Kerberos Assisted Authentication in Mobile Ad-hoc Networks

An ad-hoc network comprises mobile nodes that cooperate with each other using wireless connections to route both data and control packets within the network. As the low transmission power of each node limits its communication range, the nodes must assist and trust each other in forwarding packets from one node to another. However, this implied trust relationship can be threatened by malicious nodes that may fabricate, modify or disrupt the orderly exchange of packets. Security demands that all packets be authenticated before being used. In this paper we present Kaman, Kerberos assisted Authentication in Mobile Ad-hoc Networks, a new puremanaged authentication service for mobile ad-hoc networks. Kaman is based on the time-tested and widely deployed Kerberos protocol, and provides secure extensions to support the more challenging demands of ad-hoc networks. Kaman migrates a number of features from the traditional, wired Kerberos environments to the ad-hoc environment, including the prevention of node identity forgery, the detection of replay attacks, establishment of secure channels, mutual endpoint authentication, and the secure distribution of provisional session keys amongst replicated servers. Kaman has been specifically designed for hostile environments, in which the presence of malicious nodes and the likelihood of physical node capture is relatively high.