A Judgment Mechanism for Key Revocation

Key management is perhaps the most complex and most vulnerable part of any cryptographic implementation. To date key generation and activation have been extensively studied in the context of mobile ad hoc and wireless sensor networks. However, a dearth of research exists in designing techniques for key deactivation (revocation) and even less so for key reactivation. In this paper we study key-revocation schemes that are well-suited for the ad-hoc network environment. Specifically, we present a novel scheme with the following characteristics: • Distributed: Our scheme requires no permanently available central authority. • Active: A sufficient number of selfish honest nodes are incentivised to revoke malicious nodes. • Secure: The scheme is secure against a large number of malicious nodes (30% of the network for an IDS-error rate of 15%). • IDS-error tolerant: Revocation decisions are based on IDS. Our scheme is active for any meaningful IDS (IDS error rate < 0.5) and secure for an IDS error rate of up to 29%. Several schemes in the literature have 2 of the first 3 properties (property number 4 is typically not explored), but this work is the first to possess all four. This makes our revocation scheme well-suited for environments such as ad hoc networks, which are very dynamic, have significant bandwidth-constraints, and where many nodes are vulnerable to compromise.