Redes E Sistemas Autónomos

Self-securing ad-hoc wireless networks (SSAWN)

Usually, an entity is trusted only if it is verified by a central authority, which cannot be the case in wireless and ad-hoc networks.

The goal of a self-securing network.

  • Achieve high-security assurance.

  • High success ratio.

  • Efficient communication.

Localized trust model, an entity is trusted if any k trusted entities claim so within a certain time period.

  • k entities typically among the entity’s one-hop neighbors.

    • Cares most about the trustworthiness of its immediate neighbors in practice - a node will communicate with the rest of the world via its one-hop neighbors.

  • Once a node is trusted by its local community, it is globally accepted as a trusted node.

  • Otherwise, a locally distrusted entity is regarded as untrustworthy in the entire network.

Shared secrets

The encryption mechanism uses RSA asymmetric keys.

Global Secret Key (SK) and the corresponding Public Key (PK).

  • SK functionality is 'distributed' among nodes.

  • Any K nodes holding a partial secret form a distributed Certificate Authority (CA).

SK is used to sign certificates for all nodes in the network.

A certificate signed by SK can be verified by the well-known public key P K.

Threshold secret sharing.

  • Each node has a part of the secret.

    • Unique ID, derived from the node's address.

    • The mechanism for local detection of misbehaving nodes.

    • At least K one-hop neighboring nodes.

    • Key pair for each node (public and secret keys).

Basic Operation

Basic operation.

  • Distributed PKI.

    • The system's private key is split into server nodes.

    • The quorum of k servers produces certificate updating.

    • Structure of certificate.

  • Operates in phases.

    • Server group formation/maintenance.

    • Certificate updating/revocation.

    • Shared key updating/renewing.

SK is not visible, known, or recoverable by any network node.

Each node carries a certificate signed with SK.

PK is assumed to be well-known for certificate verification.

Nodes without valid certificates are denied access to any network resources such as routing and packet forwarding.

Shared secrets

The partial secret key is a function of node IDs.

  • Generation of a polynomial of order K-1, known only in the initial setup.

  • K nodes holding a partial secret share recover SK using Lagrange interpolation.

  • A coalition of K-1 nodes holding a partial secret share does not have any information about SK.

Node wants to use the distributed CA.

  • Contact K nodes that have a partial secret share.

  • K one-hop neighboring nodes.

    • It is easier to collect reliable information about the misbehavior of closer nodes.

  • PK is known by all nodes

Upon the receipt of vi’s certification request, a node checks its records.

  • If its record shows vi as a well-behaving legitimate node, it returns a “partial” certificate by applying its share of SK.

  • Otherwise, the request is dropped.

By collecting k partial certificates, vi combines them together to generate the full new certificate as if it were from a CA server.

  • Upon receiving k partial certificates from the coalition, node vi multiplies them together to recover its full certificate (Lagrange interpolation – polynomial that passes through several points.

A misbehaving or broken node will be unable to renew its certificate.

A valid certificate represents the trust from a coalition of k nodes.

  • Nodes with valid certificates are globally trusted.

  • Each node contributes to the overall trust management and maintenance by monitoring and certifying its neighboring nodes.

PreviousSelf-organized public key management (SOPKM)

Last updated