Encryption key management in wireless ad hoc networks : a thesis presented in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science at Massey University, Auckland, New Zealand
Communication is an essential part of everyday life, both as a social interaction and as a means of collaboration to achieve goals. Networking technologies including the Internet have provided the ability to communicate over distances quickly and effectively, yet the constraints of having to be at a computer connected to a network access point restricts the use of such devices. Wireless technology has effectively released the users to roam more freely whilst achieving communication and collaboration, and with worldwide programs designed to increase laptop usage amongst children in developing countries to almost 100%, an explosive growth in wireless networking is expected. However, wireless networks are seen as relatively easy targets for determined attackers. Security of the network is provided by encrypting the data when exchanging messages and encryption key management is therefore vital to ensure privacy of messages and robustness against disruption.
This research describes the development and testing through simulation of a new encryption key management protocol called SKYE (Secure Key deploYment & Exchange) that provides reasonably secure and robust encryption key management for a mobile ad hoc network. Threshold cryptography is used to provide a robust Certificate Authority providing certificate services to the network members using Public Key Infrastructure. The protocol is designed to be used in an environment where communications must be deployed quickly without any prior planning or prior knowledge of the size or numbers of the potential members. Such uses may be many and varied and may include military, education or disaster recovery where victims can use the protocol to quickly form ad hoc networks where other communication infrastructure has failed. Many previous protocols were examined and several key
features of these schemes were incorporated into this protocol along with other unique features. These included the extensive tunability of the protocol allowing such features as increasing the number of servers that must collaborate to provide services and the trust level that must exist along a certificate chain before a request for a certificate will be accepted by a server. The locations of the servers were carefully selected so that as these parameters were altered to increase security, performance remained high. For example, when two servers were required for certificate issuance, a certificate request would succeed 92% of the time. By doubling the servers required and therefore considerably increasing resilience against attack of the certificate authority, this figure dropped only moderately to 78%. The placement of the servers proved to be a critical parameter and extensive experiments were run to identify the best placements for servers with the various parameters chosen.
Simulations show that the protocol performs effectively in a developing and constantly changing network where nodes may join and leave the network frequently and where many of the members may be mobile. The many tunable parameters of the protocol ensure that it is useful in a variety of applications and has unique features making it effective and efficient in a highly dynamic network environment.