1 / 16

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks. Seung Yi, Robin Kravets. The 2nd Annual PKI Research Workshop (PKI 2003). September. 25, 2003 Presented by Sookhyun, Yang. Contents. Introduction Background Requirements MOCA (MObile Certificate Authority) Framework

tadeo
Download Presentation

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks Seung Yi, Robin Kravets The 2nd Annual PKI Research Workshop (PKI 2003) September. 25, 2003 Presented by Sookhyun, Yang

  2. Contents • Introduction • Background • Requirements • MOCA (MObile Certificate Authority) Framework • Evaluation • Conclusion

  3. Introduction • Wireless ad hoc networks • Infrastructure-less nature • Inhibit guaranteeing any kind of connectivity • Increased physical vulnerability of the nodes • Key management framework for ad hoc networks • MOCA framework • PKI (Public Key Infrastructure) without infrastrucutre • Threshold cryptography • MOCA nodes • Communication protocol between a client and CAs • MP (MOCA certification protocol)

  4. CA CA’s private key : KRauth CA’s public key : KUauth X’s public key : Kux KUb KUa CA CB (1) CA CA = EKRauth[TIme1,IDA,KUa] A B (2) CB threshold Background • PKI • Collection of components and procedure that support the management of cryptographic keys through the use of digital certificates • Public key certificate • Threshold cryptography • Divide up a secret to n pieces • Reconstruct the full secret with any kpieces out of those n MOCAs

  5. Requirements • Requirements for MOCA framework • Fault tolerance • Maintain correct operation in the presence of faulty nodes • Tolerant to a fraction of faulty nodes • Security • Act as the trust anchor for the whole network • Operate securely against malicious nodes or adversaries • Availability • Highly dependent on the connectivity of the network • Certification service should be always available to clients

  6. MOCA Framework (1/4) • Choosing MOCA nodes • Exploit heterogeneity • More trustworthy • Computationally more powerful • Physically more secure • Threshold cryptography • Distribute the functionality of a CA to the whole network • Secret : CA’s private key • CA : n MOCA nodes • Threshold : k MOCA nodes • Configuration • Total number of nodes in the network (M) • Number of MOCAs (n) • Threshold value for secret reconstruction (1<= k <= n) • Connectivity • MP (MOCA certification protocol) • Communication protocol between client and MOCAs • One-to-many-to-one

  7. (1) Partially signed revocation certificate signed with its key share (2) Partial signature signed with key share (2) Full revocation certificate (3) CRL (Certificate revocation list) • At least k • request client MOCA nodes MOCA Framework (2/4) • Revocation • Threshold Cryptography • Certification (3) Collect k partial signature (4) Reconstruct full signature “CA”

  8. (1) CREQ (2) CREP MOCA Framework (3/4) • Communication protocol - MP • Success case • k valid CREPs within a fixed period of time • Routing • Reverse path with CREQ • If no CREP within time-out period, reverse path expires

  9. MOCA Framework (4/4) • Mechnisms of MP • Flooding • Send and receive packets (CREQ, CREP) to all nodes • Unicast-based optimization • β-unicast • Multiple unicast connections if the client has sufficient routes to MOCAs in its routing cache • Sufficiency • Thresholdk • State of the network • If (routes to MOCAs >= β), then β- unicast else flooding • How to choose among the MOCAs cached in the routing table (>= β) • Random MOCAs • Closest MOCAs • Freshest MOCAs β β (threshold unicast) = k (crypto threshold) + α (safety margin)

  10. 600s 1km # of + (mobile nodes) : 150, 300 # of (MOCAs) : 30, 50 # of CREQ : each node 1/1min 1km • Mobility • Node pause time : 0, 10s • Node Max. Speed : 0, 1, 5, 10, 20 ms Evaluation (1/6) • Focus of evaluation • Effectiveness • Success ratio • Flooding-based protocol : (# of total received CREPs) /(# of total CREQs) • Unicast-base optimization : (# of successful certification request)/(# of total CREQs) • Unicast usage in uicast-based optimization • Cost • Packet overhead • Response time : additional communication delay • Simulation set-up

  11. Use of unicast CREQs Use of flooding CREQs x : β y : usage of unicast Total # of CREQs = 1000 Evaluation (2/6) • Flooding vs. Unicast • Unicast usage

  12. Evaluation (3/6) • Packet overhead • Total number of control packets used for certification services • n = 30 • Setting β as low as possible results in the best improvements in overhead, but endangering security of the whole framework

  13. 0.3s Evaluation (4/6) • Certification delay • Arrival time of CREP packets with the closest-unicast approach • Choice between flooding and unicast-based optimizations or choice between different β values does not affect the timing behavior

  14. Evaluation (5/6) • Success ratios • αplays an important role in determining the success ratio within a given τ • Helpful when deciding an adequate τfor a given k

  15. Evaluation (6/6) • Summary • High success ratio • Flooding-based protocol : almost 99% • Unicast-based optimization : 75%~97% • Reduced overhead • Unicast optimization saves up to about 30% of control packets • Certification delay is acceptable

  16. Conclusion • Present a practical key management framework for ad hoc wireless networks using PKI • Clarify the necessity and the problem of providing a PKI framework for ad hoc network • Identify requirements for such a framework • Show effectiveness of paper’s approach through simulation results • Provide some insights into the configuration of such security services in ad hoc networks

More Related