09-06-2012, 11:04 AM
A Cluster-Based Security Architecture
for Ad Hoc Networks
Ad Hoc Networks.pdf (Size: 299.53 KB / Downloads: 4)
Abstract
Secure communication is very important in computer
networks and authentication is one of the most eminent
preconditions. However, common authentication schemes are not
applicable in ad hoc networks because public key infrastructures
with a centralized certification authority are hard to deploy
there. We propose and evaluate a security concept based on a
distributed certification facility. A network is divided into clusters
with one special head node each.
INTRODUCTION
Ad hoc networks are subject to various kinds of attacks.
Wireless communication links can be eavesdropped on without
noticeable effort and communication protocols on all layers
are vulnerable to specific attacks. In contrast to wire-line networks,
known attacks like masquerading, man-in-the-middle,
and replaying of messages can easily be carried out. Moreover,
deploying security mechanisms is difficult due to inherent
properties of ad hoc networks, such as the high dynamics of
their topology (due to mobility and joining/leaving devices),
limited resources of end systems, or bandwidth-restricted and
possibly asymmetrical communication links.
SECURITY IN AD HOC NETWORKS
In a security concept, typically striving for goals like authenticity,
integrity, confidentiality, non-repudiation and availability,
authentication of communicating entities is of particular
importance as it forms the basis for achieving the other security
goals: e.g., encryption is worthless if the communication
partners have not verified their identities before. Authentication
of entities and messages can be realized in different ways
using either symmetric (3DES, AES) or asymmetric (ElGamal,
RSA) cryptographic algorithms (see e.g. [2] for details).
A CLUSTER-BASED CONCEPT FOR
SECURING AD HOC NETWORKS
The security concept described in this section was designed
with the main aim of providing a basis for secure
communication and access control in ad hoc networks. Providing
for secure authentication without relying on single
centralized entities is the most important issue; methods for
ensuring integrity, confidentiality or non-repudiation for endto-
end communication were not considered in detail, as these
can easily be realized using well-known techniques if secure
authentication is possible.
CONCLUSION
In this article, we introduced a cluster-based architecture for
a distributed public key infrastructure that is highly adapted
to the characteristics of ad hoc networks. In order to adapt to
the highly dynamic topology and varying page link qualities in ad
hoc networks, we consequently avoided any central instances
that would form single points of attack and failure. Instead,
the ad hoc network was divided into clusters, and the cluster
heads jointly perform the tasks of a certification authority.
