Design of certification authority using secret redistribution and multicast routing in wireless mesh networks

Wireless mesh networks (WMNs) should provide authentication and key management without a trusted third party because of their self-organizing and self-configuring characteristics. Several solutions to this problem have been proposed in mobile ad hoc networks (MANETs). But they are not optimal for WMNs because WMNs are with stationary mesh routers (MRs) that do not suffer from the limited power problem. In this paper, we design an architecture of mesh certification authority (MeCA) for WMNs. In MeCA, the secret key and functions of certification authority (CA) are distributed over several MRs. For secret sharing and redistribution, we develop the fast verifiable share redistribution (FVSR) scheme, which works for threshold cryptography and minimizes the possibility of secret disclosure when some shareholders are compromised by adversaries. MeCA adopts the multicasting based on Ruiz tree, which is optimal in reducing the operation overhead. It can update, revoke, and verify certificates of WMN nodes in a secure and efficient manner. Simulation results show that MeCA does not disclose its secret key even under severe attacks while incurring low overhead compared to other existing schemes in MANETs.

[1]  Yuguang Fang,et al.  ARSA: An Attack-Resilient Security Architecture for Multihop Wireless Mesh Networks , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Robbert van Renesse,et al.  APSS: proactive secret sharing in asynchronous systems , 2005, TSEC.

[3]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Sanjay Jha,et al.  Protecting Multicast Sessions in Wireless Mesh Networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[5]  Jie Wu,et al.  Secure and Efficient Key Management in Mobile Ad Hoc Networks , 2005, IPDPS.

[6]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[7]  Antonio F. Gómez-Skarmeta,et al.  Heuristic Algorithms for Minimum Bandwith Consumption Multicast Routing in Wireless Mesh Networks , 2005, ADHOC-NOW.

[8]  Moses D. Liskov,et al.  Mobile proactive secret sharing , 2008, PODC '08.

[9]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[10]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[11]  Rafail Ostrovsky,et al.  How To Withstand Mobile Virus Attacks , 1991, PODC 1991.

[12]  Anthony Ephremides,et al.  Energy-Efficient Broadcast and Multicast Trees in Wireless Networks , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[13]  Ian F. Akyildiz,et al.  Wireless mesh networks: a survey , 2005, Comput. Networks.

[14]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[15]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[16]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[17]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[18]  Narn-Yih Lee,et al.  Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders , 1994, EUROCRYPT.

[19]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[20]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[21]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[22]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[23]  Robin Kravets,et al.  MOCA : MObile Certificate Authority for Wireless Ad Hoc Networks , 2004 .

[24]  Vallipuram Muthukkumarasamy,et al.  Securing Wireless Mesh Networks , 2008, IEEE Internet Computing.

[25]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[26]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[27]  K. Gopinath,et al.  An extended verifiable secret redistribution protocol for archival systems , 2006, First International Conference on Availability, Reliability and Security (ARES'06).