Abstract
The network is becoming more and more versatile because of the variety of the computing resources and the communication technologies that have become available. The mobility of the nodes, in these so called Mobile Ad hoc Networks (MANets), furthermore leads to a situation where it is very difficult to establish secure community-based or even peer to peer communication channels. The basic and major problem that has to be solved is that of identity management: how to identify and authenticate an entity that is a priori unknown and that tries to dynamically join a community in the network? Even if we solve this problem, how to distribute these certified identities over the network? In this paper, we propose to make a clear distinction between two kinds of organization of a MANet. We consider an identity-based approach and a goal-based approach. In the identity-based approach the nodes of the network have to be precisely identified (i.e. with their real-world identity) and a central administration is therefore required. In the goal-based approach, identities are simply used to distinguish between the nodes that collaborate to a certain goal. We claim that when this second approach is considered, it is possible to support a totally distributed identity management system. Our contribution is the design and the implementation of such a system for these goal-based networks. We assume that the users who want to get involved are provided with PDAs supplied with smart cards and more precisely Java Cards, which are the basic secure bricks on which our approach relies. Of course, our approach supports the uniqueness of identities, but it furthermore enforces permanency, i.e. it prevents changing and repudiation of identity. In this paper, we describe the protocol that we have designed to support our solution and its effective implementation.
This work is partly supported by the ANR/SSIA project Cryscoe and by a PhD grant funded by Region Limousin.
Chapter PDF
Similar content being viewed by others
References
Hubaux, J.P., Buttyan, L., Capkun, S.: Self-organized public-key management for mobile ad hoc networks. In: Proceedings of the ACM International Workshop on Wireless Security, vol. 2, January 2003, pp. 52–64. IEEE Computer Society Press, Los Alamitos (2003), http://dx.doi.org/10.1109/TMC.2003.1195151
Chlamtac, I., Conti, M., Liu, J.: Mobile ad hoc networking: Imperatives and challenges. Elsevier Ad Hoc Networks Journal 1, 13–64 (2003)
Ferraiolo, D., Cugini, J., Kuhn, D.: Role based access control: Features and motivations. In: Proceedings of the 11th Annual Conference on Computer Security Applications, pp. 241–248. IEEE Computer Society Press, Los Alamitos (1995)
Ferraiolo, D., et al.: Proposed NIST standard for role-based access control. Information and System Security 4, 224–272 (2001)
IETF: ITU-t recommendation X.509 (revised) - information technology - open systems interconnection - the directory: Public-key and attribute certificate frameworks. ISO/IEC 9594-8 (2000)
Kargl, F., Schlott, S., Weber, M.: Identification in ad hoc networks. In: Proceedings of the 39th Annual Hawaiian International Conference on System Sciences, vol. 9, January 2006, IEEE Computer Society Press, Los Alamitos (2006), http://dx.doi.org/10.1109/HICSS.2006.208
Capkun, S., Hubaux, J.P., Buttyan, L.: Mobility helps security in ad hoc networks. In: Proceeding of the 4th ACM international Symposium on Mobile Ad Hoc Networking and Computing MobiHoc’03, Annapolis, Maryland, USA, June 2003, pp. 46–56. ACM Press, New York (2003), http://doi.acm.org/10.1145/778415.778422
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly & Associates, Sebastopol (1995)
Marias, G.F., et al.: Integrating a trust framework with a distributed certificate validation scheme for MANETs. EURASIP, Journal on Wireless Communications and Networking (2006)
Yung, M., et al.: Proactive RSA. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 440–454. Springer, Heidelberg (1997)
Frankel, Y., MacKenzie, P.D., Yung, M.: Adaptive security for the additive-sharing based proactive RSA. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 240–263. Springer, Heidelberg (2001)
Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998)
Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)
Narasimha, M., Tsudik, G., Yi, J.: On the utility of distributed cryptography in P2P and MANets: the case of membership control. In: Proceedings of the 11th IEEE International Conference on Network Protocol (ICNP), November 2003, pp. 336–345. IEEE Computer Society, Washington (2003)
Saxena, N., Tsudik, G., Yi, J.: Admission control in peer-to-peer: Design and performance evaluation. In: Proceedings of the 1st ACM Workshop on Security of Ad hoc and Sensor Network (SASN’03), Fairfax, Virginia, October 2003, pp. 104–113. ACM Press, New York (2003)
Zhou, Z.H.L.: Securing ad hoc networks. IEEE Network 13, 24–30 (1999), http://citeseer.ist.psu.edu/zhou99securing.html
Yi, S., Kravets, R.: MOCA: Mobile certificate authority for wireless ad hoc networks. In: Proceedings of the 2nd Annual PKI Research Workshop (PKI’03) (2003), http://citeseer.ist.psu.edu/676460.html
Luo, H., Lu, S.: Ubiquitous and robust authentication services for ad hoc wireless networks. Technical report, Dept. of Computer Science, UCLA (October 2000)
Kong, J., et al.: Providing robust and ubiquitous security support for mobile ad-hoc networks. In: Proceedings of the 9th International Conference on Network Protocols (ICNP’01), pp. 251–260. IEEE Computer Society Press, Washington (2001), http://www.cs.ucla.edu/~jkong/publications/ICNP01-jkong.pdf
Atallah, E., Chaumette, S.: http://www.labri.fr/perso/chaumett/pda_0001.wmv
Atallah, E., et al.: Mobile ad hoc network with embedded secure system. In: Proceedings of the seventh edition of e-Smart conference, Nice, France (September 2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Atallah, E., Chaumette, S. (2007). A Smart Card Based Distributed Identity Management Infrastructure for Mobile Ad Hoc Networks. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds) Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. WISTP 2007. Lecture Notes in Computer Science, vol 4462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72354-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-72354-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72353-0
Online ISBN: 978-3-540-72354-7
eBook Packages: Computer ScienceComputer Science (R0)