WIRELESS NETWORK SECURITY 85 In this chapter, based on the latest advances in identity-based cryptography (IBC),

we prompt identity-based key management in wireless ad hoc networks. IBC is a special form of PKC [8]. In regular PKC, an entity (or a peer in ad hoc networks) of known identity generates a pair of public-key and private-key or obtains it from public-key infrastructures (PKIs). The binding between the peer identity and its public-key should be certified by trusted third-parties; otherwise, a peer can easily impersonate others by forging their public-keys and compromise communications intended for those peers. In IBC, such binding and verifying are unnecessary, since the public-key of a peer is exactly its identity (or a known transformation of the identity). As far as a peer can communicate with others by their identity, the peer can apply any security procedures bootstrapped from identities to secure its communications with those peers. We find that the unique features offered by IBC make identity-based key management a strong candidate for securing peer communications in wireless ad hoc networks.

The contributions of this chapter are twofold. First, we present identity-based key management schemes designed for bootstrapping various security procedures in wireless ad hoc networks. We show that these schemes not only accomplish their goals without the support of communication and security infrastructures, but also ac- commodate dynamic peer membership for potentially a large number of mobile peers. Also, these schemes are effective and efficient. For example, a sender-only peer has no security overhead in terms of verifying the public-key of others or obtaining its own private-key; a peer can send another peer some information only accessible by the latter in the future; a compromised peer can be easily identified and excluded from such systems. Second, we illustrate identity-based secure communication schemes with a security enhancement to the Dynamic Source Routing (DSR) protocol, in order to demonstrate that these schemes are intrinsically suitable for and practically capable of securing wireless ad hoc networks. We also expect that such schemes have great impact on dealing with other network security issues. An IBC and threshold-based key distribution scheme is independently proposed in [9]; in contrast to a conceptual sketch in [9], here we give a concrete design of all necessary building blocks. Although IBC has been explored in other contexts such as IPsec, personal area networks, IPv6 neighbor discovery and grid computing [10, 11, 12, 13], our goal in this chapter is not only to show that IBC-based schemes can support confidentiality, integrity and authen- ticity, but also to reveal that these security properties can be achieved more effectively and efficiently with IBC-based schemes due to the irreplaceable role of peer identity in wireless ad hoc networks.

The remainder of this chapter is organized as follows. In Section 2, we present a model of wireless ad hoc networks and their security requirements; we also briefly overview identity-based cryptography and its latest advances. In Section 3, we in- troduce identity-based key management schemes for bootstrapping and managing any chosen security procedures in wireless ad hoc networks. In Section 4, we illustrate identity-based secure communication schemes to ensure the confidentiality, integrity and authenticity of information exchange among autonomous peers in these systems; we also design a security enhancement to DSR, with focus on its route discovery and maintenance procedures and its resistance against various attacks. Section 5 offers

86 JIANPING PAN, et al. d1 d2 i j k d park mobile active stationary idle booth

Figure 1.A wireless ad hoc network at a recreation park.

further discussion, and Section 6 reviews related work. Section 7 concludes the chapter with directions of our future work.

2.

2.1. Network Model

Wireless ad hoc networks are fully-distributed systems of self-organizing peers that want to exchange information over wireless links but do not rely on any preexisting infrastructures [1, 2, 3, 4]. Fig. 1 shows such networks in a generic format. Mobile peers (e.g., laptop computers with wireless interfaces as filled or unfilled dots) can join or leave such systems (depicted by a large dashed circle, e.g., a recreation park) at any time. Only peers require keying have to pass by an offline authority regularly (e.g., a ticketing booth within a small dotted circle). However, there are no physical barriers around the vicinity, and peers can join or leave systems at any locations (e.g., a sender- only peer without keying). While peers are in the system, they can remain stationary or change their location, and keep idle or communicate with others. Also, peers can assist communications among others if they choose to do so. Without any centralized online authorities, peers communicate in uni- or bi-direction, single- or multi-hop, single- or multi-path, and single- or multi-point form, or any combinations of these forms.

For a given information exchange between two peers, e.g., transferring a bulk data ofbunit amount from peeritokthat isdunit distance away in Fig. 1 (zoomed in a dotted ellipse),ihas two strategies. With the first one,itransmitsbtokdirectly, and consumes energy

et

i(b, d) = (t1+t2dn)b, (1)

where2≤n≤6is the path loss exponent, andt1andt2are the coefficients of distance-

independent and distance-related energy consumption, respectively. Some facts may prevent i from adopting this strategy: i) when d > D, where D is the maximum transmission range ofi; ii) direct wireless communications ofi andk may impose strong interference on peers betweeniandj. With the second strategy, when there is a third peerjthat lies in betweeniandk,imay save energy by requestingjto relayb

WIRELESS NETWORK SECURITY 87