Public key cryptography sans certificates in ad hoc networks

Abstract. Several researchers have proposed the use of threshold cryptographic model to enable secure communication in ad hoc networks without the need of a trusted center. In this model, the system remains secure even in the presence of a certain threshold t of corrupted/malicious nodes. In this paper, we show how to perform necessary public key operations without node-specific certificates in ad hoc networks. These operations include pair-wise key establishment, signing, and encryption. We achieve this by using Feldman’s verifiable polynomial secret sharing (VSS) as a key distribution scheme and treating the secret shares as the private keys. Unlike in the standard public key cryptography, where entities have independent private/public key pairs, in the proposed scheme the private keys are related (they are points on a polynomial of degree t) andeach public key can be computed from the public VSS information and node identifier. We show that such related keys can still be securely used for standard signature and encryption operations (using resp. Schnorr signatures and ElGamal encryption) and for pairwise key establishment, as long as there are no more that t collusions/corruptions in the system. The proposed usage of shares as private keys can also be viewed as a threshold-tolerant identity-based cryptosystem under standard (discrete logarithm based) assumptions.

ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS

Concept of Mobile Ad-hoc Networks (MANETs) was brought up a few decades ago with assumed prosperous future. Unfortunately, we do not see many practical applications of them in real life. Security of MANETs is a big concern considered by investors and industries, and hinders them from putting MANETs into application. Requirements of security, and difficulties to meet these requirements have been stated clearly already; yet solutions to these difficulties are not quite clear. Cryptographic technologies seem to be capable of satisfying most of the requirements, which has been proved in Internet or wired networks. However, most of the technologies, including symmetric and traditional asymmetric cryptography (such as Public Key Infrastructure (PKI)), are inapplicable or inconvenient to use inMANETs context. Identity-based Cryptography (IBC), as a special form of asymmetric cryptography, carries many features interesting for MANETs. IBC has been studied a lot recently by researchers of MANET security, and many applications have been proposed and claimed to address this difficult problem. However, it is still the case that most of the solutions are not sound enough to be used in a practical MANET. This thesis starts with an intensive survey on the proposals of applications of IBC in MANETs, and points out the issues, limitations and weaknesses in these proposals and also in IBC itself. The thesis proposes a novel framework with key management and secure routing scheme integrated aiming to address these issues. This scheme brings these contributions: compared to symmetric key solutions, it has more functionality derived from asymmetric keys, and is more secure due to using 1-to-m broadcasting key instead of only 1 group broadcasting key, and has less keys to store per node due to using asymmetric keys instead of pairwise symmetric keys; compared to traditional asymmetric cryptography solutions, the storage and communication requirements are lower due to IBC properties; compared to previous IBC solutions, it has no key management and secure routing interdependency cycle problem. Security of the proposed scheme is proved and performance of the scheme is simulated and analyzed in the thesis. To the end of a complete solution for an arbitraryMANET running in an arbitrary environment, the thesis proposes enhancements to counter various attacks and options to abate or eliminate limitations and weaknesses of IBC. The proposed scheme has a wide range of applicability for various MANETs with little or no administrative overhead depending on situations where it is considered

Cryptographic Approaches To Security and Privacy Issues In Pervasive Computing

Technological innovation has enabled tiny devices to participate in pervasive com- puting. Such devices are particularly vulnerable to security and privacy threats, because of their limited computing resources and relatively weak physical security. We investigate possible cryptographic solutions to security and privacy problems arising in two kinds of emerging pervasive computing networks: Personal Area Net- works (PANs) and the EPCglobal Network. A number of key management schemes have been proposed for use in PANs, but these schemes only support key management within a PAN. However, as people are increasingly equipped with multiple wireless devices, PANs are likely to be intercon- nected to share information or services. We introduce a term, iPANs, to name such interconnected PANs. We define system models and design goals for key manage- ment in iPANs, and propose a novel security initialisation scheme for use in iPANs. The proposed scheme achieves desirable security and efficiency properties by making use of the unique characteristics of PANs. The EPCglobal Network is designed to give efficiency and cost savings in and beyond the supply chain using Radio Frequency Identification (RFID) technology; however, privacy threats affecting such networks are particularly serious. We construct a formal privacy model for RFID systems accurately reflecting adversarial threats and power. We then give brief privacy analysis for the existing privacy-enhanced RFID schemes which have received wide attention in the literature. We then construct a secure refresh-based RFID system based on re-encryption techniques, and prove its privacy using the defined privacy model. Finally, we show that the proposed scheme can greatly enhance the security and privacy of EPC tags, making the maximum use of given tag functionalities as specified in the standards