MOCA : Mobile Certificate Authority
for Wireless Ad Hoc Networks
The 2nd Annual PKI Research Workshop (PKI 2003)
Seung Yi, Robin Kravets
September. 25, 2003
Presented by Sookhyun, Yang
Contents

Introduction

Background

Requirements

MOCA (MObile Certificate Authority) Framework

Evaluation

Conclusion
2/16
Introduction

Wireless ad hoc networks

Infrastructure-less nature



Inhibit guaranteeing any kind of connectivity
Increased physical vulnerability of the nodes
Key management framework for ad hoc networks

MOCA framework

PKI (Public Key Infrastructure) without infrastrucutre


Threshold cryptography
 MOCA nodes
Communication protocol between a client and CAs
 MP (MOCA certification protocol)
3/16
Background

PKI

Collection of components and procedure that support the management
of cryptographic keys through the use of digital certificates

Public key certificate
CA
MOCAs
KUb
KUa
CA
CB
CA’s private key : KRauth
CA’s public key : KUauth
X’s public key : Kux
(1) CA
A
B
CA = EKRauth[TIme1,IDA,KUa]
(2) CB

Threshold cryptography


threshold
Divide up a secret to n pieces
Reconstruct the full secret with any k pieces out of those n
4/16
Requirements

Requirements for MOCA framework

Fault tolerance



Security



Maintain correct operation in the presence of faulty nodes
Tolerant to a fraction of faulty nodes
Act as the trust anchor for the whole network
Operate securely against malicious nodes or adversaries
Availability


Highly dependent on the connectivity of the network
Certification service should be always available to clients
5/16
MOCA Framework (1/4)

Choosing MOCA nodes

Exploit heterogeneity




Threshold cryptography





Distribute the functionality of a CA to the whole network
Secret : CA’s private key
CA : n MOCA nodes
Threshold : k MOCA nodes
Configuration




More trustworthy
Computationally more powerful
Physically more secure
Total number of nodes in the network (M)
Number of MOCAs (n)
Threshold value for secret reconstruction (1<= k <= n)
Connectivity

MP (MOCA certification protocol)


Communication protocol between client and MOCAs
One-to-many-to-one
6/16
MOCA Framework (2/4)

Threshold Cryptography

Certification

Revocation
(1) Partially signed
revocation certificate
signed with its key share
(2) Partial signature
signed with key share
(1)
(2) Full revocation certificate
(3) CRL (Certificate revocation list)
At least k
request
(3) Collect k partial signature
(4) Reconstruct full signature “CA”
client
MOCA nodes
7/16
MOCA Framework (3/4)

Communication protocol - MP

Success case


k valid CREPs within a fixed period of time
Routing


Reverse path with CREQ
If no CREP within time-out period, reverse path expires
(1) CREQ
(2) CREP
8/16
MOCA Framework (4/4)

Mechnisms of MP

Flooding


Send and receive packets (CREQ, CREP) to all nodes
Unicast-based optimization

β-unicast


β
Multiple unicast connections if the client has sufficient routes to MOCAs in its
routing cache
Sufficiency


Threshold k
State of the network
β (threshold unicast) = k (crypto threshold) + α (safety margin)


If (routes to MOCAs >= β), then β - unicast
else flooding
How to choose among the MOCAs cached in the routing table (>= β)



Random MOCAs
Closest MOCAs
Freshest MOCAs
9/16
Evaluation (1/6)

Focus of evaluation

Effectiveness

Success ratio




Unicast usage in uicast-based optimization
Cost



Flooding-based protocol : (# of total received CREPs) /(# of total CREQs)
Unicast-base optimization : (# of successful certification request)/(# of total
CREQs)
Packet overhead
Response time : additional communication delay
Simulation set-up
600s
1km
# of
+
(mobile nodes) : 150, 300
# of
(MOCAs)
: 30, 50
# of CREQ : each node 1/1min
1km
Mobility
• Node pause time : 0, 10s
• Node Max. Speed : 0, 1, 5, 10, 20 ms
10/16
Evaluation (2/6)

Flooding vs. Unicast

Unicast usage
100%
90%
80%
Use of unicast CREQs
70%
60%
Use of flooding CREQs
50%
x:β
40%
30%
y : usage of unicast
Total # of CREQs = 1000
20%
10%
0%
5
10
15
20
25
flo o ding
11/16
Evaluation (3/6)

Packet overhead
Total number of control packets
used for certification services
 n = 30

Setting β as low as possible
results in the best improvements
in overhead, but endangering
security of the whole framework

12/16
Evaluation (4/6)

Certification delay


Arrival time of CREP packets with the closest-unicast approach
Choice between flooding and unicast-based optimizations or choice
between different β values does not affect the timing behavior
0.3s
13/16
Evaluation (5/6)

Success ratios


α plays an important role in determining the success ratio within a
given τ
Helpful when deciding an adequate τ for a given k
14/16
Evaluation (6/6)

Summary

High success ratio



Reduced overhead


Flooding-based protocol : almost 99%
Unicast-based optimization : 75%~97%
Unicast optimization saves up to about 30% of control
packets
Certification delay is acceptable
15/16
Conclusion

Present a practical key management framework for ad hoc wireless
networks using PKI

Clarify the necessity and the problem of providing a PKI framework
for ad hoc network

Identify requirements for such a framework

Show effectiveness of paper’s approach through simulation results

Provide some insights into the configuration of such security
services in ad hoc networks
16/16