Distributed Certification Authority Generation to Enhance Autonomous Key Management for Group Communications in MANETs
Baras, John, S.
Date: November 29 - December 02, 2004
A MANET is a collection of wireless mobile nodes dynamically forming a temporary network, without the use of fixed infrastructure or centralized entities, and this is exactly the environment envisioned for military operations by the Objective Force. Military command and control rely on secure (multicast) communications, and thus key management (KM) schemes that ensure secure communications under MANET constraints are required. However, without fixed infrastructure, e.g. trusted third parties (TTPs), Certification Authorities (CAs), the design of KM becomes particularly difficult, since its most fundamental service – entity authentication, privileges update/revocation – rely on these entities to establish trust among nodes, terminate or renew participation to secure operations in a pre-agreed, global manner. Without this guarantee, all subsequent KM operations make no sense. So, it is of paramount importance to provide a secure authentication service that detects misbehavior and defends against dishonest users in the network. Thus, the challenge lies in dynamically generating mechanisms that provide individual nodes and KM groups with functionalities similar to those of the original CAs of fixed infrastructure, under MANET constraints. In this work, we develop distributed, scalable, robust and efficient mechanisms for dynamically generating CAs in MANETs, by distributing the tasks of a CA among legitimate members of existing (preferably hierarchical) KM groups. We will show how the features of our scheme render it superior in performance and resilience and how properties of KM groups are exploited to avoid impractical heavy bandwidth-delay solutions of other proposals in the literature.