A Bio-Inspired Autonomous Authentication Mechanism in Mobile Ad Hoc Networks

Abstract

A Mobile Ad hoc NETwork (MANET) is an infrastructureless self-configuring network in that nodes themselves create and manage the network in a self-organized manner. Nodes can communicate only with their neighbors that are located within their wireless range. This dependency on intermediate nodes and lack of an infrastructure cause security challenges in MANETs. Authentication as fundamental security service is required for secure communication. In this work we focus on an autonomous authentication mechanism. A successful authentication mechanism or key management system is highly dependent on the trusted key and trusted key exchange. In this work, we consider asymmetric public-private key pairs scheme as key management technique. Among different proposed authentication mechanisms for MANETs, fully self-organized scheme are more appropriate for these environments. In authentication mechanisms like Public Key Infrastructure (PKI), there is a centralized authority. The central authority is fully trusted by all participants in the network and is responsible for checking the authenticity of the nodes' public keys. Due to the characteristic of MANETs, like lack of infrastructure and frequent topology changes, PKI is infeasible for these networks. In self-organized public key management, all tasks including key generation, distribution, storage and revocation of keys are performed locally by participants themselves. Therefore existence of attackers who aim at sabotaging the authentication process is unavoidable. In this regard, trust relationship is needed to be established between nodes. Trust-based mechanisms are applied to maintain security by identifying trustworthy and untrustworthy nodes. In our work the scope of trust is identity trust. Identity trust means to assure the identity of a node that it claims to be. Every node generates its own public-private key pair and issues certificates to its neighboring nodes. In order to find the correct public key of a target node for secure communicating, an on-demand authentication service by means of gathering certificate chains towards a target node is initiated. To form the autonomous authentication service, a learning process is needed to distinguish between trustworthy and untrustworthy nodes. The cooperative and self-organized nature of the MANETs makes ant colony optimization (ACO) suitable for such environments. In the field of telecommunication they are applied for routing tasks. ACO is inspired from distributed and collaborative behavior of real ant colonies in order to construct the shortest path from nest to a source of food. Volatile chemical substance called pheromone, laid on the ground as the trace of ants and affect their moving decisions. Paths with higher density of pheromone value attract more ants. This in turn increases the pheromone value of these paths. Identifying shortest path by pheromone traces happening over time is considered as a collective learning process. In our proposed self-organized and localized public key authentication mechanism based on ant colony systems, pheromone concentration left by ants along the path of the certificate chains, represents the trust level of a node towards other nodes. As the form of pheromone updating process, our trust updating is aggregated with an incentive mechanism include punishing and rewarding processes. The incentive mechanism is adaptive to the environment with malicious public key certificate signers. It evaluates the certificate chains gathered via a request that source nodes makes to find the public key of a destination. Our certificate chain evaluation process identifies a chain consisting of malicious nodes. This model is able to authenticate public keys by selecting the most trustworthy path in certificate chains gathered by ants and can identify and prevent certificate chains with malicious nodes. Our authentication mechanism is able to retrieve the public key certificate of a destination despite of malicious signers in the network. Our scheme has also the ability to efficiently adapt itself to dynamic environments.