Secure, Redundant, and Fully Distributed Key Management Scheme for Mobile Ad Hoc Networks: An Analysis

Security poses a major challenge in ad hoc networks today due to the lack of fixed or organizational infrastructure. This paper proposes a modification to the existing "fully distributed certificate authority" scheme for ad hoc networks. In the proposed modification, redundancy is introduced by allocating more than one share to each node in order to increase the probability of creating the certificate for a node in a highly mobile network. A probabilistic analysis is carried out to analyze the trade-offs between the ease of certificate creation and the security provided by the proposed scheme. The analysis carried out from the intruder's perspective suggests that in the worst-case scenario, the intruder is just "one node" away from a legitimate node in compromising the certificate. The analysis also outlines the parameter selection criteria for a legitimate node to maintain a margin of advantage over an intruder in creating the certificate.

[1]  Li Gong,et al.  Increasing Availability and Security of an Authentication Service , 1993, IEEE J. Sel. Areas Commun..

[2]  Dan Boneh,et al.  Building intrusion tolerant applications , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[4]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[5]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[6]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[7]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[8]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[9]  Ran Canetti,et al.  Maintaining Authenticated Communication in the Presence of Break-Ins , 1997, PODC '97.

[10]  Moti Yung,et al.  Optimal-resilience proactive public-key cryptosystems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, Journal of Cryptology.

[12]  Moti Yung,et al.  Proactive RSA , 1997, CRYPTO.

[13]  Tony Larsson,et al.  Routing protocols in wireless ad-hoc networks : a simulation study , 1998 .

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[16]  Yvo Desmedt,et al.  Shared Generation of Authenticators and Signatures (Extended Abstract) , 1991, CRYPTO.

[17]  Jukka Valkonen Key Management in Ad-Hoc Networks , 2007 .

[18]  William A. Arbaugh,et al.  Toward secure key distribution in truly ad-hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[19]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[20]  Alice Bob,et al.  The PGP Trust Model , 2005 .

[21]  David W. Chadwick,et al.  Internet X.509 Public Key Infrastructure LDAP Schema and Syntaxes for PMIs , 2002 .

[22]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[23]  Haiyun Luo,et al.  Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks , 2000 .

[24]  Yvo Desmedt,et al.  Parallel reliable threshold multisignature , 1992 .

[25]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[26]  Louise E. Moser,et al.  An analysis of the optimum node density for ad hoc mobile networks , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[27]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .