Forward Security And Certificate Management In Mobile Ad Hoc Networks

Forward Security and Certificate Management in Mobile AD Hoc Networks

Forward Security and Certificate Management in Mobile Ad Hoc Networks

This dissertation, "Forward Security and Certificate Management in Mobile AD Hoc Networks" by Hiu-wing, Go, 吳曉頴, was obtained from The University of Hong Kong (Pokfulam, Hong Kong) and is being sold pursuant to Creative Commons: Attribution 3.0 Hong Kong License. The content of this dissertation has not been altered in any way. We have altered the formatting in order to facilitate the ease of printing and reading of the dissertation. All rights not granted by the above license are retained by the author. Abstract: Abstract of thesis entitled Forward Security and Certificate Management in Mobile Ad Hoc Networks Submitted by GO Hiu Wing for the degree of Master of Philosophy at The University of Hong Kong in August 2004 This study explores some security issues in key management and certificate man- agement for the deployment of Public Key Infrastructure (PKI) in Mobile Ad Hoc Networks (MANETs). PKI provides a framework for different parties to commu- nicate securely. However, in MANETs, the high mobility and vulnerability of the nodes complicate the application of PKI. For example, if there is only one single Certificate Authority (CA), it may not be accessible to some nodes. Several propos- als have been made to solve this availability problem and to enhance the security of the network, but have either proved unworkable or have not been elaborated in detail. This thesis proposes the use of forward security in the signature keys of both user nodes and server nodes in a threshold CA setting, to mitigate the retrospective sig- nature forgery problem in standard signature schemes. It shows that existing generic tree constructions of forward-secure signature schemes can be applied efficiently to users' signature keys to enhance their security with very little overhead. It is found that existing forward-secure threshold schemes for servers are inefficient in terms of communication overhead. A communication-efficient and robust forward-secure threshold scheme suitable for MANET environments is needed. Certificate management is just as important as key management in a MANET environment, but this topic has so far been neglected. To ensure correct operation in PKI, the certificate which binds a user's identity with his public key often needs to be checked to verify that it has neither expired nor been revoked because of key compromise or other problems. When a certificate has been revoked, the relevant in- formation is usually added to a Certificate Revocation List (CRL). Existing schemes proposed for MANETs assume that flooding would be a viable means of distribut- ing a CRL, but have not justified that assumption. This study presents a simulation framework to evaluate the performance of flooding under different network condi- tions, and identifies several factors which could hamper the timely distribution of CRL by flooding. It is found that the node density is a critical factor for flooding to work efficiently. Other factors include CA density, threshold value, and the com- munication range and mobility of nodes. The findings of the study should enable a better CRL distribution design to be developed for MANETs. (372 words) DOI: 10.5353/th_b3033108 Subjects: Public key infrastructure (Computer security) Wireless communication systems Public key cryptography Mobile communication systems

Ad-Hoc, Mobile, and Wireless Networks

Here are the refereed proceedings of the 5th International Conference on Ad-Hoc Networks and Wireless, ADHOC-NOW 2006, held in Ottawa, Canada, August 2006. The book presents 25 revised full papers and 10 revised short papers together with abstracts of 2 invited talks, in sections on routing in sensor networks, Routing in MANET, short papers on routing, security, wireless MAC, short papers on security, QoS and TCP, and upper layer issues.