KAMAN Kerberos Assisted Authentication in Mobile Ad-hoc Networks

Slides:

Advertisements

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Chapter 10 Real world security protocols

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

NETWORK SECURITY.

SCSC 455 Computer Security

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Chapter 21 Distributed System Security Copyright © 2008.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

MIPv6Security: Dimension Of Danger Unauthorized creation (or deletion) of the Binding Cache Entry (BCE).

KERBEROS SYSTEM Kumar Madugula.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

1 Authentication Celia Li Computer Science and Engineering York University.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Secure HTTP (HTTPS) Pat Morin COMP 2405.

IT443 – Network Security Administration Instructor: Bo Sheng

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Computer Communication & Networks

Cryptography and Network Security

CMSC 414 Computer and Network Security Lecture 15

CS480 Cryptography and Information Security

Radius, LDAP, Radius used in Authenticating Users

Network Security Unit-VI

Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.

Authentication Protocol

Information and Network Security

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

9.2 SECURE CHANNELS Medisetty Swathy.

CS60002: Distributed Systems

CS 378 Kerberos Vitaly Shmatikov.

Network Security – Kerberos

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Protocol ap1.0: Alice says “I am Alice”

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Kerberos Part of project Athena (MIT).

Public-Key, Digital Signatures, Management, Security

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.

Chapter 8 roadmap 8.1 What is network security?

AIT 682: Network and Systems Security

Presentation transcript:

KAMAN Kerberos Assisted Authentication in Mobile Ad-hoc Networks by Vladimir Ostrovsky

Routing in ad-hoc networks In contrast to classical wired networks, any node in ad-hoc network may be chosen to route traffic for other nodes. The choice is made according to its geographical position, computing resources, etc. Routing paths may change dynamically as the nodes join, leave or change their position.

MANET routing - illustration Routes are periodically recalculated:

Security implications Also, in wireless mobile network every node may hear traffic between all nodes, by changing its position if needed. These properties make ad-hoc networks very susceptible to a large variety of attacks. The attacks may be carried on many layers – physical, MAC, network, application, etc. The aim of the attacks may be eavesdropping, DoS on network or specific node, unauthorized access, etc.

Possible attacks on ad-hoc networks Worm-hole: replaying messages in order to take control on routes between nodes. Black-hole: redirecting routes to hostile node, which will discard all traffic. Battery exhaustion: redirecting routes to a victim node, in order to waste its battery on the excess traffic. Impersonation: attempt to “steal” MAC of IP address of another station in order to get unauthorized access. Jamming: on physical or MAC layers.

Classical attacks become easier Passive eavesdropping. “Man-in-the-middle”: can be carried out much easier than in the wired network. Replay attacks: made easier due to ability to listen to the traffic. Flooding attacks: other nodes are exploited to distribute junk traffic.

Example – worm-hole attack Here nodes A and B think that they are neighbors: In this way, routes in the network are manipulated without actually injecting false routing messages.

Partial solution - cryptography Many of the described attacks can be prevented by use of cryptography. Many, but not all. Worm-hole attack, for example, cannot. Cryptography may be applied on many layers – from MAC to application. MAC frames may be encrypted, routing messages can be signed, SSL tunnels may be built, etc.

Key distribution In order to use cryptography, secret keys have to be distributed between nodes. The keys may be symmetrical (WPA, IPsec) or asymmetrical (SSL, IPsec). Encryption keys may be distributed manually (WEP) or established during negotiation (PGP). The authentication scheme may be direct (Challenge-Response, SSH) or may relay on third party (PKI, Kerberos).

Key distribution - continued In most primitive case (WEP), encryption keys are simply entered by administrator to every network’s node. In more complex case (PKI), each node may have unique digital certificate signed by a common trusted party (CA). Keys are created dynamically during negotiation. We will focus on a modification of Kerberos system for ad-hoc networks, called KAMAN.

Kerberos Named for a three-headed infernal dog from Greek mythology that guarded a gate to Hades.

Kerberos - features Kerberos is based on symmetric keys only. It is used to mutually authenticate 2 parties and to establish common secret key between them. In order to do so, it relays on a third party, Key Distribution Center, trusted by both of them. The common key may be used for encryption, signing or even for access control.

Kerberos – basic principles Three parties are involved: client, server and KDC (3 heads of the dog). Client wants to establish connection to the server. For this purpose, it doesn’t prove the server that it knows the right key. Instead, it provides the server with a ticket, issued by the KDC. The ticket proves that KDC knows this client.

Kerberos – basic assumption The client and the KDC both know client’s secret key. The same about the server and the KDC. The client and the server shall establish another secret key, shared by both of them. The idea: if someone provided me some relevant data encrypted with my secret key, then he has the key.

Kerberos - operation At step 1, client needs to prove his identity to the KDC. It does it by sending a request to KDC for a Ticket-Granting Ticket (TGT): The KDC decrypts the timestamp with client’s key, checks it and replies with TGT and session key : TGT is used in order to avoid using client’s secret key as possible.

Kerberos - operation At step 2, client contacts KDC to obtain ticket for a server by presenting his TGT: The KDC decrypts the timestamp with the session key, decrypts the TGT, checks them and grants the client with the ticket for the server: In this way, the client obtains the session key , which will be shared by him and by the server. Now he has to transport it to the server.

Kerberos - operation At step 3, the client sends to the server: The server decrypts the ticket with its own key , to obtain the shared session key . Then it uses the session key to validate the client’s name and timestamp. Thus it knows that the client is genuine. The server responds to the client: The client decrypts this to validate the server.

Kerberos - illustration

Kerberos - operation In this way, the server authenticates the client, and the client authenticates the server, without knowing each other’s secret key. The client delivers TGT and tickets as a proof of its identity, but cannot read them. The server doesn’t have to talk with KDC at all. The common key is established between client and server.

Kerberos - drawbacks The KDC is a single point of failure – if it’s unavailable, nothing will work. If the KDC is compromised, all keys are compromised. Strict clock synchronization is required between all parties, because of the timestamps.

KAMAN: Specifics of ad-hoc networks Every node can join and leave in unknown time. Every node can play a role of a server or of a client. Energy is limited and should be saved when possible. A node can be captured by hostile party.

KAMAN: differences with standard Kerberos Several servers are needed to avoid single point of failure. Databases of the servers should be regularly replicated. The protocol is modified to require less steps. Optional Availability Check is added to verify that a node still in the hands of its legitimate owner.

KAMAN: secret keys - assumptions All clients have a secret key or password known only to them. All servers know the hashed passwords of all the clients and of all other servers (by replication). When a node is elected to be a server, it receives the passwords database by replication. When it’s downgraded to client, the database is deleted.

KAMAN: passwords database Each server stores the following table: Priority is the priority of the node in the network. Lifetime means how long its key is valid. ID Hashed Password Priority Lifetime Server1 0010101010101010 9 3600 Server2 1010101110011110 8 3000 Client1 1001110111111001 5 1200 Client2 0101010111010101 6 2000

KAMAN: operation Let’s say Client1 wants to contact Client2. The client sends request for a ticket to the KAMAN server. In order to save precious energy, we eliminate the use of TGT – it saves us one round to the server. The server checks lifetime of the both clients and replies with the ticket for Client2. The reply also includes session key for Client1

KAMAN: operation Client2 receives the ticket, decrypts it and obtains the session key with Client1. It replies to Client1 with the timestamp and sequence number used to avoid replays. The reply is encrypted with the session key. The reply also includes another session key, unknown to the server. The clients may use it instead.

KAMAN: key renewal The ticket issued by the server is valid as long as the password. If the ticket is going to expire, but the client still needs it, it can apply for a new password. The client sends a request to the server, which replies with: Then the client may request a new ticket, using the new password.

KAMAN: Optional Availability Check A possibility exists that a mobile device of the ad-hoc network will be lost or fall into hostile hands. To minimize the risks, the device may periodically or by request from the server require its operator / user to verify his presence – by password, biometrically, etc. If the operator fails to do this, the device notifies the server, downgrades itself (if it was a server), deletes all keys and tickets. Its record is removed from the database.

KAMAN: server elections Elections happen, when servers number changes, when lifetime of some server expires or when it doesn’t pass Optional Availability check. Servers periodically monitor each other with secure messages, to check if they are alive. The servers check their databases for client with the highest priority. If several such clients exist, then lifetime is taken into account. The chosen client is upgraded to server and receives the database by replication.

KAMAN: replication Replication updates may be requested periodically by servers, or pushed by the server which database was modified. In order to send or query the change in the database, the servers establish for themselves a session key by usual procedure. Then each updated record is sent with each replication: when Seq# is the sequence number for the record.

The End