**4. Hierarchical scheme with transitory master key (HSTMK)**

Filippo Gandino et al. [8] introduced a new key management scheme called hierarchical scheme with transitory master key (HSTMK). This approach is based on transitory master key approach and is designed for static wireless sensor network. The proposed scheme includes two elementary key managements. One is plain global key (PKG), which is used by all nodes during the initialization phase and deleted during the working phase. Another is full pairwise keys (FPWK) in which each node shares a specific key with another node. Once an adversary compromises a node before the deletion of key materials, the network is broken down. Therefore, the idea of this method is to split the initialization phase into multi-sub-phase which will increase the overall security level. Furthermore, the HSTMK reduces the time for initialization phase, thus reducing the probability that the master secret is compromised.

A setup task is performed before the initial deployment of the network. In this task, each node is given a common key, called global master key *KIN*. After that, node *u* produces its own master key *KU* by using a pseudorandom function *fK*(*.*) and global master key *KIN*:

$$K\_U = f\_{Km} \text{(ID}\_U\text{)}\tag{1}$$

Each node has an interval timer which measures the duration of the initialization phase. When the time finishes, all key materials must be deleted to prevent from being stolen by adversaries. This interval value must be selected carefully according to the characteristics of the network.

The initialization phase is divided into four sub-phases, including neighbor discovery, master key computation, pairwise key computation, and acknowledgment.

First, at the neighbor discovery phase, the node broadcast Hello packet to other nodes that identify their neighbors. The packets contain the identification (*IDI*) of the senders.

At the master computation phase, the node u calculates the secret of their neighbor v using a pseudorandom function *fK*(*.*) and neighbor's *IDV*. Then they delete the global key *KIN*:

$$K\_V = f\_{Kin} \text{(ID}\_V\text{)}\tag{2}$$

**47**

**Figure 1.**

*Adi Shamir's secret sharing scheme.*

*Key Management Techniques for Wireless Mesh Network DOI: http://dx.doi.org/10.5772/intechopen.83399*

**5. Real-time key management algorithm**

ing other abnormal activities in this network.

**5.1 Real-time clock key management**

penetrating the network (**Figure 2**).

of private key generation is shown in **Figure 3**.

ization phase would increase the risk of losing secret materials.

An experiment was carried out to compare performance of HSTMK and another method called LEAP+ [10]. The results show that HSTMK is faster than LEAP+ in terms of establishing a pairwise key among nodes. In addition, by increasing the number of nodes in the network, the time before deleting key materials of HSTMK is from 3 to 150 times less than that of LEAPs. The experimental results also highlight the importance of the selection of initialization time. If this value is too low, the proportion of established pairwise keys can reduce, whereas a too long initial-

The proposed security algorithm [11] is designed for the purpose of safely transferring keys and synchronous nodes in WMN. In sections 5.1 and 5.2, we will present our key management method based on Adi Shamir's algorithm; the synchronization between nodes by real-time clock helps our keys prevent different types of external attacks. We also present a protocol used for transferring those keys in WMN; this protocol will focus on preventing man-in-middle attack and detect-

The conventional key management methods are easy to be attacked by various attacks such as eavesdropping keys and data, de-authentication, and denial-ofservice (DoS). Therefore, we propose to use real-time clock to change continuously private key in key management of each node and synchronize all nodes in WMN, so these nodes will be completely independent of each other. One of those nodes is the network time protocol (NTP) server, and the others are NTP clients. Using the WMN model, the NTP data are transferred quickly enough for synchronization. At a certain point, the nodes will together create a unique key, and every group of n keys is required to reconstruct the same secret for the encryption and decryption. The process of the proposed method is reversely compared with Adi Shamir's method as shown in **Figure 1**. In the proposed method, the private key is created first instead of the master key. Therefore, the secret will not be detected when the attacker attacks on any node. Besides that, this secret is constantly changed by using a real-time clock module, and thus this makes it more difficult for attackers to be successful in

Private key is generated by a unique value depending on each device—MAC address. A threshold level is required for this process. This parameter will be set depending on the number and installation location of nodes in WMN. The process

At the pairwise key computation phase, only one node in a couple of nodes computes the pairwise keys KU-V and KV-U. Then they delete their neighbor's master key:

$$K\_{V-U} = f\_{\rm Kv} \text{(ID}\_u\text{)} \text{ or } K\_{U-V} = f\_{\rm Ku} \text{(ID}\_V\text{)}\tag{3}$$

At the acknowledgment phase, after deleting all key materials, the nodes send acknowledgement messages to authenticate the key establishment.

In addition, the author proposed a mechanism for adding new nodes to network. For the new nodes, at first sub-phase, they broadcast Hello messages to all existing nodes in network. Any nodes which receives these messages will respond with an acknowledgment packet (which contains the ID of the receiver). In the second subphase, the new nodes compute the master key of their available neighbors and then delete the global key. Other sub-phases remain unchanged.

*Wireless Mesh Networks - Security, Architectures and Protocols*

compromised.

global master key *KIN*:

(*IDI*) of the senders.

global key *KIN*:

to the characteristics of the network.

Despite the outstanding advantages, this method is just well-performed in a hierarchical architecture which needs trusted central authorities (BS or CHs). Consequently, the network may be broken down when those authorities are

Filippo Gandino et al. [8] introduced a new key management scheme called hierarchical scheme with transitory master key (HSTMK). This approach is based on transitory master key approach and is designed for static wireless sensor network. The proposed scheme includes two elementary key managements. One is plain global key (PKG), which is used by all nodes during the initialization phase and deleted during the working phase. Another is full pairwise keys (FPWK) in which each node shares a specific key with another node. Once an adversary compromises a node before the deletion of key materials, the network is broken down. Therefore, the idea of this method is to split the initialization phase into multi-sub-phase which will increase the overall security level. Furthermore, the HSTMK reduces the time for initialization

**4. Hierarchical scheme with transitory master key (HSTMK)**

phase, thus reducing the probability that the master secret is compromised.

A setup task is performed before the initial deployment of the network. In this task, each node is given a common key, called global master key *KIN*. After that, node *u* produces its own master key *KU* by using a pseudorandom function *fK*(*.*) and

*KU* = *fKin*(*IDU*) (1)

The initialization phase is divided into four sub-phases, including neighbor discovery, master key computation, pairwise key computation, and acknowledgment. First, at the neighbor discovery phase, the node broadcast Hello packet to other nodes that identify their neighbors. The packets contain the identification

Each node has an interval timer which measures the duration of the initialization phase. When the time finishes, all key materials must be deleted to prevent from being stolen by adversaries. This interval value must be selected carefully according

At the master computation phase, the node u calculates the secret of their neighbor v using a pseudorandom function *fK*(*.*) and neighbor's *IDV*. Then they delete the

*KV* = *fKin*(*IDV*) (2)

*KV*<sup>−</sup>*<sup>U</sup>* = *fKv*(*IDu*) or *KU*<sup>−</sup>*<sup>V</sup>* = *fKu*(*IDV*) (3)

At the acknowledgment phase, after deleting all key materials, the nodes send

In addition, the author proposed a mechanism for adding new nodes to network. For the new nodes, at first sub-phase, they broadcast Hello messages to all existing nodes in network. Any nodes which receives these messages will respond with an acknowledgment packet (which contains the ID of the receiver). In the second subphase, the new nodes compute the master key of their available neighbors and then

acknowledgement messages to authenticate the key establishment.

delete the global key. Other sub-phases remain unchanged.

At the pairwise key computation phase, only one node in a couple of nodes computes the pairwise keys KU-V and KV-U. Then they delete their neighbor's master key:

**46**

An experiment was carried out to compare performance of HSTMK and another method called LEAP+ [10]. The results show that HSTMK is faster than LEAP+ in terms of establishing a pairwise key among nodes. In addition, by increasing the number of nodes in the network, the time before deleting key materials of HSTMK is from 3 to 150 times less than that of LEAPs. The experimental results also highlight the importance of the selection of initialization time. If this value is too low, the proportion of established pairwise keys can reduce, whereas a too long initialization phase would increase the risk of losing secret materials.
