Thanks to: Nitin H. Vaidya University of Illinois at Urbana-Champaign

1. Department of Computer ScienceSouthern Illinois University CarbondaleCS 591 – Wireless & Network SecurityLecture 13: Key Management in MANETs Thanks to: Nitin H. Vaidya University of Illinois at Urbana-Champaign Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Wireless & Network Security 1

2. Key Management • Security in networking is in many cases dependent on proper key management • In “pure” ad hoc networks, access to infrastructure cannot be assumed • MANETs & WSNs • Network may also become partitioned • In “hybrid” networks, however, if access to infrastructure is typically available, traditional solutions can be extended with relative ease • Wireless LANs • Centralized approaches for Key Management are vulnerable as single point of failures • Distributed Approaches are desirable in MANETs and WSNs Wireless & Network Security 2

3. CA • Certification Authority (CA) has a public/private key pair, with public key known to all • CA signs certificate binding public keys to other nodes • A single CA may not be enough – unavailability of the CA (due to partitioning, failure or compromise) will make it difficult for nodes to obtain public keys of other hosts • A compromised CA may sign erroneous certificates • Solutions for MANETs • Distributed CA: [Zhou99] Securing Ad Hoc Networks, Lidong Zhou, Zygmunt J. Haas, IEEE Network, 1999 • [Capkun93] S. Capkun, L. Buttyan, and J. P. Hubaux, "Self-Organized Public-Key Management for Mobile Ad Hoc Networks“ IEEE Transactions on Mobile Computing, Vol. 2, Nr. 1 (January - March 2003) Wireless & Network Security 3

4. Distributed CA • Use threshold cryptography to implement CA functionality jointly at n nodes. The n CA servers collectively have a public/private key pair • Each CA only knows a part of the private key • Can tolerate t compromised servers • Threshold cryptography: (n,t+1) threshold cryptography scheme allows n parties to share the ability to perform a cryptographic operation (e.g., creating a digital signature) • Any (t+1) parties can perform the operation jointly • No t or fewer parties can perform the operation • Each server knows public key of other servers, so that the servers can communicate with each other securely • To sign a certificate, each server generates a partial signature for the certificate, and submits to a combiner • To protect against a compromised combiner, use t+1 combiners Wireless & Network Security 4

5. Self-Organized Public Key Management (w,Kw)Pr Ku Ku Kw • Does not rely on availability of CA • Nodes form a “Certificate Graph” • each vertex represents a public key • an edge from Ku to Kw exists if there is a certificate signed by the private key of node u that binds Kw to the identity of some node w. • Four steps of the management scheme • Step 1: Each node creates its own private/public keys. Each node acts independently • Step 2: When a node u believes that key Kw belongs to node w, node u issues a public-key certificate in which Kw is bound to w by the signature of u • Step 3: Nodes periodically exchange certificates with other nodes they encounter • Step 4: Each node forms a certificate graph using the certificates known to that node Wireless & Network Security 5

6. Self-Organized Public Key Management • Authentication • When a node u wants to verify the authenticity of the public key Kv of node v, u tries to find a directed graph from Ku to Kv in the certificate graph. If such a path is found, the key is authentic. • Misbehaving hosts may issue incorrect certificates • If there are mismatching certificates, indicates presence of a misbehaving host (unless one of the mismatching certificate has expired) • Mismatching certificates may bind same public key for two different nodes, or same node to two different keys • To resolve the mismatch, a “confidence” level may be calculated for each certificate chain that verifies each of the mismatching certificates • Choose the certificate that can be verified with high confidence – else ignore both certificates Wireless & Network Security 6