Self-organized public-key management for mobile ad hoc networks

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and to node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories are not well-suited for securing ad hoc networks. We propose a fully self-organized public-key management system that allows users to generate their public-private key pairs, to issue certificates, and to perform authentication regardless of the network partitions and without any centralized services. Furthermore, our approach does not require any trusted authority, not even in the system initialization phase.     

An efficient k‐Means authentication scheme for digital certificates revocation validation in vehicular ad hoc networks

Vehicular ad hoc networks are emerging as a promising approach to improve traffic safety and provide a wide range of wireless applications to drivers and passengers on the road. In order to perform reliable and trusted vehicular communications, one requirement is to ensure peer vehicle credibility by means of validating digital certificate attached to messages that are transmitted by other vehicles. However, in vehicular communication systems, certificate validation is more time consuming than in traditional networks because each vehicle receives a large number of messages in a short period. Another concern is the unsuccessful delivery of information between vehicles and other entities on the road due to their high mobility rate. For these reasons, we seek new solutions that will aid in speeding up the process of certificate validation. In this article, we propose a certificate revocation status validation scheme using the concept of clustering from data mining that can meet the aforementioned requirements. We employ the technique of k‐Means clustering to boost the efficiency of certificate validation, thereby enhancing the security of a vehicular ad hoc network. Additionally, a comprehensive security analysis for this scheme is presented; the analysis shows that this scheme can effectively improve the validation of certificates and thus increase the communication security in vehicular ad hoc networks. Copyright © 2012 John Wiley & Sons, Ltd.     

Certificate revocation and certificate update

We present a solution for the problem of certificate revocation. This solution represents certificate revocation lists by authenticated dictionaries that support: (1) efficient verification whether a certificate is in the list or not and (2) efficient updates (adding/removing certificates from the list). The suggested solution gains in scalability, communication costs, robustness to parameter changes, and update rate. Comparisons to the following solutions (and variants) are included: “traditional” certificate revocation lists (CRLs), Micali's (see Tech. Memo MIT/LCS/TM-542b, 1996) certificate revocation system (CRS), and Kocher's (see Financial Cryptography-FC'98 Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1998, vol.1465, p.172-7) certificate revocation trees (CRT). We also consider a scenario in which certificates are not revoked, but frequently issued for short-term periods. Based on the authenticated dictionary scheme, a certificate update scheme is presented in which all certificates are updated by a common message. The suggested solutions for certificate revocation and certificate update problems are better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters, and are compatible, e.g., with X.500 certificates     

Certificate status validation in mobile ad hoc networks - [accepted from open call]

Certificate validation is much more complex in mobile ad hoc networks than in conventional networks because online access to trusted authorities is not always guaranteed. For this reason, we require new solutions to overcome both the lack of infrastructure and the limited capabilities of several user devices. In this article we study the application of different mechanisms for certificate validation in MANETs and present a cooperative mechanism for certificate validation suitable for MANETs.     

Performance of PKI-based security mechanisms in mobile ad hoc networks

Security for ad hoc network environments has received a lot of attention as of today. Previous work has mainly been focussing on secure routing, fairness issues, and malicious node detection. However, the issue of introducing and conserving trust relationships has received considerably less attention. In this article, we present a scalable method for the use of public key certificates and their revocation in mobile ad hoc networks (MANETs). With the LKN-ad hoc security framework (LKN-ASF) a certificate management protocol has been introduced, bringing PKI technology to MANETs. In addition a performance analysis of two different revocation approaches for MANETs will be presented.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

Energy Efficient Clustering for Certificate Revocation Scheme in Mobile Ad-Hoc Network

Mobile ad hoc networks (MANETs) have a wide range of uses because of their dynamic topologies and simplicity of processing. Inferable from the autonomous and dynamic behavior of mobile nodes, the topology of a MANET frequently changes and is inclined to different attacks. So, we present certificate revocation which is an efficient scheme is for security enhancement in MANET. This certificate revocation scheme is used to revoke the certificate of malicious nodes in the network. However, the accuracy and speed of the certificate revocation are further to be improved. By considering these issues along with the energy efficiency of the network, an energy-efficient clustering scheme is presented for certificate revocation in MANET. For cluster head (CH) selection, an opposition based cat swarm optimization algorithm (OCSOA) is proposed. This selected CH participates in quick certificate revocation and also supports to recover the falsely accused nodes in the network. Simulation results show that the performance of the proposed cluster-based certificate revocation outperforms existing voting and non-voting based certificate revocation in terms of delivery ratio, throughput, energy consumption, and network lifetime.

     

Security in vehicular ad hoc networks [security in mobile ad hoc]

Vehicular communication networking is a promising approach to facilitating road safety, traffic management, and infotainment dissemination for drivers and passengers. One of the ultimate goals in the design of such networking is to resist various malicious abuses and security attacks. In this article we first review the current standardization process, which covers the methods of providing security services and preserving driver privacy for wireless access in vehicular environments (WAVE) applications. We then address two fundamental issues, certificate revocation and conditional privacy preservation, for making the standards practical. In addition, a suite of novel security mechanisms are introduced for achieving secure certificate revocation and conditional privacy preservation, which are considered among the most challenging design objectives in vehicular ad hoc networks.     

基于二次剩余问题的证书撤销方案

证书撤销状态发布是PKI一个最为关键的环节.评价一个证书撤销状态发布方案的指标主要包含证书状态发布通信量、发布的实时性、访问平稳性、目录服务器安全要求、状态验证计算复杂度等五个方面.在对目前已有证书状态发布方案分析的基础上,本文提出基于二次剩余难解问题的证书撤销状态发布方案.该方案在状态发布的实时性、发布数据通信量、访问发生平稳性、对目录服务器的安全要求等方面都有十分理想的效果,其计算复杂度也小于OCSP、CRT和CRL.     

Trust model for certificate revocation in ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in ad hoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

A shared secret-based algorithm for securing the OLSR routing protocol

The strongest feature of ad hoc networks is its capability to be rapidly deployed anywhere and anytime without relying on a pre-existing infrastructure. From there, ad hoc networks offer the advantages to be auto-organized, ubiquitous, dynamic and completely autonomous. As a counter part, securing them becomes a more difficult task, especially because of the absence of centralized entities in the network. Inevitably, the security problem presents currently a hot topic raising more and more challenges within industrials and researchers, and many interesting securing solutions were meanwhile proposed, omitting however to suit to ad hoc networks characteristics and therefore disadvantaging them. In this paper, we propose a securing scheme for the OLSR routing protocol based on the secret sharing idea. We initially expose the general characteristics and the security problems related to ad hoc routing protocols. We then address the security requirements of ad hoc routing protocols and the security requirements we focus on. Finally, we define our completely and distributed securing algorithm based on threshold cryptography. A primary main conception objective being to suit as much as possible to ad hoc networks characteristics by avoiding as much as possible assumptions contradictory with the auto-organized and dynamic nature of ad hoc networks. Simulation results depict the additional delay due to security enhancements. Results show that this delay stills suitable to OLSR routing specifications.     

Secure interconnection protocol for integrated Internet and ad hoc networks

Integration of ad hoc networks with the Internet provides global Internet connectivity for ad hoc hosts through the coordination of mobile IP and ad hoc protocols. In a pure ad hoc network, it is difficult to establish trust relationship between two ad hoc hosts due to lack of infrastructure or centralized administration. In this paper, an infrastructure‐supported and distributed authentication protocol is proposed to enhance trust relationships amongst ad hoc hosts. In addition, an effective secure routing protocol (SRP) is discussed to protect the multi‐hop route for Internet and ad hoc communication. In the integrated ad hoc networks with Internet accessibility, the ad hoc routing security deployed with the help of infrastructure has a fundamental impact on ad hoc hosts in term of Internet access, integrity, and authentication. Both analysis and simulation results demonstrate the effectiveness of the proposed security protocol. Copyright © 2007 John Wiley & Sons, Ltd.     

SOS: Self‐organized secure framework for VANET

While authentication is a necessary requirement to provide security in vehicular ad hoc networks, user's personal information such as identity and location must be kept private. The reliance on road side units or centralized trusted authority nodes to provide security services is critical because both are vulnerable, thus cannot be accessed by all users, which mean security absence. In this paper, we introduce a self‐organized secure framework, deployed in vehicular ad hoc networks. The proposed framework solution is designed not only to provide an effective, integrated security and privacy‐preserving mechanism but also to retain the availability of all security services even if there are no road side units at all and/or the trusted authority node is compromised. A decentralized tier‐based security framework that depends on both trusted authority and some fully trusted nodes cooperated to distribute security services is presented. Our approach combines the useful features of both Shamir secret sharing with a trust‐based technique to ensure continuity of achieving all security services. Mathematical analysis of security issues that the proposed framework achieves as well as the availability of offering security services is provided. Proposed framework examination was done to show the performance in terms of storage, computation complexity, and communication overhead as well as its resilience against various types of attacks. Comparisons with different types of security schemes showed that the protocol developed gave better results in most comparison parameters while being unique ensuring continuity of security services delivery.     

A novel batch-based group key management protocol applied to the Internet of Things

Many applications for ad hoc networks are based on a point-to-multipoint (multicast) communication paradigm, where a single source sends common data to many receivers, or, inversely, on a multipoint-to-point communication paradigm, where multiple sources send data to a single receiver. In such scenarios, communication can be secured by adopting a common secret key, denoted as “group key”, shared by multiple communication endpoints. In this work, we propose a novel centralized approach to efficiently distribute and manage a group key in generic ad hoc networks and Internet of Things, while reducing the computational overhead and network traffic due to group membership changes caused by users’ joins and leaves. In particular, the proposed protocol takes advantage of two possible leave strategies: (i) at a pre-determined time selected when the user joins the group or (ii) at an unpredictable time, as in the case of membership revocation. The proposed protocol is applied to two following relevant scenarios: (i) secure data aggregation in Internet of Things (IoT) and (ii) Vehicle-to-Vehicle (V2V) communications in Vehicular Ad hoc Networks (VANETs).     

A simple distributed PRMA for MANETs

With the rapid development of Global Positioning System (GPS) technology and its applications, synchronization between terminals in mobile ad hoc environments becomes feasible at a low cost. Thus, slotted-channel-based medium access control (MAC) schemes like time division multiple access (TDMA) also become interesting for mobile ad hoc networks (MANETs). In this paper, we extend the classical centralized and slotted packet reservation multiple access (PRMA) scheme to a simple distributed PRMA (D-PRMA) as a MAC scheme for MANETs, with emphasis on voice application support. The major efforts of D-PRMA include 1) a simple slot reservation mechanism for voice traffic at the level of "talkspurt" without relying on any central entity and 2) a simple solution for the hidden and exposed terminal problems uniquely present in wireless ad hoc environments. The performance of D-PRMA has been investigated by analysis and computer simulations in comparison with IEEE 802.11. The results show that D-PRMA is much more suitable than IEEE 802.11 for voice application     

Security and Cooperation in clustered mobile ad hoc networks with centralized supervision

Although individual node cooperation is necessary for the correct execution of network protocols in mobile ad hoc networks (MANETs), it is not always guaranteed. In this paper, we present a node reputation scheme aiming at reinforcing node cooperation in MANETs with centralized control. This scheme was designed for centralized ad hoc network architecture (CANA), an ad hoc enhancement to the HIPERLAN/2 WLAN standard. Misbehavior detection techniques for protocol attacks in both the cluster formation and data transmission phases of the network operation are developed. Statistical methods for selecting the optimal parameters of the reputation scheme are investigated and their efficiency is illustrated through theoretical analysis and simulation results. Throughout this paper, the specific aspects of CANA that impose particular design decisions are outlined and the applicability of our scheme to other network architectures is discussed.     

基于信任列表的可信第三方跨域认证模型

目前国内已有31家获得电子认证服务许可的第三方认证机构（certification authority,CA）,跨CA的信任和验证日益迫切。针对该问题,提出了一种基于信任列表的可信第三方跨域认证模型。该模型依托公钥基础设施（public key infrastructure,PKI）所提供的数字证书等安全服务,通过引入新的信任机制更好地管理和控制了可信根证书列表,既避免了传统信任列表模型的诸多缺点,又能够有效实现多CA互信互认。为支持这一跨信任域模型的实际运行,设计了相应的工作流程和多CA认证方案,并开发了多CA应用支撑模块,以及就其中的关键技术问题进行了详细论述。分析表明,该模型能够让应用系统灵活地动态兼容不同CA所颁发的数字证书,且在认证效率、安全性、实用性以及应用改造等方面均具有明显优势。      

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment.     

Dynamic QoS Allocation for Multimedia Ad Hoc Wireless Networks

In this paper, we propose an approach to support QoS for multimedia applications in ad hoc wireless network. An ad hoc network is a collection of mobile stations forming a temporary network without the aid of any centralized coordinator and is different from cellular networks which require fixed base stations interconnected by a wired backbone. It is useful for some special situations, such as battlefield communications and disaster recovery. The approach we provide uses CSMA/CA medium access protocol and additional reservation and control mechanisms to guarantee quality of service in ad hoc network system. The reason we choose CSMA protocol instead of other MAC protocols is that it is used in most of currently wireless LAN productions. Via QoS routing information and reservation scheme, network resources are dynamically allocated to individual multimedia application connections.