A Distributed Public Key Caching Scheme in Large Wireless Networks.

When asymmetric cryptography techniques are used in wireless networks, the public keys of the nodes need to be widely available and signed by a Certificate Authority (CA). However, the existence of a single CA in large wireless networks such as mobile ad hoc networks and wireless sensor networks can lead the hotspot problem and become a security weakness. In this work, we propose a distributed technique to cache the public keys on regular nodes. Due to the limited memory size that each node is allowed to dedicate for key caching, only some keys can be cached. In our proposed technique, each node caches the public keys of a mix of local and remote nodes. The local nodes are defined as the nodes within the same neighborhood according to the transmission range, while the remote nodes are the ones outside the range. Access to the public keys of other nodes is possible based on a chain of trust. Multiple copies of public keys from different chains of trusted nodes provide fault tolerance. We explain our technique in detail and investigate its salient features in this work. An interesting observation is the need to balance caching public keys of local nodes and remote nodes. We studied the optimum local/remote public key caching ratios for different networks via investigating the availability of the number of required public key copies. These simulation results showed that by balancing the caching public keys with the optimum ratios, the availability of the required public keys kept increasing and finally became stable. We also did the simulation about studying the number of hops to find the first copies of required public keys. The results showed how local/remote ratios affected the minimum number of hops for reaching the first copies

Sea of Lights: Practical Device-to-Device Security Bootstrapping in the Dark

Practical solutions to bootstrap security in today's information and communication systems critically depend on centralized services for authentication as well as key and trust management. This is particularly true for mobile users. Identity providers such as Google or Facebook have active user bases of two billion each, and the subscriber number of mobile operators exceeds five billion unique users as of early 2018. If these centralized services go completely `dark' due to natural or man made disasters, large scale blackouts, or country-wide censorship, the users are left without practical solutions to bootstrap security on their mobile devices. Existing distributed solutions, for instance, the so-called web-of-trust are not sufficiently lightweight. Furthermore, they support neither cross-application on mobile devices nor strong protection of key material using hardware security modules. We propose Sea of Lights(SoL), a practical lightweight scheme for bootstrapping device-to-device security wirelessly, thus, enabling secure distributed self-organized networks. It is tailored to operate `in the dark' and provides strong protection of key material as well as an intuitive means to build a lightweight web-of-trust. SoL is particularly well suited for local or urban operation in scenarios such as the coordination of emergency response, where it helps containing/limiting the spreading of misinformation. As a proof of concept, we implement SoL in the Android platform and hence test its feasibility on real mobile devices. We further evaluate its key performance aspects using simulation

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells