As our discussion in this section has shown, most approaches to key manage- ment that are purely performed within the network require a (distributed) TA. The management of a distributed TA induces a significant communication overhead as is discussed in Section 2.4. However, protocols avoiding the use of a TA (such as the Diffie-Hellman protocol for symmetric key exchange) also impose a large communi- cation overhead. For a key management solution that is purely performed within a MANET, a significant communication overhead appears to be unavoidable, and the lesser evil of the existing protocols needs to be chosen according to the requirements of the respective MANET. However, things change, as a MANET is not totally left without external support. Non-interactive key agreement protocols as discussed in Section 2.3.3 give one example of how communication overhead can be minimised by exploiting the possibility of network pre-configuration.
2.4
Bootstrapping a distributed trust authority
Trusted authorities are an essential element in Public Key Infrastructures (PKIs) to issue certificates and to manage keys. As our discussion in Section 2.3 has shown, TAs remain an important element for key management in MANETs, even though it is hard to implement a TA in a MANET. The natural approach here is to distribute a TA within the MANET, i.e., to replace the offline TA by an online TA. While protocols for distributed key management were discussed in Section 2.3, this section deals with the actual bootstrapping of the set of nodes that act as the distributed TA in the network.
We focus on TAs that are a subset of all nodes in the network. Using a subset of the MANET as TA is in general favourable over using the whole network as a TA, for two reasons: Firstly, managing a TA with a large number of members might exceed the capabilities of the MANET. This problem was discussed in Section 2.3 in the
2.4 Bootstrapping a distributed trust authority
context of fully distributed certificate authorities. Secondly, nodes in a MANETs are likely to hold different roles and capabilities, and therefore show a different robustness against compromise.
Choosing a subset of nodes as the TA allows a network to elect the most robust and trustworthy nodes in the network. This subset can either be determined during the pre-configuration phase (if applicable), or can dynamically be established by the nodes in the MANET themselves. Pre-assigning the nodes that form the TA makes the network security dependent on these nodes. If they are compromised or run out of battery power, the security infrastructure of the network is destroyed. However, in certain military scenarios, pre-assignment of a distributed TA might be the best choice. For example, one can imagine soldiers on foot that are supported by some tanks that are in a relative central position. The battery lifetime of the tanks is not an issue, and depending the mission’s security on the security of the tanks might be deemed reasonable.
While a dynamic election of the TA members runs the risk of choosing already compromised nodes as TA nodes, the benefits of this approach especially in networks with homogeneous nodes, are:
• TA nodes that run out of battery power can be replaced by other nodes. • Advantegeous situated nodes (with many nodes within direct communication
range) can be chosen as TA nodes to reduce the average cost of other nodes to contact the TA.
• More TA members can be assigned when needed, to allow a network partition- ing with two independently functioning TAs.
To react spontaneously to dynamic network changes, the subset of nodes that builds the TA can be re-elected with a certain frequency. Algorithms that undertake the
2.4 Bootstrapping a distributed trust authority
task of establishing such a subset of nodes are cluster algorithms. Typically, cluster algorithms are used to partition the network into clusters, where each cluster is assigned to one cluster head (CH). We now give an overview of existing cluster algorithms in the literature.
2.4.1 Cluster algorithms
Cluster algorithms have been widely used in MANETs to determine subsets of nodes for saving energy [36, 33], enhancing routing protocols [7], finding efficient flooding [80, 105], and broadcasting [52], or to generally build low-cost backbones [141]. Clusters have also been applied in recent research on distributing TAs in ad hoc networks [14, 82]. These cluster algorithms build one-hop clusters, i.e., the nodes in a cluster are in direct communication range with their CH. The first cluster algorithm for d-hop clustering was proposed by Amis et al. [3].
Bechler et al. [14] established a security architecture using clustering and (k, n)- threshold cryptography. In each cluster, exactly one distinguished node, the CH, is responsible for establishing and organising the cluster. Clusters are formed as geographically needed: If nodes cannot find existing clusters, they create clusters themselves, with existing clusters being merged and split on demand.
A major drawback in Bechler’s work is the significant relevance of gateway nodes which act as connectors between neighbouring clusters. As Bechler’s simulation results illustrate, 34.2 % of the overhead traffic is produced by the gateway nodes, whereas the cluster heads only produce 47.5 % of the overhead traffic, although they incur the management of the security shares.
Conventional clustering is heavily influenced by the initial topology of the net- work, typically resulting in a central node of the cluster becoming the CH. An ap-