Subscribe

Issue No.02 - February (2009 vol.20)

pp: 158-170

Nitesh Saxena , Polytechnic University, Brooklyn

Gene Tsudik , UC Irvine, Irvine

Jeong Hyun Yi , Soongsil University, Seoul

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2008.77

ABSTRACT

Decentralized node admission is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology as well as to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission technique must involve minimal interaction among MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission must be efficient in terms of computation and communication. Most previously proposed admission protocols are prohibitively expensive and require heavy interaction among MANET nodes. In this paper, we focus on a common type of MANET that is formed on a temporary basis, and present a secure, efficient, and a fully noninteractive admission technique geared for this type of a network. Our admission protocol is based on secret sharing techniques using bivariate polynomials. We also present a new scheme that allows any pair of MANET nodes to efficiently establish an on-the-fly secure communication channel.

INDEX TERMS

Security, distributed access control, authentication, cryptographic protocols, ad hoc networks, mobile network protocols.

CITATION

Nitesh Saxena, Gene Tsudik, Jeong Hyun Yi, "Efficient Node Admission and Certificateless Secure Communication in Short-Lived MANETs",

*IEEE Transactions on Parallel & Distributed Systems*, vol.20, no. 2, pp. 158-170, February 2009, doi:10.1109/TPDS.2008.77REFERENCES

- [1] K. Barr and K. Asanovic, “Energy Aware Lossless Data Compression,”
Proc. First ACM Int'l Conf. Mobile Systems, Applications, and Services (MobiSys '03), pp. 231-244, 2003.- [2] O. Baudron, D. Pointcheval, and J. Stern, “Extended Notions of Security for Multicast Public Key Cryptosystems,”
Proc. 27th Int'l Colloquium on Automata, Languages and Programming (ICALP '00), pp. 499-511, 2000.- [3] M. Bellare and P. Rogaway, “Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols,”
Proc. First ACM Conf. Computer and Comm. Security (CCS '93), pp. 62-73, 1993.- [4] M. Bellare, A. Boldyreva, and S. Micali, “Public-Key Encryption in a Multi-User Setting: Security Proofs and Improvements,”
Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '00), pp. 259-274, 2000.- [5] M. Bellare, A. Boldyreva, and A. Palacio, “An Uninstantiable Random-Oracle-Model Scheme for a Hybrid Encryption Problem,”
Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '04), pp. 171-188, 2004.- [6] M. Ben-Or, S. Goldwasser, and A. Wigderson, “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation,”
Proc. 20th Ann. ACM Symp. Theory of Computing (STOC '88), pp. 1-10, 1988.- [7] C. Blundo, A.D. Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly-Secure Key Distribution for Dynamic Conferences,”
Proc. 12th Ann. Int'l Cryptology Conf. (CRYPTO'92), pp. 471-486, 1992.- [8] A. Boldyreva, “Efficient Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme,”
Proc. Sixth Int'l Workshop Theory and Practice in Public Key Cryptography (PKC '03), pp. 31-46, 2003.- [9] D. Boneh and M.K. Franklin, “Identity-Based Encryption from the Weil Pairing,”
Proc. 21st Ann. Int'l Cryptology Conf. (CRYPTO '01), pp. 213-229, 2001.- [10] G. Bracha, “An Asynchronous $\lfloor(n-1)/3\rfloor\hbox{-}{\rm Resilient}$ Consensus Protocol,”
Proc. Third Ann. ACM Symp. Principles of Distributed Computing (PODC '84), pp. 154-162, 1984.- [11] C. Castelluccia, N. Saxena, and J.H. Yi, “Self-Configurable Key Pre-Distribution in Mobile Ad Hoc Networks,”
Proc. Fourth Int'l IFIP Networking Conf. (Networking '05), pp. 1083-1095, 2005.- [12] J.C. Cha and J.H. Cheon, “An ID-Based Signature from Gap-Diffie-Hellman Groups,”
Proc. Sixth Int'l Workshop Theory and Practice in Public Key Cryptography (PKC '03), pp. 18-30, 2003.- [13] B. Dahill, B. Levine, E. Royer, and C. Shields, “A Secure Routing Protocol for Ad Hoc Networks,” Technical Report UM-CS-2001-037, Univ. of Massachusetts, 2001.
- [14] Y. Desmedt and Y. Frankel, “Threshold Cryptosystems,”
Proc. Ninth Ann. Int'l Cryptology Conf. (CRYPTO '89), pp. 307-315, 1989.- [15] T. ElGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,”
IEEE Trans. Information Theory, pp.469-472, 1985.- [16] P. Feldman, “A Practical Scheme for Non-Interactive Verifiable Secret Sharing,”
Proc. 28th Ann. Symp. Foundations of Computer Science (FOCS '87), pp. 427-437, 1987.- [17] E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,”
Proc. 19th Ann. Int'l Cryptology Conf. (CRYPTO '99), pp. 537-554, 1999.- [18] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Robust Threshold DSS Signatures,”
Proc. 16th Ann. Int'l Cryptology Conf. (CRYPTO '96), pp. 354-371, 1996.- [19] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, “Secure Distributed Key Generation for Discrete-Log Based Cryptosystems,”
Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 295-310, 1999.- [20] S. Goldwasser and S. Micali, “Probabilistic Encryption,”
J.Computer and System Sciences, vol. 28, pp. 270-299, 1989.- [21] S. Goldwasser, S. Micali, and R.L. Rivest, “A Paradoxical Solution to the Signature Problem,”
Proc. 25th Ann. Symp. Foundations of Computer Science (FOCS '84), pp. 441-448, 1984.- [22] S. Goldwasser, S. Micali, and R.L. Rivest, “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,”
SIAM J. Computing, vol. 17, no. 2, pp. 281-308, 1988.- [23] M.T. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun, “Loud and Clear: Human-Verifiable Authentication Based on Audio,”
Proc. 26th Int'l Conf. Distributed Computing Systems (ICDCS), 2006.- [24] A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung, “Proactive Secret Sharing, or How to Cope with Perpetual Leakage,”
Proc. 15th Ann. Int'l Cryptology Conf. (CRYPTO '95), pp. 339-352, 1995.- [25] R. Hills, “Sensing for Danger,” Science Technology Report, http://www.llnl.gov/str/JulAug01Hills.html , July/Aug. 2001.
- [26] Y.-C. Hu, D.B. Johnson, and A. Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks,”
Proc. Fourth IEEE Workshop Mobile Computing Systems and Applications (WMCSA '02), pp. 3-13, 2002.- [27] Y.-C. Hu, A. Perrig, and D.B. Johnson, “Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks,”
Proc. ACM MobiCom '02, pp. 12-23, 2002.- [28] S. Jarecki, N. Saxena, and J.H. Yi, “An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol,”
Proc. ACM Workshop Security of Ad Hoc and Sensor Networks (SASN '04), pp. 1-9, 2004.- [29] J. Kong, H. Luo, K. Xu, D.L. Gu, M. Gerla, and S. Lu, “Adaptive Security for Multi-Level Ad-hoc Networks,”
Wireless Comm. and Mobile Computing, vol. 2, no. 5, pp. 533-547, 2002.- [30] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, “Providing Robust and Ubiquitous Security Support for MANET,”
Proc. Ninth IEEE Int'l Conf. Network Protocols (ICNP '01), pp. 251-260, 2001.- [31] D. Liu and P. Ning, “Establishing Pairwise Keys in Distributed Sensor Networks,”
Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), pp. 52-61, 2003.- [32] H. Luo, J. Kong, P. Zerfos, S. Lu, and L. Zhang, “URSA: Ubiquitous and Robust Access Control for Mobile Ad Hoc Networks,”
IEEE/ACM Trans. Networking, vol. 12, no. 6, pp. 1049-1063, 2004.- [33] H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang, “Self-Securing Ad Hoc Wireless Networks,”
Proc. Seventh IEEE Symp. Computers and Comm. (ISCC '02), pp. 567-574, 2002.- [34] J.M. McCune, A. Perrig, and M.K. Reiter, “Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication,”
Proc. IEEE Symp. Security and Privacy (S&P '05), pp. 110-124, 2005.- [35] M. Naor, B. Pinkas, and O. Reingold, “Distributed Pseudo-Random Functions and KDCs,”
Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 327-346, 1999.- [36] M. Narasimha, G. Tsudik, and J.H. Yi, “On the Utility of Distributed Cryptography in P2P and MANETs: The Case of Membership Control,”
Proc. 11th IEEE Int'l Conf. Network Protocols (ICNP '03), pp. 336-345, 2003.- [37]
OLSR Protocol, http://menetou.inria.frolsr, 2008.- [38]
OpenSSL Project, http:/www.openssl.org, 2008.- [39]
Peer Group Admission Control Project, http://sconce.ics.uci.edugac, 2008.- [40] D. Pointcheval and J. Stern, “Security Proofs for Signature Schemes,”
Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '96), pp. 387-398, 1996.- [41] W.H. Press, B.P. Flannery, S.A. Teukolsky, and W.T. Vetterling,
Numerical Recipes in C: The Art of Scientific Computing, ISBN 0-521-43108-5, Cambridge Univ. Press, 1992.- [42] N. Saxena, “Public Key Cryptography Sans Certificates in Ad Hoc Networks,”
Proc. Fourth Int'l Conf. Applied Cryptography and Network Security (ACNS '06), pp. 375-389,- [43] N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan, “Secure Device Pairing Based on a Visual Channel (Short Paper),”
Proc. IEEE Symp. Security and Privacy (S&P '06), pp. 306-313, 2006.- [44] N. Saxena, G. Tsudik, and J.H. Yi, “Admission Control in Peer-to-Peer: Design and Performance Evaluation,”
Proc. ACM Workshop Security of Ad Hoc and Sensor Networks (SASN '03), pp. 104-114, 2003.- [45] N. Saxena, G. Tsudik, and J.H. Yi, “Identity-Based Access Control for Ad-Hoc Groups,”
Proc. Seventh Int'l Conf. Information Security and Cryptology (ICISC '04), pp. 362-379, 2004.- [46] N. Saxena, G. Tsudik, and J.H. Yi, “Efficient Node Admission for Short-Lived Mobile Ad Hoc Networks,”
Proc. 13th IEEE Int'l Conf. Network Protocols (ICNP '05), pp. 269-278, 2005.- [47] N. Saxena, G. Tsudik, and J.H. Yi, “Threshold Cryptography in P2P and MANETs: The Case of Access Control,”
Computer Networks, vol. 51, pp. 3632-3649, 2007.- [48] C.P. Schnorr, “Efficient Signature Generation by Smart Cards,”
J. Cryptology, vol. 4, no. 3, pp. 161-174, 1991.- [49] A. Shamir, “How to Share a Secret,”
Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.- [50] M. Steiner, G. Tsudik, and M. Waidner, “CLIQUES: A New Approach to Group Key Agreement,”
Proc. 18th IEEE Int'l Conf. Distributed Computing Systems (ICDCS '98), pp. 380-387, 1998.- [51] M. Steiner, G. Tsudik, and M. Waidner, “Key Agreement in Dynamic Peer Groups,”
IEEE Trans. Parallel and Distributed Systems, vol. 11, no. 8, pp. 769-780, Aug. 2000.- [52] D.R. Stinson and R. Strobl, “Provably Secure Distributed Schnorr Signatures and a $(t, n)$ Threshold Scheme for Implicit Certificates,”
Proc. Sixth Australasian Conf. Information Security and Privacy (ACISP '01), pp. 417-434, 2001.- [53] E. Uzun, K. Karvonen, and N. Asokan, “Usability Analysis of Secure Pairing Methods,”
Proc. First Int'l Workshop Usable Security (USEC '07), pp. 15-16, 2007.- [54] P. van Oorschot, “Extending Cryptographic Logics of Belief to Key Agreement Protocols,”
Proc. First ACM Conf. Computer and Comm. Security (CCS '93), pp. 232-243, 1993.- [55] L. Zhou and Z.J. Haas, “Securing Ad Hoc Networks,”
IEEE Network Magazine, vol. 13, no. 6, pp. 24-30, 1999. |