Security system for ad-hoc wireless networks based on generic secure objects

Abstract: As computing devices and wireless connectivity become ubiquitous, new usage scenarios emerge, where wireless communication links between mobile devices are established in an ad-hoc manner. The resulting wireless ad-hoc networks differ from classical computer networks in a number of ways, lack of permanent access to the global network and heterogeneous structure being some of them. Therefore, security services and mechanisms that have been designed for classical computer networks are not always the optimal solution in an ad-hoc network environment.The research is focused on analyzing how standard security services that are available in classical networks can be provided in an ad-hoc wireless network environment. The goal is to design a security system optimized for operation in ad-hoc wireless networks that provides the same security services – authentication, access control, data confidentiality and integrity, non-repudiation – currently available in classic wired networks.The first part of the thesis is the design and implementation of a security platform based on generic secure objects. The flexible and modular nature of this platform makes it suitable for deployment on devices that form ad-hoc networks – ranging from Java-enabled phones to PDAs and laptops.We then investigate the problems that appear when implementing in ad-hoc networks some of the security technologies that are standard building blocks of secure systems in classical computer networks. Two such technologies have been found to present problems, namely the areas of certification and access control. In a series of articles, we have described the problems that appear and devised solutions to them by designing protocols, techniques and extensions to standards that are optimized for usage in the ad-hoc network environment.These techniques, together with the functionality provided by the underlying security platform, are used to implement all standard security services – confidentiality, authentication, access control, non repudiation and integrity, allowing to integrate ad-hoc networks into the existing security infrastructure.