Xuemin (Sherman) Shen
WIRELESS NETWORK SECURITY 99 peers Also, the total number of shared-keys is in the order of N
, whereN is the number of all potential peers and can be very large even in small systems with high membership dynamic. SKC procedures are efficient in general to achieve security properties, but have higher overhead with regard to key management.
Normally, RSA-based PKC procedures are less efficient than those in SKC in achieving the same level of security, but the key management in PKC is has less over- head than SKC, if a PKI or a CA hierarchy has already been built and well-maintained. A distributed certification service is proposed in [24], in which the system private-key used to sign peer public-key certificates is distributed to multiple servers with threshold cryptography. It strengthens the security and reliability of public-key certification, but does not reduce the associated overhead. A self-organizing PGP-like key management is proposed in [34], in which peers probabilistically obtain a certificate chain to other peers by merging their local certificate repositories; however, a roaming peer has dif- ficulty in building its local repository shortly after it joins a foreign system. Random key predistribution has also been attempted in wireless sensor networks [35].
Cryptographically-generated identity [36] is an approach closest to ours. With this approach, peers derive their statistically-unique identity from their public-key (e.g., by hashing), so that the binding between the identity and the public-key of an entity is self-verifiable, which also eliminates the need for public-key certification. However, such identities cannot have any easy-to-understand semantics for its owner and other peers, and additional infrastructures (similar to DNS mapping host name to IP address) may be required to enable distributed applications.
In IBC-based schemes, peers only propose their identity, which is also their public- key, and can potentially have very rich semantics. Therefore, the binding of identity and public-key is intrinsic, and the name-to-identity mapping is unnecessary. This fact reduces the communication and computing overhead for resource-constrained peers in wireless ad hoc networks. For example, sender-only peers have no keying requirement, and peers can request keying even after regular, encrypted information is received. Also, these IBC-based schemes are based on ECC primitives, which are considered more efficient than RSA-based primitives [10, 11, 12, 13]. As we mentioned, BLS-IBS signatures achieve the similar level of security to DSA signatures with a size half of the latter. Further, IBC-based schemes can authentically bootstrap symmetric procedures even without having any physical communications beforehand. All these features are very attractive to resource-constrained peers in wireless ad hoc networks.
Message routing —Many wireless ad hoc routing schemes, no matter reactive or proactive ones, are found vulnerable to corrupted or false routing information. Several security patches have been proposed, which are based on either SKC or regular PKC systems. Broadcast operations often occur in route discovery, while traditional security associations are often based on a point-to-point model. Ariadne is a DSR-like routing scheme, in which message authenticity can be protected by digital signature, preshared secret, or a timed-release hash-chain to allow a group of recipients to verify messages with the same symmetric key (i.e., Tesla keys), without allowing them to forge extra messages [37]. In Ariadne, all peers require loose time synchronization to release key gradually. SRP is another DSR-like routing scheme, where intermediate peers
100 JIANPING PAN, et al. do not perform cryptographic operations and have noa prioriassociations with end- peers [38]; but source and destination peers should have security associations. SAR [39] and SAODV [40] attempt to secure AODV, another on-demand ad hoc routing protocol. SEAD is a DSDV-like routing scheme that employs one-way hash function to protect route update without any asymmetric cryptographic operations [41], but SEAD has to rely on other means to distribute and authenticate the final value (i.e., image) of a hash-chain. ARAN employs PKC to guarantee message authenticity, integrity and non- repudiation, and to prevent modification, impersonation and fabrication attacks [42].
In contrast, IBC-based schemes can be seamlessly integrated with wireless ad hoc routing protocols, and achieve the same level of security more effectively than SKC-based schemes and more efficiently than regular PKC-based schemes. There are other security schemes proposed to defense against more sophisticated attacks such as blackhole, wormhole, rushing and replay attacks in ad hoc networks [14, 17, 18, 16, 15], which are orthogonal to our effort. Further, the identity-based key management schemes proposed in this chapter can help reduce the risk of certain sophisticated attacks associated with forged identities (e.g., Sybil attacks [43]), since malicious peers cannot always request keying from the PKG arbitrarily and then freely spoof their identities to cheat other peers.
7.
CONCLUSIONAchieving secure, trustworthy and dependable peer communications imposes a major challenge in the highly-anticipated deployment of large-scale, heterogeneous wireless ad hoc networks. In this chapter, after identifying the irreplaceable role of peer identity in these networks, we promoted identity-based key management schemes, which can effectively and efficiently bootstrap any chosen security procedures in wire- less ad hoc networks. In addition, we illustrated secure communication schemes with a security enhancement to a reactive ad hoc routing protocol, and demonstrated that identity-based schemes are intrinsically suitable for and practically capable of ensuring the confidentiality, integrity and authenticity of information exchange among peers.
In this chapter, we assumed that autonomous peers are always collaborative in relaying once they have chosen to do so. Designing accounting and rewarding schemes to stimulate selfish peers to become collaborative and to compensate them if they do so is one of our future work items.
8.
REFERENCES1. C. Perkins (ed). Ad hoc networking. Addison-Wesley, 2001.
2. Z. Haas, J. Deng, B. Liang, P. Papadimitatos, and S. Sajama. Wireless ad hoc networks. in J. Proakis (ed)Encyclopedia of Telecommunications, 2002.
3. R. Ramanathan and J. Redi. A brief overview of ad hoc networks: challenges and directions.IEEE Communications, 40(5):20–22, 2002.
WIRELESS NETWORK SECURITY 101
4. Z. Haas, M. Gerla, D. Johnson, C. Perkins, M. Pursley, M. Steenstrup, and C.-K. Toh (eds). Special issue on wireless ad hoc networks.IEEE J. on Selected Areas in Communications, 17(8), 1999. 5. L. Buttyaen and J.-P. Hubaux (eds). Report on a working session on security in wireless ad hoc networks.
Mobile Computing and Communications Review, 7(1), 2003.
6. S. Capkun and J.-P. Hubaux. BISS: building secure routing out of an incomplete set of secure associa- tions.Proc. of 2nd ACM Wireless Security (WiSe’03), pp. 21–29, 2003.
7. J.-P. Hubaux. What could we submit next year to WiSe? Research challenges in wireless security.
Invited Presentation at 2nd ACM Wireless Security (WiSe’03), 2003.
8. M. Gagnee. Identity-based encryption: a survey.RSA Laboratories Cryptobytes, 6(1):10–19, 2003. 9. A. Khalili, J. Katz, and W. Arbaugh. Toward secure key distribution in truly ad-hoc networks.Proc.
of IEEE Security and Assurance in Ad-Hoc Networks at Int’l Symp. on Applications and the Internet (SAINT’03), pp. 342–346, 2003.
10. G. Appenzeller and B. Lynn. Minimal-overhead IP security using identity based encryption. Available athttp://rooster.stanford.edu/∼ben/pubs/ipibe.pdf, 2002.
11. T. Garefalakis and C. Mitchell. Securing personal area networks.Proc. of 13th IEEE Personal, Indoor and Mobile Radio Communications (PIMRC’02), pp. 1257–1259, 2002.
12. J. Arkko, T. Aura, J. Kempf, V. Mantyla, P. Nikander, and M. Roe. Securing IPv6 neighbor and router discovery.Proc. 1st ACM Wireless Security (WiSe’01), pp. 77–86, 2002.
13. T. Stading. Secure communication in a distributed system using identity based encryption.Proc. of 3rd IEEE/ACM Cluster Computing and Grid (CCGRID’03), pp. 414–420, 2003.
14. H. Deng, W. Li, and D. Agrawal. Routing security in wireless ad hoc networks.IEEE Communications, 40(10):70–75, 2002.
15. B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens. An on-demand secure routing protocol resilient to byzantine failures.Proc. of 1st ACM Wireless Security (WiSe’02), pp. 21–30, 2002. 16. J. Zhen and S. Srinivas. Preventing replay attacks for secure routing in ad hoc networks.Proc. of 2nd
Ad Hoc Networks & Wireless (ADHOC-NOW’03), pp. 140–150, 2003.
17. Y.-C. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks.Proc. of 22nd IEEE Infocom (Infocom’03), pp. 1976–1986, 2003.
18. Y. Hu, A. Perrig, and D. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols.Proc. of 2nd ACM Wireless Security (WiSe’03), pp. 30–40, 2003.
19. A. Shamir. Identity-based cryptosystems and signature schemes.Proc. of 4th IACR Cryptology (Crypto’84), pp. 47–53, 1984.
20. D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing.Proc. of 21st IACR Cryp- tology (Crypto’01), pp. 213–229, 2001.
21. M. Bellare and P. Rogaway. Random oracle models are practical: a paradigm for designing efficient protocols.Proc. of 1st ACM Computer and Communications Security (CCS’93), pp. 62–73, 1993. 22. B. Lynn. Authenticated identity-based encryption.Cryptology ePrint Archive, 2002/072, 2002. 23. S. Capkun, J.-P. Hubaux, and L. Buttyan. Mobility helps security in ad hoc networks.Proc. of 4th ACM
Mobile Ad Hoc Networking and Computing (MobiHoc’03), pp. 46–56, 2003. 24. L. Zhou and Z. Haas. Securing ad hoc networks.IEEE Network, 13(6):24–30, 1999.
25. C. Gentry and A. Silverberg. Hierarchical ID-based cryptography.Proc. of 8th IACR AsiaCrypt (Asi- aCrypt’02), pp. 548–566, 2002.
26. P. Grabher and D. Page. Hardware acceleration of the Tate pairing in characteristic three.Proc. of 7th IACR Cryptographic Hardware and Embedded Systems (CHES’05), pp. 398–411, 2005.
102 JIANPING PAN, et al.
27. B. Libert and J.-J.Quisquarter. New identity based signcryption schemes based on pairings.Cryptology ePrint Archive, 2003/023, 2003.
28. D. Boneh, B. Lynn, and H. Shacham. Short signature from the Weil pairing.Proc. of 7th AsiaCrypt (AsiaCrypt’01), pp. 514–532, 2001.
29. D. Johnson. Routing in ad hoc networks of mobile hosts.Proc. of 1st IEEE Workshop on Mobile Computing Systems and Applications (WMCSA’94), pp. 158–163, 1994.
30. E. Royer and C.-K. Toh. A review of current routing protocols for ad hoc mobile wireless networks.
IEEE Personal Communications, 4(2):46–55, 1999.
31. M. Abolhasan, T. Wysocki, and E. Dutkiewicz. A review of routing protocols for mobile ad hoc networks.
Ad Hoc Networks, 2:1–22, 2004.
32. X. Boyen. Multipurpose identity-based signcryption: a swiss army knife for identity-based cryptogra- phy.Proc. of 23rd IACR Cryptology (Crypto’03), pp. 383–399, 2003.
33. D. Boneh and X. Boyen. Secure identity based encryption without random oracles.Proc. of 24th IACR Cryptology (Crypto’04), 2004.
34. J.-P. Hubaux, L. Buttyaen, and S. Capkun. The quest for security in mobile ad hoc networks.Proc. of 2nd ACM Mobile Ad Hoc Networking and Computing (MobiHoc’01), pp. 146–155, 2001.
35. H. Chan, A. Perrig, and D. Song. Random key predistribution schemes for sensor networks.Proc. of 24th IEEE Security & Privacy (S&P’03), pp. 197–215, 2003.
36. G. Montenegro and C. Castelluccia. Statistically unique and cryptographically verifiable (SUCV) iden- tifiers and addresses.Proc. of 9th ISOC Network and Distributed Systems Security (NDSS’02), 2002. 37. Y.-C. Hu, A. Perrig, and D. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks.
Proc. of 8th ACM Mobile Computing and Networking (MobiCom’02), pp. 12–23, 2002
38. P. Papadimitratos and Z. Haas. Secure routing for mobile ad hoc networks.Proc. of 7th SCS Commu- nication Networks and Distributed Systems Modeling and Simulation (CNDS’02), 2002.
39. S. Yi, P. Naldurg, and R. Kravets. Security-aware ad hoc routing for wireless networks.Proc. of 2nd ACM Mobile Ad Hoc Networking and Computing (MobiHoc’01), pp. 299–302, 2001.
40. M. Zapata and N. Asokan. Securing ad hoc routing protocols.Proc. of 1st ACM Wireless Security (WiSe’01), pp. 1–10, 2002.
41. Y.-C. Hu, D. Johnson, and A. Perrig. SEAD: secure efficient distance vector routing in mobile wire- less ad hoc networks.Proc. of 4th IEEE Workshop on Mobile Computing Systems and Applications (WMCSA’02), pp. 3–13, 2002.
42. K. Sanzgiri, B. Dahill, B. Levine, C. Shields, and E. Belding-Royer. A secure routing protocol for ad hoc networks.Proc. of 10th IEEE Int’l Conf. on Network Protocols (ICNP’02), pp. 78–89, 2002. 43. J. Newsome, E. Shi, D. Song, and A. Perrig. The Sybil attack in sensor networks: analysis & defenses.