You Lu, Zhiyang Wang, Yu-Ting Yu, Mario Gerla

Slides:

Advertisements

Similar presentations

A Survey of Secure Wireless Ad Hoc Routing

Advertisements

Content Centric Networking in Tactical and Emergency MANETs Soon Y. Oh, Davide Lau, and Mario Gerla Computer Science Department University of California,

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.

Computer Security Key Management

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Security Management.

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Ad Hoc Networking via Named Data Michael Meisel, Vasileios Pappas, and Lixia Zhang UCLA, IBM Research MobiArch’10, September 24, Shinhaeng.

Secure Electronic Transaction (SET)

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Martin-1 CSE 5810 CSE 5810 Individual Research Project: Integration of Named Data Networking for Improved Healthcare Data Handling Robert Martin Computer.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

《 Hierarchical Caching Management for Software Defined Content Network based on Node Value 》 Reporter ： Jing Liu ， China Affiliation ： University of Science.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Networking Named Content Van Jacobson, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs, Rebecca L. Braynard.

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Key management issues in PGP

Presented by Edith Ngai MPhil Term 3 Presentation

Security Outline Encryption Algorithms Authentication Protocols

Trustworthiness Management in the Social Internet of Things

IT443 – Network Security Administration Instructor: Bo Sheng

NDN (Named Data Networking)

Cryptography and Network Security

CS480 Cryptography and Information Security

Information Security message M one-way hash fingerprint f = H(M)

Message Security, User Authentication, and Key Management

Message Digest Cryptographic checksum One-way function Relevance

Security at the Application Layer: PGP and S/MIME

Pooja programmer,cse department

Distributed Peer-to-peer Name Resolution

UCLA, SRI International

Network Security – Kerberos

Secure Electronic Transaction (SET) University of Windsor

Technical Approach Chris Louden Enspier

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Identity-based secure collaboration in wireless ad hoc networks

Digital Certificates and X.509

CS 465 Certificates Last Updated: Oct 14, 2017.

Certificates An increasingly popular form of authentication

PREPARED BY: RIDDHI PATEL (09CE085)

X-Road as a Platform to Exchange MyData

Privacy Preservation and Protection Scheme over ALARM on Geographical routing B. Muthusenthil, S. Murugavalli Results The PPS is geographical routing protocol,

Chapter 4 Cryptography / Encryption

Install AD Certificate Services

Chapter -8 Digital Signatures

PKI (Public Key Infrastructure)

Advanced Computer Networks

PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.

Presentation transcript:

Social Network based Security Scheme in Mobile Information-Centric Network You Lu, Zhiyang Wang, Yu-Ting Yu, Mario Gerla University of California, Los Angeles (UCLA) {youlu, seanwangsk, yutingyu, gerla}@cs.ucla.edu

Outline Introduction Background Protocol Design Performance Evaluation Conclusion 12/1/2018

Introduction Content retrieval in mobile ad hoc network Vehicle-NDN, MANET-CCN, etc. How to validate the received content data? Trust Graph & Data Integrity ICN encrypts data by Public-key cryptography Trust Graph: to authenticate the sender [1] [1] You Lu, et al, "Mobile Social Network Based Trust Authentication", Med-Hoc-Net 2012, Ayia Napa, Cyprus, June. 2012 12/1/2018

Introduction (cont’d) Data integrity: PKI signature But, PKI system is inefficient and difficult to deploy in mobile ad hoc network. PKI Centralized design PKI Certificate Authority (CA) Mobile ICN needs a flexible certificate scheme to certify the binding relationship between the public-key and the user-identity. 12/1/2018

Background Mobile Information-Centric Network Public-Key Cryptography an alternative approach to the architecture of IP-based computer networks hierarchical naming scheme caching system Public-Key Cryptography Content data is encrypt/decrypt by private/public keys PKI Certificate Authority verify the public-key and the user identity binding relationship 12/1/2018

Social network assisted certification Identity Bundle: <identity-id, public-key> Identity-id: user-id, SSN, etc Encrypted by private-key Social trust graph if node A has a link to node B, that means node A can certify public-key & ID bundle of node B. after node A verifies node B’s identity bundle, node A will sign this identity bundle using its own private key, and keep both the signature and node B’s identity bundle into node A’s local identity bundle table 12/1/2018

Trust Graph A user who wants to participate in this security system will have to give his identity bundle to his closest and trustworthy friends The more neighbors he gave his identity bundle to, the better the performance of his public-key retrieval in the application will be. The connections between nodes will be gradually increased, as shown in Figure 4. A unidirectional link means that only one end node has the identity bundle of the other end. A bi-directional link means that both end nodes have each other’s identity bundle 12/1/2018

Identity Bundle Retrieval A receives data from D A must now authenticate the data (i.e., get D_pub-key) Propagate the identity bundle along the friend chain Identity bundle is signed and kept hop by hop the user’s identity bundle is signed and kept hop by hop in the directional social trust graph. This design makes it possible to propagate the identity bundle along the friend chain from one node to some other nodes. 12/1/2018

Identity Bundle Query First, look up his local identity bundle table. If not, send out the Interest pkt with identity Query along social graph 12/1/2018

Social Trust Graph Evolvement The requester will store the newly retrieved identity bundle into his local identity bundle table using the cache scheme of ICN. A new social link will be generated between the requester and the node D. The popular content producer in the social trust network will have a relatively higher node degree than other normal nodes eventually. the social trust graph will evolve to a pattern where the popular content producers acquire high degrees and form large, highly connected components The more nodes keep node D’s identity bundle, the more direct links the node D has to other nodes. So, the popular content producer in the social trust network will have a relatively higher node degree than other normal nodes. Consequently, popular content producers will have a better connection and shorter hop path to the requester. With the increase of the identity bundle propagation, the social trust graph will evolve to a pattern where the popular content producers acquire high degrees and form large, highly connected components. This will further speedup identity bundle queries in the future. 12/1/2018

Performance Evaluation Epinions social network dataset contains a who-trust-whom online social network of a general consumer review site Epinions.com. 75879 nodes and 508837 edges 12/1/2018

Conclusion Public-key cryptography provides the security service in ICN. User identity and public-key verification is essential for secure key delivery The proposed social network based security scheme provides the verification of binding relationship User requests the public-key along the signed social friend chain 12/1/2018

Thank You! Q & A 12/1/2018