Secure, Redundant and Fully Distributed Key Management Scheme for Mobile Ad hoc Networks: An Analysis

Security poses a major challenge in ad hoc networks today due to the lack of fixed or organizational infrastructure. This paper proposes a modification to the existing “fully distributed certificate authority” scheme for ad hoc networks. In the proposed modification, redundancy is introduced by allocating more than one share to each node in order to increase the probability of creating the certificate for a node in a highly mobile network. A probabilistic analysis is carried out to analyze the trade-offs between the ease of certificate creation and the security provided by the proposed scheme. The analysis carried out from the intruder’s perspective suggests that in the worst case scenario, the intruder is just “one node” away from a legitimate node in compromising the certificate. The analysis also outlines the parameter selection criteria for a legitimate node to maintain a margin of advantage over an intruder in creating the certificate.


INTRODUCTION
A network can have mainly three types of infrastructure [2]: routing infrastructure consisting of routers and stable communication links; server infrastructure consisting of on-line servers such as, dynamic host configuration protocol (DHCP) server, domain name system (DNS) and certificate authority (CA) server, in order to provide services to the network; administrative infrastructure consisting of servers supporting the registration of users, issuing of certificates and handling of other network configuration tasks.
Ad hoc networks are characterized as infrastructure-less networks.They are emerging to be "anywhere anytime networks" [1].The main difference between traditional networks and ad hoc networks is the lack of a central administration.Central administration is responsible for providing security services such as defining the security services, policies for the network and pre-distribution of keys to all the participants.The nodes in an ad hoc network are assumed to be energy constrained, mobile and can support limited security [3].Physical security is limited because the nodes can be turned off or stolen by intruders.Military tactical networks, personal area networks, sensor networks and disaster area networks are good examples of practical ad hoc networks.
Ad hoc networks are one of the most researched areas in the present day world.A secure networking system must have one or all of the following characteristics [4]: confidentiality, authentication, integrity, non-repudiation, availability.Dynamic topology, limited bandwidth and hard constraints on energy need to be taken into account when developing a security protocol for ad hoc networks.Network origin, transmission range, node capabilities and network transiency are other factors that might affect the design of a security protocol.
The traditional mechanisms of providing security cannot be applied to ad hoc networks due to their high computational complexity.The security protocol proposed should have low computational complexity and yet provide a high degree of security.
One of the security protocols proposed for ad hoc networks is based on the certificate authority mechanism.In this mechanism, the certificate authority's private key is first divided into parts.These parts or key shares are then distributed among the nodes in the network (one key share per node).In order to communicate, the nodes have to recreate the key.The certificate authority key can be recreated by combining a minimum number of key shares from the total number of shares.The bottleneck arises when the number of nodes required to recreate the key are not found in the communication range (or vicinity) of the node trying to communicate.
In this paper, a modification to the existing "fully distributed certificate authority scheme" is proposed to overcome this bottleneck.In the modified scheme, a node is allocated more than one key share by incorporating redundancy into the network.If more than one key share is given to each node, then the number of nodes required to recreate the CA key are reduced.Thus, a legitimate node will increase its chances of recreating the CA key by the redundancy added to the key management scheme.This redundancy, however, poses a challenge since the chances of an intruder entering the network and compromising the CA key is increased.Hence, the key management scheme should be designed in such a way that the designer can make a choice between ease of recreating the CA key for a legitimate user and the difficulty of compromising the CA key for an illegitimate user or intruder.
An intruder is defined as a node (or its owner) with knowledge of the key management scheme and is capable of recreating the CA key after obtaining sufficient number of key shares.While the legitimate node is programmed with its own key shares, an intruder starts with no key shares at all.While a legitimate node forms a coalition of neighboring to create the certificate, an intruder captures nodes one at time to do the same task.Consider the worst case scenario in which the intruder also forms a coalition of the same number of nodes as a legitimate node.In this worst case scenario, the intruder is just "one node" away from the legitimate node in compromising the CA key.Hence, the design criterion for the key management scheme can be stated as follows: Choose the parameters of the key management such that the gap between the probabilities of creating the CA key with `y' neighboring nodes and `y-1' neighboring nodes is sufficiently large to minimize the compromise.
The rest of the paper is organized as follows.Section 2 discusses the background and related work in ad hoc network security.Section 3 discusses the mathematical formulations needed for the security protocol.Section 4 describes the proposed security protocol.Section 5 presents a probabilistic analysis of the proposed protocol.Section 6 discusses the results and analysis.Section 7 concludes the paper.

WORK
Security attacks can be classified into active and passive attacks.Passive attacks can be caused by eavesdropping or sniffing the network traffic.This is the easiest form of attack and can be done easily in many network environments.Active attacks involve obstruction or fabrication of data transmission by an intruder.In the traditional encryption techniques, whenever one party has to send data to the other, the sender encrypts the data using the common key.The receiver then decrypts the data using the same key.This mechanism is called as the symmetric key encryption [23].In case of asymmetric key encryption every node has a public/private key pair.Public keys are known to everyone in the network.When one node has to communicate with the other node it encrypts the data with the receiver's public key.When the receiver receives data it decrypts it using its private key.In the next section, the mathematical formulations needed to calculate the probability of recreating the CA key are discussed.

FORMULATIONS
In this section, the mathematical formulations needed for the security protocol and its probabilistic analysis are discussed.

Secret Sharing
This method is based upon the Shamir's secret sharing model proposed in [19].In a (k, n) threshold sharing scheme, n denotes the number of nodes and k denotes the minimum number of shares needed to recreate the CA key.Suppose a secret S is to be shared between n nodes, identified by id i =1, 2, 3… n.The dealer performs the following steps.
1.A prime number p is chosen such that p > max(S, n) where, a 0 = sk CA (private key of the CA) 3. The shares for each node are calculated by the equation The shares are then distributed to the respective nodes.
In order to reconstruct the secret key Lagrange interpolation technique is used.
) ( The shareholders have no idea about each others' shares.If a node potentially gains knowledge about k shares it can reconstruct the secret itself.

Proactive secret sharing
Given sufficiently long time an intruder can compromise k nodes and reconstruct the secret.It is therefore important that the shares be updated periodically [21].This is done using proactive secret sharing.The share update can be achieved by adding an update function f update (x) to the existing sharing polynomial function f(x).
The shares are recalculated and distributed to the respective nodes.

Verifiable secret sharing
If any shareholder provides an invalid share, the reconstructed secret will not be the same as the original secret.This can be avoided using verifiable secret sharing [17].
The following steps are involved in the verifiable secret sharing scheme.These services include: registration, initialization, certification, key update, revocation, certificate and revocation notice distribution.Zhou and Haas [20] proposed a threshold cryptography scheme in which the certificate authority services would be divided among a certain number of specialized servers and the CA key would be divided among all the nodes.Each node is capable of generating a partial certificate.In order to recreate the CA key any node must have a minimum of k partial certificates.This mechanism assumes that we have at least some nodes with high computational power (to act like the servers).

Partially distributed certificate authority
Every node and the CA have a public and private key pair.The CA's public key is known to all the nodes and the private key is shared among the nodes according to the Shamir's Secret sharing scheme [19].The bottleneck in this case is that we needed to have special servers with high energy.If theses nodes were to fail, the security paradigm fails.The CA services provided in this scheme are similar to those of the fully distributed scheme which will be discussed in the later part of this section.

Fully distributed certificate authority
Partially distributed certificate authority scheme, discussed in the previous section requires the use of specialized high-energy nodes.This assumption is not always valid in an ad hoc network and hence becomes a bottleneck.To overcome this bottleneck, Luo and Lu [1] proposed a fully distributed CA solution.It uses a (k, n) threshold scheme in order to distribute an RSA certificate-signing key to all the nodes in the network.If there are n nodes in a network the CA private key is divided into n shares.A minimum of k shares is required to recreate the CA key.This eliminates the necessity of having specialized high-energy nodes.It also uses proactive secret sharing mechanisms to protect against the compromise of the CA's signing key.When an intruder enters the network and compromises one node it becomes as good as a valid node.To overcome this problem, an intrusion detection system is required to be present in the network.This intrusion system identifies the misbehaving / compromised nodes and removes them from the network.
The services provided by the CA are share initialization, share update, certificate issuing, certificate renewal and certificate revocation.The services provided by the CA are summarized in the remainder of this section.

Share initialization
In this solution the services of the CA are distributed to all the nodes of the network instead of special servers as in partially distributed CA.The dealer first initializes k nodes and then these k nodes initialize the rest of the network.The certificate services include certificate renewal and certificate revocation.The system maintenance includes the process of addition of new nodes and providing them with a new certificate authority shares.The following are the steps involved in the share initialization stage 1.
The dealer generates a sharing polynomial where a Every node is supplied with its polynomial share (S i ) where id

3.
The dealer publishes k public witnesses, for the coefficients of the sharing polynomial.It then destroys the polynomial and quits.

4.
Each node then verifies its share by checking Whenever a new node joins a network, it needs to find a coalition of k nodes in order to create its own key share.This is because of the absence of the dealer; the new node can form a key share by combining the sub shares, which it gets from the coalition nodes.
Consider a node p joining the network.A node i which is already initialized can generate its sub share using the following equation.
The node then combines all the partial sub shares as follows to create its own share as follows: The joining node should only get to know the final share because is a publicly known value.Any other details would allow the new node to recreate the key shares belonging to the k coalition nodes.To overcome this problem the nodes rearrange the generated partial shares accordingly so that only the value of the shares change but ) ( p id id l i not the secret shared.The following are the steps involved in the process of share initialization for a joining node p.

1.
The joining node p locates a coalition of k nodes B = (id 1 ... id k ) and broadcasts an initialization request.

2.
Every node in the coalition verifies the certificate cert p , of the joining node p and checks that it has not been revoked.

6.
Every node sends its partial share to p.

7.
Node p verifies each share and generates its share.

Share update
Proactive secret sharing is used and the shares are updated periodically in order to make the protocol robust.A polynomial f update (x) is added to the existing sharing polynomial and a new sharing polynomial f new (x) is formed.The shares are recalculated and distributed.

Certificate issuing
In a distributed CA system, the certificates are not issued.The certificates initially created, are only maintained.The dealer is responsible for initializing, registering, and certifying new nodes in the network.

Certificate renewal
Whenever a node p has to renew its certificate it sends a request for renewal to a coalition of k nodes.Each node then checks its CRL to determine whether the old certificate has been revoked.If it has been revoked then the nodes deny the request.
Otherwise they agree to serve the request and a new partial certificate (cert i ) is generated and sent.

Certificate revocation
If a certificate is revoked the public key interface provides a mechanism to inform users about the revocated certificate.Most common method used is certificate revocation list (CRL).A CRL consists of a list of revocated certificates.Every node maintains a CRL.
If a node discovers that any other neighboring node is misbehaving it adds that node to its certificate revocation list (CRL) and floods an accusation against the node in the network.The nodes which receive this broadcast check whether the node which broadcasted this CRL is a part of its own CRL.If it is then this broadcast is ignored otherwise it is accepted and changes are made to the CRL.

Issues with fully distributed certificate authority
We have to obtain at least k shares in order to form the CA's signing key.If a node is unable to find (k-1) other nodes then the key is not formed and hence all the communication comes to a stand still.This is possible in a highly mobile environment.
For example, consider a network with four nodes.In the initialization state the CA's private key is divided into 4 shares and suppose a node requires 3 shares to recreate the key.This situation is shown in Fig. 3.6.1 below.To overcome this bottleneck, the number of shares per node can be increased.The extra shares required can be obtained by introducing redundancy into the network.This proposed solution is discussed and analyzed in detail in the next section.

PROPOSED MODEL
In order to overcome the aforementioned bottleneck, the number of key shares per node can be increased using redundancy in key shares.In the traditional "fully distributed certificate authority scheme", the number of key shares per node is one.In the modified scheme, the number of key shares per node is increased to q.
The distinct n shares are first calculated using the sharing polynomial where the secret to be shared is the private key of the certificate authority.Using redundancy, these n shares are allocated to all the nodes such that each node gets q shares.Now, the total number of shares including the redundant shares is (n.q).The key distribution can be done in the following manner.First, every node is allocated one distinct share.Then the other (q-1) shares per node are selected, from the (n-1) remaining shares such that each node gets q distinct shares.
Consider a network with n nodes.The total number of shares in this scenario, including the redundant shares, is (n.q).The number of distinct shares for a group of y nodes would range from a minimum of y to a maximum of n.
Consider the network discussed earlier, shown in Fig 3 .6.2.Let the minimum number of shares required in this scenario was 3 (k=3).Suppose that node 3 wants to recreate the CA key.Using the original fully distributed certificate authority scheme, node 3 cannot recreate the CA key, because in the traditional scheme the number of key shares per node is one.
In the modified scheme the number of key shares per node is increased to q.
Hence, the number of nodes required to recreate the CA key is less than k.In the above example if the number of shares per node is increased to 2 (q=2), node 3 can recreate the CA key.
The increase in the number of shares per node increases the possibility of the node recreating the CA key even if the number of neighbors is less than k.Hence, in the modified scheme, the total number of nodes required to recreate the CA key can be less than (k-1), since any node trying to recreate the CA key can get the k required shares from less than (k-1) nodes.With the increase in the number of shares per node, the number of nodes needed to recreate the CA key is reduced.
Certificate authority services such as share initialization, certificate issuing, certificate renewal and certificate revocation are provided in a way similar to the original fully distributed CA scheme.
The level of security in case of a single share per node is high, because the intruder has to compromise at least k nodes in order to know the key.This security level decreases when we assign more than one share to the node, as the number of nodes to be compromised decreases.However, this redundancy helps the ad hoc nodes to be more mobile and yet be able to recreate the CA key.The analysis below discusses the trade-off between the degree of security and the ease of recreating the CA key in the proposed scheme.
However, when an intruder enters the network and compromises one node it becomes as good as a valid node.To overcome this problem, an intrusion detection system is required to be present in the network.This intrusion system identifies the misbehaving / compromised nodes and removes them from the network.
The q shares are chosen at random to increase the security provided by the protocol.If shares distributed are fixed, then the level of security decreases as the node knows the node IDs of the corresponding nodes along with the shares.
The next two sections discuss the analysis of the proposed mechanism and discuss the level of security provided by the modified scheme.

EASE OF CERTIFICATE RECREATION VERSUS SECURITY: A PROBABILISTIC ANALYSIS
In this section, we estimate the probability of recreating a certificate when a node is able to communicate with less than k nodes.The security of a network is quantified as the probability of a malicious node compromising the CA key.For the analysis, consider a scenario in which a node has y (< k) neighbors.This coalition might result in at least y and at most n distinct key shares.In order to calculate the total number of ways (f(y + l)) in which the CA key can be recreated consider the number of ways in which the key shares can be distributed among y nodes such that we have y, y + 1, y + 2, …, n distinct keys.Each node is allocated one distinct share followed by (q-1) additional shares from the remaining (n-1) key shares.The number of ways (y + l) key shares can be gathered from y neighbors is given by: where, the first term represents the number of ways (y+l) keys can be selected from n keys, the second term represents the number of ways y keys can be selected from (y+l) keys, the third term represents the number of ways these y shares can be allocated to the y nodes, and the fourth term represents the number of ways in which the remaining shares can be allocated to the y nodes.The probability of recreating the CA key given y neighbors is given by, where, the numerator considers the cases in which at least k shares required to recreate the CA key can be found and the denominator considers all cases including the cases where the required k key shares cannot be found.The above equation also considers into account the maximum number of distinct key shares a legitimate node can gather from a coalition of y nodes, which is either (y.q) or n depending on whether (y.q) is greater than or equal to n or less than n.

Intruder's perspective
This section presents an intruder's perspective in order to quantify the level of security offered by the proposed key management scheme.
If an intruder wants to enter the network using an invalid certificate, his requests will not be served by the nodes.On the other hand, a node could enter the network with a valid certificate and then start compromising other nodes.At some point, the validity of the certificate will be expired.From this point onwards, the intruder will not be able communicate with other nodes.This is a naïve intrusion scenario, in which the intruder gets the certificate only once and gets to compromise the information flowing through the network until the certificate is revoked.
A more advanced intrusion can take place as follows.The intruder starts by capturing one node compromising q number of shares.Then the intruder continues to compromise other nodes one at a time until enough key shares needed to recreate the CA key are obtained.This type of intrusion can be compared to "spying".The spying node pretends to be a legitimate node and continues its covert operations until it gets caught (through intrusion detection techniques).The spying node has as much knowledge and capability as a legitimate node.However, it needs to work towards getting the required neighboring nodes and key shares to recreate the CA key.
From this perspective, it can be observed that an intruder is one node away from the legitimate node in compromising the CA key.Assume that a legitimate node requires a coalition of y number of nodes including itself, to create a valid CA key.An intruder, being as knowledgeable as the legitimate node also requires the same number of nodes to form the CA key.However, an intruder starts with zero key shares, whereas a legitimate node starts with its own share (q) of keys given at the time of deployment.Thus, the intruder is just "one node" away from the legitimate node in compromising the certificate in the worst case scenario.In this scenario, an intruding node forms a coalition of 'y' nodes including itself, and the chances of recreating the CA key for an intruder can be represented as follows:

) ( y p legitimate
Proposition 1: In order to reduce the chances of compromise, the CA key management scheme should be designed to maximize the difference between the probability of creating the CA key with y nodes and the probability of creating the CA key with (y-1) nodes.In other words, a legitimate node has a margin of advantage over an intruder when the parameters of the key management scheme (k,q,n) are selected in the region where ( -) 1 ( − y p legitimate ) is large.

RESULTS AND ANALYSIS
In this section, the theoretical results obtained in the previous section are further analyzed.This analysis aids a network designer to choose appropriate parameters for implementing the proposed key management scheme.The analysis is carried out in two parts.The first part focuses on the ease of certificate creation for a legitimate node due to the added redundancy in the key management scheme.The second part of the analysis considers intruder's perspective in conjunction with that of a legitimate node in order to provide an insight into the selection of the parameters (k,q,n) for a secure design of the key management scheme.
6.1.Ease of certificate key recreation for a legitimate node For the first plot, the values of y, q, and k are fixed at 5, 3 and 10 respectively and for the second plot the values of y, q, and k are fixed at 7, 4 and 20 respectively.
As the total number of nodes in a network increases, the number of distinct shares allocated to the nodes increases.This increases the probability of gathering the required k shares from among the one-hop neighbors.Hence, the probability of the CA key being recreated increases with the increase in the total number of nodes in the network.As the number of neighbors for a given node increases, the possibility of finding k distinct key shares increases.Hence, the ease of recreating the certificate also increases.As the number of shares per node increases the possibility of finding k distinct shares also increases.Hence, the probability of recreating the CA key increases.In a mobile network, the number of neighbors for a given node varies over time.The results obtained are similar to the results presented in [26].The mobility model in [26] states that the average number of neighbors in an ad hoc network is 4.59.
The results obtained show that average number of neighbors at any given time to be around 4.69.This gives us an estimate of how the network should be designed such that it is always possible to recreate the CA key.

Intruder's perspective
In this section, we investigate the security of the proposed key management scheme from an intruder's perspective.The proposed redundancy in the key management scheme increases the ease of creating the CA key for a legitimate node at the expense of reduced security level.The intruder's perspective is expected to provide the network designer with the trade-offs involved in designing the key management scheme.
Four different scenarios are analyzed by varying each of the parameters: n, k, q and y, while keeping the remaining three parameters fixed.In each scenario, the probability of recreating the CA key is compared with the probability of an intruder compromising the CA key.The plots clearly indicate the appropriate values for the design parameters are in the regions in which a legitimate node has a significant margin (in terms of probability of recreating the key) over the intruder.At first look, the graphs suggest that the margin of advantage for a legitimate node is not really significant.However, this observation should be interpreted in the worst case situation, in which the intruder is able to behave exactly like a legitimate node and succeeds in capturing several neighboring nodes.For the first plot the values of n, y and q are fixed at 20, 4 and 3 respectively and for the second plot the values of n, y and q are fixed at 40, 6 and 4 respectively.As the minimum number of shares required to recreate the CA key increases, the number of shares which are to be compromised increases and hence the probability of compromising the CA key decreases.

CONCLUSIONS
In this paper, a modification to the existing fully distributed certificate authority scheme is proposed to make it suitable for a mobile ad hoc network in which forming a coalition of large number of nodes is often difficult.The concept of redundancy in key shares is introduced to increase the probability of recreating the CA key.With redundancy, the level of security provided by the network is less than that of the original scheme.However, the nodes in the ad hoc network can be more mobile than in the original scheme.The ease of certificate recreation and the level of security provided by the modified scheme are analyzed to provide the choices and tradeoffs for a network designer.

1 .
Before the shares are distributed the dealer publishes the witnesses for The underlying trust model used is the TTP model [22].In this model, we have a trusted entity or a trusted CA.This CA arbitrates the trust by signing certificates.Many of the aforementioned protocols [8], [11], [20] use this model.In general, a node is trusted if k nodes claim trust in that node.As mentioned before, the services of the certificate authority are distributed to specialized servers in the secret sharing paradigm.
nodes (i, j)  in the coalition agree on a shuffling factor d ij .One node generates the shuffling factor and encrypts it with the public key of the other node and signs it before sending it to the other node. .It also generates and signs a public witness .The witness is needed to detect and identify any misbehaving coalition nodes if they generate an invalid shuffled partial share.All the shuffling factors and their witnesses are sent to the node p. node p then distributes the shuffling factors and the witnesses received to all the nodes in the coalition.5.Each node in the coalition j now generates a partial share and shuffles it using the shuffling factor.The shuffled partial share

Fig
Fig 3.6.1Initial network Suppose node 3 moves to a location where it has only one neighbor.In this case node 3 cannot recreate the CA key.This situation is shown in Fig. 3.6.2.
the CA's private key being compromised quantifies the intruders knowledge of the CA key.In other words, p intruder (y) is an estimate of the intruder's ability to compromise the network after forming a coalition of y nodes including itself.This analysis leads to an important observation: In order to protect the network,

Fig. 6
Fig. 6.1.1() shows the probability of recreating the CA key as a function of the total number of nodes (n) in the network.Results are plotted for two different scenarios.

Fig. 6 . 1 . 1
Fig. 6.1.1Number of nodes versus probability of recreating the CA key Fig.6.1.2shows the probability of recreating the CA key as a function of the number of neighboring nodes for a given node in the network.For the first scenario, the

Fig. 6
Fig. 6.1.2Number of neighbors versus probability of recreating the CA key

Fig
Fig. 6.1.3() shows the probability of recreating the CA key as a function of the number of shares per node in the network.For the first scenario, the values of n, y and k are fixed at 20, 5 and 10 respectively and for the second scenario, the values of n, y and k are fixed at 40, 7 and 20 respectively.

Fig. 6 . 1 . 3
Fig. 6.1.3Number of key shares per node versus probability of recreating the CA key

Fig. 6 . 1 . 4 .
Fig. 6.1.4.Minimum number of key shares required to recreate the CA key versus probability of recreating the CA key

Fig. 6
Fig. 6.1.5plots the total number of neighbors for a given neighbor as a function of time (in milliseconds) under random mobility model.The results were obtained using a simulator written in C. The nodes changed their position every 100 milliseconds.

Fig. 6
Fig. 6.1.5Time versus number of neighbors the CA key with the available neighbors.

Fig
Fig. 6.1.1() shows the probability of a legitimate node recreating the CA key and the probability of an intruder compromising the CA key as a function of the total number of nodes in the network.These plots clearly indicate that the margin of advantage for a legitimate node over the intruder diminishes as n is increased.

Fig. 6
Fig.6.1.2plots the probability of compromising the CA key as a function of the number of nodes captured.For the first plot, n, q and k are set to 20, 3 and 10 respectively and for the second plot, n, q and k are set to 40, 4 and 20 respectively.As the number of nodes compromised increases the fraction of the distinct shares compromised increases and hence the probability of the CA key being compromised increases at a very fast pace.The plots point out that the CA key is practically compromised if 5 out of 20 nodes (with k = 10 and q = 3) or 7 out of 40 nodes (with k = 20, and q = 4) are captured by the intruder.Fig.6.1.3( ) shows the probability of a legitimate node recreating the CA key and the probability of an intruder compromising the CA key as a function of the number of shares (q) per node.The plots suggest that when q is small, a legitimate node has significant margin of advantage over the intruder.As the number of shares per node increases, the number of shares compromised when y nodes are compromised increases.This leads to an increase in the probability of compromising the CA key.For the first plot the values of n, y and k are fixed at 20, 5 and 10 respectively and for the second plot the values of n, y and k are fixed at 40, 7 and 20 respectively.

Fig
Fig.6.1.4( ) shows the probability of a legitimate node recreating the CA key and the probability of an intruder compromising the CA key as a function of the minimum number of key shares required to recreate the CA key.The plots suggest that large values of k provide significant advantage to the legitimate node over the intruder.
The Diffe-Hellman (DH) key exchange algorithm[4]was one of the first public key algorithms proposed in the literature.It provides a way of exchanging keys securely.RSA is a similar kind of algorithm that also helps in secure exchange of keys.Digital certificates employ public key infrastructure to provide authentication and integrity of the information being transferred.A certificate is a statement issued by trusted party saying that it verifies that the public key belongs to the user.In the popular network authentication techniques such as Kerberos [5], standard X. 509[6]and PKIX [