Key management in mobile ad hoc networks.

Thesis (M.Sc.Eng.)-University of KwaZulu-Natal, Durban, 2005.Mobile ad hoc networks (MANETs) eliminate the need for pre-existing infrastructure by relying on the nodes to perform all network services. The connectivity between the nodes is sporadic due to the shared, error-prone wireless medium and frequent route failures caused by node mobility. Fully self-organized MANETs are created solely by the end-users for a common purpose in an ad hoc fashion. Forming peer-to-peer security associations in MANETs is more challenging than in conventional networks due to the lack of central authority. This thesis is mainly concerned with peer- t o-peer key management in fully self-organized M ANETs. A key management protocol’s primary function is to bootstrap and maintain the security associations in the network, hence to create, distribute and revocate (symmetric or asymmetric) keying material as needed by the network security services. The fully self-organized feature means that t he key management protocol cannot rely on any form of off-line or on-line trusted third party (TTP). The first part of the thesis gives an introduction to MANETs and highlights MANETs' main characteristics and applications. The thesis follows with an overall perspective on the security issues in MANETs and motivates the importance of solving the key management problem in MANETs. The second part gives a comprehensive survey on the existing key management protocols in MANETs. The protocols are subdivided into groups based on their main characteristic or design strategy. Discussion and comments are provided on the strategy of each group. The discussions give insight into the state of the art and show researchers the way forward. The third part of the thesis proposes a novel peer- to-peer key management scheme for fully self-organized MANETs, called Self-Organized Peer-to-Peer Key Management (SelfOrgPKM). The scheme has low implementation complexity and provides self-organized mechanisms for certificate dissemination and key renewal without the need for any form of off-line or on-line authority. The fully distributed scheme is superior in communication and computational overhead with respect to its counterparts. All nodes send and receive the same number of messages and complete the same amount of computation. ScifOrgPKM therefore preserves the symmetric relationship between the nodes. Each node is its own authority domain which provides an adversary with no convenient point of attack. SelfOrgPKM solves t he classical routing-security interdependency problem and mitigates impersonation attacks by providing a strong one-to-one binding between a user’s certificate information and public key. The proposed scheme uses a novel certificate exchange mechanism t hat exploits user mobility but does not rely on mobility in anyway. The proposed certificate exchange mechanism is ideally suited for bootstraping the routing security. It enables nodes to setup security associations on the network layer in a localized fashion without any noticeable time delay. The thesis also introduces two generic cryptographic building blocks as the basis of SelfOrgPKM: 1) A variant on the ElGamal type signature scheme developed from the generalized ElGamal signature scheme introduced by Horster et al. The modified scheme is one of the most efficient ElGamal variants, outperforming most other variant s; and 2) A subordinate public key generation scheme. The thesis introduces t he novel notion of subordinate public keys, which allows the users of SelfOrgPKM to perform self-organized, self-certificate revocation without changing their network identifiers / addresses. Subordinate public keys therefore eliminate the main weakness of previous efforts to solve the address ownership problem in Mobile IPv6. Furthermore, the main weakness of previous efforts to break t he routing-security interdependence cycle in MANETs is also eliminated by a subordinate public key mechanism. The presented EIGamal signature variant is proved secure in t he Random Oracle and Generic Security Model (ROM+ GM ) without making any unrealistic assumptions . It is shown how the strong security of the signature scheme supports t he security of t he proposed subordinate key generation scheme. Based on the secure signature scheme a security argument for SelfOrgPKM is provided with respect to a genera l, active insider adversary model. The only operation of SelfOrgPKM affecting the network is the pairwise exchange of certificates. The cryptographic correctness, low implementation complexity and effectiveness of SelfOrgPKM were verified though extensive simulations using ns-2 and OpenSSL. Thorough analysis of the simulation results shows t hat t he localized certificate exchange mechanism on the network layer has negligible impact on network performance. The simulation results also correlate with efficiency analysis of SelfOrgPKM in an ideal network setting, hence assuming guaranteed connectivity. The simulation results furthermore demonstrate that network layer certificate exchanges can be triggered without extending routing protocol control packet

Mobile Computing in Digital Ecosystems: Design Issues and Challenges

In this paper we argue that the set of wireless, mobile devices (e.g., portable telephones, tablet PCs, GPS navigators, media players) commonly used by human users enables the construction of what we term a digital ecosystem, i.e., an ecosystem constructed out of so-called digital organisms (see below), that can foster the development of novel distributed services. In this context, a human user equipped with his/her own mobile devices, can be though of as a digital organism (DO), a subsystem characterized by a set of peculiar features and resources it can offer to the rest of the ecosystem for use from its peer DOs. The internal organization of the DO must address issues of management of its own resources, including power consumption. Inside the DO and among DOs, peer-to-peer interaction mechanisms can be conveniently deployed to favor resource sharing and data dissemination. Throughout this paper, we show that most of the solutions and technologies needed to construct a digital ecosystem are already available. What is still missing is a framework (i.e., mechanisms, protocols, services) that can support effectively the integration and cooperation of these technologies. In addition, in the following we show that that framework can be implemented as a middleware subsystem that enables novel and ubiquitous forms of computation and communication. Finally, in order to illustrate the effectiveness of our approach, we introduce some experimental results we have obtained from preliminary implementations of (parts of) that subsystem.Comment: Proceedings of the 7th International wireless Communications and Mobile Computing conference (IWCMC-2011), Emergency Management: Communication and Computing Platforms Worksho

Maintaining unlinkability in group based P2P environments

In the wake of the success of Peer-to-Peer (P2P) networking, security has arisen as one of its main concerns, becoming a key issue when evaluating a P2P system. Unfortunately, some systems' design focus targeted issues such as scalabil-ity or overall performance, but not security. As a result, security mechanisms must be provided at a later stage, after the system has already been designed and partially (or even fully) implemented, which may prove a cumbersome proposition. This work exposes how a security layer was provided under such circumstances for a specic Java based P2P framework: JXTA-Overlay.Arran de l'èxit de (P2P) peer-to-peer, la seguretat ha sorgit com una de les seves principals preocupacions, esdevenint una qüestió clau en l'avaluació d'un sistema P2P. Malauradament, alguns sistemes de disseny apunten focus de problemes com l'escalabilitat o l'acompliment general, però no de seguretat. Com a resultat d'això, els mecanismes de seguretat s¿han de proporcionar en una etapa posterior, després que el sistema ja ha estat dissenyat i parcialment (o fins i tot totalment) implementat, la qual cosa pot ser una proposició incòmode. Aquest article exposa com es va proveir una capa de seguretat sota aquestes circumstàncies per un Java específic basat en un marc P2P: JXTA-superposició.A raíz del éxito de (P2P) peer-to-peer, la seguridad ha surgido como una de sus principales preocupaciones, convirtiéndose en una cuestión clave en la evaluación de un sistema P2P. Desgraciadamente, algunos sistemas de diseño apuntan un foco de problemas como la escalabilidad o el desempeño general, pero no de seguridad. Como resultado de ello, los mecanismos de seguridad se proporcionarán en una etapa posterior, después de que el sistema ya ha sido diseñado y parcialmente (o incluso totalmente) implementado, lo que puede ser una proposición incómodo. Este artículo expone cómo se proveyó una capa de seguridad bajo estas circunstancias por un Java específico basado en un marco P2P: JXTA-superposición

A New Scheme for Minimizing Malicious Behavior of Mobile Nodes in Mobile Ad Hoc Networks

The performance of Mobile Ad hoc networks (MANET) depends on the cooperation of all active nodes. However, supporting a MANET is a cost-intensive activity for a mobile node. From a single mobile node perspective, the detection of routes as well as forwarding packets consume local CPU time, memory, network-bandwidth, and last but not least energy. We believe that this is one of the main factors that strongly motivate a mobile node to deny packet forwarding for others, while at the same time use their services to deliver its own data. This behavior of an independent mobile node is commonly known as misbehaving or selfishness. A vast amount of research has already been done for minimizing malicious behavior of mobile nodes. However, most of them focused on the methods/techniques/algorithms to remove such nodes from the MANET. We believe that the frequent elimination of such miss-behaving nodes never allowed a free and faster growth of MANET. This paper provides a critical analysis of the recent research wok and its impact on the overall performance of a MANET. In this paper, we clarify some of the misconceptions in the understating of selfishness and miss-behavior of nodes. Moreover, we propose a mathematical model that based on the time division technique to minimize the malicious behavior of mobile nodes by avoiding unnecessary elimination of bad nodes. Our proposed approach not only improves the resource sharing but also creates a consistent trust and cooperation (CTC) environment among the mobile nodes. The simulation results demonstrate the success of the proposed approach that significantly minimizes the malicious nodes and consequently maximizes the overall throughput of MANET than other well known schemes.Comment: 10 pages IEEE format, International Journal of Computer Science and Information Security, IJCSIS July 2009, ISSN 1947 5500, Impact Factor 0.42

Mobility Helps Peer-to-Peer Security

We propose a straightforward technique to provide peer-to-peer security in mobile networks. We show that far from being a hurdle, mobility can be exploited to set up security associations among users. We leverage on the temporary vicinity of users, during which appropriate cryptographic protocols are run. We illustrate the operation of the solution in two scenarios, both in the framework of mobile ad hoc networks. In the first scenario, we consider fully self-organized security: users authenticate each other by visual contact and by the activation of an appropriate secure side channel of their personal device; we show that the process can be fuelled by taking advantage of trusted acquaintances In the second scenario, we assume the presence of an off-line certification authority and we show how mobility helps to solve the security-routing interdependency cycle; in this case, the security protocol runs over one-hop radio links. We then show that the proposed solution is generic: it can be deployed on any mobile network and it can be implemented either with symmetric or with asymmetric cryptography. We provide a detailed performance analysis by studying the behavior of the solution on various mobility models