Rethinking Self-organized Public-key Management for

Mobile Ad-Hoc Networks

?

Candelaria Hern

´

andez-Goya

1

, Pino Caballero-Gil

1

and Amparo F

´

uster-Sabater

2

1

Dept. Statistics, O.R. and Computing, University of La Laguna

38206 La Laguna (Tenerife), Spain

2

Institute of Applied Physics, C.S.I.C., 28006 Madrid, Spain

Abstract. In this paper, the self-organized public-key management scheme pro-

posed for MANETs is considered in order to guarantee that all nodes play identi-

cal roles in the network. Our approach involves that the responsibility for creating,

storing, distributing and revoking nodes’ public-keys is on the nodes themselves.

In particular, the methods here described and evaluated are aimed at improving

the process of building the local certiﬁcate repositories associated to each node

in the self-organised model. In order to do it, we face the problem by combin-

ing known authentication elements such as the web-of-trust concept, together

with common ideas of routing protocols, such as the MultiPoint Relay technique

used in the Optimized Link State Routing protocol. Our proposal leads to a sig-

niﬁcant improvement in the efﬁciency of the whole model and implies a good

trade-off among security, overhead and ﬂexibility. Results of experiments show

an important reduction in resource consumption while undertaking the certiﬁcate

veriﬁcation process associated to the authentication.

1 Introduction

Lack of ﬁxed infrastructure, highly dynamic topology, heavy constraints in node’s ca-

pabilities jointly with they spontaneous nature are some of the characteristics of Mo-

bile Ad-hoc Networks (MANETs) that hinder to provide them with security services.

A particular example of this situation is the deployment of Public Key Infrastructure

(PKI). The proposals in the bibliography related to the previous issue adopt two main

approaches: using a distributed certiﬁcation model or a self-organized scheme.

In the ﬁrst case, the certiﬁcation process is underpinned by distributed Certiﬁcation

Authorities (CAs), which use a threshold digital signature scheme and are in charge of

issuing and renewing certiﬁcates associated to the members of the network. One of the

ﬁrst proposals under this approach was put forward in [1]. There, a group of special

nodes, acting as a coalition, were responsible for certiﬁcation tasks. The main draw-

backs of this model are the computational intensive operations required by the threshold

application when signing a certiﬁcate, and the deﬁnition of additional procedures such

?

Research supported by the Spanish Ministerio de Ciencia e Innovaci

´

on and FEDER funds

under grant TIN2008-02236/TSI

Hernández-Goya C., Caballero Gil P. and Fúster-Sabater A. (2009).

Rethinking Self-organized Public-key Management for Mobile Ad-Hoc Networks.

In Proceedings of the 7th International Workshop on Security in Information Systems, pages 103-110

DOI: 10.5220/0002175401030110

Copyright

c

SciTePress

as share refreshing [2]. Also, when dealing with certiﬁcate validation, nodes should lo-

cate a correct coalition but, depending on the actual network topology and conditions,

it might result infeasible.

Consequently, the scalability of the proposal cannot be considered adequate since

as network size increases, computational and communication overload increases too.

Later on, in [3] and [4], nodes playing special roles are not considered since the CA’s

secret key used for signing certiﬁcates is distributed among all the nodes in the network.

In this paper the self-organised method for public-key management is chosen as

base in order to guarantee identical roles for all the network nodes. This approach in-

volves the relocation of the responsibility for creating, storing, distributing, and revok-

ing their public keys to the members of the network.

The method here described and evaluated is aimed at improving the process of build-

ing the local certiﬁcate repository associated to each node in the self-organised model.

This will lead to signiﬁcant improvements in the efﬁciency of the whole model. Partic-

ularly, as it will be appreciated from the experiments, a reduction in resource consump-

tion while undertaking the veriﬁcation process associated to authentication is obtained.

In order to achieve this aim, we face the problem by combining typical authentication

elements with common ideas used in routing protocols in MANETs. In particular, the

Optimised Link State Routing (OLSR) protocol from which some ideas regarding the

use of the Multi-Point Relay (MP R) technique have been borrowed in order to design

the algorithm for updating repositories.

The structure of this paper is as follows. Section 2 is devoted to the description

of the M P R technique. Since our proposal is speciﬁcally designed to be deployed

in the self-organised key management model, section 3 deals with the details of that

approach, including the description of the method originally proposed to built such

repositories called Maximum Degree Algorithm (MDA). Both the M P R technique

described in section 2 together with the graph-based public-key certiﬁcation protocol

described in section 3 constitute the keystones of the proposal. A complete algorithmic

description of the method is also provided here. Section 4 describes the results of several

computational experiments carried out with the objective of comparing the M P R and

MDA approaches. Some questions that deserve more research and the ﬁnal conclusions

are included in last section.

2 Preliminaries

In order to improve the construction of certiﬁcate repositories deﬁned in the key man-

agement scheme when adopting the web of trust model and the self-organised approach

to implement a Public-Key Infrastructure (PKI) we use certain elements of the proac-

tive routing protocol known as OLSR protocol, one of the four basic protocols adopted

for MANETs. This section contains an introductory description of this protocol, paying

particular attention to the MP R technique embedded in such protocol.

OLSR belongs to the proactive set of protocols. In networks with high mobility

these routing protocols have a good behaviour since the paths are re-calculated as soon

as a link state change is detected. Building an accurated topological map of the network

requires exchange of information among nodes on a regular basis, which can lead to

104

certain network overloading on the network, unless network trafﬁc is sporadic. On the

other hand, when dealing with delay-sensitive networks (such as VANETs) the OLSR

protocol outperfoms better [5].

Most proactive protocols consider techniques aimed at controlling overhead. In

OLSR the technique used is MPR. An example of the important improvements ob-

tained when introducing these procedures is the reduction on redundant packets. It may

reach the 60% under some conditions [6].

It can be said that this technique allows determining the minimum number of nodes

needed for reaching the whole network when it is recursively applied. This procedure

is named as the MultiPoint Relay (MPR) technique. The way we will utilise the basics

of this technique in the key management proposal as well as its relationship with Graph

Theory problems are included below.

The MPR technique was originally deployed for reducing the duplicity of messages

at local level when broadcasting information in a proactive MANET. In general, the

number of redundant packets received by a node may be equal to the number of neigh-

bours a node has. In the OLSR protocol, only a subset of nodes will be in charge of

retransmitting the received packets. In this way, every node u must deﬁne among its

direct neighbours a set of transmitters (here denoted by MP R(u)) that will be the only

ones in charge of retransmitting the messages emitted by the initial node.

According to this method, the choice of the set M P R should guarantee that all the

nodes in a two-hop distance of the initial node receive the messages. In order to fulﬁl

this requirement every node in a two-hop distance of u must have a neighbour belonging

to MP R(u).

In routing models the network is usually represented with a graph whose vertex

set V = {u

1

, u

2

, . . . , u

n

} symbolizes the set of nodes of the network. In this way,

for any node u, N

i

(u) denotes the set of u’s neighbours in a i-hop distance from u.

Consequently, N

1

(u) stands for u’s direct neighbours. These sets are deﬁned by using

the shortest path and in such a way that N

i

(u) and N

i+1

(u) are disjoint sets.

With the notation previously introduced the M P R set for a vertex u may be deﬁned

as MP R(u) ⊆ N

1

(u)|∀w ∈ N

2

(u)∃v ∈ MP R(u)|w ∈ N

1

(v).

The MPR heuristic deﬁned in the OLSR routing procedure uses a greedy approach

handling the vertex degree as parameter. The idea is to select the neighbours of the

original vertex u which cover the highest number of vertices in u’s two-hop vicinity

that have not been previously covered.

The greedy heuristic is composed by two main stages stages. In the ﬁrst one those

vertices w in N

2

(u) which have an only neighbour v in N

1

(u) are examined, in order

two include in M P R(u) the vertex v to which is connected. In case there are remaining

nodes without covering in N

2

(u) those vertices in N

1

(u) which cover more vertices in

that situation are also included in MP R(u) in the second stage.

Analyzing the description of the problem from the Graph Theory point of view, it

can be concluded that the node being examined and its M P R set must form a dominant

set in its level 2 vicinity. A dominant set in a graph is a vertex subset such that any node

in the corresponding graph has and edge linking it to a vertex in the dominant set.

105

3 Key Management in MANETs: Self-organized Model

In the bibliography we may ﬁnd two main alternatives for the deployment of PKI in

MANETs: distributed certiﬁcation authorities, and self-organized public-key manage-

ment model.

In this work we decided to follow the self-organized key management model based

on the web of trust approach. Several are the reasons that justify the choice of this

option. First, this model demands less maintenance overhead. Secondly, it is well worth

remarking that on the one hand the self-organized approach eases the use of a simple

bootstrap mechanism and on the other hand all the nodes perform equal roles.

The self-organized model in MANETs was initially described in [7]. Its authors put

forward the substitution of the centralized certiﬁcation authority by a self-organized

scenario where certiﬁcation is carried out through chains of certiﬁcates which are issued

by the nodes themselves. Such a scheme is based on the information stored by each node

and the trust relationship among neighbour nodes.

In this model public keys and certiﬁcates are represented as a directed graph G =

(V, A), known as certiﬁcate graph. Each vertex u in this graph deﬁnes a public key

linked to a node, and each arc (u, v) symbolizes a certiﬁcate associated to v’s public

key, signed by using u’s private key. Each node u has a public key, a private key, and

two certiﬁcate repositories, the updated (G

u

) and the non-updated repositories (G

N

u

).

Initially the updated certiﬁcate repository will contain the list of certiﬁcates on which

each node trusts (out-bound list) and the list of certiﬁcates of all the nodes that trust on

u (in-bound list).

When a certiﬁcate for a node u is issued by a node v the edge (v, u) is added to

the certiﬁcate graph and each node u and v stores it in its in-bound and out-bound list,

respectively.

In the original proposal two ways of building the updated certiﬁcate repository G

u

of a node u were described:

1. Node u communicates with its neighbours in the certiﬁcate graph.

2. Node u applies over G

N

u

an appropriate algorithm in order to generate G

u

after

checking the validity of every single certiﬁcate.

The selection of the certiﬁcates stored by each node in its repository should be done

carefully in order to satisfy at the same time two requirements: limitation in storing

requirements, and usefulness of the repository in terms of ability to ﬁnd chains for the

largest possible number of nodes.

The algorithm used in the construction of the updated repositories will inﬂuence in

the efﬁciency of the scheme, so it should be carefully designed. The simplest algorithm

for that construction is the so-called Maximum Degree Algorithm (MDA), where the

criterion followed in the selection of certiﬁcates is the degree of the vertices in the

certiﬁcate graph.

When using the MDA, every node u builds two subgraphs, the out-bound subgraph

and the in-bound subgraph, which when joined generate the updated certiﬁcate repos-

itory G

u

. The out-bound subgraph is formed by several disjoint paths with the same

origin vertex u while in the in-bound subgraph u is the ﬁnal vertex. The starting node

106

is u and deg

+

(u), deg

−

(u) stands for the out-degree and the in-degree respectively of

node u. The number of chains to be found is represented by c.

Note that the process to build the in-bound subgraph is equivalent to it except for

the fact that in this case the edges to be chosen are always incoming edges.

In this paper it is proposed to substitute the MDA algorithm proposed for the up-

dated repository construction by a new algorithm that uses the M P R. In this way, for

each vertex in the certiﬁcate graph we have to deﬁne a re-transmitter set. Hence, the

smallest number of vertices required for reaching the whole certiﬁcate graph will be

obtained.

In order to extend the notation used in 2, which is required to be used in the certiﬁ-

cate graph, we denote by N

i

(u) the set of predecessors of node u that may be found in

an i-hop distance.

The algorithm proposed is an iterative scheme and it can be summarized as folllows.

First, node u starts by calculating M P R(u) = {v

1

, v

2

, . . . , k}. Then, these vertices are

included in G

out

together with the edges (u, v

i

), i = 1, 2, . . . , k. Henceforth, nodes

v

i

in M P R(u) apply recursively the same procedure of retransmitting backwards the

result MP R(v

i

).

The certiﬁcate chains required in the authentication are built by using the arcs

(u, M P R(u)). After that, ∀v ∈ M P R(u) and ∀w ∈ MP R(v) the arcs (v, w) are

also added after having checked that they have not been added in previous updates.

Note that the procedure every node u ∈ G has to develop in order to build MP R(u)

takes 1 + ln(N

2

(u)) steps when no bound is deﬁned on the length of the chains to be

built. Otherwise, the number of iterations to be carried out is given by the number of

hops to explore in the certiﬁcate graph. As for the deﬁnition of the aforementioned

bound, it has to be remarked that such a parameter may be dynamically adjusted in

function of the changes experienced by the certiﬁcate graph. This may be justiﬁed by

the fact that as the network evolves, the information contained in each node’s repository

is more complete.

Thanks to this substitution the generated procedure is easier and more efﬁcient,

guaranteeing in this way that each node has a set of neighbours that allows it to reach

the biggest number of public keys. One of the main advantages of the proposal is that

all the information gathered for the construction of the chains is locally obtained by

each node.

After obtaining the in-bound (MP R

G

in

(u)

) and out-bound (M P R

G

out

(u)

) sub-

graphs, both are merged and the initial repository (G

u

) is generated. When a node u

needs to check the validity of the public key of another node v, it has to ﬁnd a certiﬁ-

cate chain from itself to v in the graph that results from combining its own repository

with v’s repository. If this chain is not found there, the search is extended to G

u

∪ G

N

u

,

what implies the inclusion of u’s non-updated repository in the search. If this second

exploration is successful, u should request the update of those certiﬁcates that belong

exclusively to G

N

u

. When no path is found, the authentication fails.

107

4 Experimental Results

This work proposes the application of the MPR technique in the computation of cer-

tiﬁcate repositories included in the self-organized public-key management model pro-

posed by [7]. Our proposal is supported by the good results obtained when using the

MP R procedure in the OLSR routing algorithm in MANETs as well as computa-

tional experiments. A detailed description of the implementation and the results pro-

vided by it is presented in the current section. The main goal of the experiments was

showing that applying the MPR technique when building certiﬁcate repositories in the

self-organized approach instead of using the MDA heuristic provides the public-key

management scheme with simplicity and efﬁciency.

4.1 Implementation Characteristics

The implementation has been carried out using Java and the open source library JUNG

2.0 (Java Universal Network/Graph Framework) which provides the basic tools for rep-

resenting and dealing with graphs. One of the reasons why JUNG was selected was

having the possibility of working with random graphs with the small-world property.

When a graph follows the small-world model, it is assumed that its paths have a small

average length and a high Clustering Coefﬁcient (CC). The CC corresponds with the av-

erage of the fraction of pairs of u’s neighbors (taken over all the network nodes u ∈ |V |)

which are at the same time direct neighbors of each other.

This characteristic is supported by certiﬁcate graphs as it was shown in [8]. When

a graph holds this feature, most nodes may be reached by a small number of hops from

any source node. This kind of graphs has received special attention in several scientiﬁc

disciplines. The particular small-world model used in the simulation developed was

proposed by Kleingberg [9]. When generating a graph with |V | = n

2

vertices according

to this model, the ﬁrst step is to create an nxn toroidal lattice. Then each node u is

connected to four local neighbours, and in addition one long range connection to some

node v, where v is chosen randomly, according to a probability proportional to d

−α

.

d denotes the lattice distance between u and v and α stands for the CC. Generating

the graphs following this model guarantees that the shortest paths may be determined

using local information, what makes them particularly interesting for the networks we

are dealing with.

4.2 Computational Results

The computational experience consisted of generating random graphs according to the

Kleingberg’s model where the size of the graphs |V | ranges in the interval [9, 441], the

CC takes values between [0, 30]. For this parameters, the Certiﬁcate Rate obtained by

MP R (CR

M P R

) jointly with time consumption (t

M P R

) expressed in seconds were

measured.

For analyzing the M DA alternative, it is applied over the same input graphs using

as speciﬁc parameters the maximum number of chains to built (n

chains

) and their max-

imum length (C

l

) is bounded by 7. In this case, the Certiﬁcate Rate in the repository

(CR

M DA

) and time consumption (t

M DA

) were also obtained.

108

(a) |V | (b) CC

Fig. 1. Comparing certiﬁcate rates.

Fig. 2. Certiﬁcate Rate Difference.

From this experience, there are some general conclusions that may be remarked.

The certiﬁcate rate CR

M P R

ﬁnally contained in the local repository increases as the

size of the graph increases. However the behavior of the certiﬁcate rate is not affected by

the growth of the CC (). This phenomena may be better appreciated in ﬁgures 2(a) and

2(b), respectively. Additionally, the maximum length in the chains obtained by M P R

are kept at reasonable values, what makes the chain veriﬁcation process lighter.

Probably the most important fact when comparing the certiﬁcate rates CR

M DA

and

CR

M P R

is that only in the 3.95% of the executions the MDA algorithm outperforms

MP R, and it only occurs when the input certiﬁcate graph is small (see ﬁgure 2.(a)). Al-

though, in the previous ﬁgure it seems that the difference between both certiﬁcates rates

is reduced as the size of the graph increases, it should be taken in mind that MANETs

have a limited number of nodes. Furthermore, in the the 45.83% percent of the prob-

lems the difference between the certiﬁcate rates CR

M P R

and CR

M DA

is in the interval

[50%, 75%].

Hence, it may be conclude that the repository built by MPR provides further infor-

mation to facilitate the authentication process. Another result that illustrates the positive

characteristics of M P R to solve the problem of updating the certiﬁcate repository is

that in the 82.45% of the executions the repository built by MP R contains more than

the 75% of the whole certiﬁcate set.

109

5 Conclusions

The application of the Multipoint Relay Technique in the process of building the up-

dated certiﬁcate repository has been evaluated in the present work. For the assessment

of this alternative several experiments over an implementation developed in JAVA have

been carried out. According to these experiments the alternative presented outperforms

the original one in several aspects. Probably the more relevant are the signiﬁcantly

higher certiﬁcate rate included in the repository when applying the MP R-based method

as well as the generation of shorter chains. This ﬁrst characteristic results in less inter-

action among nodes at the time of building an authentication chain. The second fact

leads to a more efﬁcient veriﬁcation procedure.

Our immediate goal is to adapt the implementation developed to the network simu-

lator NS2 in order evaluate the behaviour of the method with different mobility models.

References

1. Zhou, L., Haas, Z.: Securing ad hoc networks. IEEE Networks, 13 (1999) 24–30

2. Narasimha, M., Tsudik, G., Yi, J.: On the utility of distributed cryptography in P2P and

MANETs: The case of membership control. In: Proceedings of the 11th IEEE International

Conference on Network Protocols (ICNP’03), IEEE (2003) 336–345

3. Luo, H., Lu, S.: Ubiquitous and robust authentication services for ad hoc wireless networks.

Technical Report TR-200030, Dept. of Computer Science, UCLA (2000)

4. Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing robust and ubiquitous security sup-

port for mobile ad-hoc networks. In: International Conference on Network Protocols (ICNP).

(2001) 251–260

5. Haerri, J., Filali, F., Bonne, C.: Performance comparison of AODV and OLSR in VANETs ur-

ban environments under realistic mobility patterns. In: Med-Hoc-Net 2006, 5th IFIP Mediter-

ranean Ad-Hoc Networking Workshop, Lipari, Italy (2006)

6. Ni, S.Y., Tseng, Y.C., Chen, Y.S., Sheu, J.P.: The broadcast storm problem in a mobile ad

hoc network. In: MobiCom ’99: Proceedings of the 5th annual ACM/IEEE international

conference on Mobile computing and networking, New York, NY, USA, ACM (1999) 151–

162

7. Capkun, S., Buttyan, L., Hubaux, J.P.: Self-organized public key management for mobile ad

hoc networks. Mobile Computting and Communication Review, 6 (2002)

8. Capkun, S., Buttyan, L., Hubaux, J.P.: Small worlds in security systems: an analysis of the

PGP certiﬁcate graph. In: Proceedings of The ACM New Security Paradigms Workshop 2002,

Norfolk, Virginia Beach, USA (2002) 8

9. Kleinberg, J.: The small-world phenomenon: An algorithmic perspective. In: Proceedings of

the 32nd ACM Symposium on Theory of Computing. (2000)

110