14-08-2012, 09:54 AM
A Cluster-Based Security Architecture for Ad Hoc Networks
[attachment=31360]
Abstract
Secure communication is very important in computer
networks and authentication is one of the most eminent
preconditions. However, common authentication schemes are not
applicable in ad hoc networks because public key infrastructures
with a centralized certification authority are hard to deploy
there. We propose and evaluate a security concept based on a
distributed certification facility. A network is divided into clusters
with one special head node each. These cluster head nodes execute
administrative functions and hold shares of a network key used
for certification. New nodes start to participate in the network
as guests; they can only become full members with a networksigned
certificate after their authenticity has been warranted by
some other members. The feasibility of this concept was verified
by simulation. Three different models for node mobility were
used in order to include realistic scenarios as well as make the
results comparable to other work. The simulation results include
an evaluation of the log-on times, availability, and communication
overhead.
I. INTRODUCTION
Ad hoc networks are subject to various kinds of attacks.
Wireless communication links can be eavesdropped on without
noticeable effort and communication protocols on all layers
are vulnerable to specific attacks. In contrast to wire-line networks,
known attacks like masquerading, man-in-the-middle,
and replaying of messages can easily be carried out. Moreover,
deploying security mechanisms is difficult due to inherent
properties of ad hoc networks, such as the high dynamics of
their topology (due to mobility and joining/leaving devices),
limited resources of end systems, or bandwidth-restricted and
possibly asymmetrical communication links.
A central issue concerning the design of any service in
ad hoc networks is not to rely on any centralized entities,
because such entities would obviously be easy to attack, and
their reachability could not be guaranteed at all times for all
participants of the network. Therefore, it is not possible to
implement a centralized, trusted entity for managing public
keys of the participants as performed in local area networks
or the Internet. Instead, a distributed solution must be found.
In this paper, we propose and evaluate an architecture for
securing communication in mobile ad hoc networks. Our approach
divides the network into clusters and implements a decentralized
certification authority. Decentralization is achieved
using threshold cryptography and a network secret that is
distributed over a number of nodes. While this basic idea
has been proposed earlier [1], its application on a clustered
network is a novelty of our work. Our architecture addresses
issues of authorization and access control, and a multi-level
security model helps to adapt the complexity to the capabilities
of mobile end systems. Moreover, an extensive evaluation is
given.
In the following, we first give a brief overview of security
goals, common techniques for authentication and secret sharing,
as well as related work for securing ad hoc networks.
In section III, our security concept is described in detail.
An important contribution of our work is the evaluation of
the security architecture in section IV. We simulated ad hoc
networks that use our architecture in order to demonstrate
its feasibility and to measure performance and overhead.
Those measurements are based upon different mobility models,
which are described in this section as well. We also discuss
the results and provide information on the configuration of
variable parameters. Finally, section V concludes the paper
and gives an outlook to further research.
II. SECURITY IN AD HOC NETWORKS
In a security concept, typically striving for goals like authenticity,
integrity, confidentiality, non-repudiation and availability,
authentication of communicating entities is of particular
importance as it forms the basis for achieving the other security
goals: e.g., encryption is worthless if the communication
partners have not verified their identities before. Authentication
of entities and messages can be realized in different ways
using either symmetric (3DES, AES) or asymmetric (ElGamal,
RSA) cryptographic algorithms (see e.g. [2] for details).
While symmetric algorithms depend on the existence of
a preshared key (which does not exist in the general case),
authentication by asymmetric cryptography requires a secure
mapping of public keys to the owners’ identities which is often
realized by public key infrastructures (PKI). PKIs use digitally
signed certificates to verify a key owner’s identity. Each user
has to prove her identity to a certification authority (CA)
and in turn receives a digitally signed certificate proving the
ownership of her public key.
0-7803-8356-7/04/$20.00 © 2004 IEEE IEEE INFOCOM 2004
In contrast to fixed networks, a centralized PKI or even
a centralized certification authority is not feasible in ad hoc
networks, as has been pointed out in the previous section.
Distributing the signing key and the functionality of a CA over
a number of different nodes by the means of secret sharing and
threshold cryptography is a possible solution to this problem,
as we will study here.
A. Secret Sharing
Secret sharing schemes realize confidentiality of a cryptographic
secret by spreading it across different entities. As
secret sharing schemes need no central authorities, they are
predestined for ad hoc networks. One secret sharing scheme
is threshold cryptography: A trusted dealer divides a secret
D into n parts so that the knowledge of k parts (k ≤ n)
allows the reconstruction of the secret, which is not possible
with the knowledge of k − 1 or fewer parts. This is called a
(k, n) threshold scheme [3]. In general, a trusted dealer is a
central authority and thus another central target for attacks. To
avoid this, the participants have to construct the secret without
any central authority. The construction algorithm has to ensure
that participants can only transmit correct values and that each
participant can verify both secret and shares, which is called
verifiable secret sharing [4].
In order to protect the secret from attackers that move
around and compromise multiple share holders over a long
period of time, a proactive secret sharing (PSS) scheme should
be used in ad hoc networks. In PSS schemes, secret shares are
changed periodically without changing the secret itself, so an
attacker cannot use a secret’s whole lifetime to compromise
k participants. All information an attacker collected about
the secret becomes worthless after refreshing the shares [5].
Threshold shared secret schemes can be transformed into
PSS schemes using discrete logarithms [5]. Proactive digital
signatures, which are used in our work, are an implementation
of PSS schemes [6], [7].
Due to the movement of mobile nodes, the topology of ad
hoc networks changes frequently, and moreover, nodes can
join or leave the network at any time. Hence, an algorithm
for distributing the same key to a different set of participants
is required. Such a refresh algorithm [8] can be triggered
periodically, event-based, or both.
B. Related Work on Securing Ad hoc Networks
The idea to use a distributed certification authority based
on a shared certification key and threshold cryptography for
securing ad hoc networks was first presented by Zhou and
Haas [1]. It was further developed in the COCA system [9],
a general distributed authentication service.
Our approach is based on the same general idea, but
introduces several new concepts like a cluster-based network
structure, a process for admitting new participants and a
framework for access control within the network.
Luo et al. [10], [11] chose a different way to distribute
the certification process. They use a specially crafted key
sharing algorithm distributing the key amongst all network
nodes instead of a subset only. Upon this, Luo et al. build an
access control system based on signed tickets issued (using
threshold cryptography) by neighbors of the node seeking
access. Misbehaving nodes are excluded from service after
they have been detected.
Another different solution was proposed by Hubaux et
al. [12]. In order to avoid any distributed certification mechanism,
the authors instead rely on every participant to issue
certificates for other nodes in a web-of-trust manner. Each
participant has to store a number of certificates, and two nodes
can only communicate securely when the union of their local
stores contains a certificate path between them.
[attachment=31360]
Abstract
Secure communication is very important in computer
networks and authentication is one of the most eminent
preconditions. However, common authentication schemes are not
applicable in ad hoc networks because public key infrastructures
with a centralized certification authority are hard to deploy
there. We propose and evaluate a security concept based on a
distributed certification facility. A network is divided into clusters
with one special head node each. These cluster head nodes execute
administrative functions and hold shares of a network key used
for certification. New nodes start to participate in the network
as guests; they can only become full members with a networksigned
certificate after their authenticity has been warranted by
some other members. The feasibility of this concept was verified
by simulation. Three different models for node mobility were
used in order to include realistic scenarios as well as make the
results comparable to other work. The simulation results include
an evaluation of the log-on times, availability, and communication
overhead.
I. INTRODUCTION
Ad hoc networks are subject to various kinds of attacks.
Wireless communication links can be eavesdropped on without
noticeable effort and communication protocols on all layers
are vulnerable to specific attacks. In contrast to wire-line networks,
known attacks like masquerading, man-in-the-middle,
and replaying of messages can easily be carried out. Moreover,
deploying security mechanisms is difficult due to inherent
properties of ad hoc networks, such as the high dynamics of
their topology (due to mobility and joining/leaving devices),
limited resources of end systems, or bandwidth-restricted and
possibly asymmetrical communication links.
A central issue concerning the design of any service in
ad hoc networks is not to rely on any centralized entities,
because such entities would obviously be easy to attack, and
their reachability could not be guaranteed at all times for all
participants of the network. Therefore, it is not possible to
implement a centralized, trusted entity for managing public
keys of the participants as performed in local area networks
or the Internet. Instead, a distributed solution must be found.
In this paper, we propose and evaluate an architecture for
securing communication in mobile ad hoc networks. Our approach
divides the network into clusters and implements a decentralized
certification authority. Decentralization is achieved
using threshold cryptography and a network secret that is
distributed over a number of nodes. While this basic idea
has been proposed earlier [1], its application on a clustered
network is a novelty of our work. Our architecture addresses
issues of authorization and access control, and a multi-level
security model helps to adapt the complexity to the capabilities
of mobile end systems. Moreover, an extensive evaluation is
given.
In the following, we first give a brief overview of security
goals, common techniques for authentication and secret sharing,
as well as related work for securing ad hoc networks.
In section III, our security concept is described in detail.
An important contribution of our work is the evaluation of
the security architecture in section IV. We simulated ad hoc
networks that use our architecture in order to demonstrate
its feasibility and to measure performance and overhead.
Those measurements are based upon different mobility models,
which are described in this section as well. We also discuss
the results and provide information on the configuration of
variable parameters. Finally, section V concludes the paper
and gives an outlook to further research.
II. SECURITY IN AD HOC NETWORKS
In a security concept, typically striving for goals like authenticity,
integrity, confidentiality, non-repudiation and availability,
authentication of communicating entities is of particular
importance as it forms the basis for achieving the other security
goals: e.g., encryption is worthless if the communication
partners have not verified their identities before. Authentication
of entities and messages can be realized in different ways
using either symmetric (3DES, AES) or asymmetric (ElGamal,
RSA) cryptographic algorithms (see e.g. [2] for details).
While symmetric algorithms depend on the existence of
a preshared key (which does not exist in the general case),
authentication by asymmetric cryptography requires a secure
mapping of public keys to the owners’ identities which is often
realized by public key infrastructures (PKI). PKIs use digitally
signed certificates to verify a key owner’s identity. Each user
has to prove her identity to a certification authority (CA)
and in turn receives a digitally signed certificate proving the
ownership of her public key.
0-7803-8356-7/04/$20.00 © 2004 IEEE IEEE INFOCOM 2004
In contrast to fixed networks, a centralized PKI or even
a centralized certification authority is not feasible in ad hoc
networks, as has been pointed out in the previous section.
Distributing the signing key and the functionality of a CA over
a number of different nodes by the means of secret sharing and
threshold cryptography is a possible solution to this problem,
as we will study here.
A. Secret Sharing
Secret sharing schemes realize confidentiality of a cryptographic
secret by spreading it across different entities. As
secret sharing schemes need no central authorities, they are
predestined for ad hoc networks. One secret sharing scheme
is threshold cryptography: A trusted dealer divides a secret
D into n parts so that the knowledge of k parts (k ≤ n)
allows the reconstruction of the secret, which is not possible
with the knowledge of k − 1 or fewer parts. This is called a
(k, n) threshold scheme [3]. In general, a trusted dealer is a
central authority and thus another central target for attacks. To
avoid this, the participants have to construct the secret without
any central authority. The construction algorithm has to ensure
that participants can only transmit correct values and that each
participant can verify both secret and shares, which is called
verifiable secret sharing [4].
In order to protect the secret from attackers that move
around and compromise multiple share holders over a long
period of time, a proactive secret sharing (PSS) scheme should
be used in ad hoc networks. In PSS schemes, secret shares are
changed periodically without changing the secret itself, so an
attacker cannot use a secret’s whole lifetime to compromise
k participants. All information an attacker collected about
the secret becomes worthless after refreshing the shares [5].
Threshold shared secret schemes can be transformed into
PSS schemes using discrete logarithms [5]. Proactive digital
signatures, which are used in our work, are an implementation
of PSS schemes [6], [7].
Due to the movement of mobile nodes, the topology of ad
hoc networks changes frequently, and moreover, nodes can
join or leave the network at any time. Hence, an algorithm
for distributing the same key to a different set of participants
is required. Such a refresh algorithm [8] can be triggered
periodically, event-based, or both.
B. Related Work on Securing Ad hoc Networks
The idea to use a distributed certification authority based
on a shared certification key and threshold cryptography for
securing ad hoc networks was first presented by Zhou and
Haas [1]. It was further developed in the COCA system [9],
a general distributed authentication service.
Our approach is based on the same general idea, but
introduces several new concepts like a cluster-based network
structure, a process for admitting new participants and a
framework for access control within the network.
Luo et al. [10], [11] chose a different way to distribute
the certification process. They use a specially crafted key
sharing algorithm distributing the key amongst all network
nodes instead of a subset only. Upon this, Luo et al. build an
access control system based on signed tickets issued (using
threshold cryptography) by neighbors of the node seeking
access. Misbehaving nodes are excluded from service after
they have been detected.
Another different solution was proposed by Hubaux et
al. [12]. In order to avoid any distributed certification mechanism,
the authors instead rely on every participant to issue
certificates for other nodes in a web-of-trust manner. Each
participant has to store a number of certificates, and two nodes
can only communicate securely when the union of their local
stores contains a certificate path between them.