Incentive-Based Optimal Nodes Selection Mechanism for Threshold Key Management in MANETs with Selfish Nodes

Most of the previous work on threshold-cryptography-based distributed CA concentrates on the initial systems configurations and concrete protocols design, ignoring the efficiency and effectiveness of the key management service during its operation, and always assuming that there are honest nodes to carry out the service faithfully. This paper focuses on developing a selection mechanism in MANETs with selfish nodes, to dynamically select a coalition of nodes carrying out the threshold key management service optimally during system operation. First, we formulate the dynamic nodes selection problem as a combinatorial optimization problem, with the objectives of maximizing the success ratio of key management service and minimizing the nodes' cost of security and energy. Then, to ensure truth telling is the dominant strategy for any node in our scenario, we extend the payment structure of the classical Vickrey-Clarke-Groves (VCG) mechanism design framework and divide the payment into pieces to the nodes, with the consideration of their actual execution effectiveness. Simulations show that the proposed mechanism enjoys improvements of both the success ratio of key management service and lifetime of the network, as well as reductions of both the cost of participating nodes and compromising probability of MANETs, compared with the existing work.


Introduction
A mobile ad hoc network (MANET) is a network consisting of a collection of nodes capable of communicating without relying on a fixed infrastructure and is characterized by some of the features like lacking infrastructure, dynamic network topology, distributed operation, variable capacity links, use of low power devices, and so forth.This makes ad hoc networks financially viable and have tremendous potential for communications in battlefields, disaster recovery areas, and other environments such as collaborative computing and communications in smaller areas.For MANETs, publickey cryptography (PKC) is appealing in offering security support, due to its effectiveness in facilitating essential security services such as digital signatures and key management.However, the traditional public key infrastructure (PKI) supporting key management approaches require a global trusted certificate authority (CA) to manage public key certificates used to generate confidence in the legitimacy of public keys for the nodes of the network.This makes it difficult to deploy the PKI in MANETs, since this type of networks does not have any form of online or offline authority [1].Even if the service node can be defined to act as an authority, maintaining such a centralized server and keeping its security and availability in such a dynamic network is a difficult task.Key management for MANETs therefore needs to mitigate the unreliability of basic CA services by taking on a distributed, self-organizing nature [2][3][4][5][6][7][8][9].
However, previous work on this subject mainly concentrates on the initial systems configuration and concrete protocols design of distributed CA itself and ignores the problem of how to select a threshold number of nodes from the set of all partial certificates during its operation with the consideration of attributes of all nodes in the network.Instead, a random selection scheme is often assumed or implicated.To the best of our knowledge, the only paper addressing the problem of optimal nodes selection for threshold key management in MANETs is [10], where the dynamic nodes selection process is formulated as a multiarm bandit problem.Then, an optimal selection scheme is proposed to select the best nodes to be International Journal of Distributed Sensor Networks used as private key generators (PKGs) from all available ones with the consideration of their security conditions and energy states.This scheme has nice features of decreasing network compromising probability and increasing network lifetime in MANETs.
There are still some problems suffering from the existing schemes, including the one proposed in [10]: (i) they do not consider the effectiveness of the key management.Given a crypto threshold , more than  correct replies from nodes make a key management service successful.The success ratio must be kept at a high level under all circumstances to provide useful and effective key management services; (ii) they always assume that the nodes in MANETs cannot act rationally and strategically (i.e., each node follows the protocol specification by assumption).
In this paper, we present incentive compatible optimal nodes selection (ICONS), a mechanism which dynamically implements the optimal nodes selection for threshold key management based on the nodes' security and energy states truthfully in dominant strategies.Specifically, we formulate the dynamic nodes selection problem as combinatorial optimization problem [11], by combining two objectives of maximizing the success ratio of key management service and minimizing the nodes' cost of security and energy into a single weighted objective firstly.And then we extend the classical Vickrey-Clarke-Groves-(VCG-) [12] based mechanism design framework [13] to allow for implementing an objective function which is not quasi-linear and then divide the payment into pieces to the nodes according to their outcomes at current stage.The proposed mechanism not only enjoys the same nice features as the scheme in [10] (decreasing network compromising probability, lowering the energy cost, and prolonging network lifetime) but also achieves more performance benefits of increasing the success ratio of key management service and allowing the nodes in MANETs to remain truthful in the scenario where they act rationally and selfishly.
The rest of the paper is organized as follows.The next section reviews related work.Section 3 formulates the optimal nodes selection model for threshold key management in MANETs.Section 4 presents the incentive compatible optimal nodes selection mechanism and proves its correctness and truthfulness.The performance of our model is evaluated via detailed simulations in Section 5. Finally, this paper is concluded and discussed in Section 6.

Related Work
In this section, we review the related work in threshold-cryptography-based distributed CA (DCA) and mechanism design application in MANETs.

Threshold-Cryptography-Based DCA in MANETs.
A DCA is realized through the distribution of the CA's private key to a number of shareholding nodes.The design of a DCA based on threshold cryptography is suggested in [14] firstly and then applied to solving the key management problem in MANETs in [2] by letting a set of nodes in the network share the system secret.From then, many DCA schemes in MANET have been proposed, which can be classified as partially or fully distributed certificate authorities [15].
In partially implemented DCA, services of the CA are distributed to a set of specialized server nodes using secret sharing.Each of these nodes can generate partial certificates and a user can create a valid certificate by combining enough number of these partial certificates.In [5], a cluster-based partially DCA architecture in MANETs is established.First, a cluster head assisted CA locating scheme is proposed to shift the responsibility of CA discovery from each user node to cluster heads, which greatly reduces service response time and system overhead.Then, a share update procedure is also proposed to resolve the multiple initializations problem and achieves fast systemwide update.The authors of [6] propose a partially distributed certificate management mechanism that can handle mobility of nodes for MANET.The mechanism segregates the roles of certification authority to keep with the dynamic mobility of nodes and handle rapid and random topological changes with minimal overhead.The mobile certificate authority (MOCA) key management framework is proposed in [7] based on threshold cryptography to provide authentication service for MANETs.MOCA utilizes a carefully selected set of mobile nodes to function as a collective certificate authority while the MOCA nodes are kept anonymous.Equipped with a novel routing protocol designed to support the unique communication pattern for certification traffic, MOCA achieves high availability key management and authentication service with intuitive metrics to measure the provided quality of service.Then, the authors of [16] extend the MOCA framework by proposing and evaluating a key management scheme that suits the dynamic nature of an ad hoc network.To enhance the robustness and security of the threshold key management scheme, the authors of [4] propose a secure and robust key management scheme (SRKM) based on threshold cryptography, making it more difficult for mobile adversaries to violate the secrecy of the private key of certification service, even if they compromise more than a threshold number of nodes.
In fully distributed CA, services of a CA are distributed to all nodes using secret sharing, and each of these nodes can generate partial certificates.Since almost all the neighbors of a requesting node hold shares of the DCAs private signature key, fully distributed CA reduces the communication delay and improves the availability.The authors of [8] distribute the functionality of conventional security servers, specifically the authentication services, so that each individual node can potentially provide certification services for other nodes in MANETs.Centralized management is minimized and the nodes in the network collaboratively self-secure themselves.Then, the authrs of [17] propose a modification to the scheme in [8] to make it suitable for a mobile ad hoc network in which forming a coalition of a large number of nodes is often difficult.The concept of redundancy in key shares is introduced to increase the probability of recreating the CA key for a node in a highly mobile network, by allocating more than one share to each node.In [3], a scheme called autonomous key management (AKM) is proposed to provide a self-organizing and fully distributed key management service, which uses hierarchical structure to ensure flexibility and adaptability and uses verifiable secret sharing (VSS) to resist active attacks.The authors of [9] propose a fully distributed trust model based on trust graph for mobile ad hoc networks, where nodes have a similar role and do not need to assign any special functions to a subset of nodes.This scheme allows users to fully control the security settings in the network and allows nodes to generate, store, and distribute their public key certificates without any central server or trusted party.The scheme is developed for open networks, in which nodes can join/leave the network without any centralized administration.The joining operation is performed by a coalition of member nodes to allow access to a new node.

Application of Mechanism Design.
Mechanism design is the subfield of microeconomics and game theory that considers how to implement an optimal systemwide solution to problems that involve multiple self-interested players, each with private information about their preferences for outcomes [13].It is a useful and powerful tool to design protocols in the environment where the players may deviate the given protocol specification if it is beneficial for them to do so, and has been used extensively in MANETs environments.
The work in [18] proposes ad hoc VCG, a reactive routing protocol for MANETs that is robust against individual selfishness of the communication nodes and achieves costefficiency and truthfulness.This scheme works well in the MANETs environment, where the communication nodes are assumed to be selfish and need to declare their cost of energy in order to compute a cost-efficient communication path.Following this approach, the authors of [19] present low overhead truthful routing protocol (LOTTO), a lowoverhead truthful routing protocol for route discovery in MANETs with selfish nodes by designing incentives based on VCG mechanism [12], to prevent nodes from revealing fake information and ensure truth telling to be the dominant strategy among all nodes.In [20], a mechanism-design-based model is proposed to motivate nodes that do not belong to the confident community to participate in being selected as RA, by giving them incentives in the form of trust.An RA selection algorithm is also proposed in this paper to select nodes based on a predefined selection criteria function and nodes location.In [21], a novel surveillance mechanism is proposed to observe the packet-dropping behavior of suspicious insiders.It quantifies the threat level of the suspicious insiders and then realizes an incentive-compatible surveillance scheme to motivate the rational monitors to cooperate, by rewarding the cooperating monitors and punishing the violating monitors.The authors of [22] study the leader election in the presence of selfish nodes for intrusion detection in MANETs and propose an integrated solution for prolonging the lifetimes of mobile nodes and prevent the emergence of selfish nodes.Reputations are computed in [22] also by using the wellknown VCG [12] mechanism design as a theoretical tool.
These existing studies clearly show that mechanism design becomes prevalent in many engineering applications in MANETs.It provides a rich set of mathematical tools and models to motivate the nodes to reveal truthfully their selection criteria function.However, there is no much work on applying mechanism design theory to threshold key management in MANETs, where the success of the key management task is highly dependent upon the distributed collaboration of a coalition of rational and selfish nodes.

Optimal Nodes Selection Model
3.1.System Models.MANET, in this study, is represented by an undirected graph G = (N, L), where N = {1, 2, . . ., } is the set of wireless nodes including a leader, and L is the set of communication links between the nodes.To keep the security and energy information current, we divide the time axis into stages, which correspond to the time intervals between two continuous key management tasks of the MANET.The stages are indexed by the integers, so in each stage  only one threshold key management task can be completed by a coalition of nodes cooperatively.
At each stage, the leader takes the role of selecting the best nodes from N to act as server nodes based on the security and energy states of each node, and pays each selected node according to its completion of assigned task or not.Each server node has its own share of the private CA key and participates in the process of threshold key management in the current stage.Sometimes, we also call a server node a active node and call a nonserver node a passive node.The leader is not necessarily a special node in MANET.Instead, it can be elected dynamically from the nodes set N by a leader election algorithm.The aim of a leader election algorithm is to ensure that a suitable node in a network will be selected as the leader to perform a task whenever needed [23].Since in this paper we mainly focus on developing an incentive compatible optimal nodes selection mechanism, to encourage each node in the system to be truth-telling, the details of the leader election are out of the scope here.There are several leader election researches that have been done for MANETs and wireless sensor networks [22,24,25].

Security Model. Denote by 𝑠 𝑡
the security state of a node  ( ∈ N) at the stage .Security state represents the security condition of a node and can be monitored by node itself with a local intrusion detection system (IDS).Assume each node  has a finite number of   states in security state space S, and each security state    evolves according to an   -state Markov chain with one-step transition probability matrix as follows: where  ∈ {0, 1} stands for an action.Action 1 means that the node is active, and action 0 means that the node is passive.

Energy Model.
We represent each node 's energy state at stage  as    , which can also be detected locally.We assume that the continuous battery residual energy can be divided into discrete levels, denoted by E = ( 1 ,  2 , . . .,  ℎ ).To foresee the energy consumption at the current stage, we model the transition of energy levels of nodes in MANETs as a Markov chain with one-step transition probability matrix [26] as follows: International Journal of Distributed Sensor Networks The state set of    is represented as Π  and we have evolves with one-step transition probability matrix as follows: where    is security state transition probability matrix,    is energy states transition probability matrix, and ⊗ denotes the Kronecker product.

Cost Model.
The costs associated with each node  at stage  are defined as security cost   (   ,    ), from a potential compromise of the node, and the energy cost   (   ,    ).The action adopted by node  at stage  is denoted as    ∈ {0, 1}.Then, the instantaneous cost of node  at stage  is where  ∈ (0, 1) is the weight factor for the two kinds of costs and could be adjusted according to circumstances.We then extend the cost model to more realistic settings by considering the network lifetime as follows: where    is node 's energy level at stage .Since just one message is needed for a passive node to report its states to the leader, the cost of a passive node can be assumed as a constant in a given stage .Then, the node 's cost at stage  can be denoted as where constant   is the cost of a messages transmission in stage .
If there are  active nodes at stage  (when (, ) secret sharing is used in the threshold key management scheme), then the cost of all the nodes for key management is where { 1 ,  2 , . . .,   } ⊂ N denotes the set of all active nodes at stage .

System Value Model
. Key management service consists of a set of tasks and procedures supporting the establishment and maintenance of keying relationships between authorized parties [27], such as new node authentication and admission, generation and distribution keying material, update/revocation/destruction of keying material, bootstrapping, and maintenance of trust in keying material.Without loss of generality, we assume that the key management task at each stage  has a certain value   to the system, which is determined by the expected gain that system could gain from successful completion of this task.For example, the task of joint authentication has a higher gain for the system to admit a new node to join the network than that of joint session key establishment for two existing peer nodes, because joint authentication might enlarge the network scale.So, the former can be assigned a value of 200 while the latter just be assigned 120.
In the presence of attacks, an active node may fail to complete its assigned task of key management to act as a server node.Let   = {  1 ,   2 , . . .,    } be the vector of task completion at stage , where    (0 ≤    ≤ 1) is node 's success ratio to fulfill its assigned task at stage , and if there are  active nodes { 1 ,  2 , . . .,   } which are selected by the leader to cooperatively complete the key management task at this stage, then the expected system value will be We assume that there is a map  : S → [0, 1], defined from the security state    of each node  to the success ratio    ; that is,    = (   ).

Optimal Selection Model.
We denote by U the class of all admissible nodes selection policies.The admissible policy  ∈ U is a  ×  matrix, whose element of the th row and the th column is    , representing the action taken by node  in stage .The optimal nodes selection policy  * is the policy that achieves the system objective.

3.2.1.
Cost.The total cost of system at stage  is defined in (8), and the optimization objective is to find the optimal policy   * to minimize this cost as

System
Value.The expected value of system at stage  is defined in (9), and the optimization objective is to find the optimal policy   * to maximize this value as

Optimal Nodes Selection
Policy.Now, we have two important but conflicting objectives: minimizing the expected system cost (10) and maximizing the expected system value (11), and both have their own optimal policy   * and   * .Hence, there is an intrinsic tradeoff between cost minimization and system value maximization.By introducing a new system parameter  ∈ (0, 1) to combine these two objective functions together into a single objective function and using the weighting method [28], we formulate this multiobjective programming problem as a combinational optimization problem as follows: where the value of weight factor  ∈ (0, 1) can be set according to the application.For example,  can be set to a value close to 1 in a battlefield MANET, in order to reflect the fact that the improvement of the success ratio of the key management task is more important than the reduction of the cost in the battlefield network.By contrast, in a civilian MANET,  can be set to 0 to reflect the fact that the reduction of the costs is more important than the improvement of the success ratio of the key management task in the civilian network.
Since  ∈ (0, 1), we have (1 − ) ∈ (0, 1) and so we rewrite (12) as follows: Then the coefficient (/(1−)) can be omitted for simplicity, and we have By this we do not lose generality because when  is given, we can substitute "  " for "(/(1 − )) ⋅   ", so that the coefficient of the new variation is equal to 1.

Incentive Compatible Optimal Nodes Selection Mechanism Design
As stated before, mechanism design [13,29] is concerned with the situation where a policy maker faces the problem of aggregating the individual preferences into a collective decision and the individuals' actual preferences are not publicly known and studies how to elicit this privately held information and how the information revelation problem constrains the way in which social decisions can respond to individual preferences.To implement optimal nodes selection objective defined in (14), we apply game-theoretic approach to mechanism design and formulate the nodes selection process at each stage  as a game where  mobile nodes in the MANET are the players.Based on this model, we can design incentives to encourage each node in revealing its true information and honestly participate in the threshold key management process.
We assume that all nodes in the MANET are owned by rational and strategically selfish individuals, whose objectives are to maximize their individual goals.For this reason, these nodes may not always participate honestly in threshold key management, since this might cause security compromising and consume the nodes' resources, including battery power, bandwidth, and CPU cycles.But as discussed in Section 3, the leader here can take the role of nodes selection and reputations payment loyally.In this study, we just deal with the battery power consumption and security compromising, but our model can be extended to include more general cases straightforward.

The Mechanism.
In each stage , the leader initiates the game by asking each node, including itself, to reveal its type.Then, each node  plays game by revealing its own private information based on its strategy    drawn from an available strategy set Ξ = {Truth, Untruth}, according to how much the node values its utility with a utility function.If the node's strategy is "Truth" then the node reveals the true type to the leader.If the node's strategy is "Untruth", then the node reveals a fake type to the leader.After receiving the revelations from each node, the leader takes these revelations as the input and makes its selection of  nodes out of N by using a given selection function.Each selected node is assigned a task to act as a server node and then cooperatively completes the current threshold key management task with other selected nodes.Finally, the leader pays the nodes by computing the payments vector   = (  1 , . . .,    ) with a payment function.Payments are used to motivate nodes to behave in accordance with the mechanism goals.
In the rest of the paper, we use    = (   ,    ) to denote the real type of node  at stage , and use superscript " ∧ " to denote the type which is revealed to the leader, so to differentiate it from what is privately known by node itself.And use "−" to denote all the other nodes in nodes set N except .Now we define ICONS mechanism which implements our optimal objective as follows.

Selection Function.
Given the input of nodes' revealed type vector θ at stage , the mechanism of choosing  nodes from nodes set N that maximizes the system's welfare can be formulated as follows: A branch and bound method [30] can be applied to allow us to find the optimal set of  nodes  *  N from MANET's nodes set N as defined in (15), with reduced computational cost.

Payment Function. Let 𝑞 𝑡
∈ {0, 1} denote the node 's completion of assigned key management task in stage  if this node is active, where 1 means success in completing this task and 0 means fail.The payment will be given to each node  International Journal of Distributed Sensor Networks by the leader in the form of reputation [31], according to the following payment function: To let the leader detect if a selected node completes its task or not, we follow the previous work on developing an integrated fault-intrusion tolerance framework [32,33] and do not differentiate between malicious faults and normal server failures (e.g., node crash, network disconnection, power failure, etc.) in our scenario.The detection method proposed in [34] that detects the corrupted shares for the proactive secret sharing can be adopted here, by checking if the node participates in the process with the presence of an uncorrupted share of system's secret.A recent similar work is found in [35,36], which uses Shamir's secret sharing scheme to detect malicious activities in the encrypted networks such as virtual private networks (VPNs) that encrypt and conceal network traffic.Now, we get the utility function for node  at stage  as follows: where    is the instantaneous cost of node  at stage , as defined in (7);    (  * N , θ  , θ − ) is the payment defined in (16) given by the mechanism to the node , when the coalition of  nodes selected from N to cooperatively complete the key management task at stage  is   * N ; θ  and θ − are revealed type(s) of node  and nodes set {−}, respectively.
Then, node 's expected utility at stage  is Note that,    (  * N , θ  , θ − ,    ) is what the node  usually seeks to maximize.It reflects the amount of benefits gained by node  if it follows a specific strategy    at stage .Nodes might deviate from revealing their truthful types if that could lead to a better payment.Therefore, our mechanism must be strategyproof where truth revealing is the dominant strategy, and thus the following standard properties are required to be satisfied [13,29].
(1) Individual rationality holds when truthful nodes are guaranteed to have nonnegative expected utility.Formally, this condition holds, when for all , (3) No-free-riders holds if all nodes not selected to participate in the current key management have a revenue of 0. The properties of individual rationality, incentive compatibility, and no free riders imply that, (1) the expected utility of a truthful node is always nonnegative; (2) each node will find no better option than to reveal their true type; (3) the nodes that are not selected to participate in the current key management have a revenue of 0. Therefore, all rational nodes that include the malicious ones will find that revealing their types untruthfully can never lead to a better payment than revealing their types truthfully, and sending no information to the leader can never lead to a better payment than reporting their types to the leader.Then all rational nodes will always report their types truthfully to the leader, since their objectives are to maximize their individual benefits.
Similarly in our mechanism, leader also need to maximize the system's welfare, and so we have the following definition.Definition 1.A selection function is called socially efficient if the chosen selection  *  ∈ N  maximizes social welfare over N  ; that is, for all   N ∈ N  , Now, we have the following required property.
(4) A mechanism is called a socially efficient mechanism, if it has a socially efficient selection function.
To ensure truth elicitation from all the nodes, we need to prove that the presented mechanism is strategyproof.

Individual Rationality.
Individual rationality means that the expected utility of a truthful node is always nonnegative.Truthful node  with its revealed type    might either be selected to participate in completing the key management task at stage  or not, given other nodes −'s revealed types vector θ − .Now, we consider both cases as follows.
Case 1. Truthful node  is not selected to participate in the key management at stage .From ( 18) and ( 16), we know that node 's expected utility is 0 at this stage, because both its payment and its cost are   and hence we proved our claim.
Case 2. Truthful node  is selected to participate in the key management task at stage .
From ( 18) and ( 16), we know that node 's expected utility in this case is Since node  is truthful at this stage, we have θ  =    , that means p  =    and ẑ  =    .Therefore, ( 22) can be rewritten as According to the selection function defined in our mechanism, the first term in (23) quantifies the optimal welfare that can be obtained when node 's revealed type is its true one θ , the vector of other nodes' revealed types is θ− , and node  is involved in the selection.Similarly, the second term quantifies the optimal welfare that can be obtained when the vector of other nodes' revealed types is θ− but node  is not involved in the selection.Since node 's involvement can only improve the total welfare, we have    =   * N ( p , ẑ ) −   * − ( p − , ẑ − ) ≥ 0 and proved this property.

Incentive Compatibility.
Incentive compatibility means that players will find no better option than to reveal their true type.We consider the node  and other nodes −.Given revealed types of  and −, θ  = {p   , ẑ  } and θ − = {p  − , ẑ − }, we need to show that node  cannot gain more from not revealing its true type than revealing its true type.Now given its true type    at stage , we consider two cases of this node by revealing its true types, namely, either selected or not.
Case 1. Node  is selected by the leader if it reveals its type  truthfully at stage .Then from the property of individual rationality, we know that by revealing its truth type at this case, node  can gain a utility    ≥ 0. Now we consider two subcases of node 's untruthful revelation.
(i) If it is not selected by the leader due to its untruthful revelation, then node 's utility at stage  will still be 0, and this make node  have no incentive to be untruthful at this subcase.
(ii) If it is selected by the leader to participate in completing the key management task at current stage, then from ( 22) and the payment function of our mechanism we know that, given other nodes' revealed types θ − , node 's expected utility at current stage  just relates to node 's true type    , no matter what type it had revealed.That is to say, untruthful revelation cannot make extra utility to node , so node  has no incentive to be untruthful at this subcase also.
Case 1. Node  is not selected to participate in the key management task at stage .From ( 16), we know that by revealing its truth type, node  could gain a utility of 0 at this case.Now we consider two subcases of node  with an untruthful revelation.
(i) Node  is still not selected to participate in the task with its untruthful revelation.
In this subcase, node 's utility is still 0, and this means that the utility of node  remains the same with an untruthful revelation of type θ  .(ii) Node  is selected to participate in the task because of its untruthful revelation.From ( 22) and the payment function in our mechanism, we know that node 's expected utility    at this scenario will be where ( Note that in this subcase, node  would not be selected by the leader if it revealed its true type, and so with its truthful revelation, node  whether involved in the selection or not will make no difference on system's welfare at this stage.Then we have If we assume    > 0 and substitute 24), then we can get where   * N (   , p − ,    , ẑ − ) is the optimal nodes selection scheme over the vector of nodes' revealed types (   , θ − ) at International Journal of Distributed Sensor Networks stage .This means that, given the revelation of node types (   , θ − ), new selection scheme   N is more optimal than   * N .However, this contradicts the definition of   * N .Therefore, revealing an untruthful type θ cannot lead to a higher utility of node  in this subcase.

No
Free Riders.This property can be derived from the payment function of our mechanism directly.

Socially
Efficient.This property can be derived from incentive compatibility and the selection function of our mechanism directly.

Simulation Experiments and Results
In this section, we illustrate some of the performance benefits of our proposed model.To show efficient improvement of our model and to show the negative impact of selfish node with untruth telling, we evaluate the performance of our strategyproof optimal nodes selection model with respect to Yu's selection model [10] and random selection model [2][3][4][5][6][7][8][9].
To eliminate the effect of leader election phase's cost, a reasonable choice would be to run the leader election algorithm only once and follow a fixed number of stages after the initial election and thus amortizing the overhead through the many iterations of the key management tasks, similar to what is explained in [37].In this way, the actual overhead of leader election would be neglected when considering the network lifetime.
The system value of the threshold key management service in our simulation is defined as   = 300,  = 0.25, and then   = 200 for each stage.

Cost Reduction.
First, we compare the costs in different models along simulation stages when a (3, 7) secret sharing scheme is used.Initializing each node with a state of (1, 1), we can see from Figure 1 that there is a distinct cost reduction of both our strategyproof optimal selection model and Yu's selection model over the random selection model.This is mainly due to the fact that the random selection model selects nodes without considering the cost and thus leading to a higher average cost.Figure 1 also demonstrates that for the two optimal selection models, there is a better performance of our selection model than that of Yu's selection model.This result indicates that, with the presence of selfish nodes, the normal nodes in the system must more often be active to carry out the duty of key management than the nodes in the system without selfish nodes and so will transfer into more cost states with a higher probability.
We also perform parameter-sensitivity analysis on the models by considering different crypto thresholds.The simulation is performed with 30 stages for 200 times and then the average costs of each stage are calculated.Figure 2 shows the costs comparison over our model, the random selection    model, and Yu's selection model, when there are 15 nodes participating in the key management service, all with initial node state of (1, 1), with the crypto threshold changing from 2 to 7. With the increase of the crypto threshold, the cost to perform the key management task increases due to more nodes that need to be active, but our model always has the lowest cost.

Network Lifetime Improvement.
In these simulations, we investigate the network lifetime improvement of the proposed model.Let  be the number of nodes in the MANET, and we consider the crypto threshold as (−1)/2 in the simulation.So when there are  − ( − 1)/2 = ( + 1)/2 nodes run out of power, the network is regarded as dead.A node is considered running out of power, if it has run  stages on passive mode and  stages on active mode since entering into the low (h3) energy state, where  + 2 = 30 and 0 ≤ ,  ≤ 30.We first check the performance when different energy transition probabilities are used.We set  = 7 and let the energy transition probability of the active node be in the range from 0.88 to 0.98.The energy transition probabilities matrix for passive node remains unchanged in all circumstance as defined before, that is, B2 = [0.99,0.01, 0, 0, 0.99, 0.01, 0, 0, 1].As shown in Figure 3, our strategyproof optimal selection model and Yu's selection model always have longer network lifetime than the random selection model, because in random selection model the nodes are selected without considering the energy level and this leads the nodes with low energy to die fast.
Then we check the performance when different numbers of nodes are available in the network.From Figure 4 we can see that the key management service is distributed among more nodes and thus prolonging the lifetime of the network in all three models (random selection model, Yu's selection model, and our selection model), with the number of available nodes in MANET increasing from 5 to 35.Still the same as before, our optimal selection model shows consistent improvement over the other two models in this simulation.

Success Ratio Improvement.
The success ratio is the probability that the leader successfully collects all the requested partial signature or partial authentication from a threshold number of nodes and then completes the assigned key management task.We assume that a node in safe state will always complete its assigned task with probability of 1, while a vulnerable node and a compromised node with probabilities of 1/ √ 2 and 1/ √ 3, respectively.First, we compare the average success ratios of threshold key management in different models along simulation stages when there are 7 nodes in the network, with the crypto threshold and selfish nodes number set to 3 and 2, respectively.Figure 5 shows that our strategyproof optimal selection model has a distinct success ratio improvement over the random selection model and also demonstrates a better success ratio than Yu's selection model.This is mainly due to the fact that neither the random selection model nor Yu's selection model selects nodes with the consideration of the success ratios of each nodes.
We then show the success ratio improvement when there are more nodes in the network.From Figure 6 we can see, with the number of available nodes in the network increasing from 7 to 19, that the success ratios of all three models become higher since there are more nodes with higher security state which can be selected from.The success ratio of our optimal selection model still is shown to be the highest in these circumstances.

Network Compromising Probability Reduction.
Last but not least, we investigate the probability of the network being compromised by attacker(s) who is(are) attempting to assemble enough key information to deduce the master key of the system.In order to quantify and compare different models in our scenario, we will use as a metric the compromise probability that is defined as the probability that an attacker can recover the master key of the secret sharing scheme, after capturing enough nodes, and so is inversely proportional to the number of stages required by attacker(s) to capture the required number of nodes and then to compromise the network.Assume that the attacker knows all public parameters of the system, then when a (, ) secret sharing      scheme is used, the MANET is deemed compromised if ( − ) nodes are captured by the attacker(s).In our simulation, a node is defined as captured, if it has run  stages on passive mode and  stages on active mode since it entered into the compromised security state, where  + 2 = 30 and 0 ≤ ,  ≤ 30.
The results in Figure 7 indicate that the proposed selection model has lower network compromising probability than the random selection model and Yu's selection model, since our strategyproof optimal selection model tends to select nodes with higher security levels and thus keeping a balance of all node's security level with time.When the transition probabilities are closer to 1, the compromising probabilities of all models asymptotically approach 0. This is because the nodes in each model will keep their security state unchanged and so keep the networks safe in each stage.In Figure 8, we compare the network compromising probability when there are different numbers of nodes in the network.With an increase in the total number of nodes in the MANET, all the models show a downward trend in compromising probabilities because the key management service can be distributed among more nodes which will decrease the probability of each node transition into a lower security level.Similarly as before, our optimal selection model has lower compromising probability than the other two models.
From the simulation results in Figures 1-8, we can see that with the incentive compatible optimal nodes selection mechanism to encourage each node in the system to be truthtelling and to select a coalition of nodes with the purposes of maximizing the success ratio of key management service   and minimizing the nodes' cost, our optimal nodes selection model certainly has dramatic results in reducing the nodes's resource consumption and network's security compromising, while improving the lifetime of the network and the success ratio of the key management service dramatically, in the presence of selfish nodes.

Conclusion and Discussion
In this paper, focusing on the optimal nodes selection problem in presence of selfish nodes for threshold key management in MANETs during its operation, we formulated the dynamic nodes selection problem as a combinatorial optimization problem firstly, with the objectives of maximizing the success ratio of key management service and minimizing the nodes' cost of security and energy and then proposed the incentive compatible mechanism to implement the optimal nodes selection process in MANETs, to ensure that the truth telling is the dominant strategy and so prevent the emergence of selfish nodes.To the best of our knowledge, this is the first incentive-compatible mechanism for threshold key management.
In our scheme, although one of the nodes in the network needs to be specified as a leader, essentially there are differences between the leader node in this scheme and the PKG server in the centralized scheme [38,39], and these make our proposed mechanism efficient and suitable for the MANETs.Specifically, (1) instead of being specified by the administrator in bootstrapping network phase and fixed during network lifetime, the leader can be elected/reelected periodically and/or when found to be failed, attacked, or run out of battery, it cannot reach any nodes in the system, and so forth and so eliminating the single point of failure.(2) The network's primary secret is not held by the leader itself but is split and shared by all the nodes by using secret sharing method.Therefore, no node in the network is required to be trusted and available to all other nodes.(3) The main task of key management is not performed by the leader but is performed by a threshold number of nodes selected at each stage elaborately, with the consideration of maximizing the success ratio of key management service and minimizing the nodes' cost of security and energy.In this way, our scheme improves both the success ratio of key management service and lifetime of the network and reduces both the cost of participating nodes and compromising probability.(4) The ICONS mechanism that we proposed cannot only be used in the scenario of threshold key management but also in other cooperation scenarios in MANET For future work, we plan to extend this mechanism to a distributed setting [40].Although we argued in Section 3 that it is reasonable to assume that there is always a node in the network to act as a leader, a practical and distributed selection model without a specific leader node will be more helpful to implement the nodes selection model in the real world.
model Optimal selection model with strategyproof mechanism

Figure 1 :
Figure 1: Average cost with different stages.
model Optimal selection model with strategyproof mechanism

Figure 2 :
Figure 2: Average cost with different crypto thresholds.

Figure 3 :
Figure 3: Network lifetime with different transition probabilities.
Yu's selection model Optimal selection model with strategyproof mechanism

Figure 4 :Figure 5 :
Figure 4: Network lifetime with different numbers of nodes.
model Optimal selection model with strategyproof mechanism

Figure 6 :
Figure 6: Average success ratio with different numbers of nodes.
model Optimal selection model with strategyproof mechanism

Figure 8 :
Figure 8: Compromising probability with different numbers of nodes.
3.1.3.Node States Model.Note that both security state    and energy state    are independent of each other, so we can model the state of each node  in stage  as