To protect against attacks where an adversary may compromise
multiple servers over a long period of time, the use of secret share
updates has been proposed. In this approach, the secret share of each
server has to be periodically updated in collaboration with other
servers in the system. Since the secret share's validity is limited in
time, the adversary must compromise enough servers within a period of
finite time to launch a successful attack.
The use of threshold cryptography to create a virtual CA makes two
important assumptions regarding system initialization. First, it is
assumed that Q servers can be initialized securely with their
respective shares of the system secret. Second, it is assumed that each
server can be configured securely with the public keys of all nodes
which can potentially join the ad hoc network.
Both these assumptions basically boil down to the single assumption
that the servers can be initially configured over a secure channel.
This important assumption can sometimes act as a limitation in
providing security in ad hoc networks.
One approach which has been proposed to reduce the dependency of the
system on this assumption is localized self initialization. In this
approach we still require that the first Q servers be initialized over
a secure medium. However, once the first Q servers have been
initialized, they can then collaborate to elect new servers.
This is achieved by having at least S servers use their secret share
(kx) to generate a partial secret share (ssx).
These partial secret shares are then combined to generate a new secret
share which can be assigned to the node which is being initialized as a
server. Let's do a short recap of how a virtual CA works in ad hoc
networks.
As is true in any PKC system, each node in the ad hoc network has a
private-key, public-key pair which it uses to secure communication with
other nodes. To certify its keys, each node X, must have a valid
certificate issued by the CA of the form KiCA(X, KwX,
Tsign, Texpire).
This certificate basically says that the CA certifies (by signing the certificate using KiCA) that the public key of node X
is KwX and this key is valid between times Tsign
and Texpire. Such certificates which are signed using the
system secret (KiCA) are inherently trusted by all nodes in
the network. It is these certificates which are then used to provide
various security features in the network.
So, the aim of a virtual CA is to issue certificates signed using
the system secret. The virtual CA is implemented as multiple physically
separate nodes (servers) none of which knows the system secret (KiCA)
but each one of them knows a share of the system secret. When a node
wants a certificate, it sends out a broadcast request. The servers then
co-operate to supply the certificate thus providing security in the
system.
Confidentiality and Integrity
Previously, we discussed how key establishment and authentication may
be provided in multihop ad hoc networks. These two security services
form the backbone of providing security in any network.
Once two nodes in a network have authenticated each other and
securely established a security context (that is, securely established keys),
encryption and integrity algorithms can be used to secure
communication.
This part of system security is relatively simple. What is needed is
the selection of algorithms and modes suitable for the environment in
which the network is expected to operate.
Since the nodes in an ad hoc network environment usually have
limited processing power and limited battery lifetimes, most ad hoc
networks would prefer a stream cipher for encryption and an integrity
algorithm which is not too computation intensive.
There are many stream ciphers to choose from as long as we keep in
mind that there are some caveats while using stream ciphers in a
wireless environment (as WEP
demonstrated).
