Trust-group-based authentication services for mobile ad hoc networks

Trust-group-based authentication services for

m obile ad hoc netw ork s

C hih-P eng C hang

D epartm ent of C S IE N ational Taiw an U niversity

Taipei, Taiw an, 1 0 6 E m ail: r9 2 0 7 6 @ csie.ntu.edu.tw

J en-C hiun L in

D epartm ent of E E N ational Taiw an U niversity

Taipei, Taiw an, 1 0 6 E m ail: sim on@ orchid.ee.ntu.edu.tw

F eipei L ai

D epartm ent of E E & C S IE N ational Taiw an U niversity

Taipei, Taiw an, 1 0 6 E m ail: fl ai@ ntu.edu.tw

Abstract— In recent years, mobile ad hoc networks have received more attention, becau se of their easy dep loyment. H owever, the characteristics of mobile ad hoc networks are more p rone to p hysical secu rity threats than the wired network environments. T herefore, it has become a p rimary concern of secu ring mobile ad hoc networks. In this p ap er, we address the p roblem of au thentication in mobile ad hoc networks. P u blic-key based mechanisms are ideal to p rovide the au thentication services. A lthou g h this is already matu re in a fi x ed network, p roviding p u blic key based au thentication is still very challeng ing in mobile ad-hoc networks becau se of shared wireless mediu m, energ y constrains, dynamic network top olog y. H ere, we p resent a more effi cient p u blic key manag ement system, like S elf-O rg aniz ed scheme[1 ], and inclu de the concep t of tru st g rou p for mobile ad hoc networks.

I . IN TR O D U C TI O N

In recent y ears, m obile ad hoc netw ork s have received m ore attention, because of their easy deploy m ent. H ow ever, the characteristics of m obile ad hoc netw ork s are m ore prone to phy sical security threats than the w ired netw ork environm ents, w hich include infrastructureless, dy nam ic topologies, energy -constrained, a shared w ireless channel. Therefore, it has be-com e a prim ary concern of securing m obile ad hoc netw ork s. In this paper, w e address how to provide authentication services for m obile ad hoc netw ork s. P ublic-k ey based sy stem s can be used to provide authentication services. H ow ever, the m ain problem of public-k ey based security sy stem s is to m ak e each user’s public k ey available to others in such a w ay that its authenticity is verifi able. In a fi x ed netw ork , this problem is often solved by the usage of public k ey infrastructures. E ach user has to prove his identity and his public k ey to a certifi ca-tion authority and then receives a digitally signed public-k ey certifi cate by the certifi cation authority . H ow ever, from the security aspect, the certifi cation authority w ill be ex posed to single point of failure due to sy stem faults, com prom ises and denial-of-service attack s. Therefore, the traditional public-k ey m anagem ent solutions are not suitable for the m obile ad hoc netw ork s.

In [1 ], the authors propose a fully S elf-O rganiz ed public-k ey m anagem ent sy stem that allow s users to generate their private-public k ey pairs, to issue certifi cates for others, and to perform authentication via a chain of P ublic-k ey certifi cates regardless of the netw ork partitions and w ithout any centraliz ed services.

H ere, w e present a m ore effi cient public k ey m anagem ent sy stem , lik e S elf-O rganiz ed [1 ], and include the concept of trust group for m obile ad hoc netw ork s.

The rest of the paper is organiz ed as follow s: S ection 2 presents other solutions that provide authentication services for m obile ad hoc netw ork s. S ection 3 describes the basic operations of our proposed schem e. S ection 4 discusses the sim ulation of our proposed schem e and analy sis of the sim -ulation result. S ection 5 gives the conclusion and our futher w ork .

I I . R E L A TE D W O R K S

Tw o sim ilar security solutions based on distributed trust for m obile ad hoc netw ork s have been suggested in [2 ] [3 ]. The distributed trust approachs are assum ed that all nodes in the sy stem k now the public-k ey K and trust any certifi cates signed using the corresponding private k ey k. The private k ey k is divided into n shares using an (n, t+1) threshold cry ptography schem e [4 ], and the shares are assigned to n arbitrarily chosen nodes. A nd then, m ultiple nodes can act as servers to sign P ublic-k ey certifi cates for other nodes. H ow ever, this approach assum es that som e nodes m ust be initializ ed by a trusted authority .

In [1 ], the authors propose a fully S elf-O rganiz ed public-k ey m anagem ent sy stem that allow s users to generate their private-public k ey pairs, to issue certifi cates for others, and to perform authentication via a chain of P ublic-k ey certifi cates regardless of the netw ork partitions and w ithout any central-iz ed services. F urtherm ore, this approach does not req uire any trusted authority , not even in the sy stem initializ ation phase.

I I I . O U R P R O P O S E D S C H E M E

In the follow ing, w e w ill describe the basic operations of our schem e. F irst, the public k ey and the corresponding private k ey of each node are created locally by the node itself. A fter that, each node w ill issue public-k ey certifi cates for its neighboring nodes based on its k now ledge about their public k ey s through location-lim ited channel [5 ]. That is, if node u believes that a given public k ey belongs to a given node v, then u can issue a public-k ey certifi cate w hich is bound to v by the signature of u. C ertifi cates are issued w ith a lim ited validity period and each certifi cate contains its issuing and ex piration

times. When a certificate expires and its issuer believes that the certificate is still valid, the issuer will issue a new updated version of the same certificate with a new issuing time. After each node issues public-key certificates for its neighbors, the whole certificate graph will be created.

Similar to Self-Organized, each node maintains two caches to store certificates: updated certificate cache and nonupdated certificate cache. The nonupdated certificate cache of a node contains expired certificates that it does not keep updated, and the updated certificate cache contains certificate that it keeps updated. Certificates are periodically exchanged among neighboring nodes. The received certificates are stored in the nonupdated certificate cache of node.

For simplicity, the public keys and the certificates are modeled as a directed graph G(V, E), where V and E stand for the set of vertices and the set of edges, respectively. We call this graph the certificate graph. The public/private key pair of node u are denoted by KUuand KR u. The vertices of the

certificate graph represent public keys and the edges represent certificates.

The following are the detail of operations about trust group, constructing updated certificate cache, key authentication. A. Trust group

1 ) C on struc t trust group: Imagine the following situation; if two nodes are good friends and they trust each other, in Self-Organized scheme, they still need to find a chain of certificates between them. While in the real situation, there must be some trust relations among nodes. Therefore, in our approach when some nodes have trust relations among them, they can establish a trust group.

We assume that there are trust relations among some nodes and the trust relations have transitive properties. When a node has trust relations with some nodes, they can use these rela-tions to form a trust group. And then, a randomly selected trust group member is responsible to generate a public/private key pair that represents the group’s private-public key pair KUG,

KR G and send this key pair to other trust group members.

After receiving this key pair, each trust group member will use KR G to sign public-key certificates for its neighbors, and its

original private key is not used. Moreover, when its neighbors want to issue public-key certificate to it, it will use KUG not

the original public key it owns, to represent its public key. Each edge in the certificate graph has a weight. The weight of certificate that is signed to or issued by the trust group member is larger than that of normal nodes.

2 ) Th e re q uire m e n ts of trust group: To satisfy the require-ments of a trust group, we define the trust relations among the trust group members should satisfy the requirements of an equivalence relation. Since the trust relations in our scheme have the transitive property, the trust graph of the trust group will form a bidirectional connected graph. In other words, if the trust relations of some nodes form a bidirectional connected graph, these nodes can form a trust group.

3 ) B re a k up trust group: In order to break up trust group, each member received KR Gand KUG will sign a public-key

certificate for KUG with issuing and expiration time by its

own private key. These certificates are issued with an issuing time and an expiration time, and then after the expiration time T , the group will be automatically broken.

B . C on struc tin g th e upd a te d c e rtifi c a te c a c h e

We construct the updated certificate cache of each node by Maximum Weight-Degree algorithm, similar to Maximum Degree algorithm in [1]. It selects a set of edges from the nonupdated certificate cache to the updated certificate cache of each node. The selection of edges are based on the weights of the edges and the degrees of the destination vertices of these edges. More precisely, the edge which weight is the largest and the destination vertex of the highest degree is selected. Finally, the updated certificate cache of each node is constructed. C . K e y Auth e n tic a tion

Here, key authentication is performed via chains of public-key certificates. For instance, when node u wants to verify the authenticity of public key of node v, they will merge their certificate caches. And then, u has to find a certificates chain form u to v in their merge certificate cache. To authenticate public key of node v, node u needs to check whether the certificates on the chain have been revoked and the user-key bindings in the certificates are correct. If the check fails, node u aborts the authentication.

IV . SIMULATION

The purpose of the simulation is to show the improvement of authentication services in ad hoc networks due to the trust group, and the performance of the Maximum Weight-Degree algorithm. In the following section, we will describe the simulation metrics and provide the simulation results. A. S im ula tion m e tric s

we define the average friend ratio A V Gf r ie nd(G) of the certificate graph G as the ratio between the number of key pairs(KUu, KUv) where there is a directed path from Ku to

Kv in the certificate graph G, and the number of key pairs

(KUu, KUv) among all nodes. Formally, the average friend

ratio is defined as follows:

A V Gf r ie nd(G) = |{(KUu, KU v) ∈ V x V : KUu→GKUv}| |{(KUu, KU v) ∈ V x V }|

. In a similar way, we define the average shortest path A V Gs p(G) of the certificate graph G as follows:

A V Gs p(G) = 1 |W |

(K Uu,K Uv)

s p(KUu, KU v, G),

where W = {(KUu, KU v) ∈ V x V : KU u →G KUv} are

the total number of key pairs (KUu, KU v) where there is a

directed path from KUuto KU vin the certificate graph G and

s p(KUu, KU v, G) is the length of the shortest path between

KUuand KU v. We also denote the total number of certificates

of G by C e r tif ic a te(G).

In order to evaluate the performance of Maximum Weight-Degree algorithm, we define the performance of friend ratio

TABLE I

BASIC PARAMETERS IN OUR SIMULATION

Simulation area 1000x 1000m2

Trust group members 5 nodes

Average velocity 9m/ s e c

Pause time 3s e c

Transmission power 8 000-12000p W a tt

Received threshold 1p w a tt

Bandwidth 11M b / s e c

Movement model Random way point

P f riend(S, G) of this algorithm with updated certificate cache size S in the certificate graph G as the ratio between the number of key pairs (KUu, KUv) where there is a directed

path from KUu to KUv in their merged graph Gu∪ Gv(their

merge updated certificate cache), and the number of key pairs (KUu, KUv) where there is a directed path from KUu to

KUv in the certificate graph G

P f riend(S, G) = {(KUu, KUv) ∈ V xV : KUu→Gu∪G vKUv} {(KUu, KUv) ∈ V xV : KUu→GKUv}

. B. Simulation environment

We have simulated our approach using an object-oriented modular discrete event simulator OMNET+ + [7] [8 ]. Simula-tion parameters for mobile ad hoc networks are given in Table 1. We assume there are five members in a trust group in our simulation. The network for simulation runs consists of 50 nodes or 100 nodes in a10 0 0 x 10 0 0 m2_{square area, and the}

nodes move following with the random way-point mobility model.

C. R esult and analysis

As shown in Table 2, we generate lower and higher con-nective certificate graphs in our simulation. The first four certificate graphs are lower connective certificate graphs, and the others are higher connective certificate graphs. Two of the lower connective certificate graphs are generated by the Self-Organized scheme and denoted by Self-Organized. The other lower connective certificate graphs are generated by our scheme and denoted by G ROUP. Moreover, there exists a trust group in each certificate graph G ROUP. Like the lower certificate graphs, the higher connective certificate graphs also consist of Self-Organized and G ROUP. For simplicity, the number of vertices and the number of edges of a certificate graph are denoted by n= |V | and m = |E|, respectively.

Here, we show the effects of trust group in the whole certificate graphs. Table 2 shows the comparison of Self-Organized and G ROUP. We observe that the trust group not only improves AV Gf riend, but also reduces Certif icate. Figure 1 shows the comparison of AV Gsp ratios of Self-Organized and G ROUP. In Figure 1, the AV Gsp ratio of first pair is reduced by 24.64% and that of second pair is reduced by 18 .49% . The third and fourth pairs are reduced by 17.3% and 10.3% . Therefore, the AV Gsp ratios can be reduced by establishing the trust group. However, the improvement is smaller, as the number of nodes increases. For instant, the

TABLE II

COMPARSION OFSELF-ORG AINZ ED ANDG ROUP

Certificate graph A V G f r ie n d C e r tif ic a te

Self-Organized(n= 50,m= 250) 90% 250 G ROUP(n= 50,m= 239) 90.65% 239 Self-Organized(n= 100,m= 500) 91.49% 500 G ROUP(n= 100,m= 496) 91.49% 496 Self-Organized(n= 50,m= 350) 90.24% 350 G ROUP(n= 50,m= 310) 92.24% 310 Self-Organized(n= 100,m= 700) 99% 700 G ROUP(n= 100,m= 677) 99% 677 0 1 2 3 4 5 1 2 3 4 A V G s p ra tio s S e lf− O rg a n iz e d (n = 50, m = 250) G R O U P (n = 50, m = 239 ) S e lf− O rg a n iz e d (n = 100, m = 500) G R O U P (n = 100, m = 49 6 ) S e lf− O rg a n iz e d (n = 50, m = 350) G R O U P (n = 50, m = 310) S e lf− O rg a n iz e d (n = 100, m = 7 00) G R O U P (n = 100, m = 6 7 7 )

Fig. 1. A V G s p ratios of Self-Organized and G ROUP

reduced ratios of AV Gsp and Certif icate will decrease as the number of nodes increases.

In the following, we show the performance of Maximum Weight-Degree algorithm. Figure 2 and Figure 3 show the P f riend ratios of Self-Organized and G ROUP in the merged updated certificate caches (Gu∪ Gv). We observe that on all

types of graph, Maximum Weight-Degree algorithm exhibits high performance, even if the size of the updated certificate cache is small compared to the number of nodes and the total number of certificates in the certificate graph. Moreover, for the same cache size, the P f riend ratios of G ROUP grow faster than that of Self-Organized, especially when the cache size is small.

In Figure 4 and Figure 5, we show the AV Gsp ratios of Self-Organized and G ROUP in the merged updated certificate caches(Gu∪ Gv). We observe that the lengths of the shortest

paths in the merged updated caches are not significantly longer than those in the whole graph. On all types of graph, the AV Gsp ratios of G ROUP are smaller than that of Self-Organized. In addition, the AV Gsp ratios in Figure 4 and Figure 5 are very close to that of Self-Organized and G ROUP in Figure 1, because of using the Maximum Weight-Degree algorithm.

V. CONCLUSION

In this paper, we propose efficient authentication services for mobile ad hoc networks. The main contributions of our work are summarized as follows: 1. We introduce the concept of trust group into the public key management system and define the requirements of a trust group clearly. The simulation

0 10 20 30 40 50 60 70 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

u pdated c ertific ate c ac h e size Self−Organized VS. GROUP P fr ie n d r a ti o s GROUP (n=50, m=239) Self−organized (n=50, m=250) GROUP (n=100, m=496) Self−organized(n=100, m=500)

Fig. 2. P f riend ratios of lower connective Self-Organized and GROUP

0 10 20 30 40 50 60 70 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Self−Organized VS. GROUP

u pdated c ertific ate c ac h e size

P fr ie n d r a ti o s GROUP (n=50, m=310) Self−Organized(n=50, m=350) GROUP (n=100, m=677) Self−Organized(n=100, m=700)

Fig. 3. P f riend ratios of higher connective Self-Organized and GROUP

0 10 20 30 40 50 60 70 0 1 2 3 4 5 6 7 8 Self−Organized VS. GROUP

u pdated c ertific ate c ac h e size

A V G s p r a ti o s GROUP (n=50, m=239) Self−Organized (n=50, m=250) GROUP (n=100, m=496) Self−Organized (n=100, m=500)

Fig. 4. AV Gsp ratios of lower connective Self-Organized and GROUP

0 10 20 30 40 50 60 70 0 1 2 3 4 5 6 7 8 Self−Organized VS. GROUP A V G s p r a ti o s

u pdated c ertific ate c ac h e size

GROUP (n=50, m=310) Self−Organized (n=50, m=350) GROUP (n=100, m=677) Self−Organized (n=100, m=700)

Fig. 5. AV Gsp ratios of higher connective Self-Organized and GROUP

results show the advantages of establishing a trust group: The trust group not only reduces AV Gsp and Certif icate, but also improves AV Gf riend. 2. The Maximum Weight-Degree algorithm exhibits high performance, even if the size of the updated certificate cache is small compared to the total number of nodes and certificates in the certificate graph, especially when a trust group exists in the network. In particular, when each node applies the Maximum Weight-Degree algorithm, the estimated AV Gsp ratios are very close to the AV Gsp ratios of the global certificate graph. In the future, we will study the evaluation of the fuzzy trust relations among users to make the definition of the trust group more robust.

REFERENCES

[1] S. Capkun, L.i Buttyan, and J.P. Hubaux, ” Self-Organized public-key management for mobile ad hoc network” IEEE Transactions on Mobile Computing, vol. 2 Jan/Mar 2003, pp. 52-64.

[2] L. Zhou and Z. J. Hass, ” Securing Ad Hoc Networks,” IEEE Network vol. 13, no. 6, Novemember/Decemeber 1999, pp. 24-30.

[3] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, ” Providing robust and ubiquitous security support for mobile ad-hoc networks,” The 9th International Conference on Network Protocols, November 2001, pp. 251-260.

[4] A. Shamir, How to share a secret, Communications of ACM 1979. [5] D. Balfanz, D. K. Smetters, P. Stewart and H. Chi. Wong, ” Talking to

Strangers: Authentication in Ad-Hoc Wireless Networks,” In Symposium on Network and Distributed Systems Security, 2002.

[6] P. Zimmermann, The Official PGP User’s Guide. MIT Press, 1995. [7] ” OMNET++ Community Site” , http://www.omnetpp.org/index.php. [8] N. Concer, ” Ad Hoc Sim version 1.1” .