Skip to main content Accessibility help
×
Home
  • Print publication year: 2008
  • Online publication date: February 2010

4 - Trust management

Summary

The previous chapters discussed mandatory security requirements, which include confidentiality, authentication, integrity, and non-repudiation. These, in turn, require some form of cryptography, certificates, and signatures. Some other security-related mechanisms include user authentication, explicit transaction authorization, end-to-end encryption, accepted log-on security (biometrics) instead of separate personal identification numbers (PINs) and passwords, intrusion detection, access control, logging, and audit trail. In this chapter, I present some of the security schemes that govern trust among the communicating entities. Governance of the trust can be based on principles and practices of key management in distributed networks or other means such as authentication. Additionally, this chapter discusses several well known methods that are related to key management and authentication.

The resurrecting duckling

The resurrecting duckling security model [1] has been developed to solve the secure transient association problem. An example of this would be when a person buying a remote control would not want any other person to be able to use another remote control bought at the same shop to work at his place, but then the remote control has to work for some other person who might buy it from the first owner. Like a duckling, who considers the first moving object it sees to be its mother, in the same way a device would recognize the first entity that sends it a secret key as its owner. When necessary, the owner could later clear the imprinting and let the device change its owner.

Related content

Powered by UNSILO
References
Stajano, F. and Anderson, R., “The resurrecting duckling: security issues for ad-hoc wireless networks,” in Proc. 7th International Workshop on Security Protocols, Lecture Notes in Computer Science, Springer-Verlag, Berlin, Germany, Apr. 1999. Available from www.cl.cam.ac.uk/~fms27/duckling/duckling.html.
Stajano, F., “The resurrecting duckling – what next?” Proc. 8th International Workshop on Security Protocols, Lecture Notes in Computer Science, Springer-Verlag, Berlin, Germany, April 2000. Available from www.cl.cam.ac.uk/~fms27/duckling/ duckling-what-next.html.
Asokan, N. and Ginzboorg, P., “Key agreement in ad hoc networks,” Computer Communications, vol. 23, 2000, pp. 1627–1637.
R. R. S. Verma, D. O'Mahony, and H. Tewari, NTM – Progressive Trust Negotiation in Ad Hoc Networks, www.cs.tcd.ie/Donal.Omahony/iei-ntm.pdf.
S. Jacobs, Mobile IP Public Key Based Authentication, Internet draft, IETF, www3.tools.ietf.org/html/draft-jacobs-mobileip-pki-auth-02, Mar. 1999.
Fasbender, A., Kesdogan, D., and Kubitz, O., “Variable and scalable security: protection of location information in mobile IP,” Mobile Technology for the Human Race, IEEE 46th Vehicular Technology Conference, 1996.
P. Eronen, C. Gehrmann, and P. Nikander, Securing Ad Hoc Jini Services, www.niksula.hut.fi/~peronen/publications/nordsec_2000.pdf, 2000.
J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, “Providing robust and ubiquitous security support for mobile ad-hoc networks,” 9th IEEE International Conference on Network Protocols, Riverside, CA, Nov. 2001, pp. 251–260.
S. Mäki, M. Hietalahti, and T. Aura, A Survey of Ad-Hoc Network Security, Interim report of project 007 – Security of Mobile Agents and Ad-Hoc Societies, Helsinki University of Technology. Laboratory for Theoretical Computer Science, Sep. 2000.
H. Luo and S. Lu, Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks, Technical Report TR-200030, Dept. of Computer Science, UCLA, 2000.
S. Jacobs and M. S. Corson, MANET Authentication Architecture, http://ietfreport.isoc.org/all-ids/draft-jacobs-imep-auth-arch-00.txt, 1999.
L. Venkatraman and D. P. Agrawal, “A novel authentication scheme for ad-hoc networks,” 2nd IEEE Wireless Communications and Networking Conference, Chicago, Sep. 2000.
M. Jiang, J. Li, and Y. C. Tay, “Cluster Based Routing Protocol,” http://tools.ietf.org/html/draft-ietf-manet-cbrp-spec-01.txt, Aug 1999.
S. Levijoki, Authentication, Authorization and Accounting in Ad Hoc Networks, www.tml.tkk.fi/Opinnot/Tik-110.551/2000/papers/authentication/aaa.htm, 2000.
Blaze, M., Feigenbaum, J., and Lacy, J., “Decentralized trust management,” IEEE Symposium on Security and Privacy, May 1996, pp. 164–173.
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, The KeyNote Trust-Management System Version 2, www.ietf.org/rfc/rfc2704.txt, Sep. 1999.
J. Myers, Simple Authentication and Security Layer (SASL), www.ietf.org/rfc/rfc2222.txt, Oct. 1997.
D. Maughan, M. Schertler, M. Schneider, and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), http://www.ietf.org/rfc/rfc2408.txt, Nov. 1998.
D. Harkins and D. Carrel, The Internet Key Exchange (IKE), www.ietf.org/rfc/rfc2409.txt, Nov. 1998.