Taxonomy and Research Issues Authentication Protocols for Ad Hoc Networks: Taxonomy and Research Issues Nidal Aboudagga, Mohamed Tamer Refaei, Mohamed Eltoweissy Luiz A. DaSilva, and Jean-Jacques Quisquater (Q2SWinet’05) 2006.9.26 Presented by Yu, Yeongjae SALAB at KAIST
Authentication Process Authentication States for a Supplicant Contents Introduction Authentication Process Authentication States for a Supplicant Taxonomy of Authentication Protocols Authentication Management Architecture Conclusion 2 CNLAB at KAIST SALAB at KAIST
1. Introduction Introduction Need for authentication classification To interpret the similarities between sets of related protocols To understand the motivation behind each To better analyze and compare protocols with respect to their encapsulating class rather than individual protocols To identify common vulnerabilities and attacks against each class of authentication protocols To identify common architectural elements in each class 3 Three major criteria for classification A node’s role in the authentication for classification Type of credentials used for authentication Phase during which the establishment of credentials take place SALAB at KAIST
Authentication Process 4 SALAB at KAIST
Authentication States 3. Authentication States for a Supplicant 5 SALAB at KAIST
Taxonomy of Authentication Protocols Classification based on Node role Type of credentials Establishment of credentials 6 SALAB at KAIST
Taxonomy of Authentication Protocols 4-1. Classification based on node role 7 SALAB at KAIST
Taxonomy of Authentication Protocols 4-2. Classification based on type of credentials 8 SALAB at KAIST
Taxonomy of Authentication Protocols 4-3. Classification based on establishment of credentials 9 SALAB at KAIST
Authentication Management Architecture Need for authentication management Enhanced performance Interoperability in today’s networks 10 Factors that affect the performance of the authentication operation A) The network traffic load B) The number of authentication servers C) Servers’ placement SALAB at KAIST
Authentication Management Architecture 5. Authentication Management Architecture (cont’d) Simulation environment 10x10 grid of nodes 20, 40, 60, 80 100, 150, and 200 UDP flows (for A) Before a flow starts, the source and destination nodes should authenticate on another through an authentication server 1,2,3, and 4 authentication servers (for B) Two placement model (for C) 11 SALAB at KAIST
Authentication Management Architecture 5. Authentication Management Architecture (cont’d) Model 2 Model 1 12 SALAB at KAIST
Authentication Management Architecture 5.1 Effect of load 13 SALAB at KAIST
Authentication Management Architecture 5.2 Authentication of flows 14 SALAB at KAIST
Authentication Management Architecture 5.3 Number of servers 15 SALAB at KAIST
Trade off between authentication delay and packet loss Authentication Management Architecture 5.4 Placement of servers 16 Trade off between authentication delay and packet loss SALAB at KAIST
Trade off between authentication delay and packet loss Authentication Management Architecture 5.4 Placement of servers Packet Loss Effect of AS Placement on Packet Loss 17 Trade off between authentication delay and packet loss SALAB at KAIST
Trade off between security and performance Authentication Management Architecture 5.5 Hierarchical deployment model 18 Trade off between security and performance SALAB at KAIST
6. Conclusion Conclusion Summary A generic authentication process A taxonomy of authentication protocols Counterintuitive increase in delay as the number of authentication severs increases for a high number of flows -> highlighting the need for authentication management 19 Discussion Taxonomy in ad hoc network? Meaning of ‘management’ and ‘interoperability’ ? Need for specific simulation explanation How about expending 10X10 topology to broader scale? SALAB at KAIST
Reference * Reference [1] S. Zhu, S. Xu, S. Setia and S. Jajodia, “LHAP: A lightweight hop-by-hop authentication protocol for ad-hoc networks.” In Proc. of ICDCS 2003 International Workshop on Mobile and Wireless Network (MWN 2003), May 2003 [2] A. Weimerskirch and G. Thonet, “A Distributed Light-Weight Authentication Model for Ad-hoc Networks.” In Proc. of 4th International Conference on Information Security and Cryptology (ICISC 2001), 6-7 December 2001. [3] D. Balfanz, D. K. Smetters, P. Stewart and H. Chi. Wong, “Talking to Strangers: Authentication in Ad-Hoc Wireless Networks.” In Symposium on Network and Distributed Systems Security (NDSS '02). [4] L. Venkatraman and D. Agrawal, “A Novel Authentication Scheme for Ad Hoc Networks.” In IEEE Wireless Communications and Networking Conference (WCNC2000), vol. 3, pp. 1268--1273, 2000. . 20 SALAB at KAIST