Distributing a private key generator in Ad hoc Networks
ForfatterStenberg, Eystein Måløy
A Mobile Ad hoc Network (MANET) is a wireless network that does not rely on a fixed infrastructure. These characteristics make algorithms that route network traffic particularly vulnerable to attack. Mechanisms used to protect against such attacks often depend on cryptographic keys. Since the nodes in a MANET have limited resources, designing methods for cryptographic key management is particularly challenging. Because the network infrastructure is unstable, assuming that authorities used in key management are implemented using any single node is not realistic. Threshold cryptography can be used to distribute an authority, such that it is implemented by multiple nodes. This makes the authority more robust against network failures and harder to compromise. However, the bandwidth limitations in a MANET result in that public key distribution becomes very challenging. Identity-based cryptography (IBC), where any identity may serve as a public key, makes public keys and their certificates superfluous. The authority issuing private keys corresponding to an identity is called a Private Key Generator (PKG). This thesis considers the issue of distributing a PKG to the nodes in a MANET. It gives a description of a generic distributed PKG, including a definition of security. An example of a distributed PKG is also given. This distributed PKG is compatible with some of the most prevalent IBC systems. It is shown that the security properties of the base IBC systems are preserved when this distributed PKG is used instead of the original one. Threshold cryptography and identity-based cryptography are found to result in very efficient key management systems, compared to other methods. It is however important to consider which security properties a distributed authority has, especially with respect to any leakage of information on the authority's secret key. However, the main challenge in connection with key management in a MANET is to authenticate nodes without requiring preestablished trust.
ForlagUniversitetet i Tromsø
University of Tromsø
MetadataVis full innførsel
Copyright 2009 The Author(s)
Følgende lisensfil er knyttet til denne innførselen: