Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Slides:



Advertisements
Similar presentations
Supporting Cooperative Caching in Disruption Tolerant Networks
Advertisements

On the Optimal Placement of Mix Zones Julien Freudiger, Reza Shokri and Jean-Pierre Hubaux PETS, 2009.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Securing Vehicular Communications Author : Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From : IEEE Wireless Communications Magazine, Special.
Tight Bounds for Unconditional Authentication Protocols in the Moni Naor Gil Segev Adam Smith Weizmann Institute of Science Israel Modeland Shared KeyManual.
On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks Maxim Raya, Panos Papadimitratos, Virgil D. Gligor, Jean-Pierre Hubaux INFOCOM 2008.
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
Mini-Project 2007 On Location Privacy in Vehicular Mix-Networks Julien Freudiger IC-29 Self-Organised Wireless and Sensor Networks Tutors: Maxim Raya Márk.
1 A Distortion-based Metric for Location Privacy Workshop on Privacy in the Electronic Society (WPES), Chicago, IL, USA - November 9, 2009 Reza Shokri.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Securing Vehicular Commuinications – Assumptions, Requirements, and Principles P. Papadimitratos, EPFL, Lausanne, Switzerland V. Gligor, University of.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Effect of Intrusion Detection on Reliability Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-Gui Feng IEEE TRANSACTIONS ON RELIABILITY,
Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok.
Optimizing Mixing in Pervasive Networks: A Graph-Theoretic Perspective
Privacy Issues in Vehicular Ad Hoc Networks.
Revocation Games in Ephemeral Networks Maxim Raya, Mohammad Hossein Manshaei, Márk Félegyházi, Jean-Pierre Hubaux CCS 2008.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
KAIS T Decentralized key generation scheme for cellular-based heterogeneous wireless ad hoc networks 임 형 인 Ananya Gupta, Anindo Mukherjee, Bin.
1 Secure Ad-Hoc Network Eunjin Jung
A Study on Certificate Revocation in Mobile Ad Hoc Networks Wei Liu,Hiroki Nishiyama,Nirwan Ansari & Nei Kato ICC 2011 Nadia Adem 10/27/2014.
UbiStore: Ubiquitous and Opportunistic Backup Architecture. Feiselia Tan, Sebastien Ardon, Max Ott Presented by: Zainab Aljazzaf.
Key Management in Mobile and Sensor Networks Class 17.
Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.
Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian perrig, Virgil Gligor IEEE Symposium on Security and Privacy 2005.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Coordinated Sensor Deployment for Improving Secure Communications and Sensing Coverage Yinian Mao, Min Wu Security of ad hoc and Sensor Networks, Proceedings.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
1 Objective and Secure Reputation-Based Incentive Scheme for Ad-Hoc Networks Dapeng Oliver Wu Electrical and Computer Engineering University of Florida.
On the Age of Pseudonyms in Mobile Ad Hoc Networks Julien Freudiger, Mohammad Hossein Manshaei, Jean-Yves Le Boudec and Jean-Pierre Hubaux Infocom 2010.
On Reducing Broadcast Redundancy in Wireless Ad Hoc Network Author: Wei Lou, Student Member, IEEE, and Jie Wu, Senior Member, IEEE From IEEE transactions.
Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri.
Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
GameSec 2010 November 22, Berlin Mathias Humbert, Mohammad Hossein Manshaei, Julien Freudiger and Jean-Pierre Hubaux EPFL - Laboratory for Computer communications.
Dual-Region Location Management for Mobile Ad Hoc Networks Yinan Li, Ing-ray Chen, Ding-chau Wang Presented by Youyou Cao.
On Non-Cooperative Location Privacy: A Game-theoreticAnalysis
Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.
1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,
Key Establishment Scheme against Storage-Bounded Adversaries in Wireless Sensor Networks Authors: Shi-Chun Tsai, Wen-Guey Tzeng, and Kun-Yi Zhou Source:
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
O N THE O PTIMAL P LACEMENT OF M IX Z ONES : A G AME -T HEORETIC A PPROACH Mathias Humbert LCA1/EPFL January 19, 2009 Supervisors: Mohammad Hossein Manshaei.
Optimizing the Location Obfuscation in Location-Based Mobile Systems Iris Safaka Professor: Jean-Pierre Hubaux Tutor: Berker Agir Semester Project Security.
VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
1 Secret Handshakes or Privacy-Preserving Interactive Authentication Gene Tsudik University of California, Irvine joint work with: Claude Castelluccia,
Presented by Edith Ngai MPhil Term 3 Presentation
Chi Zhang, Yang Song and Yuguang Fang
Modeling Entropy in Onion Routing Networks
Presentation transcript:

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009

Wireless Trends Phones – Always on (Bluetooth, WiFi) – Background apps New hardware going wireless – Cars, passports, keys, … 2

Peer-to-Peer Wireless Networks Message Identifier 2 2 Share information with other users Authenticate message sender Certificate

Examples 4 Urban Sensing networks Delay tolerant networks Peer-to-peer file exchange MiFi Social networks

Anonymity Problem 5 Adversary can track activities of pseudonymous users Passive adversary monitors identifiers used in peer-to-peer communications Message Julien Freudiger Julien Freudiger Certificate Pseudonym

6 Reputation Privacy Anonymous Authentication

Previous Work (1) Multiple Pseudonyms 7 [1] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004 Message Pseudonym 1 Certificate 1 + Simple for users - Costly for operator (pseudonym management) - Limited privacy - Sybil attacks Pseudonym 2 Pseudonym 3 Pseudonym 4 Certificate 2 Certificate 3 Certificate 4 Nodes change pseudonyms

Previous Work (2) Group Signatures + Good anonymity - Central management - Traceable 8 [2] D. Boneh, X. Boyen and H. Shacham. Short Group Signatures. Crypto, 2004 [3] D. Chaum and E. van Heyst. Group Signatures. EuroCrypt, 1991 Message Group Identifier Group Certificate Central Authority Central Authority

+ No need for infrastructure + Exploit inherent redundancy of mobile networks - Privacy? New Approach Self-Organized Anonymity 9 Message Random Identifier Random Identifier Many Certificates Network-generated privacy

Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 10

Cryptographic Primitive Ring Signatures Procedure 1.Select a set of pseudonyms (including yours) in a ring 2.Sign messages with ring Properties – Anonymity: Signer cannot be distinguished – Unlinkable: Signatures cannot be linked to same signer – Setup free: Knowledge of others’ pseudonym is sufficient Anonymous authentication: Member of ring signed the message 11 [4] R. L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. Communications of the ACM, 2001

Ring Signatures Explained 12 v z = + EkEk + EkEk + EkEk + EkEk … … + y 1 =g( ) y 2 =g( ) x s =g -1 ( ) y r-1 =g( ) y 0 =g( ) x0x0 x1x1 x2x2 ysys x r-1 y s =g( ) xsxs k=H(m) v is the glue value x i are random values

Ring Construction in MANETs Nodes record pseudonyms in rings of neighbors – Store pseudonyms in history – Node i creates ring by selecting pseudonyms from with strategy Rings are dynamically and independently created 13

Illustration t 1 : S 1 = [] R 1 = [P 1 ] t 2 : S 1 = [2, 3, 4] R 1 = [P 1, P 2, P 4 ] t 3 : S 1 = [2, 3, 4, 6] R 1 = [P 1, P 4, P 6 ]

Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 15

Anonymity Adversary should not infer user i from R i 16 …Pj……Pj… …Pj……Pj… PiPi PiPi User i RiRi Attack: Given all rings, adversary can infer most probable ring owner

Anonymity Analysis Bipartite graph model is set of nodes is set of pseudonyms is set of edges 17 Captures relation between nodes and rings

Attacking Ring Anonymity (1) Example 18 Find a perfect matching: Assignment of nodes to pseudonyms

Attacking Ring Anonymity (2) Analysis Find most likely perfect matching – Weight edges – Max weight perfect matching Bayesian inference – A priori weights – A posteriori weights Entropy metric 19

Optimal Construction Maximize anonymity 20 Theorem: Anonymity is maximum iif Graph is regular All subgraphs are isomorphic to each other

Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 21

Validation of Theoretical Results LEDA C++ library for graph manipulation 10 nodes K=4 (ring size) 22 u1u1 u1u1 Random graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 K-out graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 Regular graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 ……

Entropy Distribution of Random Graphs with edge density p 23

Minimum & Mean Entropy Distribution for Random and Regular Graphs 24

Entropy distribution of random, K-out and regular graphs 25

Fraction of matched nodes for various graph constructions 26

Evaluation in Mobile Ad Hoc Network 100 nodes K=4 (ring size) Static – Learn pseudonyms as far as graph connectivity allows – Select pseudonyms randomly Mobile: Restricted Random Waypoint – Least popular: Select leas popular pseudonyms – Most popular: Select most popular pseudonyms – Random: Randomly select pseudonyms 27

Average Anonymity Set size over time 28 Least Random Static Mobile

Conclusion Self-organized anonymous authentication – Network generated anonymity – Analysis with graph theory Results – Regular constructions near optimal – K-out constructions perform well – Mobility helps anonymity – Knowledge of popularity of pseudonyms helps 29

Future Work Stronger adversary model – Active adversary Self-Organized Location Privacy – Linkability Breaks Anonymity 30

BACKUP SLIDES 31

Compute Weights A priori weight Probability of an assignment Probability of an assignment given all assignments A posteriori weight of an edge between u i and p j 32

Revocation Keys can be black listed using traditional CRLs Misbehaving nodes can be excluded by revoking all keys in a ring – Nodes can reclaim their key to CA – Nodes misbehaving several times would be detected Accountability of group of users 33

Cost Computation overhead Transmission overhead – Group of prime order q – q = 283 (128-bit security), M = log2(q) 34

CDF of the average anonymity set size 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.