Repository logo

Electronic Engineering

Permanent URI for this communityhttps://hdl.handle.net/10413/6532

Browse

Browsing Electronic Engineering by Subject "Ad hoc networks (Computer networks)"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Key management in mobile ad hoc networks.
    (2005) Van der Merwe, Johannes Petrus.; McDonald, Stephen A.
    Mobile ad hoc networks (MANETs) eliminate the need for pre-existing infrastructure by relying on the nodes to perform all network services. The connectivity between the nodes is sporadic due to the shared, error-prone wireless medium and frequent route failures caused by node mobility. Fully self-organized MANETs are created solely by the end-users for a common purpose in an ad hoc fashion. Forming peer-to-peer security associations in MANETs is more challenging than in conventional networks due to the lack of central authority. This thesis is mainly concerned with peer- t o-peer key management in fully self-organized M ANETs. A key management protocol’s primary function is to bootstrap and maintain the security associations in the network, hence to create, distribute and revocate (symmetric or asymmetric) keying material as needed by the network security services. The fully self-organized feature means that t he key management protocol cannot rely on any form of off-line or on-line trusted third party (TTP). The first part of the thesis gives an introduction to MANETs and highlights MANETs' main characteristics and applications. The thesis follows with an overall perspective on the security issues in MANETs and motivates the importance of solving the key management problem in MANETs. The second part gives a comprehensive survey on the existing key management protocols in MANETs. The protocols are subdivided into groups based on their main characteristic or design strategy. Discussion and comments are provided on the strategy of each group. The discussions give insight into the state of the art and show researchers the way forward. The third part of the thesis proposes a novel peer- to-peer key management scheme for fully self-organized MANETs, called Self-Organized Peer-to-Peer Key Management (SelfOrgPKM). The scheme has low implementation complexity and provides self-organized mechanisms for certificate dissemination and key renewal without the need for any form of off-line or on-line authority. The fully distributed scheme is superior in communication and computational overhead with respect to its counterparts. All nodes send and receive the same number of messages and complete the same amount of computation. ScifOrgPKM therefore preserves the symmetric relationship between the nodes. Each node is its own authority domain which provides an adversary with no convenient point of attack. SelfOrgPKM solves t he classical routing-security interdependency problem and mitigates impersonation attacks by providing a strong one-to-one binding between a user’s certificate information and public key. The proposed scheme uses a novel certificate exchange mechanism t hat exploits user mobility but does not rely on mobility in anyway. The proposed certificate exchange mechanism is ideally suited for bootstraping the routing security. It enables nodes to setup security associations on the network layer in a localized fashion without any noticeable time delay. The thesis also introduces two generic cryptographic building blocks as the basis of SelfOrgPKM: 1) A variant on the ElGamal type signature scheme developed from the generalized ElGamal signature scheme introduced by Horster et al. The modified scheme is one of the most efficient ElGamal variants, outperforming most other variant s; and 2) A subordinate public key generation scheme. The thesis introduces t he novel notion of subordinate public keys, which allows the users of SelfOrgPKM to perform self-organized, self-certificate revocation without changing their network identifiers / addresses. Subordinate public keys therefore eliminate the main weakness of previous efforts to solve the address ownership problem in Mobile IPv6. Furthermore, the main weakness of previous efforts to break t he routing-security interdependence cycle in MANETs is also eliminated by a subordinate public key mechanism. The presented EIGamal signature variant is proved secure in t he Random Oracle and Generic Security Model (ROM+ GM ) without making any unrealistic assumptions . It is shown how the strong security of the signature scheme supports t he security of t he proposed subordinate key generation scheme. Based on the secure signature scheme a security argument for SelfOrgPKM is provided with respect to a genera l, active insider adversary model. The only operation of SelfOrgPKM affecting the network is the pairwise exchange of certificates. The cryptographic correctness, low implementation complexity and effectiveness of SelfOrgPKM were verified though extensive simulations using ns-2 and OpenSSL. Thorough analysis of the simulation results shows t hat t he localized certificate exchange mechanism on the network layer has negligible impact on network performance. The simulation results also correlate with efficiency analysis of SelfOrgPKM in an ideal network setting, hence assuming guaranteed connectivity. The simulation results furthermore demonstrate that network layer certificate exchanges can be triggered without extending routing protocol control packet.
  • Thumbnail Image
    Item
    Trust establishment in mobile ad hoc networks.
    (2010) Gordon, Richard Lawrence; Dawoud, Peter Dawoud Shenouda.
    The central focus of this dissertation is mobile ad hoc networks (MANETs) and their security. MANETs are autonomous networks of wireless nodes connected in an ad hoc manner, and have unique characteristics that make them difficult to secure. The principal aims of this investigation are to discuss the research and evaluation of existing mechanisms to secure MANETs and to design the implementation of a unique security mechanism. Key management is a major challenge in these networks due to the lack of fixed network infrastructure. In presenting a survey of the existing key management solutions for MANETs, the findings indicate that most security attacks target the network layer and more specifically the routing protocol. Consequently, the provision of secure routes is a vital element for trust establishment, and accordingly a survey is provided of the existing secure ad hoc routing protocols. The observation is made that most secure ad hoc routing protocols assume the existence of a key management system to certify, authenticate, and distribute keying information. Mobile ad hoc networks cannot assume the existence of a centralized authority member to perform key management tasks, and the problem of key management must be addressed. A novel key management solution called Direct Indirect Trust Distribution (DITD) is proposed for an on-demand ad hoc routing protocol. The solution includes a trust evaluation mechanism and a key distribution scheme to distribute keying information in the form of certificates. The key distribution scheme performs localized certificate exchanges following the routing procedure. A security evaluation metric is proposed that aggregates trust along a path based on a security metric and the path distance. The proposed solution is implemented on a modified AODV routing protocol, and simulated on the ns2 Network Simulator. Simulations are conducted in order to compare the performance of the AODV and DITD protocols. The simulation results show that the DITD model provides key distribution and trust path selection with minimal effect on the routing agent. The findings of the investigation confirm that DITD can be used as a basis for the operation of existing security protocols requiring a secure key distribution mechanism.