Y. Dong

ARMR: Anonymous routing protocol with multiple routes for communications in mobile ad hoc networks

A mobile ad hoc network consists of mobile nodes that communicate in an open wireless medium. Adversaries can launch analysis against the routing information embedded in the routing message and data packets to detect the traffic pattern of the communications, thereby obtaining sensitive information of the system, such as the identity of a critical node. In order to thwart such attacks, anonymous routing protocols are developed. For the purposes of security and robustness, an ideal anonymous routing protocol should hide the identities of the nodes in the route, in particular, those of the source and the destination. Multiple routes should be established to increase the difficulty of traffic analysis and to avoid broken paths due to node mobility. Existing schemes either make the unrealistic and undesired assumption that certain topological information about the network is known to the nodes, or cannot achieve all the properties described in the above. In this paper, we propose an anonymous routing protocol with multiple routes called ARMR, which can satisfy all the required properties. In addition, the protocol has the flexibility of creating fake routes to confuse the adversaries, thus increasing the level of anonymity. In terms of communication efficiency, extensive simulation is carried out. Compared with AODV and MASK, our ARMR protocol gives a higher route request success rate under all situations and the delay of our protocol is comparable to the best of these two protocols.

Providing distributed certificate authority service in cluster-based mobile ad hoc networks

Nodes in a mobile ad hoc network (MANET) are more vulnerable and there is no predefined infrastructure in such a network. Providing secure communication in these networks is an important and challenging problem. Among all proposed schemes, the model of using distributed certificate authorities (CA) based on threshold cryptography and proactive share update using a cluster-based architecture seems to be a promising approach. However, there are two issues that are not well studied in the current literature for this model: (1) how to locate enough CA servers, and (2) how to perform the proactive share update. In this paper, we propose two efficient schemes with low system overhead to tackle these two problems. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead. The effectiveness of our proposed schemes has been verified by extensive simulation.

Providing Distributed Certificate Authority Service in Mobile Ad Hoc Networks

In this paper, we propose an architecture for providing distributed Certificate Authority (CA) service in Mobile Ad Hoc Networks (MANET), based on threshold cryptography. We have two major contributions: 1) we make use of the cluster structure to provide CA service, and design a scheme for locating CA server nodes in MANET; 2) we provide a proactive secret share update protocol, which periodically updates CA secret shares with low system overhead. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead.

Performance evaluation on CRL distribution using flooding in mobile ad hoc networks (MANETs)

In PKI (Public Key Infrastructure), certificate revocation list (CRL) carries important information of the revoked certificates. Users need to check with this CRL frequently to make sure that the certificate in consideration is still valid and has not been revoked. In a wired network, this CRL is stored in a centralized Certificate Authority (CA) and can be accessed easily by users. However, in a mobile ad hoc network (MANET), which is characterized by its lack of infrastructure support, high node mobility, and the instability of communication links, we usually have to use multiple CAs. Users may not be able to connect to a particular CA, so distributing the latest version of CRL to all CAs becomes important. To solve this CRL distribution problem, a number of proposed solutions have been suggested. Most of these solutions are based on flooding. However, under what conditions flooding is a viable approach to distribute information in an ad hoc network has not been elaborated. In this paper, we take the first step to answer this question by simulation based on a realistic model. We identify some critical factors affecting the performance of flooding. And based on the simulation results, we provide useful insights on the minimum requirement for flooding to work smoothly in MANET.

Chained Threshold Proxy Signature without and with Supervision

Threshold proxy signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n subordinates without revealing his own private key, such that a subgroup of at least t les n subordinates is required to generate a proxy signature. In reality, the situation can be more complicated. First of all, the subgroup may further delegate proxy signing capabilities to another subgroup of subordinates (in the form of a chain). This is a group-to-group delegation problem. In addition, a supervising agent (SA) may be introduced to supervise the subordinates, such that proxy signing can only be successfully executed with SApsilas agreement. This is a delegation with supervision problem. These two extensions of delegation problems are not solved yet. This paper designs two provably secure cryptographic schemes chained threshold proxy signature (CTPS) scheme and chained threshold proxy signature with supervision (CTPSwS) scheme to solve these two delegation problems.

An Efficient Cluster-Based Proactive Secret Share Update Scheme for Mobile Ad Hoc Networks

When implementing public key security services in mobile ad hoc networks (MANETs), multiple certificate authority (CA) servers are usually adopted to increase the security of the system, with each CA node holding only one share of the private key. To prevent an adversary from collecting a large enough number of shares over a long period of time to compromise the system, the shares will be periodically updated. However, it is not trivial how this update procedure can be done efficiently in a MANET. In this paper, we devise an efficient distributed secret key share update scheme for MANETs based on the cluster architecture. In our scheme, the secret shares are updated first by a small group of server nodes. With the assistance of the cluster head in each cluster, the updated servers then refresh the shares in the remaining servers. We evaluate our scheme by simulation and show that our scheme can expedite the share update process.

Secure Chained Threshold Proxy Signature without and with Supervision

Threshold Proxy Signature (TPS) scheme facilitates a manager to delegate his signing capability to a group of n2 sub-ordinates without revealing his own private key, such that a subgroup of at least t2 ≤ n2 subordinates is required to generate a proxy signature. In reality, the situation can be more complicated. First of all, the subgroup may further delegate their proxy signing capabilities to another group of n3 subordinates such that at least another subgroup of at least t3 ≤ n3 subordinates are of the proxy signing capabilities (in the form of a chain). t2 can be unequal to t3 depending on the concrete requirement. This is a group-to-group delegation problem. In addition, a supervising agent (SA) may be introduced in the above chain to supervise the subordinates, such that proxy signing can only be successfully executed with SA’s agreement. This is a delegation with supervision problem in the threshold delegation chain described above. These two extensions of delegation problems are not solved yet. This paper designs two provably secure cryptographic schemes Chained Threshold Proxy Signature (CTPS) scheme and Chained Threshold Proxy Signature with Supervision (CTPSwS) scheme to solve these two delegation problems.

Dynamic Distributed Certificate Authority Services for Mobile Ad Hoc Networks

Many secure protocols in mobile ad hoc networks rely on the public key infrastructure. Due to the vulnerability of nodes in MANETs, multiple certificate authorities (CAs) distributed over the network, each with a periodically updated share of the private key, is usually adopted. Existing approaches either assume that all nodes are CAs which is not realistic or assign each cluster head to be a CA based on the cluster architecture which may not be efficient since CA service may involve nodes in many clusters. In a previous work, we enhance the latter approach by allowing other nodes to be CAs. All these schemes do not allow the number of CAs to be changed adaptively due to the changes in the size of the network which is common in MANETs. In this paper, we propose a new framework to provide distributed authority services in cluster-based MANETs. In each cluster, a set of nodes are chosen as CAs. The size of the CA set is adaptive to network changes. We further require the shares in different clusters to be independent, and periodically updated.