Key Management in Mobile Ad Hoc Networks - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Key Management in Mobile Ad Hoc Networks

Description:

Certificate renewal ... its request for certificate renewal among its neighbourhood. ... Design the algorithm and protocol for initialization of ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 19
Provided by: CSE
Category:

less

Transcript and Presenter's Notes

Title: Key Management in Mobile Ad Hoc Networks


1
Key Management in Mobile Ad Hoc Networks
  • Presented by Edith Ngai
  • Spring 2003

2
Outline
  • Introduction
  • Ad hoc network security
  • Key management in ad hoc networks
  • Fully distributed CA
  • Trust-based and dynamic fully distributed CA
  • Future work
  • Conclusion

3
Introduction
  • An ad hoc network is a collection of nodes that
    do not need to rely on predefined infrastructure
    to keep the network connected.
  • Nodes of ad hoc networks are often mobile, apply
    wireless communication
  • MANET (mobile ad hoc network)
  • Applications
  • Personal area networks
  • Collaborative networks
  • Military communications
  • Sensor networks
  • Disaster area networks

4
Characteristics
  • Dynamic network topology
  • Limited physical security
  • Limited bandwidth
  • Energy constrained nodes
  • Natures of ad hoc networks makes them vulnerable
    to security attacks
  • Passive eavesdropping
  • Denial of service attacks by malicious nodes
  • Attacks from compromised entities or stolen
    devices

5
Security wired network vs Ad hoc network
  • Wired network
  • Adversary must gain physical access to wired link
  • Adversary has to sneak through security holes at
    firewalls or routers
  • Ad hoc network
  • Infrastructureless network does not have a clear
    line of defense
  • Wireless attacks may come from all directions
  • Every node must be prepared to encounter with an
    adversary

6
Key management in ad hoc networks
  • Security in networking is in many cases dependent
    on proper key management
  • A centralized approach in key management may not
    be available
  • Centralized approaches are vulnerable as single
    point of failures
  • Distributed approach is used
  • Partially distributed certificate authority
  • Fully distributed certificate authority

7
Fully distributed certificate authority
  • It uses a (k,n) threshold scheme to distribute an
    RSA certificate signing key to all nodes in the
    network
  • Any operation requiring the CAs private key SKCA
    can only be performed by a coalition of k or more
    nodes
  • Certificate renewal and revocation
  • Share initialization for incorporating joining
    nodes into the CA

8
Fully distributed certificate authority
  • Polynomial secret sharing
  • f(x) SK f1x fk-1xk-1 is the secret
    polynomial, where SK is the certificate signing
    key, PK is the certificate verification key
    assumed to be well-known
  • Each node holds a polynomial share
  • Pvi f(vi) mod N
  • Node vi firstly chooses a coalition of k nodes
    from its neighborhood.

9
Fully distributed certificate authority
  • Let the coalition be Bv1, v2, , vk,vi
    broadcast the certificate renewal request
  • The node vj returns a partial certificate CERTvj
  • Node vi then converts each of them according to
    the IDs of these k responding nodes
  • vi then combine the certificates received
  • By k-bounded coalition offsetting algorithm, vi
    can recovers its new certificate CERT

10
Fully distributed certificate authority
  • An initialized node is defined as the node that
    possesses a valid polynomial share of SK
  • The initialized nodes collaborately initialize
    the other nodes
  • When vi requests for initialization, each vj can
    calculate its partial share by
  • By Lagrange interpolation, vi can obtain its
    partial secret key

11
Trust-based and dynamic fully distributed CA
  • Different assumptions
  • Each node maintains a trust value to its
    neighbours.
  • Each node holds c partial secret keys, instead of
    one in the old model
  • Each node signs out different number of partial
    certificates according to the trust level of the
    requesting node.

12
Trust-based and dynamic fully distributed CA
  • Trust model
  • The trust value from node vj to node vi represent
    the different levels of trust that node vj
    towards node vi according to vjs observation on
    the behaviour of node vi at that moment.
  • There is a number of trust models proposed in the
    past. Our system can work with different trust
    models, no matter with continues or discrete, and
    different ranges of trust values.

13
Trust-based and dynamic fully distributed CA
  • Each node holds a number of partial keys that can
    be used to sign certificates for its neighbours.
  • We define c be the number of partial keys that a
    node holds.
  • Each node has its unique ID, and this node ID
    will be used to generate the unique partial key
    IDs that the node holds.

Node ID Partial Key IDs
1 1, 2, , c
2 c1, c2, , 2c
3 2c1, 2c2, , 3c

k (k-1)c1, (k-1)c2, , kc

n (n-1)c1, (n-1)c2, , nc
14
Trust-based and dynamic fully distributed CA
  • A node vi broadcasts its request for certificate
    renewal among its neighbourhood.
  • A neighbouring node vj receives the request will
    return a number of its partial certificates
    according to the trust value it gives to vi.
  • Define range of trust value is w1, w2. It
    should be noted that the smaller the trust value
    represents the less trust from vj to vi and vice
    versa.
  • Let x be the trust value that vj towards vi,
  • (no. of partial certificates vj sends vi) nj

15
Trust-based and dynamic fully distributed CA
  • Upon receiving at least k such partial
    certificates, node vi picks k to form the
    coalition B. Suppose, vi chooses CERTa1, CERTa2,
    , CERTak, where a1, a2, , ak are the IDs of
    the k partial keys.
  • CERTaj (CERTaj)Laj(0) mod N,
  • where
  • vi then multiples CERTa1, CERTa2, , CERTak
    together to generate the candidate certificate
    CERT
  • CERT mod N
  • Then, vi can employ the k-bounded coalition
    offsetting algorithm to recover its new
    certificate CERT.

16
Trust-based and dynamic fully distributed CA
  • The threshold k originally represents the number
    of neighbors required, now is dynamic base on the
    trust of the requesting node
  • In our system, a node vi may not need k neighbors
    to sign a certificate if it has high trust value
  • Nodes can sign certificate according to a
    quantitative trust value with our system

17
Future Work
  • Design the algorithm and protocol for
    initialization of incorporating joining nodes in
    the trust-based and dynamic fully distributed CA
  • Consider the number of partial keys per node to
    be also dynamic
  • Do performance evaluation on the proposed
    algorithm and protocol
  • Increase the performance of the current design

18
Conclusion
  • We studied the current security issues in ad hoc
    networks
  • We reviewed the key management techniques in ad
    hoc networks
  • We proposed a system of trust-based and dynamic
    fully distributed CA
  • We designed algorithm and protocol for
    certificate renewal or revocation in our system
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Key Management in Mobile Ad Hoc Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!