Abstract
Security poses a major challenge in ad hoc networks today due to the lack of fixed or organizational infrastructure. This paper proposes a modification to the existing fully distributed certificate authority scheme for ad hoc networks. In the proposed modification, redundancy is introduced by allocating more than share to each in order to increase the probability of creating the certificate for a in a highly mobile network. A probabilistic analysis is carried out to analyze the trade-offs between the ease of certificate creation and the security provided by the proposed scheme. The analysis carried out from the intruder's perspective suggests that in the worst-case scenario, the intruder is just one node away from a legitimate in compromising the certificate. The analysis also outlines the parameter selection criteria for a legitimate to maintain a margin of advantage over an intruder in creating the certificate.
Highlights
A network can have mainly three types of infrastructure [1]: routing infrastructure consisting of routers and stable communication links; server infrastructure consisting of on-line servers such as dynamic host configuration protocol (DHCP) server, domain name system (DNS), and certificate authority (CA) server, in order to provide services to the network; administrative infrastructure consisting of servers supporting the registration of users, issuing of certificates, and handling of other network configuration tasks
The first part focuses on the ease of certificate creation for a legitimate node due to the added redundancy in the key management scheme
The second part of the analysis considers intruder’s perspective in conjunction with that of a legitimate node in order to provide an insight into the selection of the parameters (k, q, n) for a secure design of the key management scheme
Summary
A network can have mainly three types of infrastructure [1]: routing infrastructure consisting of routers and stable communication links; server infrastructure consisting of on-line servers such as dynamic host configuration protocol (DHCP) server, domain name system (DNS), and certificate authority (CA) server, in order to provide services to the network; administrative infrastructure consisting of servers supporting the registration of users, issuing of certificates, and handling of other network configuration tasks. One of the security protocols proposed for ad hoc networks is based on the certificate authority mechanism. In this mechanism, the certificate authority’s private key is first divided into parts. A legitimate node will increase its chances of recreating the CA key by the redundancy added to the key management scheme This redundancy, poses a challenge since the chances of an intruder entering the network and compromising the CA key is increased. An intruder is defined as a node (or its owner) with knowledge of the key management scheme and is capable of recreating the CA key after obtaining sufficient number of key shares.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have