1 / 48

An Optimal Certificate Dispersal Algorithm in Mobile Ad Hoc Networks

Explore a new algorithm for securely sharing certificates in dynamically changing wireless mobile ad hoc networks. Discover lower bounds, costs, and evaluations for this innovative approach.

fergal
Télécharger la présentation

An Optimal Certificate Dispersal Algorithm in Mobile Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Optimal Certificate Dispersal Algorithm for Mobile Ad Hoc Networks Nagoya Institute of Technology Hua Zheng Shingo Omura Jiro Uchida Koichi Wada

  2. Outline • Mobile ad hoc network • Certificate Dispersal Problem • Previous Work • Our New Algorithms • Some new lower bounds for the problem • Conclusions • Future Work

  3. Mobile Ad Hoc Network • An Ad hoc network is a dynamically changing wireless network that is created by mobile users. (such as PDA, Cell phone) • In an ad hoc network mobile users can come and go as their wishes. • Certificate Dispersal System is considered to communicate securely.

  4. Public-key & Private-key • Each tank holds its public-key and private-key pair for their own. private-key public-key private-key public-key

  5. How to encrypt a message • A message is encrypted by the public-key. • The encrypted message can only be decrypted by its private-key.

  6. Public-key dispersal is dangerous This is Mickey’s public-key public-key Certificates are needed to obtain the other’s public-key

  7. Certificate • When user u trusts in user v, The certificate from u to v can be issued. private.u < u, v, public.v > u v

  8. Certificate Authentication

  9. Certificate Graph • Nodes:Mobile users • Directed Edges:For any nodes u and v, if there is an issued certificate from u to v, then there is an edge from u to v. u v

  10. Certificate Dispersal Problem • Input:Certificate Graph G • Output:For each node v in G, the set of certificates stored in it s.t. satisfying the following two conditions • Conditions: • Connectivity • Completeness

  11. Connectivity • For any reachable pair u and v, the certificates on a path which connects them are stored in u and v. (2,4) 2 4 (4,5) (1,2) 5 1 3 ,

  12. Completeness • All of the certificates are stored in some node. (2,4) 2 4 (4,5) (1,2) (2,3) (3,4) 5 1 3 , (3,1) ,

  13. Certificate Dispersal Cost • The Cost of Certificate Dispersal Algorithm F:The average number of certificates assigned by F to a node in G. • Certificate Dispersability Cost of a graph G:The minimum value of the cost of Certificate Dispersal Algorithm on G.

  14. Eunjin Jung [Certificate Dispersal in Ad hoc Networks] • Full Tree Algorithm • Cost: not more than n-1 • Half Tree Algorithm (improved version) • No evaluation in detail • Certificate Dispersability Cost • For a directed graph G, c.G  e/n • For a ring G, c.G = n-1 • For a hourglass G, c.G = e/n • For a star graph G, c.G = 2(n-1)/n (n: the number of nodes, e: the number of edges)

  15. Graphs we considered • Strongly connected graph: • A graph in which for any two distinct nodes, there exists a path between them, is said to be strongly connected. • Diameter is the maximum length of a longest distance between any of two nodes. DG=5

  16. Graphs we considered • Bi-directional graph: • If there is an edge from node u to node v then there exists an edge from v to u, and vice versa • Radius is the minimum value of the longest length of the shortest path from v to any other nodes, for any node v. u v RG=2

  17. Our Results

  18. Pivot • Input: A strongly connected graph • Output:The set of certificates stored in each node • Outline: • Decide a pivot node, • For each node, compute the shortest paths in both directions from the pivot node, • Store all of the certificates on the shortest paths in each direction to that node.

  19. 1. Select an arbitrary node as pivot node p 6 2 p 3 5 1 4

  20. 2. Compute two shortest paths between p and each node in both directions, and store them. 6 2 (2,3) p (1,2) 3 5 (3,1) 1 , , 4

  21. 2. Compute two shortest paths between p and each node in both directions, and store them. , 6 2 (2,3) p (3,2) 3 5 1 4

  22. (6,5),(5,4),(4,3),(3,6) (2,3),(3,2) 6 2 p 3 5 1 (5,4),(4,3),(3,6),(6,5) (1,2),(2,3),(3,1) 4 (4,3),(3,4) Pivot

  23. Pivot • Pivot satisfies Connectivity • For any two distinct nodes, there must exist paths via pivot node between them, and we stored all of the certificates on the path to them. Pivot node

  24. CPivot • To satisfy Completeness, we store all remaining certificates to pivot node. • Pivot is changed to be a Certificate Dispersal Algorithm, which satisfying both of two conditions. • We name this algorithm as CPivot.

  25. Evaluation of CPivot • Upper bound of the Cost(in the worst case) • Strongly connected graph: 2DG+e/n (DG: diameter) • Computation time • O(e)

  26. Evaluation of CPivot More clever choice of pivot node results a better cost. • Upper bound of the Cost (in the worst case) • Bi-directional graph: 2RG+e/n(RG: radius) • Computation time • O(ne)

  27. GPivot • Input:A directed graph • Output: The set of certificates stored in each node • Note: A directed graph can be partitioned into strongly connected components, and this partition is unique.

  28. 1. Partition G into strongly connected components 1 2 3 6 4 5 7 8 9

  29. 2. Perform Pivot for each component (1,2),(2,3),(3,2) 1 p (2,3),(3,1),(1,2) 2 3 (6,5),(5,8),(8,6) 6 4 5 7 8 (8,6),(6,5),(5,8) 9 (7,9),(9,7)

  30. 1 2 3 6 4 5 7 8 9 3. Construct a graph in which each node corresponds to each component

  31. 1 3 2 3 C1 6 4 5 4 5 C2 C3 7 8 9 7 C4 3. Construct a graph in which each node corresponds to each component

  32. 3 C1 4 5 C2 C3 7 C4 4. Compute trees rooted at each component

  33. 5. Store all of the certificates on the shortest paths between two pivot nodes 3 Store to all of the nodes in C1 C1 4 5 C2 C3 7 C4

  34. 5. Store all of the certificates on the shortest paths between two pivot nodes • For all of the other components, do the same operation. • Finally, all unused certificate are stored to an arbitrary node. • This GPivot satisfies Connectivity and Completeness.

  35. GPivot (Connectivity) Certificates stored by Pivot 1 3 Certificates stored in step 5 C1 4 5 C2 C3 7 9 C4

  36. Evaluation of GPivot • Upper bound of the Cost (in the worst case) • 2dmax+(p-1)(2dmax+1)+e/n 2pdmax+p-1+e/n p:the number of strongly connected components dmax:the maximum diameter of the strongly connected components • Computation time • O(p(n+e))

  37. Proof of lower bound • G=(V, E), V1,V2V, V1V2= • Injective Function f: V1 V2 • P={p(u, f(u)) | uV1, u and f(u) are reachable and p(u, f(u)) is a shortest path from u to f(u)} f: V1V2 V2 V1

  38. Proof of lower bound • Because V1 and V2 are disjoint, for satisfying Connectivity, we have to store all of the certificates on the paths in P to the end nodes of each concerned path. 5 2 3 V2 V1 4 6 1

  39. Proof of lower bound • A lower bound depends on one kind of partition pattern and injective function. • P={p(u, f(u)) | uV1, u and f(u) are reachable and p(u, f(u)) is a shortest path from u to f(u)} • Lower bound of the Cost

  40. Proof of lower bound • In the case of G is a Bi-directional graph • Lower bound of the Cost

  41. CPivot in Optimal Case Lower bound of the Cost for • Hypercubes • Meshes • Complete k-ary Trees • de-Bruijn graphs The Cost of CPivot equals to these lower bounds. CPivot is optimal in these cases.

  42. (m,k)-Mesh • Mkm : • V(Mkm)={0, 1, …, k-1}m • E(Mkm)={(x,y) | x=(a1,a2,…,am), y=(b1,b2,…,bm)V, i, ji, aj=bj, ai=bi1} 00 10 20 30 n = km e = 2m(km-km-1) 01 11 21 31 M42 02 12 22 32 03 13 23 33

  43. Lower bound of Dispersability Cost is • |V1|=|V2|=n/2 00 10 20 30 k/2 k/2 01 11 21 31 V2 V1 02 12 22 32 k/2 k/2 (2,4)-Mesh 03 13 23 33

  44. (m,k)-Mesh • Lower bound of the Dispersability Cost is km/4 • Cost of CPivot:2RG+e/n  km+2m • e/n=2m-2m/k  2m, RG=km/2 • CPivot is an optimal algorithm.

  45. Conclusions • We proposed two efficient certificates dispersal algorithms. • New upper bounds of the certificate dispersability cost for strongly connected graphs and general directed graphs are proved. • Furthermore, our algorithms are optimal for several graph classes.

  46. Our Results

  47. Future Work • The problem that what kind of certificate graphs have lower dispersability cost. • To construct some other certificate dispersal algorithms with lower cost for general directed graphs. • Lower bounds of certificate dispersability cost for other graphs.

More Related