DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks

Securing ad hoc networks is notoriously challenging, notably due to the lack of an online infrastructure. In particular, key management is a problem that has been addressed by many researchers but with limited results. In this paper, we consider the case where an ad hoc network is under the responsi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2005-10, Vol.2 (4), p.311-323
Main Authors: Jun Luo, Hubaux, J.-P., Eugster, P.T.
Format: Article
Language:English
Subjects:
Ad hoc networks
Analytical models
Certification
Communications systems
Computer networks
Cryptography
Identity management systems
Identity-based encryption
Index Terms- Ad hoc networks
Infrastructure
Mathematical models
Network security
Network servers
Protocol
Protocols
Public Key Infrastructure
Quorum Systems
Robustness
Scalability
Security
simulations
Statistical analysis
Studies
system design
Wireless networks
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3
cites cdi_FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3
container_end_page 323
container_issue 4
container_start_page 311
container_title IEEE transactions on dependable and secure computing
container_volume 2
creator Jun Luo
Hubaux, J.-P.
Eugster, P.T.
description Securing ad hoc networks is notoriously challenging, notably due to the lack of an online infrastructure. In particular, key management is a problem that has been addressed by many researchers but with limited results. In this paper, we consider the case where an ad hoc network is under the responsibility of a mother certification authority (mCA). Since the nodes can frequently be collectively isolated from the mCA (e.g., for a remote mission) but still need the access to a certification authority, the mCA preassigns a special role to several nodes (called servers) that constitute a distributed certification authority (dCA) during the isolated period. We propose a solution, called DICTATE (DIstributed CerTification Authority with probabilisTic frEshness), to manage the dCA. This solution ensures that the dCA always processes a certificate update (or query) request in a finite amount of time and that an adversary cannot forge a certificate. Moreover, it guarantees that the dCA responds to a query request with the most recent version of the queried certificate in a certain probability; this probability can be made arbitrarily close to 1, but at the expense of higher overhead. Our contribution is twofold: 1) a set of certificate management protocols that allow trading protocol overhead for certificate freshness or the other way around, and 2) a combination of threshold and identity-based cryptosystems to guarantee the security, availability, and scalability of the certification function. We describe DICTATE in detail and, by security analysis and simulations, we show that it is robust against various attacks.
doi_str_mv 10.1109/TDSC.2005.49
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_27999523</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1542053</ieee_id><sourcerecordid>1027254371</sourcerecordid><originalsourceid>FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3</originalsourceid><addsrcrecordid>eNpd0E1LwzAYB_AgCs7pzZuX4MGTnXltG2-jmzoYeLBXCWmb0MyumUnK2Le3Y4Lg5XmBHw8PfwBuMZphjMRTufgoZgQhPmPiDEywYDhBCOfn48wZT7jI8CW4CmGDEGG5YBPwuVgV5bxcPsPFKkRvqyHqBhbal9bYWkXrejgfYuu8jQe4t7GFO-8qVdnOhtLW0PhlaHsdAjTOQ9XA1tWw13Hv_Fe4BhdGdUHf_PYpKF-WZfGWrN9fV8V8ndSU45gYZFilMOOI4LEKYSjPMEENqxClWKQpTo3KxLhwpqu8oZxjUVXapKkSNZ2Ch9PZ8bXvQYcotzbUuutUr90QJMmEEJzQEd7_gxs3-H58TRKUckJyikb0eEK1dyF4beTO263yB4mRPOYsjznLY86SiZHfnbjVWv9RzgjilP4AfYl3fw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>206522830</pqid></control><display><type>article</type><title>DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks</title><source>ABI/INFORM Global</source><source>IEEE Xplore (Online service)</source><creator>Jun Luo ; Hubaux, J.-P. ; Eugster, P.T.</creator><creatorcontrib>Jun Luo ; Hubaux, J.-P. ; Eugster, P.T.</creatorcontrib><description>Securing ad hoc networks is notoriously challenging, notably due to the lack of an online infrastructure. In particular, key management is a problem that has been addressed by many researchers but with limited results. In this paper, we consider the case where an ad hoc network is under the responsibility of a mother certification authority (mCA). Since the nodes can frequently be collectively isolated from the mCA (e.g., for a remote mission) but still need the access to a certification authority, the mCA preassigns a special role to several nodes (called servers) that constitute a distributed certification authority (dCA) during the isolated period. We propose a solution, called DICTATE (DIstributed CerTification Authority with probabilisTic frEshness), to manage the dCA. This solution ensures that the dCA always processes a certificate update (or query) request in a finite amount of time and that an adversary cannot forge a certificate. Moreover, it guarantees that the dCA responds to a query request with the most recent version of the queried certificate in a certain probability; this probability can be made arbitrarily close to 1, but at the expense of higher overhead. Our contribution is twofold: 1) a set of certificate management protocols that allow trading protocol overhead for certificate freshness or the other way around, and 2) a combination of threshold and identity-based cryptosystems to guarantee the security, availability, and scalability of the certification function. We describe DICTATE in detail and, by security analysis and simulations, we show that it is robust against various attacks.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2005.49</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Ad hoc networks ; Analytical models ; Certification ; Communications systems ; Computer networks ; Cryptography ; Identity management systems ; Identity-based encryption ; Index Terms- Ad hoc networks ; Infrastructure ; Mathematical models ; Network security ; Network servers ; Protocol ; Protocols ; Public Key Infrastructure ; Quorum Systems ; Robustness ; Scalability ; Security ; simulations ; Statistical analysis ; Studies ; system design ; Wireless networks</subject><ispartof>IEEE transactions on dependable and secure computing, 2005-10, Vol.2 (4), p.311-323</ispartof><rights>Copyright IEEE Computer Society Oct-Dec 2005</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3</citedby><cites>FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/206522830?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,780,784,11688,27924,27925,36060,36061,44363,54796</link.rule.ids></links><search><creatorcontrib>Jun Luo</creatorcontrib><creatorcontrib>Hubaux, J.-P.</creatorcontrib><creatorcontrib>Eugster, P.T.</creatorcontrib><title>DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Securing ad hoc networks is notoriously challenging, notably due to the lack of an online infrastructure. In particular, key management is a problem that has been addressed by many researchers but with limited results. In this paper, we consider the case where an ad hoc network is under the responsibility of a mother certification authority (mCA). Since the nodes can frequently be collectively isolated from the mCA (e.g., for a remote mission) but still need the access to a certification authority, the mCA preassigns a special role to several nodes (called servers) that constitute a distributed certification authority (dCA) during the isolated period. We propose a solution, called DICTATE (DIstributed CerTification Authority with probabilisTic frEshness), to manage the dCA. This solution ensures that the dCA always processes a certificate update (or query) request in a finite amount of time and that an adversary cannot forge a certificate. Moreover, it guarantees that the dCA responds to a query request with the most recent version of the queried certificate in a certain probability; this probability can be made arbitrarily close to 1, but at the expense of higher overhead. Our contribution is twofold: 1) a set of certificate management protocols that allow trading protocol overhead for certificate freshness or the other way around, and 2) a combination of threshold and identity-based cryptosystems to guarantee the security, availability, and scalability of the certification function. We describe DICTATE in detail and, by security analysis and simulations, we show that it is robust against various attacks.</description><subject>Ad hoc networks</subject><subject>Analytical models</subject><subject>Certification</subject><subject>Communications systems</subject><subject>Computer networks</subject><subject>Cryptography</subject><subject>Identity management systems</subject><subject>Identity-based encryption</subject><subject>Index Terms- Ad hoc networks</subject><subject>Infrastructure</subject><subject>Mathematical models</subject><subject>Network security</subject><subject>Network servers</subject><subject>Protocol</subject><subject>Protocols</subject><subject>Public Key Infrastructure</subject><subject>Quorum Systems</subject><subject>Robustness</subject><subject>Scalability</subject><subject>Security</subject><subject>simulations</subject><subject>Statistical analysis</subject><subject>Studies</subject><subject>system design</subject><subject>Wireless networks</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2005</creationdate><recordtype>article</recordtype><sourceid>M0C</sourceid><recordid>eNpd0E1LwzAYB_AgCs7pzZuX4MGTnXltG2-jmzoYeLBXCWmb0MyumUnK2Le3Y4Lg5XmBHw8PfwBuMZphjMRTufgoZgQhPmPiDEywYDhBCOfn48wZT7jI8CW4CmGDEGG5YBPwuVgV5bxcPsPFKkRvqyHqBhbal9bYWkXrejgfYuu8jQe4t7GFO-8qVdnOhtLW0PhlaHsdAjTOQ9XA1tWw13Hv_Fe4BhdGdUHf_PYpKF-WZfGWrN9fV8V8ndSU45gYZFilMOOI4LEKYSjPMEENqxClWKQpTo3KxLhwpqu8oZxjUVXapKkSNZ2Ch9PZ8bXvQYcotzbUuutUr90QJMmEEJzQEd7_gxs3-H58TRKUckJyikb0eEK1dyF4beTO263yB4mRPOYsjznLY86SiZHfnbjVWv9RzgjilP4AfYl3fw</recordid><startdate>20051001</startdate><enddate>20051001</enddate><creator>Jun Luo</creator><creator>Hubaux, J.-P.</creator><creator>Eugster, P.T.</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L6V</scope><scope>M0C</scope><scope>M0N</scope><scope>M7S</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>PYYUZ</scope><scope>Q9U</scope><scope>7SC</scope><scope>8FD</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20051001</creationdate><title>DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks</title><author>Jun Luo ; Hubaux, J.-P. ; Eugster, P.T.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2005</creationdate><topic>Ad hoc networks</topic><topic>Analytical models</topic><topic>Certification</topic><topic>Communications systems</topic><topic>Computer networks</topic><topic>Cryptography</topic><topic>Identity management systems</topic><topic>Identity-based encryption</topic><topic>Index Terms- Ad hoc networks</topic><topic>Infrastructure</topic><topic>Mathematical models</topic><topic>Network security</topic><topic>Network servers</topic><topic>Protocol</topic><topic>Protocols</topic><topic>Public Key Infrastructure</topic><topic>Quorum Systems</topic><topic>Robustness</topic><topic>Scalability</topic><topic>Security</topic><topic>simulations</topic><topic>Statistical analysis</topic><topic>Studies</topic><topic>system design</topic><topic>Wireless networks</topic><toplevel>online_resources</toplevel><creatorcontrib>Jun Luo</creatorcontrib><creatorcontrib>Hubaux, J.-P.</creatorcontrib><creatorcontrib>Eugster, P.T.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore (Online service)</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer science database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ProQuest Engineering Collection</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Engineering Database</collection><collection>ProQuest advanced technologies &amp; aerospace journals</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection><collection>ABI/INFORM Collection China</collection><collection>ProQuest Central Basic</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jun Luo</au><au>Hubaux, J.-P.</au><au>Eugster, P.T.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2005-10-01</date><risdate>2005</risdate><volume>2</volume><issue>4</issue><spage>311</spage><epage>323</epage><pages>311-323</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Securing ad hoc networks is notoriously challenging, notably due to the lack of an online infrastructure. In particular, key management is a problem that has been addressed by many researchers but with limited results. In this paper, we consider the case where an ad hoc network is under the responsibility of a mother certification authority (mCA). Since the nodes can frequently be collectively isolated from the mCA (e.g., for a remote mission) but still need the access to a certification authority, the mCA preassigns a special role to several nodes (called servers) that constitute a distributed certification authority (dCA) during the isolated period. We propose a solution, called DICTATE (DIstributed CerTification Authority with probabilisTic frEshness), to manage the dCA. This solution ensures that the dCA always processes a certificate update (or query) request in a finite amount of time and that an adversary cannot forge a certificate. Moreover, it guarantees that the dCA responds to a query request with the most recent version of the queried certificate in a certain probability; this probability can be made arbitrarily close to 1, but at the expense of higher overhead. Our contribution is twofold: 1) a set of certificate management protocols that allow trading protocol overhead for certificate freshness or the other way around, and 2) a combination of threshold and identity-based cryptosystems to guarantee the security, availability, and scalability of the certification function. We describe DICTATE in detail and, by security analysis and simulations, we show that it is robust against various attacks.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2005.49</doi><tpages>13</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2005-10, Vol.2 (4), p.311-323
issn 1545-5971
1941-0018
language eng
recordid cdi_proquest_miscellaneous_27999523
source ABI/INFORM Global; IEEE Xplore (Online service)
subjects Ad hoc networks
Analytical models
Certification
Communications systems
Computer networks
Cryptography
Identity management systems
Identity-based encryption
Index Terms- Ad hoc networks
Infrastructure
Mathematical models
Network security
Network servers
Protocol
Protocols
Public Key Infrastructure
Quorum Systems
Robustness
Scalability
Security
simulations
Statistical analysis
Studies
system design
Wireless networks
title DICTATE: DIstributed CerTification Authority with probabilisTic frEshness for ad hoc networks
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T15%3A35%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DICTATE:%20DIstributed%20CerTification%20Authority%20with%20probabilisTic%20frEshness%20for%20ad%20hoc%20networks&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Jun%20Luo&rft.date=2005-10-01&rft.volume=2&rft.issue=4&rft.spage=311&rft.epage=323&rft.pages=311-323&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2005.49&rft_dat=%3Cproquest_cross%3E1027254371%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c351t-f0f4ba14502114599f357120d4b033196616fa7903354eb8d35519bbef66a9c3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=206522830&rft_id=info:pmid/&rft_ieee_id=1542053&rfr_iscdi=true