Key establishment and authentication are the building blocks of network
security. Also, these two are also probably the toughest problem in
network security. In the following two sections we look at the basic
concepts of threshold cryptography which forms the basis of most key
establishment and authentication schemes that are being discussed for
multihop ad hoc networks.
Threshold Secret Sharing
One of the most prominent solutions to the problem of key establishment
and authentication is the use of certificates. Any two nodes in a
network may secure (provide confidentiality, data integrity,
authentication and nonrepudiation) their communication using
certificates. However, issuing and validating certificates requires the
deployment of public key infrastructure (PKI).
The use of PKI relies on a trusted third party (the certificate
authority (CA)) to verify the identity and authenticity of other nodes.
Therefore, the use of PKI and PKC helps create a trust model in the
network where all nodes inherently trust the CA. Note that this means
that if a node trusts the CA, it will also trust the identity of
another node if the CA verifies this identity.
Let's do a short recap of the role of CA in a PKI. Supposing that
Bob wants to talk to Alice using PKC, the following sequence takes
place:
1. Bob asks the
CA for Alice's public key.
2. The CA
responds back with a certificate of the form KiCA{Alice's
public key is KwA}. In other words, the CA sends the message
"Alice's public key is KwA" encrypted with its own private
key.
3. When Bob
receives this message, it uses the CA's public key (KwCA) to
decrypt the certificate and obtain Alice's public key.
The trust model in the system is this: since CA's private key is
known only to the CA, no one can forge the certificate and claim
another key as Alice's public key. This allows Bob to obtain Alice's
public key securely. Once Bob has Alice's public key, he can easily
authenticate any node claiming to be Alice by issuing a challenge
(RAND) and checking the received response (SRES = KiA(RAND))
using Alice's public key (Is RAND = KwA(KiA(RAND)?).
Note that the property of the CA which makes it the trusted node is
that only the CA knows its own private key KiCA. Therefore,
the security of the whole system is based on ensuring that the KiCA is
known only to the CA.
We can therefore also refer to this private key, KiCA as the system
secret. Since the PKI by definition requires the existence of
infrastructure which is unavailable in ad hoc networks, the threshold
secret sharing approach tries to adapt the PKI model to an ad hoc
environment by creating a virtual certificate authority. In ad hoc
networks since there is no single CA which is always accessible,5 what
is needed is a virtual CA. (Or at
least not always easily and timely accessible.)
This virtual CA is formed by distributing the CA's functionality to
each local neighborhood. This noncentralized approach also has the
advantage that there is no single point of security compromise. (Note that by distributing the role of a
CA, the scalability problems of a centralized approach are also
resolved.)
