200 likes | 403 Views
Key Management in Mobile Ad Hoc Networks. Presented by Edith Ngai Spring 2003. Outline . Introduction Ad hoc network security Key management in ad hoc networks Fully distributed CA Trust-based and dynamic fully distributed CA Future work Conclusion. Introduction.
E N D
Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003
Outline • Introduction • Ad hoc network security • Key management in ad hoc networks • Fully distributed CA • Trust-based and dynamic fully distributed CA • Future work • Conclusion
Introduction • An ad hoc network is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected. • Nodes of ad hoc networks are often mobile, apply wireless communication • MANET (mobile ad hoc network) • Applications • Personal area networks • Collaborative networks • Military communications • Sensor networks • Disaster area networks
Characteristics • Dynamic network topology • Limited physical security • Limited bandwidth • Energy constrained nodes • Natures of ad hoc networks makes them vulnerable to security attacks • Passive eavesdropping • Denial of service attacks by malicious nodes • Attacks from compromised entities or stolen devices
Security –wired network vs Ad hoc network • Wired network • Adversary must gain physical access to wired link • Adversary has to sneak through security holes at firewalls or routers • Ad hoc network • Infrastructureless network does not have a clear line of defense • Wireless attacks may come from all directions • Every node must be prepared to encounter with an adversary
Key management in ad hoc networks • Security in networking is in many cases dependent on proper key management • A centralized approach in key management may not be available • Centralized approaches are vulnerable as single point of failures • Distributed approach is used • Partially distributed certificate authority • Fully distributed certificate authority
Fully distributed certificate authority • It uses a (k,n) threshold scheme to distribute an RSA certificate signing key to all nodes in the network • Any operation requiring the CA’s private key SKCA can only be performed by a coalition of k or more nodes • Certificate renewal and revocation • Share initialization for incorporating joining nodes into the CA
Fully distributed certificate authority • Polynomial secret sharing f(x) = SK + f1x + … + fk-1xk-1 is the secret polynomial, where SK is the certificate signing key, PK is the certificate verification key assumed to be well-known • Each node holds a polynomial share Pvi = f(vi) mod N • Node vi firstly chooses a coalition of k nodes from its neighborhood.
Fully distributed certificate authority • Let the coalition be B={v1, v2, …, vk},vi broadcast the certificate renewal request • The node vj returns a partial certificate CERTvj: • Node vi then converts each of them according to the IDs of these k responding nodes: • vi then combine the certificates received: • By k-bounded coalition offsetting algorithm, vi can recovers its new certificate CERT
Fully distributed certificate authority • An initialized node is defined as the node that possesses a valid polynomial share of SK • The initialized nodes collaborately initialize the other nodes • When vi requests for initialization, each vj can calculate its partial share by: • By Lagrange interpolation, vi can obtain its partial secret key:
Trust-based and dynamic fully distributed CA • Different assumptions • Each node maintains a trust value to its neighbours. • Each node holds c partial secret keys, instead of one in the old model • Each node signs out different number of partial certificates according to the trust level of the requesting node.
Trust-based and dynamic fully distributed CA • Trust model • The trust value from node vj to node vi represent the different levels of trust that node vj towards node vi according to vj’s observation on the behaviour of node vi at that moment. • There is a number of trust models proposed in the past. Our system can work with different trust models, no matter with continues or discrete, and different ranges of trust values.
Trust-based and dynamic fully distributed CA • Each node holds a number of partial keys that can be used to sign certificates for its neighbours. • We define c be the number of partial keys that a node holds. • Each node has its unique ID, and this node ID will be used to generate the unique partial key IDs that the node holds.
Trust-based and dynamic fully distributed CA • A node vi broadcasts its request for certificate renewal among its neighbourhood. • A neighbouring node vj receives the request will return a number of its partial certificates according to the trust value it gives to vi. • Define range of trust value is [w1, w2]. It should be noted that the smaller the trust value represents the less trust from vj to vi; and vice versa. • Let x be the trust value that vj towards vi, (no. of partial certificatesvj sends vi) nj =
Trust-based and dynamic fully distributed CA • Upon receiving at least k such partial certificates, node vi picks k to form the coalition B. Suppose, vi chooses {CERTa1, CERTa2, … , CERTak}, where a1, a2, …, ak are the IDs of the k partial keys. CERT’aj = (CERTaj)Laj(0) mod N, where • vi then multiples {CERTa1, CERTa2, … , CERTak} together to generate the candidate certificate CERT’: CERT’ = mod N • Then, vi can employ the k-bounded coalition offsetting algorithm to recover its new certificate CERT.
Requester Responders Request Send 2 partial certificates in one unicast K partial certificates Trust-based and dynamic fully distributed CA • The threshold k originally represents the number of neighbors required, now is dynamic base on the trust of the requesting node • In our system, a node vi may not need k neighbors to sign a certificate if it has high trust value • Nodes can sign certificate according to a quantitative trust value with our system
Future Work • Design the algorithm and protocol for initialization of incorporating joining nodes in the trust-based and dynamic fully distributed CA • Consider the number of partial keys per node to be also dynamic • Do performance evaluation on the proposed algorithm and protocol • Increase the performance of the current design
Conclusion • We studied the current security issues in ad hoc networks • We reviewed the key management techniques in ad hoc networks • We proposed a system of trust-based and dynamic fully distributed CA • We designed algorithm and protocol for certificate renewal or revocation in our system