Authentication and Key Exchange in Mobile Ad Hoc Networks

Over the past decade or so, there has been rapid growth in wireless and mobile applications technologies. More recently, an increasing emphasis has been on the potential of infrastructureless wireless mobile networks that are easy, fast and inexpensive to set up, with the view that such technologies will enable numerous new applications in a wide range of areas. Such networks are commonly referred to as mobile ad hoc networks (MANETs). Exchanging sensitive information over unprotected wireless links with unidentified and untrusted endpoints demand the deployment of security in MANETs. However, lack of infrastructure, mobility and resource constraints of devices, wireless communication links and other unique features of MANETs induce new challenges that make implementing security a very difficult task and require the design of specialized solutions. This thesis is concerned with the design and analysis of security solutions for MANETs. We identify the initial exchange of authentication and key credentials, referred to as pre-authentication, as well as authentication and key exchange as primary security goals. In particular, the problem of pre-authentication has been widely neglected in existing security solutions, even though it is a necessary prerequisite for other security goals. We are the first to classify and analyze different methods of achieving pairwise pre-authentication in MANETs. Out of this investigation, we identify identity-based cryptographic (IBC) schemes as well-suited to secure MANET applications that have no sufficient security solutions at this time. We use pairing-based IBC schemes to design an authentication and key exchange framework that meets the special requirements of MANETs. Our solutions are comprised of algorithms that allow for efficient and secure system set up, pre-authentication, mutual authentication, key establishment, key renewal, key revocation and key escrow prevention. In particular, we present the first fully selforganized key revocation scheme for MANETs that does not require any trusted third party in the network. Our revocation scheme can be used to amend existing IBC solutions, be seamlessly integrated in our security framework and even be adopted to conventional public key solutions for MANETs. Our scheme is based on propagated accusations and once the number of received accusations against a node