INTRODUCTIONProtocols SurveyedSystem ArchitectureThreshold and Group sizeTS-RSATS-DSACommentsConclusion> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1A Survey on Robust and Ubiquitous Security Support for Ad Hoc Networks Sankardas Roy, Chao Yao Abstract—Ensuring security in mobile wireless Ad Hoc networks is a challenging task for several reasons, e.g. , (a) absence of centralized control, (b) network dynamics – members may join or leave any time, additionally network may get partitioned, (c) mobility – mobile nodes demand security support anywhere in the network and anytime, (d) inherent vulnerability in wireless communication from passive eavesdropping to active interfering, (e) scalability- huge number of nodes in ad hoc network often pose serious scalability problem. Recently few researchers came up with some security designs which deal with some of the above mentioned problems. We made a survey on this topic. We restrict ourselves to public key systems only. In this paper we briefly present two of the most promising such security designs. We analyze them to see if they have any shortcoming or flaw and we give some suggestions. Key words— ad hoc network, public key cryptography, threshold cryptography. I. INTRODUCTION ecently the security issue in mobile wireless ad hoc network is receiving much attention in the research community. Main reasons for this are recent popularity of ad hoc network and its fundamental difference from its wired counterpart. The security protocols for the wired networks (which is an older and more matured research field) cannot be directly adopted in wireless paradigm because wireless network does not generally have any centralized control and the nodes are mobile. To be called secure, a communication protocol should provide the following services - (a) Confidentiality, which says data transferred should be accessible only to the authorized entities, (b) Authentication, which ensures that the message is coming from the intended sender, (c) Integrity, by which only authorized parties can modify the data, (d) Non-repudiation, through which sender can be made accountable for the message and (e) Availability, which says resources should be always available to authorized users. Certificate-based approaches based on public key crypto system may have the first four features. But if we have a single certification authority (CA) for a network, which has a large number of nodes, to provide the certification service for the entire network poses a scalability problem. In this case the CA becomes the system bottleneck, and availability of security service is not probably achieved. Moreover, CA poses as a single point of failure from the point of view of DOS attack. To ensure the availability of the security service through out the network, it’s natural to think of distributing the certification authority over the network. Authors are PhD students in the School of IT&E, GMU. We may hierarchically partition the network logically into several regions and deploy one (local) CA for each region as proposed by [3,4]. This hierarchical approach seems to solve the scalability problem. But node mobility does not allow this. As nodes (including CA) roam from region to region it becomes a serious problem (with respect to connection time and transmission error) for a node to contact with its corresponding local CA to get the security service, which may be several hops away at that point of time. To solve this problem of service availability Kong et al [1] propose a ubiquitous certification protocol. Threshold secret sharing is the crux of the protocol where each entity holds a secret share and multiple entities in a locality jointly provide the security service. No single entity in the network holds the complete system secret and hence no single node is capable to issue a certificate. At any point of time and at any point of place in the network, multiple entities (how many that is a system security parameter, say t) present in that region can issue a certificate. The certification authority function is really distributed among all nodes and that is why it’s available ‘anywhere, anytime’[1]. Kong et al [1] argue that it is practically impossible to protect wireless network entities from occasional break-ins, especially when we are working with a large network over a long period of time. This is due to the fact that wireless networks are often vulnerable to attacks ranging from passive eavesdropping to active interfering. It is a wise decision to consider that few nodes in the network may always become compromised. Our goal should be how to design a system which does not get compromised even if few of its nodes become compromised. In threshold cryptography system secret is not lost till the number of compromised nodes is less than a threshold. To make the system more robust each node’s secret share is periodically updated. So to break the system the attacker has to compromise t nodes within the time interval of two consecutive updates, which is a much more difficult job. Narasimha et al [2] point out two shortcomings of the R> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 2previous design which is based on threshold RSA. These are (a) lack of verifiability of secret shares and (b) the need of a trusted third party to initialize the group in the bootstrapping phase. Verifiability property is important because in its absence a malicious node may provide a wrong partial certificate to a requesting node and consequently the requesting node computes a wrong certificate which prevents it from entering into the group, though it is authorized to enter. Narasimha et al propose a scheme based on threshold DSA, which solves these two problems. Narasimha et al [2] present only the group admission protocol. With the help of this protocol a new member (node) gets permission to join an already existing group if it is authorized and it gets rejected otherwise. If it is allowed to join then it also gets its secret share, by virtue of which this new member may issue a partial certificate to another requesting node in future. If n is the number of existing nodes and t is the threshold (which is a security parameter and need to be properly tuned), then (t, n) threshold scheme becomes (t,