Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.

Slides:



Advertisements
Similar presentations
Chris Karlof and David Wagner
Advertisements

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing
URSA: Providing Ubiquitous and Robust Security Support for MANET
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Multicasting in Mobile Ad-Hoc Networks (MANET)
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation (Spring 2003) by Edith Ngai Advisor: Prof. Michael R. Lyu.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,
Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec.
Hamida SEBA - ICPS06 June 26 th -29 th Lyon France 1 ARMP: an Adaptive Routing Protocol for MANETs Hamida SEBA PRISMa Lab. – G2Ap team
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Trust Mechanisms in Ad Hoc Networks Azar Rahimi Dehaghani Lei Hu Trust and Security Case Study 2.
An affinity-driven clustering approach for service discovery and composition for pervasive computing J. Gaber and M.Bakhouya Laboratoire SeT Université.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Trust Model Based Self-Organized Routing Protocol For Secure Ad Hoc Networks Li Xiaoqi CSE Department, CUHK 29/04/2003.
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
ROUTING ALGORITHMS IN AD HOC NETWORKS
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Dynamic Source Routing in ad hoc wireless networks Alexander Stojanovic IST Lisabon 1.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
K-Anycast Routing Schemes for Mobile Ad Hoc Networks 指導老師 : 黃鈴玲 教授 學生 : 李京釜.
1 Service Sharing with Trust in Pervasive Environment: Now it’s Time to Break the Jinx Sheikh I. Ahamed, Munirul M. Haque and Nilothpal Talukder Ubicomp.
Ad Hoc Network.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Computer Science and Engineering 1 Mobile Computing and Security.
Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Ad Hoc On-Demand Distance Vector Routing (AODV) ietf
On Mobile Sink Node for Target Tracking in Wireless Sensor Networks Thanh Hai Trinh and Hee Yong Youn Pervasive Computing and Communications Workshops(PerComW'07)
1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The.
Dynamic Proxy Tree-Based Data Dissemination Schemes for Wireless Sensor Networks Wensheng Zhang, Guohong Cao and Tom La Porta Department of Computer Science.
Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.
Security of the Internet of Things: perspectives and challenges
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
Key management issues in PGP
Presented by Edith Ngai MPhil Term 3 Presentation
Author:Zarei.M.;Faez.K. ;Nya.J.M.
TAODV: A Trusted AODV Routing Protocol for MANET
VANET.
Recommendation Based Trust Model with an Effective Defense Scheme for ManetS Adeela Huma 02/02/2017.
Lei Chen and Wendi B. Heinzelman , University of Rochester
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
ITIS 6010/8010 Wireless Network Security
Presentation transcript:

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised by Prof. Michael R. Lyu Mphil thesis defense 18 June 2004

Dept. of Computer Science & Engineering, CUHK2 Outline Introduction Related Work Architecture and Models Trust- and Clustering-Based Authentication Service Simulation Results Conclusion Introduction

Dept. of Computer Science & Engineering, CUHK3 Mobile Ad Hoc Network An ad-hoc network (of wireless nodes) is a temporarily formed network, created, operated and managed by the nodes themselves. It is also often termed an infrastructure-less, self-organized, or spontaneous network. Introduction

Dept. of Computer Science & Engineering, CUHK4 Characteristics Connected with wireless communication Dynamic Topology Nodes are often mobile Vulnerable to security attacks Applications Military: for tactical communications Rescue missions : in times of natural disaster Commercial use: for sales presentations or meetings Introduction

Dept. of Computer Science & Engineering, CUHK5 Vulnerabilities Unlike conventional networks, nodes of ad hoc networks cannot be secured in locked cabinets Risk in being captured and compromised Wireless communications are vulnerable to eavesdropping and active interference Adversary who hijacks an ad hoc node could paralyze the entire network by disseminating false routing information Introduction

Dept. of Computer Science & Engineering, CUHK6 Security Mechanisms Fundamental security mechanisms rely on the use of appropriate cryptographic keys Confidentiality, authentication, integrity, non- repudiation, access control and availability are considered as the main services of a security system Authentication service establishes the valid identities of communicating nodes The compromise of the authentication service breaks down the whole security system We focus on public key authentication service in our work Introduction

Dept. of Computer Science & Engineering, CUHK7 Trust and Security Trust in wired networks based on trusted certification agencies and authentication servers Trust in mobile ad hoc networks is still an open and challenging field Ad-hoc networks are based on naive “trust-your neighbour” relationships Non-presence of a central trust authority Introduction

Dept. of Computer Science & Engineering, CUHK8 Related Work Partially-distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes. Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node. Related Work

Dept. of Computer Science & Engineering, CUHK9 Related Work Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web of trust is established. Self-issued certificates distribute certificates by users themselves without the involvement of any certificate authority. Related Work

Dept. of Computer Science & Engineering, CUHK10 Our Work Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes Prevent nodes from obtaining false public keys of the others Engage a network model and a trust model Design security operations including public key certification, identification of malicious nodes, and trust value update Architecture and Models

Dept. of Computer Science & Engineering, CUHK11 Architecture Architecture and Models

Dept. of Computer Science & Engineering, CUHK12 The Network Model Obtain a hierarchical organization of a network Minimize the amount of storage for communication information Optimize the use of network bandwidth Limit direct monitoring capability to neighboring nodes Allow monitoring work to proceed more naturally Improve network security Architecture and Models

Dept. of Computer Science & Engineering, CUHK13 The Network Model Architecture and Models Unique cluster ID Balance cluster sizes

Dept. of Computer Science & Engineering, CUHK14 The Trust Model Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust Our trust model does not have any trust root certificate. It just relies on direct trust and groups of introducers in certification Architecture and Models

Dept. of Computer Science & Engineering, CUHK15 The Trust Model Define the authentication metric as a continuous value between 0.0 and 1.0 Define a direct trust relationship as the trust relationship between two nodes in the same group and a recommendation trust as the trust relationship between nodes of different groups. The first formula calculates the trust value of a new recommendation path: The second formula draws a consistent conclusion when there are several derived trust relationships between two entities: Architecture and Models

Dept. of Computer Science & Engineering, CUHK16 Clustering Structure Formation Trust- and Clustering- Based Authentication Service 1.Obtain its trust value from neighboring nodes 2.Run the FloodMax algorithm for d rounds 3.Run the FloodMin algorithm for d rounds 4.Select clusterhead

Dept. of Computer Science & Engineering, CUHK17 Clustering Structure Maintenance Maintain a balance clustering structure for supporting our trust model and security operations Adapt to the mobility of nodes Handle leave and join from one cluster to another Each node requests for the cluster ID of its neighboring nodes periodically In each cycle, a node collects this information and updates its cluster ID in different approaches Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK18 Approach 1 A node updates its cluster ID by joining the neighboring cluster with minimum size in each cycle 40 nodes in the network Keeps balance cluster sizes Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK19 Approach 2 A node joins the neighboring cluster with minimum size only if it leaves the original cluster Converge to one cluster Due to the imbalance cluster sizes after cluster formation? Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK20 Approach 3 A node joins the neighboring cluster with minimum size only if it leaves the original cluster or the sizes of the neighboring clusters are not within certain range Keeps balance cluster sizes Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK21 Changes in Membership Approach 3 Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK22 Authentication Service Public key certification Identification of Malicious Nodes Trust value update Trust- and Clustering- Based Authentication Service Selects a number of trustable nodes as introducers Sends out request messages to introducers Collects and compares all the public key certificates received Selects the public key of t with majority votes Discovers malicious introducer? Isolates malicious introducer Calculates trust value of t Updates trust table

Dept. of Computer Science & Engineering, CUHK23 Authentication Service Trust- and Clustering- Based Authentication Service 1.Request for public key certificates 2.Identify malicious nodes 3.Update trust values

Dept. of Computer Science & Engineering, CUHK24 Public Key Certification Authentication in our network relies on the public key certificates signed by some trust-worthy nodes. Nodes in the same group always know each other better by means of their monitoring components and the short distances among them Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK25 Public Key Certification Trust- and Clustering- Based Authentication Service Send request to neighbors if target node in same cluster Send request to introducers if target node in different cluster

Dept. of Computer Science & Engineering, CUHK26 Identification of Malicious Nodes Identify malicious neighboring nodes by monitoring their behaviors Identify introducers who provide public key certificates different from the others Identify target node as malicious if the trust values provided from the introducers indicate that Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK27 Trust Value Update Trust- and Clustering- Based Authentication Service

Dept. of Computer Science & Engineering, CUHK28 Parameters Setting Network simulator Glomosim Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Simulations and Results

Dept. of Computer Science & Engineering, CUHK29 Simulation Metrics Successful rate Fail rate Unreachable rate False-positive error rate False-negative error rate Simulations and Results IDCasesSuccessful Rate Fail RateUnreachable Rate False + Rate False – Rate 0Not enough Introducers  1OOO  2OOX  3OXX   4XXX  5OO  6OX   7XX  8O  9X   10No Reply 

Dept. of Computer Science & Engineering, CUHK30 Ratings to Malicious Nodes Simulations and Results

Dept. of Computer Science & Engineering, CUHK31 Ratings to Trustable Nodes at Initialization Simulations and Results

Dept. of Computer Science & Engineering, CUHK32 Comparison to PGP with fixed m Simulations and Results

Dept. of Computer Science & Engineering, CUHK33 Comparison to PGP with fixed p Simulations and Results

Dept. of Computer Science & Engineering, CUHK34 Parameters Setting This experiment includes the neighbor monitoring, clustering formation and maintenance algorithm Simulations and Results

Dept. of Computer Science & Engineering, CUHK35 Neighbor Monitoring Simulations and Results

Dept. of Computer Science & Engineering, CUHK36 Identify Suspicious Nodes in cases 2,3,4,6,7 IDCases 0Not enough Introducers 1OOO 2OOX 3OXX 4XXX 5OO 6OX 7XX 8O 9X 10No Reply Simulations and Results

Dept. of Computer Science & Engineering, CUHK37 Identify Malicious Nodes in cases 2,4,7 IDCases 0Not enough Introducers 1OOO 2OOX 3OXX 4XXX 5OO 6OX 7XX 8O 9X 10No Reply Simulations and Results

Dept. of Computer Science & Engineering, CUHK38 Future Work Colluding Nodes Revise trust values of nodes after real experiences with the public keys Trust Values Combination New equations for trust values update Overhead Evaluate the costs of the proposed scheme Address the problem of multiple identities Future Work

Dept. of Computer Science & Engineering, CUHK39 Conclusions We developed a trust- and clustering-based public key authentication mechanism We defined the network model as clustering-based and with a balance structure We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation of malicious nodes We conducted security evaluation We compared our approach with the PGP approach to demonstrate the effectiveness of our scheme Conclusions