Documente Academic
Documente Profesional
Documente Cultură
Mahdi Kefayati
Summer 2005
Sharif University of Technology, CE
Agenda
• Self-configuring
– No prior infrastructure (i.e. AP’s, BTS’s)
– On-Demand formation and communication
• Mobile Autonomous Nodes
– Wireless links
– Dynamic topology
– Limited capability of nodes (power and computation)
• Multi-hop routing
– Each node is potentially a router
– Collaborative communication
KDC1
KDC2
A B
KDC3
KDC4
KDC1
KDC2
A
B
KDC3
KDC4
• Pros
– Distributed
– Scalable
– No less than t malicious/captured nodes can
lunch a severe attack
– Local decisions for group-wide decisions
• Cons
– At least t assistants are needed; Not well
suited for partitioned networks
– Trust pre-distribution and private key share
holders
Key Management in MANET 11
Distributed CA Method
• Pros
– Well suited for highly partitioned networks
– Certificate cashing
– Behavior grading
• Multi trust levels
• Possible cooperation with IDS’ to countermeasure
malicious/captured nodes
• Cons
– System synchronization
– Certificate reissuing and control overhead [against
what mentioned by the authors]
– (Excessive) use of out-of-band methods
– Need for peer access for behavior grading
• A note on topological simulations
N5
N3
N2
N8
N6
A N7
N9 N4 B
N12
N10
N12
• Pros
– Byzantine resilient
– Can tolerate up to t=(n-k)/2 faulty/malicious paths
– Can detect faulty/malicious paths
– Possible detection of malicious/captured nodes by
correlating multiple faulty paths
• Cons
– Required degree of connectivity is high for
effectiveness of the method
– Calculating multiple node-disjoint paths might be
heavy or even impossible
– RS codes are some how heavy
– Higher BW usage
Key Management in MANET 16
Conclusion
• Security is one of the basic requirements of
MANETs
• Key management is one of the foundations
of establishing cryptographic based
security
• Any KMS to suite MANET shall be
distributed, resilient to active and passive
attacks and lightweight
• The effective design of a KMS for ad hoc
networks is really ad hoc (i.e. context
dependent)
Key Management in MANET 17
References
1. B. Lehane, L. Dolye and D.O’Mahony “Ad Hoc Key Management Infrastructure”, Proceedings of the
International Conference on Information Technology: Coding and Computing (ITCC’05), Volume 2, 2005, pp.
540 - 545.
2. George C. Hadjichristofi, et. all “A Framework for Key Management in Mobile Ad Hoc Networks”, Proceedings
of the International Conference on Information Technology: Coding and Computing (ITCC’05), Volume 2, 2005,
pp. 568 - 573.
3. Dijiang Huang and Deep Medhi “A Byzantine Resilient Multi-path Key Establishment Scheme and Its
Robustness Analysis for Sensor Networks”, Proceedings of the 19th IEEE International Parallel and
Distributed Processing Symposium (IPDPS’05), 4 - 8 April 2005, pp. 240b - 240b.
4. Aruna Balasubramanian, et. all “Analysis of a Hybrid Key Management Solution for Ad hoc Networks”, IEEE
Wireless Communications and Networking Conference (WCNC 2005), Volume 4, 13-17 March 2005, pp. 2082 -
2087.
5. Bing Wu, et all “Secure and Efficient Key Management in Mobile Ad Hoc Networks”, Proceedings of the 19th
IEEE International Parallel and Distributed Processing Symposium (IPDPS’05), 4 - 8 April 2005, pp. 240b -
240b.
6. Mohammad Ilyas, et all “The Handbook of Ad hoc Wireless Networks”, CRC Press LLC, 2003.
7. Walter Fumy and Peter Landrock “Principles of Key Management”, Journal of Selected Areas in
Communications, Vol. 11 No. 5, June 1993, pp. 785 - 793.
8. ISO International Standard 7498-2: “Open Systems Interconnection Reference Model-Part 2: Security
Architecture,” 1988.
9. M. Burrows, M. Abadi, and R. Needham, “A Logic of Authentication,” DEC Syst. Res. Center Rep. Vol. 39, 1990.
10. A. Shamir “How to Share a Secret”, Communications of the ACM, Vol. 22, 1979, pp. 612 - 613.
11. L. Gong “Increasing Availability and Security of an Authentication Service”, IEEE Journal on Selected Areas in
Communications, Vol.11, No. 5, 1993, pp. 657 - 662.