Distributed CA-based PKI for Mobile Ad Hoc Networks Using Elliptic Curve Cryptography

The implementation of a standard PKI in a mobile ad hoc network (MANET) is not practical for several reasons: (1) lack of a fixed infrastructure; (2) a centralized certification authority (CA) represents a single point of failure in the network; (3) the relative locations and logical assignments of nodes vary in time; (4) nodes often have limited transmission and computational power, storage, and battery life. We propose a practical distributed CA-based PKI scheme for MANETs based on Elliptic Curve Cryptography (ECC) that overcomes these challenges. In this scheme, a relatively small number of mobile CA servers provide distributed service for the mobile nodes. The key elements of our approach include the use of threshold cryptography, cluster-based key management with mobile CA servers, and ECC. We show that the proposed scheme is resistant to a wide range of security attacks and can scale easily to networks of large size.

[1]  Robin Kravets,et al.  Key management for heterogeneous ad hoc wireless networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[2]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[3]  Jean-Pierre Hubaux,et al.  The quest for security in mobile ad hoc networks , 2001, MobiHoc '01.

[4]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[5]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[6]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[7]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[9]  Dhiraj K. Pradhan,et al.  A cluster-based approach for routing in dynamic networks , 1997, CCRV.

[10]  Prithwish Basu,et al.  A mobility based metric for clustering in mobile ad hoc networks , 2001, Proceedings 21st International Conference on Distributed Computing Systems Workshops.

[11]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[12]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[13]  Samir Khuller,et al.  A clustering scheme for hierarchical control in multi-hop wireless networks , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[15]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[16]  Wolfgang Rankl,et al.  Smart Card Handbook , 1997 .

[17]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[18]  Stanisław Jarecki,et al.  Proactive secret sharing and public key cryptosystems , 1995 .

[19]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[20]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[21]  Mario Gerla,et al.  Adaptive Clustering for Mobile Wireless Networks , 1997, IEEE J. Sel. Areas Commun..