SECRET: a secure and efficient certificate revocation scheme for mobile ad hoc networks

The intent of this paper is to propose an enhanced certificate revocation scheme for Mobile Ad hoc Networks (MANETs). Our approach is built on mainly two previously proposed mechanisms. A combination of the schemes and optimization of certain steps with intelligent choices of parameters could significantly reduce the overhead associated with such mechanism. We prove the efficiency of our approach by performance analysis. Also, we present the security analysis that shows clear gains than the previously proposed schemes

АНАЛІЗ МЕХАНІЗМІВ ЗАБЕЗПЕЧЕННЯ ЦІЛІСНОСТІ ТА АВТЕНТИЧНОСТІ ПОВІДОМЛЕНЬ В МЕРЕЖАХ MANET

Забезпечення цілісності та автентичності повідомлень в сучасних мережах MANET є актуальною науково-технічною проблемою. Способом її вирішення є проведення постійного аналізу загроз безпеки MANET, а також розробка й вдосконалення механізмів забезпечення цілісності та автентичності інформації в мережі. Проведено аналіз сучасних атак на мережі MANET та відповідних ним загроз цілісності та автентичності інформації. Розглянуті недоліки та переваги протоколів безпечної маршрутизації. В результаті цього визначені перспективні напрямки вдосконалення та подальшого розвитку систем безпеки та протоколів безпечної маршрутизації в мережах MANET

Аналіз механізмів забезпечення цілісності та автентичності повідомлень в мережах MANET

Ensuring the integrity and authenticity of the messages in today's MANET networks is an urgent scientific and technical problem. The way to solve it is to conduct a continuous review of security threats of MANET, as well as the development and improvement of mechanisms of ensure the integrity and authenticity of information in the network. The analysis of the current attacks on the MANET networks and the corresponding threats of the integrity and authenticity of information has been done. The advantages and disadvantages of secure routing protocols are shown. As a result, identified promising areas of improvement and further development of security systems and secure routing protocols in MANET networks.Обеспечение целостности и аутентичности сообщений в современных сетях MANET является актуальной научно-технической проблемой. Способом ее решения является проведение постоянного анализа угроз безопасности MANET, а также разработка и усовершенствование механизмов обеспечения целостности и аутентичности информации в сети. Проведен анализ современных атак на сети MANET и соответствующих им угроз целостности и аутентичности информации. Рассмотрены недостатки и преимущества протоколов безопасной маршрутизации. В результате этого определены перспективные направления усовершенствования и дальнейшего развития систем безопасности и протоколов безопасной маршрутизации в сетях MANET.Забезпечення цілісності та автентичності повідомлень в сучасних мережах MANET є актуальною науково-технічною проблемою. Способом її вирішення є проведення постійного аналізу загроз безпеки MANET, а також розробка й вдосконалення механізмів забезпечення цілісності та автентичності інформації в мережі. Проведено аналіз сучасних атак на мережі MANET та відповідних ним загроз цілісності та автентичності інформації. Розглянуті недоліки та переваги протоколів безпечної маршрутизації. В результаті цього визначені перспективні напрямки вдосконалення та подальшого розвитку систем безпеки та протоколів безпечної маршрутизації в мережах MANET

Key Revocation for Identity-Based Schemes in Mobile Ad Hoc Networks

Abstract. Recently, identity-based cryptographic (IBC) schemes have been considered to secure mobile ad hoc networks (MANETs) due to their efficient key management properties. However, proposed schemes do not provide mechanisms for key revocation and key renewal. In this paper, we propose the first key revocation and key renewal mechanisms for IBC schemes that are especially designed for MANETs. In our fully self-organized revocation scheme, each node monitors nodes in communication range and securely propagates its observations. The public key of a node is revoked if a minimum number of nodes accused the node. To enable key renewal, we introduce a modified format for ID-based public keys, such that new keys can be issued for the same identity. The introduced revocation scheme is efficient because it uses pre-shared keys from the Weil pairing to secure accusation and revocation messages and messages are sent to an m-hop neighborhood instead of to the entire network. Our revocation mechanism can be adapted to PKI schemes in MANETs.

SEMAN - uma proposta de Middleware seguro para as redes ad hoc móveis

Orientador : Prof. Dr. Luiz Carlos Pessoa AlbiniTese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Ciência da Computação. Defesa: Curitiba, 04/04/2014Inclui referênciasResumo: Devido às particularidades das redes ad hoc móveis (MANETs - Mobile Ad Hoc Networks), como a topologia dinâmica, a ausência de infraestrutura e a sua característica decentralizada, a implementação de aplicações complexas e flexíveis para estas redes torna-se um desafio. Para permitir o desenvolvimento dessas aplicações, diversas soluções de middleware foram propostas. Contudo, as soluções encontradas não consideram plenamente os requisitos de segurança dessas redes. Este trabalho apresenta um estudo dos middlewares propostos para as MANETs, relatando o seu funcionamento e apresentando um comparativo das funcionalidades disponíveis. Esses middlewares são categorizados de acordo com a seguinte classificação, proposta neste trabalho: baseados em espaços de tuplas, baseados em P2P, baseados em contexto, cross-layer e orientados à aplicação. Em seguida, com base nas limitações estudadas, é proposto um novo middleware de segurança para as MANETs, chamado de SEcure Middleware for Ad hoc Mobile Networks (SEMAN - Middleware seguro para as redes ad hoc móveis), que fornece um conjunto de serviços de segurança para facilitar o desenvolvimento de aplicações distribuídas, complexas e flexíveis. Para fornecer tais serviços e garantir a segurança, o SEMAN considera o contexto das aplicações e organiza os nós em grupos, também baseados nesses contextos. O middleware prevê três módulos: serviço, processamento e segurança. O módulo de serviço é responsável por manter todos os serviços e aplicações que são disponibilizados pelo nó hospedeiro a outros nós da rede. O módulo de processamento é responsável por manter o funcionamento central do middleware, atendendo os pedidos e gerenciando o registro dos serviços e componentes disponíveis. O módulo de segurança é o ponto principal do middleware e o foco desta tese. Ele possui os componentes de gerenciamento de chaves, de confiança e de grupos. Todos esses componentes foram desenvolvidos pelo autor e são descritos neste trabalho. Eles são suportados por um núcleo de operações criptográficas e atuam de acordo com regras e políticas de segurança. A integração desses componentes fornece garantias de segurança contra ataques às aplicações que utilizam o middleware.Abstract: Due to the particularities of Mobile Ad Hoc Networks (MANETs), as their dynamic topology, lack of infrastructure and decentralized characteristic, the implementation of complex and flexible applications is a challenge. To enable the deployment of these applications, several middleware solutions were proposed. However, these solutions do not completely consider the security requirements of these networks. This thesis presents middleware solutions for MANETs, by describing their operations and presenting a comparative of the available functionalities. The middlewares were grouped according to this classification: tuple space-based, P2P-based, context-based, cross-layer and applicationoriented. Then, based on the limitations of the studied solutions, a new secure middleware is proposed, called SEcure Middleware for Ad hoc Networks (SEMAN), which provides a set of basic and secure services to MANETs aiming to facilitate the development of distributed, complex and flexible applications. To provide such services and ensure security to the applications, SEMAN considers the context of applications and organizes nodes into groups, also based on these contexts. The middleware includes three modules: service, processing, and security. Service module is responsible for maintaining all services and applications hosted by nodes. The processing module is responsible for maintaining the middleware core operation, listening the requests and managing the registry of available services and components. The security module is the main part of the middleware and the focus of this thesis. It has the following components: key management, trust management and group management. All these components were developed and are described in this work. They are supported by a cryptographic core and behave according to security rules and policies. The integration of these components provides security assurance against attacks to the applications that use the middleware

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method