Results 1 - 10
of
35
Admission Control in Peer-to-Peer: Design and Performance Evaluation
- In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN
, 2003
"... Peer-to-Peer (P2P) applications and services are very common in today’s computing. The popularity of the P2P paradigm prompts the need for specialized security services which makes P2P security an important and challenging research topic. Most prior work in P2P security focused on authentication, ke ..."
Abstract
-
Cited by 26 (6 self)
- Add to MetaCart
Peer-to-Peer (P2P) applications and services are very common in today’s computing. The popularity of the P2P paradigm prompts the need for specialized security services which makes P2P security an important and challenging research topic. Most prior work in P2P security focused on authentication, key management and secure communication. However, an important pre-requisite for many P2P security services is secure admission, or how one becomes a peer in a P2P setting. This issue has been heretofore largely untouched. This paper builds upon some recent work [11] which constructed a peer group admission control framework based on different policies and corresponding cryptographic techniques. Our central goal is to assess the practicality of these techniques. To this end, we construct and evaluate concrete P2P admission mechanisms based on various cryptographic techniques. Although our analysis focuses primarily on performance, we also consider other important features, such as: anonymity, unlinkability and accountability. Among other things, our experimental results demonstrate that, unfortunately, advanced cryptographic constructs (such as verifiable threshold signatures) are not yet ready for prime time.
Efficient node admission for short-lived mobile ad hoc networks
- In ICNP ’05
, 2005
"... Admission control is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology and to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the as ..."
Abstract
-
Cited by 21 (2 self)
- Add to MetaCart
(Show Context)
Admission control is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology and to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission protocol must involve minimal interaction among the MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission control must be efficient in terms of computation and communication. Most previously proposed admission control protocols are prohibitively expensive and require a lot of interaction among MANET nodes in order to securely reach limited consensus regarding admission and cope with potentially powerful adversaries. While the expense may be justified for long-lived group settings, short-lived MANETs can benefit from much less expensive techniques without sacrificing any security. In this paper, we consider short-lived MANETs and present a secure, efficient and a fully noninteractive admission control protocol for such networks. More specifically, our work is focused on novel applications of non-interactive secret sharing techniques based on bi-variate polynomials, but, unlike other results, the associated costs are very low. 1
Identity-based Access Control for Ad Hoc Groups
- In Submission
, 2004
"... Abstract. The proliferation of group-centric computing and communication motivates the need for mechanisms to provide group access control. Group access control includes mechanisms for admission as well as revocation/eviction of group members. Particularly in ad hoc groups, such as peer-to-peer (P2P ..."
Abstract
-
Cited by 20 (5 self)
- Add to MetaCart
(Show Context)
Abstract. The proliferation of group-centric computing and communication motivates the need for mechanisms to provide group access control. Group access control includes mechanisms for admission as well as revocation/eviction of group members. Particularly in ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs), secure group admission is needed to bootstrap other group security services. In addition, secure membership revocation is required to evict misbehaving or malicious members. Unlike centralized (e.g., multicast) groups, ad hoc groups operate in a decentralized manner and accommodate dynamic membership which make access control both interesting and challenging. Although some recent work made initial progress as far as the admission problem, the membership revocation problem has not been addressed. In this paper, we develop an identity-based group admission control technique which avoids certain drawbacks of previous (certificate-based) approaches. We also propose a companion membership revocation mechanism. Our solutions are robust, fully distributed, scalable and, at the same time, reasonably efficient, as demonstrated by the experimental results.
An attack on the proactive RSA signature scheme in the URSA ad hoc network access control protocol
- in the URSA Ad Hoc Network Access Control Protocol. In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN
, 2004
"... ..."
(Show Context)
SMOCK: A Scalable Method of Cryptographic Key Management For Mission-Critical Networks
"... Abstract — Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infras-tructure monitoring, etc. Such mission-critical applications de-mand security service be “anywhere”, “anytime ” and “anyhow”. However, it is challenging to design a key manag ..."
Abstract
-
Cited by 13 (2 self)
- Add to MetaCart
(Show Context)
Abstract — Mission-critical networks show great potential in emergency response and/or recovery, health care, critical infras-tructure monitoring, etc. Such mission-critical applications de-mand security service be “anywhere”, “anytime ” and “anyhow”. However, it is challenging to design a key management scheme in current mission-critical networks to fulfill the required attributes of secure communications, such as data integrity, authentication, confidentiality, non-repudiation and service availability. In this paper, we present a self-contained public key management scheme, called SMOCK, which achieves almost zero commu-nication overhead for authentication, and offers high service availability. In our scheme, small number of cryptographic keys are stored off-line at individual nodes before they are deployed in the network. To provide good scalability in terms of number of nodes and storage space, we utilize a combinatorial design of public-private key pairs, which means nodes combine more than one key pair to encrypt and decrypt messages. We also show that SMOCK provides controllable resilience when malicious nodes compromise a limited number of nodes before key revocation and renewal. I.
Self-configurable key pre-distribution in mobile ad hoc networks
- in: IFIP Networking Conference
, 2005
"... Abstract. We present two new schemes that, in the absence of a centralized support, allow a pair of nodes of a mobile ad hoc network to compute a shared key without communicating. Such a service is important to secure routing protocols [1–3]. The schemes are built using the well-known technique of t ..."
Abstract
-
Cited by 11 (2 self)
- Add to MetaCart
(Show Context)
Abstract. We present two new schemes that, in the absence of a centralized support, allow a pair of nodes of a mobile ad hoc network to compute a shared key without communicating. Such a service is important to secure routing protocols [1–3]. The schemes are built using the well-known technique of threshold secret sharing and are secure against a collusion of up to a certain number of nodes. We evaluate and compare the performance of both the schemes in terms of the node admission and pairwise key establishment costs. 1
Public key cryptography sans certificates in ad hoc networks
- In Applied Cryptography and Network Security (ACNS
, 2006
"... Abstract. Several researchers have proposed the use of threshold cryptographic model to enable secure communication in ad hoc networks without the need of a trusted center. In this model, the system remains secure even in the presence of a certain threshold t of corrupted/malicious nodes. In this pa ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Several researchers have proposed the use of threshold cryptographic model to enable secure communication in ad hoc networks without the need of a trusted center. In this model, the system remains secure even in the presence of a certain threshold t of corrupted/malicious nodes. In this paper, we show how to perform necessary public key operations without node-specific certificates in ad hoc networks. These operations include pair-wise key establishment, signing, and encryption. We achieve this by using Feldman’s verifiable polynomial secret sharing (VSS) as a key distribution scheme and treating the secret shares as the private keys. Unlike in the standard public key cryptography, where entities have independent private/public key pairs, in the proposed scheme the private keys are related (they are points on a polynomial of degree t) andeach public key can be computed from the public VSS information and node identifier. We show that such related keys can still be securely used for standard signature and encryption operations (using resp. Schnorr signatures and ElGamal encryption) and for pairwise key establishment, as long as there are no more that t collusions/corruptions in the system. The proposed usage of shares as private keys can also be viewed as a threshold-tolerant identity-based cryptosystem under standard (discrete logarithm based) assumptions. 1
Efficient and adaptive threshold signatures for ad hoc networks
- Electronic Notes in Theoretical Computer Science
, 2007
"... In this paper, we propose a secure, flexible, robust and fully distributed signature service, for ad hoc groups. In order to provide the service, we use a new threshold scheme, that allows to share a secret key among the current group members. The novelty of the scheme is in that it easily and effic ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
(Show Context)
In this paper, we propose a secure, flexible, robust and fully distributed signature service, for ad hoc groups. In order to provide the service, we use a new threshold scheme, that allows to share a secret key among the current group members. The novelty of the scheme is in that it easily and efficiently enables dynamic increase of the threshold, according to the needs of the group, so that the service provides both adaptiveness to the level of threat the ad hoc group is subject to, and availability. We prove the correctness of the protocol and evaluate its efficiency. The changes to the threshold are performed by using a protocol that is efficient in terms of interactions among nodes and per-node required resources, resulting suitable even for resource-constrained settings. Finally, the same proposed scheme allows to detect nodes that attempt to disrupt the service, providing invalid contributions to the distributed signature service.
MANETS: AN EXCLUSIVE CHOICE BETWEEN USE AND SECURITY?
"... Abstract. 1 Though the MANET concept exists for decades and that many researches were carried out, such networks suffer from extremely low adoption. The main reason is the security or more precisely, the lack of. This paper defines what a MANET should be for a real use, it explains what are the secu ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Abstract. 1 Though the MANET concept exists for decades and that many researches were carried out, such networks suffer from extremely low adoption. The main reason is the security or more precisely, the lack of. This paper defines what a MANET should be for a real use, it explains what are the security challenges and analyzes the problems of the existing proposals to secure such network. Our main assumption is that security problems as we expose them should be addressed globally and not in a fragmented manner as currently. This paper aims to define a state of the art that will be useful to propose a practical and global solution.
