SMOCK: A Self-contained public Key Management Of Cryptographic Keys in Mobile Ad Hoc Networks
There are emerging needs of secure communications in mission-critical applications over wireless ad hoc networks, including battlefield communications, emergency rescue operations, and disaster recoveries. In these applications, it is important to support secure communications in ``anywhere'', ``anytime'' and ``anyhow'' manner with following attributes: data integrity, authentication, confidentiality, non-repudiation, and service availability. Being good candidates to address these attributes, Public-Key Cryptography (PKC) schemes have advantages over the symmetric systems. However, characteristics of mission-critical ad hoc networks pose the following new challenges for the design of public key management schemes that would support secure communication over wireless ad hoc networks: 1. Vulnerability to the Sybil Attack: Wireless communications are prone to both active and passive attacks. The Sybil attack is an active attack and particularly detrimental to mobile ad hoc networks. When the Sybil attack happens, an attacker can claim multiple identities and the fake identities can easily defeat reputation and threshold protocols, where a legitimate node must rely on majority of nodes to reach decisions. Therefore, a node should not trust others unless the node can infer someone else is trustable from local information. 2. Unreliable Communications and Network Dynamics: Due to shared-medium nature of wireless links, flows may frequently interfere with each other. Moreover, a network may be partitioned frequently due to node mobility and poor channel condition. Mobile nodes may leave and join the ad hoc network frequently and new legitimated nodes may join the network later after some nodes have been deployed in the field. Mobility increases the complexity for trust management. 3. Large Scale: The number of ad hoc wireless devices deployed at an incident scene depends on specific nature of the incident. In general, the network size can be very large. In addition, an ad hoc network should be able to accommodate more mobile devices if necessary, therefore it is necessary to have newly deployed devices and previously deployed devices trust each other without introducing too much overhead. 4. Resource Constraints: The wireless devices usually have limited bandwidth, memory and processing power. Among these constrains, communication bandwidth consumption and memory are two big concerns for key management schemes. Wireless bandwidth is the scarcest resources in wireless network. On the other hand, memory concern for key storage is more and more evident, since the requirement on network scalability (or network size) is increasing. Given the above challenges 1 and 2, a node in a network may encounter untrustworthy peers and unreliable communication. Therefore, we need a self-contained key management scheme. A realistic assumption about mission-critical applications is that: Before mobile devices are dispatched to an incident area, they are able to communicate securely with the trusted authentication server in their domain center, and get prepared before their deployment. Once the wireless devices are dispatched into the incident area, the centralized trusted server loses control of these devices and the mobile devices cannot trust anybody if local information cannot authenticate it. In this paper, we design a self-contained public-key management scheme, where all necessary cryptographic keys (certificates) are stored at individual nodes before nodes are deployed in the incident area. As a result, we can expect almost zero communication overhead for authentication. In contrast to traditional certificate-based schemes, our authentication procedure does not require the communication of certificate, binding the node's ID to its public key, and signed by an off-line trusted authority. The required storage space for traditional self-contained public key management schemes is of O(N) order. With challenges 3 and 4, storage space at individual nodes may be too small to accommodate self-contained security service, when network size N is large. Hence, we present a Self-contained public key Management Of Cryptographic Key (SMOCK), which scales logarithmically with network size, O(log N), with respect to storage space. We use combinatorial design to reduce the key space and achieve good scalability of the key management scheme. In SMOCK, a sender uses multiple keys to encrypt a message and a receiver needs multiple keys to decrypt the message. We have assessed SMOCK with respect to the communication overhead for key management, memory footprint, and resilience to node break-in by adversaries. Note that it is likely that adversaries may eventually break into a limited number of nodes over a certain period before a network detects the break-in and revokes the compromised keys. However, before the system detects break-ins, a majority of network nodes under SMOCK will operate securely even when a small amount of nodes are compromised.