A cluster-based security architecture for ad hoc networks
Hans-joachim Hof2004, IEEE INFOCOM 2004
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Secure communication is very important in computer networks and authentication is one of the most eminent preconditions. However, common authentication schemes are not applicable in ad hoc networks because public key infrastructures with a centralized certification authority are hard to deploy there. We propose and evaluate a security concept based on a distributed certification facility. A network is divided into clusters with one special head node each. These cluster head nodes execute administrative functions and hold shares of a network key used for certification. New nodes start to participate in the network as guests; they can only become full members with a networksigned certificate after their authenticity has been warranted by some other members. The feasibility of this concept was verified by simulation. Three different models for node mobility were used in order to include realistic scenarios as well as make the results comparable to other work. The simulation results include an evaluation of the log-on times, availability, and communication overhead.
Related papers
A Distributed Security Architecture for ad hoc Networks
Secure communication in ad hoc networks is an inherent problem because of the distributiveness of the nodes and the reliance on cooperation between the nodes. All the nodes in such networks rely and trust other nodes for forwarding packets because of their limitation in the range of transmission. Due to the absence of any central administrative node, verification of authenticity of nodes is very difficult. In this paper, we propose a clusterhead-based distributed security mechanism for securing the routes and communication in ad hoc networks. The clusterheads act as certificate agencies and distribute certificates to the communicating nodes, thereby making the communication secure. The clusterheads execute administrative functions and hold shares of network keys that are used for communication by the nodes in respective clusters. Due to the process of authentication, there are signalling and message overheads. Through simulation studies, we show how the presence of clusterheads can substantially reduce these overheads and still maintain secure communication.
Distributed Certificate Authority in Cluster-based Ad hoc networks
The need to secure communication in ad hoc network is extremely challenging because of the dynamic nature of the network and the lack of centralized management. This makes public key cryptographic services particularly difficult to sup-port. We propose a distributed certificate authority intended for deployment in an NTDR cluster-based architecture. We also outline procedures for maintaining this distributed cer-tificate authority amongst a highly dynamic membership of shareholding nodes.
A Distributed Certificate Authority and Key Establishment Protocol for Mobile Ad Hoc Networks
10th International …, 2008
A Secure Architecture for Mobile Ad Hoc Networks
Lecture Notes in Computer Science, 2006
In this paper, we propose a new architecture based on an efficient trust model and clustering algorithm in order to distribute a certification authority (CA) for ensuring the distribution of certificates in each cluster. We use the combination of fully self-organized security for trust model like PGP adapted to ad-hoc technology and the clustering algorithm which is based on the use of trust and mobility metric, in order to select the clusterhead and to establish PKI in each cluster for authentication and exchange of data. Furthermore, we present new approach Dynamic Demilitarized Zone (DDMZ) to protect CA in each cluster. The principle idea of DDMZ consists to select the dispensable nodes, also called registration authorities; these nodes must be confident and located at one-hope from the CA. Their roles are to receive, filter and treat the requests from any unknown node to CA. With this approach, we can avoid the single point of failure in each cluster. This architecture can be easily extended to other hierarchical routing protocols. Simulation results confirm that our architecture is scalable and secure.
A Cluster-Based Security Architecture for Wireless Ad Hoc Networks
National Conference on Smart Communication Technologies and Industrial Informatics (SCTII’2007).
MOCA : MObile Certificate Authority for Wireless Ad Hoc Networks
2004
An authentication service is one of the the most fundamental building blocks for providing communication security. In this paper, we present the MOCA (MObile Certificate Authority) key management framework designed to provide authentication service for ad hoc wireless networks. MOCA is a distributed certificate authority (CA) based on threshold cryptography. We present a set of guidelines for a secure configuration of threshold cryptography to maintain strong security. MOCA utilizes a carefully selected set of mobile nodes to function as a collective certificate authority while the MOCA nodes are kept anonymous. Equipped with a novel routing protocol designed to support the unique communication pattern for certification traffic, MOCA achieves high availability without sacrificing security. Both the security of the framework and the operational performance is evaluated with rigorous analysis and extensive simulation study.
Authenticated and efficient key management for wireless ad hoc networks
2003
In this paper we present a key management protocol for wireless ad hoc multi-hop networks. Two objectives were crucial in our design: (1) distributed trust to ensure robustness, and (2) strong authentication to prevent the battery drain attack. We achieve distributed trust by presenting a hierarchical and distributed public key infrastructure for ad hoc networks. Our PKI has been designed to map onto hierarchical ad hoc networks, while maintaining global connectivity and flexibility. If a misbehavior detection scheme is present on the network, then the security of our PKI can be improved through collaboration with this scheme. Next to this PKI we propose a mechanism to securely establish and maintain link keys between the different nodes in the network.
VIRTUAL CERTIFICATE VALIDATION AND EFFICIENT CLUSTERING ALGORITHM IN WIRELESS AD HOC NETWORK
The main objective of the project is to provide effective and efficient secure communications in mobile ad hoc networks. Radio frequency identification and wireless sensor networks are two important wireless technologies that have a wide variety of applications in current and future systems. RFID facilitates detection and identification of objects that are not easily detectable or distinguishable by using conventional sensor technologies. However, it does not provide information about the condition of the objects it detects. WSN, on the other hand, not only provides information about the condition of the objects and environment but also enables multihop wireless communications. Hence, the integration of these technologies expands their overall functionality and capacity. In this project, initially we have to form a group of sensor in a network. Then divide a group into small clusters. Every cluster should have cluster head for collecting the data from cluster members. Finally it will forward to Base station. Due to the open nature easily misbehaving activities can be done malicious nodes such as injecting false data. So in existing system they were using different security mechanisms. But in our proposed scheme we introduce TA (Trusted Authority) for providing more security in WSN.
Providing efficient certification services against active attacks in ad hoc networks
2005
Most of previous research work in key management can only resist passive attacks, such as dropping the certificate request, and are vulnerable under active attacks, such as returning a fake reply to the node requesting the certification service. In this paper, we propose two algorithms to address both security and efficiency issues of certification services in ad hoc networks. Both of the algorithms can resist active attacks. In addition, simulation results show that, compared to the previous works, our second algorithm is not only much faster in a friendly environment, but it also works well in a hostile environment in which existing schemes work poorly. Furthermore, the process of generating partial certificates in our second algorithm is extremely fast. Such advantage is critical in ad hoc networks where by nature the less help a node requests from its neighbors, the higher is the chance of obtaining the help. Consequently, using our second algorithm, a node can easily find enough neighboring nodes which provide the certification service.
Trusted and Secured Clustered Protocol in MANET
International Journal of Computer Applications, 2016
Mobile Ad hoc Networks (MANETs) are subject to various kinds of attacks. Deploying security mechanisms is difficult due to inherent properties of ad hoc networks, such as the high dynamics of their topology, restricted bandwidth, and limited resources in end device. With such dynamicity in connectivity and limited resources it is not possible to deploy centralized security solution. Like many distributed systems, security in ad hoc networks widely relies on the use of key management mechanisms. However, traditional key management systems are not appropriate for them. This work aims at providing a secure and distributed authentication service in ad hoc networks. A trusted and secured clustered protocol in MANET, where clusters are formed based on highly-trusted nodes having sufficient energy is proposed. Secured communication with public key authentication service based on trust model and network model to prevent nodes from obtaining false public keys of the others when there are malicious nodes in the network is organised. Efforts to present energy efficient, secure and trusted clustering to enhance the security assurance and significant adaptation of trustworthy communication is
Related papers
A Scheme of Certificate Authority for Ad Hoc Networks
Proceedings of the International Workshop on Mobile Information Systems (WMIS) held in conjunction with the 18th International Conference on Database and Expert Systems Applications (DEXA 2007), Rosenberg, Germany, September 5- 7 2007 pp: 615-619, 2007
The attractiveness of the wireless ad hoc networks lies in the fact that these networks are self-organized: the hosts constituting the networks can communicate with each other without reliance on any centralized or specified entities such as base stations or access points. With these networks finding more applications, the need for adequate security mechanism is increasingly becoming important. Key management is an essential cryptographic primitive upon which other security protocols are built. However, most of the existing key management schemes are not feasible in ad hoc networks because public key infrastructures with a centralized certification authority are hard to deploy there. In this paper, we propose and evaluate a security mechanism based on distributed certification authority based on threshold cryptography that is suited to wireless ad hoc networks. A collection of nodes acts as the certificate authority and provides the certification service. The feasibility of the proposed scheme is verified by some simulation studies. The results show the effectiveness of the scheme.
A Totally Distributed Cluster Based Key Management Model for Ad hoc Networks
In this paper, we address key management in ad hoc networks. Ad hoc networks are a new wireless networking paradigm in which mobile hosts rely on each other to keep the network connected without the help of any preexisting infrastructure or central administrator. Thus, additional vulnerabilities and features pertinent to this new networking paradigm appeared. This might render traditional solutions inadaptable. In particular, the absence of a central authorization facility in an open and distributed communication environment is a major challenge, especially due to the need for cooperative network operations. For this reason, key management is particularly difficult to implement in such networks. In this paper, we study different proposals published so far, then we propose a new solution. Our solution uses the clustering technique and derives from distributed PKI solutions presented in the literature. It combines the strength of centralized PKI in the same cluster and distributed PKI for the clusterheads leading to more suitable, economic, adaptable, scalable and autonomous key management.
Providing distributed certificate authority service in cluster-based mobile ad hoc networks
Computer Communications, 2007
Nodes in a mobile ad hoc network (MANET) are more vulnerable and there is no predefined infrastructure in such a network. Providing secure communication in these networks is an important and challenging problem. Among all proposed schemes, the model of using distributed certificate authorities (CA) based on threshold cryptography and proactive share update using a cluster-based architecture seems to be a promising approach. However, there are two issues that are not well studied in the current literature for this model: (1) how to locate enough CA servers, and (2) how to perform the proactive share update. In this paper, we propose two efficient schemes with low system overhead to tackle these two problems. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead. The effectiveness of our proposed schemes has been verified by extensive simulation.
An Efficient Certification Scheme for Nodes In a Wireless Ad Hoc Network
International Journal on Advancements in Computing Technology (IJACT), Vol. 2, No. 4, pp. 57 – 66, October, 2010, 2010
The attractiveness of the wireless ad hoc networks lies in the fact that these networks are self-organized: the hosts constituting the networks can communicate with each other without reliance on any centralized or specified entities such as base stations or access points. With these networks finding more applications, the need for adequate security mechanism is increasingly becoming important. Key management is an essential cryptographic primitive upon which other security protocols are built. However, most of the existing key management schemes are not feasible in ad hoc networks because public key infrastructures with a centralized certification authority are hard to deploy there. In this paper, we propose and evaluate a security mechanism based on distributed certification authority based on threshold cryptography that is suited to wireless ad hoc networks. A collection of nodes acts as the certificate authority and provides the certification service.
An Efficient Certificate Authority for Ad Hoc Networks
Proceedings of the 4th International Conference on Distributed Computing and Internet Technology (ICDCIT), 2007, Bangalore, India, December 17-20, 2007, Springer LNCS 4882, pp: 97-109. , 2007
The attractiveness of the wireless ad hoc networks lies in the fact that these networks are self-organized: the hosts constituting the networks can communicate with each other without reliance on any centralized or specified entities such as base stations or access points. With these networks finding more applications, the need for adequate security mechanism is increasingly becoming important. Key management is an essential cryptographic primitive upon which other security protocols are built. However, most of the existing key management schemes are not feasible in ad hoc networks because public key infrastructures with a centralized certification authority are hard to deploy there. In this paper, we propose and evaluate a mechanism of distributed certification authority based on threshold cryptography that is suited for wireless ad hoc networks. In the proposed scheme, a collection of nodes acts as the certificate authority and provides the certification service. The feasibility of the proposed scheme is verified by simulation. The results show the effectiveness of the scheme.
Distributed Certificate Management in Mobile Ad Hoc Networks
2012
PKI or public key infrastructure is used many security solutions that are designed for mobile ad hoc networks. These networks have special features that distinguish them from other wired and conventional networks and centralized Certificate Authorities cannot be used for certificate management in these kinds of networks. Thus many efforts have been made to adapt Certificate Authority’s (CA) tasks to the dynamic environments of MANETs and distribute the tasks of CA among MANET nodes. In this paper, we study various Certificate management solutions that are proposed in the literature and analyze their advantages and limitations. In addition, we emphasis on certificate revocation and validation issues and compare the overheads of these operations. Finally, we propose the characteristics of an ideal DCA system that can be used to verify the completeness of any DCA Scheme.
Secure, Redundant, and Fully Distributed Key Management Scheme for Mobile Ad Hoc Networks: An Analysis
Eurasip Journal on Wireless Communications and Networking, 2005
Security poses a major challenge in ad hoc networks today due to the lack of fixed or organizational infrastructure. This paper proposes a modification to the existing "fully distributed certificate authority" scheme for ad hoc networks. In the proposed modification, redundancy is introduced by allocating more than one share to each node in order to increase the probability of creating the certificate for a node in a highly mobile network. A probabilistic analysis is carried out to analyze the trade-offs between the ease of certificate creation and the security provided by the proposed scheme. The analysis carried out from the intruder's perspective suggests that in the worst-case scenario, the intruder is just "one node" away from a legitimate node in compromising the certificate. The analysis also outlines the parameter selection criteria for a legitimate node to maintain a margin of advantage over an intruder in creating the certificate.
A Hybrid Certificate Management for Mobile ad-hoc Networks
2012
Abstract: Mobile adhoc network (MANET) applications are gaining importance due to increased number of personal devices and ubiquitous computing. Authenticity is the most fundamental issue in these applications, since a breach of authenticity leads to a system wide compromise. The existing public key infrastructure (PKI) handles the applications in a wired network using a centralized certificate server. This server handles the creation, renewal and revocation of certificates.
A survey and taxonomy of distributed certificate authorities in mobile ad hoc networks
EURASIP Journal on Wireless Communications and Networking, 2011
Certificate authorities (CAs) are the main components of PKI that enable us for providing basic security services in wired networks and Internet. But, we cannot use centralized CAs, in mobile ad hoc networks (MANETs). So, many efforts have been made to adapt CA to the special characteristics of MANETs and new concepts such as distributed CAs (DCAs) have been proposed that distribute the functionality of CA between MANET nodes. In this article, we study various proposed DCA schemes for MANET and then classify these schemes according to their internal structures and techniques. Finally, we propose the characteristics of an ideal DCA system that can be used to verify the completeness of any DCA scheme. This classification and taxonomy identify the weakness and constraints of each scheme, and are very important for designing more secure, scalable, and high performance DCA systems for MANETs and other networks. Secure inter cluster communication Self-initialization [10] Participating nodes authenticate each other Nodes requesting certificate perform the whole process [11] Individual nodes, certificate repositories, DCA servers Used in Inter-cluster communication One or more certificate repositories Elliptic curve, CRLs, secure communication between clusters Masdari et al.
A Group-Based Key Management Protocol for Mobile Ad Hoc Networks
GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference, 2009
Due to the dynamic topology and non infrastructure, network participants cooperate with their neighbors to route packets. The lack of centralized services allows mobile ad hoc networks to be easily and swiftly deployed, but make it difficult to check others' identities on the other hand. Cryptographic tools have been introduced to secure group communications, such as Private and Public Key Infrastructure. The autonomous and distributed nature of mobile ad hoc network demands a decentralized authentication service, where Public Key Infrastructure is considered a better solution. Public Key Infrastructure can ensure both confidentiality and authenticity, but it is impractical to provide an online trusted third party as Certificate Authority (CA) for mobile ad hoc network. In this paper, we proposed a new key management protocol which utilizes certificate graphs and distributed Certificate Authorities. Certificate graph maintained by each user represents the trust among his neighbors, then the maximum clique of certificate graph is selected to be CAs. Based on the assumption that initial certificate graph building is secure [11], good users have more friends while bad ones have less, thus a reliable group can be constructed. The most trustful subset of these good users -the maximum clique -is elected as the governor of this group, which takes the responsibility of certificate authentication.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.