the groupOnce the new group key is generatedby the source it unicasts it to the members securely
Considering the tree structure given in Figure 4 node1198732
and1198735are leaf nodes119873
7is the parent node of nodes 2 and 5
and 119878 is themulticast source Assume1198732invokes the rekeying
process and then the sequential process of rekeying is givenbelow
Step 1 1198732generates subgroup key as 119870
1198732+ 1198701198735119875 and
transmits to1198737
Step 2 Node1198737computes the subgroup key as 119870
1198732+ 1198701198735
+
1198701198737119875 and forwards to the source
Step 3 Finally the source computes cooperative subgroupkey as119870
1198732+1198701198735
+1198701198737
+119870119878119875 and then generates new group
key as1198701015840119894the source then unicasts the new group key securely
to its member nodes
4 Simulation Results
The proposed technique was simulated under different sce-narios using varying number of receivers and varying themobility of the nodes
41 Simulation Model and Parameters To analyze the per-formance of the proposed work NS2 [17] was used In oursimulation the channel capacity of mobile hosts is set tothe same value 2Mbps We use the distributed coordinationfunction (DCF) of IEEE 80211 for wireless LANs as theMAClayer protocol For multicasting we used Multicast AODV(MAODV) [16] routing protocol Simulations were carriedout in 1500 meter times 1500 meter region for 50 seconds simu-lation timeWe assume each node moves independently withthe same average speed All nodes have the same transmissionrange of 250 meters In our simulation the speed variedfrom 5 to 25ms and performance measured The simulatedtraffic is Constant Bit Rate (CBR) In this simulation we
Table 1 Simulation parameters
Number of receiver nodes 10 20 30 40 50Area size 1500 times 1500Mac 80211Radio range 250mSimulation time 50 secTraffic source CBRRate 250KbMobility model Random way pointSpeed 5 10 15 20 and 25
consider both the node capture and insider attacks In nodecapture attack a malicious attacker steals the credentials andsecret keys from the legitimate nodes An insider attacker is amalicious authenticated group member which may intimatefalse trust relations and injects false trust reporting It mayalso inject packets 119899 the network to disturb communicationsand consume the network resources Our simulation settingsand parameters are summarized in Table 1
42 Performance Metrics We compare our Mobility BasedKey Management Technique (MBKM) with the traditionalGKMPAN [10] and efficient clustering scheme for groupkey management (ECGK) [18] We evaluate mainly theperformance according to the following metrics
Average Packet Delivery Ratio It is the ratio of the number ofpackets received successfully and the total number of packetssent
Overhead It is the control overhead (in terms of packets)occurred in keying and rekeying operations
Packet Drop It is the average number of packets dropped ateach receiver
Detection Accuracy It is the ratio of number of attacksdetected to the number of attacks performed
Resilience It is the ratio of fraction of data compromised tothe fraction of nodes compromised
421 Based on Receivers In our first experiment we vary thenumber of receivers per group as 10 20 30 40 and 50 withspeed 5ms
(i) Comparison with GKMPAN The proposed MBKM tech-nique is compared with GKMPAN and the above perfor-mance metrics are evaluated by varying the group size
Figures 6 and 8 present the packet delivery ratio andpacket drop of both techniques respectively when the groupsize is increased from 10 to 50 From the figure we cansee that MBKM has 89 less packet drop than the existingGKMPAN techniques since it assures high reliability usingthe strong nodes Because of this reduced packet drop thedelivery ratio of the proposed MBKM is 2357 higherthan the GKMPAN technique Figure 7 presents the control
The Scientific World Journal 7
0
05
1
15
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMGKMPAN
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
Figure 6 Comparison of delivery ratio with GKMPAN for varyingreceivers
0
5000
10000
15000
20000
25000
10 20 30 40 50
Ove
rhea
d
Receivers
Receivers versus overhead
MBKMGKMPAN
Figure 7 Comparison of overhead with GKMPAN for varyingreceivers
overhead that occurred for both the techniques when thegroup size is increased It can be seen that MBKM has7901 lesser overhead than the existing GKMPAN schemesince it does not use the traditional multicast tree structurewhich involves large number of nodes Figure 9 presents theresults for resilience for both the techniques when the groupsize is increased It can be seen that MBKM has 3096lesser resilience thanGKMPAN since it has efficient rekeyingtechnique
(ii) Comparison with ECGKThe proposedMBKM techniqueis compared with ECGK and the above performance metricsare evaluated by varying the group size Figures 10 and 12presents the packet delivery ratio and packet drop of bothtechniques respectively when the group size is increasedfrom 10 to 50 From the figure we can see that MBKM
0
2000
4000
6000
8000
10000
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMGKMPAN
Figure 8 Comparison of packet drop with GKMPAN for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMGKMPAN
Figure 9 Comparison of resilience with GKMPAN for varyingreceivers
has 3502 less packet drop than ECGK technique since itassures high reliability using the strong nodes Because ofthis reduced packet drop the delivery ratio of the proposedMBKM is 182 higher than the ECGK technique
Figure 11 shows the control overhead occurred for boththe techniques when the group size is increased It can beseen that MBKM has 1532 lesser overhead than ECGKtechnique since it does not use the traditional multicast treestructure which involves large number of nodes Figure 13presents the results for resilience for both the techniqueswhen the group size is increased It can be seen that MBKMhas 1651 lesser resilience than GKMPAN since it hasefficient rekeying technique
422 Simulation Based on Node Speed In our second exper-iment we vary the speed of the mobile node as 5 10 15 20and 25ms for 10 receivers Figures 14 and 16 present the
8 The Scientific World Journal
075
08
085
09
095
1
10 20 30 40 50
Del
iver
y ra
tio
Receivers
Receivers versus delivery ratio
MBKMECGK
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
Figure 10 Comparison of delivery ratio with ECGK for varyingreceivers
0
5000
10000
15000
10 20 30 40 50
Ove
rhea
d
Receivers
MBKMECGK
Receivers versus delivery ratio
Figure 11 Comparison of overhead with ECGK for varyingreceivers
packet delivery ratio and packet drop of both techniquesrespectively when the speed of the node is increased from5 to 25ms From Figure 11 we can see that the packet dropincreases as the speed increases due to disconnections androute breakages But MBKM has 84 less packet drop thanthe existing GKMPAN techniques since it uses stable andenergy efficient nodes for routing Because of this reducedpacket drop the delivery ratio of the proposedMBKM is 29higher than the GKMPAN technique Figure 15 presents thecontrol overhead occurred for both the techniques when thegroup is increased It can be seen that MBKM has 56 lesseroverhead than the existing GKMPAN scheme since it doesnot use the traditionalmulticast tree structure which involveslarge number of nodes
0
200
400
600
800
10 20 30 40 50
Pack
et d
rop
Receivers
Receivers versus packet drop
MBKMECGK
Figure 12 Comparison of packet drop with ECGK for varyingreceivers
0
02
04
06
08
10 20 30 40 50
Resil
ienc
e
Receivers
Receivers versus resilience
MBKMECGK
Figure 13 Comparison of resilience with ECGK for varyingreceivers
0
02
04
06
08
1
5 10 15 20 25
Deli
very
ratio
Speed
Speed versus delivery ratio
MBKMGKMPAN
Figure 14 Speed versus delivery ratio
The Scientific World Journal 9
0
5000
10000
15000
20000
5 10 15 20 25
Ove
rhea
d
Speed
Speed versus overhead
MBKMGKMPAN
Figure 15 Speed versus overhead
0
2000
4000
6000
8000
5 10 15 20 25
Pack
et d
rop
Speed
Speed versus packet drop
MBKMGKMPAN
Figure 16 Speed versus drop
5 Conclusion
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
In this work mobility based key management technique isused for multicast security in MANET Initially the nodesare categorized into strong and weak nodes according totheir stability index The stability index is estimated basedon the link availability and mobility A multicast tree isconstructed such that for every weak node there is a strongparent node When any node desires to transmit a multicastdata to destination a session key based encryption techniqueis utilized The rekeying process is performed periodicallyby the initiator node which is chosen among the strongnodes based on the reputation indexThe rekeying interval isfixed depending on the node category For the weak nodesthe initiators perform rekeying within minimum rekeyinginterval as they possess minimum stability index Whereasfor the strong nodes the initiators perform rekeying at themaximum rekeying interval since their stability index ismoreand the possibility of their position change due to mobility
is less This technique minimizes the repeated rekeyingprocess that further minimizes the overhead By simulationresults proposed approach reduces the packet drop rate andimproves the data confidentiality
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
References
[1] L Junhai X Liu and Y Danxia ldquoResearch onmulticast routingprotocols for mobile Ad-hoc networksrdquo Computer Networksvol 52 no 5 pp 988ndash997 2008
[2] M Striki and J S Baras ldquoKey distribution protocols forsecure multicast communication survivable in MANETsrdquo inProceedings of the IEEE Military Communications Conference(MILCOM rsquo03) Boston Mass USA October 2003
[3] C Rajan and N S Shanthi ldquoMisbehaving attack mitigationtechnique for multicast security in mobile ad hoc networks(MANET)rdquo Journal of Theoretical and Applied InformationTechnology vol 48 no 3 pp 1349ndash1357 2013
[4] R Srinivasan V Vaidehi R Rajaraman S Kanagaraj RChidambaram Kalimuthu and R Dharmaraj ldquoSecure groupkey management scheme for multicast networksrdquo InternationalJournal of Network Security vol 10 no 3 pp 205ndash209 2010
[5] L Lazos and R Poovendran ldquoPower proximity based keymanagement for secure multicast in Ad hoc networksrdquoWirelessNetworks vol 13 no 1 pp 127ndash148 2007
[6] D S Devi and G Padmavathi ldquoA reliable secure multicastkey distribution scheme for mobile Adhoc networksrdquo WorldAcademy of Science Engineering and Technology vol 56 pp321ndash326 2009
[7] S Devaraju and G Padmavathi ldquoDynamic clustering for QoSbased secure multicast key distribution in mobile Ad hocnetworksrdquo International Journal of Computer Science Issues vol7 no 5 pp 30ndash37 2010
[8] B-J Chang and S-L Kuo ldquoMarkov chain trust model for trust-value analysis and key management in distributed multicastMANETsrdquo IEEE Transactions on Vehicular Technology vol 58no 4 pp 1846ndash1863 2009
[9] D Huang and D Medhi ldquoA secure group key managementscheme for hierarchical mobile Ad hoc networksrdquo Ad HocNetworks vol 6 no 4 pp 560ndash577 2008
[10] M S Bouassida and M Bouali ldquoOn the performance ofgroup key management protocols in MANETsrdquo in Proceedingsof the Joint Conference on Security in Network Architecturesand Information Systems (SAR-SSI rsquo07) pp 275ndash286 AnnecyFrance June 2007
[11] J-C Lin K-H Huang F Lai and H-C Lee ldquoSecure andefficient group key management with shared key derivationrdquoComputer Standards amp Interfaces vol 31 no 1 pp 192ndash2082009
[12] V Sridhara and S Bohacek ldquoRealistic propagation simulation ofurban mesh networksrdquo Computer Networks vol 51 no 12 pp3392ndash3412 2007
[13] R Biradar S Manvi and M Reddy ldquoMesh based multicastrouting in MANET stable link based approachrdquo InternationalJournal of Computer and Electrical Engineering vol 2 no 2 pp371ndash380 2010
10 The Scientific World Journal
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
[14] S R Zakhary and M Radenkovic ldquoReputation-based securityprotocol for MANETs in highly mobile disconnection-proneenvironmentsrdquo in Proceedings of the 7th International Confer-ence on Wireless On-Demand Network Systems and Services(WONS rsquo10) pp 161ndash167 February 2010
[15] Elliptic Curve Cryptography Version 20 Technical GuidelineBundesamt fur Sicherheit in der Informationstechnik 2012
[16] H-Y Lin and T-C Chiang ldquoEfficient key agreements indynamic multicast height balanced tree for secure multicastcommunications in Ad Hoc networksrdquo EURASIP Journal onWireless Communications and Networking vol 2011 Article ID382701 15 pages 2011
[17] Network Simulator httpwwwisiedunsnamns[18] K Drira H Seba and H Kheddouci ldquoECGK an efficient
clustering scheme for group key management in MANETsrdquoComputer Communications vol 33 no 9 pp 1094ndash1107 2010
