Introduction and so on. Security [22] is considered to be the major "barrier" in the commercial use of this technology. Security is indeed one of the most difficult problems to be solved in these networks due to lack of centralized network management. Most of the security mechanisms essentially require a secret key or session key or master key to be shared between the two communicating entities. So there is a need to share a key between the sender and receiver without the use of centralized network management or certification authority. Key agreement is one of the basic cryptographic essentials. This is needed in cases where two or more users want to communicate securely among themselves. The first two-party key sharing protocol was introduced by Diffie-Hellman. Since its detection in 1976, the Diffie-Hellman protocol [1] has become one of the most well-known and mostly used cryptographic primitive. In its basic version, it is an efficient solution to the problem of creating a common secret between two participants. Since this protocol is also used as a building block in many complex cryptographic protocols, finding a generalization of Diffie-Hellman would give a new tool and might lead to new and more efficient protocols. But this is an unauthenticated protocol in the sense that an adversary who has control over the communication channel can use the man-in-the-middle attack to share two separate keys with the two users, without the users being aware of this. In this paper, we present a secure two-party key agreement protocol that protects from man-in-themiddle attack. Our protocol is based on Joux's protocol [1] which in turn is the generalization of Diffie-Hellman protocol. One round tripartite key agreement Joux's protocol [1] uses Weil and Tate Pairings and the idea of Diffie-Hellman. These pairings were first used in cryptology as cryptanalysis tools to decrease the complexity of the discrete logarithm problem on some "weak" elliptic curves, but they are also used today to build cryptographic systems. In this paper, we present a secure two-party key agreement protocol for MANET environment. This model extends the popular known Joux's tripartite key agreement protocol [1] to two-partite with minor modifications. Similar to Joux model [1], this model uses pairings or bilinear maps, unlike Joux this model uses threshold cryptography. # Recently Pairing-based ireless technology [22] is suitable of communicating virtually every location on the plane of the earth. Most of the people exchange information every day using pagers, cellular telephones, laptops, several types of personal digital assistants (PDAs) and other wireless communication products. A Mobile Ad hoc NETwork (MANET) is one that comes into practice as needed, without the support of existing infrastructure or any other kind of fixed stations. MANET is an independent system of mobile hosts (also serving as routers), connected by wireless links. In a MANET, no infrastructure exists and the network topology may dynamically change in an unpredictable manner since nodes are free to move. The important natural characteristics of MANETs [22] include frequently changing Topology, Lack of Central Administration, Battery Power supply or Restricted Energy, Restricted bandwidth, Physical Security fear. Ad hoc networks are particularly prone to malicious behavior. Lack of any centralized network management or certification authority makes these dynamically changing wireless structures extremely vulnerable to penetration, eavesdropping, interference, W Year 2015 cryptography in the form of Identity-based cryptography has become a highly working research issue. The paper is organized as: Section II discusses on the background fundamentals needed to understand the proposed model. Section III discusses on the previous work done to share a key between two entities using pairings. Section IV talk about the detailed description of the proposed model. Section V gives the software implementation of the proposed model and Section VI confers the conclusion and future enhancements that can be done to improve the model. # II. # Preliminaries a) Bilinear Maps The bilinear map was proposed originally as a tool for attacking elliptical curve encryption by reducing the problem of discrete algebra on an elliptical curve to the problem of discrete algebra in a finite field, thereby reducing its complexity. However, this method has been used recently as an encryption tool for information protection, instead of an attacking tool. Bilinear pairing is equivalent to a bilinear map. Consider two additively written abelian groups A1 and A2; the identity element being 0. Also consider a multiplicatively written cyclic group C; the identity element being 1. A pairing [2][17] on A , A and C is a non-degenerate, bilinear map A bilinear pairing e is a function which maps a pair of points on an elliptic curve E, defined over fields A1 and A2, to an element of the multiplicative group of a finite extension field C. This mapping is said to be pairing as it maps a pair of elliptic curve points. The pairing e has the following characteristics: Non-degenerate: Given a point the re e xis ts a point s uch tha t e ; Whe re is the p oint at infinity on the elliptic curve over the finite field A1. # Bilinear: for all points This can be redefined in the following way: Computable: There exists a computationally efficient algorithm to find e(X, Y) for all X Laws of Bilinear Pairings: The following equations holds good for the bilinear pairing e. Consider X is the p oint a t Infinity. where and C are cyclic groups of prime order p written additively and multiplicatively respectively. The second type of pairing called Asymmetric Pairings are of the form The first form is just the special case with A2= A1. Asymmetric Pairings are further divided into two types and hence leading to totally three types of Pairings [19] Type 1: A 1 = A 2 Symmetric Pairing; Type 2 : As ymmetric Pa iring but there is a n efficiently computable homomorphism function Type 3 : Asymmetric Pairing and there are no efficiently computable homomorphism functions between A 1 and A 2 . # b) Threshold Cryptography Let t and n be positive integers, t threshold scheme [25] is a method of sharing a secret K among a set of n participants in such a way that any t participants can compute the value of the secret, but no group of t?1 or fewer can do so. Let the set of participants be denoted by E. The value of the secret K is chosen by the dealer, denoted D, who is a special participant not in E. When D wants to share the secret K among the participants in E, D gives each participant some partial information, called a share. The shares are distributed secretly, so no participant knows any other participant's share. At a later time, when some qualified subset of participants F ? E want to compute the secret K, they will then pool their shares together. The most famous construction of a (t, n)-threshold scheme, called the Shamir Threshold Scheme [18][21], is invented in 1979. Therefore, a (t, n) threshold secret sharing scheme can protect the secret against an adversary who can intercept at most t ? 1 paths. In t he proposed model D don't want to share the secret K among several participants in E, but D wants to share the key with the other end of communication say G, with whom he wants a secure communication. So D sends the shares of the e : A 1 × A 2 ? C. 1 2 O ? X ? A 1 Y ? A 2 Y ? A 2 O X, X 1 , X 2 ? A 1 , and Y, Y 1 , Y 2 ? A 2 and u, v ? Z we have e(X 1 + X 2 , Y 1 ) = e(X 1 , Y 1 ) e(X 2 , Y 1 ), e(X 1 , Y 1 + Y 2 ) = e(X 1 , Y 1 ) e(X 1 , Y 2 ). e([u]X, [v]Y) = e(X, Y) uv = e([v]X, [u]Y;. where [u]X = X + X +..+ X (u times) ? A 1 and Y ? A 2 . ?A 1 , and Y ? [11] and Tate Pairing [5]. Pairings in elliptic curve cryptography are functions which map a pair of elliptic curve points to an element of the multiplicative group of a finite field. A 2 and u, v ? Z and O e(X, O) = e(O, Y) = 1 e(-X, Y) = e(X, Y) -1 = e(X, -Y) e([u]X, Y) = e(X, Y) u = e(X, [u]Y) e([u]X, [v]Y) = e(X, Y) uv e : A 1 × A 1 ? C, A 1 A 1 ? A 2 ? : A 2 ? A 1 ; A 1 ? A 2 There are two types of pairings commonly used in the cryptography literature. The first type of pairing called Symmetric Pairings are of the form secret key K through n independent paths [24] to G. When G receives at least t shares, he can recover the secret and there by a key is shared between D and E. Year 2015 e : A 1 × A 2 ? C, where A1, A2 are additively written cyclic groups of prime order p and C is a multiplicatively written cyclic group of prime order p. The opponent is facing the challenge of getting at least t shares by intercepting t paths at the same time, unless until he cannot recover the secret key. # III. # Related Work There are many key agreement protocols based on bilinear maps, and later most of them have been broken. One of the first applications of pairing based cryptography was a tripartite key agreement protocol given by Joux [1]. This key agreement protocol does not authenticate the users, and thus is subject to the attack namely man-in-the-middle. Of course, it was an important step in the advancement of pairing based cryptography. This protocol only uses pairings especially Tate pairing but does not use identity-based cryptography. Many key agreements from bilinear maps and identity based cryptography have been since proposed. Scott [7], Smart [8], and Chen and Kudla [6] have proposed two-party key agreement protocols, none of which have been broken. All of these schemes require that all parties involved in the key agreement are clients of the same Key Generation Centre (KGC). Nalla recommends a tripartite identity-based key agreement in [9], and Nalla and Reddy recommends a authenticated tripartite identity-based key agreement scheme in [10], but both have been broken down [12,13]. Shim presents two key agreement protocols [14,15], but both of these schemes have been broken by Sun and Hsieh [16]. Another authenticated tripartite key agreement protocol recommended by Al-Riyami and Patterson [3] was broken by Shim [4]. Cullagh and Barreto recommend a two-party identity based authenticated key agreement. Most of the above protocols are based on identity-based cryptography. Our proposed model is based on Joux's Protocol [1] # b) Diffie-Hellman Assumption In this subsection we specify the version of the Diffie-Hellman problem which we will require. Consider the triple < A , C, e > where A , C are two cyclic subgroups of a large prime order q and e : A1 x A ? C is a cryptographic bilinear map. We take A as an additive group and C as a multiplicative group. # Bilinear Diffie-Hellman BDH Problem The strength of Joux's protocol is based on the Bilinear Diffie-Helman (BDH) [2] assumption. Let P be the generator of A1 and a, b, c are positive integers . The BDH assumption considers the computation of e(P, P) given to be hard. When A and B receives at least t shares of Si and Ri respectively, they can reconstruct S and R as Hence unless the adversary intercepts at least t shares of Ri and Si, he cannot reconstruct R and S and therefore the key. Also the key is the session key that has small life time i.e., over a single session; hence the time scope for adversary to reconstruct the key is small, thereby protecting the protocol from man-in-the-middle attack. # c) Man-in-the-middle Attack V. # Implementation The proposed key agreement protocol is implemented in software using the Pairing-Based Cryptography Library (PBC) [20]. The results are as follows: The Elliptic curve is chosen as: y2 = x3 + x, with x, y elements of a Field Fq; q is a prime number. A1 is a subgroup of E(Fq). C is a subgroup of Fq2. There Year 2015 To counter this we apply the concept of threshold cryptography for steps 1 and 2; steps 3 and 4 remain the same. The secrets 'u' and 'v' are split into n shares each using Shamir's secret sharing mechanism [21] to get u i and n, whe re n is the numbe r of multiple independent paths that exist between sender and receiver. The shares of the products [u] P and [v]P are then calculated as R i = [u i ]P and S i = [v i ]P. These shares are then exchanged through n independent paths with the other party as shown in # Conclusion and Future Scope In this article, we described a generalization of the Diffie-Hellman protocol and Joux Protocol to twoparties. Our two-party key agreement protocol uses the pairings and threshold cryptography concepts. Our model also does not assume a centralized trusted authority, which is difficult to establish in MANET environment. Therefore, this new protocol seems quite promising as a new building block to construct new and efficient complex cryptographic protocols. On the other hand, there is a scope to ensure the integrity of the secret shares. Additionally, there is scope to use this shared secret key in pairing based cryptography for encryption and decryption of messages, there by secret transmission of messages between the two communicating parties. 1![? n. A (t, n)-Two-Party Threshold Key Agreement Protocol for Manets using Pairings © 2015 Global Journals Inc. (US) Global Journal of C omp uter S cience and T echnology Volume XV Issue IV Version I ( ) Some of the examples of cryptographic bilinear maps are Weil Pairing](image-2.png "1 2E") ![. It uses bilinear maps (Pairings) and Threshold cryptography concepts. It does not uses Identity based cryptography(IDC) because IDC needs the use of Key Generation Centre (KCG), a centralized controller and which is infeasible in MANETs environment . a) Joux's Protocol Joux Protocol [1] considers the three communicating parties A, B and C want to share a secret key KABC among them. Let A, B and C chooses random integers u, v, and w res pec tively. Consider the Symmetric Pairing e: A C and P is the generator of the cyclic group A1 publicly known. The Protocol continues as follows and shown in Fig. 1: From the laws of bilinear pairings, K result in the same value, say K . So common agreed key of A, B, C . ? Assumption : Bilinear Diffie-Hellman (BDH) [2] [Sec. 3.2.] problem is hard to compute. ? Security : Secure against passive opponent under the assumption that BDH problem is hard. ? Efficiency : ? Communication : Number of Rounds required is 1; number of group elements sent are 3. Computation : 3 scalar multiplications; 3 pairing computations; 3 exponentiations.](image-3.png "") ![Let three parties A, B, C respectively have chosen secrets at random and let D be the Consider the Symmetric Pairing e: A x A C a nd P is the generator of the cyclic group A1 publicly known. The attack functions as follows: D intercepts [u]P and instead sends [u']P to B, C.](image-4.png "") 1![1. A ? B, C : [u]P 2. B ? A, C : [v]P 3. C ? A, B : [w]P 4. A computes K A = e([v]P, [w]P) u 5. B computes K B = e([u]P, [w]P) v 6. C computes K C = e([u]P, [v]P) w K ABC = K A = K B = K C = e(P, P) uvw . ? B, C: [u]P. 2. B ? A, C: [v]P. D intercepts [v]P and instead sends [v']P to A, C.](image-5.png "1 × A 1 ?") 1![Figure 1: Joux's Tripartite Key Agreement](image-6.png "Figure 1 :") ![3. C ? A, B: [w]P. D intercepts [w]P and instead sends [w']P to A, B. 4. A computes K 1 = e([w']P, [v']P) u 3 = e([u']P, [w]P) v' = e(P, P) u'v'w . v ? . 1. A ? B : [u]P 2. B ? A : [v]P 3. A computes e(P, [v]P) u = e(P,P) uv . 4. B computes e([u]P, P) v = e(P,P) uv .](image-7.png "") 231![Figure 2 : [u]P and [v]P exchanged between A and B without Threshold Cryptography (i.e without dividing into n shares)](image-8.png "Figure 2 :Figure 3 : 1 4") ![Fig 3. The n independent paths used to transmit [u i ]P and [v i ]P arev i ? 1 ? i ? q = 3 modulus 4. r = order of A1 = prime factor of q+1. h = cofactor = #ECC(Fq) / r.The values for the parameters of the elliptic curve are chosen as:The below figure shows the output of the proposed model using the above elliptic curve parameters and pairing based cryptography library:From the above execution, the key K shared between the two communicating parties A and B takes the value as (for certain integer values of u and v):](image-9.png "") © 2015 Global Journals Inc. (US) * AntoineJoux One Round Protocol for Tripartite Diffie-Hellman. LNCS 1838 Berlin Heidelberg Springer-Verlag 2000 * IanFBlake GadielSeroussi NigelPSmart Advances in Elliptic Curve Cryptography London Mathematical Society Lecture Note Series Cambridge University Press 2005 317 * Tripartite authenticated key agreement protocols from pairings SSAl-Riyami KGPaterson IMA Conference on Cryptography and Coding 2898 2003 Springer-Verlag * Cryptanalysis of Al-Riyami-Paterson's authenticated three party key agreement protocols. Cryptology ePrint Archive KShim 2003/122, 2003 Report * Efficient algorithms for pairing-based cryptosystems PS L MBerreto HYKim MScott Advances in Cryptology -Crypto '2002 Springer-Verlag 2002 2442 * Identity based authenticated key agreement from pairings LChen CKudla Cryptology ePrint Archive 2002/184, 2002 Report * Authenticated ID-based key exchange and remote log-in with insecure token and PIN number MScott 2002/164, 2002 Report Cryptology ePrint Archive * An identity based authenticated key agreement protocol based on the Weil pairing NPSmart Electronics Letters 38 2002 * ID-based tripartite key agreement with signatures. Cryptology ePrint Archive DNalla 2003/144, 2003 Report * ID-based tripartite authenticated key agreement protocols from pairings. Cryptology ePrint Archive DNalla KCReddy 2003/004, 2003 Report * Identity Based Encryption from the Weil Pairing DBoneh MFranklin Advances in Cryptology -Crypto '2001 Springer-Verlag 2001 2139 * Security analysis on Nalla-Reddy's IDbased tripartite authenticated key agreement Year ZChen 2015 * ArchiveCryptology Eprint 2003/103, 2003. 2003/103 Report * Cryptanalysis of ID-based tripartite authenticated key agreement protocols KShim Cryptology ePrint Archive 2003/115, 2003 Report * Efficient ID-based authenticated key agreement protocol based on Weil pairing KShim Electronics Letters 39 8 2003 * Efficient one round tripartite authenticated key agreement protocol from Weil pairing KShim 2003 * Security analysis of Shim's authenticated key agreement protocols from pairings. Cryptology ePrint Archive H.-MSun B.-THsieh 2003/113, 2003 Report * Extending Joux's Protocol to Multi Party Key Agreement RanaBarua RatnaDutta PalashSarkar INDOCRYPT 2003 LNCS 2904 Berlin Heidelberg Springer-Verlag 2003 * SorinIftene Secret Sharing Schemes with Applications in Security Protocols. Thesis submitted to the University of Iasi for the degree of Doctor of Philosophy in Computer Science * DSteven KennethGGalbraith NigelPPaterson Smart 10.1016/j.dam.2007.12.010 Pairings for cryptographers Elsevier 2008 20 PBC (Pairing-Based Cryptography) Library * How to share a secret AShamir Communications of the ACM 22 11 1979 * CarlosDe MoraisCordeiro AD HOC AND SENSOR NETWORKS Theory and Applications -Copyright © 2006 by World Scientific Publishing Co. Pte. Ltd * NoelMccullagh PauloS L MBarreto A New Two-Party Identity-Based Authenticated Key Agreement -Topics in Cryptology-CT-RSA 2005 Springer * An Efficient Secure Message Transmission in Mobile Ad Hoc Networks using Enhanced Homomorphic Encryption Scheme -Global Vnkv SubbaGorti &Rao Dr Garimella Uma Journal of Computer Science and Technology 13 2013 Issue 9 Version 1.0 Year * Advances in Wireless Ad Hoc and Sensor Networks -Springer Science & Business Media DeyingMaggie Xiaoyan Cheng Li Dec-2008 15