Toward Secure Key Distribution in Truly AdHoc Networks

1
Toward Secure Key Distribution in Truly Ad-Hoc
Networks

• Aram Khalili, Jonathan Katz, William A. Arbaugh
• IEEE Workshop on Security and Assurance in Ad-hoc
  Networks 2003
• 2003. 9. 18
• Park, Seung-hun

2
Contents

• Introduction
• Proposed ad-hoc keying mechanism
• ID-based cryptography
• Threshold cryptography
• Combined approach to ad-hoc keying
• Efficient ID-based and threshold schemes
• Summary

3
Introduction (1/2) Ad-hoc network constraints

• Assumptions
• Envision ad-hoc networks to be formed by nodes
  without any prior contact, trust, or authority
  relation
• Precludes any pre-distributed symmetric keys or a
  reliable PKI supported by all nodes
• All nodes are resource-constrained in energy,
  bandwidth, computational ability, memory, etc
• Topology of the network can change frequently
  because nodes are mobile
• Fewer than 1/3 of the principals at the time of
  network formation are corrupted or malicious

4
Introduction (2/2) The current state of ad-hoc
network security

• Ad-hoc network security research often focuses on
  secure routing protocol
• Neglect key establishment and distribution
• Zhou and Haas introduce the idea of distributing
  a CA (Certificate Authority) throughout the
  network, in a threshold fashion
• Do not address the resource limitations of
  devices in ad-hoc networks

5
Proposed ad-hoc keying mechanism (1/4)

• Characteristics
• Use threshold, ID-based cryptosystem to achieve
  security, efficiency, and resilience
• The participating nodes generate a master public
  key PK for ID-based cryptosystem
• Master secret key SK will be shared in a
  t-out-of-n threshold manner by this initial set
  of n nodes

6
Proposed ad-hoc keying mechanism (2/4) ID-based
cryptography

• Master public key/secret key is generated by PKG
  (private-key generation services)
• Arbitrary identities may be used as public keys
• Encryption and decryption

sender
receiver
Encrypted message
Secret key
Encryption ID identity
Decryption Encrypted message personal private
key
PKG
7
Proposed ad-hoc keying mechanism (3/4) ID-based
cryptography

• Algorithms of ID-based encryption scheme
• Setup
• Takes as input a security parameter
• Returns the master public/secret keys for the
  system
• Extract
• Takes as input the master secret key and an
  identity
• Returns the personal secret key corresponding to
  the identity
• Encrypt
• Takes as input the master public key, the
  identity of the recipient, and a message
• Returns a ciphertext
• Decrypt
• Takes as input the master public key, a
  ciphertext and personal secret key
• Returns the plaintext

8
Proposed ad-hoc keying mechanism (4/4)
Threshold cryptography

• Basic idea
• Allows a cryptographic operation to be split
  among multiple users such that only some
  threshold of the users can perform the desired
  operation
• t-out-of-n threshold scheme
• Any set of t users can compute the desired
  functionality
• Adversary who compromises t-1 users cannot
  compute the desired functionality
• Honest user who needs the cryptographic operation
  to be performed need only contact t of the users

9
Combined approach to ad-hoc keying (1/4)

• Overview

10
Combined approach to ad-hoc keying (1/3)

• Form network
• Nodes that are forming the network decide on a
  mutually acceptable set of security parameters
• Any node which is not satisfied by the choice of
  parameters can choose to refuse to participate in
  the network
• Form a threshold PKG
• Initial set of nodes can form a threshold PKG for
  an ID-based scheme
• These nodes will generate the master
  public/secret keys
• Master public key is given to all members of the
  network
• PKG can start issuing personal secret keys to
  nodes based on their identities and the key
  issuance policy

11
Combined approach to ad-hoc keying (2/3)

• Receive private key
• Node presents identity and any extra material
  specified by the key issuance policy to t nodes
  forming the PKG
• Node receives a share of their personal private
  key from each of them
• With t correct shares, the node can compute its
  personal private key within the networks
  ID-based system

12
Combined approach to ad-hoc keying (3/3)

• Advantages of distributing the key generation and
  the PKG service
• Prevents a single point of failure
• Resists compromise or insider attack
• Makes the scheme resilient when some nodes are
  unreachable due to ad-hoc conditions as long as
  at least k are still reachable
• Advantages of ID-based against CA-based
• Does not need transmission, storage, and
  verification of public keys and certificates
• Leads to huge savings in bandwidth
• Saves in computation

13
Efficient ID-based and threshold schemes

• For ID-based scheme
• The scheme of Cha and Cheon which yields
  signatures that are both very efficient to
  compute and extremely short
• Simplifying assumptions can improve the
  efficiency of the master key generation
• Algebraic GDH (Gap Diffie-Hellman) groups can
  computationally improve in key generation
• For threshold scheme
• Boldyrevas distributed key generation algorithm
• Tolerates up to n/2 malicious nodes
• Is optimal for threshold

14
Summary

• Ad-hoc networks cannot always be assumed to have
  keying material or mechanisms for key
  distribution in place at network formation time
• ID-based and threshold cryptography are proposed
• ID-based cryptography provides efficiency gains
• Threshold cryptography provides resilience and
  robustness
• Limitation
• Malicious members of the network can provide
  newly joining members with a false master public
  key