Trust Based Certificate Revocation for Secure Routing in MANET

AbstractMany trust establishment solutions in mobile ad hoc networks (MANETs) rely on public key certificates. Therefore, they should be accompanied by an efficient mechanism for certificate revocation and validation. In order to reduce the hazards from nodes and to enhance the security of network we propose to develop a CA distribution and a Trust based threshold revocation method. Initially the trust value is computed from the direct and indirect trust values. And the certificate authorities distributes the secret key to al the nodes. Followed by this a trust based threshold revocation method is computed. Here the misbehaving nodes are eliminated

PKIX Certificate Status in Hybrid MANETs

Certificate status validation is a hard problem in general but it is particularly complex in Mobile Ad-hoc Networks (MANETs) because we require solutions to manage both the lack of fixed infrastructure inside the MANET and the possible absence of onnectivity to trusted authorities when the certification validation has to be performed. In this sense, certificate acquisition is usually assumed as an initialization phase. However, certificate validation is a critical operation since the node needs to check the validity of certificates in real-time, that is, when a particular certificate is going to be used. In such MANET environments, it may happen that the node is placed in a part of the network that is disconnected from the source of status data at the moment the status checking is required. Proposals in the literature suggest the use of caching mechanisms so that the node itself or a neighbour node has some status checking material (typically on-line status responses or lists of revoked certificates). Howeve to the best of our knowledge the only criterion to evaluate the cached (obsolete) material is the time. In this paper, we analyse how to deploy a certificate status checking PKI service for hybrid MANET and we propose a new criterion based on risk to evaluate cached status data that is much more appropriate and absolute than time because it takes into account the revocation process.Peer ReviewedPostprint (author’s final draft

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

Factors Impacting Key Management Effectiveness in Secured Wireless Networks

The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This research seeks to identify best practices in securing networks which may be applied to new network architectures

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Key management in mobile ad hoc networks.

Thesis (M.Sc.Eng.)-University of KwaZulu-Natal, Durban, 2005.Mobile ad hoc networks (MANETs) eliminate the need for pre-existing infrastructure by relying on the nodes to perform all network services. The connectivity between the nodes is sporadic due to the shared, error-prone wireless medium and frequent route failures caused by node mobility. Fully self-organized MANETs are created solely by the end-users for a common purpose in an ad hoc fashion. Forming peer-to-peer security associations in MANETs is more challenging than in conventional networks due to the lack of central authority. This thesis is mainly concerned with peer- t o-peer key management in fully self-organized M ANETs. A key management protocol’s primary function is to bootstrap and maintain the security associations in the network, hence to create, distribute and revocate (symmetric or asymmetric) keying material as needed by the network security services. The fully self-organized feature means that t he key management protocol cannot rely on any form of off-line or on-line trusted third party (TTP). The first part of the thesis gives an introduction to MANETs and highlights MANETs' main characteristics and applications. The thesis follows with an overall perspective on the security issues in MANETs and motivates the importance of solving the key management problem in MANETs. The second part gives a comprehensive survey on the existing key management protocols in MANETs. The protocols are subdivided into groups based on their main characteristic or design strategy. Discussion and comments are provided on the strategy of each group. The discussions give insight into the state of the art and show researchers the way forward. The third part of the thesis proposes a novel peer- to-peer key management scheme for fully self-organized MANETs, called Self-Organized Peer-to-Peer Key Management (SelfOrgPKM). The scheme has low implementation complexity and provides self-organized mechanisms for certificate dissemination and key renewal without the need for any form of off-line or on-line authority. The fully distributed scheme is superior in communication and computational overhead with respect to its counterparts. All nodes send and receive the same number of messages and complete the same amount of computation. ScifOrgPKM therefore preserves the symmetric relationship between the nodes. Each node is its own authority domain which provides an adversary with no convenient point of attack. SelfOrgPKM solves t he classical routing-security interdependency problem and mitigates impersonation attacks by providing a strong one-to-one binding between a user’s certificate information and public key. The proposed scheme uses a novel certificate exchange mechanism t hat exploits user mobility but does not rely on mobility in anyway. The proposed certificate exchange mechanism is ideally suited for bootstraping the routing security. It enables nodes to setup security associations on the network layer in a localized fashion without any noticeable time delay. The thesis also introduces two generic cryptographic building blocks as the basis of SelfOrgPKM: 1) A variant on the ElGamal type signature scheme developed from the generalized ElGamal signature scheme introduced by Horster et al. The modified scheme is one of the most efficient ElGamal variants, outperforming most other variant s; and 2) A subordinate public key generation scheme. The thesis introduces t he novel notion of subordinate public keys, which allows the users of SelfOrgPKM to perform self-organized, self-certificate revocation without changing their network identifiers / addresses. Subordinate public keys therefore eliminate the main weakness of previous efforts to solve the address ownership problem in Mobile IPv6. Furthermore, the main weakness of previous efforts to break t he routing-security interdependence cycle in MANETs is also eliminated by a subordinate public key mechanism. The presented EIGamal signature variant is proved secure in t he Random Oracle and Generic Security Model (ROM+ GM ) without making any unrealistic assumptions . It is shown how the strong security of the signature scheme supports t he security of t he proposed subordinate key generation scheme. Based on the secure signature scheme a security argument for SelfOrgPKM is provided with respect to a genera l, active insider adversary model. The only operation of SelfOrgPKM affecting the network is the pairwise exchange of certificates. The cryptographic correctness, low implementation complexity and effectiveness of SelfOrgPKM were verified though extensive simulations using ns-2 and OpenSSL. Thorough analysis of the simulation results shows t hat t he localized certificate exchange mechanism on the network layer has negligible impact on network performance. The simulation results also correlate with efficiency analysis of SelfOrgPKM in an ideal network setting, hence assuming guaranteed connectivity. The simulation results furthermore demonstrate that network layer certificate exchanges can be triggered without extending routing protocol control packet

Soluciones para la autenticación y gestión de subredes en manets y vanets

En los últimos años las redes inalámbricas están ganando cada vez más popularidad conforme sus prestaciones aumentan y se descubren nuevas aplicaciones. Dichas redes permiten a sus usuarios acceder a información y recursos en tiempo real sin necesidad de estar físicamente conectados. Además, ofrecen una gran flexibilidad a un bajo coste ya que en general no hay necesidad de usar instalaciones cableadas lo que implica que sean fácilmente desplegables. Es por eso que resultan muy útiles en entornos donde es muy costoso instalar infraestructuras fijas, como son entornos militares, agrícolas, situaciones de emergencia, etc. Las redes móviles ad-hoc o MANETs (Mobile Ad-hoc NETworks) son un tipo de red inalámbrica, distribuida y sin autoridad central en las que los nodos son móviles. El comportamiento de una MANET es en muchos aspectos similar al de una red Peer-TO-Peer (P2P) pues en ambos casos los nodos de la red reciben y envían información de forma descentralizada. La gestión de las MANETs conlleva muchas dificultades ya que por ejemplo su topología cambia constantemente debido a la movilidad de los nodos y a la inexistencia de una infraestructura fija. Las redes ad-hoc vehiculares o VANETs (Vehicular Ad-hoc NETworks) pueden considerarse un subconjunto de las MANETs en las que los nodos móviles son vehículos. En su definición clásica, las VANETs permiten comunicar información no solo entre las unidades a bordo u OBUs (On Board Units) situadas en los vehículos, sino también con la infraestructura de la carretera o RSU (Road Side Unit). El objetivo principal de estos sistemas es proporcionar un mejor conocimiento de las condiciones de las carreteras a los conductores para reducir el número de accidentes y lograr que la conducción sea más cómoda y fluida, reduciendo con ello la cantidad de CO2 que los vehículos expulsan a la atmósfera. Las redes ad-hoc son especialmente vulnerables a varios tipos de ataques, tanto activos como pasivos. Por ejemplo, un atacante puede intentar emular a un nodo legítimo y capturar paquetes de datos y de control, destruir tablas de encaminamiento, etc. En particular, los efectos de los ataques a las VANETs pueden ser muy destructivos, ya que pueden llegar incluso a causar muertes. Por este motivo, el propósito fundamental de la presente Tesis es la propuesta de nuevas herramientas que permitan proteger las redes móviles ad-hoc contra diferentes ataques, asegurando en la medida de lo posible que la generación de información, así como su retransmisión se realizan correctamente. Para ello, se proponen y analizan aquí nuevos esquemas de autenticación y gestión de subredes en MANETs y VANETs. Hay que destacar que las simulaciones juegan un papel fundamental en este trabajo ya que permiten analizar y evaluar el comportamiento de las propuestas realizadas a gran escala y en diversas condiciones. En particular, gran parte de los algoritmos diseñados en esta Tesis han sido simulados con el simulador de redes NS-2 y el simulador de tráfico SUMO. También son de gran interés en esta Tesis las implementaciones de algunas de las propuestas en dispositivos reales, ya que no sólo permiten evaluar su comportamiento en entornos reales, sino descubrir problemas que las simulaciones no detectan, y obtener datos reales para alimentar simulaciones a gran escala. Las implementaciones en dispositivos reales se han llevado a cabo en particular en la plataforma Windows Mobile usando Visual Studio 2008. Como resultado práctico de este trabajo, y en colaboración con otras investigaciones, surge VAiPho (VANET in Phones), que es una herramienta para la asistencia a la conducción. VAiPho permite crear una red vehicular real utilizando únicamente teléfonos móviles inteligentes, sin necesidad de instalar ningún tipo de infraestructura ni en los vehículos ni en la carretera. VAiPho cuenta ya con varias aplicaciones en entornos urbanos, tales como la detección de atascos, plazas de aparcamiento libres y vehículo aparcado. Dicha herramienta es el producto de la implementación de una patente presentada