Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Slides:



Advertisements
Similar presentations
SCSC 455 Computer Security
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
By Md Emran Mazumder Ottawa University Student no:
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Introduction to PKI, Certificates & Public Key Cryptography Erwan Lemonnier.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Chapter 10: Authentication Guide to Computer Network Security.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
The Cryptographic Sensor FTO Libor Dostálek, Václav Novák.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
Cryptography, Authentication and Digital Signatures
Lecture 11: Strong Passwords
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Security Issues in Information Technology
Presented by Edith Ngai MPhil Term 3 Presentation
Web Applications Security Cryptography 1
IS3230 Access Security Unit 9 PKI and Encryption
Lecture 4 - Cryptography
Security Risanuri Hidayat 21 February 2019 security.
Presentation transcript:

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan

Introduction/justification The problem in MANET is mostly related to –that there isn’t any central management system or access to a trusted third party (TTP), witch contain a repository of the identity of al legal node –It must be assumed that node have restricted computation power, power and memory capacity. –Node may frequently change location or new one is entering the network. –It must be assumed that the network will be exposed for passive and active attack from an unauthorised source, witch may have more computation power, power and memory capacity then legal nodes Justification –A MANET may be useful in many situations where no infrastructure (fixed or cellular) is available, or wireless public access in urban areas to providing quick deployment and extended coverage. –Without any appropriate authentication protocol it’s possible that the network may be used by user that don’t follows legal principle or isn’t a legal user of the network. –At this moment there aren’t any standards that describe a proper authentication protocol that may be use in MANET.

Research questions/method Research questions –Description of the scenario for the rescue operation. –What kind of threat that may be expected for MANET in this scenario. –Consideration on what kind of different authentication method and cryptographic algorithm that may be appropriate against the threat and useful in a MANET. –Design of a new and better authentication protocol that is suited for this scenario. Method: – Consider different threat that has been identified in earlier work and literature – Mathematician and computer simulation to compute the complexity of the new and earlier authentication protocol

Authentication is fundamental Authentication is fundamental in all aspect of information security and assurance, and is the binding of an identity to a subject. Authentication may be based on: –something known (as a password, shared secret, secret, the private key corresponding to a public key etc.) –something possessed (this is typical a physical asset as a badge card, id-card, password calculator etc.) –something inherent (handwrite, fingerprint, etc.). An authentication protocol proves the nodes identity in a given instance of time. To maintain the identity authentication additional techniques must be included. If nodes is authenticated at the start of a session, they have to ensure that they maintain the authentication during the session, so that an adversary hasn’t interfered the session. An approach to prevent this to happen include: –perform re-authentication or for each discrete resource request (eg each message that have to be exchanged) –tying the identification to an ongoing integrity service, that each message can be tied together with session authentication.

Requirement Few computational steps Balanced computational steps Cheap computational step Few messages flow Small messages Small program memory Small data memory requirement Restricted consequences of data disclosure

Different crypto algorithm Symmetric encryption –When the nodes (network) is deployed it’s hard (or impossible) to change key –If one node is compromised, the entire network is compromised Hash and HMAC is fast Asymmetric is slow

Authentication model The distribution of credential may be done in two ways: –encrypt the credential by the receiver nodes public key – the credential has a signature base on initiators private key The first option require more message exchange during authenticate of its neighbour nodes, than the second option. One-by-one Broadcast

The trust model/clock synchronisation If two nodes have succeed an authentication of each other, then there is established a trust relationship between this nodes. –This mean if Node A and B has done the authentication process they trust each other, that is also true if node B and C has done the authentication process. –But this doesn’t mean that node A and C trust each other. If node A and C have to trust each other, they have to do the authentications process. Further it is assumed that every legal node has a certificate with a unique identity and public/private key pair that is distributed and signed by an off-line TTP The private keys are stored in a secure and tamper proof area within the node, and are only known by its owner. Every node is equipped with a GPS-clock, and the time deviation is small (much smaller than a second).

Different fast authentication protocols Leslie Lamport (LATEX?) Weakness DoS attack Sign every traffic key Wormhole and insider attack DoS attack Sign every hash chain Wormhole and insider attack

Threat Wormhole attackInsider attack

The new authentication protocol

New authentication protocol(1) The protocol include 3 hash chain 1.The master hash chain 2.Traffic hash chain 3.Session hash chain

New authentication protocol(2) hop-by-hop

New authentication protocol(3) hop-by-hop

Three hash chain

Some test result on my computer 1.6 GHz Centrino Duo

Result from simulation Assume that Pt>Pc>Pm, Pt=xPc and r-the data rate Pt-Transmit power, Pc-CPU power, Pm-power to keep memory

Conclusion The new protocol –is more secure against DoS, wormhole and insider attack –require less power than earlier proposed authentication protocol