Shushan Zhao

A Survey of Applications of Identity-Based Cryptography in Mobile Ad-Hoc Networks

Security in mobile ad-hoc networks (MANETs) continues to attract attention after years of research. Recent advances in identity-based cryptography (IBC) sheds light on this problem and has become popular as a solution base. We present a comprehensive picture and capture the state of the art of IBC security applications in MANETs based on a survey of publications on this topic since the emergence of IBC in 2001. In this paper, we also share insights into open research problems and point out interesting future directions in this area.

PKI-Based Authentication Mechanisms in Grid Systems

Grids have emerged as the basic infrastructure for high performance distributed computing and data collaborations. Although they depict an attractive new world of computing, security is the biggest barrier against wide adoption of Grids. Authentication is the basis of security in grids. GSI uses X.509 PKI and proxy certificates as authentication foundation, and uses gateway for mapping certificates between different authentication mechanisms. In this article, we review PKI and PKI-based authentication mechanisms used in grid systems. These mechanisms are insufficient or problematic under some circumstances. We study and analyze some prominent challenges or problems: compatibility across different PKIs, proxy certificate revocation, security weakness, and authentication in ad hoc grids. For each of them, we introduce possible solutions, and analyze state-of-the-art technologies and ongoing researches that indicate the direction of future work on this topic.

A key management and secure routing integrated framework for Mobile Ad-hoc Networks

Key management (KM) and secure routing (SR) are two most important issues for Mobile Ad-hoc Networks (MANETs), but previous solutions tend to consider them separately. This leads to KM-SR interdependency cycle problem. In this paper, we propose a KM-SR integrated scheme that addresses KM-SR interdependency cycle problem. By using identity based cryptography (IBC), this scheme provides security features including confidentiality, integrity, authentication, freshness, and non-repudiation. Compared to symmetric cryptography, traditional asymmetric cryptography and previous IBC schemes, this scheme has improvements in many aspects. We provide theoretical proof of the security of the scheme and demonstrate the efficiency of the scheme with practical simulation.

Building secure user-to-user messaging in mobile telecommunication networks

Short Message Service (SMS) and Multimedia Message Service (MMS) are popularly used and will be more popular in the future. However, the security of SMS and MMS messages is still a problem. There is no end-to-end security (including integrity, confidentiality, authentication, and non- repudiation) in these services. This hinders service providers to provide some services that require communication of high-level security. There have been some solutions proposed for this issue in literature, but these are not suitable for user-to-user communication. In this paper, we review existing solutions and analyze their weaknesses. We then propose a new solution for a secure messaging channel using identity-based cryptography. This solution provides end-to-end security from service provider to mobile users, and between mobile users. The advantage of this solution is that it does not require a large storage on mobile terminal side, which is especially essential for user-to-user communication. Also this solution can be implemented with existing technologies on both service provider side and mobile terminal side. We concentrate the discussion on SMS service in details, while the scheme also works for MMS service.

A Secure Routing Protocol in Proactive Security Approach for Mobile Ad-Hoc Networks

Secure routing of Mobile Ad-hoc Networks (MANETs) is still a hard problem after years of research. We therefore propose to design a secure routing protocol in a new approach. This protocol starts from a prerequisite secure status and fortifies this status by protecting packets using identity-based cryptography and updating cryptographic keys using threshold cryptography periodically or when necessary. Compared to existing schemes, the main contribution of our proposal is the notion of allowing only legitimate nodes to participate in the bootstrapping process, rather than trying to detect adversary nodes after they are participating in the routing protocol. Besides, the proposal has several improvements in routing setup and maintenance: it does not need any side channel or secret channel; it simplifies secret updates without requiring a node to move around; it does not use flooding to set up initial routing, and does not use multicast to update secrets.

A Framework for Revocation of Proxy Certificates in a Grid

Proxy certificates (PCs) are essential in grid security infrastructure (GSI), but their revocation still remains problematic in grid environments. The mechanisms for normal end entity certificates (EEC) revocation need to be reconsidered or revised for PC revocation in grids. In this paper, we present a new framework that addresses the PC revocation problem based on MyProxy - the online credential repository - in Globus toolkit. The framework has been implemented to prove its feasibility. The implementation is light-weight and has been integrated into the Globus architecture. We consider this as an important contribution to Globus and MyProxy and of significance to users and providers of critical grid services.

A Deployment Tool for Public Safety Ad-hoc Networks

Public protection and disaster relief is a promising application area for ad-hoc networks. We propose architecture and show a prototype implementation of an application for helping network deployment on the scene. The application has a graphical interface showing network status and proposing actions for additional measures to ensure the uninterrupted and reliable operation of the network. The tool is designed for a user with no experience of network planning

General-purpose Identity Hiding Schemes for Ad-hoc Networks

Identity disclosure is a security and privacy concern in mobile ad-hoc networks. Previous proposals suggest using anonymous routing protocols. These solutions are limited on certain routing protocols, and cannot be applied to higher layers. In this paper, we propose the requirements of an general-purpose identity hiding scheme, and present schemes based on popular cryptosystems: AES, RSA, and ElGamal. These schemes can be applied in network and above layers. These schemes also overcome the following drawbacks of previous anonymous routing protocols: pair-wise keys, and large amount of pseudonyms. Hence, the proposed schemes are more efficient and applicable.

Against mobile attacks in Mobile Ad-hoc Networks

Many recent security schemes for ad-hoc networks use identity-based cryptography and threshold cryptography. These schemes are subject to mobile attacks. The existing solution is secret refreshing. We notice some loopholes in this solution, and propose an improved scheme to address them. By dividing the master key of identity-based cryptography into static part and dynamic part, the scheme is more resistant to mobile attacks and some others, such as Sybil attacks. While remaining the key escrow free feature, the scheme can dramatically reduce secret refreshing overhead. Threshold cryptosystems using this scheme are thus more survivable and scalable.

An integrated key management and secure routing framework for Mobile Ad-Hoc Networks

Key management (KM) and secure routing (SR) are two most important issues for Mobile Ad-hoc Networks (MANETs), but previous solutions tend to consider them separately. This leads to KM-SR interdependency cycle problem. In this paper, we propose an integrated KM-SR scheme that addresses KM-SR interdependency cycle problem. By using identity based cryptography (IBC), this scheme provides security features including confidentiality, integrity, authentication, freshness, and non-repudiation. Compared to symmetric cryptography, traditional asymmetric cryptography and previous IBC schemes, this scheme has improvements in many aspects. We provide theoretical proof of the security of the scheme and demonstrate the efficiency of the scheme with practical simulation.