An Efficient Certificate Authority for Ad Hoc Networks

International Journal of Network Security & Its Applications, 2015

In mobile adhoc networks (MANETs) an efficient and secure key management scheme is extremely crucial. Key management schemes for MANETs are mainly based on identity-based public key cryptography (ID-PKC) or certificate-based public key cryptography, both of which has their inherit problem. The ID-PKC has the key escrow problem and certificate based cryptography have a high computational costs of certificates deployment. In this paper, we present a distributed key management scheme, in which a combination of certificate less public key cryptography (CL-PKC) and threshold cryptography is employed. The scheme proposed in this paper not only achieves several enhanced security attributes for key management in MANET but also eliminates the need for certificate-based public key distribution and the key escrow problem efficiently. .

2002

PKI has been recognized as one of the most successful and important tools for providing security for dynamic networks. However, providing such infrastructure in ad hoc wireless networks is a challenging task due to the infrastructure-less nature of ad hoc networks. In this paper, we present these challenges in detail, identify the requirements for such solutions in ad hoc networks, and propose a practical solution to provide certification services in ad hoc networks. We employ threshold cryptography to distribute the CA functionality over specially selected nodes based on security and physical characteristics of the nodes. The selected mobile nodes that collectively provide PKI functionality are called MOCA(MObile Certificate Authority)s. Using these MOCAs, we present an efficient yet effective communication protocol for mobile nodes to correspond with MOCAs and get certification services. Results from our simulations verify the effectiveness of our approach, as well as the cost in terms of control overhead and delay. we also provide some insights into configuring such security services.

Computer Networks, 2005

Existing research efforts in key management can only handle very limited number of nodes and are vulnerable to active attacks. In addition, the flexibility and adaptivity of handling dynamic risks in different parts of networks, although critical in the practical usages of ad hoc networks, have been largely ignored. In this paper, we propose a novel hierarchical scheme based on threshold cryptography to address both security and efficiency issues of key management and certification service in Mobile Ad hoc Network (MANET). The main contributions of our key management scheme include: 1. providing various parts of MANET the flexibility of selecting appropriate security configurations, according to the risks faced; 2. providing the adaptivity to cope with rapidly-changing environments; 3. handling of MANETs with a large number of nodes; 4. issuing certificates with different levels of assurance. We also propose two algorithms, which can be used independently from the hierarchical structure, to protect certification services in ad hoc networks from active attacks. Our simulation results show that, compared to the previous work , our second algorithm is much faster in a friendly environment. When the key length is 1024 bits, the process of generating or renewing a certificate in our second algorithm is around six to eight times faster, and the process of generating partial certificates in our second algorithm is around 20-80 times faster. The latter advantage is critical in MANET where intrinsically the less help a node requests from its neighbors, the higher is the chance of obtaining the help. Furthermore, Computer Networks 48 simulation results also show that our two algorithms work well in a hostile environment in which existing schemes work poorly.

10th International …, 2008

2007 Second International Conference on Systems and Networks Communications (ICSNC 2007), 2007

The dynamic and cooperative nature of ad hoc networks present challenges in securing these networks. There are recent research efforts in securing ad hoc networks. Amongst security approaches, there are threshold cryptography and authentication. In this paper we survey the threshold cryptography based schemes and the authentication schemes that have been proposed to secure ad hoc networks. We conclude this paper and identify the challenges and open research areas associated with each of these approaches.

This paper studies key management, a fundamental problem in securing mobile ad hoc networks (MANETs). We present IKM, an ID-based key management scheme as a novel combination of ID-based and threshold cryptography. IKM is a certificateless solution in that public keys of mobile nodes are directly derivable from their known IDs plus some common information. It thus eliminates the need for certificate-based authenticated public-key distribution indispensable in conventional public-key management schemes. IKM features a novel construction method of ID-based public/private keys, which not only ensures high-level tolerance to node compromise, but also enables efficient network-wide key update via a single broadcast message. We also provide general guidelines about how to choose the secret-sharing parameters used with threshold cryptography to meet desirable levels of security and robustness. The advantages of IKM over conventional certificate-based solutions are justified through extensive simulations. Since most MANET security mechanisms thus far involve the heavy use of certificates, we believe that our findings open a new avenue towards more effective and efficient security design for MANETs.

GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference, 2009

Due to the dynamic topology and non infrastructure, network participants cooperate with their neighbors to route packets. The lack of centralized services allows mobile ad hoc networks to be easily and swiftly deployed, but make it difficult to check others' identities on the other hand. Cryptographic tools have been introduced to secure group communications, such as Private and Public Key Infrastructure. The autonomous and distributed nature of mobile ad hoc network demands a decentralized authentication service, where Public Key Infrastructure is considered a better solution. Public Key Infrastructure can ensure both confidentiality and authenticity, but it is impractical to provide an online trusted third party as Certificate Authority (CA) for mobile ad hoc network. In this paper, we proposed a new key management protocol which utilizes certificate graphs and distributed Certificate Authorities. Certificate graph maintained by each user represents the trust among his neighbors, then the maximum clique of certificate graph is selected to be CAs. Based on the assumption that initial certificate graph building is secure [11], good users have more friends while bad ones have less, thus a reliable group can be constructed. The most trustful subset of these good users -the maximum clique -is elected as the governor of this group, which takes the responsibility of certificate authentication.

Advances in Science and Technology Research Journal, 2014

The use of wireless technologies is gradually increasing and risks related to the use of these technologies are considerable. Due to their dynamically changing topology and open environment without a centralized policy control of a traditional network, a mobile ad hoc network (MANET) is vulnerable to the presence of malicious nodes and attacks. The ideal solution to overcome a myriad of security concerns in MANET’s is the use of reliable authentication architecture. In this paper we propose a new key management scheme based on threshold cryptography in kerberos for MANET’s, the proposed scheme uses the elliptic curve cryptography method that consumes fewer resources well adapted to the wireless environment. Our approach shows a strength and effectiveness against attacks.

Computer Communications, 2007

Nodes in a mobile ad hoc network (MANET) are more vulnerable and there is no predefined infrastructure in such a network. Providing secure communication in these networks is an important and challenging problem. Among all proposed schemes, the model of using distributed certificate authorities (CA) based on threshold cryptography and proactive share update using a cluster-based architecture seems to be a promising approach. However, there are two issues that are not well studied in the current literature for this model: (1) how to locate enough CA servers, and (2) how to perform the proactive share update. In this paper, we propose two efficient schemes with low system overhead to tackle these two problems. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead. The effectiveness of our proposed schemes has been verified by extensive simulation.

Computer Networks, 2007

Ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs) represent recent technological advancements. They support low-cost, scalable and fault-tolerant computing and communication. Since such groups do not require any pre-deployed infrastructure or any trusted centralized authority they have many valuable applications in military and commercial as well as in emergency and rescue operations. However, due to lack of centralized control, ad hoc groups are inherently insecure and vulnerable to attacks from both within and outside the group.

2007

This paper proposes a novel secure mechanism for managing the digital certificates in WMANETs. Based on our defined architecture for WMANETs, we will take the case where WMANET is operating in an area covered by other infrastructure-based wireless networks such as cellular systems or WLANs. We define two different algorithms for two different scenarios. The first algorithm manages the digital certificates in the case all the ad hoc nodes are covered by other infrastructure-based wireless networks. This algorithm is based on the hierarchal trust model used in PKI to provide high level of security, availability and well management certification service. The second algorithm will take the assumption that some of the ad hoc nodes are covered by other wireless networks. In this case, both the certification authority characteristics of PKI and web of trust are combined. The ongoing research attempted to adapt one of these two approaches to WMANETs. The proposed solution will solve the shortcomings of applying one of the two approaches separately to WMANETs and enhance the level of security by combining their features. The novel mechanism is still a fully distributed, provides a high level of security, availability, flexibility and efficiency key management services for WMANETs. Graph theory will be used to represent our security system, study its performance and demonstrate its effectiveness.

2012

PKI or public key infrastructure is used many security solutions that are designed for mobile ad hoc networks. These networks have special features that distinguish them from other wired and conventional networks and centralized Certificate Authorities cannot be used for certificate management in these kinds of networks. Thus many efforts have been made to adapt Certificate Authority’s (CA) tasks to the dynamic environments of MANETs and distribute the tasks of CA among MANET nodes. In this paper, we study various Certificate management solutions that are proposed in the literature and analyze their advantages and limitations. In addition, we emphasis on certificate revocation and validation issues and compare the overheads of these operations. Finally, we propose the characteristics of an ideal DCA system that can be used to verify the completeness of any DCA Scheme.

Eurasip Journal on Wireless Communications and Networking, 2005

Security poses a major challenge in ad hoc networks today due to the lack of fixed or organizational infrastructure. This paper proposes a modification to the existing "fully distributed certificate authority" scheme for ad hoc networks. In the proposed modification, redundancy is introduced by allocating more than one share to each node in order to increase the probability of creating the certificate for a node in a highly mobile network. A probabilistic analysis is carried out to analyze the trade-offs between the ease of certificate creation and the security provided by the proposed scheme. The analysis carried out from the intruder's perspective suggests that in the worst-case scenario, the intruder is just "one node" away from a legitimate node in compromising the certificate. The analysis also outlines the parameter selection criteria for a legitimate node to maintain a margin of advantage over an intruder in creating the certificate.

The need to secure communication in ad hoc network is extremely challenging because of the dynamic nature of the network and the lack of centralized management. This makes public key cryptographic services particularly difficult to sup-port. We propose a distributed certificate authority intended for deployment in an NTDR cluster-based architecture. We also outline procedures for maintaining this distributed cer-tificate authority amongst a highly dynamic membership of shareholding nodes.