Anders Fongen

Optimization of a Public Key Infrastructure

The traffic patterns related to operation of a Public Key Infrastructure (PKI) can be modeled and optimized. Even though PKI has been around for three decades, relatively few results have been presented on this matter. The contribution of this paper is a PKI traffic model based on observation of familiar use cases together with hypotheses from scale free graph theory. Based on a set of estimated parameters, an optimized organization of a PKI is proposed. One key element has been to avoid costly revocation mechanisms. The proposed solution includes the use of short lived certificates which do not need a revocation mechanism, and the use of cached validation proofs to save protocol round trips. PKI also presents special challenges during operation in tactical wireless networks. Reduced bandwidth and connectivity requirements are commonly considered as essential properties for a successful tactical application. The paper also proposes an organization of a PKI for a mixed tactical/strategic network.

Scalability analysis of selected certificate validation scenarios

The use of public key based cryptographic algorithms enables new applications for encryption and digital signatures, and offers solution to a range of authentication and information integrity problems. One cause of concern regarding public key cryptography is the amount of computational and network resources required for key management. Although this has been a research focus for some time, little work has been done to formally analyze the scalability properties of the key management procedures. The purpose of this paper is to offer an analysis of certificate validation operations from a scalability perspective. Furthermore, the focus of the analysis is on client side data rates. This focus has been chosen since the capacity of the network closest to the clients is scarce and likely to be a bottleneck. This is particularly true when the clients are connected through a wireless tactical network.

The Integration of Trusted Platform Modules into a Tactical Identity Management System

The use of integrity protection mechanisms from a tactical Identity Management (IdM) system is the focus of this paper. While traditional identity management systems supports authentication, and some also access control, there is still a need for attestation of platform integrity. The proposed solution employs the Trusted Platform Module (TPM) hardware unit to secure the integrity of the software configuration, and to provide cryptographic proof to the IdM system for subsequent attestation of the systems integrity. The communicating parties may elevate their mutual trust on the basis of this attestation.

Identity Management and Integrity Protection in Publish-Subscribe Systems

The use of Identity Management (IdM) may leverage the trust in a distributed Publish-Subscribe (PubSub) system. An IdM provides mutual authentication between publishers, subscribers and message routers, enforces access control on message delivery and integrity control of message content. Access control is also a means to reduce traffic in a PubSub network since unauthorized message traffic will not be forwarded. A framework for providing identity management in a generic PubSub systems is presented and analyzed in this paper. The trust in the system relies to some extent on the use of hardware units for the protection of software integrity.

The effect of a MANET proxy overlay for certificate validation services

Certificate validation based on PKIX protocols does not work well under the particular conditions found in a MANET: Episodic connectivity and low bandwidth. We propose an overlay network of validation proxy servers which exploit cooperative caching of recent validation results. The proxy overlay improves the availability of the validation service and reduces the network traffic. The design employs the XKMS certificate validation protocols and a cross-layer approach to the construction of the proxy overlay.

Integrity attestation in military IoT

Trust in the correct operation (“bona fide”) of a transaction is sometimes required in order to trust the validity of exchanged data. Authentication of users/subjects does give some trust in the intent of a transaction, but not in its conduct. Malware may cause the other end to send corrupted data or misbehave in other ways. This paper discusses different mechanisms through which nodes can prove to each other that their software stack is clean from unwarranted modifications, called integrity attestation. For IoT applications, integrity assurance can lead to higher trust in the exchanged data, e.g., sensor readings.

Trusted Service Discovery through Identity Management

Service oriented environments face threats from unauthorized clients and fake or compromised services. The threats exist both during service discovery and service invocation, and should be mitigated through the same security framework. Through the use of a modern identity management system which offers a combination of key attestation and attributes for access control, more threats can be appropriately addressed. The combination of discovery and identity management results in a more comprehensive threat mitigation, scalable maintenance of security related information and easier federations of security domains. The architecture and protocols of this system combination are presented and discussed.

Certificate validation in military MANET based on overlay network of XKMS proxies

Certificate validation in tactical wireless networks and MANETs is a hard problem, due to low bandwidth and frequent disconnections. We suggest a cooperative caching approach with an overlay network of XKMS proxies. The overlay network is discovered and maintained with only marginal increase in the network traffic. This is due to a cross layer design where the XKMS proxies tap into the OLSR routing protocol and utilize the topology information provided by the OLSR path discovery mechanisms.

Data-centric authorization and integrity control in a Linda tuplespace

In tuplespace applications where flows of data need to be kept separate for confidentiality reasons, there must be a rights management arrangement to control the access to tuples. Also, where the authorization of the tuple creator needs to be controlled for integrity reasons, the same requirement applies. This paper describes the SmallSpaces tuplespace implementation and how the implementation meets these requirements. Firthermore, the arrangement for the protection from covert channels during transaction processing is discussed.

Improving simplified multicast forwarding using an elevated relay node

In emergency and crisis operations, group communication is essential to coordinate rescue efforts. Mobile Ad Hoc Networks (MANETs) can provide dynamic and resilient communication services in areas without a working communication infrastructure. The connectivity of MANETs can be improved using an elevated network node due to larger ground coverage, thus improving node reachability. Simplified Multicast Forwarding (SMF) is a scheme to efficiently distribute group communication packets in MANETs. In this paper, we explore methods to utilize SMF in a MANET supported by an elevated network node. We show that an elevated network node can improve the packet delivery ratio in a MANET with SMF-distribution of multicast packets. Further gains are made by unicasting the packets from the source to the elevated network node, moving the initial point of the SMF-distribution to the elevated network node. The consequences of a potential unicast packet loss are lessened by the source retransmitting the packet as multicast if it fails to receive the SMF-forwarded packet from the elevated network node. We achieve a high packet delivery ratio while maintaining a low cost for most topology sizes. Finally, the paper outlines future research directions for group communication in MANETs.